From: "Darrick J. Wong" <djwong@kernel.org>
To: bschubert@ddn.com
Cc: miklos@szeredi.hu, neal@gompa.dev, linux-fsdevel@vger.kernel.org,
bernd@bsbernd.com, joannelkoong@gmail.com
Subject: Re: [PATCH 04/13] mount_service: use the new mount api for the mount service
Date: Fri, 17 Apr 2026 15:03:11 -0700 [thread overview]
Message-ID: <20260417220311.GF7727@frogsfrogsfrogs> (raw)
In-Reply-To: <177577270289.2064074.17391911422191661254.stgit@frogsfrogsfrogs>
On Thu, Apr 09, 2026 at 03:21:35PM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong@kernel.org>
>
> Use the new fsopen/fsmount system calls to mount the filesystem so that
> we get somewhat better diagnostics if something gets screwed up.
>
> Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
> ---
> lib/fuse_i.h | 3
> meson.build | 15 ++
> util/mount_service.c | 323 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 341 insertions(+)
>
>
> diff --git a/lib/fuse_i.h b/lib/fuse_i.h
> index 0ca13d132585f6..1710a872e19c72 100644
> --- a/lib/fuse_i.h
> +++ b/lib/fuse_i.h
> @@ -215,6 +215,9 @@ struct fuse_chan *fuse_chan_get(struct fuse_chan *ch);
> */
> void fuse_chan_put(struct fuse_chan *ch);
>
> +/* Special return value for mount functions to indicate fallback to fusermount3 is needed */
> +#define FUSE_MOUNT_FALLBACK_NEEDED (-2)
> +
> struct mount_opts *parse_mount_opts(struct fuse_args *args);
> void destroy_mount_opts(struct mount_opts *mo);
> void fuse_mount_version(void);
> diff --git a/meson.build b/meson.build
> index 66425a0d4cc16f..c8326b79fcee8f 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -135,6 +135,21 @@ special_funcs = {
> int main(int argc, char *argv[]) {
> return SD_LISTEN_FDS_START;
> }
> + ''',
> + 'new_mount_api': '''
> + #define _GNU_SOURCE
> + #include <sys/mount.h>
> + #include <linux/mount.h>
> + #include <unistd.h>
> + #include <fcntl.h>
> +
> + int main(void) {
> + int fsfd = fsopen("fuse", FSOPEN_CLOEXEC);
> + int res = fsconfig(fsfd, FSCONFIG_SET_STRING, "source", "test", 0);
> + int mntfd = fsmount(fsfd, FSMOUNT_CLOEXEC, 0);
> + res = move_mount(mntfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH | MOVE_MOUNT_T_EMPTY_PATH);
> + return 0;
> + }
> '''
> }
>
> diff --git a/util/mount_service.c b/util/mount_service.c
> index abe88a0710255b..246a95101e8d34 100644
> --- a/util/mount_service.c
> +++ b/util/mount_service.c
> @@ -71,6 +71,9 @@ struct mount_service {
> /* fd for mount point */
> int mountfd;
>
> + /* fd for fsopen */
> + int fsopenfd;
> +
> /* did we actually mount successfully? */
> bool mounted;
> };
> @@ -94,6 +97,7 @@ static int mount_service_init(struct mount_service *mo, int argc, char *argv[])
> mo->argvfd = -1;
> mo->fusedevfd = -1;
> mo->mountfd = -1;
> + mo->fsopenfd = -1;
>
> for (i = 0; i < argc; i++) {
> if (!strcmp(argv[i], "-t") && i + 1 < argc) {
> @@ -710,6 +714,26 @@ static int mount_service_handle_open_bdev_cmd(struct mount_service *mo,
> return mount_service_open_path(mo, S_IFBLK, p, psz);
> }
>
> +#ifdef HAVE_NEW_MOUNT_API
> +static void try_fsopen(struct mount_service *mo,
> + struct fuse_service_string_command *oc)
> +{
> + /*
> + * As of Linux 7.0 you can pass subtypes to fsopen, but the manpage for
> + * fsopen only says that you can pass any value of the second column of
> + * /proc/filesystems into fsopen.
> + */
> + if (!strncmp(oc->value, "fuse.", 5))
> + *(oc->value + 4) = 0;
> + else if (!strncmp(oc->value, "fuseblk.", 8))
> + *(oc->value + 7) = 0;
> +
> + mo->fsopenfd = fsopen(oc->value, FSOPEN_CLOEXEC);
> +}
> +#else
> +# define try_fsopen(...) ((void)0)
> +#endif
> +
> static int mount_service_handle_fsopen_cmd(struct mount_service *mo,
> const struct fuse_service_packet *p,
> size_t psz)
> @@ -744,9 +768,45 @@ static int mount_service_handle_fsopen_cmd(struct mount_service *mo,
> return mount_service_send_reply(mo, error);
> }
>
> + /* If this fails we fall back on mount(); oc->value is mutated */
> + try_fsopen(mo, oc);
> return mount_service_send_reply(mo, 0);
> }
>
> +#ifdef HAVE_NEW_MOUNT_API
> +/* callers must preserve errno */
> +static void emit_fsconfig_messages(const struct mount_service *mo)
> +{
> + uint8_t buf[BUFSIZ];
> + ssize_t sz;
> +
> + while ((sz = read(mo->fsopenfd, buf, sizeof(buf) - 1)) >= 1) {
> + if (buf[sz - 1] == '\n')
> + buf[--sz] = '\0';
> + else
> + buf[sz] = '\0';
> +
> + if (!*buf)
> + continue;
> +
> + switch (buf[0]) {
> + case 'e':
> + fprintf(stderr, "Error: %s\n", buf + 2);
> + break;
> + case 'w':
> + fprintf(stderr, "Warning: %s\n", buf + 2);
> + break;
> + case 'i':
> + fprintf(stderr, "Info: %s\n", buf + 2);
> + break;
> + default:
> + fprintf(stderr, " %s\n", buf);
> + break;
> + }
> + }
> +}
> +#endif
> +
> static int mount_service_handle_source_cmd(struct mount_service *mo,
> const struct fuse_service_packet *p,
> size_t psz)
> @@ -781,6 +841,21 @@ static int mount_service_handle_source_cmd(struct mount_service *mo,
> return mount_service_send_reply(mo, error);
> }
>
> +#ifdef HAVE_NEW_MOUNT_API
> + if (mo->fsopenfd >= 0) {
> + int ret = fsconfig(mo->fsopenfd, FSCONFIG_SET_STRING, "source",
> + oc->value, 0);
> + if (ret) {
> + int error = errno;
> +
> + fprintf(stderr, "%s: fsconfig source: %s\n",
> + mo->msgtag, strerror(error));
> + emit_fsconfig_messages(mo);
> + return mount_service_send_reply(mo, error);
> + }
> + }
> +#endif
> +
> return mount_service_send_reply(mo, 0);
> }
>
> @@ -790,6 +865,8 @@ static int mount_service_handle_mntopts_cmd(struct mount_service *mo,
> {
> struct fuse_service_string_command *oc =
> container_of(p, struct fuse_service_string_command, p);
> + char *tokstr = oc->value;
> + char *tok, *savetok;
>
> if (psz < sizeof_fuse_service_string_command(1)) {
> fprintf(stderr, "%s: mount options command too small\n",
> @@ -818,6 +895,45 @@ static int mount_service_handle_mntopts_cmd(struct mount_service *mo,
> return mount_service_send_reply(mo, error);
> }
>
> + /* strtok_r mutates tokstr aka oc->value */
> + while ((tok = strtok_r(tokstr, ",", &savetok)) != NULL) {
> + char *equals = strchr(tok, '=');
> + char oldchar = 0;
> +
> + if (equals) {
> + oldchar = *equals;
> + *equals = 0;
> + }
> +
> +#ifdef HAVE_NEW_MOUNT_API
> + if (mo->fsopenfd >= 0) {
> + int ret;
> +
> + if (equals)
> + ret = fsconfig(mo->fsopenfd,
> + FSCONFIG_SET_STRING, tok,
> + equals + 1, 0);
> + else
> + ret = fsconfig(mo->fsopenfd,
> + FSCONFIG_SET_FLAG, tok,
> + NULL, 0);
> + if (ret) {
> + int error = errno;
> +
> + fprintf(stderr, "%s: set mount option: %s\n",
> + mo->msgtag, strerror(error));
> + emit_fsconfig_messages(mo);
> + return mount_service_send_reply(mo, error);
> + }
> + }
> +#endif
> +
> + if (equals)
> + *equals = oldchar;
> +
> + tokstr = NULL;
> + }
> +
> return mount_service_send_reply(mo, 0);
> }
>
> @@ -1028,6 +1144,205 @@ static int mount_service_regular_mount(struct mount_service *mo,
> return mount_service_send_reply(mo, 0);
> }
>
> +#ifdef HAVE_NEW_MOUNT_API
> +struct ms_to_mount_map {
> + unsigned long ms_flag;
> + unsigned int mount_attr_flag;
> +};
> +
> +static const struct ms_to_mount_map attrs[] = {
> + { MS_RDONLY, MOUNT_ATTR_RDONLY },
> + { MS_NOSUID, MOUNT_ATTR_NOSUID },
> + { MS_NODEV, MOUNT_ATTR_NODEV },
> + { MS_NOEXEC, MOUNT_ATTR_NOEXEC },
> + { MS_RELATIME, MOUNT_ATTR_RELATIME },
> + { MS_NOATIME, MOUNT_ATTR_NOATIME },
> + { MS_STRICTATIME, MOUNT_ATTR_STRICTATIME },
> + { MS_NODIRATIME, MOUNT_ATTR_NODIRATIME },
> +#ifdef MOUNT_ATTR_NOSYMFOLLOW
> + { MS_NOSYMFOLLOW, MOUNT_ATTR_NOSYMFOLLOW },
> +#endif
> + { 0, 0 },
> +};
> +
> +static void get_mount_attr_flags(const struct fuse_service_mount_command *oc,
> + unsigned int *attr_flags,
> + unsigned long *leftover_ms_flags)
> +{
> + const struct ms_to_mount_map *i;
> + unsigned int ms_flags = ntohl(oc->ms_flags);
> + unsigned int mount_attr_flags = 0;
> +
> + for (i = attrs; i->ms_flag != 0; i++) {
> + if (ms_flags & i->ms_flag)
> + mount_attr_flags |= i->mount_attr_flag;
> + ms_flags &= ~i->ms_flag;
> + }
> +
> + *leftover_ms_flags = ms_flags;
> + *attr_flags = mount_attr_flags;
> +}
> +
> +struct ms_to_str_map {
> + unsigned long ms_flag;
> + const char *string;
> +};
> +
> +static const struct ms_to_str_map strflags[] = {
> + { MS_SYNCHRONOUS, "sync" },
> + { MS_DIRSYNC, "dirsync" },
> + { MS_LAZYTIME, "lazytime" },
> + { 0, 0 },
> +};
> +
> +static int set_ms_flags(struct mount_service *mo, unsigned long ms_flags)
> +{
> + const struct ms_to_str_map *i;
> + int ret;
> +
> + for (i = strflags; i->ms_flag != 0; i++) {
> + if (!(ms_flags & i->ms_flag))
> + continue;
> +
> + ret = fsconfig(mo->fsopenfd, FSCONFIG_SET_FLAG, i->string,
> + NULL, 0);
> + if (ret) {
> + int error = errno;
> +
> + fprintf(stderr, "%s: set %s option: %s\n",
> + mo->msgtag, i->string, strerror(error));
> + emit_fsconfig_messages(mo);
> +
> + errno = error;
> + return -1;
> + }
> + ms_flags &= ~i->ms_flag;
> + }
> +
> + /*
> + * We can't translate all the supplied MS_ flags into MOUNT_ATTR_ flags
> + * or string flags! Return a magic code so the caller will fall back
> + * to regular mount(2).
> + */
> + if (ms_flags)
> + return FUSE_MOUNT_FALLBACK_NEEDED;
> +
> + return 0;
> +}
> +
> +static int mount_service_fsopen_mount(struct mount_service *mo,
> + struct fuse_service_mount_command *oc,
> + struct stat *stbuf)
> +{
> + char tmp[64];
> + char *dot;
> + unsigned long ms_flags;
> + unsigned int attr_flags;
> + int mfd;
> + int error;
> + int ret;
> +
> + get_mount_attr_flags(oc, &attr_flags, &ms_flags);
> +
> + ret = set_ms_flags(mo, ms_flags);
> + if (ret == FUSE_MOUNT_FALLBACK_NEEDED)
> + return ret;
> + if (ret) {
> + error = errno;
> + goto fail_mount;
> + }
> +
> + snprintf(tmp, sizeof(tmp), "%i", mo->fusedevfd);
> + ret = fsconfig(mo->fsopenfd, FSCONFIG_SET_STRING, "fd", tmp, 0);
> + if (ret) {
> + error = errno;
> + fprintf(stderr, "%s: set fd option: %s\n",
> + mo->msgtag, strerror(error));
> + goto fail_fsconfig;
> + }
> +
> + snprintf(tmp, sizeof(tmp), "%o", stbuf->st_mode & S_IFMT);
> + ret = fsconfig(mo->fsopenfd, FSCONFIG_SET_STRING, "rootmode", tmp, 0);
> + if (ret) {
> + error = errno;
> + fprintf(stderr, "%s: set rootmode option: %s\n",
> + mo->msgtag, strerror(error));
> + goto fail_fsconfig;
> + }
> +
> + snprintf(tmp, sizeof(tmp), "%u", getuid());
> + ret = fsconfig(mo->fsopenfd, FSCONFIG_SET_STRING, "user_id", tmp, 0);
> + if (ret) {
> + error = errno;
> + fprintf(stderr, "%s: set user_id option: %s\n",
> + mo->msgtag, strerror(error));
> + goto fail_fsconfig;
> + }
> +
> + snprintf(tmp, sizeof(tmp), "%u", getgid());
> + ret = fsconfig(mo->fsopenfd, FSCONFIG_SET_STRING, "group_id", tmp, 0);
> + if (ret) {
> + error = errno;
> + fprintf(stderr, "%s: set group_id option: %s\n",
> + mo->msgtag, strerror(error));
> + goto fail_fsconfig;
> + }
> +
> + dot = strchr(mo->fstype, '.');
> + if (dot) {
> + ret = fsconfig(mo->fsopenfd, FSCONFIG_SET_STRING, "subtype",
> + dot + 1, 0);
> + if (ret) {
> + error = errno;
> +
> + /* The subtype option came after fsopen */
> + if (error == EINVAL)
> + return FUSE_MOUNT_FALLBACK_NEEDED;
> +
> + fprintf(stderr, "%s: set subtype option: %s\n",
> + mo->msgtag, strerror(error));
> + goto fail_fsconfig;
> + }
> + }
This string should be set first so we can avoid wasting time on
fsconfig() calls, in addition to using the @type parameter that was
pased in from fuservicemount instead of whatever string the fuse server
might have fed us.
--D
> +
> + ret = fsconfig(mo->fsopenfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);
> + if (ret) {
> + error = errno;
> + fprintf(stderr, "%s: creating filesystem: %s\n",
> + mo->msgtag, strerror(error));
> + goto fail_fsconfig;
> + }
> +
> + mfd = fsmount(mo->fsopenfd, FSMOUNT_CLOEXEC, attr_flags);
> + if (mfd < 0) {
> + error = errno;
> + fprintf(stderr, "%s: fsmount: %s\n",
> + mo->msgtag, strerror(error));
> + goto fail_fsconfig;
> + }
> +
> + ret = move_mount(mfd, "", mo->mountfd, "",
> + MOVE_MOUNT_F_EMPTY_PATH | MOVE_MOUNT_T_EMPTY_PATH);
> + close(mfd);
> + if (ret) {
> + error = errno;
> + fprintf(stderr, "%s: move_mount: %s\n",
> + mo->msgtag, strerror(error));
> + goto fail_mount;
> + }
> +
> + mo->mounted = true;
> + return mount_service_send_reply(mo, 0);
> +
> +fail_fsconfig:
> + emit_fsconfig_messages(mo);
> +fail_mount:
> + return mount_service_send_reply(mo, error);
> +}
> +#else
> +# define mount_service_fsopen_mount(...) (FUSE_MOUNT_FALLBACK_NEEDED)
> +#endif
> +
> static int mount_service_handle_mount_cmd(struct mount_service *mo,
> struct fuse_service_packet *p,
> size_t psz)
> @@ -1100,6 +1415,12 @@ static int mount_service_handle_mount_cmd(struct mount_service *mo,
> return mount_service_send_reply(mo, EINVAL);
> }
>
> + if (mo->fsopenfd >= 0) {
> + ret = mount_service_fsopen_mount(mo, oc, &stbuf);
> + if (ret != FUSE_MOUNT_FALLBACK_NEEDED)
> + return ret;
> + }
> +
> return mount_service_regular_mount(mo, oc, &stbuf);
> }
>
> @@ -1179,6 +1500,7 @@ static void mount_service_destroy(struct mount_service *mo)
> close(mo->mountfd);
> close(mo->fusedevfd);
> close(mo->argvfd);
> + close(mo->fsopenfd);
> shutdown(mo->sockfd, SHUT_RDWR);
> close(mo->sockfd);
>
> @@ -1194,6 +1516,7 @@ static void mount_service_destroy(struct mount_service *mo)
> mo->argvfd = -1;
> mo->fusedevfd = -1;
> mo->mountfd = -1;
> + mo->fsopenfd = -1;
> }
>
> int mount_service_main(int argc, char *argv[])
>
>
next prev parent reply other threads:[~2026-04-17 22:03 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 22:20 [PATCHSET v4] libfuse: run fuse servers as a contained service Darrick J. Wong
2026-04-09 22:20 ` [PATCH 01/13] Refactor mount code / move common functions to mount_util.c Darrick J. Wong
2026-04-09 22:21 ` [PATCH 02/13] mount_service: add systemd/inetd socket service mounting helper Darrick J. Wong
2026-04-14 1:00 ` Darrick J. Wong
2026-04-14 23:48 ` Darrick J. Wong
2026-04-17 23:19 ` Darrick J. Wong
2026-04-09 22:21 ` [PATCH 03/13] mount_service: create high level fuse helpers Darrick J. Wong
2026-04-14 23:58 ` Darrick J. Wong
2026-04-09 22:21 ` [PATCH 04/13] mount_service: use the new mount api for the mount service Darrick J. Wong
2026-04-17 22:03 ` Darrick J. Wong [this message]
2026-04-09 22:21 ` [PATCH 05/13] mount_service: update mtab after a successful mount Darrick J. Wong
2026-04-09 22:22 ` [PATCH 06/13] util: hoist the fuse.conf parsing and setuid mode enforcement code Darrick J. Wong
2026-04-09 22:22 ` [PATCH 07/13] util: fix checkpatch complaints in fuser_conf.[ch] Darrick J. Wong
2026-04-09 22:22 ` [PATCH 08/13] mount_service: enable unprivileged users in the same manner as fusermount Darrick J. Wong
2026-04-14 23:53 ` Darrick J. Wong
2026-04-17 22:01 ` Darrick J. Wong
2026-04-09 22:22 ` [PATCH 09/13] mount.fuse3: integrate systemd service startup Darrick J. Wong
2026-04-17 22:41 ` Darrick J. Wong
2026-04-09 22:23 ` [PATCH 10/13] mount_service: allow installation as a setuid program Darrick J. Wong
2026-04-09 22:23 ` [PATCH 11/13] example/service_ll: create a sample systemd service fuse server Darrick J. Wong
2026-04-14 23:56 ` Darrick J. Wong
2026-04-17 21:56 ` Darrick J. Wong
2026-04-09 22:23 ` [PATCH 12/13] example/service: create a sample systemd service for a high-level " Darrick J. Wong
2026-04-09 22:23 ` [PATCH 13/13] nullfs: support fuse systemd service mode Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260417220311.GF7727@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=bernd@bsbernd.com \
--cc=bschubert@ddn.com \
--cc=joannelkoong@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=neal@gompa.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox