1/* 2 * Copyright (c) 2005, Junio C Hamano 3 */ 4 5/* 6 * State diagram and cleanup 7 * ------------------------- 8 * 9 * This module keeps track of all locked files in `lock_file_list` for 10 * use at cleanup. This list and the `lock_file` objects that comprise 11 * it must be kept in self-consistent states at all time, because the 12 * program can be interrupted any time by a signal, in which case the 13 * signal handler will walk through the list attempting to clean up 14 * any open lock files. 15 * 16 * The possible states of a `lock_file` object are as follows: 17 * 18 * - Uninitialized. In this state the object's `on_list` field must be 19 * zero but the rest of its contents need not be initialized. As 20 * soon as the object is used in any way, it is irrevocably 21 * registered in `lock_file_list`, and `on_list` is set. 22 * 23 * - Locked, lockfile open (after `hold_lock_file_for_update()`, 24 * `hold_lock_file_for_append()`, or `reopen_lock_file()`). In this 25 * state: 26 * 27 * - the lockfile exists 28 * - `active` is set 29 * - `filename` holds the filename of the lockfile 30 * - `fd` holds a file descriptor open for writing to the lockfile 31 * - `fp` holds a pointer to an open `FILE` object if and only if 32 * `fdopen_lock_file()` has been called on the object 33 * - `owner` holds the PID of the process that locked the file 34 * 35 * - Locked, lockfile closed (after successful `close_lock_file()`). 36 * Same as the previous state, except that the lockfile is closed 37 * and `fd` is -1. 38 * 39 * - Unlocked (after `commit_lock_file()`, `commit_lock_file_to()`, 40 * `rollback_lock_file()`, a failed attempt to lock, or a failed 41 * `close_lock_file()`). In this state: 42 * 43 * - `active` is unset 44 * - `filename` is empty (usually, though there are transitory 45 * states in which this condition doesn't hold). Client code should 46 * *not* rely on the filename being empty in this state. 47 * - `fd` is -1 48 * - the object is left registered in the `lock_file_list`, and 49 * `on_list` is set. 50 * 51 * A lockfile is owned by the process that created it. The `lock_file` 52 * has an `owner` field that records the owner's PID. This field is 53 * used to prevent a forked process from closing a lockfile created by 54 * its parent. 55 */ 56 57#include "cache.h" 58#include "lockfile.h" 59#include "sigchain.h" 60 61static struct lock_file *volatile lock_file_list; 62 63static void remove_lock_files(int skip_fclose) 64{ 65 pid_t me = getpid(); 66 67 while (lock_file_list) { 68 if (lock_file_list->owner == me) { 69 /* fclose() is not safe to call in a signal handler */ 70 if (skip_fclose) 71 lock_file_list->fp = NULL; 72 rollback_lock_file(lock_file_list); 73 } 74 lock_file_list = lock_file_list->next; 75 } 76} 77 78static void remove_lock_files_on_exit(void) 79{ 80 remove_lock_files(0); 81} 82 83static void remove_lock_files_on_signal(int signo) 84{ 85 remove_lock_files(1); 86 sigchain_pop(signo); 87 raise(signo); 88} 89 90/* 91 * path = absolute or relative path name 92 * 93 * Remove the last path name element from path (leaving the preceding 94 * "/", if any). If path is empty or the root directory ("/"), set 95 * path to the empty string. 96 */ 97static void trim_last_path_component(struct strbuf *path) 98{ 99 int i = path->len; 100 101 /* back up past trailing slashes, if any */ 102 while (i && path->buf[i - 1] == '/') 103 i--; 104 105 /* 106 * then go backwards until a slash, or the beginning of the 107 * string 108 */ 109 while (i && path->buf[i - 1] != '/') 110 i--; 111 112 strbuf_setlen(path, i); 113} 114 115 116/* We allow "recursive" symbolic links. Only within reason, though */ 117#define MAXDEPTH 5 118 119/* 120 * path contains a path that might be a symlink. 121 * 122 * If path is a symlink, attempt to overwrite it with a path to the 123 * real file or directory (which may or may not exist), following a 124 * chain of symlinks if necessary. Otherwise, leave path unmodified. 125 * 126 * This is a best-effort routine. If an error occurs, path will 127 * either be left unmodified or will name a different symlink in a 128 * symlink chain that started with the original path. 129 */ 130static void resolve_symlink(struct strbuf *path) 131{ 132 int depth = MAXDEPTH; 133 static struct strbuf link = STRBUF_INIT; 134 135 while (depth--) { 136 if (strbuf_readlink(&link, path->buf, path->len) < 0) 137 break; 138 139 if (is_absolute_path(link.buf)) 140 /* absolute path simply replaces p */ 141 strbuf_reset(path); 142 else 143 /* 144 * link is a relative path, so replace the 145 * last element of p with it. 146 */ 147 trim_last_path_component(path); 148 149 strbuf_addbuf(path, &link); 150 } 151 strbuf_reset(&link); 152} 153 154/* Make sure errno contains a meaningful value on error */ 155static int lock_file(struct lock_file *lk, const char *path, int flags) 156{ 157 size_t pathlen = strlen(path); 158 159 if (!lock_file_list) { 160 /* One-time initialization */ 161 sigchain_push_common(remove_lock_files_on_signal); 162 atexit(remove_lock_files_on_exit); 163 } 164 165 if (lk->active) 166 die("BUG: cannot lock_file(\"%s\") using active struct lock_file", 167 path); 168 if (!lk->on_list) { 169 /* Initialize *lk and add it to lock_file_list: */ 170 lk->fd = -1; 171 lk->fp = NULL; 172 lk->active = 0; 173 lk->owner = 0; 174 strbuf_init(&lk->filename, pathlen + LOCK_SUFFIX_LEN); 175 lk->next = lock_file_list; 176 lock_file_list = lk; 177 lk->on_list = 1; 178 } else if (lk->filename.len) { 179 /* This shouldn't happen, but better safe than sorry. */ 180 die("BUG: lock_file(\"%s\") called with improperly-reset lock_file object", 181 path); 182 } 183 184 if (flags & LOCK_NO_DEREF) { 185 strbuf_add_absolute_path(&lk->filename, path); 186 } else { 187 struct strbuf resolved_path = STRBUF_INIT; 188 189 strbuf_add(&resolved_path, path, pathlen); 190 resolve_symlink(&resolved_path); 191 strbuf_add_absolute_path(&lk->filename, resolved_path.buf); 192 strbuf_release(&resolved_path); 193 } 194 195 strbuf_addstr(&lk->filename, LOCK_SUFFIX); 196 lk->fd = open(lk->filename.buf, O_RDWR | O_CREAT | O_EXCL, 0666); 197 if (lk->fd < 0) { 198 strbuf_reset(&lk->filename); 199 return -1; 200 } 201 lk->owner = getpid(); 202 lk->active = 1; 203 if (adjust_shared_perm(lk->filename.buf)) { 204 int save_errno = errno; 205 error("cannot fix permission bits on %s", lk->filename.buf); 206 rollback_lock_file(lk); 207 errno = save_errno; 208 return -1; 209 } 210 return lk->fd; 211} 212 213static int sleep_microseconds(long us) 214{ 215 struct timeval tv; 216 tv.tv_sec = 0; 217 tv.tv_usec = us; 218 return select(0, NULL, NULL, NULL, &tv); 219} 220 221/* 222 * Constants defining the gaps between attempts to lock a file. The 223 * first backoff period is approximately INITIAL_BACKOFF_MS 224 * milliseconds. The longest backoff period is approximately 225 * (BACKOFF_MAX_MULTIPLIER * INITIAL_BACKOFF_MS) milliseconds. 226 */ 227#define INITIAL_BACKOFF_MS 1L 228#define BACKOFF_MAX_MULTIPLIER 1000 229 230/* 231 * Try locking path, retrying with quadratic backoff for at least 232 * timeout_ms milliseconds. If timeout_ms is 0, try locking the file 233 * exactly once. If timeout_ms is -1, try indefinitely. 234 */ 235static int lock_file_timeout(struct lock_file *lk, const char *path, 236 int flags, long timeout_ms) 237{ 238 int n = 1; 239 int multiplier = 1; 240 long remaining_us = 0; 241 static int random_initialized = 0; 242 243 if (timeout_ms == 0) 244 return lock_file(lk, path, flags); 245 246 if (!random_initialized) { 247 srandom((unsigned int)getpid()); 248 random_initialized = 1; 249 } 250 251 if (timeout_ms > 0) { 252 /* avoid overflow */ 253 if (timeout_ms <= LONG_MAX / 1000) 254 remaining_us = timeout_ms * 1000; 255 else 256 remaining_us = LONG_MAX; 257 } 258 259 while (1) { 260 long backoff_ms, wait_us; 261 int fd; 262 263 fd = lock_file(lk, path, flags); 264 265 if (fd >= 0) 266 return fd; /* success */ 267 else if (errno != EEXIST) 268 return -1; /* failure other than lock held */ 269 else if (timeout_ms > 0 && remaining_us <= 0) 270 return -1; /* failure due to timeout */ 271 272 backoff_ms = multiplier * INITIAL_BACKOFF_MS; 273 /* back off for between 0.75*backoff_ms and 1.25*backoff_ms */ 274 wait_us = (750 + random() % 500) * backoff_ms; 275 sleep_microseconds(wait_us); 276 remaining_us -= wait_us; 277 278 /* Recursion: (n+1)^2 = n^2 + 2n + 1 */ 279 multiplier += 2*n + 1; 280 if (multiplier > BACKOFF_MAX_MULTIPLIER) 281 multiplier = BACKOFF_MAX_MULTIPLIER; 282 else 283 n++; 284 } 285} 286 287void unable_to_lock_message(const char *path, int err, struct strbuf *buf) 288{ 289 if (err == EEXIST) { 290 strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n" 291 "If no other git process is currently running, this probably means a\n" 292 "git process crashed in this repository earlier. Make sure no other git\n" 293 "process is running and remove the file manually to continue.", 294 absolute_path(path), strerror(err)); 295 } else 296 strbuf_addf(buf, "Unable to create '%s.lock': %s", 297 absolute_path(path), strerror(err)); 298} 299 300NORETURN void unable_to_lock_die(const char *path, int err) 301{ 302 struct strbuf buf = STRBUF_INIT; 303 304 unable_to_lock_message(path, err, &buf); 305 die("%s", buf.buf); 306} 307 308/* This should return a meaningful errno on failure */ 309int hold_lock_file_for_update_timeout(struct lock_file *lk, const char *path, 310 int flags, long timeout_ms) 311{ 312 int fd = lock_file_timeout(lk, path, flags, timeout_ms); 313 if (fd < 0 && (flags & LOCK_DIE_ON_ERROR)) 314 unable_to_lock_die(path, errno); 315 return fd; 316} 317 318int hold_lock_file_for_append(struct lock_file *lk, const char *path, int flags) 319{ 320 int fd, orig_fd; 321 322 fd = lock_file(lk, path, flags); 323 if (fd < 0) { 324 if (flags & LOCK_DIE_ON_ERROR) 325 unable_to_lock_die(path, errno); 326 return fd; 327 } 328 329 orig_fd = open(path, O_RDONLY); 330 if (orig_fd < 0) { 331 if (errno != ENOENT) { 332 int save_errno = errno; 333 334 if (flags & LOCK_DIE_ON_ERROR) 335 die("cannot open '%s' for copying", path); 336 rollback_lock_file(lk); 337 error("cannot open '%s' for copying", path); 338 errno = save_errno; 339 return -1; 340 } 341 } else if (copy_fd(orig_fd, fd)) { 342 int save_errno = errno; 343 344 if (flags & LOCK_DIE_ON_ERROR) 345 die("failed to prepare '%s' for appending", path); 346 close(orig_fd); 347 rollback_lock_file(lk); 348 errno = save_errno; 349 return -1; 350 } else { 351 close(orig_fd); 352 } 353 return fd; 354} 355 356FILE *fdopen_lock_file(struct lock_file *lk, const char *mode) 357{ 358 if (!lk->active) 359 die("BUG: fdopen_lock_file() called for unlocked object"); 360 if (lk->fp) 361 die("BUG: fdopen_lock_file() called twice for file '%s'", lk->filename.buf); 362 363 lk->fp = fdopen(lk->fd, mode); 364 return lk->fp; 365} 366 367char *get_locked_file_path(struct lock_file *lk) 368{ 369 if (!lk->active) 370 die("BUG: get_locked_file_path() called for unlocked object"); 371 if (lk->filename.len <= LOCK_SUFFIX_LEN) 372 die("BUG: get_locked_file_path() called for malformed lock object"); 373 return xmemdupz(lk->filename.buf, lk->filename.len - LOCK_SUFFIX_LEN); 374} 375 376int close_lock_file(struct lock_file *lk) 377{ 378 int fd = lk->fd; 379 FILE *fp = lk->fp; 380 int err; 381 382 if (fd < 0) 383 return 0; 384 385 lk->fd = -1; 386 if (fp) { 387 lk->fp = NULL; 388 389 /* 390 * Note: no short-circuiting here; we want to fclose() 391 * in any case! 392 */ 393 err = ferror(fp) | fclose(fp); 394 } else { 395 err = close(fd); 396 } 397 398 if (err) { 399 int save_errno = errno; 400 rollback_lock_file(lk); 401 errno = save_errno; 402 return -1; 403 } 404 405 return 0; 406} 407 408int reopen_lock_file(struct lock_file *lk) 409{ 410 if (0 <= lk->fd) 411 die(_("BUG: reopen a lockfile that is still open")); 412 if (!lk->active) 413 die(_("BUG: reopen a lockfile that has been committed")); 414 lk->fd = open(lk->filename.buf, O_WRONLY); 415 return lk->fd; 416} 417 418int commit_lock_file_to(struct lock_file *lk, const char *path) 419{ 420 if (!lk->active) 421 die("BUG: attempt to commit unlocked object to \"%s\"", path); 422 423 if (close_lock_file(lk)) 424 return -1; 425 426 if (rename(lk->filename.buf, path)) { 427 int save_errno = errno; 428 rollback_lock_file(lk); 429 errno = save_errno; 430 return -1; 431 } 432 433 lk->active = 0; 434 strbuf_reset(&lk->filename); 435 return 0; 436} 437 438int commit_lock_file(struct lock_file *lk) 439{ 440 static struct strbuf result_file = STRBUF_INIT; 441 int err; 442 443 if (!lk->active) 444 die("BUG: attempt to commit unlocked object"); 445 446 if (lk->filename.len <= LOCK_SUFFIX_LEN || 447 strcmp(lk->filename.buf + lk->filename.len - LOCK_SUFFIX_LEN, LOCK_SUFFIX)) 448 die("BUG: lockfile filename corrupt"); 449 450 /* remove ".lock": */ 451 strbuf_add(&result_file, lk->filename.buf, 452 lk->filename.len - LOCK_SUFFIX_LEN); 453 err = commit_lock_file_to(lk, result_file.buf); 454 strbuf_reset(&result_file); 455 return err; 456} 457 458void rollback_lock_file(struct lock_file *lk) 459{ 460 if (!lk->active) 461 return; 462 463 if (!close_lock_file(lk)) { 464 unlink_or_warn(lk->filename.buf); 465 lk->active = 0; 466 strbuf_reset(&lk->filename); 467 } 468}