Implement fallocate syscall #625
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds support for the fallocate(2) syscall which allows applications to manipulate file space allocation. Changes: - Added FallocateMode bitflags in litebox_common_linux for Linux-specific mode flags (KEEP_SIZE, PUNCH_HOLE, COLLAPSE_RANGE, ZERO_RANGE, INSERT_RANGE, UNSHARE_RANGE) - Added FallocMode enum in litebox for generic operation modes - Added FallocateError enum for fallocate-specific errors - Implemented FileSystem::fallocate() trait method with implementations for all filesystem backends (in_mem, devices, layered, nine_p, tar_ro) - Added syscall parsing and dispatch for Sysno::fallocate - Added sys_fallocate() handler with proper validation - Added 10 comprehensive unit tests covering all modes and error cases Supported modes: - Allocate: Preallocate space, extending file if needed - AllocateKeepSize: Preallocate without extending file size - AllocateUnshareRange: Make shared data private (COW) - PunchHoleKeepSize: Deallocate space (create hole) - ZeroRange: Zero out range, potentially extending file - ZeroRangeKeepSize: Zero out range without extending - CollapseRange: Remove range and shift data down - InsertRange: Insert hole and shift data up Tested on x86_64 Linux.
- Fix memory exhaustion vulnerability by adding MAX_FILE_SIZE limit - Fix integer truncation on 32-bit by using try_from for safe conversion - Fix CollapseRange boundary check (>= instead of >) per Linux man page - Fix InsertRange boundary check (>= instead of >) per Linux man page - Add AllocateUnshareRangeKeepSize variant to preserve KEEP_SIZE semantics - Add 3 new boundary condition tests: - test_fallocate_collapse_range_boundary - test_fallocate_insert_range_boundary - test_fallocate_empty_file_edge_cases Security fixes based on code review: 1. Memory exhaustion: fallocate() now rejects requests that would exceed isize::MAX bytes, preventing trivial DoS attacks via massive allocations. 2. Integer truncation: Using usize::try_from() instead of direct casts to safely handle 32-bit platforms and large i64 values. Correctness fixes based on code review: 1. CollapseRange: Changed boundary check from '>' to '>=' to match Linux semantics where offset+len 'reaching' EOF is an error. 2. InsertRange: Changed boundary check from '>' to '>=' to match Linux semantics where offset 'equal to' EOF is an error. API fix based on code review: 1. Added AllocateUnshareRangeKeepSize variant so UNSHARE_RANGE|KEEP_SIZE doesn't lose the KEEP_SIZE semantics during conversion.
|
🤖 SemverChecks 🤖 Click for details |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements the
fallocate(2)Linux syscall which allows applications to manipulate file space allocation.Changes
Core litebox crate
FallocModeenum for generic operation modes inlitebox/src/fs/mod.rsFallocateErrorenum inlitebox/src/fs/errors.rsFileSystem::fallocate()trait method with implementations for:in_mem.rs: Full implementation of all modesdevices.rs: ReturnsNotSupportedfor device fileslayered.rs: Delegates to appropriate layer with migration supportnine_p.rs: Placeholder (todo)tar_ro.rs: Returns appropriate errors for read-only filesystemlitebox_common_linux crate
FallocateModebitflags for Linux-specific mode flagsis_valid()for flag validationto_falloc_mode()for conversion to generic enumFallocateErrortoErrnoconversionlitebox_shim_linux crate
Fallocatevariant toSyscallRequestenumSysno::fallocatedo_syscallsys_fallocate()handler with proper validationSupported Modes
Testing
Added 10 comprehensive unit tests:
test_fallocate_basic_allocationtest_fallocate_keep_sizetest_fallocate_punch_holetest_fallocate_zero_rangetest_fallocate_collapse_rangetest_fallocate_insert_rangetest_fallocate_invalid_modetest_fallocate_invalid_parameterstest_fallocate_bad_fdtest_fallocate_read_only_fileAll tests pass locally on x86_64 Linux.
Checklist
cargo fmtappliedcargo clippy --all-targets --all-featurespasses