Andrew's git / gitweb.git / lockfile.c
?
lockfile.con commit lockfile: add accessor get_lock_file_path() (b4fb09e)
   1/*
   2 * Copyright (c) 2005, Junio C Hamano
   3 */
   4
   5/*
   6 * State diagram and cleanup
   7 * -------------------------
   8 *
   9 * This module keeps track of all locked files in `lock_file_list` for
  10 * use at cleanup. This list and the `lock_file` objects that comprise
  11 * it must be kept in self-consistent states at all time, because the
  12 * program can be interrupted any time by a signal, in which case the
  13 * signal handler will walk through the list attempting to clean up
  14 * any open lock files.
  15 *
  16 * The possible states of a `lock_file` object are as follows:
  17 *
  18 * - Uninitialized. In this state the object's `on_list` field must be
  19 *   zero but the rest of its contents need not be initialized. As
  20 *   soon as the object is used in any way, it is irrevocably
  21 *   registered in `lock_file_list`, and `on_list` is set.
  22 *
  23 * - Locked, lockfile open (after `hold_lock_file_for_update()`,
  24 *   `hold_lock_file_for_append()`, or `reopen_lock_file()`). In this
  25 *   state:
  26 *
  27 *   - the lockfile exists
  28 *   - `active` is set
  29 *   - `filename` holds the filename of the lockfile
  30 *   - `fd` holds a file descriptor open for writing to the lockfile
  31 *   - `fp` holds a pointer to an open `FILE` object if and only if
  32 *     `fdopen_lock_file()` has been called on the object
  33 *   - `owner` holds the PID of the process that locked the file
  34 *
  35 * - Locked, lockfile closed (after successful `close_lock_file()`).
  36 *   Same as the previous state, except that the lockfile is closed
  37 *   and `fd` is -1.
  38 *
  39 * - Unlocked (after `commit_lock_file()`, `commit_lock_file_to()`,
  40 *   `rollback_lock_file()`, a failed attempt to lock, or a failed
  41 *   `close_lock_file()`).  In this state:
  42 *
  43 *   - `active` is unset
  44 *   - `filename` is empty (usually, though there are transitory
  45 *     states in which this condition doesn't hold). Client code should
  46 *     *not* rely on the filename being empty in this state.
  47 *   - `fd` is -1
  48 *   - the object is left registered in the `lock_file_list`, and
  49 *     `on_list` is set.
  50 *
  51 * A lockfile is owned by the process that created it. The `lock_file`
  52 * has an `owner` field that records the owner's PID. This field is
  53 * used to prevent a forked process from closing a lockfile created by
  54 * its parent.
  55 */
  56
  57#include "cache.h"
  58#include "lockfile.h"
  59#include "sigchain.h"
  60
  61static struct lock_file *volatile lock_file_list;
  62
  63static void remove_lock_files(int skip_fclose)
  64{
  65        pid_t me = getpid();
  66
  67        while (lock_file_list) {
  68                if (lock_file_list->owner == me) {
  69                        /* fclose() is not safe to call in a signal handler */
  70                        if (skip_fclose)
  71                                lock_file_list->fp = NULL;
  72                        rollback_lock_file(lock_file_list);
  73                }
  74                lock_file_list = lock_file_list->next;
  75        }
  76}
  77
  78static void remove_lock_files_on_exit(void)
  79{
  80        remove_lock_files(0);
  81}
  82
  83static void remove_lock_files_on_signal(int signo)
  84{
  85        remove_lock_files(1);
  86        sigchain_pop(signo);
  87        raise(signo);
  88}
  89
  90/*
  91 * path = absolute or relative path name
  92 *
  93 * Remove the last path name element from path (leaving the preceding
  94 * "/", if any).  If path is empty or the root directory ("/"), set
  95 * path to the empty string.
  96 */
  97static void trim_last_path_component(struct strbuf *path)
  98{
  99        int i = path->len;
 100
 101        /* back up past trailing slashes, if any */
 102        while (i && path->buf[i - 1] == '/')
 103                i--;
 104
 105        /*
 106         * then go backwards until a slash, or the beginning of the
 107         * string
 108         */
 109        while (i && path->buf[i - 1] != '/')
 110                i--;
 111
 112        strbuf_setlen(path, i);
 113}
 114
 115
 116/* We allow "recursive" symbolic links. Only within reason, though */
 117#define MAXDEPTH 5
 118
 119/*
 120 * path contains a path that might be a symlink.
 121 *
 122 * If path is a symlink, attempt to overwrite it with a path to the
 123 * real file or directory (which may or may not exist), following a
 124 * chain of symlinks if necessary.  Otherwise, leave path unmodified.
 125 *
 126 * This is a best-effort routine.  If an error occurs, path will
 127 * either be left unmodified or will name a different symlink in a
 128 * symlink chain that started with the original path.
 129 */
 130static void resolve_symlink(struct strbuf *path)
 131{
 132        int depth = MAXDEPTH;
 133        static struct strbuf link = STRBUF_INIT;
 134
 135        while (depth--) {
 136                if (strbuf_readlink(&link, path->buf, path->len) < 0)
 137                        break;
 138
 139                if (is_absolute_path(link.buf))
 140                        /* absolute path simply replaces p */
 141                        strbuf_reset(path);
 142                else
 143                        /*
 144                         * link is a relative path, so replace the
 145                         * last element of p with it.
 146                         */
 147                        trim_last_path_component(path);
 148
 149                strbuf_addbuf(path, &link);
 150        }
 151        strbuf_reset(&link);
 152}
 153
 154/* Make sure errno contains a meaningful value on error */
 155static int lock_file(struct lock_file *lk, const char *path, int flags)
 156{
 157        size_t pathlen = strlen(path);
 158
 159        if (!lock_file_list) {
 160                /* One-time initialization */
 161                sigchain_push_common(remove_lock_files_on_signal);
 162                atexit(remove_lock_files_on_exit);
 163        }
 164
 165        if (lk->active)
 166                die("BUG: cannot lock_file(\"%s\") using active struct lock_file",
 167                    path);
 168        if (!lk->on_list) {
 169                /* Initialize *lk and add it to lock_file_list: */
 170                lk->fd = -1;
 171                lk->fp = NULL;
 172                lk->active = 0;
 173                lk->owner = 0;
 174                strbuf_init(&lk->filename, pathlen + LOCK_SUFFIX_LEN);
 175                lk->next = lock_file_list;
 176                lock_file_list = lk;
 177                lk->on_list = 1;
 178        } else if (lk->filename.len) {
 179                /* This shouldn't happen, but better safe than sorry. */
 180                die("BUG: lock_file(\"%s\") called with improperly-reset lock_file object",
 181                    path);
 182        }
 183
 184        if (flags & LOCK_NO_DEREF) {
 185                strbuf_add_absolute_path(&lk->filename, path);
 186        } else {
 187                struct strbuf resolved_path = STRBUF_INIT;
 188
 189                strbuf_add(&resolved_path, path, pathlen);
 190                resolve_symlink(&resolved_path);
 191                strbuf_add_absolute_path(&lk->filename, resolved_path.buf);
 192                strbuf_release(&resolved_path);
 193        }
 194
 195        strbuf_addstr(&lk->filename, LOCK_SUFFIX);
 196        lk->fd = open(lk->filename.buf, O_RDWR | O_CREAT | O_EXCL, 0666);
 197        if (lk->fd < 0) {
 198                strbuf_reset(&lk->filename);
 199                return -1;
 200        }
 201        lk->owner = getpid();
 202        lk->active = 1;
 203        if (adjust_shared_perm(lk->filename.buf)) {
 204                int save_errno = errno;
 205                error("cannot fix permission bits on %s", lk->filename.buf);
 206                rollback_lock_file(lk);
 207                errno = save_errno;
 208                return -1;
 209        }
 210        return lk->fd;
 211}
 212
 213static int sleep_microseconds(long us)
 214{
 215        struct timeval tv;
 216        tv.tv_sec = 0;
 217        tv.tv_usec = us;
 218        return select(0, NULL, NULL, NULL, &tv);
 219}
 220
 221/*
 222 * Constants defining the gaps between attempts to lock a file. The
 223 * first backoff period is approximately INITIAL_BACKOFF_MS
 224 * milliseconds. The longest backoff period is approximately
 225 * (BACKOFF_MAX_MULTIPLIER * INITIAL_BACKOFF_MS) milliseconds.
 226 */
 227#define INITIAL_BACKOFF_MS 1L
 228#define BACKOFF_MAX_MULTIPLIER 1000
 229
 230/*
 231 * Try locking path, retrying with quadratic backoff for at least
 232 * timeout_ms milliseconds. If timeout_ms is 0, try locking the file
 233 * exactly once. If timeout_ms is -1, try indefinitely.
 234 */
 235static int lock_file_timeout(struct lock_file *lk, const char *path,
 236                             int flags, long timeout_ms)
 237{
 238        int n = 1;
 239        int multiplier = 1;
 240        long remaining_us = 0;
 241        static int random_initialized = 0;
 242
 243        if (timeout_ms == 0)
 244                return lock_file(lk, path, flags);
 245
 246        if (!random_initialized) {
 247                srandom((unsigned int)getpid());
 248                random_initialized = 1;
 249        }
 250
 251        if (timeout_ms > 0) {
 252                /* avoid overflow */
 253                if (timeout_ms <= LONG_MAX / 1000)
 254                        remaining_us = timeout_ms * 1000;
 255                else
 256                        remaining_us = LONG_MAX;
 257        }
 258
 259        while (1) {
 260                long backoff_ms, wait_us;
 261                int fd;
 262
 263                fd = lock_file(lk, path, flags);
 264
 265                if (fd >= 0)
 266                        return fd; /* success */
 267                else if (errno != EEXIST)
 268                        return -1; /* failure other than lock held */
 269                else if (timeout_ms > 0 && remaining_us <= 0)
 270                        return -1; /* failure due to timeout */
 271
 272                backoff_ms = multiplier * INITIAL_BACKOFF_MS;
 273                /* back off for between 0.75*backoff_ms and 1.25*backoff_ms */
 274                wait_us = (750 + random() % 500) * backoff_ms;
 275                sleep_microseconds(wait_us);
 276                remaining_us -= wait_us;
 277
 278                /* Recursion: (n+1)^2 = n^2 + 2n + 1 */
 279                multiplier += 2*n + 1;
 280                if (multiplier > BACKOFF_MAX_MULTIPLIER)
 281                        multiplier = BACKOFF_MAX_MULTIPLIER;
 282                else
 283                        n++;
 284        }
 285}
 286
 287void unable_to_lock_message(const char *path, int err, struct strbuf *buf)
 288{
 289        if (err == EEXIST) {
 290                strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
 291                    "If no other git process is currently running, this probably means a\n"
 292                    "git process crashed in this repository earlier. Make sure no other git\n"
 293                    "process is running and remove the file manually to continue.",
 294                            absolute_path(path), strerror(err));
 295        } else
 296                strbuf_addf(buf, "Unable to create '%s.lock': %s",
 297                            absolute_path(path), strerror(err));
 298}
 299
 300NORETURN void unable_to_lock_die(const char *path, int err)
 301{
 302        struct strbuf buf = STRBUF_INIT;
 303
 304        unable_to_lock_message(path, err, &buf);
 305        die("%s", buf.buf);
 306}
 307
 308/* This should return a meaningful errno on failure */
 309int hold_lock_file_for_update_timeout(struct lock_file *lk, const char *path,
 310                                      int flags, long timeout_ms)
 311{
 312        int fd = lock_file_timeout(lk, path, flags, timeout_ms);
 313        if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
 314                unable_to_lock_die(path, errno);
 315        return fd;
 316}
 317
 318int hold_lock_file_for_append(struct lock_file *lk, const char *path, int flags)
 319{
 320        int fd, orig_fd;
 321
 322        fd = lock_file(lk, path, flags);
 323        if (fd < 0) {
 324                if (flags & LOCK_DIE_ON_ERROR)
 325                        unable_to_lock_die(path, errno);
 326                return fd;
 327        }
 328
 329        orig_fd = open(path, O_RDONLY);
 330        if (orig_fd < 0) {
 331                if (errno != ENOENT) {
 332                        int save_errno = errno;
 333
 334                        if (flags & LOCK_DIE_ON_ERROR)
 335                                die("cannot open '%s' for copying", path);
 336                        rollback_lock_file(lk);
 337                        error("cannot open '%s' for copying", path);
 338                        errno = save_errno;
 339                        return -1;
 340                }
 341        } else if (copy_fd(orig_fd, fd)) {
 342                int save_errno = errno;
 343
 344                if (flags & LOCK_DIE_ON_ERROR)
 345                        die("failed to prepare '%s' for appending", path);
 346                close(orig_fd);
 347                rollback_lock_file(lk);
 348                errno = save_errno;
 349                return -1;
 350        } else {
 351                close(orig_fd);
 352        }
 353        return fd;
 354}
 355
 356FILE *fdopen_lock_file(struct lock_file *lk, const char *mode)
 357{
 358        if (!lk->active)
 359                die("BUG: fdopen_lock_file() called for unlocked object");
 360        if (lk->fp)
 361                die("BUG: fdopen_lock_file() called twice for file '%s'", lk->filename.buf);
 362
 363        lk->fp = fdopen(lk->fd, mode);
 364        return lk->fp;
 365}
 366
 367const char *get_lock_file_path(struct lock_file *lk)
 368{
 369        if (!lk->active)
 370                die("BUG: get_lock_file_path() called for unlocked object");
 371        return lk->filename.buf;
 372}
 373
 374int get_lock_file_fd(struct lock_file *lk)
 375{
 376        if (!lk->active)
 377                die("BUG: get_lock_file_fd() called for unlocked object");
 378        return lk->fd;
 379}
 380
 381FILE *get_lock_file_fp(struct lock_file *lk)
 382{
 383        if (!lk->active)
 384                die("BUG: get_lock_file_fp() called for unlocked object");
 385        return lk->fp;
 386}
 387
 388char *get_locked_file_path(struct lock_file *lk)
 389{
 390        if (!lk->active)
 391                die("BUG: get_locked_file_path() called for unlocked object");
 392        if (lk->filename.len <= LOCK_SUFFIX_LEN)
 393                die("BUG: get_locked_file_path() called for malformed lock object");
 394        return xmemdupz(lk->filename.buf, lk->filename.len - LOCK_SUFFIX_LEN);
 395}
 396
 397int close_lock_file(struct lock_file *lk)
 398{
 399        int fd = lk->fd;
 400        FILE *fp = lk->fp;
 401        int err;
 402
 403        if (fd < 0)
 404                return 0;
 405
 406        lk->fd = -1;
 407        if (fp) {
 408                lk->fp = NULL;
 409
 410                /*
 411                 * Note: no short-circuiting here; we want to fclose()
 412                 * in any case!
 413                 */
 414                err = ferror(fp) | fclose(fp);
 415        } else {
 416                err = close(fd);
 417        }
 418
 419        if (err) {
 420                int save_errno = errno;
 421                rollback_lock_file(lk);
 422                errno = save_errno;
 423                return -1;
 424        }
 425
 426        return 0;
 427}
 428
 429int reopen_lock_file(struct lock_file *lk)
 430{
 431        if (0 <= lk->fd)
 432                die(_("BUG: reopen a lockfile that is still open"));
 433        if (!lk->active)
 434                die(_("BUG: reopen a lockfile that has been committed"));
 435        lk->fd = open(lk->filename.buf, O_WRONLY);
 436        return lk->fd;
 437}
 438
 439int commit_lock_file_to(struct lock_file *lk, const char *path)
 440{
 441        if (!lk->active)
 442                die("BUG: attempt to commit unlocked object to \"%s\"", path);
 443
 444        if (close_lock_file(lk))
 445                return -1;
 446
 447        if (rename(lk->filename.buf, path)) {
 448                int save_errno = errno;
 449                rollback_lock_file(lk);
 450                errno = save_errno;
 451                return -1;
 452        }
 453
 454        lk->active = 0;
 455        strbuf_reset(&lk->filename);
 456        return 0;
 457}
 458
 459int commit_lock_file(struct lock_file *lk)
 460{
 461        static struct strbuf result_file = STRBUF_INIT;
 462        int err;
 463
 464        if (!lk->active)
 465                die("BUG: attempt to commit unlocked object");
 466
 467        if (lk->filename.len <= LOCK_SUFFIX_LEN ||
 468            strcmp(lk->filename.buf + lk->filename.len - LOCK_SUFFIX_LEN, LOCK_SUFFIX))
 469                die("BUG: lockfile filename corrupt");
 470
 471        /* remove ".lock": */
 472        strbuf_add(&result_file, lk->filename.buf,
 473                   lk->filename.len - LOCK_SUFFIX_LEN);
 474        err = commit_lock_file_to(lk, result_file.buf);
 475        strbuf_reset(&result_file);
 476        return err;
 477}
 478
 479void rollback_lock_file(struct lock_file *lk)
 480{
 481        if (!lk->active)
 482                return;
 483
 484        if (!close_lock_file(lk)) {
 485                unlink_or_warn(lk->filename.buf);
 486                lk->active = 0;
 487                strbuf_reset(&lk->filename);
 488        }
 489}