1/* 2 * Copyright (c) 2005, Junio C Hamano 3 */ 4 5/* 6 * State diagram and cleanup 7 * ------------------------- 8 * 9 * This module keeps track of all locked files in `lock_file_list` for 10 * use at cleanup. This list and the `lock_file` objects that comprise 11 * it must be kept in self-consistent states at all time, because the 12 * program can be interrupted any time by a signal, in which case the 13 * signal handler will walk through the list attempting to clean up 14 * any open lock files. 15 * 16 * The possible states of a `lock_file` object are as follows: 17 * 18 * - Uninitialized. In this state the object's `on_list` field must be 19 * zero but the rest of its contents need not be initialized. As 20 * soon as the object is used in any way, it is irrevocably 21 * registered in `lock_file_list`, and `on_list` is set. 22 * 23 * - Locked, lockfile open (after `hold_lock_file_for_update()`, 24 * `hold_lock_file_for_append()`, or `reopen_lock_file()`). In this 25 * state: 26 * 27 * - the lockfile exists 28 * - `active` is set 29 * - `filename` holds the filename of the lockfile 30 * - `fd` holds a file descriptor open for writing to the lockfile 31 * - `fp` holds a pointer to an open `FILE` object if and only if 32 * `fdopen_lock_file()` has been called on the object 33 * - `owner` holds the PID of the process that locked the file 34 * 35 * - Locked, lockfile closed (after successful `close_lock_file()`). 36 * Same as the previous state, except that the lockfile is closed 37 * and `fd` is -1. 38 * 39 * - Unlocked (after `commit_lock_file()`, `commit_lock_file_to()`, 40 * `rollback_lock_file()`, a failed attempt to lock, or a failed 41 * `close_lock_file()`). In this state: 42 * 43 * - `active` is unset 44 * - `filename` is empty (usually, though there are transitory 45 * states in which this condition doesn't hold). Client code should 46 * *not* rely on the filename being empty in this state. 47 * - `fd` is -1 48 * - the object is left registered in the `lock_file_list`, and 49 * `on_list` is set. 50 * 51 * A lockfile is owned by the process that created it. The `lock_file` 52 * has an `owner` field that records the owner's PID. This field is 53 * used to prevent a forked process from closing a lockfile created by 54 * its parent. 55 */ 56 57#include"cache.h" 58#include"lockfile.h" 59#include"sigchain.h" 60 61static struct lock_file *volatile lock_file_list; 62 63static voidremove_lock_files(int skip_fclose) 64{ 65 pid_t me =getpid(); 66 67while(lock_file_list) { 68if(lock_file_list->owner == me) { 69/* fclose() is not safe to call in a signal handler */ 70if(skip_fclose) 71 lock_file_list->fp = NULL; 72rollback_lock_file(lock_file_list); 73} 74 lock_file_list = lock_file_list->next; 75} 76} 77 78static voidremove_lock_files_on_exit(void) 79{ 80remove_lock_files(0); 81} 82 83static voidremove_lock_files_on_signal(int signo) 84{ 85remove_lock_files(1); 86sigchain_pop(signo); 87raise(signo); 88} 89 90/* 91 * path = absolute or relative path name 92 * 93 * Remove the last path name element from path (leaving the preceding 94 * "/", if any). If path is empty or the root directory ("/"), set 95 * path to the empty string. 96 */ 97static voidtrim_last_path_component(struct strbuf *path) 98{ 99int i = path->len; 100 101/* back up past trailing slashes, if any */ 102while(i && path->buf[i -1] =='/') 103 i--; 104 105/* 106 * then go backwards until a slash, or the beginning of the 107 * string 108 */ 109while(i && path->buf[i -1] !='/') 110 i--; 111 112strbuf_setlen(path, i); 113} 114 115 116/* We allow "recursive" symbolic links. Only within reason, though */ 117#define MAXDEPTH 5 118 119/* 120 * path contains a path that might be a symlink. 121 * 122 * If path is a symlink, attempt to overwrite it with a path to the 123 * real file or directory (which may or may not exist), following a 124 * chain of symlinks if necessary. Otherwise, leave path unmodified. 125 * 126 * This is a best-effort routine. If an error occurs, path will 127 * either be left unmodified or will name a different symlink in a 128 * symlink chain that started with the original path. 129 */ 130static voidresolve_symlink(struct strbuf *path) 131{ 132int depth = MAXDEPTH; 133static struct strbuf link = STRBUF_INIT; 134 135while(depth--) { 136if(strbuf_readlink(&link, path->buf, path->len) <0) 137break; 138 139if(is_absolute_path(link.buf)) 140/* absolute path simply replaces p */ 141strbuf_reset(path); 142else 143/* 144 * link is a relative path, so replace the 145 * last element of p with it. 146 */ 147trim_last_path_component(path); 148 149strbuf_addbuf(path, &link); 150} 151strbuf_reset(&link); 152} 153 154/* Make sure errno contains a meaningful value on error */ 155static intlock_file(struct lock_file *lk,const char*path,int flags) 156{ 157size_t pathlen =strlen(path); 158 159if(!lock_file_list) { 160/* One-time initialization */ 161sigchain_push_common(remove_lock_files_on_signal); 162atexit(remove_lock_files_on_exit); 163} 164 165if(lk->active) 166die("BUG: cannot lock_file(\"%s\") using active struct lock_file", 167 path); 168if(!lk->on_list) { 169/* Initialize *lk and add it to lock_file_list: */ 170 lk->fd = -1; 171 lk->fp = NULL; 172 lk->active =0; 173 lk->owner =0; 174strbuf_init(&lk->filename, pathlen + LOCK_SUFFIX_LEN); 175 lk->next = lock_file_list; 176 lock_file_list = lk; 177 lk->on_list =1; 178}else if(lk->filename.len) { 179/* This shouldn't happen, but better safe than sorry. */ 180die("BUG: lock_file(\"%s\") called with improperly-reset lock_file object", 181 path); 182} 183 184if(flags & LOCK_NO_DEREF) { 185strbuf_add_absolute_path(&lk->filename, path); 186}else{ 187struct strbuf resolved_path = STRBUF_INIT; 188 189strbuf_add(&resolved_path, path, pathlen); 190resolve_symlink(&resolved_path); 191strbuf_add_absolute_path(&lk->filename, resolved_path.buf); 192strbuf_release(&resolved_path); 193} 194 195strbuf_addstr(&lk->filename, LOCK_SUFFIX); 196 lk->fd =open(lk->filename.buf, O_RDWR | O_CREAT | O_EXCL,0666); 197if(lk->fd <0) { 198strbuf_reset(&lk->filename); 199return-1; 200} 201 lk->owner =getpid(); 202 lk->active =1; 203if(adjust_shared_perm(lk->filename.buf)) { 204int save_errno = errno; 205error("cannot fix permission bits on%s", lk->filename.buf); 206rollback_lock_file(lk); 207 errno = save_errno; 208return-1; 209} 210return lk->fd; 211} 212 213static intsleep_microseconds(long us) 214{ 215struct timeval tv; 216 tv.tv_sec =0; 217 tv.tv_usec = us; 218returnselect(0, NULL, NULL, NULL, &tv); 219} 220 221/* 222 * Constants defining the gaps between attempts to lock a file. The 223 * first backoff period is approximately INITIAL_BACKOFF_MS 224 * milliseconds. The longest backoff period is approximately 225 * (BACKOFF_MAX_MULTIPLIER * INITIAL_BACKOFF_MS) milliseconds. 226 */ 227#define INITIAL_BACKOFF_MS 1L 228#define BACKOFF_MAX_MULTIPLIER 1000 229 230/* 231 * Try locking path, retrying with quadratic backoff for at least 232 * timeout_ms milliseconds. If timeout_ms is 0, try locking the file 233 * exactly once. If timeout_ms is -1, try indefinitely. 234 */ 235static intlock_file_timeout(struct lock_file *lk,const char*path, 236int flags,long timeout_ms) 237{ 238int n =1; 239int multiplier =1; 240long remaining_us =0; 241static int random_initialized =0; 242 243if(timeout_ms ==0) 244returnlock_file(lk, path, flags); 245 246if(!random_initialized) { 247srandom((unsigned int)getpid()); 248 random_initialized =1; 249} 250 251if(timeout_ms >0) { 252/* avoid overflow */ 253if(timeout_ms <= LONG_MAX /1000) 254 remaining_us = timeout_ms *1000; 255else 256 remaining_us = LONG_MAX; 257} 258 259while(1) { 260long backoff_ms, wait_us; 261int fd; 262 263 fd =lock_file(lk, path, flags); 264 265if(fd >=0) 266return fd;/* success */ 267else if(errno != EEXIST) 268return-1;/* failure other than lock held */ 269else if(timeout_ms >0&& remaining_us <=0) 270return-1;/* failure due to timeout */ 271 272 backoff_ms = multiplier * INITIAL_BACKOFF_MS; 273/* back off for between 0.75*backoff_ms and 1.25*backoff_ms */ 274 wait_us = (750+random() %500) * backoff_ms; 275sleep_microseconds(wait_us); 276 remaining_us -= wait_us; 277 278/* Recursion: (n+1)^2 = n^2 + 2n + 1 */ 279 multiplier +=2*n +1; 280if(multiplier > BACKOFF_MAX_MULTIPLIER) 281 multiplier = BACKOFF_MAX_MULTIPLIER; 282else 283 n++; 284} 285} 286 287voidunable_to_lock_message(const char*path,int err,struct strbuf *buf) 288{ 289if(err == EEXIST) { 290strbuf_addf(buf,"Unable to create '%s.lock':%s.\n\n" 291"If no other git process is currently running, this probably means a\n" 292"git process crashed in this repository earlier. Make sure no other git\n" 293"process is running and remove the file manually to continue.", 294absolute_path(path),strerror(err)); 295}else 296strbuf_addf(buf,"Unable to create '%s.lock':%s", 297absolute_path(path),strerror(err)); 298} 299 300NORETURN voidunable_to_lock_die(const char*path,int err) 301{ 302struct strbuf buf = STRBUF_INIT; 303 304unable_to_lock_message(path, err, &buf); 305die("%s", buf.buf); 306} 307 308/* This should return a meaningful errno on failure */ 309inthold_lock_file_for_update_timeout(struct lock_file *lk,const char*path, 310int flags,long timeout_ms) 311{ 312int fd =lock_file_timeout(lk, path, flags, timeout_ms); 313if(fd <0&& (flags & LOCK_DIE_ON_ERROR)) 314unable_to_lock_die(path, errno); 315return fd; 316} 317 318inthold_lock_file_for_append(struct lock_file *lk,const char*path,int flags) 319{ 320int fd, orig_fd; 321 322 fd =lock_file(lk, path, flags); 323if(fd <0) { 324if(flags & LOCK_DIE_ON_ERROR) 325unable_to_lock_die(path, errno); 326return fd; 327} 328 329 orig_fd =open(path, O_RDONLY); 330if(orig_fd <0) { 331if(errno != ENOENT) { 332int save_errno = errno; 333 334if(flags & LOCK_DIE_ON_ERROR) 335die("cannot open '%s' for copying", path); 336rollback_lock_file(lk); 337error("cannot open '%s' for copying", path); 338 errno = save_errno; 339return-1; 340} 341}else if(copy_fd(orig_fd, fd)) { 342int save_errno = errno; 343 344if(flags & LOCK_DIE_ON_ERROR) 345die("failed to prepare '%s' for appending", path); 346close(orig_fd); 347rollback_lock_file(lk); 348 errno = save_errno; 349return-1; 350}else{ 351close(orig_fd); 352} 353return fd; 354} 355 356FILE*fdopen_lock_file(struct lock_file *lk,const char*mode) 357{ 358if(!lk->active) 359die("BUG: fdopen_lock_file() called for unlocked object"); 360if(lk->fp) 361die("BUG: fdopen_lock_file() called twice for file '%s'", lk->filename.buf); 362 363 lk->fp =fdopen(lk->fd, mode); 364return lk->fp; 365} 366 367intget_lock_file_fd(struct lock_file *lk) 368{ 369if(!lk->active) 370die("BUG: get_lock_file_fd() called for unlocked object"); 371return lk->fd; 372} 373 374FILE*get_lock_file_fp(struct lock_file *lk) 375{ 376if(!lk->active) 377die("BUG: get_lock_file_fp() called for unlocked object"); 378return lk->fp; 379} 380 381char*get_locked_file_path(struct lock_file *lk) 382{ 383if(!lk->active) 384die("BUG: get_locked_file_path() called for unlocked object"); 385if(lk->filename.len <= LOCK_SUFFIX_LEN) 386die("BUG: get_locked_file_path() called for malformed lock object"); 387returnxmemdupz(lk->filename.buf, lk->filename.len - LOCK_SUFFIX_LEN); 388} 389 390intclose_lock_file(struct lock_file *lk) 391{ 392int fd = lk->fd; 393FILE*fp = lk->fp; 394int err; 395 396if(fd <0) 397return0; 398 399 lk->fd = -1; 400if(fp) { 401 lk->fp = NULL; 402 403/* 404 * Note: no short-circuiting here; we want to fclose() 405 * in any case! 406 */ 407 err =ferror(fp) |fclose(fp); 408}else{ 409 err =close(fd); 410} 411 412if(err) { 413int save_errno = errno; 414rollback_lock_file(lk); 415 errno = save_errno; 416return-1; 417} 418 419return0; 420} 421 422intreopen_lock_file(struct lock_file *lk) 423{ 424if(0<= lk->fd) 425die(_("BUG: reopen a lockfile that is still open")); 426if(!lk->active) 427die(_("BUG: reopen a lockfile that has been committed")); 428 lk->fd =open(lk->filename.buf, O_WRONLY); 429return lk->fd; 430} 431 432intcommit_lock_file_to(struct lock_file *lk,const char*path) 433{ 434if(!lk->active) 435die("BUG: attempt to commit unlocked object to\"%s\"", path); 436 437if(close_lock_file(lk)) 438return-1; 439 440if(rename(lk->filename.buf, path)) { 441int save_errno = errno; 442rollback_lock_file(lk); 443 errno = save_errno; 444return-1; 445} 446 447 lk->active =0; 448strbuf_reset(&lk->filename); 449return0; 450} 451 452intcommit_lock_file(struct lock_file *lk) 453{ 454static struct strbuf result_file = STRBUF_INIT; 455int err; 456 457if(!lk->active) 458die("BUG: attempt to commit unlocked object"); 459 460if(lk->filename.len <= LOCK_SUFFIX_LEN || 461strcmp(lk->filename.buf + lk->filename.len - LOCK_SUFFIX_LEN, LOCK_SUFFIX)) 462die("BUG: lockfile filename corrupt"); 463 464/* remove ".lock": */ 465strbuf_add(&result_file, lk->filename.buf, 466 lk->filename.len - LOCK_SUFFIX_LEN); 467 err =commit_lock_file_to(lk, result_file.buf); 468strbuf_reset(&result_file); 469return err; 470} 471 472voidrollback_lock_file(struct lock_file *lk) 473{ 474if(!lk->active) 475return; 476 477if(!close_lock_file(lk)) { 478unlink_or_warn(lk->filename.buf); 479 lk->active =0; 480strbuf_reset(&lk->filename); 481} 482}