On Thu, Jul 03, 2025 at 05:45:48PM -0500, John Groves wrote:
> On 25/07/03 01:50PM, John Groves wrote:
> > * FUSE_DAX_FMAP flag in INIT request/reply
> >
> > * fuse_conn->famfs_iomap (enable famfs-mapped files) to denote a
> > famfs-enabled connection
> >
> > Signed-off-by: John Groves <john@xxxxxxxxxx>
> > ---
> > fs/fuse/fuse_i.h | 3 +++
> > fs/fuse/inode.c | 14 ++++++++++++++
> > include/uapi/linux/fuse.h | 4 ++++
> > 3 files changed, 21 insertions(+)
> >
> > diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> > index 9d87ac48d724..a592c1002861 100644
> > --- a/fs/fuse/fuse_i.h
> > +++ b/fs/fuse/fuse_i.h
> > @@ -873,6 +873,9 @@ struct fuse_conn {
> > /* Use io_uring for communication */
> > unsigned int io_uring;
> >
> > + /* dev_dax_iomap support for famfs */
> > + unsigned int famfs_iomap:1;
> > +
> > /** Maximum stack depth for passthrough backing files */
> > int max_stack_depth;
> >
> > diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> > index 29147657a99f..e48e11c3f9f3 100644
> > --- a/fs/fuse/inode.c
> > +++ b/fs/fuse/inode.c
> > @@ -1392,6 +1392,18 @@ static void process_init_reply(struct fuse_mount *fm, struct fuse_args *args,
> > }
> > if (flags & FUSE_OVER_IO_URING && fuse_uring_enabled())
> > fc->io_uring = 1;
> > + if (IS_ENABLED(CONFIG_FUSE_FAMFS_DAX) &&
> > + flags & FUSE_DAX_FMAP) {
> > + /* XXX: Should also check that fuse server
> > + * has CAP_SYS_RAWIO and/or CAP_SYS_ADMIN,
> > + * since it is directing the kernel to access
> > + * dax memory directly - but this function
> > + * appears not to be called in fuse server
> > + * process context (b/c even if it drops
> > + * those capabilities, they are held here).
> > + */
> > + fc->famfs_iomap = 1;
>
> I think there should be a check here that the fuse server is
> capable(CAP_SYS_RAWIO) (or maybe CAP_SYS_ADMIN), but this function doesn't
> run in fuse server context. A famfs fuse server is providing fmaps, which
> map files to devdax memory, which should not be an unprivileged operation.
I thought process_init_reply /does/ run in the fuse server's context.
It calls process_init_limits, which checks for capable(CAP_SYS_ADMIN)...
--D
> 1) Does fs/fuse already store the capabilities of the fuse server?
> 2) If not, where do you suggest I do that, and where do you suggest I store
> that info? The only dead-obvious place (to me) that fs/fuse runs in server
> context is in fuse_dev_open(), but it doesn't store anything...
>
> @Miklos, I'd appreciate your advice here.
>
> Thanks!
> John
>
>
