[thirdparty/git.git] / lockfile.c

/*
 * Copyright (c) 2005, Junio C Hamano
 */
#include "cache.h"
#include "sigchain.h"

/*
 * File write-locks as used by Git.
 *
 * For an overview of how to use the lockfile API, please see
 *
 *     Documentation/technical/api-lockfile.txt
 *
 * This module keeps track of all locked files in lock_file_list for
 * use at cleanup. This list and the lock_file objects that comprise
 * it must be kept in self-consistent states at all time, because the
 * program can be interrupted any time by a signal, in which case the
 * signal handler will walk through the list attempting to clean up
 * any open lock files.
 *
 * A lockfile is owned by the process that created it. The lock_file
 * object has an "owner" field that records its owner. This field is
 * used to prevent a forked process from closing a lockfile created by
 * its parent.
 *
 * A lock_file object can be in several states:
 *
 * - Uninitialized.  In this state the object's on_list field must be
 *   zero but the rest of its contents need not be initialized.  As
 *   soon as the object is used in any way, it is irrevocably
 *   registered in the lock_file_list, and on_list is set.
 *
 * - Locked, lockfile open (after hold_lock_file_for_update(),
 *   hold_lock_file_for_append(), or reopen_lock_file()). In this
 *   state, the lockfile exists, filename holds the filename of the
 *   lockfile, fd holds a file descriptor open for writing to the
 *   lockfile, and owner holds the PID of the process that locked the
 *   file.
 *
 * - Locked, lockfile closed (after close_lock_file()).  Same as the
 *   previous state, except that the lockfile is closed and fd is -1.
 *
 * - Unlocked (after commit_lock_file(), rollback_lock_file(), or a
 *   failed attempt to lock).  In this state, filename[0] == '\0' and
 *   fd is -1.  The object is left registered in the lock_file_list,
 *   and on_list is set.
 */

static struct lock_file *lock_file_list;

static void remove_lock_file(void)
{
	pid_t me = getpid();

	while (lock_file_list) {
		if (lock_file_list->owner == me &&
		    lock_file_list->filename[0]) {
			if (lock_file_list->fd >= 0)
				close(lock_file_list->fd);
			unlink_or_warn(lock_file_list->filename);
		}
		lock_file_list = lock_file_list->next;
	}
}

static void remove_lock_file_on_signal(int signo)
{
	remove_lock_file();
	sigchain_pop(signo);
	raise(signo);
}

/*
 * p = absolute or relative path name
 *
 * Return a pointer into p showing the beginning of the last path name
 * element.  If p is empty or the root directory ("/"), just return p.
 */
static char *last_path_elm(char *p)
{
	/* r starts pointing to null at the end of the string */
	char *r = strchr(p, '\0');

	if (r == p)
		return p; /* just return empty string */

	r--; /* back up to last non-null character */

	/* back up past trailing slashes, if any */
	while (r > p && *r == '/')
		r--;

	/*
	 * then go backwards until I hit a slash, or the beginning of
	 * the string
	 */
	while (r > p && *(r-1) != '/')
		r--;
	return r;
}


/* We allow "recursive" symbolic links. Only within reason, though */
#define MAXDEPTH 5

/*
 * p = path that may be a symlink
 * s = full size of p
 *
 * If p is a symlink, attempt to overwrite p with a path to the real
 * file or directory (which may or may not exist), following a chain of
 * symlinks if necessary.  Otherwise, leave p unmodified.
 *
 * This is a best-effort routine.  If an error occurs, p will either be
 * left unmodified or will name a different symlink in a symlink chain
 * that started with p's initial contents.
 *
 * Always returns p.
 */

static char *resolve_symlink(char *p, size_t s)
{
	int depth = MAXDEPTH;

	while (depth--) {
		char link[PATH_MAX];
		int link_len = readlink(p, link, sizeof(link));
		if (link_len < 0) {
			/* not a symlink anymore */
			return p;
		}
		else if (link_len < sizeof(link))
			/* readlink() never null-terminates */
			link[link_len] = '\0';
		else {
			warning("%s: symlink too long", p);
			return p;
		}

		if (is_absolute_path(link)) {
			/* absolute path simply replaces p */
			if (link_len < s)
				strcpy(p, link);
			else {
				warning("%s: symlink too long", p);
				return p;
			}
		} else {
			/*
			 * link is a relative path, so I must replace the
			 * last element of p with it.
			 */
			char *r = (char *)last_path_elm(p);
			if (r - p + link_len < s)
				strcpy(r, link);
			else {
				warning("%s: symlink too long", p);
				return p;
			}
		}
	}
	return p;
}

/* Make sure errno contains a meaningful value on error */
static int lock_file(struct lock_file *lk, const char *path, int flags)
{
	/*
	 * subtract LOCK_SUFFIX_LEN from size to make sure there's
	 * room for adding ".lock" for the lock file name:
	 */
	static const size_t max_path_len = sizeof(lk->filename) -
					   LOCK_SUFFIX_LEN;

	if (!lock_file_list) {
		/* One-time initialization */
		sigchain_push_common(remove_lock_file_on_signal);
		atexit(remove_lock_file);
	}

	if (!lk->on_list) {
		/* Initialize *lk and add it to lock_file_list: */
		lk->fd = -1;
		lk->owner = 0;
		lk->filename[0] = 0;
		lk->next = lock_file_list;
		lock_file_list = lk;
		lk->on_list = 1;
	}

	if (strlen(path) >= max_path_len) {
		errno = ENAMETOOLONG;
		return -1;
	}
	strcpy(lk->filename, path);
	if (!(flags & LOCK_NODEREF))
		resolve_symlink(lk->filename, max_path_len);
	strcat(lk->filename, LOCK_SUFFIX);
	lk->fd = open(lk->filename, O_RDWR | O_CREAT | O_EXCL, 0666);
	if (0 <= lk->fd) {
		lk->owner = getpid();
		if (adjust_shared_perm(lk->filename)) {
			int save_errno = errno;
			error("cannot fix permission bits on %s",
			      lk->filename);
			rollback_lock_file(lk);
			errno = save_errno;
			return -1;
		}
	}
	else
		lk->filename[0] = 0;
	return lk->fd;
}

void unable_to_lock_message(const char *path, int err, struct strbuf *buf)
{
	if (err == EEXIST) {
		strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
		    "If no other git process is currently running, this probably means a\n"
		    "git process crashed in this repository earlier. Make sure no other git\n"
		    "process is running and remove the file manually to continue.",
			    absolute_path(path), strerror(err));
	} else
		strbuf_addf(buf, "Unable to create '%s.lock': %s",
			    absolute_path(path), strerror(err));
}

int unable_to_lock_error(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	error("%s", buf.buf);
	strbuf_release(&buf);
	return -1;
}

NORETURN void unable_to_lock_die(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	die("%s", buf.buf);
}

/* This should return a meaningful errno on failure */
int hold_lock_file_for_update(struct lock_file *lk, const char *path, int flags)
{
	int fd = lock_file(lk, path, flags);
	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
		unable_to_lock_die(path, errno);
	return fd;
}

int hold_lock_file_for_append(struct lock_file *lk, const char *path, int flags)
{
	int fd, orig_fd;

	fd = lock_file(lk, path, flags);
	if (fd < 0) {
		if (flags & LOCK_DIE_ON_ERROR)
			unable_to_lock_die(path, errno);
		return fd;
	}

	orig_fd = open(path, O_RDONLY);
	if (orig_fd < 0) {
		if (errno != ENOENT) {
			if (flags & LOCK_DIE_ON_ERROR)
				die("cannot open '%s' for copying", path);
			rollback_lock_file(lk);
			return error("cannot open '%s' for copying", path);
		}
	} else if (copy_fd(orig_fd, fd)) {
		if (flags & LOCK_DIE_ON_ERROR)
			exit(128);
		rollback_lock_file(lk);
		return -1;
	}
	return fd;
}

int close_lock_file(struct lock_file *lk)
{
	int fd = lk->fd;

	if (fd < 0)
		return 0;

	lk->fd = -1;
	return close(fd);
}

int reopen_lock_file(struct lock_file *lk)
{
	if (0 <= lk->fd)
		die(_("BUG: reopen a lockfile that is still open"));
	if (!lk->filename[0])
		die(_("BUG: reopen a lockfile that has been committed"));
	lk->fd = open(lk->filename, O_WRONLY);
	return lk->fd;
}

int commit_lock_file(struct lock_file *lk)
{
	char result_file[PATH_MAX];
	size_t i;
	if (close_lock_file(lk))
		return -1;
	strcpy(result_file, lk->filename);
	i = strlen(result_file) - LOCK_SUFFIX_LEN; /* .lock */
	result_file[i] = 0;
	if (rename(lk->filename, result_file))
		return -1;
	lk->filename[0] = 0;
	return 0;
}

int hold_locked_index(struct lock_file *lk, int die_on_error)
{
	return hold_lock_file_for_update(lk, get_index_file(),
					 die_on_error
					 ? LOCK_DIE_ON_ERROR
					 : 0);
}

void rollback_lock_file(struct lock_file *lk)
{
	if (!lk->filename[0])
		return;

	close_lock_file(lk);
	unlink_or_warn(lk->filename);
	lk->filename[0] = 0;
}
Commit	Line	Data
021b6e45 JH	1	/*
	2	* Copyright (c) 2005, Junio C Hamano
	3	*/
021b6e45	4	#include "cache.h"
4a16d072	5	#include "sigchain.h"
021b6e45	6
0a06f148 MH	7	/*
	8	* File write-locks as used by Git.
	9	*
	10	* For an overview of how to use the lockfile API, please see
	11	*
	12	* Documentation/technical/api-lockfile.txt
	13	*
	14	* This module keeps track of all locked files in lock_file_list for
	15	* use at cleanup. This list and the lock_file objects that comprise
	16	* it must be kept in self-consistent states at all time, because the
	17	* program can be interrupted any time by a signal, in which case the
	18	* signal handler will walk through the list attempting to clean up
	19	* any open lock files.
	20	*
	21	* A lockfile is owned by the process that created it. The lock_file
	22	* object has an "owner" field that records its owner. This field is
	23	* used to prevent a forked process from closing a lockfile created by
	24	* its parent.
	25	*
	26	* A lock_file object can be in several states:
	27	*
	28	* - Uninitialized. In this state the object's on_list field must be
	29	* zero but the rest of its contents need not be initialized. As
	30	* soon as the object is used in any way, it is irrevocably
	31	* registered in the lock_file_list, and on_list is set.
	32	*
	33	* - Locked, lockfile open (after hold_lock_file_for_update(),
	34	* hold_lock_file_for_append(), or reopen_lock_file()). In this
	35	* state, the lockfile exists, filename holds the filename of the
	36	* lockfile, fd holds a file descriptor open for writing to the
	37	* lockfile, and owner holds the PID of the process that locked the
	38	* file.
	39	*
	40	* - Locked, lockfile closed (after close_lock_file()). Same as the
	41	* previous state, except that the lockfile is closed and fd is -1.
	42	*
	43	* - Unlocked (after commit_lock_file(), rollback_lock_file(), or a
	44	* failed attempt to lock). In this state, filename[0] == '\0' and
	45	* fd is -1. The object is left registered in the lock_file_list,
	46	* and on_list is set.
	47	*/
	48
021b6e45 JH	49	static struct lock_file *lock_file_list;
	50
	51	static void remove_lock_file(void)
	52	{
5e635e39 JH	53	pid_t me = getpid();
5e635e39 JH	54
021b6e45	55	while (lock_file_list) {
5e635e39	56	if (lock_file_list->owner == me &&
4723ee99	57	lock_file_list->filename[0]) {
d6cf61bf BC	58	if (lock_file_list->fd >= 0)
d6cf61bf BC	59	close(lock_file_list->fd);
691f1a28	60	unlink_or_warn(lock_file_list->filename);
4723ee99	61	}
021b6e45 JH	62	lock_file_list = lock_file_list->next;
	63	}
	64	}
	65
	66	static void remove_lock_file_on_signal(int signo)
	67	{
	68	remove_lock_file();
4a16d072	69	sigchain_pop(signo);
021b6e45 JH	70	raise(signo);
	71	}
	72
5d5a7a67 BS	73	/*
	74	* p = absolute or relative path name
	75	*
	76	* Return a pointer into p showing the beginning of the last path name
	77	* element. If p is empty or the root directory ("/"), just return p.
	78	*/
	79	static char last_path_elm(char p)
	80	{
	81	/* r starts pointing to null at the end of the string */
	82	char *r = strchr(p, '\0');
	83
	84	if (r == p)
	85	return p; /* just return empty string */
	86
	87	r--; /* back up to last non-null character */
	88
	89	/* back up past trailing slashes, if any */
	90	while (r > p && *r == '/')
	91	r--;
	92
	93	/*
	94	* then go backwards until I hit a slash, or the beginning of
	95	* the string
	96	*/
	97	while (r > p && *(r-1) != '/')
	98	r--;
	99	return r;
	100	}
	101
	102
	103	/* We allow "recursive" symbolic links. Only within reason, though */
	104	#define MAXDEPTH 5
	105
	106	/*
	107	* p = path that may be a symlink
	108	* s = full size of p
	109	*
	110	* If p is a symlink, attempt to overwrite p with a path to the real
	111	* file or directory (which may or may not exist), following a chain of
	112	* symlinks if necessary. Otherwise, leave p unmodified.
	113	*
	114	* This is a best-effort routine. If an error occurs, p will either be
	115	* left unmodified or will name a different symlink in a symlink chain
	116	* that started with p's initial contents.
	117	*
	118	* Always returns p.
	119	*/
	120
	121	static char resolve_symlink(char p, size_t s)
	122	{
	123	int depth = MAXDEPTH;
	124
	125	while (depth--) {
	126	char link[PATH_MAX];
	127	int link_len = readlink(p, link, sizeof(link));
	128	if (link_len < 0) {
	129	/* not a symlink anymore */
	130	return p;
	131	}
	132	else if (link_len < sizeof(link))
	133	/* readlink() never null-terminates */
	134	link[link_len] = '\0';
	135	else {
	136	warning("%s: symlink too long", p);
137	return p;
138	}
139
ecf4831d	140	if (is_absolute_path(link)) {
5d5a7a67 BS	141	/* absolute path simply replaces p */
	142	if (link_len < s)
	143	strcpy(p, link);
	144	else {
	145	warning("%s: symlink too long", p);
	146	return p;
	147	}
	148	} else {
	149	/*
	150	* link is a relative path, so I must replace the
	151	* last element of p with it.
	152	*/
4b25d091	153	char r = (char )last_path_elm(p);
5d5a7a67 BS	154	if (r - p + link_len < s)
	155	strcpy(r, link);
	156	else {
	157	warning("%s: symlink too long", p);
	158	return p;
	159	}
	160	}
	161	}
	162	return p;
	163	}
	164
447ff1bf	165	/* Make sure errno contains a meaningful value on error */
acd3b9ec	166	static int lock_file(struct lock_file lk, const char path, int flags)
021b6e45	167	{
5d5a7a67	168	/*
7108ad23 MH	169	* subtract LOCK_SUFFIX_LEN from size to make sure there's
7108ad23 MH	170	* room for adding ".lock" for the lock file name:
5d5a7a67	171	*/
7108ad23 MH	172	static const size_t max_path_len = sizeof(lk->filename) -
7108ad23 MH	173	LOCK_SUFFIX_LEN;
2fbd4f92	174
04e57d4d MH	175	if (!lock_file_list) {
	176	/* One-time initialization */
	177	sigchain_push_common(remove_lock_file_on_signal);
	178	atexit(remove_lock_file);
	179	}
	180
	181	if (!lk->on_list) {
	182	/* Initialize lk and add it to lock_file_list: /
	183	lk->fd = -1;
	184	lk->owner = 0;
	185	lk->filename[0] = 0;
	186	lk->next = lock_file_list;
	187	lock_file_list = lk;
	188	lk->on_list = 1;
	189	}
	190
447ff1bf RS	191	if (strlen(path) >= max_path_len) {
447ff1bf RS	192	errno = ENAMETOOLONG;
2fbd4f92	193	return -1;
447ff1bf	194	}
2fbd4f92	195	strcpy(lk->filename, path);
acd3b9ec	196	if (!(flags & LOCK_NODEREF))
2fbd4f92	197	resolve_symlink(lk->filename, max_path_len);
7108ad23	198	strcat(lk->filename, LOCK_SUFFIX);
4723ee99 JS	199	lk->fd = open(lk->filename, O_RDWR \| O_CREAT \| O_EXCL, 0666);
4723ee99 JS	200	if (0 <= lk->fd) {
5e635e39	201	lk->owner = getpid();
447ff1bf RS	202	if (adjust_shared_perm(lk->filename)) {
	203	int save_errno = errno;
	204	error("cannot fix permission bits on %s",
	205	lk->filename);
41dd4ffa	206	rollback_lock_file(lk);
447ff1bf RS	207	errno = save_errno;
	208	return -1;
	209	}
021b6e45	210	}
1084b845 JH	211	else
1084b845 JH	212	lk->filename[0] = 0;
4723ee99	213	return lk->fd;
021b6e45 JH	214	}
021b6e45 JH	215
6af926e8	216	void unable_to_lock_message(const char path, int err, struct strbuf buf)
e43a6fd3	217	{
bdfd739d	218	if (err == EEXIST) {
6af926e8	219	strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
e43a6fd3 MM	220	"If no other git process is currently running, this probably means a\n"
	221	"git process crashed in this repository earlier. Make sure no other git\n"
	222	"process is running and remove the file manually to continue.",
e2a57aac	223	absolute_path(path), strerror(err));
1b018fd9	224	} else
6af926e8	225	strbuf_addf(buf, "Unable to create '%s.lock': %s",
e2a57aac	226	absolute_path(path), strerror(err));
1b018fd9 MV	227	}
	228
	229	int unable_to_lock_error(const char *path, int err)
	230	{
6af926e8 RS	231	struct strbuf buf = STRBUF_INIT;
	232
	233	unable_to_lock_message(path, err, &buf);
	234	error("%s", buf.buf);
	235	strbuf_release(&buf);
1b018fd9 MV	236	return -1;
	237	}
	238
e197c218	239	NORETURN void unable_to_lock_die(const char *path, int err)
1b018fd9	240	{
6af926e8 RS	241	struct strbuf buf = STRBUF_INIT;
	242
	243	unable_to_lock_message(path, err, &buf);
	244	die("%s", buf.buf);
e43a6fd3 MM	245	}
e43a6fd3 MM	246
447ff1bf	247	/* This should return a meaningful errno on failure */
acd3b9ec	248	int hold_lock_file_for_update(struct lock_file lk, const char path, int flags)
40aaae88	249	{
acd3b9ec JH	250	int fd = lock_file(lk, path, flags);
acd3b9ec JH	251	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
e197c218	252	unable_to_lock_die(path, errno);
40aaae88 JH	253	return fd;
	254	}
	255
acd3b9ec	256	int hold_lock_file_for_append(struct lock_file lk, const char path, int flags)
ea3cd5c7 DB	257	{
	258	int fd, orig_fd;
	259
acd3b9ec	260	fd = lock_file(lk, path, flags);
ea3cd5c7	261	if (fd < 0) {
acd3b9ec	262	if (flags & LOCK_DIE_ON_ERROR)
e197c218	263	unable_to_lock_die(path, errno);
ea3cd5c7 DB	264	return fd;
	265	}
	266
	267	orig_fd = open(path, O_RDONLY);
	268	if (orig_fd < 0) {
	269	if (errno != ENOENT) {
acd3b9ec	270	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	271	die("cannot open '%s' for copying", path);
ebb8e380	272	rollback_lock_file(lk);
ea3cd5c7 DB	273	return error("cannot open '%s' for copying", path);
	274	}
	275	} else if (copy_fd(orig_fd, fd)) {
acd3b9ec	276	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	277	exit(128);
ebb8e380	278	rollback_lock_file(lk);
ea3cd5c7 DB	279	return -1;
	280	}
	281	return fd;
	282	}
	283
d6cf61bf BC	284	int close_lock_file(struct lock_file *lk)
	285	{
	286	int fd = lk->fd;
419f0c0f MH	287
	288	if (fd < 0)
	289	return 0;
	290
d6cf61bf BC	291	lk->fd = -1;
	292	return close(fd);
	293	}
	294
93dcaea2 JH	295	int reopen_lock_file(struct lock_file *lk)
	296	{
	297	if (0 <= lk->fd)
	298	die(_("BUG: reopen a lockfile that is still open"));
	299	if (!lk->filename[0])
	300	die(_("BUG: reopen a lockfile that has been committed"));
	301	lk->fd = open(lk->filename, O_WRONLY);
	302	return lk->fd;
	303	}
	304
021b6e45 JH	305	int commit_lock_file(struct lock_file *lk)
	306	{
	307	char result_file[PATH_MAX];
d6cf61bf	308	size_t i;
419f0c0f	309	if (close_lock_file(lk))
d6cf61bf	310	return -1;
021b6e45	311	strcpy(result_file, lk->filename);
7108ad23	312	i = strlen(result_file) - LOCK_SUFFIX_LEN; /* .lock */
021b6e45	313	result_file[i] = 0;
d6cf61bf BC	314	if (rename(lk->filename, result_file))
d6cf61bf BC	315	return -1;
021b6e45	316	lk->filename[0] = 0;
d6cf61bf	317	return 0;
021b6e45 JH	318	}
021b6e45 JH	319
30ca07a2 JH	320	int hold_locked_index(struct lock_file *lk, int die_on_error)
30ca07a2 JH	321	{
acd3b9ec JH	322	return hold_lock_file_for_update(lk, get_index_file(),
	323	die_on_error
	324	? LOCK_DIE_ON_ERROR
	325	: 0);
30ca07a2 JH	326	}
30ca07a2 JH	327
021b6e45 JH	328	void rollback_lock_file(struct lock_file *lk)
021b6e45 JH	329	{
9085f8e2 MH	330	if (!lk->filename[0])
	331	return;
	332
26f5d3b6	333	close_lock_file(lk);
9085f8e2 MH	334	unlink_or_warn(lk->filename);
9085f8e2 MH	335	lk->filename[0] = 0;
021b6e45	336	}