read-cache: make sure file handles are not inherited by child processes
authorLars Schneider <larsxschneider@gmail.com>
Mon, 24 Oct 2016 18:03:00 +0000 (20:03 +0200)
committerJunio C Hamano <gitster@pobox.com>
Tue, 25 Oct 2016 18:10:18 +0000 (11:10 -0700)
This fixes "convert: add filter.<driver>.process option" (edcc8581) on
Windows.

Consider the case of a file that requires filtering and is present in
branch A but not in branch B. If A is the current HEAD and we checkout B
then the following happens:

1. ce_compare_data() opens the file
2. index_fd() detects that the file requires to run a clean filter and
calls index_stream_convert_blob()
4. index_stream_convert_blob() calls convert_to_git_filter_fd()
5. convert_to_git_filter_fd() calls apply_filter() which creates a
new long running filter process (in case it is the first file
of this kind to be filtered)
6. The new filter process inherits all file handles. This is the
default on Linux/OSX and is explicitly defined in the
`CreateProcessW` call in `mingw.c` on Windows.
7. ce_compare_data() closes the file
8. Git unlinks the file as it is not present in B

The unlink operation does not work on Windows because the filter process
has still an open handle to the file. On Linux/OSX the unlink operation
succeeds but the file descriptors still leak into the child process.

Fix this problem by opening files in read-cache with the O_CLOEXEC flag
to ensure that the file descriptor does not remain open in a newly
spawned process similar to 05d1ed6148 ("mingw: ensure temporary file
handles are not inherited by child processes", 2016-08-22).

Signed-off-by: Lars Schneider <larsxschneider@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
read-cache.c
index 38d67faf708d7b88f208f10dad23f893dd16f587..db5d910642663e73e4e4fc8d91e0caba4445bdb1 100644 (file)
@@ -156,7 +156,14 @@ void fill_stat_cache_info(struct cache_entry *ce, struct stat *st)
 static int ce_compare_data(const struct cache_entry *ce, struct stat *st)
 {
        int match = -1;
-       int fd = open(ce->name, O_RDONLY);
+       static int cloexec = O_CLOEXEC;
+       int fd = open(ce->name, O_RDONLY | cloexec);
+
+       if ((cloexec & O_CLOEXEC) && fd < 0 && errno == EINVAL) {
+               /* Try again w/o O_CLOEXEC: the kernel might not support it */
+               cloexec &= ~O_CLOEXEC;
+               fd = open(ce->name, O_RDONLY | cloexec);
+       }
 
        if (fd >= 0) {
                unsigned char sha1[20];