[thirdparty/git.git] / lockfile.c

/*
 * Copyright (c) 2005, Junio C Hamano
 */
#include "cache.h"
#include "sigchain.h"

/*
 * File write-locks as used by Git.
 *
 * For an overview of how to use the lockfile API, please see
 *
 *     Documentation/technical/api-lockfile.txt
 *
 * This module keeps track of all locked files in lock_file_list for
 * use at cleanup. This list and the lock_file objects that comprise
 * it must be kept in self-consistent states at all time, because the
 * program can be interrupted any time by a signal, in which case the
 * signal handler will walk through the list attempting to clean up
 * any open lock files.
 *
 * A lockfile is owned by the process that created it. The lock_file
 * object has an "owner" field that records its owner. This field is
 * used to prevent a forked process from closing a lockfile created by
 * its parent.
 *
 * The possible states of a lock_file object are as follows:
 *
 * - Uninitialized.  In this state the object's on_list field must be
 *   zero but the rest of its contents need not be initialized.  As
 *   soon as the object is used in any way, it is irrevocably
 *   registered in the lock_file_list, and on_list is set.
 *
 * - Locked, lockfile open (after hold_lock_file_for_update(),
 *   hold_lock_file_for_append(), or reopen_lock_file()). In this
 *   state:
 *   - the lockfile exists
 *   - active is set
 *   - filename holds the filename of the lockfile
 *   - fd holds a file descriptor open for writing to the lockfile
 *   - owner holds the PID of the process that locked the file
 *
 * - Locked, lockfile closed (after successful close_lock_file()).
 *   Same as the previous state, except that the lockfile is closed
 *   and fd is -1.
 *
 * - Unlocked (after commit_lock_file(), rollback_lock_file(), a
 *   failed attempt to lock, or a failed close_lock_file()).  In this
 *   state:
 *   - active is unset
 *   - filename is empty (usually, though there are transitory
 *     states in which this condition doesn't hold). Client code should
 *     *not* rely on the filename being empty in this state.
 *   - fd is -1
 *   - the object is left registered in the lock_file_list, and
 *     on_list is set.
 */

static struct lock_file *volatile lock_file_list;

static void remove_lock_file(void)
{
	pid_t me = getpid();

	while (lock_file_list) {
		if (lock_file_list->owner == me)
			rollback_lock_file(lock_file_list);
		lock_file_list = lock_file_list->next;
	}
}

static void remove_lock_file_on_signal(int signo)
{
	remove_lock_file();
	sigchain_pop(signo);
	raise(signo);
}

/*
 * p = absolute or relative path name
 *
 * Return a pointer into p showing the beginning of the last path name
 * element.  If p is empty or the root directory ("/"), just return p.
 */
static char *last_path_elm(char *p)
{
	/* r starts pointing to null at the end of the string */
	char *r = strchr(p, '\0');

	if (r == p)
		return p; /* just return empty string */

	r--; /* back up to last non-null character */

	/* back up past trailing slashes, if any */
	while (r > p && *r == '/')
		r--;

	/*
	 * then go backwards until I hit a slash, or the beginning of
	 * the string
	 */
	while (r > p && *(r-1) != '/')
		r--;
	return r;
}


/* We allow "recursive" symbolic links. Only within reason, though */
#define MAXDEPTH 5

/*
 * p = path that may be a symlink
 * s = full size of p
 *
 * If p is a symlink, attempt to overwrite p with a path to the real
 * file or directory (which may or may not exist), following a chain of
 * symlinks if necessary.  Otherwise, leave p unmodified.
 *
 * This is a best-effort routine.  If an error occurs, p will either be
 * left unmodified or will name a different symlink in a symlink chain
 * that started with p's initial contents.
 *
 * Always returns p.
 */

static char *resolve_symlink(char *p, size_t s)
{
	int depth = MAXDEPTH;

	while (depth--) {
		char link[PATH_MAX];
		int link_len = readlink(p, link, sizeof(link));
		if (link_len < 0) {
			/* not a symlink anymore */
			return p;
		}
		else if (link_len < sizeof(link))
			/* readlink() never null-terminates */
			link[link_len] = '\0';
		else {
			warning("%s: symlink too long", p);
			return p;
		}

		if (is_absolute_path(link)) {
			/* absolute path simply replaces p */
			if (link_len < s)
				strcpy(p, link);
			else {
				warning("%s: symlink too long", p);
				return p;
			}
		} else {
			/*
			 * link is a relative path, so I must replace the
			 * last element of p with it.
			 */
			char *r = (char *)last_path_elm(p);
			if (r - p + link_len < s)
				strcpy(r, link);
			else {
				warning("%s: symlink too long", p);
				return p;
			}
		}
	}
	return p;
}

/* Make sure errno contains a meaningful value on error */
static int lock_file(struct lock_file *lk, const char *path, int flags)
{
	if (!lock_file_list) {
		/* One-time initialization */
		sigchain_push_common(remove_lock_file_on_signal);
		atexit(remove_lock_file);
	}

	if (lk->active)
		die("BUG: cannot lock_file(\"%s\") using active struct lock_file",
		    path);
	if (!lk->on_list) {
		/* Initialize *lk and add it to lock_file_list: */
		lk->fd = -1;
		lk->active = 0;
		lk->owner = 0;
		strbuf_init(&lk->filename, PATH_MAX);
		lk->next = lock_file_list;
		lock_file_list = lk;
		lk->on_list = 1;
	} else if (lk->filename.len) {
		/* This shouldn't happen, but better safe than sorry. */
		die("BUG: lock_file(\"%s\") called with improperly-reset lock_file object",
		    path);
	}

	strbuf_addstr(&lk->filename, path);
	if (!(flags & LOCK_NODEREF)) {
		resolve_symlink(lk->filename.buf, lk->filename.alloc);
		strbuf_setlen(&lk->filename, strlen(lk->filename.buf));
	}
	strbuf_addstr(&lk->filename, LOCK_SUFFIX);
	lk->fd = open(lk->filename.buf, O_RDWR | O_CREAT | O_EXCL, 0666);
	if (lk->fd < 0) {
		strbuf_reset(&lk->filename);
		return -1;
	}
	lk->owner = getpid();
	lk->active = 1;
	if (adjust_shared_perm(lk->filename.buf)) {
		int save_errno = errno;
		error("cannot fix permission bits on %s", lk->filename.buf);
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}
	return lk->fd;
}

void unable_to_lock_message(const char *path, int err, struct strbuf *buf)
{
	if (err == EEXIST) {
		strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
		    "If no other git process is currently running, this probably means a\n"
		    "git process crashed in this repository earlier. Make sure no other git\n"
		    "process is running and remove the file manually to continue.",
			    absolute_path(path), strerror(err));
	} else
		strbuf_addf(buf, "Unable to create '%s.lock': %s",
			    absolute_path(path), strerror(err));
}

int unable_to_lock_error(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	error("%s", buf.buf);
	strbuf_release(&buf);
	return -1;
}

NORETURN void unable_to_lock_die(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	die("%s", buf.buf);
}

/* This should return a meaningful errno on failure */
int hold_lock_file_for_update(struct lock_file *lk, const char *path, int flags)
{
	int fd = lock_file(lk, path, flags);
	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
		unable_to_lock_die(path, errno);
	return fd;
}

int hold_lock_file_for_append(struct lock_file *lk, const char *path, int flags)
{
	int fd, orig_fd;

	fd = lock_file(lk, path, flags);
	if (fd < 0) {
		if (flags & LOCK_DIE_ON_ERROR)
			unable_to_lock_die(path, errno);
		return fd;
	}

	orig_fd = open(path, O_RDONLY);
	if (orig_fd < 0) {
		if (errno != ENOENT) {
			if (flags & LOCK_DIE_ON_ERROR)
				die("cannot open '%s' for copying", path);
			rollback_lock_file(lk);
			return error("cannot open '%s' for copying", path);
		}
	} else if (copy_fd(orig_fd, fd)) {
		if (flags & LOCK_DIE_ON_ERROR)
			exit(128);
		rollback_lock_file(lk);
		return -1;
	}
	return fd;
}

int close_lock_file(struct lock_file *lk)
{
	int fd = lk->fd;

	if (fd < 0)
		return 0;

	lk->fd = -1;
	if (close(fd)) {
		int save_errno = errno;
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}
	return 0;
}

int reopen_lock_file(struct lock_file *lk)
{
	if (0 <= lk->fd)
		die(_("BUG: reopen a lockfile that is still open"));
	if (!lk->active)
		die(_("BUG: reopen a lockfile that has been committed"));
	lk->fd = open(lk->filename.buf, O_WRONLY);
	return lk->fd;
}

int commit_lock_file(struct lock_file *lk)
{
	static struct strbuf result_file = STRBUF_INIT;
	int err;

	if (!lk->active)
		die("BUG: attempt to commit unlocked object");

	if (close_lock_file(lk))
		return -1;

	/* remove ".lock": */
	strbuf_add(&result_file, lk->filename.buf,
		   lk->filename.len - LOCK_SUFFIX_LEN);
	err = rename(lk->filename.buf, result_file.buf);
	strbuf_reset(&result_file);
	if (err) {
		int save_errno = errno;
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}

	lk->active = 0;
	strbuf_reset(&lk->filename);
	return 0;
}

int hold_locked_index(struct lock_file *lk, int die_on_error)
{
	return hold_lock_file_for_update(lk, get_index_file(),
					 die_on_error
					 ? LOCK_DIE_ON_ERROR
					 : 0);
}

void rollback_lock_file(struct lock_file *lk)
{
	if (!lk->active)
		return;

	if (!close_lock_file(lk)) {
		unlink_or_warn(lk->filename.buf);
		lk->active = 0;
		strbuf_reset(&lk->filename);
	}
}
Commit	Line	Data
021b6e45 JH	1	/*
	2	* Copyright (c) 2005, Junio C Hamano
	3	*/
021b6e45	4	#include "cache.h"
4a16d072	5	#include "sigchain.h"
021b6e45	6
0a06f148 MH	7	/*
	8	* File write-locks as used by Git.
	9	*
	10	* For an overview of how to use the lockfile API, please see
	11	*
	12	* Documentation/technical/api-lockfile.txt
	13	*
	14	* This module keeps track of all locked files in lock_file_list for
	15	* use at cleanup. This list and the lock_file objects that comprise
	16	* it must be kept in self-consistent states at all time, because the
	17	* program can be interrupted any time by a signal, in which case the
	18	* signal handler will walk through the list attempting to clean up
	19	* any open lock files.
	20	*
	21	* A lockfile is owned by the process that created it. The lock_file
	22	* object has an "owner" field that records its owner. This field is
	23	* used to prevent a forked process from closing a lockfile created by
	24	* its parent.
	25	*
707103fd	26	* The possible states of a lock_file object are as follows:
0a06f148 MH	27	*
	28	* - Uninitialized. In this state the object's on_list field must be
	29	* zero but the rest of its contents need not be initialized. As
	30	* soon as the object is used in any way, it is irrevocably
	31	* registered in the lock_file_list, and on_list is set.
	32	*
	33	* - Locked, lockfile open (after hold_lock_file_for_update(),
	34	* hold_lock_file_for_append(), or reopen_lock_file()). In this
707103fd MH	35	* state:
	36	* - the lockfile exists
	37	* - active is set
	38	* - filename holds the filename of the lockfile
	39	* - fd holds a file descriptor open for writing to the lockfile
	40	* - owner holds the PID of the process that locked the file
0a06f148	41	*
8e86c155 MH	42	* - Locked, lockfile closed (after successful close_lock_file()).
	43	* Same as the previous state, except that the lockfile is closed
	44	* and fd is -1.
0a06f148	45	*
8e86c155	46	* - Unlocked (after commit_lock_file(), rollback_lock_file(), a
707103fd MH	47	* failed attempt to lock, or a failed close_lock_file()). In this
	48	* state:
	49	* - active is unset
cf6950d3 MH	50	* - filename is empty (usually, though there are transitory
	51	* states in which this condition doesn't hold). Client code should
	52	* not rely on the filename being empty in this state.
707103fd MH	53	* - fd is -1
	54	* - the object is left registered in the lock_file_list, and
	55	* on_list is set.
0a06f148 MH	56	*/
0a06f148 MH	57
2091c506	58	static struct lock_file *volatile lock_file_list;
021b6e45 JH	59
	60	static void remove_lock_file(void)
	61	{
5e635e39 JH	62	pid_t me = getpid();
5e635e39 JH	63
021b6e45	64	while (lock_file_list) {
a1754bcc MH	65	if (lock_file_list->owner == me)
a1754bcc MH	66	rollback_lock_file(lock_file_list);
021b6e45 JH	67	lock_file_list = lock_file_list->next;
	68	}
	69	}
	70
	71	static void remove_lock_file_on_signal(int signo)
	72	{
	73	remove_lock_file();
4a16d072	74	sigchain_pop(signo);
021b6e45 JH	75	raise(signo);
	76	}
	77
5d5a7a67 BS	78	/*
	79	* p = absolute or relative path name
	80	*
	81	* Return a pointer into p showing the beginning of the last path name
	82	* element. If p is empty or the root directory ("/"), just return p.
	83	*/
	84	static char last_path_elm(char p)
	85	{
	86	/* r starts pointing to null at the end of the string */
	87	char *r = strchr(p, '\0');
	88
	89	if (r == p)
	90	return p; /* just return empty string */
	91
	92	r--; /* back up to last non-null character */
	93
	94	/* back up past trailing slashes, if any */
	95	while (r > p && *r == '/')
	96	r--;
	97
	98	/*
	99	* then go backwards until I hit a slash, or the beginning of
	100	* the string
	101	*/
	102	while (r > p && *(r-1) != '/')
	103	r--;
	104	return r;
	105	}
	106
	107
	108	/* We allow "recursive" symbolic links. Only within reason, though */
	109	#define MAXDEPTH 5
	110
	111	/*
	112	* p = path that may be a symlink
	113	* s = full size of p
	114	*
	115	* If p is a symlink, attempt to overwrite p with a path to the real
	116	* file or directory (which may or may not exist), following a chain of
	117	* symlinks if necessary. Otherwise, leave p unmodified.
	118	*
	119	* This is a best-effort routine. If an error occurs, p will either be
	120	* left unmodified or will name a different symlink in a symlink chain
	121	* that started with p's initial contents.
	122	*
	123	* Always returns p.
	124	*/
	125
	126	static char resolve_symlink(char p, size_t s)
	127	{
	128	int depth = MAXDEPTH;
	129
	130	while (depth--) {
	131	char link[PATH_MAX];
	132	int link_len = readlink(p, link, sizeof(link));
	133	if (link_len < 0) {
	134	/* not a symlink anymore */
	135	return p;
	136	}
	137	else if (link_len < sizeof(link))
	138	/* readlink() never null-terminates */
	139	link[link_len] = '\0';
	140	else {
	141	warning("%s: symlink too long", p);
142	return p;
143	}
144
ecf4831d	145	if (is_absolute_path(link)) {
5d5a7a67 BS	146	/* absolute path simply replaces p */
	147	if (link_len < s)
	148	strcpy(p, link);
	149	else {
	150	warning("%s: symlink too long", p);
	151	return p;
	152	}
	153	} else {
	154	/*
	155	* link is a relative path, so I must replace the
	156	* last element of p with it.
	157	*/
4b25d091	158	char r = (char )last_path_elm(p);
5d5a7a67 BS	159	if (r - p + link_len < s)
	160	strcpy(r, link);
	161	else {
	162	warning("%s: symlink too long", p);
	163	return p;
	164	}
	165	}
	166	}
	167	return p;
	168	}
	169
447ff1bf	170	/* Make sure errno contains a meaningful value on error */
acd3b9ec	171	static int lock_file(struct lock_file lk, const char path, int flags)
021b6e45	172	{
04e57d4d MH	173	if (!lock_file_list) {
	174	/* One-time initialization */
	175	sigchain_push_common(remove_lock_file_on_signal);
	176	atexit(remove_lock_file);
	177	}
	178
707103fd MH	179	if (lk->active)
	180	die("BUG: cannot lock_file(\"%s\") using active struct lock_file",
	181	path);
04e57d4d MH	182	if (!lk->on_list) {
	183	/* Initialize lk and add it to lock_file_list: /
	184	lk->fd = -1;
707103fd	185	lk->active = 0;
04e57d4d	186	lk->owner = 0;
cf6950d3	187	strbuf_init(&lk->filename, PATH_MAX);
04e57d4d MH	188	lk->next = lock_file_list;
	189	lock_file_list = lk;
	190	lk->on_list = 1;
cf6950d3 MH	191	} else if (lk->filename.len) {
	192	/* This shouldn't happen, but better safe than sorry. */
	193	die("BUG: lock_file(\"%s\") called with improperly-reset lock_file object",
	194	path);
04e57d4d MH	195	}
04e57d4d MH	196
cf6950d3 MH	197	strbuf_addstr(&lk->filename, path);
	198	if (!(flags & LOCK_NODEREF)) {
	199	resolve_symlink(lk->filename.buf, lk->filename.alloc);
	200	strbuf_setlen(&lk->filename, strlen(lk->filename.buf));
447ff1bf	201	}
cf6950d3 MH	202	strbuf_addstr(&lk->filename, LOCK_SUFFIX);
cf6950d3 MH	203	lk->fd = open(lk->filename.buf, O_RDWR \| O_CREAT \| O_EXCL, 0666);
e31e949b	204	if (lk->fd < 0) {
cf6950d3	205	strbuf_reset(&lk->filename);
e31e949b MH	206	return -1;
	207	}
	208	lk->owner = getpid();
707103fd	209	lk->active = 1;
cf6950d3	210	if (adjust_shared_perm(lk->filename.buf)) {
e31e949b	211	int save_errno = errno;
cf6950d3	212	error("cannot fix permission bits on %s", lk->filename.buf);
e31e949b MH	213	rollback_lock_file(lk);
	214	errno = save_errno;
	215	return -1;
	216	}
4723ee99	217	return lk->fd;
021b6e45 JH	218	}
021b6e45 JH	219
6af926e8	220	void unable_to_lock_message(const char path, int err, struct strbuf buf)
e43a6fd3	221	{
bdfd739d	222	if (err == EEXIST) {
6af926e8	223	strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
e43a6fd3 MM	224	"If no other git process is currently running, this probably means a\n"
	225	"git process crashed in this repository earlier. Make sure no other git\n"
	226	"process is running and remove the file manually to continue.",
e2a57aac	227	absolute_path(path), strerror(err));
1b018fd9	228	} else
6af926e8	229	strbuf_addf(buf, "Unable to create '%s.lock': %s",
e2a57aac	230	absolute_path(path), strerror(err));
1b018fd9 MV	231	}
	232
	233	int unable_to_lock_error(const char *path, int err)
	234	{
6af926e8 RS	235	struct strbuf buf = STRBUF_INIT;
	236
	237	unable_to_lock_message(path, err, &buf);
	238	error("%s", buf.buf);
	239	strbuf_release(&buf);
1b018fd9 MV	240	return -1;
	241	}
	242
e197c218	243	NORETURN void unable_to_lock_die(const char *path, int err)
1b018fd9	244	{
6af926e8 RS	245	struct strbuf buf = STRBUF_INIT;
	246
	247	unable_to_lock_message(path, err, &buf);
	248	die("%s", buf.buf);
e43a6fd3 MM	249	}
e43a6fd3 MM	250
447ff1bf	251	/* This should return a meaningful errno on failure */
acd3b9ec	252	int hold_lock_file_for_update(struct lock_file lk, const char path, int flags)
40aaae88	253	{
acd3b9ec JH	254	int fd = lock_file(lk, path, flags);
acd3b9ec JH	255	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
e197c218	256	unable_to_lock_die(path, errno);
40aaae88 JH	257	return fd;
	258	}
	259
acd3b9ec	260	int hold_lock_file_for_append(struct lock_file lk, const char path, int flags)
ea3cd5c7 DB	261	{
	262	int fd, orig_fd;
	263
acd3b9ec	264	fd = lock_file(lk, path, flags);
ea3cd5c7	265	if (fd < 0) {
acd3b9ec	266	if (flags & LOCK_DIE_ON_ERROR)
e197c218	267	unable_to_lock_die(path, errno);
ea3cd5c7 DB	268	return fd;
	269	}
	270
	271	orig_fd = open(path, O_RDONLY);
	272	if (orig_fd < 0) {
	273	if (errno != ENOENT) {
acd3b9ec	274	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	275	die("cannot open '%s' for copying", path);
ebb8e380	276	rollback_lock_file(lk);
ea3cd5c7 DB	277	return error("cannot open '%s' for copying", path);
	278	}
	279	} else if (copy_fd(orig_fd, fd)) {
acd3b9ec	280	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	281	exit(128);
ebb8e380	282	rollback_lock_file(lk);
ea3cd5c7 DB	283	return -1;
	284	}
	285	return fd;
	286	}
	287
d6cf61bf BC	288	int close_lock_file(struct lock_file *lk)
	289	{
	290	int fd = lk->fd;
419f0c0f MH	291
	292	if (fd < 0)
	293	return 0;
	294
d6cf61bf	295	lk->fd = -1;
8e86c155 MH	296	if (close(fd)) {
	297	int save_errno = errno;
	298	rollback_lock_file(lk);
	299	errno = save_errno;
	300	return -1;
	301	}
	302	return 0;
d6cf61bf BC	303	}
d6cf61bf BC	304
93dcaea2 JH	305	int reopen_lock_file(struct lock_file *lk)
	306	{
	307	if (0 <= lk->fd)
	308	die(_("BUG: reopen a lockfile that is still open"));
707103fd	309	if (!lk->active)
93dcaea2	310	die(_("BUG: reopen a lockfile that has been committed"));
cf6950d3	311	lk->fd = open(lk->filename.buf, O_WRONLY);
93dcaea2 JH	312	return lk->fd;
	313	}
	314
021b6e45 JH	315	int commit_lock_file(struct lock_file *lk)
021b6e45 JH	316	{
3e88e8fc MH	317	static struct strbuf result_file = STRBUF_INIT;
3e88e8fc MH	318	int err;
4f4713df	319
707103fd	320	if (!lk->active)
8a1c7533 MH	321	die("BUG: attempt to commit unlocked object");
8a1c7533 MH	322
419f0c0f	323	if (close_lock_file(lk))
d6cf61bf	324	return -1;
4f4713df	325
4f4713df	326	/* remove ".lock": */
cf6950d3 MH	327	strbuf_add(&result_file, lk->filename.buf,
	328	lk->filename.len - LOCK_SUFFIX_LEN);
	329	err = rename(lk->filename.buf, result_file.buf);
3e88e8fc MH	330	strbuf_reset(&result_file);
3e88e8fc MH	331	if (err) {
1b1648f4 MH	332	int save_errno = errno;
	333	rollback_lock_file(lk);
	334	errno = save_errno;
d6cf61bf	335	return -1;
1b1648f4 MH	336	}
1b1648f4 MH	337
707103fd	338	lk->active = 0;
cf6950d3	339	strbuf_reset(&lk->filename);
d6cf61bf	340	return 0;
021b6e45 JH	341	}
021b6e45 JH	342
30ca07a2 JH	343	int hold_locked_index(struct lock_file *lk, int die_on_error)
30ca07a2 JH	344	{
acd3b9ec JH	345	return hold_lock_file_for_update(lk, get_index_file(),
	346	die_on_error
	347	? LOCK_DIE_ON_ERROR
	348	: 0);
30ca07a2 JH	349	}
30ca07a2 JH	350
021b6e45 JH	351	void rollback_lock_file(struct lock_file *lk)
021b6e45 JH	352	{
707103fd	353	if (!lk->active)
9085f8e2 MH	354	return;
9085f8e2 MH	355
8e86c155	356	if (!close_lock_file(lk)) {
cf6950d3	357	unlink_or_warn(lk->filename.buf);
707103fd	358	lk->active = 0;
cf6950d3	359	strbuf_reset(&lk->filename);
8e86c155	360	}
021b6e45	361	}