Obey NO_C99_FORMAT in fast-import.c.
[gitweb.git] / sha1_file.c
index 6ea59b55887480fb0ebe3c6116fe9f68821d4527..2c870314d525ba0666470d53cf7901a2bac9e3c0 100644 (file)
 #endif
 #endif
 
+#ifdef NO_C99_FORMAT
+#define SZ_FMT "lu"
+#else
+#define SZ_FMT "zu"
+#endif
+
 const unsigned char null_sha1[20];
 
 static unsigned int sha1_file_open_flag = O_NOATIME;
@@ -355,10 +361,8 @@ static void read_info_alternates(const char * relative_base, int depth)
                close(fd);
                return;
        }
-       map = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+       map = xmmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
        close(fd);
-       if (map == MAP_FAILED)
-               return;
 
        link_alt_odb_entries(map, map + st.st_size, '\n', relative_base, depth);
 
@@ -397,16 +401,40 @@ static char *find_sha1_file(const unsigned char *sha1, struct stat *st)
        return NULL;
 }
 
-#define PACK_MAX_SZ (1<<26)
-static int pack_used_ctr;
-static unsigned long pack_mapped;
+static unsigned int pack_used_ctr;
+static unsigned int pack_mmap_calls;
+static unsigned int peak_pack_open_windows;
+static unsigned int pack_open_windows;
+static size_t peak_pack_mapped;
+static size_t pack_mapped;
 struct packed_git *packed_git;
 
+void pack_report()
+{
+       fprintf(stderr,
+               "pack_report: getpagesize()            = %10" SZ_FMT "\n"
+               "pack_report: core.packedGitWindowSize = %10" SZ_FMT "\n"
+               "pack_report: core.packedGitLimit      = %10" SZ_FMT "\n",
+               (size_t) getpagesize(),
+               packed_git_window_size,
+               packed_git_limit);
+       fprintf(stderr,
+               "pack_report: pack_used_ctr            = %10u\n"
+               "pack_report: pack_mmap_calls          = %10u\n"
+               "pack_report: pack_open_windows        = %10u / %10u\n"
+               "pack_report: pack_mapped              = "
+                       "%10" SZ_FMT " / %10" SZ_FMT "\n",
+               pack_used_ctr,
+               pack_mmap_calls,
+               pack_open_windows, peak_pack_open_windows,
+               pack_mapped, peak_pack_mapped);
+}
+
 static int check_packed_git_idx(const char *path, unsigned long *idx_size_,
                                void **idx_map_)
 {
        void *idx_map;
-       unsigned int *index;
+       uint32_t *index;
        unsigned long idx_size;
        int nr, i;
        int fd = open(path, O_RDONLY);
@@ -418,10 +446,8 @@ static int check_packed_git_idx(const char *path, unsigned long *idx_size_,
                return -1;
        }
        idx_size = st.st_size;
-       idx_map = mmap(NULL, idx_size, PROT_READ, MAP_PRIVATE, fd, 0);
+       idx_map = xmmap(NULL, idx_size, PROT_READ, MAP_PRIVATE, fd, 0);
        close(fd);
-       if (idx_map == MAP_FAILED)
-               return -1;
 
        index = idx_map;
        *idx_map_ = idx_map;
@@ -429,12 +455,23 @@ static int check_packed_git_idx(const char *path, unsigned long *idx_size_,
 
        /* check index map */
        if (idx_size < 4*256 + 20 + 20)
-               return error("index file too small");
+               return error("index file %s is too small", path);
+
+       /* a future index format would start with this, as older git
+        * binaries would fail the non-monotonic index check below.
+        * give a nicer warning to the user if we can.
+        */
+       if (index[0] == htonl(PACK_IDX_SIGNATURE))
+               return error("index file %s is a newer version"
+                       " and is not supported by this binary"
+                       " (try upgrading GIT to a newer version)",
+                       path);
+
        nr = 0;
        for (i = 0; i < 256; i++) {
                unsigned int n = ntohl(index[i]);
                if (n < nr)
-                       return error("non-monotonic index");
+                       return error("non-monotonic index %s", path);
                nr = n;
        }
 
@@ -446,91 +483,220 @@ static int check_packed_git_idx(const char *path, unsigned long *idx_size_,
         *  - 20-byte SHA1 file checksum
         */
        if (idx_size != 4*256 + nr * 24 + 20 + 20)
-               return error("wrong index file size");
+               return error("wrong index file size in %s", path);
 
        return 0;
 }
 
-static int unuse_one_packed_git(void)
+static void scan_windows(struct packed_git *p,
+       struct packed_git **lru_p,
+       struct pack_window **lru_w,
+       struct pack_window **lru_l)
 {
-       struct packed_git *p, *lru = NULL;
+       struct pack_window *w, *w_l;
 
-       for (p = packed_git; p; p = p->next) {
-               if (p->pack_use_cnt || !p->pack_base)
-                       continue;
-               if (!lru || p->pack_last_used < lru->pack_last_used)
-                       lru = p;
+       for (w_l = NULL, w = p->windows; w; w = w->next) {
+               if (!w->inuse_cnt) {
+                       if (!*lru_w || w->last_used < (*lru_w)->last_used) {
+                               *lru_p = p;
+                               *lru_w = w;
+                               *lru_l = w_l;
+                       }
+               }
+               w_l = w;
        }
-       if (!lru)
-               return 0;
-       munmap(lru->pack_base, lru->pack_size);
-       lru->pack_base = NULL;
-       return 1;
 }
 
-void unuse_packed_git(struct packed_git *p)
+static int unuse_one_window(struct packed_git *current)
 {
-       p->pack_use_cnt--;
+       struct packed_git *p, *lru_p = NULL;
+       struct pack_window *lru_w = NULL, *lru_l = NULL;
+
+       if (current)
+               scan_windows(current, &lru_p, &lru_w, &lru_l);
+       for (p = packed_git; p; p = p->next)
+               scan_windows(p, &lru_p, &lru_w, &lru_l);
+       if (lru_p) {
+               munmap(lru_w->base, lru_w->len);
+               pack_mapped -= lru_w->len;
+               if (lru_l)
+                       lru_l->next = lru_w->next;
+               else {
+                       lru_p->windows = lru_w->next;
+                       if (!lru_p->windows && lru_p != current) {
+                               close(lru_p->pack_fd);
+                               lru_p->pack_fd = -1;
+                       }
+               }
+               free(lru_w);
+               pack_open_windows--;
+               return 1;
+       }
+       return 0;
+}
+
+void release_pack_memory(size_t need)
+{
+       size_t cur = pack_mapped;
+       while (need >= (cur - pack_mapped) && unuse_one_window(NULL))
+               ; /* nothing */
+}
+
+void unuse_pack(struct pack_window **w_cursor)
+{
+       struct pack_window *w = *w_cursor;
+       if (w) {
+               w->inuse_cnt--;
+               *w_cursor = NULL;
+       }
 }
 
-int use_packed_git(struct packed_git *p)
+/*
+ * Do not call this directly as this leaks p->pack_fd on error return;
+ * call open_packed_git() instead.
+ */
+static int open_packed_git_1(struct packed_git *p)
 {
+       struct stat st;
+       struct pack_header hdr;
+       unsigned char sha1[20];
+       unsigned char *idx_sha1;
+       long fd_flag;
+
+       p->pack_fd = open(p->pack_name, O_RDONLY);
+       if (p->pack_fd < 0 || fstat(p->pack_fd, &st))
+               return -1;
+
+       /* If we created the struct before we had the pack we lack size. */
        if (!p->pack_size) {
-               struct stat st;
-               /* We created the struct before we had the pack */
-               stat(p->pack_name, &st);
                if (!S_ISREG(st.st_mode))
-                       die("packfile %s not a regular file", p->pack_name);
+                       return error("packfile %s not a regular file", p->pack_name);
                p->pack_size = st.st_size;
+       } else if (p->pack_size != st.st_size)
+               return error("packfile %s size changed", p->pack_name);
+
+       /* We leave these file descriptors open with sliding mmap;
+        * there is no point keeping them open across exec(), though.
+        */
+       fd_flag = fcntl(p->pack_fd, F_GETFD, 0);
+       if (fd_flag < 0)
+               return error("cannot determine file descriptor flags");
+       fd_flag |= FD_CLOEXEC;
+       if (fcntl(p->pack_fd, F_SETFD, fd_flag) == -1)
+               return error("cannot set FD_CLOEXEC");
+
+       /* Verify we recognize this pack file format. */
+       if (read_in_full(p->pack_fd, &hdr, sizeof(hdr)) != sizeof(hdr))
+               return error("file %s is far too short to be a packfile", p->pack_name);
+       if (hdr.hdr_signature != htonl(PACK_SIGNATURE))
+               return error("file %s is not a GIT packfile", p->pack_name);
+       if (!pack_version_ok(hdr.hdr_version))
+               return error("packfile %s is version %u and not supported"
+                       " (try upgrading GIT to a newer version)",
+                       p->pack_name, ntohl(hdr.hdr_version));
+
+       /* Verify the pack matches its index. */
+       if (num_packed_objects(p) != ntohl(hdr.hdr_entries))
+               return error("packfile %s claims to have %u objects"
+                       " while index size indicates %u objects",
+                       p->pack_name, ntohl(hdr.hdr_entries),
+                       num_packed_objects(p));
+       if (lseek(p->pack_fd, p->pack_size - sizeof(sha1), SEEK_SET) == -1)
+               return error("end of packfile %s is unavailable", p->pack_name);
+       if (read_in_full(p->pack_fd, sha1, sizeof(sha1)) != sizeof(sha1))
+               return error("packfile %s signature is unavailable", p->pack_name);
+       idx_sha1 = ((unsigned char *)p->index_base) + p->index_size - 40;
+       if (hashcmp(sha1, idx_sha1))
+               return error("packfile %s does not match index", p->pack_name);
+       return 0;
+}
+
+static int open_packed_git(struct packed_git *p)
+{
+       if (!open_packed_git_1(p))
+               return 0;
+       if (p->pack_fd != -1) {
+               close(p->pack_fd);
+               p->pack_fd = -1;
        }
-       if (!p->pack_base) {
-               int fd;
-               struct stat st;
-               void *map;
-               struct pack_header *hdr;
+       return -1;
+}
 
-               pack_mapped += p->pack_size;
-               while (PACK_MAX_SZ < pack_mapped && unuse_one_packed_git())
-                       ; /* nothing */
-               fd = open(p->pack_name, O_RDONLY);
-               if (fd < 0)
-                       die("packfile %s cannot be opened", p->pack_name);
-               if (fstat(fd, &st)) {
-                       close(fd);
-                       die("packfile %s cannot be opened", p->pack_name);
-               }
-               if (st.st_size != p->pack_size)
-                       die("packfile %s size mismatch.", p->pack_name);
-               map = mmap(NULL, p->pack_size, PROT_READ, MAP_PRIVATE, fd, 0);
-               close(fd);
-               if (map == MAP_FAILED)
-                       die("packfile %s cannot be mapped.", p->pack_name);
-               p->pack_base = map;
+static int in_window(struct pack_window *win, unsigned long offset)
+{
+       /* We must promise at least 20 bytes (one hash) after the
+        * offset is available from this window, otherwise the offset
+        * is not actually in this window and a different window (which
+        * has that one hash excess) must be used.  This is to support
+        * the object header and delta base parsing routines below.
+        */
+       off_t win_off = win->offset;
+       return win_off <= offset
+               && (offset + 20) <= (win_off + win->len);
+}
 
-               /* Check if we understand this pack file.  If we don't we're
-                * likely too old to handle it.
-                */
-               hdr = map;
-               if (hdr->hdr_signature != htonl(PACK_SIGNATURE))
-                       die("packfile %s isn't actually a pack.", p->pack_name);
-               if (!pack_version_ok(hdr->hdr_version))
-                       die("packfile %s is version %i and not supported"
-                               " (try upgrading GIT to a newer version)",
-                               p->pack_name, ntohl(hdr->hdr_version));
-
-               /* Check if the pack file matches with the index file.
-                * this is cheap.
-                */
-               if (hashcmp((unsigned char *)(p->index_base) +
-                           p->index_size - 40,
-                           (unsigned char *)p->pack_base +
-                           p->pack_size - 20)) {
-                       die("packfile %s does not match index.", p->pack_name);
+unsigned char* use_pack(struct packed_git *p,
+               struct pack_window **w_cursor,
+               unsigned long offset,
+               unsigned int *left)
+{
+       struct pack_window *win = *w_cursor;
+
+       if (p->pack_fd == -1 && open_packed_git(p))
+               die("packfile %s cannot be accessed", p->pack_name);
+
+       /* Since packfiles end in a hash of their content and its
+        * pointless to ask for an offset into the middle of that
+        * hash, and the in_window function above wouldn't match
+        * don't allow an offset too close to the end of the file.
+        */
+       if (offset > (p->pack_size - 20))
+               die("offset beyond end of packfile (truncated pack?)");
+
+       if (!win || !in_window(win, offset)) {
+               if (win)
+                       win->inuse_cnt--;
+               for (win = p->windows; win; win = win->next) {
+                       if (in_window(win, offset))
+                               break;
+               }
+               if (!win) {
+                       size_t window_align = packed_git_window_size / 2;
+                       win = xcalloc(1, sizeof(*win));
+                       win->offset = (offset / window_align) * window_align;
+                       win->len = p->pack_size - win->offset;
+                       if (win->len > packed_git_window_size)
+                               win->len = packed_git_window_size;
+                       pack_mapped += win->len;
+                       while (packed_git_limit < pack_mapped
+                               && unuse_one_window(p))
+                               ; /* nothing */
+                       win->base = xmmap(NULL, win->len,
+                               PROT_READ, MAP_PRIVATE,
+                               p->pack_fd, win->offset);
+                       if (win->base == MAP_FAILED)
+                               die("packfile %s cannot be mapped: %s",
+                                       p->pack_name,
+                                       strerror(errno));
+                       pack_mmap_calls++;
+                       pack_open_windows++;
+                       if (pack_mapped > peak_pack_mapped)
+                               peak_pack_mapped = pack_mapped;
+                       if (pack_open_windows > peak_pack_open_windows)
+                               peak_pack_open_windows = pack_open_windows;
+                       win->next = p->windows;
+                       p->windows = win;
                }
        }
-       p->pack_last_used = pack_used_ctr++;
-       p->pack_use_cnt++;
-       return 0;
+       if (win != *w_cursor) {
+               win->last_used = pack_used_ctr++;
+               win->inuse_cnt++;
+               *w_cursor = win;
+       }
+       offset -= win->offset;
+       if (left)
+               *left = win->len - offset;
+       return win->base + offset;
 }
 
 struct packed_git *add_packed_git(char *path, int path_len, int local)
@@ -559,9 +725,8 @@ struct packed_git *add_packed_git(char *path, int path_len, int local)
        p->pack_size = st.st_size;
        p->index_base = idx_map;
        p->next = NULL;
-       p->pack_base = NULL;
-       p->pack_last_used = 0;
-       p->pack_use_cnt = 0;
+       p->windows = NULL;
+       p->pack_fd = -1;
        p->pack_local = local;
        if ((path_len > 44) && !get_sha1_hex(path + path_len - 44, sha1))
                hashcpy(p->sha1, sha1);
@@ -592,9 +757,8 @@ struct packed_git *parse_pack_index_file(const unsigned char *sha1, char *idx_pa
        p->pack_size = 0;
        p->index_base = idx_map;
        p->next = NULL;
-       p->pack_base = NULL;
-       p->pack_last_used = 0;
-       p->pack_use_cnt = 0;
+       p->windows = NULL;
+       p->pack_fd = -1;
        hashcpy(p->sha1, sha1);
        return p;
 }
@@ -629,7 +793,7 @@ static void prepare_packed_git_one(char *objdir, int local)
                if (!has_extension(de->d_name, ".idx"))
                        continue;
 
-               /* we have .idx.  Is it a file we can map? */
+               /* Don't reopen a pack we already have. */
                strcpy(path + len, de->d_name);
                for (p = packed_git; p; p = p->next) {
                        if (!memcmp(path, p->pack_name, len + namelen - 4))
@@ -637,11 +801,13 @@ static void prepare_packed_git_one(char *objdir, int local)
                }
                if (p)
                        continue;
+               /* See if it really is a valid .idx file with corresponding
+                * .pack file that we can map.
+                */
                p = add_packed_git(path, len + namelen, local);
                if (!p)
                        continue;
-               p->next = packed_git;
-               packed_git = p;
+               install_packed_git(p);
        }
        closedir(dir);
 }
@@ -705,10 +871,8 @@ void *map_sha1_file(const unsigned char *sha1, unsigned long *size)
                 */
                sha1_file_open_flag = 0;
        }
-       map = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+       map = xmmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
        close(fd);
-       if (map == MAP_FAILED)
-               return NULL;
        *size = st.st_size;
        return map;
 }
@@ -878,18 +1042,21 @@ void * unpack_sha1_file(void *map, unsigned long mapsize, char *type, unsigned l
 }
 
 static unsigned long get_delta_base(struct packed_git *p,
+                                   struct pack_window **w_curs,
                                    unsigned long offset,
                                    enum object_type kind,
                                    unsigned long delta_obj_offset,
                                    unsigned long *base_obj_offset)
 {
-       unsigned char *base_info = (unsigned char *) p->pack_base + offset;
+       unsigned char *base_info = use_pack(p, w_curs, offset, NULL);
        unsigned long base_offset;
 
-       /* there must be at least 20 bytes left regardless of delta type */
-       if (p->pack_size <= offset + 20)
-               die("truncated pack file");
-
+       /* use_pack() assured us we have [base_info, base_info + 20)
+        * as a range that we can look at without walking off the
+        * end of the mapped window.  Its actually the hash size
+        * that is assured.  An OFS_DELTA longer than the hash size
+        * is stupid, as then a REF_DELTA would be smaller to store.
+        */
        if (kind == OBJ_OFS_DELTA) {
                unsigned used = 0;
                unsigned char c = base_info[used++];
@@ -923,6 +1090,7 @@ static int packed_object_info(struct packed_git *p, unsigned long offset,
                              char *type, unsigned long *sizep);
 
 static int packed_delta_info(struct packed_git *p,
+                            struct pack_window **w_curs,
                             unsigned long offset,
                             enum object_type kind,
                             unsigned long obj_offset,
@@ -931,7 +1099,8 @@ static int packed_delta_info(struct packed_git *p,
 {
        unsigned long base_offset;
 
-       offset = get_delta_base(p, offset, kind, obj_offset, &base_offset);
+       offset = get_delta_base(p, w_curs, offset, kind,
+               obj_offset, &base_offset);
 
        /* We choose to only get the type of the base object and
         * ignore potentially corrupt pack file that expects the delta
@@ -943,20 +1112,23 @@ static int packed_delta_info(struct packed_git *p,
 
        if (sizep) {
                const unsigned char *data;
-               unsigned char delta_head[20];
+               unsigned char delta_head[20], *in;
                unsigned long result_size;
                z_stream stream;
                int st;
 
                memset(&stream, 0, sizeof(stream));
-
-               stream.next_in = (unsigned char *) p->pack_base + offset;
-               stream.avail_in = p->pack_size - offset;
                stream.next_out = delta_head;
                stream.avail_out = sizeof(delta_head);
 
                inflateInit(&stream);
-               st = inflate(&stream, Z_FINISH);
+               do {
+                       in = use_pack(p, w_curs, offset, &stream.avail_in);
+                       stream.next_in = in;
+                       st = inflate(&stream, Z_FINISH);
+                       offset += stream.next_in - in;
+               } while ((st == Z_OK || st == Z_BUF_ERROR)
+                       && stream.total_out < sizeof(delta_head));
                inflateEnd(&stream);
                if ((st != Z_STREAM_END) &&
                    stream.total_out != sizeof(delta_head))
@@ -977,17 +1149,24 @@ static int packed_delta_info(struct packed_git *p,
        return 0;
 }
 
-static unsigned long unpack_object_header(struct packed_git *p, unsigned long offset,
-       enum object_type *type, unsigned long *sizep)
+static unsigned long unpack_object_header(struct packed_git *p,
+               struct pack_window **w_curs,
+               unsigned long offset,
+               enum object_type *type,
+               unsigned long *sizep)
 {
+       unsigned char *base;
+       unsigned int left;
        unsigned long used;
 
-       if (p->pack_size <= offset)
-               die("object offset outside of pack file");
-
-       used = unpack_object_header_gently((unsigned char *)p->pack_base +
-                                          offset,
-                                          p->pack_size - offset, type, sizep);
+       /* use_pack() assures us we have [base, base + 20) available
+        * as a range that we can look at at.  (Its actually the hash
+        * size that is assured.)  With our object header encoding
+        * the maximum deflated object size is 2^137, which is just
+        * insane, so we know won't exceed what we have been given.
+        */
+       base = use_pack(p, w_curs, offset, &left);
+       used = unpack_object_header_gently(base, left, type, sizep);
        if (!used)
                die("object offset outside of pack file");
 
@@ -1002,18 +1181,19 @@ void packed_object_info_detail(struct packed_git *p,
                               unsigned int *delta_chain_length,
                               unsigned char *base_sha1)
 {
+       struct pack_window *w_curs = NULL;
        unsigned long obj_offset, val;
        unsigned char *next_sha1;
        enum object_type kind;
 
        *delta_chain_length = 0;
        obj_offset = offset;
-       offset = unpack_object_header(p, offset, &kind, size);
+       offset = unpack_object_header(p, &w_curs, offset, &kind, size);
 
        for (;;) {
                switch (kind) {
                default:
-                       die("corrupted pack file %s containing object of kind %d",
+                       die("pack %s contains unknown object type %d",
                            p->pack_name, kind);
                case OBJ_COMMIT:
                case OBJ_TREE:
@@ -1021,25 +1201,24 @@ void packed_object_info_detail(struct packed_git *p,
                case OBJ_TAG:
                        strcpy(type, type_names[kind]);
                        *store_size = 0; /* notyet */
+                       unuse_pack(&w_curs);
                        return;
                case OBJ_OFS_DELTA:
-                       get_delta_base(p, offset, kind, obj_offset, &offset);
+                       get_delta_base(p, &w_curs, offset, kind,
+                               obj_offset, &offset);
                        if (*delta_chain_length == 0) {
                                /* TODO: find base_sha1 as pointed by offset */
                        }
                        break;
                case OBJ_REF_DELTA:
-                       if (p->pack_size <= offset + 20)
-                               die("pack file %s records an incomplete delta base",
-                                   p->pack_name);
-                       next_sha1 = (unsigned char *) p->pack_base + offset;
+                       next_sha1 = use_pack(p, &w_curs, offset, NULL);
                        if (*delta_chain_length == 0)
                                hashcpy(base_sha1, next_sha1);
                        offset = find_pack_entry_one(next_sha1, p);
                        break;
                }
                obj_offset = offset;
-               offset = unpack_object_header(p, offset, &kind, &val);
+               offset = unpack_object_header(p, &w_curs, offset, &kind, &val);
                (*delta_chain_length)++;
        }
 }
@@ -1047,23 +1226,29 @@ void packed_object_info_detail(struct packed_git *p,
 static int packed_object_info(struct packed_git *p, unsigned long offset,
                              char *type, unsigned long *sizep)
 {
+       struct pack_window *w_curs = NULL;
        unsigned long size, obj_offset = offset;
        enum object_type kind;
+       int r;
 
-       offset = unpack_object_header(p, offset, &kind, &size);
+       offset = unpack_object_header(p, &w_curs, offset, &kind, &size);
 
        switch (kind) {
        case OBJ_OFS_DELTA:
        case OBJ_REF_DELTA:
-               return packed_delta_info(p, offset, kind, obj_offset, type, sizep);
+               r = packed_delta_info(p, &w_curs, offset, kind,
+                       obj_offset, type, sizep);
+               unuse_pack(&w_curs);
+               return r;
        case OBJ_COMMIT:
        case OBJ_TREE:
        case OBJ_BLOB:
        case OBJ_TAG:
                strcpy(type, type_names[kind]);
+               unuse_pack(&w_curs);
                break;
        default:
-               die("corrupted pack file %s containing object of kind %d",
+               die("pack %s contains unknown object type %d",
                    p->pack_name, kind);
        }
        if (sizep)
@@ -1072,23 +1257,27 @@ static int packed_object_info(struct packed_git *p, unsigned long offset,
 }
 
 static void *unpack_compressed_entry(struct packed_git *p,
+                                   struct pack_window **w_curs,
                                    unsigned long offset,
                                    unsigned long size)
 {
        int st;
        z_stream stream;
-       unsigned char *buffer;
+       unsigned char *buffer, *in;
 
        buffer = xmalloc(size + 1);
        buffer[size] = 0;
        memset(&stream, 0, sizeof(stream));
-       stream.next_in = (unsigned char*)p->pack_base + offset;
-       stream.avail_in = p->pack_size - offset;
        stream.next_out = buffer;
        stream.avail_out = size;
 
        inflateInit(&stream);
-       st = inflate(&stream, Z_FINISH);
+       do {
+               in = use_pack(p, w_curs, offset, &stream.avail_in);
+               stream.next_in = in;
+               st = inflate(&stream, Z_FINISH);
+               offset += stream.next_in - in;
+       } while (st == Z_OK || st == Z_BUF_ERROR);
        inflateEnd(&stream);
        if ((st != Z_STREAM_END) || stream.total_out != size) {
                free(buffer);
@@ -1099,6 +1288,7 @@ static void *unpack_compressed_entry(struct packed_git *p,
 }
 
 static void *unpack_delta_entry(struct packed_git *p,
+                               struct pack_window **w_curs,
                                unsigned long offset,
                                unsigned long delta_size,
                                enum object_type kind,
@@ -1109,13 +1299,14 @@ static void *unpack_delta_entry(struct packed_git *p,
        void *delta_data, *result, *base;
        unsigned long result_size, base_size, base_offset;
 
-       offset = get_delta_base(p, offset, kind, obj_offset, &base_offset);
-       base = unpack_entry_gently(p, base_offset, type, &base_size);
+       offset = get_delta_base(p, w_curs, offset, kind,
+               obj_offset, &base_offset);
+       base = unpack_entry(p, base_offset, type, &base_size);
        if (!base)
                die("failed to read delta base object at %lu from %s",
                    base_offset, p->pack_name);
 
-       delta_data = unpack_compressed_entry(p, offset, delta_size);
+       delta_data = unpack_compressed_entry(p, w_curs, offset, delta_size);
        result = patch_delta(base, base_size,
                             delta_data, delta_size,
                             &result_size);
@@ -1127,43 +1318,34 @@ static void *unpack_delta_entry(struct packed_git *p,
        return result;
 }
 
-static void *unpack_entry(struct pack_entry *entry,
-                         char *type, unsigned long *sizep)
-{
-       struct packed_git *p = entry->p;
-       void *retval;
-
-       if (use_packed_git(p))
-               die("cannot map packed file");
-       retval = unpack_entry_gently(p, entry->offset, type, sizep);
-       unuse_packed_git(p);
-       if (!retval)
-               die("corrupted pack file %s", p->pack_name);
-       return retval;
-}
-
-/* The caller is responsible for use_packed_git()/unuse_packed_git() pair */
-void *unpack_entry_gently(struct packed_git *p, unsigned long offset,
+void *unpack_entry(struct packed_git *p, unsigned long offset,
                          char *type, unsigned long *sizep)
 {
+       struct pack_window *w_curs = NULL;
        unsigned long size, obj_offset = offset;
        enum object_type kind;
+       void *retval;
 
-       offset = unpack_object_header(p, offset, &kind, &size);
+       offset = unpack_object_header(p, &w_curs, offset, &kind, &size);
        switch (kind) {
        case OBJ_OFS_DELTA:
        case OBJ_REF_DELTA:
-               return unpack_delta_entry(p, offset, size, kind, obj_offset, type, sizep);
+               retval = unpack_delta_entry(p, &w_curs, offset, size,
+                       kind, obj_offset, type, sizep);
+               break;
        case OBJ_COMMIT:
        case OBJ_TREE:
        case OBJ_BLOB:
        case OBJ_TAG:
                strcpy(type, type_names[kind]);
                *sizep = size;
-               return unpack_compressed_entry(p, offset, size);
+               retval = unpack_compressed_entry(p, &w_curs, offset, size);
+               break;
        default:
-               return NULL;
+               die("unknown object type %i in %s", kind, p->pack_name);
        }
+       unuse_pack(&w_curs);
+       return retval;
 }
 
 int num_packed_objects(const struct packed_git *p)
@@ -1185,7 +1367,7 @@ int nth_packed_object_sha1(const struct packed_git *p, int n,
 unsigned long find_pack_entry_one(const unsigned char *sha1,
                                  struct packed_git *p)
 {
-       unsigned int *level1_ofs = p->index_base;
+       uint32_t *level1_ofs = p->index_base;
        int hi = ntohl(level1_ofs[*sha1]);
        int lo = ((*sha1 == 0x0) ? 0 : ntohl(level1_ofs[*sha1 - 1]));
        void *index = p->index_base + 256;
@@ -1194,7 +1376,7 @@ unsigned long find_pack_entry_one(const unsigned char *sha1,
                int mi = (lo + hi) / 2;
                int cmp = hashcmp((unsigned char *)index + (24 * mi) + 4, sha1);
                if (!cmp)
-                       return ntohl(*((unsigned int *) ((char *) index + (24 * mi))));
+                       return ntohl(*((uint32_t *)((char *)index + (24 * mi))));
                if (cmp > 0)
                        hi = mi;
                else
@@ -1239,6 +1421,18 @@ static int find_pack_entry(const unsigned char *sha1, struct pack_entry *e, cons
                }
                offset = find_pack_entry_one(sha1, p);
                if (offset) {
+                       /*
+                        * We are about to tell the caller where they can
+                        * locate the requested object.  We better make
+                        * sure the packfile is still here and can be
+                        * accessed before supplying that answer, as
+                        * it may have been deleted since the index
+                        * was loaded!
+                        */
+                       if (p->pack_fd == -1 && open_packed_git(p)) {
+                               error("packfile %s cannot be accessed", p->pack_name);
+                               continue;
+                       }
                        e->offset = offset;
                        e->p = p;
                        hashcpy(e->sha1, sha1);
@@ -1261,7 +1455,7 @@ struct packed_git *find_sha1_pack(const unsigned char *sha1,
        
 }
 
-int sha1_object_info(const unsigned char *sha1, char *type, unsigned long *sizep)
+static int sha1_loose_object_info(const unsigned char *sha1, char *type, unsigned long *sizep)
 {
        int status;
        unsigned long mapsize, size;
@@ -1270,20 +1464,8 @@ int sha1_object_info(const unsigned char *sha1, char *type, unsigned long *sizep
        char hdr[128];
 
        map = map_sha1_file(sha1, &mapsize);
-       if (!map) {
-               struct pack_entry e;
-
-               if (!find_pack_entry(sha1, &e, NULL)) {
-                       reprepare_packed_git();
-                       if (!find_pack_entry(sha1, &e, NULL))
-                               return error("unable to find %s", sha1_to_hex(sha1));
-               }
-               if (use_packed_git(e.p))
-                       die("cannot map packed file");
-               status = packed_object_info(e.p, e.offset, type, sizep);
-               unuse_packed_git(e.p);
-               return status;
-       }
+       if (!map)
+               return error("unable to find %s", sha1_to_hex(sha1));
        if (unpack_sha1_header(&stream, map, mapsize, hdr, sizeof(hdr)) < 0)
                status = error("unable to unpack %s header",
                               sha1_to_hex(sha1));
@@ -1299,25 +1481,95 @@ int sha1_object_info(const unsigned char *sha1, char *type, unsigned long *sizep
        return status;
 }
 
-static void *read_packed_sha1(const unsigned char *sha1, char *type, unsigned long *size)
+int sha1_object_info(const unsigned char *sha1, char *type, unsigned long *sizep)
 {
        struct pack_entry e;
 
        if (!find_pack_entry(sha1, &e, NULL)) {
-               error("cannot read sha1_file for %s", sha1_to_hex(sha1));
+               reprepare_packed_git();
+               if (!find_pack_entry(sha1, &e, NULL))
+                       return sha1_loose_object_info(sha1, type, sizep);
+       }
+       return packed_object_info(e.p, e.offset, type, sizep);
+}
+
+static void *read_packed_sha1(const unsigned char *sha1, char *type, unsigned long *size)
+{
+       struct pack_entry e;
+
+       if (!find_pack_entry(sha1, &e, NULL))
                return NULL;
+       else
+               return unpack_entry(e.p, e.offset, type, size);
+}
+
+/*
+ * This is meant to hold a *small* number of objects that you would
+ * want read_sha1_file() to be able to return, but yet you do not want
+ * to write them into the object store (e.g. a browse-only
+ * application).
+ */
+static struct cached_object {
+       unsigned char sha1[20];
+       const char *type;
+       void *buf;
+       unsigned long size;
+} *cached_objects;
+static int cached_object_nr, cached_object_alloc;
+
+static struct cached_object *find_cached_object(const unsigned char *sha1)
+{
+       int i;
+       struct cached_object *co = cached_objects;
+
+       for (i = 0; i < cached_object_nr; i++, co++) {
+               if (!hashcmp(co->sha1, sha1))
+                       return co;
+       }
+       return NULL;
+}
+
+int pretend_sha1_file(void *buf, unsigned long len, const char *type, unsigned char *sha1)
+{
+       struct cached_object *co;
+
+       hash_sha1_file(buf, len, type, sha1);
+       if (has_sha1_file(sha1) || find_cached_object(sha1))
+               return 0;
+       if (cached_object_alloc <= cached_object_nr) {
+               cached_object_alloc = alloc_nr(cached_object_alloc);
+               cached_objects = xrealloc(cached_objects,
+                                         sizeof(*cached_objects) *
+                                         cached_object_alloc);
        }
-       return unpack_entry(&e, type, size);
+       co = &cached_objects[cached_object_nr++];
+       co->size = len;
+       co->type = strdup(type);
+       co->buf = xmalloc(len);
+       memcpy(co->buf, buf, len);
+       hashcpy(co->sha1, sha1);
+       return 0;
 }
 
-void * read_sha1_file(const unsigned char *sha1, char *type, unsigned long *size)
+void *read_sha1_file(const unsigned char *sha1, char *type, unsigned long *size)
 {
        unsigned long mapsize;
        void *map, *buf;
-       struct pack_entry e;
+       struct cached_object *co;
+
+       co = find_cached_object(sha1);
+       if (co) {
+               buf = xmalloc(co->size + 1);
+               memcpy(buf, co->buf, co->size);
+               ((char*)buf)[co->size] = 0;
+               strcpy(type, co->type);
+               *size = co->size;
+               return buf;
+       }
 
-       if (find_pack_entry(sha1, &e, NULL))
-               return read_packed_sha1(sha1, type, size);
+       buf = read_packed_sha1(sha1, type, size);
+       if (buf)
+               return buf;
        map = map_sha1_file(sha1, &mapsize);
        if (map) {
                buf = unpack_sha1_file(map, mapsize, type, size);
@@ -1325,9 +1577,7 @@ void * read_sha1_file(const unsigned char *sha1, char *type, unsigned long *size
                return buf;
        }
        reprepare_packed_git();
-       if (find_pack_entry(sha1, &e, NULL))
-               return read_packed_sha1(sha1, type, size);
-       return NULL;
+       return read_packed_sha1(sha1, type, size);
 }
 
 void *read_object_with_reference(const unsigned char *sha1,
@@ -1455,8 +1705,7 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
        unlink(tmpfile);
        if (ret) {
                if (ret != EEXIST) {
-                       fprintf(stderr, "unable to write sha1 filename %s: %s\n", filename, strerror(ret));
-                       return -1;
+                       return error("unable to write sha1 filename %s: %s\n", filename, strerror(ret));
                }
                /* FIXME!!! Collision check here ? */
        }
@@ -1466,20 +1715,8 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
 
 static int write_buffer(int fd, const void *buf, size_t len)
 {
-       while (len) {
-               ssize_t size;
-
-               size = write(fd, buf, len);
-               if (!size)
-                       return error("file write: disk full");
-               if (size < 0) {
-                       if (errno == EINTR || errno == EAGAIN)
-                               continue;
-                       return error("file write error (%s)", strerror(errno));
-               }
-               len -= size;
-               buf = (char *) buf + size;
-       }
+       if (write_in_full(fd, buf, len) < 0)
+               return error("file write error (%s)", strerror(errno));
        return 0;
 }
 
@@ -1566,16 +1803,17 @@ int write_sha1_file(void *buf, unsigned long len, const char *type, unsigned cha
        }
 
        if (errno != ENOENT) {
-               fprintf(stderr, "sha1 file %s: %s\n", filename, strerror(errno));
-               return -1;
+               return error("sha1 file %s: %s\n", filename, strerror(errno));
        }
 
        snprintf(tmpfile, sizeof(tmpfile), "%s/obj_XXXXXX", get_object_directory());
 
        fd = mkstemp(tmpfile);
        if (fd < 0) {
-               fprintf(stderr, "unable to create temporary sha1 filename %s: %s\n", tmpfile, strerror(errno));
-               return -1;
+               if (errno == EPERM)
+                       return error("insufficient permission for adding an object to repository database %s\n", get_object_directory());
+               else
+                       return error("unable to create temporary sha1 filename %s: %s\n", tmpfile, strerror(errno));
        }
 
        /* Set it up */
@@ -1627,6 +1865,8 @@ static void *repack_object(const unsigned char *sha1, unsigned long *objsize)
 
        /* need to unpack and recompress it by itself */
        unpacked = read_packed_sha1(sha1, type, &len);
+       if (!unpacked)
+               error("cannot read sha1_file for %s", sha1_to_hex(sha1));
 
        hdrlen = sprintf(hdr, "%s %lu", type, len) + 1;
 
@@ -1690,9 +1930,12 @@ int write_sha1_from_fd(const unsigned char *sha1, int fd, char *buffer,
        snprintf(tmpfile, sizeof(tmpfile), "%s/obj_XXXXXX", get_object_directory());
 
        local = mkstemp(tmpfile);
-       if (local < 0)
-               return error("Couldn't open %s for %s",
-                            tmpfile, sha1_to_hex(sha1));
+       if (local < 0) {
+               if (errno == EPERM)
+                       return error("insufficient permission for adding an object to repository database %s\n", get_object_directory());
+               else
+                       return error("unable to create temporary sha1 filename %s: %s\n", tmpfile, strerror(errno));
+       }
 
        memset(&stream, 0, sizeof(stream));
 
@@ -1720,7 +1963,7 @@ int write_sha1_from_fd(const unsigned char *sha1, int fd, char *buffer,
                        if (ret != Z_OK)
                                break;
                }
-               size = read(fd, buffer + *bufposn, bufsize - *bufposn);
+               size = xread(fd, buffer + *bufposn, bufsize - *bufposn);
                if (size <= 0) {
                        close(local);
                        unlink(tmpfile);
@@ -1843,13 +2086,12 @@ int index_fd(unsigned char *sha1, int fd, struct stat *st, int write_object, con
 
        buf = "";
        if (size)
-               buf = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
+               buf = xmmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
        close(fd);
-       if (buf == MAP_FAILED)
-               return -1;
 
        if (!type)
                type = blob_type;
+       /* FIXME: CRLF -> LF conversion here for blobs! We'll need the path! */
        if (write_object)
                ret = write_sha1_file(buf, size, type, sha1);
        else
@@ -1894,3 +2136,24 @@ int index_path(unsigned char *sha1, const char *path, struct stat *st, int write
        }
        return 0;
 }
+
+int read_pack_header(int fd, struct pack_header *header)
+{
+       char *c = (char*)header;
+       ssize_t remaining = sizeof(struct pack_header);
+       do {
+               ssize_t r = xread(fd, c, remaining);
+               if (r <= 0)
+                       /* "eof before pack header was fully read" */
+                       return PH_ERROR_EOF;
+               remaining -= r;
+               c += r;
+       } while (remaining > 0);
+       if (header->hdr_signature != htonl(PACK_SIGNATURE))
+               /* "protocol error (pack signature mismatch detected)" */
+               return PH_ERROR_PACK_SIGNATURE;
+       if (!pack_version_ok(header->hdr_version))
+               /* "protocol error (pack version unsupported)" */
+               return PH_ERROR_PROTOCOL;
+       return 0;
+}