/src/git/lockfile.c

Source
/*
 * Copyright (c) 2005, Junio C Hamano
 */

#include "git-compat-util.h"
#include "abspath.h"
#include "gettext.h"
#include "lockfile.h"
#include "parse.h"
#include "strbuf.h"
#include "wrapper.h"

/*
 * path = absolute or relative path name
 *
 * Remove the last path name element from path (leaving the preceding
 * "/", if any).  If path is empty or the root directory ("/"), set
 * path to the empty string.
 */
static void trim_last_path_component(struct strbuf *path)
{
  int i = path->len;

  /* back up past trailing slashes, if any */
  while (i && is_dir_sep(path->buf[i - 1]))
    i--;

  /*
   * then go backwards until a slash, or the beginning of the
   * string
   */
  while (i && !is_dir_sep(path->buf[i - 1]))
    i--;

  strbuf_setlen(path, i);
}


/* We allow "recursive" symbolic links. Only within reason, though */
#define MAXDEPTH 5

/*
 * path contains a path that might be a symlink.
 *
 * If path is a symlink, attempt to overwrite it with a path to the
 * real file or directory (which may or may not exist), following a
 * chain of symlinks if necessary.  Otherwise, leave path unmodified.
 *
 * This is a best-effort routine.  If an error occurs, path will
 * either be left unmodified or will name a different symlink in a
 * symlink chain that started with the original path.
 */
static void resolve_symlink(struct strbuf *path)
{
  int depth = MAXDEPTH;
  static struct strbuf link = STRBUF_INIT;

  while (depth--) {
    if (strbuf_readlink(&link, path->buf, path->len) < 0)
      break;

    if (is_absolute_path(link.buf))
      /* absolute path simply replaces p */
      strbuf_reset(path);
    else
      /*
       * link is a relative path, so replace the
       * last element of p with it.
       */
      trim_last_path_component(path);

    strbuf_addbuf(path, &link);
  }
  strbuf_reset(&link);
}

/*
 * Lock PID file functions - write PID to a foo~pid.lock file alongside
 * the lock file for debugging stale locks. The PID file is registered
 * as a tempfile so it gets cleaned up by signal/atexit handlers.
 *
 * Naming: For "foo.lock", the PID file is "foo~pid.lock". The tilde is
 * forbidden in refnames and allowed in Windows filenames, guaranteeing
 * no collision with the refs namespace.
 */

/* Global config variable, initialized from core.lockfilePid */
int lockfile_pid_enabled;

/*
 * Path generation helpers.
 * Given base path "foo", generate:
 *   - lock path: "foo.lock"
 *   - pid path:  "foo-pid.lock"
 */
static void get_lock_path(struct strbuf *out, const char *path)
{
  strbuf_addstr(out, path);
  strbuf_addstr(out, LOCK_SUFFIX);
}

static void get_pid_path(struct strbuf *out, const char *path)
{
  strbuf_addstr(out, path);
  strbuf_addstr(out, LOCK_PID_INFIX);
  strbuf_addstr(out, LOCK_SUFFIX);
}

static struct tempfile *create_lock_pid_file(const char *pid_path, int mode)
{
  struct strbuf content = STRBUF_INIT;
  struct tempfile *pid_tempfile = NULL;
  int fd;

  if (!lockfile_pid_enabled)
    goto out;

  fd = open(pid_path, O_WRONLY | O_CREAT | O_EXCL, mode);
  if (fd < 0)
    goto out;

  strbuf_addf(&content, "pid %" PRIuMAX "\n", (uintmax_t)getpid());
  if (write_in_full(fd, content.buf, content.len) < 0) {
    warning_errno(_("could not write lock pid file '%s'"), pid_path);
    close(fd);
    unlink(pid_path);
    goto out;
  }

  close(fd);
  pid_tempfile = register_tempfile(pid_path);

out:
  strbuf_release(&content);
  return pid_tempfile;
}

static int read_lock_pid(const char *pid_path, uintmax_t *pid_out)
{
  struct strbuf content = STRBUF_INIT;
  const char *val;
  int ret = -1;

  if (strbuf_read_file(&content, pid_path, LOCK_PID_MAXLEN) <= 0)
    goto out;

  strbuf_rtrim(&content);

  if (skip_prefix(content.buf, "pid ", &val)) {
    char *endptr;
    *pid_out = strtoumax(val, &endptr, 10);
    if (*pid_out > 0 && !*endptr)
      ret = 0;
  }

  if (ret)
    warning(_("malformed lock pid file '%s'"), pid_path);

out:
  strbuf_release(&content);
  return ret;
}

/* Make sure errno contains a meaningful value on error */
static int lock_file(struct lock_file *lk, const char *path, int flags,
         int mode)
{
  struct strbuf base_path = STRBUF_INIT;
  struct strbuf lock_path = STRBUF_INIT;
  struct strbuf pid_path = STRBUF_INIT;

  strbuf_addstr(&base_path, path);
  if (!(flags & LOCK_NO_DEREF))
    resolve_symlink(&base_path);

  get_lock_path(&lock_path, base_path.buf);
  get_pid_path(&pid_path, base_path.buf);

  lk->tempfile = create_tempfile_mode(lock_path.buf, mode);
  if (lk->tempfile)
    lk->pid_tempfile = create_lock_pid_file(pid_path.buf, mode);

  strbuf_release(&base_path);
  strbuf_release(&lock_path);
  strbuf_release(&pid_path);
  return lk->tempfile ? lk->tempfile->fd : -1;
}

/*
 * Constants defining the gaps between attempts to lock a file. The
 * first backoff period is approximately INITIAL_BACKOFF_MS
 * milliseconds. The longest backoff period is approximately
 * (BACKOFF_MAX_MULTIPLIER * INITIAL_BACKOFF_MS) milliseconds.
 */
#define INITIAL_BACKOFF_MS 1L
#define BACKOFF_MAX_MULTIPLIER 1000

/*
 * Try locking path, retrying with quadratic backoff for at least
 * timeout_ms milliseconds. If timeout_ms is 0, try locking the file
 * exactly once. If timeout_ms is -1, try indefinitely.
 */
static int lock_file_timeout(struct lock_file *lk, const char *path,
           int flags, long timeout_ms, int mode)
{
  int n = 1;
  int multiplier = 1;
  long remaining_ms = 0;
  static int random_initialized = 0;

  if (timeout_ms == 0)
    return lock_file(lk, path, flags, mode);

  if (!random_initialized) {
    srand((unsigned int)getpid());
    random_initialized = 1;
  }

  if (timeout_ms > 0)
    remaining_ms = timeout_ms;

  while (1) {
    long backoff_ms, wait_ms;
    int fd;

    fd = lock_file(lk, path, flags, mode);

    if (fd >= 0)
      return fd; /* success */
    else if (errno != EEXIST)
      return -1; /* failure other than lock held */
    else if (timeout_ms > 0 && remaining_ms <= 0)
      return -1; /* failure due to timeout */

    backoff_ms = multiplier * INITIAL_BACKOFF_MS;
    /* back off for between 0.75*backoff_ms and 1.25*backoff_ms */
    wait_ms = (750 + rand() % 500) * backoff_ms / 1000;
    sleep_millisec(wait_ms);
    remaining_ms -= wait_ms;

    /* Recursion: (n+1)^2 = n^2 + 2n + 1 */
    multiplier += 2*n + 1;
    if (multiplier > BACKOFF_MAX_MULTIPLIER)
      multiplier = BACKOFF_MAX_MULTIPLIER;
    else
      n++;
  }
}

void unable_to_lock_message(const char *path, int err, struct strbuf *buf)
{
  if (err == EEXIST) {
    const char *abs_path = absolute_path(path);
    struct strbuf lock_path = STRBUF_INIT;
    struct strbuf pid_path = STRBUF_INIT;
    uintmax_t pid;
    int pid_status = 0; /* 0 = unknown, 1 = running, -1 = stale */

    get_lock_path(&lock_path, abs_path);
    get_pid_path(&pid_path, abs_path);

    strbuf_addf(buf, _("Unable to create '%s': %s.\n\n"),
          lock_path.buf, strerror(err));

    /*
     * Try to read PID file unconditionally - it may exist if
     * core.lockfilePid was enabled.
     */
    if (!read_lock_pid(pid_path.buf, &pid)) {
      if (kill((pid_t)pid, 0) == 0 || errno == EPERM)
        pid_status = 1;  /* running (or no permission to signal) */
      else if (errno == ESRCH)
        pid_status = -1; /* no such process - stale lock */
    }

    if (pid_status == 1)
      strbuf_addf(buf, _("Lock may be held by process %" PRIuMAX "; "
             "if no git process is running, the lock file "
             "may be stale (PIDs can be reused)"),
            pid);
    else if (pid_status == -1)
      strbuf_addf(buf, _("Lock was held by process %" PRIuMAX ", "
             "which is no longer running; the lock file "
             "appears to be stale"),
            pid);
    else
      strbuf_addstr(buf, _("Another git process seems to be running in this repository, "
               "or the lock file may be stale"));

    strbuf_release(&lock_path);
    strbuf_release(&pid_path);
  } else {
    strbuf_addf(buf, _("Unable to create '%s.lock': %s"),
          absolute_path(path), strerror(err));
  }
}

NORETURN void unable_to_lock_die(const char *path, int err)
{
  struct strbuf buf = STRBUF_INIT;

  unable_to_lock_message(path, err, &buf);
  die("%s", buf.buf);
}

/* This should return a meaningful errno on failure */
int hold_lock_file_for_update_timeout_mode(struct lock_file *lk,
             const char *path, int flags,
             long timeout_ms, int mode)
{
  int fd = lock_file_timeout(lk, path, flags, timeout_ms, mode);
  if (fd < 0) {
    if (flags & LOCK_DIE_ON_ERROR)
      unable_to_lock_die(path, errno);
    if (flags & LOCK_REPORT_ON_ERROR) {
      struct strbuf buf = STRBUF_INIT;
      unable_to_lock_message(path, errno, &buf);
      error("%s", buf.buf);
      strbuf_release(&buf);
    }
  }
  return fd;
}

char *get_locked_file_path(struct lock_file *lk)
{
  struct strbuf ret = STRBUF_INIT;

  strbuf_addstr(&ret, get_tempfile_path(lk->tempfile));
  if (ret.len <= LOCK_SUFFIX_LEN ||
      strcmp(ret.buf + ret.len - LOCK_SUFFIX_LEN, LOCK_SUFFIX))
    BUG("get_locked_file_path() called for malformed lock object");
  /* remove ".lock": */
  strbuf_setlen(&ret, ret.len - LOCK_SUFFIX_LEN);
  return strbuf_detach(&ret, NULL);
}

int commit_lock_file(struct lock_file *lk)
{
  char *result_path = get_locked_file_path(lk);

  delete_tempfile(&lk->pid_tempfile);

  if (commit_lock_file_to(lk, result_path)) {
    int save_errno = errno;
    free(result_path);
    errno = save_errno;
    return -1;
  }
  free(result_path);
  return 0;
}

int rollback_lock_file(struct lock_file *lk)
{
  delete_tempfile(&lk->pid_tempfile);
  return delete_tempfile(&lk->tempfile);
}

Coverage Report

Created: 2026-02-26 06:44

Line	Count	Source
1		/*
2		* Copyright (c) 2005, Junio C Hamano
3		*/
4
5		#include "git-compat-util.h"
6		#include "abspath.h"
7		#include "gettext.h"
8		#include "lockfile.h"
9		#include "parse.h"
10		#include "strbuf.h"
11		#include "wrapper.h"
12
13		/*
14		* path = absolute or relative path name
15		*
16		* Remove the last path name element from path (leaving the preceding
17		* "/", if any). If path is empty or the root directory ("/"), set
18		* path to the empty string.
19		*/
20		static void trim_last_path_component(struct strbuf *path)
21	0	{
22	0	int i = path->len;
23
24		/* back up past trailing slashes, if any */
25	0	while (i && is_dir_sep(path->buf[i - 1]))
26	0	i--;
27
28		/*
29		* then go backwards until a slash, or the beginning of the
30		* string
31		*/
32	0	while (i && !is_dir_sep(path->buf[i - 1]))
33	0	i--;
34
35	0	strbuf_setlen(path, i);
36	0	}
37
38
39		/* We allow "recursive" symbolic links. Only within reason, though */
40	0	#define MAXDEPTH 5
41
42		/*
43		* path contains a path that might be a symlink.
44		*
45		* If path is a symlink, attempt to overwrite it with a path to the
46		* real file or directory (which may or may not exist), following a
47		* chain of symlinks if necessary. Otherwise, leave path unmodified.
48		*
49		* This is a best-effort routine. If an error occurs, path will
50		* either be left unmodified or will name a different symlink in a
51		* symlink chain that started with the original path.
52		*/
53		static void resolve_symlink(struct strbuf *path)
54	0	{
55	0	int depth = MAXDEPTH;
56	0	static struct strbuf link = STRBUF_INIT;
57
58	0	while (depth--) {
59	0	if (strbuf_readlink(&link, path->buf, path->len) < 0)
60	0	break;
61
62	0	if (is_absolute_path(link.buf))
63		/* absolute path simply replaces p */
64	0	strbuf_reset(path);
65	0	else
66		/*
67		* link is a relative path, so replace the
68		* last element of p with it.
69		*/
70	0	trim_last_path_component(path);
71
72	0	strbuf_addbuf(path, &link);
73	0	}
74	0	strbuf_reset(&link);
75	0	}
76
77		/*
78		* Lock PID file functions - write PID to a foo~pid.lock file alongside
79		* the lock file for debugging stale locks. The PID file is registered
80		* as a tempfile so it gets cleaned up by signal/atexit handlers.
81		*
82		* Naming: For "foo.lock", the PID file is "foo~pid.lock". The tilde is
83		* forbidden in refnames and allowed in Windows filenames, guaranteeing
84		* no collision with the refs namespace.
85		*/
86
87		/* Global config variable, initialized from core.lockfilePid */
88		int lockfile_pid_enabled;
89
90		/*
91		* Path generation helpers.
92		* Given base path "foo", generate:
93		* - lock path: "foo.lock"
94		* - pid path: "foo-pid.lock"
95		*/
96		static void get_lock_path(struct strbuf out, const char path)
97	0	{
98	0	strbuf_addstr(out, path);
99	0	strbuf_addstr(out, LOCK_SUFFIX);
100	0	}
101
102		static void get_pid_path(struct strbuf out, const char path)
103	0	{
104	0	strbuf_addstr(out, path);
105	0	strbuf_addstr(out, LOCK_PID_INFIX);
106	0	strbuf_addstr(out, LOCK_SUFFIX);
107	0	}
108
109		static struct tempfile create_lock_pid_file(const char pid_path, int mode)
110	0	{
111	0	struct strbuf content = STRBUF_INIT;
112	0	struct tempfile *pid_tempfile = NULL;
113	0	int fd;
114
115	0	if (!lockfile_pid_enabled)
116	0	goto out;
117
118	0	fd = open(pid_path, O_WRONLY \| O_CREAT \| O_EXCL, mode);
119	0	if (fd < 0)
120	0	goto out;
121
122	0	strbuf_addf(&content, "pid %" PRIuMAX "\n", (uintmax_t)getpid());
123	0	if (write_in_full(fd, content.buf, content.len) < 0) {
124	0	warning_errno(_("could not write lock pid file '%s'"), pid_path);
125	0	close(fd);
126	0	unlink(pid_path);
127	0	goto out;
128	0	}
129
130	0	close(fd);
131	0	pid_tempfile = register_tempfile(pid_path);
132
133	0	out:
134	0	strbuf_release(&content);
135	0	return pid_tempfile;
136	0	}
137
138		static int read_lock_pid(const char pid_path, uintmax_t pid_out)
139	0	{
140	0	struct strbuf content = STRBUF_INIT;
141	0	const char *val;
142	0	int ret = -1;
143
144	0	if (strbuf_read_file(&content, pid_path, LOCK_PID_MAXLEN) <= 0)
145	0	goto out;
146
147	0	strbuf_rtrim(&content);
148
149	0	if (skip_prefix(content.buf, "pid ", &val)) {
150	0	char *endptr;
151	0	*pid_out = strtoumax(val, &endptr, 10);
152	0	if (pid_out > 0 && !endptr)
153	0	ret = 0;
154	0	}
155
156	0	if (ret)
157	0	warning(_("malformed lock pid file '%s'"), pid_path);
158
159	0	out:
160	0	strbuf_release(&content);
161	0	return ret;
162	0	}
163
164		/* Make sure errno contains a meaningful value on error */
165		static int lock_file(struct lock_file lk, const char path, int flags,
166		int mode)
167	0	{
168	0	struct strbuf base_path = STRBUF_INIT;
169	0	struct strbuf lock_path = STRBUF_INIT;
170	0	struct strbuf pid_path = STRBUF_INIT;
171
172	0	strbuf_addstr(&base_path, path);
173	0	if (!(flags & LOCK_NO_DEREF))
174	0	resolve_symlink(&base_path);
175
176	0	get_lock_path(&lock_path, base_path.buf);
177	0	get_pid_path(&pid_path, base_path.buf);
178
179	0	lk->tempfile = create_tempfile_mode(lock_path.buf, mode);
180	0	if (lk->tempfile)
181	0	lk->pid_tempfile = create_lock_pid_file(pid_path.buf, mode);
182
183	0	strbuf_release(&base_path);
184	0	strbuf_release(&lock_path);
185	0	strbuf_release(&pid_path);
186	0	return lk->tempfile ? lk->tempfile->fd : -1;
187	0	}
188
189		/*
190		* Constants defining the gaps between attempts to lock a file. The
191		* first backoff period is approximately INITIAL_BACKOFF_MS
192		* milliseconds. The longest backoff period is approximately
193		* (BACKOFF_MAX_MULTIPLIER * INITIAL_BACKOFF_MS) milliseconds.
194		*/
195	0	#define INITIAL_BACKOFF_MS 1L
196	0	#define BACKOFF_MAX_MULTIPLIER 1000
197
198		/*
199		* Try locking path, retrying with quadratic backoff for at least
200		* timeout_ms milliseconds. If timeout_ms is 0, try locking the file
201		* exactly once. If timeout_ms is -1, try indefinitely.
202		*/
203		static int lock_file_timeout(struct lock_file lk, const char path,
204		int flags, long timeout_ms, int mode)
205	0	{
206	0	int n = 1;
207	0	int multiplier = 1;
208	0	long remaining_ms = 0;
209	0	static int random_initialized = 0;
210
211	0	if (timeout_ms == 0)
212	0	return lock_file(lk, path, flags, mode);
213
214	0	if (!random_initialized) {
215	0	srand((unsigned int)getpid());
216	0	random_initialized = 1;
217	0	}
218
219	0	if (timeout_ms > 0)
220	0	remaining_ms = timeout_ms;
221
222	0	while (1) {
223	0	long backoff_ms, wait_ms;
224	0	int fd;
225
226	0	fd = lock_file(lk, path, flags, mode);
227
228	0	if (fd >= 0)
229	0	return fd; /* success */
230	0	else if (errno != EEXIST)
231	0	return -1; /* failure other than lock held */
232	0	else if (timeout_ms > 0 && remaining_ms <= 0)
233	0	return -1; /* failure due to timeout */
234
235	0	backoff_ms = multiplier * INITIAL_BACKOFF_MS;
236		/* back off for between 0.75backoff_ms and 1.25backoff_ms */
237	0	wait_ms = (750 + rand() % 500) * backoff_ms / 1000;
238	0	sleep_millisec(wait_ms);
239	0	remaining_ms -= wait_ms;
240
241		/* Recursion: (n+1)^2 = n^2 + 2n + 1 */
242	0	multiplier += 2*n + 1;
243	0	if (multiplier > BACKOFF_MAX_MULTIPLIER)
244	0	multiplier = BACKOFF_MAX_MULTIPLIER;
245	0	else
246	0	n++;
247	0	}
248	0	}
249
250		void unable_to_lock_message(const char path, int err, struct strbuf buf)
251	0	{
252	0	if (err == EEXIST) {
253	0	const char *abs_path = absolute_path(path);
254	0	struct strbuf lock_path = STRBUF_INIT;
255	0	struct strbuf pid_path = STRBUF_INIT;
256	0	uintmax_t pid;
257	0	int pid_status = 0; /* 0 = unknown, 1 = running, -1 = stale */
258
259	0	get_lock_path(&lock_path, abs_path);
260	0	get_pid_path(&pid_path, abs_path);
261
262	0	strbuf_addf(buf, _("Unable to create '%s': %s.\n\n"),
263	0	lock_path.buf, strerror(err));
264
265		/*
266		* Try to read PID file unconditionally - it may exist if
267		* core.lockfilePid was enabled.
268		*/
269	0	if (!read_lock_pid(pid_path.buf, &pid)) {
270	0	if (kill((pid_t)pid, 0) == 0 \|\| errno == EPERM)
271	0	pid_status = 1; /* running (or no permission to signal) */
272	0	else if (errno == ESRCH)
273	0	pid_status = -1; /* no such process - stale lock */
274	0	}
275
276	0	if (pid_status == 1)
277	0	strbuf_addf(buf, _("Lock may be held by process %" PRIuMAX "; "
278	0	"if no git process is running, the lock file "
279	0	"may be stale (PIDs can be reused)"),
280	0	pid);
281	0	else if (pid_status == -1)
282	0	strbuf_addf(buf, _("Lock was held by process %" PRIuMAX ", "
283	0	"which is no longer running; the lock file "
284	0	"appears to be stale"),
285	0	pid);
286	0	else
287	0	strbuf_addstr(buf, _("Another git process seems to be running in this repository, "
288	0	"or the lock file may be stale"));
289
290	0	strbuf_release(&lock_path);
291	0	strbuf_release(&pid_path);
292	0	} else {
293	0	strbuf_addf(buf, _("Unable to create '%s.lock': %s"),
294	0	absolute_path(path), strerror(err));
295	0	}
296	0	}
297
298		NORETURN void unable_to_lock_die(const char *path, int err)
299	0	{
300	0	struct strbuf buf = STRBUF_INIT;
301
302	0	unable_to_lock_message(path, err, &buf);
303	0	die("%s", buf.buf);
304	0	}
305
306		/* This should return a meaningful errno on failure */
307		int hold_lock_file_for_update_timeout_mode(struct lock_file *lk,
308		const char *path, int flags,
309		long timeout_ms, int mode)
310	0	{
311	0	int fd = lock_file_timeout(lk, path, flags, timeout_ms, mode);
312	0	if (fd < 0) {
313	0	if (flags & LOCK_DIE_ON_ERROR)
314	0	unable_to_lock_die(path, errno);
315	0	if (flags & LOCK_REPORT_ON_ERROR) {
316	0	struct strbuf buf = STRBUF_INIT;
317	0	unable_to_lock_message(path, errno, &buf);
318	0	error("%s", buf.buf);
319	0	strbuf_release(&buf);
320	0	}
321	0	}
322	0	return fd;
323	0	}
324
325		char get_locked_file_path(struct lock_file lk)
326	0	{
327	0	struct strbuf ret = STRBUF_INIT;
328
329	0	strbuf_addstr(&ret, get_tempfile_path(lk->tempfile));
330	0	if (ret.len <= LOCK_SUFFIX_LEN \|\|
331	0	strcmp(ret.buf + ret.len - LOCK_SUFFIX_LEN, LOCK_SUFFIX))
332	0	BUG("get_locked_file_path() called for malformed lock object");
333		/* remove ".lock": */
334	0	strbuf_setlen(&ret, ret.len - LOCK_SUFFIX_LEN);
335	0	return strbuf_detach(&ret, NULL);
336	0	}
337
338		int commit_lock_file(struct lock_file *lk)
339	0	{
340	0	char *result_path = get_locked_file_path(lk);
341
342	0	delete_tempfile(&lk->pid_tempfile);
343
344	0	if (commit_lock_file_to(lk, result_path)) {
345	0	int save_errno = errno;
346	0	free(result_path);
347	0	errno = save_errno;
348	0	return -1;
349	0	}
350	0	free(result_path);
351	0	return 0;
352	0	}
353
354		int rollback_lock_file(struct lock_file *lk)
355	0	{
356	0	delete_tempfile(&lk->pid_tempfile);
357	0	return delete_tempfile(&lk->tempfile);
358	0	}