[thirdparty/git.git] / lockfile.c

/*
 * Copyright (c) 2005, Junio C Hamano
 */
#include "cache.h"
#include "sigchain.h"

/*
 * File write-locks as used by Git.
 *
 * For an overview of how to use the lockfile API, please see
 *
 *     Documentation/technical/api-lockfile.txt
 *
 * This module keeps track of all locked files in lock_file_list for
 * use at cleanup. This list and the lock_file objects that comprise
 * it must be kept in self-consistent states at all time, because the
 * program can be interrupted any time by a signal, in which case the
 * signal handler will walk through the list attempting to clean up
 * any open lock files.
 *
 * A lockfile is owned by the process that created it. The lock_file
 * object has an "owner" field that records its owner. This field is
 * used to prevent a forked process from closing a lockfile created by
 * its parent.
 *
 * A lock_file object can be in several states:
 *
 * - Uninitialized.  In this state the object's on_list field must be
 *   zero but the rest of its contents need not be initialized.  As
 *   soon as the object is used in any way, it is irrevocably
 *   registered in the lock_file_list, and on_list is set.
 *
 * - Locked, lockfile open (after hold_lock_file_for_update(),
 *   hold_lock_file_for_append(), or reopen_lock_file()). In this
 *   state, the lockfile exists, filename holds the filename of the
 *   lockfile, fd holds a file descriptor open for writing to the
 *   lockfile, and owner holds the PID of the process that locked the
 *   file.
 *
 * - Locked, lockfile closed (after successful close_lock_file()).
 *   Same as the previous state, except that the lockfile is closed
 *   and fd is -1.
 *
 * - Unlocked (after commit_lock_file(), rollback_lock_file(), a
 *   failed attempt to lock, or a failed close_lock_file()). In this
 *   state, filename[0] == '\0' and fd is -1. The object is left
 *   registered in the lock_file_list, and on_list is set.
 */

static struct lock_file *lock_file_list;

static void remove_lock_file(void)
{
	pid_t me = getpid();

	while (lock_file_list) {
		if (lock_file_list->owner == me)
			rollback_lock_file(lock_file_list);
		lock_file_list = lock_file_list->next;
	}
}

static void remove_lock_file_on_signal(int signo)
{
	remove_lock_file();
	sigchain_pop(signo);
	raise(signo);
}

/*
 * p = absolute or relative path name
 *
 * Return a pointer into p showing the beginning of the last path name
 * element.  If p is empty or the root directory ("/"), just return p.
 */
static char *last_path_elm(char *p)
{
	/* r starts pointing to null at the end of the string */
	char *r = strchr(p, '\0');

	if (r == p)
		return p; /* just return empty string */

	r--; /* back up to last non-null character */

	/* back up past trailing slashes, if any */
	while (r > p && *r == '/')
		r--;

	/*
	 * then go backwards until I hit a slash, or the beginning of
	 * the string
	 */
	while (r > p && *(r-1) != '/')
		r--;
	return r;
}


/* We allow "recursive" symbolic links. Only within reason, though */
#define MAXDEPTH 5

/*
 * p = path that may be a symlink
 * s = full size of p
 *
 * If p is a symlink, attempt to overwrite p with a path to the real
 * file or directory (which may or may not exist), following a chain of
 * symlinks if necessary.  Otherwise, leave p unmodified.
 *
 * This is a best-effort routine.  If an error occurs, p will either be
 * left unmodified or will name a different symlink in a symlink chain
 * that started with p's initial contents.
 *
 * Always returns p.
 */

static char *resolve_symlink(char *p, size_t s)
{
	int depth = MAXDEPTH;

	while (depth--) {
		char link[PATH_MAX];
		int link_len = readlink(p, link, sizeof(link));
		if (link_len < 0) {
			/* not a symlink anymore */
			return p;
		}
		else if (link_len < sizeof(link))
			/* readlink() never null-terminates */
			link[link_len] = '\0';
		else {
			warning("%s: symlink too long", p);
			return p;
		}

		if (is_absolute_path(link)) {
			/* absolute path simply replaces p */
			if (link_len < s)
				strcpy(p, link);
			else {
				warning("%s: symlink too long", p);
				return p;
			}
		} else {
			/*
			 * link is a relative path, so I must replace the
			 * last element of p with it.
			 */
			char *r = (char *)last_path_elm(p);
			if (r - p + link_len < s)
				strcpy(r, link);
			else {
				warning("%s: symlink too long", p);
				return p;
			}
		}
	}
	return p;
}

/* Make sure errno contains a meaningful value on error */
static int lock_file(struct lock_file *lk, const char *path, int flags)
{
	/*
	 * subtract LOCK_SUFFIX_LEN from size to make sure there's
	 * room for adding ".lock" for the lock file name:
	 */
	static const size_t max_path_len = sizeof(lk->filename) -
					   LOCK_SUFFIX_LEN;

	if (!lock_file_list) {
		/* One-time initialization */
		sigchain_push_common(remove_lock_file_on_signal);
		atexit(remove_lock_file);
	}

	if (!lk->on_list) {
		/* Initialize *lk and add it to lock_file_list: */
		lk->fd = -1;
		lk->owner = 0;
		lk->filename[0] = 0;
		lk->next = lock_file_list;
		lock_file_list = lk;
		lk->on_list = 1;
	}

	if (strlen(path) >= max_path_len) {
		errno = ENAMETOOLONG;
		return -1;
	}
	strcpy(lk->filename, path);
	if (!(flags & LOCK_NODEREF))
		resolve_symlink(lk->filename, max_path_len);
	strcat(lk->filename, LOCK_SUFFIX);
	lk->fd = open(lk->filename, O_RDWR | O_CREAT | O_EXCL, 0666);
	if (lk->fd < 0) {
		lk->filename[0] = 0;
		return -1;
	}
	lk->owner = getpid();
	if (adjust_shared_perm(lk->filename)) {
		int save_errno = errno;
		error("cannot fix permission bits on %s", lk->filename);
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}
	return lk->fd;
}

void unable_to_lock_message(const char *path, int err, struct strbuf *buf)
{
	if (err == EEXIST) {
		strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
		    "If no other git process is currently running, this probably means a\n"
		    "git process crashed in this repository earlier. Make sure no other git\n"
		    "process is running and remove the file manually to continue.",
			    absolute_path(path), strerror(err));
	} else
		strbuf_addf(buf, "Unable to create '%s.lock': %s",
			    absolute_path(path), strerror(err));
}

int unable_to_lock_error(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	error("%s", buf.buf);
	strbuf_release(&buf);
	return -1;
}

NORETURN void unable_to_lock_die(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	die("%s", buf.buf);
}

/* This should return a meaningful errno on failure */
int hold_lock_file_for_update(struct lock_file *lk, const char *path, int flags)
{
	int fd = lock_file(lk, path, flags);
	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
		unable_to_lock_die(path, errno);
	return fd;
}

int hold_lock_file_for_append(struct lock_file *lk, const char *path, int flags)
{
	int fd, orig_fd;

	fd = lock_file(lk, path, flags);
	if (fd < 0) {
		if (flags & LOCK_DIE_ON_ERROR)
			unable_to_lock_die(path, errno);
		return fd;
	}

	orig_fd = open(path, O_RDONLY);
	if (orig_fd < 0) {
		if (errno != ENOENT) {
			if (flags & LOCK_DIE_ON_ERROR)
				die("cannot open '%s' for copying", path);
			rollback_lock_file(lk);
			return error("cannot open '%s' for copying", path);
		}
	} else if (copy_fd(orig_fd, fd)) {
		if (flags & LOCK_DIE_ON_ERROR)
			exit(128);
		rollback_lock_file(lk);
		return -1;
	}
	return fd;
}

int close_lock_file(struct lock_file *lk)
{
	int fd = lk->fd;

	if (fd < 0)
		return 0;

	lk->fd = -1;
	if (close(fd)) {
		int save_errno = errno;
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}
	return 0;
}

int reopen_lock_file(struct lock_file *lk)
{
	if (0 <= lk->fd)
		die(_("BUG: reopen a lockfile that is still open"));
	if (!lk->filename[0])
		die(_("BUG: reopen a lockfile that has been committed"));
	lk->fd = open(lk->filename, O_WRONLY);
	return lk->fd;
}

int commit_lock_file(struct lock_file *lk)
{
	char result_file[PATH_MAX];

	if (!lk->filename[0])
		die("BUG: attempt to commit unlocked object");

	if (close_lock_file(lk))
		return -1;

	strcpy(result_file, lk->filename);
	/* remove ".lock": */
	result_file[strlen(result_file) - LOCK_SUFFIX_LEN] = 0;

	if (rename(lk->filename, result_file))
		return -1;
	lk->filename[0] = 0;
	return 0;
}

int hold_locked_index(struct lock_file *lk, int die_on_error)
{
	return hold_lock_file_for_update(lk, get_index_file(),
					 die_on_error
					 ? LOCK_DIE_ON_ERROR
					 : 0);
}

void rollback_lock_file(struct lock_file *lk)
{
	if (!lk->filename[0])
		return;

	if (!close_lock_file(lk)) {
		unlink_or_warn(lk->filename);
		lk->filename[0] = 0;
	}
}
Commit	Line	Data
021b6e45 JH	1	/*
	2	* Copyright (c) 2005, Junio C Hamano
	3	*/
021b6e45	4	#include "cache.h"
4a16d072	5	#include "sigchain.h"
021b6e45	6
0a06f148 MH	7	/*
	8	* File write-locks as used by Git.
	9	*
	10	* For an overview of how to use the lockfile API, please see
	11	*
	12	* Documentation/technical/api-lockfile.txt
	13	*
	14	* This module keeps track of all locked files in lock_file_list for
	15	* use at cleanup. This list and the lock_file objects that comprise
	16	* it must be kept in self-consistent states at all time, because the
	17	* program can be interrupted any time by a signal, in which case the
	18	* signal handler will walk through the list attempting to clean up
	19	* any open lock files.
	20	*
	21	* A lockfile is owned by the process that created it. The lock_file
	22	* object has an "owner" field that records its owner. This field is
	23	* used to prevent a forked process from closing a lockfile created by
	24	* its parent.
	25	*
	26	* A lock_file object can be in several states:
	27	*
	28	* - Uninitialized. In this state the object's on_list field must be
	29	* zero but the rest of its contents need not be initialized. As
	30	* soon as the object is used in any way, it is irrevocably
	31	* registered in the lock_file_list, and on_list is set.
	32	*
	33	* - Locked, lockfile open (after hold_lock_file_for_update(),
	34	* hold_lock_file_for_append(), or reopen_lock_file()). In this
	35	* state, the lockfile exists, filename holds the filename of the
	36	* lockfile, fd holds a file descriptor open for writing to the
	37	* lockfile, and owner holds the PID of the process that locked the
	38	* file.
	39	*
8e86c155 MH	40	* - Locked, lockfile closed (after successful close_lock_file()).
	41	* Same as the previous state, except that the lockfile is closed
	42	* and fd is -1.
0a06f148	43	*
8e86c155 MH	44	* - Unlocked (after commit_lock_file(), rollback_lock_file(), a
	45	* failed attempt to lock, or a failed close_lock_file()). In this
	46	* state, filename[0] == '\0' and fd is -1. The object is left
	47	* registered in the lock_file_list, and on_list is set.
0a06f148 MH	48	*/
0a06f148 MH	49
021b6e45 JH	50	static struct lock_file *lock_file_list;
	51
	52	static void remove_lock_file(void)
	53	{
5e635e39 JH	54	pid_t me = getpid();
5e635e39 JH	55
021b6e45	56	while (lock_file_list) {
a1754bcc MH	57	if (lock_file_list->owner == me)
a1754bcc MH	58	rollback_lock_file(lock_file_list);
021b6e45 JH	59	lock_file_list = lock_file_list->next;
	60	}
	61	}
	62
	63	static void remove_lock_file_on_signal(int signo)
	64	{
	65	remove_lock_file();
4a16d072	66	sigchain_pop(signo);
021b6e45 JH	67	raise(signo);
	68	}
	69
5d5a7a67 BS	70	/*
	71	* p = absolute or relative path name
	72	*
	73	* Return a pointer into p showing the beginning of the last path name
	74	* element. If p is empty or the root directory ("/"), just return p.
	75	*/
	76	static char last_path_elm(char p)
	77	{
	78	/* r starts pointing to null at the end of the string */
	79	char *r = strchr(p, '\0');
	80
	81	if (r == p)
	82	return p; /* just return empty string */
	83
	84	r--; /* back up to last non-null character */
	85
	86	/* back up past trailing slashes, if any */
	87	while (r > p && *r == '/')
	88	r--;
	89
	90	/*
	91	* then go backwards until I hit a slash, or the beginning of
	92	* the string
	93	*/
	94	while (r > p && *(r-1) != '/')
	95	r--;
	96	return r;
	97	}
	98
	99
	100	/* We allow "recursive" symbolic links. Only within reason, though */
	101	#define MAXDEPTH 5
	102
	103	/*
	104	* p = path that may be a symlink
	105	* s = full size of p
	106	*
	107	* If p is a symlink, attempt to overwrite p with a path to the real
	108	* file or directory (which may or may not exist), following a chain of
	109	* symlinks if necessary. Otherwise, leave p unmodified.
	110	*
	111	* This is a best-effort routine. If an error occurs, p will either be
	112	* left unmodified or will name a different symlink in a symlink chain
	113	* that started with p's initial contents.
	114	*
	115	* Always returns p.
	116	*/
	117
	118	static char resolve_symlink(char p, size_t s)
	119	{
	120	int depth = MAXDEPTH;
	121
	122	while (depth--) {
	123	char link[PATH_MAX];
	124	int link_len = readlink(p, link, sizeof(link));
	125	if (link_len < 0) {
	126	/* not a symlink anymore */
	127	return p;
	128	}
	129	else if (link_len < sizeof(link))
	130	/* readlink() never null-terminates */
	131	link[link_len] = '\0';
	132	else {
	133	warning("%s: symlink too long", p);
134	return p;
135	}
136
ecf4831d	137	if (is_absolute_path(link)) {
5d5a7a67 BS	138	/* absolute path simply replaces p */
	139	if (link_len < s)
	140	strcpy(p, link);
	141	else {
	142	warning("%s: symlink too long", p);
	143	return p;
	144	}
	145	} else {
	146	/*
	147	* link is a relative path, so I must replace the
	148	* last element of p with it.
	149	*/
4b25d091	150	char r = (char )last_path_elm(p);
5d5a7a67 BS	151	if (r - p + link_len < s)
	152	strcpy(r, link);
	153	else {
	154	warning("%s: symlink too long", p);
	155	return p;
	156	}
	157	}
	158	}
	159	return p;
	160	}
	161
447ff1bf	162	/* Make sure errno contains a meaningful value on error */
acd3b9ec	163	static int lock_file(struct lock_file lk, const char path, int flags)
021b6e45	164	{
5d5a7a67	165	/*
7108ad23 MH	166	* subtract LOCK_SUFFIX_LEN from size to make sure there's
7108ad23 MH	167	* room for adding ".lock" for the lock file name:
5d5a7a67	168	*/
7108ad23 MH	169	static const size_t max_path_len = sizeof(lk->filename) -
7108ad23 MH	170	LOCK_SUFFIX_LEN;
2fbd4f92	171
04e57d4d MH	172	if (!lock_file_list) {
	173	/* One-time initialization */
	174	sigchain_push_common(remove_lock_file_on_signal);
	175	atexit(remove_lock_file);
	176	}
	177
	178	if (!lk->on_list) {
	179	/* Initialize lk and add it to lock_file_list: /
	180	lk->fd = -1;
	181	lk->owner = 0;
	182	lk->filename[0] = 0;
	183	lk->next = lock_file_list;
	184	lock_file_list = lk;
	185	lk->on_list = 1;
	186	}
	187
447ff1bf RS	188	if (strlen(path) >= max_path_len) {
447ff1bf RS	189	errno = ENAMETOOLONG;
2fbd4f92	190	return -1;
447ff1bf	191	}
2fbd4f92	192	strcpy(lk->filename, path);
acd3b9ec	193	if (!(flags & LOCK_NODEREF))
2fbd4f92	194	resolve_symlink(lk->filename, max_path_len);
7108ad23	195	strcat(lk->filename, LOCK_SUFFIX);
4723ee99	196	lk->fd = open(lk->filename, O_RDWR \| O_CREAT \| O_EXCL, 0666);
e31e949b	197	if (lk->fd < 0) {
1084b845	198	lk->filename[0] = 0;
e31e949b MH	199	return -1;
	200	}
	201	lk->owner = getpid();
	202	if (adjust_shared_perm(lk->filename)) {
	203	int save_errno = errno;
	204	error("cannot fix permission bits on %s", lk->filename);
	205	rollback_lock_file(lk);
	206	errno = save_errno;
	207	return -1;
	208	}
4723ee99	209	return lk->fd;
021b6e45 JH	210	}
021b6e45 JH	211
6af926e8	212	void unable_to_lock_message(const char path, int err, struct strbuf buf)
e43a6fd3	213	{
bdfd739d	214	if (err == EEXIST) {
6af926e8	215	strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
e43a6fd3 MM	216	"If no other git process is currently running, this probably means a\n"
	217	"git process crashed in this repository earlier. Make sure no other git\n"
	218	"process is running and remove the file manually to continue.",
e2a57aac	219	absolute_path(path), strerror(err));
1b018fd9	220	} else
6af926e8	221	strbuf_addf(buf, "Unable to create '%s.lock': %s",
e2a57aac	222	absolute_path(path), strerror(err));
1b018fd9 MV	223	}
	224
	225	int unable_to_lock_error(const char *path, int err)
	226	{
6af926e8 RS	227	struct strbuf buf = STRBUF_INIT;
	228
	229	unable_to_lock_message(path, err, &buf);
	230	error("%s", buf.buf);
	231	strbuf_release(&buf);
1b018fd9 MV	232	return -1;
	233	}
	234
e197c218	235	NORETURN void unable_to_lock_die(const char *path, int err)
1b018fd9	236	{
6af926e8 RS	237	struct strbuf buf = STRBUF_INIT;
	238
	239	unable_to_lock_message(path, err, &buf);
	240	die("%s", buf.buf);
e43a6fd3 MM	241	}
e43a6fd3 MM	242
447ff1bf	243	/* This should return a meaningful errno on failure */
acd3b9ec	244	int hold_lock_file_for_update(struct lock_file lk, const char path, int flags)
40aaae88	245	{
acd3b9ec JH	246	int fd = lock_file(lk, path, flags);
acd3b9ec JH	247	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
e197c218	248	unable_to_lock_die(path, errno);
40aaae88 JH	249	return fd;
	250	}
	251
acd3b9ec	252	int hold_lock_file_for_append(struct lock_file lk, const char path, int flags)
ea3cd5c7 DB	253	{
	254	int fd, orig_fd;
	255
acd3b9ec	256	fd = lock_file(lk, path, flags);
ea3cd5c7	257	if (fd < 0) {
acd3b9ec	258	if (flags & LOCK_DIE_ON_ERROR)
e197c218	259	unable_to_lock_die(path, errno);
ea3cd5c7 DB	260	return fd;
	261	}
	262
	263	orig_fd = open(path, O_RDONLY);
	264	if (orig_fd < 0) {
	265	if (errno != ENOENT) {
acd3b9ec	266	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	267	die("cannot open '%s' for copying", path);
ebb8e380	268	rollback_lock_file(lk);
ea3cd5c7 DB	269	return error("cannot open '%s' for copying", path);
	270	}
	271	} else if (copy_fd(orig_fd, fd)) {
acd3b9ec	272	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	273	exit(128);
ebb8e380	274	rollback_lock_file(lk);
ea3cd5c7 DB	275	return -1;
	276	}
	277	return fd;
	278	}
	279
d6cf61bf BC	280	int close_lock_file(struct lock_file *lk)
	281	{
	282	int fd = lk->fd;
419f0c0f MH	283
	284	if (fd < 0)
	285	return 0;
	286
d6cf61bf	287	lk->fd = -1;
8e86c155 MH	288	if (close(fd)) {
	289	int save_errno = errno;
	290	rollback_lock_file(lk);
	291	errno = save_errno;
	292	return -1;
	293	}
	294	return 0;
d6cf61bf BC	295	}
d6cf61bf BC	296
93dcaea2 JH	297	int reopen_lock_file(struct lock_file *lk)
	298	{
	299	if (0 <= lk->fd)
	300	die(_("BUG: reopen a lockfile that is still open"));
	301	if (!lk->filename[0])
	302	die(_("BUG: reopen a lockfile that has been committed"));
	303	lk->fd = open(lk->filename, O_WRONLY);
	304	return lk->fd;
	305	}
	306
021b6e45 JH	307	int commit_lock_file(struct lock_file *lk)
	308	{
	309	char result_file[PATH_MAX];
4f4713df	310
8a1c7533 MH	311	if (!lk->filename[0])
	312	die("BUG: attempt to commit unlocked object");
	313
419f0c0f	314	if (close_lock_file(lk))
d6cf61bf	315	return -1;
4f4713df	316
021b6e45	317	strcpy(result_file, lk->filename);
4f4713df MH	318	/* remove ".lock": */
	319	result_file[strlen(result_file) - LOCK_SUFFIX_LEN] = 0;
	320
d6cf61bf BC	321	if (rename(lk->filename, result_file))
d6cf61bf BC	322	return -1;
021b6e45	323	lk->filename[0] = 0;
d6cf61bf	324	return 0;
021b6e45 JH	325	}
021b6e45 JH	326
30ca07a2 JH	327	int hold_locked_index(struct lock_file *lk, int die_on_error)
30ca07a2 JH	328	{
acd3b9ec JH	329	return hold_lock_file_for_update(lk, get_index_file(),
	330	die_on_error
	331	? LOCK_DIE_ON_ERROR
	332	: 0);
30ca07a2 JH	333	}
30ca07a2 JH	334
021b6e45 JH	335	void rollback_lock_file(struct lock_file *lk)
021b6e45 JH	336	{
9085f8e2 MH	337	if (!lk->filename[0])
	338	return;
	339
8e86c155 MH	340	if (!close_lock_file(lk)) {
	341	unlink_or_warn(lk->filename);
	342	lk->filename[0] = 0;
	343	}
021b6e45	344	}