Skip to main content

mount/
error.rs

1// SPDX-License-Identifier: Apache-2.0
2//! Error types for the mount crate.
3//!
4//! Mount-side errors map cleanly to libc errno codes so the FUSE
5//! shell can hand them back to the kernel without a translation
6//! layer of its own. The mapping lives in [`MountError::to_errno`].
7
8use objects::error::HeddleError;
9
10/// Result alias used throughout the mount crate.
11pub type Result<T> = std::result::Result<T, MountError>;
12
13/// Errors surfaced by the content-addressed mount core.
14#[derive(Debug, thiserror::Error)]
15pub enum MountError {
16    /// The requested path or node does not exist in the current state.
17    #[error("not found: {0}")]
18    NotFound(String),
19
20    /// The node referenced by the caller is no longer valid (stale
21    /// inode, invalidated cache, etc).
22    #[error("stale node: {0}")]
23    Stale(String),
24
25    /// A path component traversed something that wasn't a directory.
26    #[error("not a directory: {0}")]
27    NotADirectory(String),
28
29    /// The thread name does not resolve to a current state.
30    #[error("thread {0} has no current state")]
31    UnknownThread(String),
32
33    /// Read-only filesystem (used while overlay-write is stubbed).
34    #[error("read-only filesystem")]
35    ReadOnly,
36
37    /// An entry with this name already exists (e.g. `O_CREAT|O_EXCL`
38    /// against an existing file, or `mkdir` against an existing dir).
39    /// Maps to `EEXIST` so userspace tooling that exercises atomic
40    /// "create-or-skip" semantics (cargo's lockfile lease, git's
41    /// `objects/<n>/<n>.tmp` placement) sees the conventional errno.
42    #[error("already exists: {0}")]
43    AlreadyExists(String),
44
45    /// Tried to operate on a file as if it were a directory
46    /// (e.g. `unlink` against a path that resolves to a directory).
47    /// Maps to `EISDIR`.
48    #[error("is a directory: {0}")]
49    IsADirectory(String),
50
51    /// Tried to `rmdir` a directory that still has visible children
52    /// (across the captured tree + pending overlay). Maps to
53    /// `ENOTEMPTY`.
54    #[error("directory not empty: {0}")]
55    NotEmpty(String),
56
57    /// Invalid argument from the caller (e.g. a name containing
58    /// `/`, `\0`, or `.`/`..`). Maps to `EINVAL`.
59    #[error("invalid argument: {0}")]
60    InvalidArgument(String),
61
62    /// A write or truncate would grow the hot buffer past the mount's
63    /// configured maximum file size. Maps to `EFBIG`.
64    #[error("file too large: {0}")]
65    FileTooLarge(String),
66
67    /// The platform shell failed to construct its mount session
68    /// (e.g. the Swift FSKit shim returned a null session handle).
69    /// Maps to `EIO`: the mount never came up, nothing to retry
70    /// at the filesystem layer.
71    #[error("mount session initialization failed: {0}")]
72    SessionInit(String),
73
74    /// Errors bubbling up from the underlying object store / repo.
75    #[error(transparent)]
76    Store(#[from] HeddleError),
77}
78
79impl MountError {
80    /// Translate this error into a libc errno suitable for handing
81    /// back to FUSE. Only the platform shell uses this — keeping it
82    /// here means platform code stays one-liners.
83    ///
84    /// `ESTALE` is POSIX-only; on Windows `libc` doesn't define it,
85    /// so the Windows build uses the POSIX value (`116`) verbatim.
86    /// The ProjFS shell translates this back into a Win32
87    /// `ERROR_FILE_INVALID` further downstream — no caller looks at
88    /// the raw integer except as a `match` discriminant.
89    pub fn to_errno(&self) -> i32 {
90        match self {
91            MountError::NotFound(_) | MountError::UnknownThread(_) => libc::ENOENT,
92            MountError::Stale(_) => stale_errno(),
93            MountError::NotADirectory(_) => libc::ENOTDIR,
94            MountError::ReadOnly => libc::EROFS,
95            MountError::AlreadyExists(_) => libc::EEXIST,
96            MountError::IsADirectory(_) => libc::EISDIR,
97            MountError::NotEmpty(_) => libc::ENOTEMPTY,
98            MountError::InvalidArgument(_) => libc::EINVAL,
99            MountError::FileTooLarge(_) => libc::EFBIG,
100            MountError::SessionInit(_) => libc::EIO,
101            MountError::Store(HeddleError::NotFound(_))
102            | MountError::Store(HeddleError::StateNotFound(_))
103            | MountError::Store(HeddleError::MissingObject { .. }) => libc::ENOENT,
104            MountError::Store(HeddleError::Io(io)) => io.raw_os_error().unwrap_or(libc::EIO),
105            MountError::Store(_) => libc::EIO,
106        }
107    }
108}
109
110#[cfg(unix)]
111#[inline]
112fn stale_errno() -> i32 {
113    libc::ESTALE
114}
115
116/// POSIX `ESTALE = 116` on Linux. Reuse the value verbatim on
117/// Windows where the libc crate doesn't expose the constant. The
118/// ProjFS errno→Win32 table in `projfs.rs` maps this back to
119/// `ERROR_FILE_INVALID (1632)`.
120#[cfg(windows)]
121#[inline]
122fn stale_errno() -> i32 {
123    116
124}
125
126/// Best-effort stringification of a `catch_unwind` panic payload.
127/// Recovers the common `&'static str` / `String` panic messages and
128/// falls back to a placeholder for anything else. Shared by the
129/// per-OS shell guard wrappers (FUSE / FSKit / ProjFS), which each
130/// catch panics across an `extern "C"` frame and log the message.
131/// Gated to the union of the shell backends so a no-shell build (which
132/// compiles none of the callers) doesn't trip `dead_code`.
133#[cfg(any(
134    all(target_os = "linux", feature = "fuse"),
135    all(target_os = "macos", feature = "fskit"),
136    all(target_os = "windows", feature = "projfs"),
137))]
138pub(crate) fn panic_payload_str(payload: &Box<dyn std::any::Any + Send>) -> String {
139    if let Some(s) = payload.downcast_ref::<&'static str>() {
140        (*s).to_string()
141    } else if let Some(s) = payload.downcast_ref::<String>() {
142        s.clone()
143    } else {
144        "<non-string panic payload>".to_string()
145    }
146}