2369eff5411521f308cdca17b46e8856a2840374
   1/*
   2 * Copyright (c) 2005, Junio C Hamano
   3 */
   4
   5/*
   6 * State diagram and cleanup
   7 * -------------------------
   8 *
   9 * This module keeps track of all locked files in `lock_file_list` for
  10 * use at cleanup. This list and the `lock_file` objects that comprise
  11 * it must be kept in self-consistent states at all time, because the
  12 * program can be interrupted any time by a signal, in which case the
  13 * signal handler will walk through the list attempting to clean up
  14 * any open lock files.
  15 *
  16 * The possible states of a `lock_file` object are as follows:
  17 *
  18 * - Uninitialized. In this state the object's `on_list` field must be
  19 *   zero but the rest of its contents need not be initialized. As
  20 *   soon as the object is used in any way, it is irrevocably
  21 *   registered in `lock_file_list`, and `on_list` is set.
  22 *
  23 * - Locked, lockfile open (after `hold_lock_file_for_update()`,
  24 *   `hold_lock_file_for_append()`, or `reopen_lock_file()`). In this
  25 *   state:
  26 *
  27 *   - the lockfile exists
  28 *   - `active` is set
  29 *   - `filename` holds the filename of the lockfile
  30 *   - `fd` holds a file descriptor open for writing to the lockfile
  31 *   - `fp` holds a pointer to an open `FILE` object if and only if
  32 *     `fdopen_lock_file()` has been called on the object
  33 *   - `owner` holds the PID of the process that locked the file
  34 *
  35 * - Locked, lockfile closed (after successful `close_lock_file()`).
  36 *   Same as the previous state, except that the lockfile is closed
  37 *   and `fd` is -1.
  38 *
  39 * - Unlocked (after `commit_lock_file()`, `commit_lock_file_to()`,
  40 *   `rollback_lock_file()`, a failed attempt to lock, or a failed
  41 *   `close_lock_file()`).  In this state:
  42 *
  43 *   - `active` is unset
  44 *   - `filename` is empty (usually, though there are transitory
  45 *     states in which this condition doesn't hold). Client code should
  46 *     *not* rely on the filename being empty in this state.
  47 *   - `fd` is -1
  48 *   - the object is left registered in the `lock_file_list`, and
  49 *     `on_list` is set.
  50 *
  51 * A lockfile is owned by the process that created it. The `lock_file`
  52 * has an `owner` field that records the owner's PID. This field is
  53 * used to prevent a forked process from closing a lockfile created by
  54 * its parent.
  55 */
  56
  57#include "cache.h"
  58#include "lockfile.h"
  59#include "sigchain.h"
  60
  61static struct lock_file *volatile lock_file_list;
  62
  63static void remove_lock_files(int skip_fclose)
  64{
  65        pid_t me = getpid();
  66
  67        while (lock_file_list) {
  68                if (lock_file_list->owner == me) {
  69                        /* fclose() is not safe to call in a signal handler */
  70                        if (skip_fclose)
  71                                lock_file_list->fp = NULL;
  72                        rollback_lock_file(lock_file_list);
  73                }
  74                lock_file_list = lock_file_list->next;
  75        }
  76}
  77
  78static void remove_lock_files_on_exit(void)
  79{
  80        remove_lock_files(0);
  81}
  82
  83static void remove_lock_files_on_signal(int signo)
  84{
  85        remove_lock_files(1);
  86        sigchain_pop(signo);
  87        raise(signo);
  88}
  89
  90/*
  91 * path = absolute or relative path name
  92 *
  93 * Remove the last path name element from path (leaving the preceding
  94 * "/", if any).  If path is empty or the root directory ("/"), set
  95 * path to the empty string.
  96 */
  97static void trim_last_path_component(struct strbuf *path)
  98{
  99        int i = path->len;
 100
 101        /* back up past trailing slashes, if any */
 102        while (i && path->buf[i - 1] == '/')
 103                i--;
 104
 105        /*
 106         * then go backwards until a slash, or the beginning of the
 107         * string
 108         */
 109        while (i && path->buf[i - 1] != '/')
 110                i--;
 111
 112        strbuf_setlen(path, i);
 113}
 114
 115
 116/* We allow "recursive" symbolic links. Only within reason, though */
 117#define MAXDEPTH 5
 118
 119/*
 120 * path contains a path that might be a symlink.
 121 *
 122 * If path is a symlink, attempt to overwrite it with a path to the
 123 * real file or directory (which may or may not exist), following a
 124 * chain of symlinks if necessary.  Otherwise, leave path unmodified.
 125 *
 126 * This is a best-effort routine.  If an error occurs, path will
 127 * either be left unmodified or will name a different symlink in a
 128 * symlink chain that started with the original path.
 129 */
 130static void resolve_symlink(struct strbuf *path)
 131{
 132        int depth = MAXDEPTH;
 133        static struct strbuf link = STRBUF_INIT;
 134
 135        while (depth--) {
 136                if (strbuf_readlink(&link, path->buf, path->len) < 0)
 137                        break;
 138
 139                if (is_absolute_path(link.buf))
 140                        /* absolute path simply replaces p */
 141                        strbuf_reset(path);
 142                else
 143                        /*
 144                         * link is a relative path, so replace the
 145                         * last element of p with it.
 146                         */
 147                        trim_last_path_component(path);
 148
 149                strbuf_addbuf(path, &link);
 150        }
 151        strbuf_reset(&link);
 152}
 153
 154/* Make sure errno contains a meaningful value on error */
 155static int lock_file(struct lock_file *lk, const char *path, int flags)
 156{
 157        size_t pathlen = strlen(path);
 158
 159        if (!lock_file_list) {
 160                /* One-time initialization */
 161                sigchain_push_common(remove_lock_files_on_signal);
 162                atexit(remove_lock_files_on_exit);
 163        }
 164
 165        if (lk->active)
 166                die("BUG: cannot lock_file(\"%s\") using active struct lock_file",
 167                    path);
 168        if (!lk->on_list) {
 169                /* Initialize *lk and add it to lock_file_list: */
 170                lk->fd = -1;
 171                lk->fp = NULL;
 172                lk->active = 0;
 173                lk->owner = 0;
 174                strbuf_init(&lk->filename, pathlen + LOCK_SUFFIX_LEN);
 175                lk->next = lock_file_list;
 176                lock_file_list = lk;
 177                lk->on_list = 1;
 178        } else if (lk->filename.len) {
 179                /* This shouldn't happen, but better safe than sorry. */
 180                die("BUG: lock_file(\"%s\") called with improperly-reset lock_file object",
 181                    path);
 182        }
 183
 184        if (flags & LOCK_NO_DEREF) {
 185                strbuf_add_absolute_path(&lk->filename, path);
 186        } else {
 187                struct strbuf resolved_path = STRBUF_INIT;
 188
 189                strbuf_add(&resolved_path, path, pathlen);
 190                resolve_symlink(&resolved_path);
 191                strbuf_add_absolute_path(&lk->filename, resolved_path.buf);
 192                strbuf_release(&resolved_path);
 193        }
 194
 195        strbuf_addstr(&lk->filename, LOCK_SUFFIX);
 196        lk->fd = open(lk->filename.buf, O_RDWR | O_CREAT | O_EXCL, 0666);
 197        if (lk->fd < 0) {
 198                strbuf_reset(&lk->filename);
 199                return -1;
 200        }
 201        lk->owner = getpid();
 202        lk->active = 1;
 203        if (adjust_shared_perm(lk->filename.buf)) {
 204                int save_errno = errno;
 205                error("cannot fix permission bits on %s", lk->filename.buf);
 206                rollback_lock_file(lk);
 207                errno = save_errno;
 208                return -1;
 209        }
 210        return lk->fd;
 211}
 212
 213static int sleep_microseconds(long us)
 214{
 215        struct timeval tv;
 216        tv.tv_sec = 0;
 217        tv.tv_usec = us;
 218        return select(0, NULL, NULL, NULL, &tv);
 219}
 220
 221/*
 222 * Constants defining the gaps between attempts to lock a file. The
 223 * first backoff period is approximately INITIAL_BACKOFF_MS
 224 * milliseconds. The longest backoff period is approximately
 225 * (BACKOFF_MAX_MULTIPLIER * INITIAL_BACKOFF_MS) milliseconds.
 226 */
 227#define INITIAL_BACKOFF_MS 1L
 228#define BACKOFF_MAX_MULTIPLIER 1000
 229
 230/*
 231 * Try locking path, retrying with quadratic backoff for at least
 232 * timeout_ms milliseconds. If timeout_ms is 0, try locking the file
 233 * exactly once. If timeout_ms is -1, try indefinitely.
 234 */
 235static int lock_file_timeout(struct lock_file *lk, const char *path,
 236                             int flags, long timeout_ms)
 237{
 238        int n = 1;
 239        int multiplier = 1;
 240        long remaining_us = 0;
 241        static int random_initialized = 0;
 242
 243        if (timeout_ms == 0)
 244                return lock_file(lk, path, flags);
 245
 246        if (!random_initialized) {
 247                srandom((unsigned int)getpid());
 248                random_initialized = 1;
 249        }
 250
 251        if (timeout_ms > 0) {
 252                /* avoid overflow */
 253                if (timeout_ms <= LONG_MAX / 1000)
 254                        remaining_us = timeout_ms * 1000;
 255                else
 256                        remaining_us = LONG_MAX;
 257        }
 258
 259        while (1) {
 260                long backoff_ms, wait_us;
 261                int fd;
 262
 263                fd = lock_file(lk, path, flags);
 264
 265                if (fd >= 0)
 266                        return fd; /* success */
 267                else if (errno != EEXIST)
 268                        return -1; /* failure other than lock held */
 269                else if (timeout_ms > 0 && remaining_us <= 0)
 270                        return -1; /* failure due to timeout */
 271
 272                backoff_ms = multiplier * INITIAL_BACKOFF_MS;
 273                /* back off for between 0.75*backoff_ms and 1.25*backoff_ms */
 274                wait_us = (750 + random() % 500) * backoff_ms;
 275                sleep_microseconds(wait_us);
 276                remaining_us -= wait_us;
 277
 278                /* Recursion: (n+1)^2 = n^2 + 2n + 1 */
 279                multiplier += 2*n + 1;
 280                if (multiplier > BACKOFF_MAX_MULTIPLIER)
 281                        multiplier = BACKOFF_MAX_MULTIPLIER;
 282                else
 283                        n++;
 284        }
 285}
 286
 287void unable_to_lock_message(const char *path, int err, struct strbuf *buf)
 288{
 289        if (err == EEXIST) {
 290                strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
 291                    "If no other git process is currently running, this probably means a\n"
 292                    "git process crashed in this repository earlier. Make sure no other git\n"
 293                    "process is running and remove the file manually to continue.",
 294                            absolute_path(path), strerror(err));
 295        } else
 296                strbuf_addf(buf, "Unable to create '%s.lock': %s",
 297                            absolute_path(path), strerror(err));
 298}
 299
 300NORETURN void unable_to_lock_die(const char *path, int err)
 301{
 302        struct strbuf buf = STRBUF_INIT;
 303
 304        unable_to_lock_message(path, err, &buf);
 305        die("%s", buf.buf);
 306}
 307
 308/* This should return a meaningful errno on failure */
 309int hold_lock_file_for_update_timeout(struct lock_file *lk, const char *path,
 310                                      int flags, long timeout_ms)
 311{
 312        int fd = lock_file_timeout(lk, path, flags, timeout_ms);
 313        if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
 314                unable_to_lock_die(path, errno);
 315        return fd;
 316}
 317
 318int hold_lock_file_for_append(struct lock_file *lk, const char *path, int flags)
 319{
 320        int fd, orig_fd;
 321
 322        fd = lock_file(lk, path, flags);
 323        if (fd < 0) {
 324                if (flags & LOCK_DIE_ON_ERROR)
 325                        unable_to_lock_die(path, errno);
 326                return fd;
 327        }
 328
 329        orig_fd = open(path, O_RDONLY);
 330        if (orig_fd < 0) {
 331                if (errno != ENOENT) {
 332                        int save_errno = errno;
 333
 334                        if (flags & LOCK_DIE_ON_ERROR)
 335                                die("cannot open '%s' for copying", path);
 336                        rollback_lock_file(lk);
 337                        error("cannot open '%s' for copying", path);
 338                        errno = save_errno;
 339                        return -1;
 340                }
 341        } else if (copy_fd(orig_fd, fd)) {
 342                int save_errno = errno;
 343
 344                if (flags & LOCK_DIE_ON_ERROR)
 345                        die("failed to prepare '%s' for appending", path);
 346                close(orig_fd);
 347                rollback_lock_file(lk);
 348                errno = save_errno;
 349                return -1;
 350        } else {
 351                close(orig_fd);
 352        }
 353        return fd;
 354}
 355
 356FILE *fdopen_lock_file(struct lock_file *lk, const char *mode)
 357{
 358        if (!lk->active)
 359                die("BUG: fdopen_lock_file() called for unlocked object");
 360        if (lk->fp)
 361                die("BUG: fdopen_lock_file() called twice for file '%s'", lk->filename.buf);
 362
 363        lk->fp = fdopen(lk->fd, mode);
 364        return lk->fp;
 365}
 366
 367char *get_locked_file_path(struct lock_file *lk)
 368{
 369        if (!lk->active)
 370                die("BUG: get_locked_file_path() called for unlocked object");
 371        if (lk->filename.len <= LOCK_SUFFIX_LEN)
 372                die("BUG: get_locked_file_path() called for malformed lock object");
 373        return xmemdupz(lk->filename.buf, lk->filename.len - LOCK_SUFFIX_LEN);
 374}
 375
 376int close_lock_file(struct lock_file *lk)
 377{
 378        int fd = lk->fd;
 379        FILE *fp = lk->fp;
 380        int err;
 381
 382        if (fd < 0)
 383                return 0;
 384
 385        lk->fd = -1;
 386        if (fp) {
 387                lk->fp = NULL;
 388
 389                /*
 390                 * Note: no short-circuiting here; we want to fclose()
 391                 * in any case!
 392                 */
 393                err = ferror(fp) | fclose(fp);
 394        } else {
 395                err = close(fd);
 396        }
 397
 398        if (err) {
 399                int save_errno = errno;
 400                rollback_lock_file(lk);
 401                errno = save_errno;
 402                return -1;
 403        }
 404
 405        return 0;
 406}
 407
 408int reopen_lock_file(struct lock_file *lk)
 409{
 410        if (0 <= lk->fd)
 411                die(_("BUG: reopen a lockfile that is still open"));
 412        if (!lk->active)
 413                die(_("BUG: reopen a lockfile that has been committed"));
 414        lk->fd = open(lk->filename.buf, O_WRONLY);
 415        return lk->fd;
 416}
 417
 418int commit_lock_file_to(struct lock_file *lk, const char *path)
 419{
 420        if (!lk->active)
 421                die("BUG: attempt to commit unlocked object to \"%s\"", path);
 422
 423        if (close_lock_file(lk))
 424                return -1;
 425
 426        if (rename(lk->filename.buf, path)) {
 427                int save_errno = errno;
 428                rollback_lock_file(lk);
 429                errno = save_errno;
 430                return -1;
 431        }
 432
 433        lk->active = 0;
 434        strbuf_reset(&lk->filename);
 435        return 0;
 436}
 437
 438int commit_lock_file(struct lock_file *lk)
 439{
 440        static struct strbuf result_file = STRBUF_INIT;
 441        int err;
 442
 443        if (!lk->active)
 444                die("BUG: attempt to commit unlocked object");
 445
 446        if (lk->filename.len <= LOCK_SUFFIX_LEN ||
 447            strcmp(lk->filename.buf + lk->filename.len - LOCK_SUFFIX_LEN, LOCK_SUFFIX))
 448                die("BUG: lockfile filename corrupt");
 449
 450        /* remove ".lock": */
 451        strbuf_add(&result_file, lk->filename.buf,
 452                   lk->filename.len - LOCK_SUFFIX_LEN);
 453        err = commit_lock_file_to(lk, result_file.buf);
 454        strbuf_reset(&result_file);
 455        return err;
 456}
 457
 458void rollback_lock_file(struct lock_file *lk)
 459{
 460        if (!lk->active)
 461                return;
 462
 463        if (!close_lock_file(lk)) {
 464                unlink_or_warn(lk->filename.buf);
 465                lk->active = 0;
 466                strbuf_reset(&lk->filename);
 467        }
 468}