[thirdparty/git.git] / lockfile.c

/*
 * Copyright (c) 2005, Junio C Hamano
 */
#include "cache.h"
#include "sigchain.h"

/*
 * File write-locks as used by Git.
 *
 * For an overview of how to use the lockfile API, please see
 *
 *     Documentation/technical/api-lockfile.txt
 *
 * This module keeps track of all locked files in lock_file_list for
 * use at cleanup. This list and the lock_file objects that comprise
 * it must be kept in self-consistent states at all time, because the
 * program can be interrupted any time by a signal, in which case the
 * signal handler will walk through the list attempting to clean up
 * any open lock files.
 *
 * A lockfile is owned by the process that created it. The lock_file
 * object has an "owner" field that records its owner. This field is
 * used to prevent a forked process from closing a lockfile created by
 * its parent.
 *
 * A lock_file object can be in several states:
 *
 * - Uninitialized.  In this state the object's on_list field must be
 *   zero but the rest of its contents need not be initialized.  As
 *   soon as the object is used in any way, it is irrevocably
 *   registered in the lock_file_list, and on_list is set.
 *
 * - Locked, lockfile open (after hold_lock_file_for_update(),
 *   hold_lock_file_for_append(), or reopen_lock_file()). In this
 *   state, the lockfile exists, filename holds the filename of the
 *   lockfile, fd holds a file descriptor open for writing to the
 *   lockfile, and owner holds the PID of the process that locked the
 *   file.
 *
 * - Locked, lockfile closed (after close_lock_file()).  Same as the
 *   previous state, except that the lockfile is closed and fd is -1.
 *
 * - Unlocked (after commit_lock_file(), rollback_lock_file(), or a
 *   failed attempt to lock).  In this state, filename[0] == '\0' and
 *   fd is -1.  The object is left registered in the lock_file_list,
 *   and on_list is set.
 */

static struct lock_file *lock_file_list;

static void remove_lock_file(void)
{
	pid_t me = getpid();

	while (lock_file_list) {
		if (lock_file_list->owner == me)
			rollback_lock_file(lock_file_list);
		lock_file_list = lock_file_list->next;
	}
}

static void remove_lock_file_on_signal(int signo)
{
	remove_lock_file();
	sigchain_pop(signo);
	raise(signo);
}

/*
 * p = absolute or relative path name
 *
 * Return a pointer into p showing the beginning of the last path name
 * element.  If p is empty or the root directory ("/"), just return p.
 */
static char *last_path_elm(char *p)
{
	/* r starts pointing to null at the end of the string */
	char *r = strchr(p, '\0');

	if (r == p)
		return p; /* just return empty string */

	r--; /* back up to last non-null character */

	/* back up past trailing slashes, if any */
	while (r > p && *r == '/')
		r--;

	/*
	 * then go backwards until I hit a slash, or the beginning of
	 * the string
	 */
	while (r > p && *(r-1) != '/')
		r--;
	return r;
}


/* We allow "recursive" symbolic links. Only within reason, though */
#define MAXDEPTH 5

/*
 * p = path that may be a symlink
 * s = full size of p
 *
 * If p is a symlink, attempt to overwrite p with a path to the real
 * file or directory (which may or may not exist), following a chain of
 * symlinks if necessary.  Otherwise, leave p unmodified.
 *
 * This is a best-effort routine.  If an error occurs, p will either be
 * left unmodified or will name a different symlink in a symlink chain
 * that started with p's initial contents.
 *
 * Always returns p.
 */

static char *resolve_symlink(char *p, size_t s)
{
	int depth = MAXDEPTH;

	while (depth--) {
		char link[PATH_MAX];
		int link_len = readlink(p, link, sizeof(link));
		if (link_len < 0) {
			/* not a symlink anymore */
			return p;
		}
		else if (link_len < sizeof(link))
			/* readlink() never null-terminates */
			link[link_len] = '\0';
		else {
			warning("%s: symlink too long", p);
			return p;
		}

		if (is_absolute_path(link)) {
			/* absolute path simply replaces p */
			if (link_len < s)
				strcpy(p, link);
			else {
				warning("%s: symlink too long", p);
				return p;
			}
		} else {
			/*
			 * link is a relative path, so I must replace the
			 * last element of p with it.
			 */
			char *r = (char *)last_path_elm(p);
			if (r - p + link_len < s)
				strcpy(r, link);
			else {
				warning("%s: symlink too long", p);
				return p;
			}
		}
	}
	return p;
}

/* Make sure errno contains a meaningful value on error */
static int lock_file(struct lock_file *lk, const char *path, int flags)
{
	/*
	 * subtract LOCK_SUFFIX_LEN from size to make sure there's
	 * room for adding ".lock" for the lock file name:
	 */
	static const size_t max_path_len = sizeof(lk->filename) -
					   LOCK_SUFFIX_LEN;

	if (!lock_file_list) {
		/* One-time initialization */
		sigchain_push_common(remove_lock_file_on_signal);
		atexit(remove_lock_file);
	}

	if (!lk->on_list) {
		/* Initialize *lk and add it to lock_file_list: */
		lk->fd = -1;
		lk->owner = 0;
		lk->filename[0] = 0;
		lk->next = lock_file_list;
		lock_file_list = lk;
		lk->on_list = 1;
	}

	if (strlen(path) >= max_path_len) {
		errno = ENAMETOOLONG;
		return -1;
	}
	strcpy(lk->filename, path);
	if (!(flags & LOCK_NODEREF))
		resolve_symlink(lk->filename, max_path_len);
	strcat(lk->filename, LOCK_SUFFIX);
	lk->fd = open(lk->filename, O_RDWR | O_CREAT | O_EXCL, 0666);
	if (lk->fd < 0) {
		lk->filename[0] = 0;
		return -1;
	}
	lk->owner = getpid();
	if (adjust_shared_perm(lk->filename)) {
		int save_errno = errno;
		error("cannot fix permission bits on %s", lk->filename);
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}
	return lk->fd;
}

void unable_to_lock_message(const char *path, int err, struct strbuf *buf)
{
	if (err == EEXIST) {
		strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
		    "If no other git process is currently running, this probably means a\n"
		    "git process crashed in this repository earlier. Make sure no other git\n"
		    "process is running and remove the file manually to continue.",
			    absolute_path(path), strerror(err));
	} else
		strbuf_addf(buf, "Unable to create '%s.lock': %s",
			    absolute_path(path), strerror(err));
}

int unable_to_lock_error(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	error("%s", buf.buf);
	strbuf_release(&buf);
	return -1;
}

NORETURN void unable_to_lock_die(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	die("%s", buf.buf);
}

/* This should return a meaningful errno on failure */
int hold_lock_file_for_update(struct lock_file *lk, const char *path, int flags)
{
	int fd = lock_file(lk, path, flags);
	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
		unable_to_lock_die(path, errno);
	return fd;
}

int hold_lock_file_for_append(struct lock_file *lk, const char *path, int flags)
{
	int fd, orig_fd;

	fd = lock_file(lk, path, flags);
	if (fd < 0) {
		if (flags & LOCK_DIE_ON_ERROR)
			unable_to_lock_die(path, errno);
		return fd;
	}

	orig_fd = open(path, O_RDONLY);
	if (orig_fd < 0) {
		if (errno != ENOENT) {
			if (flags & LOCK_DIE_ON_ERROR)
				die("cannot open '%s' for copying", path);
			rollback_lock_file(lk);
			return error("cannot open '%s' for copying", path);
		}
	} else if (copy_fd(orig_fd, fd)) {
		if (flags & LOCK_DIE_ON_ERROR)
			exit(128);
		rollback_lock_file(lk);
		return -1;
	}
	return fd;
}

int close_lock_file(struct lock_file *lk)
{
	int fd = lk->fd;

	if (fd < 0)
		return 0;

	lk->fd = -1;
	return close(fd);
}

int reopen_lock_file(struct lock_file *lk)
{
	if (0 <= lk->fd)
		die(_("BUG: reopen a lockfile that is still open"));
	if (!lk->filename[0])
		die(_("BUG: reopen a lockfile that has been committed"));
	lk->fd = open(lk->filename, O_WRONLY);
	return lk->fd;
}

int commit_lock_file(struct lock_file *lk)
{
	char result_file[PATH_MAX];

	if (close_lock_file(lk))
		return -1;

	strcpy(result_file, lk->filename);
	/* remove ".lock": */
	result_file[strlen(result_file) - LOCK_SUFFIX_LEN] = 0;

	if (rename(lk->filename, result_file))
		return -1;
	lk->filename[0] = 0;
	return 0;
}

int hold_locked_index(struct lock_file *lk, int die_on_error)
{
	return hold_lock_file_for_update(lk, get_index_file(),
					 die_on_error
					 ? LOCK_DIE_ON_ERROR
					 : 0);
}

void rollback_lock_file(struct lock_file *lk)
{
	if (!lk->filename[0])
		return;

	close_lock_file(lk);
	unlink_or_warn(lk->filename);
	lk->filename[0] = 0;
}
Commit	Line	Data
021b6e45 JH	1	/*
	2	* Copyright (c) 2005, Junio C Hamano
	3	*/
021b6e45	4	#include "cache.h"
4a16d072	5	#include "sigchain.h"
021b6e45	6
0a06f148 MH	7	/*
	8	* File write-locks as used by Git.
	9	*
	10	* For an overview of how to use the lockfile API, please see
	11	*
	12	* Documentation/technical/api-lockfile.txt
	13	*
	14	* This module keeps track of all locked files in lock_file_list for
	15	* use at cleanup. This list and the lock_file objects that comprise
	16	* it must be kept in self-consistent states at all time, because the
	17	* program can be interrupted any time by a signal, in which case the
	18	* signal handler will walk through the list attempting to clean up
	19	* any open lock files.
	20	*
	21	* A lockfile is owned by the process that created it. The lock_file
	22	* object has an "owner" field that records its owner. This field is
	23	* used to prevent a forked process from closing a lockfile created by
	24	* its parent.
	25	*
	26	* A lock_file object can be in several states:
	27	*
	28	* - Uninitialized. In this state the object's on_list field must be
	29	* zero but the rest of its contents need not be initialized. As
	30	* soon as the object is used in any way, it is irrevocably
	31	* registered in the lock_file_list, and on_list is set.
	32	*
	33	* - Locked, lockfile open (after hold_lock_file_for_update(),
	34	* hold_lock_file_for_append(), or reopen_lock_file()). In this
	35	* state, the lockfile exists, filename holds the filename of the
	36	* lockfile, fd holds a file descriptor open for writing to the
	37	* lockfile, and owner holds the PID of the process that locked the
	38	* file.
	39	*
	40	* - Locked, lockfile closed (after close_lock_file()). Same as the
	41	* previous state, except that the lockfile is closed and fd is -1.
	42	*
	43	* - Unlocked (after commit_lock_file(), rollback_lock_file(), or a
	44	* failed attempt to lock). In this state, filename[0] == '\0' and
	45	* fd is -1. The object is left registered in the lock_file_list,
	46	* and on_list is set.
	47	*/
	48
021b6e45 JH	49	static struct lock_file *lock_file_list;
	50
	51	static void remove_lock_file(void)
	52	{
5e635e39 JH	53	pid_t me = getpid();
5e635e39 JH	54
021b6e45	55	while (lock_file_list) {
a1754bcc MH	56	if (lock_file_list->owner == me)
a1754bcc MH	57	rollback_lock_file(lock_file_list);
021b6e45 JH	58	lock_file_list = lock_file_list->next;
	59	}
	60	}
	61
	62	static void remove_lock_file_on_signal(int signo)
	63	{
	64	remove_lock_file();
4a16d072	65	sigchain_pop(signo);
021b6e45 JH	66	raise(signo);
	67	}
	68
5d5a7a67 BS	69	/*
	70	* p = absolute or relative path name
	71	*
	72	* Return a pointer into p showing the beginning of the last path name
	73	* element. If p is empty or the root directory ("/"), just return p.
	74	*/
	75	static char last_path_elm(char p)
	76	{
	77	/* r starts pointing to null at the end of the string */
	78	char *r = strchr(p, '\0');
	79
	80	if (r == p)
	81	return p; /* just return empty string */
	82
	83	r--; /* back up to last non-null character */
	84
	85	/* back up past trailing slashes, if any */
	86	while (r > p && *r == '/')
	87	r--;
	88
	89	/*
	90	* then go backwards until I hit a slash, or the beginning of
	91	* the string
	92	*/
	93	while (r > p && *(r-1) != '/')
	94	r--;
	95	return r;
	96	}
	97
	98
	99	/* We allow "recursive" symbolic links. Only within reason, though */
	100	#define MAXDEPTH 5
	101
	102	/*
	103	* p = path that may be a symlink
	104	* s = full size of p
	105	*
	106	* If p is a symlink, attempt to overwrite p with a path to the real
	107	* file or directory (which may or may not exist), following a chain of
	108	* symlinks if necessary. Otherwise, leave p unmodified.
	109	*
	110	* This is a best-effort routine. If an error occurs, p will either be
	111	* left unmodified or will name a different symlink in a symlink chain
	112	* that started with p's initial contents.
	113	*
	114	* Always returns p.
	115	*/
	116
	117	static char resolve_symlink(char p, size_t s)
	118	{
	119	int depth = MAXDEPTH;
	120
	121	while (depth--) {
	122	char link[PATH_MAX];
	123	int link_len = readlink(p, link, sizeof(link));
	124	if (link_len < 0) {
	125	/* not a symlink anymore */
	126	return p;
	127	}
	128	else if (link_len < sizeof(link))
	129	/* readlink() never null-terminates */
	130	link[link_len] = '\0';
	131	else {
	132	warning("%s: symlink too long", p);
133	return p;
134	}
135
ecf4831d	136	if (is_absolute_path(link)) {
5d5a7a67 BS	137	/* absolute path simply replaces p */
	138	if (link_len < s)
	139	strcpy(p, link);
	140	else {
	141	warning("%s: symlink too long", p);
	142	return p;
	143	}
	144	} else {
	145	/*
	146	* link is a relative path, so I must replace the
	147	* last element of p with it.
	148	*/
4b25d091	149	char r = (char )last_path_elm(p);
5d5a7a67 BS	150	if (r - p + link_len < s)
	151	strcpy(r, link);
	152	else {
	153	warning("%s: symlink too long", p);
	154	return p;
	155	}
	156	}
	157	}
	158	return p;
	159	}
	160
447ff1bf	161	/* Make sure errno contains a meaningful value on error */
acd3b9ec	162	static int lock_file(struct lock_file lk, const char path, int flags)
021b6e45	163	{
5d5a7a67	164	/*
7108ad23 MH	165	* subtract LOCK_SUFFIX_LEN from size to make sure there's
7108ad23 MH	166	* room for adding ".lock" for the lock file name:
5d5a7a67	167	*/
7108ad23 MH	168	static const size_t max_path_len = sizeof(lk->filename) -
7108ad23 MH	169	LOCK_SUFFIX_LEN;
2fbd4f92	170
04e57d4d MH	171	if (!lock_file_list) {
	172	/* One-time initialization */
	173	sigchain_push_common(remove_lock_file_on_signal);
	174	atexit(remove_lock_file);
	175	}
	176
	177	if (!lk->on_list) {
	178	/* Initialize lk and add it to lock_file_list: /
	179	lk->fd = -1;
	180	lk->owner = 0;
	181	lk->filename[0] = 0;
	182	lk->next = lock_file_list;
	183	lock_file_list = lk;
	184	lk->on_list = 1;
	185	}
	186
447ff1bf RS	187	if (strlen(path) >= max_path_len) {
447ff1bf RS	188	errno = ENAMETOOLONG;
2fbd4f92	189	return -1;
447ff1bf	190	}
2fbd4f92	191	strcpy(lk->filename, path);
acd3b9ec	192	if (!(flags & LOCK_NODEREF))
2fbd4f92	193	resolve_symlink(lk->filename, max_path_len);
7108ad23	194	strcat(lk->filename, LOCK_SUFFIX);
4723ee99	195	lk->fd = open(lk->filename, O_RDWR \| O_CREAT \| O_EXCL, 0666);
e31e949b	196	if (lk->fd < 0) {
1084b845	197	lk->filename[0] = 0;
e31e949b MH	198	return -1;
	199	}
	200	lk->owner = getpid();
	201	if (adjust_shared_perm(lk->filename)) {
	202	int save_errno = errno;
	203	error("cannot fix permission bits on %s", lk->filename);
	204	rollback_lock_file(lk);
	205	errno = save_errno;
	206	return -1;
	207	}
4723ee99	208	return lk->fd;
021b6e45 JH	209	}
021b6e45 JH	210
6af926e8	211	void unable_to_lock_message(const char path, int err, struct strbuf buf)
e43a6fd3	212	{
bdfd739d	213	if (err == EEXIST) {
6af926e8	214	strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
e43a6fd3 MM	215	"If no other git process is currently running, this probably means a\n"
	216	"git process crashed in this repository earlier. Make sure no other git\n"
	217	"process is running and remove the file manually to continue.",
e2a57aac	218	absolute_path(path), strerror(err));
1b018fd9	219	} else
6af926e8	220	strbuf_addf(buf, "Unable to create '%s.lock': %s",
e2a57aac	221	absolute_path(path), strerror(err));
1b018fd9 MV	222	}
	223
	224	int unable_to_lock_error(const char *path, int err)
	225	{
6af926e8 RS	226	struct strbuf buf = STRBUF_INIT;
	227
	228	unable_to_lock_message(path, err, &buf);
	229	error("%s", buf.buf);
	230	strbuf_release(&buf);
1b018fd9 MV	231	return -1;
	232	}
	233
e197c218	234	NORETURN void unable_to_lock_die(const char *path, int err)
1b018fd9	235	{
6af926e8 RS	236	struct strbuf buf = STRBUF_INIT;
	237
	238	unable_to_lock_message(path, err, &buf);
	239	die("%s", buf.buf);
e43a6fd3 MM	240	}
e43a6fd3 MM	241
447ff1bf	242	/* This should return a meaningful errno on failure */
acd3b9ec	243	int hold_lock_file_for_update(struct lock_file lk, const char path, int flags)
40aaae88	244	{
acd3b9ec JH	245	int fd = lock_file(lk, path, flags);
acd3b9ec JH	246	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
e197c218	247	unable_to_lock_die(path, errno);
40aaae88 JH	248	return fd;
	249	}
	250
acd3b9ec	251	int hold_lock_file_for_append(struct lock_file lk, const char path, int flags)
ea3cd5c7 DB	252	{
	253	int fd, orig_fd;
	254
acd3b9ec	255	fd = lock_file(lk, path, flags);
ea3cd5c7	256	if (fd < 0) {
acd3b9ec	257	if (flags & LOCK_DIE_ON_ERROR)
e197c218	258	unable_to_lock_die(path, errno);
ea3cd5c7 DB	259	return fd;
	260	}
	261
	262	orig_fd = open(path, O_RDONLY);
	263	if (orig_fd < 0) {
	264	if (errno != ENOENT) {
acd3b9ec	265	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	266	die("cannot open '%s' for copying", path);
ebb8e380	267	rollback_lock_file(lk);
ea3cd5c7 DB	268	return error("cannot open '%s' for copying", path);
	269	}
	270	} else if (copy_fd(orig_fd, fd)) {
acd3b9ec	271	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	272	exit(128);
ebb8e380	273	rollback_lock_file(lk);
ea3cd5c7 DB	274	return -1;
	275	}
	276	return fd;
	277	}
	278
d6cf61bf BC	279	int close_lock_file(struct lock_file *lk)
	280	{
	281	int fd = lk->fd;
419f0c0f MH	282
	283	if (fd < 0)
	284	return 0;
	285
d6cf61bf BC	286	lk->fd = -1;
	287	return close(fd);
	288	}
	289
93dcaea2 JH	290	int reopen_lock_file(struct lock_file *lk)
	291	{
	292	if (0 <= lk->fd)
	293	die(_("BUG: reopen a lockfile that is still open"));
	294	if (!lk->filename[0])
	295	die(_("BUG: reopen a lockfile that has been committed"));
	296	lk->fd = open(lk->filename, O_WRONLY);
	297	return lk->fd;
	298	}
	299
021b6e45 JH	300	int commit_lock_file(struct lock_file *lk)
	301	{
	302	char result_file[PATH_MAX];
4f4713df	303
419f0c0f	304	if (close_lock_file(lk))
d6cf61bf	305	return -1;
4f4713df	306
021b6e45	307	strcpy(result_file, lk->filename);
4f4713df MH	308	/* remove ".lock": */
	309	result_file[strlen(result_file) - LOCK_SUFFIX_LEN] = 0;
	310
d6cf61bf BC	311	if (rename(lk->filename, result_file))
d6cf61bf BC	312	return -1;
021b6e45	313	lk->filename[0] = 0;
d6cf61bf	314	return 0;
021b6e45 JH	315	}
021b6e45 JH	316
30ca07a2 JH	317	int hold_locked_index(struct lock_file *lk, int die_on_error)
30ca07a2 JH	318	{
acd3b9ec JH	319	return hold_lock_file_for_update(lk, get_index_file(),
	320	die_on_error
	321	? LOCK_DIE_ON_ERROR
	322	: 0);
30ca07a2 JH	323	}
30ca07a2 JH	324
021b6e45 JH	325	void rollback_lock_file(struct lock_file *lk)
021b6e45 JH	326	{
9085f8e2 MH	327	if (!lk->filename[0])
	328	return;
	329
26f5d3b6	330	close_lock_file(lk);
9085f8e2 MH	331	unlink_or_warn(lk->filename);
9085f8e2 MH	332	lk->filename[0] = 0;
021b6e45	333	}