[thirdparty/git.git] / lockfile.c

/*
 * Copyright (c) 2005, Junio C Hamano
 */

/*
 * State diagram and cleanup
 * -------------------------
 *
 * This module keeps track of all locked files in `lock_file_list` for
 * use at cleanup. This list and the `lock_file` objects that comprise
 * it must be kept in self-consistent states at all time, because the
 * program can be interrupted any time by a signal, in which case the
 * signal handler will walk through the list attempting to clean up
 * any open lock files.
 *
 * The possible states of a `lock_file` object are as follows:
 *
 * - Uninitialized. In this state the object's `on_list` field must be
 *   zero but the rest of its contents need not be initialized. As
 *   soon as the object is used in any way, it is irrevocably
 *   registered in `lock_file_list`, and `on_list` is set.
 *
 * - Locked, lockfile open (after `hold_lock_file_for_update()`,
 *   `hold_lock_file_for_append()`, or `reopen_lock_file()`). In this
 *   state:
 *
 *   - the lockfile exists
 *   - `active` is set
 *   - `filename` holds the filename of the lockfile
 *   - `fd` holds a file descriptor open for writing to the lockfile
 *   - `fp` holds a pointer to an open `FILE` object if and only if
 *     `fdopen_lock_file()` has been called on the object
 *   - `owner` holds the PID of the process that locked the file
 *
 * - Locked, lockfile closed (after successful `close_lock_file()`).
 *   Same as the previous state, except that the lockfile is closed
 *   and `fd` is -1.
 *
 * - Unlocked (after `commit_lock_file()`, `commit_lock_file_to()`,
 *   `rollback_lock_file()`, a failed attempt to lock, or a failed
 *   `close_lock_file()`).  In this state:
 *
 *   - `active` is unset
 *   - `filename` is empty (usually, though there are transitory
 *     states in which this condition doesn't hold). Client code should
 *     *not* rely on the filename being empty in this state.
 *   - `fd` is -1
 *   - the object is left registered in the `lock_file_list`, and
 *     `on_list` is set.
 *
 * A lockfile is owned by the process that created it. The `lock_file`
 * has an `owner` field that records the owner's PID. This field is
 * used to prevent a forked process from closing a lockfile created by
 * its parent.
 */

#include "cache.h"
#include "lockfile.h"
#include "sigchain.h"

static struct lock_file *volatile lock_file_list;

static void remove_lock_files(int skip_fclose)
{
	pid_t me = getpid();

	while (lock_file_list) {
		if (lock_file_list->owner == me) {
			/* fclose() is not safe to call in a signal handler */
			if (skip_fclose)
				lock_file_list->fp = NULL;
			rollback_lock_file(lock_file_list);
		}
		lock_file_list = lock_file_list->next;
	}
}

static void remove_lock_files_on_exit(void)
{
	remove_lock_files(0);
}

static void remove_lock_files_on_signal(int signo)
{
	remove_lock_files(1);
	sigchain_pop(signo);
	raise(signo);
}

/*
 * path = absolute or relative path name
 *
 * Remove the last path name element from path (leaving the preceding
 * "/", if any).  If path is empty or the root directory ("/"), set
 * path to the empty string.
 */
static void trim_last_path_component(struct strbuf *path)
{
	int i = path->len;

	/* back up past trailing slashes, if any */
	while (i && path->buf[i - 1] == '/')
		i--;

	/*
	 * then go backwards until a slash, or the beginning of the
	 * string
	 */
	while (i && path->buf[i - 1] != '/')
		i--;

	strbuf_setlen(path, i);
}


/* We allow "recursive" symbolic links. Only within reason, though */
#define MAXDEPTH 5

/*
 * path contains a path that might be a symlink.
 *
 * If path is a symlink, attempt to overwrite it with a path to the
 * real file or directory (which may or may not exist), following a
 * chain of symlinks if necessary.  Otherwise, leave path unmodified.
 *
 * This is a best-effort routine.  If an error occurs, path will
 * either be left unmodified or will name a different symlink in a
 * symlink chain that started with the original path.
 */
static void resolve_symlink(struct strbuf *path)
{
	int depth = MAXDEPTH;
	static struct strbuf link = STRBUF_INIT;

	while (depth--) {
		if (strbuf_readlink(&link, path->buf, path->len) < 0)
			break;

		if (is_absolute_path(link.buf))
			/* absolute path simply replaces p */
			strbuf_reset(path);
		else
			/*
			 * link is a relative path, so replace the
			 * last element of p with it.
			 */
			trim_last_path_component(path);

		strbuf_addbuf(path, &link);
	}
	strbuf_reset(&link);
}

/* Make sure errno contains a meaningful value on error */
static int lock_file(struct lock_file *lk, const char *path, int flags)
{
	size_t pathlen = strlen(path);

	if (!lock_file_list) {
		/* One-time initialization */
		sigchain_push_common(remove_lock_files_on_signal);
		atexit(remove_lock_files_on_exit);
	}

	if (lk->active)
		die("BUG: cannot lock_file(\"%s\") using active struct lock_file",
		    path);
	if (!lk->on_list) {
		/* Initialize *lk and add it to lock_file_list: */
		lk->fd = -1;
		lk->fp = NULL;
		lk->active = 0;
		lk->owner = 0;
		strbuf_init(&lk->filename, pathlen + LOCK_SUFFIX_LEN);
		lk->next = lock_file_list;
		lock_file_list = lk;
		lk->on_list = 1;
	} else if (lk->filename.len) {
		/* This shouldn't happen, but better safe than sorry. */
		die("BUG: lock_file(\"%s\") called with improperly-reset lock_file object",
		    path);
	}

	if (flags & LOCK_NO_DEREF) {
		strbuf_add_absolute_path(&lk->filename, path);
	} else {
		struct strbuf resolved_path = STRBUF_INIT;

		strbuf_add(&resolved_path, path, pathlen);
		resolve_symlink(&resolved_path);
		strbuf_add_absolute_path(&lk->filename, resolved_path.buf);
		strbuf_release(&resolved_path);
	}

	strbuf_addstr(&lk->filename, LOCK_SUFFIX);
	lk->fd = open(lk->filename.buf, O_RDWR | O_CREAT | O_EXCL, 0666);
	if (lk->fd < 0) {
		strbuf_reset(&lk->filename);
		return -1;
	}
	lk->owner = getpid();
	lk->active = 1;
	if (adjust_shared_perm(lk->filename.buf)) {
		int save_errno = errno;
		error("cannot fix permission bits on %s", lk->filename.buf);
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}
	return lk->fd;
}

static int sleep_microseconds(long us)
{
	struct timeval tv;
	tv.tv_sec = 0;
	tv.tv_usec = us;
	return select(0, NULL, NULL, NULL, &tv);
}

/*
 * Constants defining the gaps between attempts to lock a file. The
 * first backoff period is approximately INITIAL_BACKOFF_MS
 * milliseconds. The longest backoff period is approximately
 * (BACKOFF_MAX_MULTIPLIER * INITIAL_BACKOFF_MS) milliseconds.
 */
#define INITIAL_BACKOFF_MS 1L
#define BACKOFF_MAX_MULTIPLIER 1000

/*
 * Try locking path, retrying with quadratic backoff for at least
 * timeout_ms milliseconds. If timeout_ms is 0, try locking the file
 * exactly once. If timeout_ms is -1, try indefinitely.
 */
static int lock_file_timeout(struct lock_file *lk, const char *path,
			     int flags, long timeout_ms)
{
	int n = 1;
	int multiplier = 1;
	long remaining_us = 0;
	static int random_initialized = 0;

	if (timeout_ms == 0)
		return lock_file(lk, path, flags);

	if (!random_initialized) {
		srandom((unsigned int)getpid());
		random_initialized = 1;
	}

	if (timeout_ms > 0) {
		/* avoid overflow */
		if (timeout_ms <= LONG_MAX / 1000)
			remaining_us = timeout_ms * 1000;
		else
			remaining_us = LONG_MAX;
	}

	while (1) {
		long backoff_ms, wait_us;
		int fd;

		fd = lock_file(lk, path, flags);

		if (fd >= 0)
			return fd; /* success */
		else if (errno != EEXIST)
			return -1; /* failure other than lock held */
		else if (timeout_ms > 0 && remaining_us <= 0)
			return -1; /* failure due to timeout */

		backoff_ms = multiplier * INITIAL_BACKOFF_MS;
		/* back off for between 0.75*backoff_ms and 1.25*backoff_ms */
		wait_us = (750 + random() % 500) * backoff_ms;
		sleep_microseconds(wait_us);
		remaining_us -= wait_us;

		/* Recursion: (n+1)^2 = n^2 + 2n + 1 */
		multiplier += 2*n + 1;
		if (multiplier > BACKOFF_MAX_MULTIPLIER)
			multiplier = BACKOFF_MAX_MULTIPLIER;
		else
			n++;
	}
}

void unable_to_lock_message(const char *path, int err, struct strbuf *buf)
{
	if (err == EEXIST) {
		strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
		    "If no other git process is currently running, this probably means a\n"
		    "git process crashed in this repository earlier. Make sure no other git\n"
		    "process is running and remove the file manually to continue.",
			    absolute_path(path), strerror(err));
	} else
		strbuf_addf(buf, "Unable to create '%s.lock': %s",
			    absolute_path(path), strerror(err));
}

NORETURN void unable_to_lock_die(const char *path, int err)
{
	struct strbuf buf = STRBUF_INIT;

	unable_to_lock_message(path, err, &buf);
	die("%s", buf.buf);
}

/* This should return a meaningful errno on failure */
int hold_lock_file_for_update_timeout(struct lock_file *lk, const char *path,
				      int flags, long timeout_ms)
{
	int fd = lock_file_timeout(lk, path, flags, timeout_ms);
	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
		unable_to_lock_die(path, errno);
	return fd;
}

int hold_lock_file_for_append(struct lock_file *lk, const char *path, int flags)
{
	int fd, orig_fd;

	fd = lock_file(lk, path, flags);
	if (fd < 0) {
		if (flags & LOCK_DIE_ON_ERROR)
			unable_to_lock_die(path, errno);
		return fd;
	}

	orig_fd = open(path, O_RDONLY);
	if (orig_fd < 0) {
		if (errno != ENOENT) {
			int save_errno = errno;

			if (flags & LOCK_DIE_ON_ERROR)
				die("cannot open '%s' for copying", path);
			rollback_lock_file(lk);
			error("cannot open '%s' for copying", path);
			errno = save_errno;
			return -1;
		}
	} else if (copy_fd(orig_fd, fd)) {
		int save_errno = errno;

		if (flags & LOCK_DIE_ON_ERROR)
			die("failed to prepare '%s' for appending", path);
		close(orig_fd);
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	} else {
		close(orig_fd);
	}
	return fd;
}

FILE *fdopen_lock_file(struct lock_file *lk, const char *mode)
{
	if (!lk->active)
		die("BUG: fdopen_lock_file() called for unlocked object");
	if (lk->fp)
		die("BUG: fdopen_lock_file() called twice for file '%s'", lk->filename.buf);

	lk->fp = fdopen(lk->fd, mode);
	return lk->fp;
}

const char *get_lock_file_path(struct lock_file *lk)
{
	if (!lk->active)
		die("BUG: get_lock_file_path() called for unlocked object");
	return lk->filename.buf;
}

int get_lock_file_fd(struct lock_file *lk)
{
	if (!lk->active)
		die("BUG: get_lock_file_fd() called for unlocked object");
	return lk->fd;
}

FILE *get_lock_file_fp(struct lock_file *lk)
{
	if (!lk->active)
		die("BUG: get_lock_file_fp() called for unlocked object");
	return lk->fp;
}

char *get_locked_file_path(struct lock_file *lk)
{
	if (!lk->active)
		die("BUG: get_locked_file_path() called for unlocked object");
	if (lk->filename.len <= LOCK_SUFFIX_LEN)
		die("BUG: get_locked_file_path() called for malformed lock object");
	return xmemdupz(lk->filename.buf, lk->filename.len - LOCK_SUFFIX_LEN);
}

int close_lock_file(struct lock_file *lk)
{
	int fd = lk->fd;
	FILE *fp = lk->fp;
	int err;

	if (fd < 0)
		return 0;

	lk->fd = -1;
	if (fp) {
		lk->fp = NULL;

		/*
		 * Note: no short-circuiting here; we want to fclose()
		 * in any case!
		 */
		err = ferror(fp) | fclose(fp);
	} else {
		err = close(fd);
	}

	if (err) {
		int save_errno = errno;
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}

	return 0;
}

int reopen_lock_file(struct lock_file *lk)
{
	if (0 <= lk->fd)
		die(_("BUG: reopen a lockfile that is still open"));
	if (!lk->active)
		die(_("BUG: reopen a lockfile that has been committed"));
	lk->fd = open(lk->filename.buf, O_WRONLY);
	return lk->fd;
}

int commit_lock_file_to(struct lock_file *lk, const char *path)
{
	if (!lk->active)
		die("BUG: attempt to commit unlocked object to \"%s\"", path);

	if (close_lock_file(lk))
		return -1;

	if (rename(lk->filename.buf, path)) {
		int save_errno = errno;
		rollback_lock_file(lk);
		errno = save_errno;
		return -1;
	}

	lk->active = 0;
	strbuf_reset(&lk->filename);
	return 0;
}

int commit_lock_file(struct lock_file *lk)
{
	static struct strbuf result_file = STRBUF_INIT;
	int err;

	if (!lk->active)
		die("BUG: attempt to commit unlocked object");

	if (lk->filename.len <= LOCK_SUFFIX_LEN ||
	    strcmp(lk->filename.buf + lk->filename.len - LOCK_SUFFIX_LEN, LOCK_SUFFIX))
		die("BUG: lockfile filename corrupt");

	/* remove ".lock": */
	strbuf_add(&result_file, lk->filename.buf,
		   lk->filename.len - LOCK_SUFFIX_LEN);
	err = commit_lock_file_to(lk, result_file.buf);
	strbuf_reset(&result_file);
	return err;
}

void rollback_lock_file(struct lock_file *lk)
{
	if (!lk->active)
		return;

	if (!close_lock_file(lk)) {
		unlink_or_warn(lk->filename.buf);
		lk->active = 0;
		strbuf_reset(&lk->filename);
	}
}
Commit	Line	Data
021b6e45 JH	1	/*
	2	* Copyright (c) 2005, Junio C Hamano
	3	*/
2db69de8 MH	4
	5	/*
	6	* State diagram and cleanup
	7	* -------------------------
	8	*
	9	* This module keeps track of all locked files in `lock_file_list` for
	10	* use at cleanup. This list and the `lock_file` objects that comprise
	11	* it must be kept in self-consistent states at all time, because the
	12	* program can be interrupted any time by a signal, in which case the
	13	* signal handler will walk through the list attempting to clean up
	14	* any open lock files.
	15	*
	16	* The possible states of a `lock_file` object are as follows:
	17	*
	18	* - Uninitialized. In this state the object's `on_list` field must be
	19	* zero but the rest of its contents need not be initialized. As
	20	* soon as the object is used in any way, it is irrevocably
	21	* registered in `lock_file_list`, and `on_list` is set.
	22	*
	23	* - Locked, lockfile open (after `hold_lock_file_for_update()`,
	24	* `hold_lock_file_for_append()`, or `reopen_lock_file()`). In this
	25	* state:
	26	*
	27	* - the lockfile exists
	28	* - `active` is set
	29	* - `filename` holds the filename of the lockfile
	30	* - `fd` holds a file descriptor open for writing to the lockfile
	31	* - `fp` holds a pointer to an open `FILE` object if and only if
	32	* `fdopen_lock_file()` has been called on the object
	33	* - `owner` holds the PID of the process that locked the file
	34	*
	35	* - Locked, lockfile closed (after successful `close_lock_file()`).
	36	* Same as the previous state, except that the lockfile is closed
	37	* and `fd` is -1.
	38	*
	39	* - Unlocked (after `commit_lock_file()`, `commit_lock_file_to()`,
	40	* `rollback_lock_file()`, a failed attempt to lock, or a failed
	41	* `close_lock_file()`). In this state:
	42	*
	43	* - `active` is unset
	44	* - `filename` is empty (usually, though there are transitory
	45	* states in which this condition doesn't hold). Client code should
	46	* not rely on the filename being empty in this state.
	47	* - `fd` is -1
	48	* - the object is left registered in the `lock_file_list`, and
	49	* `on_list` is set.
	50	*
	51	* A lockfile is owned by the process that created it. The `lock_file`
	52	* has an `owner` field that records the owner's PID. This field is
	53	* used to prevent a forked process from closing a lockfile created by
	54	* its parent.
	55	*/
	56
021b6e45	57	#include "cache.h"
697cc8ef	58	#include "lockfile.h"
4a16d072	59	#include "sigchain.h"
021b6e45	60
2091c506	61	static struct lock_file *volatile lock_file_list;
021b6e45	62
013870cd	63	static void remove_lock_files(int skip_fclose)
021b6e45	64	{
5e635e39 JH	65	pid_t me = getpid();
5e635e39 JH	66
021b6e45	67	while (lock_file_list) {
013870cd MH	68	if (lock_file_list->owner == me) {
	69	/* fclose() is not safe to call in a signal handler */
	70	if (skip_fclose)
	71	lock_file_list->fp = NULL;
a1754bcc	72	rollback_lock_file(lock_file_list);
013870cd	73	}
021b6e45 JH	74	lock_file_list = lock_file_list->next;
	75	}
	76	}
	77
013870cd MH	78	static void remove_lock_files_on_exit(void)
	79	{
	80	remove_lock_files(0);
	81	}
	82
316683bd	83	static void remove_lock_files_on_signal(int signo)
021b6e45	84	{
013870cd	85	remove_lock_files(1);
4a16d072	86	sigchain_pop(signo);
021b6e45 JH	87	raise(signo);
	88	}
	89
5d5a7a67	90	/*
0c0d6e86	91	* path = absolute or relative path name
5d5a7a67	92	*
0c0d6e86 MH	93	* Remove the last path name element from path (leaving the preceding
	94	* "/", if any). If path is empty or the root directory ("/"), set
	95	* path to the empty string.
5d5a7a67	96	*/
0c0d6e86	97	static void trim_last_path_component(struct strbuf *path)
5d5a7a67	98	{
0c0d6e86	99	int i = path->len;
5d5a7a67 BS	100
5d5a7a67 BS	101	/* back up past trailing slashes, if any */
0c0d6e86 MH	102	while (i && path->buf[i - 1] == '/')
0c0d6e86 MH	103	i--;
5d5a7a67 BS	104
5d5a7a67 BS	105	/*
0c0d6e86 MH	106	* then go backwards until a slash, or the beginning of the
0c0d6e86 MH	107	* string
5d5a7a67	108	*/
0c0d6e86 MH	109	while (i && path->buf[i - 1] != '/')
	110	i--;
	111
	112	strbuf_setlen(path, i);
5d5a7a67 BS	113	}
	114
	115
	116	/* We allow "recursive" symbolic links. Only within reason, though */
	117	#define MAXDEPTH 5
	118
	119	/*
6cad8053	120	* path contains a path that might be a symlink.
5d5a7a67	121	*
6cad8053 MH	122	* If path is a symlink, attempt to overwrite it with a path to the
	123	* real file or directory (which may or may not exist), following a
	124	* chain of symlinks if necessary. Otherwise, leave path unmodified.
5d5a7a67	125	*
6cad8053 MH	126	* This is a best-effort routine. If an error occurs, path will
	127	* either be left unmodified or will name a different symlink in a
	128	* symlink chain that started with the original path.
5d5a7a67	129	*/
6cad8053	130	static void resolve_symlink(struct strbuf *path)
5d5a7a67 BS	131	{
5d5a7a67 BS	132	int depth = MAXDEPTH;
5025d845	133	static struct strbuf link = STRBUF_INIT;
5d5a7a67 BS	134
5d5a7a67 BS	135	while (depth--) {
6cad8053	136	if (strbuf_readlink(&link, path->buf, path->len) < 0)
5025d845	137	break;
5d5a7a67	138
6cad8053	139	if (is_absolute_path(link.buf))
5d5a7a67	140	/* absolute path simply replaces p */
6cad8053	141	strbuf_reset(path);
0c0d6e86	142	else
5d5a7a67	143	/*
5025d845	144	* link is a relative path, so replace the
5d5a7a67 BS	145	* last element of p with it.
5d5a7a67 BS	146	*/
0c0d6e86	147	trim_last_path_component(path);
6cad8053 MH	148
6cad8053 MH	149	strbuf_addbuf(path, &link);
5d5a7a67	150	}
5025d845	151	strbuf_reset(&link);
5d5a7a67 BS	152	}
5d5a7a67 BS	153
447ff1bf	154	/* Make sure errno contains a meaningful value on error */
acd3b9ec	155	static int lock_file(struct lock_file lk, const char path, int flags)
021b6e45	156	{
6cad8053	157	size_t pathlen = strlen(path);
2fbd4f92	158
04e57d4d MH	159	if (!lock_file_list) {
04e57d4d MH	160	/* One-time initialization */
316683bd	161	sigchain_push_common(remove_lock_files_on_signal);
013870cd	162	atexit(remove_lock_files_on_exit);
04e57d4d MH	163	}
04e57d4d MH	164
707103fd MH	165	if (lk->active)
	166	die("BUG: cannot lock_file(\"%s\") using active struct lock_file",
	167	path);
04e57d4d MH	168	if (!lk->on_list) {
	169	/* Initialize lk and add it to lock_file_list: /
	170	lk->fd = -1;
013870cd	171	lk->fp = NULL;
707103fd	172	lk->active = 0;
04e57d4d	173	lk->owner = 0;
6cad8053	174	strbuf_init(&lk->filename, pathlen + LOCK_SUFFIX_LEN);
04e57d4d MH	175	lk->next = lock_file_list;
	176	lock_file_list = lk;
	177	lk->on_list = 1;
cf6950d3 MH	178	} else if (lk->filename.len) {
	179	/* This shouldn't happen, but better safe than sorry. */
	180	die("BUG: lock_file(\"%s\") called with improperly-reset lock_file object",
	181	path);
04e57d4d MH	182	}
04e57d4d MH	183
fa137f67 NTND	184	if (flags & LOCK_NO_DEREF) {
	185	strbuf_add_absolute_path(&lk->filename, path);
	186	} else {
	187	struct strbuf resolved_path = STRBUF_INIT;
	188
	189	strbuf_add(&resolved_path, path, pathlen);
	190	resolve_symlink(&resolved_path);
	191	strbuf_add_absolute_path(&lk->filename, resolved_path.buf);
	192	strbuf_release(&resolved_path);
	193	}
	194
cf6950d3 MH	195	strbuf_addstr(&lk->filename, LOCK_SUFFIX);
cf6950d3 MH	196	lk->fd = open(lk->filename.buf, O_RDWR \| O_CREAT \| O_EXCL, 0666);
e31e949b	197	if (lk->fd < 0) {
cf6950d3	198	strbuf_reset(&lk->filename);
2fbd4f92	199	return -1;
447ff1bf	200	}
e31e949b	201	lk->owner = getpid();
707103fd	202	lk->active = 1;
cf6950d3	203	if (adjust_shared_perm(lk->filename.buf)) {
e31e949b	204	int save_errno = errno;
cf6950d3	205	error("cannot fix permission bits on %s", lk->filename.buf);
e31e949b MH	206	rollback_lock_file(lk);
	207	errno = save_errno;
	208	return -1;
021b6e45	209	}
4723ee99	210	return lk->fd;
021b6e45 JH	211	}
021b6e45 JH	212
044b6a9e MH	213	static int sleep_microseconds(long us)
	214	{
	215	struct timeval tv;
	216	tv.tv_sec = 0;
	217	tv.tv_usec = us;
	218	return select(0, NULL, NULL, NULL, &tv);
	219	}
	220
	221	/*
	222	* Constants defining the gaps between attempts to lock a file. The
	223	* first backoff period is approximately INITIAL_BACKOFF_MS
	224	* milliseconds. The longest backoff period is approximately
	225	* (BACKOFF_MAX_MULTIPLIER * INITIAL_BACKOFF_MS) milliseconds.
	226	*/
	227	#define INITIAL_BACKOFF_MS 1L
	228	#define BACKOFF_MAX_MULTIPLIER 1000
	229
	230	/*
	231	* Try locking path, retrying with quadratic backoff for at least
	232	* timeout_ms milliseconds. If timeout_ms is 0, try locking the file
	233	* exactly once. If timeout_ms is -1, try indefinitely.
	234	*/
	235	static int lock_file_timeout(struct lock_file lk, const char path,
	236	int flags, long timeout_ms)
	237	{
	238	int n = 1;
	239	int multiplier = 1;
	240	long remaining_us = 0;
	241	static int random_initialized = 0;
	242
	243	if (timeout_ms == 0)
	244	return lock_file(lk, path, flags);
	245
	246	if (!random_initialized) {
	247	srandom((unsigned int)getpid());
	248	random_initialized = 1;
	249	}
	250
	251	if (timeout_ms > 0) {
	252	/* avoid overflow */
	253	if (timeout_ms <= LONG_MAX / 1000)
	254	remaining_us = timeout_ms * 1000;
	255	else
	256	remaining_us = LONG_MAX;
	257	}
	258
	259	while (1) {
	260	long backoff_ms, wait_us;
	261	int fd;
	262
	263	fd = lock_file(lk, path, flags);
	264
	265	if (fd >= 0)
	266	return fd; /* success */
	267	else if (errno != EEXIST)
	268	return -1; /* failure other than lock held */
	269	else if (timeout_ms > 0 && remaining_us <= 0)
	270	return -1; /* failure due to timeout */
	271
	272	backoff_ms = multiplier * INITIAL_BACKOFF_MS;
	273	/* back off for between 0.75backoff_ms and 1.25backoff_ms */
	274	wait_us = (750 + random() % 500) * backoff_ms;
	275	sleep_microseconds(wait_us);
	276	remaining_us -= wait_us;
277
278	/* Recursion: (n+1)^2 = n^2 + 2n + 1 */
279	multiplier += 2*n + 1;
280	if (multiplier > BACKOFF_MAX_MULTIPLIER)
281	multiplier = BACKOFF_MAX_MULTIPLIER;
282	else
283	n++;
284	}
285	}
286
6af926e8	287	void unable_to_lock_message(const char path, int err, struct strbuf buf)
e43a6fd3	288	{
bdfd739d	289	if (err == EEXIST) {
6af926e8	290	strbuf_addf(buf, "Unable to create '%s.lock': %s.\n\n"
e43a6fd3 MM	291	"If no other git process is currently running, this probably means a\n"
	292	"git process crashed in this repository earlier. Make sure no other git\n"
	293	"process is running and remove the file manually to continue.",
e2a57aac	294	absolute_path(path), strerror(err));
1b018fd9	295	} else
6af926e8	296	strbuf_addf(buf, "Unable to create '%s.lock': %s",
e2a57aac	297	absolute_path(path), strerror(err));
1b018fd9 MV	298	}
1b018fd9 MV	299
e197c218	300	NORETURN void unable_to_lock_die(const char *path, int err)
1b018fd9	301	{
6af926e8 RS	302	struct strbuf buf = STRBUF_INIT;
	303
	304	unable_to_lock_message(path, err, &buf);
	305	die("%s", buf.buf);
e43a6fd3 MM	306	}
e43a6fd3 MM	307
447ff1bf	308	/* This should return a meaningful errno on failure */
044b6a9e MH	309	int hold_lock_file_for_update_timeout(struct lock_file lk, const char path,
044b6a9e MH	310	int flags, long timeout_ms)
40aaae88	311	{
044b6a9e	312	int fd = lock_file_timeout(lk, path, flags, timeout_ms);
acd3b9ec	313	if (fd < 0 && (flags & LOCK_DIE_ON_ERROR))
e197c218	314	unable_to_lock_die(path, errno);
40aaae88 JH	315	return fd;
	316	}
	317
acd3b9ec	318	int hold_lock_file_for_append(struct lock_file lk, const char path, int flags)
ea3cd5c7 DB	319	{
	320	int fd, orig_fd;
	321
acd3b9ec	322	fd = lock_file(lk, path, flags);
ea3cd5c7	323	if (fd < 0) {
acd3b9ec	324	if (flags & LOCK_DIE_ON_ERROR)
e197c218	325	unable_to_lock_die(path, errno);
ea3cd5c7 DB	326	return fd;
	327	}
	328
	329	orig_fd = open(path, O_RDONLY);
	330	if (orig_fd < 0) {
	331	if (errno != ENOENT) {
4d423a3e MH	332	int save_errno = errno;
4d423a3e MH	333
acd3b9ec	334	if (flags & LOCK_DIE_ON_ERROR)
ea3cd5c7	335	die("cannot open '%s' for copying", path);
ebb8e380	336	rollback_lock_file(lk);
4d423a3e MH	337	error("cannot open '%s' for copying", path);
	338	errno = save_errno;
	339	return -1;
ea3cd5c7 DB	340	}
ea3cd5c7 DB	341	} else if (copy_fd(orig_fd, fd)) {
4d423a3e MH	342	int save_errno = errno;
4d423a3e MH	343
acd3b9ec	344	if (flags & LOCK_DIE_ON_ERROR)
00b7cbfc	345	die("failed to prepare '%s' for appending", path);
b29763aa	346	close(orig_fd);
ebb8e380	347	rollback_lock_file(lk);
4d423a3e	348	errno = save_errno;
ea3cd5c7	349	return -1;
b29763aa SP	350	} else {
b29763aa SP	351	close(orig_fd);
ea3cd5c7 DB	352	}
	353	return fd;
	354	}
	355
013870cd MH	356	FILE fdopen_lock_file(struct lock_file lk, const char *mode)
	357	{
	358	if (!lk->active)
	359	die("BUG: fdopen_lock_file() called for unlocked object");
	360	if (lk->fp)
	361	die("BUG: fdopen_lock_file() called twice for file '%s'", lk->filename.buf);
	362
	363	lk->fp = fdopen(lk->fd, mode);
	364	return lk->fp;
	365	}
	366
b4fb09e4 MH	367	const char get_lock_file_path(struct lock_file lk)
	368	{
	369	if (!lk->active)
	370	die("BUG: get_lock_file_path() called for unlocked object");
	371	return lk->filename.buf;
	372	}
	373
c99a4c2d MH	374	int get_lock_file_fd(struct lock_file *lk)
	375	{
	376	if (!lk->active)
	377	die("BUG: get_lock_file_fd() called for unlocked object");
	378	return lk->fd;
	379	}
	380
	381	FILE get_lock_file_fp(struct lock_file lk)
	382	{
	383	if (!lk->active)
	384	die("BUG: get_lock_file_fp() called for unlocked object");
	385	return lk->fp;
	386	}
	387
ec38b4e4 MH	388	char get_locked_file_path(struct lock_file lk)
	389	{
	390	if (!lk->active)
	391	die("BUG: get_locked_file_path() called for unlocked object");
	392	if (lk->filename.len <= LOCK_SUFFIX_LEN)
	393	die("BUG: get_locked_file_path() called for malformed lock object");
	394	return xmemdupz(lk->filename.buf, lk->filename.len - LOCK_SUFFIX_LEN);
	395	}
	396
d6cf61bf BC	397	int close_lock_file(struct lock_file *lk)
	398	{
	399	int fd = lk->fd;
013870cd MH	400	FILE *fp = lk->fp;
013870cd MH	401	int err;
419f0c0f MH	402
	403	if (fd < 0)
	404	return 0;
	405
d6cf61bf	406	lk->fd = -1;
013870cd MH	407	if (fp) {
	408	lk->fp = NULL;
	409
	410	/*
	411	* Note: no short-circuiting here; we want to fclose()
	412	* in any case!
	413	*/
	414	err = ferror(fp) \| fclose(fp);
	415	} else {
	416	err = close(fd);
	417	}
	418
	419	if (err) {
8e86c155 MH	420	int save_errno = errno;
	421	rollback_lock_file(lk);
	422	errno = save_errno;
	423	return -1;
	424	}
013870cd	425
8e86c155	426	return 0;
d6cf61bf BC	427	}
d6cf61bf BC	428
93dcaea2 JH	429	int reopen_lock_file(struct lock_file *lk)
	430	{
	431	if (0 <= lk->fd)
	432	die(_("BUG: reopen a lockfile that is still open"));
707103fd	433	if (!lk->active)
93dcaea2	434	die(_("BUG: reopen a lockfile that has been committed"));
cf6950d3	435	lk->fd = open(lk->filename.buf, O_WRONLY);
93dcaea2 JH	436	return lk->fd;
	437	}
	438
751baced	439	int commit_lock_file_to(struct lock_file lk, const char path)
021b6e45	440	{
707103fd	441	if (!lk->active)
751baced	442	die("BUG: attempt to commit unlocked object to \"%s\"", path);
8a1c7533	443
419f0c0f	444	if (close_lock_file(lk))
d6cf61bf	445	return -1;
4f4713df	446
751baced	447	if (rename(lk->filename.buf, path)) {
1b1648f4 MH	448	int save_errno = errno;
	449	rollback_lock_file(lk);
	450	errno = save_errno;
d6cf61bf	451	return -1;
1b1648f4 MH	452	}
1b1648f4 MH	453
707103fd	454	lk->active = 0;
cf6950d3	455	strbuf_reset(&lk->filename);
d6cf61bf	456	return 0;
021b6e45 JH	457	}
021b6e45 JH	458
751baced	459	int commit_lock_file(struct lock_file *lk)
30ca07a2	460	{
751baced MH	461	static struct strbuf result_file = STRBUF_INIT;
	462	int err;
	463
	464	if (!lk->active)
	465	die("BUG: attempt to commit unlocked object");
	466
	467	if (lk->filename.len <= LOCK_SUFFIX_LEN \|\|
	468	strcmp(lk->filename.buf + lk->filename.len - LOCK_SUFFIX_LEN, LOCK_SUFFIX))
	469	die("BUG: lockfile filename corrupt");
	470
	471	/* remove ".lock": */
	472	strbuf_add(&result_file, lk->filename.buf,
	473	lk->filename.len - LOCK_SUFFIX_LEN);
	474	err = commit_lock_file_to(lk, result_file.buf);
	475	strbuf_reset(&result_file);
	476	return err;
30ca07a2 JH	477	}
30ca07a2 JH	478
021b6e45 JH	479	void rollback_lock_file(struct lock_file *lk)
021b6e45 JH	480	{
707103fd	481	if (!lk->active)
9085f8e2 MH	482	return;
9085f8e2 MH	483
8e86c155	484	if (!close_lock_file(lk)) {
cf6950d3	485	unlink_or_warn(lk->filename.buf);
707103fd	486	lk->active = 0;
cf6950d3	487	strbuf_reset(&lk->filename);
4723ee99	488	}
021b6e45	489	}