2007-05-02 18:13:14 +02:00
|
|
|
#include "cache.h"
|
|
|
|
#include "pack.h"
|
2007-06-01 21:18:05 +02:00
|
|
|
#include "csum-file.h"
|
|
|
|
|
2011-02-26 00:43:25 +01:00
|
|
|
void reset_pack_idx_option(struct pack_idx_option *opts)
|
|
|
|
{
|
|
|
|
memset(opts, 0, sizeof(*opts));
|
|
|
|
opts->version = 2;
|
|
|
|
opts->off32_limit = 0x7fffffff;
|
|
|
|
}
|
2007-06-01 21:18:05 +02:00
|
|
|
|
|
|
|
static int sha1_compare(const void *_a, const void *_b)
|
|
|
|
{
|
|
|
|
struct pack_idx_entry *a = *(struct pack_idx_entry **)_a;
|
|
|
|
struct pack_idx_entry *b = *(struct pack_idx_entry **)_b;
|
2017-05-07 00:10:11 +02:00
|
|
|
return oidcmp(&a->oid, &b->oid);
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
|
|
|
|
2011-02-26 01:55:26 +01:00
|
|
|
static int cmp_uint32(const void *a_, const void *b_)
|
|
|
|
{
|
|
|
|
uint32_t a = *((uint32_t *)a_);
|
|
|
|
uint32_t b = *((uint32_t *)b_);
|
|
|
|
|
|
|
|
return (a < b) ? -1 : (a != b);
|
|
|
|
}
|
|
|
|
|
2011-02-26 01:54:00 +01:00
|
|
|
static int need_large_offset(off_t offset, const struct pack_idx_option *opts)
|
|
|
|
{
|
2011-02-26 01:55:26 +01:00
|
|
|
uint32_t ofsval;
|
|
|
|
|
|
|
|
if ((offset >> 31) || (opts->off32_limit < offset))
|
|
|
|
return 1;
|
|
|
|
if (!opts->anomaly_nr)
|
|
|
|
return 0;
|
|
|
|
ofsval = offset;
|
|
|
|
return !!bsearch(&ofsval, opts->anomaly, opts->anomaly_nr,
|
|
|
|
sizeof(ofsval), cmp_uint32);
|
2011-02-26 01:54:00 +01:00
|
|
|
}
|
|
|
|
|
2007-06-01 21:18:05 +02:00
|
|
|
/*
|
|
|
|
* On entry *sha1 contains the pack content SHA1 hash, on exit it is
|
|
|
|
* the SHA1 hash of sorted object names. The objects array passed in
|
|
|
|
* will be sorted by SHA1 on exit.
|
|
|
|
*/
|
2010-01-22 16:55:19 +01:00
|
|
|
const char *write_idx_file(const char *index_name, struct pack_idx_entry **objects,
|
2011-02-26 00:43:25 +01:00
|
|
|
int nr_objects, const struct pack_idx_option *opts,
|
pack-objects: name pack files after trailer hash
Our current scheme for naming packfiles is to calculate the
sha1 hash of the sorted list of objects contained in the
packfile. This gives us a unique name, so we are reasonably
sure that two packs with the same name will contain the same
objects.
It does not, however, tell us that two such packs have the
exact same bytes. This makes things awkward if we repack the
same set of objects. Due to run-to-run variations, the bytes
may not be identical (e.g., changed zlib or git versions,
different source object reuse due to new packs in the
repository, or even different deltas due to races during a
multi-threaded delta search).
In theory, this could be helpful to a program that cares
that the packfile contains a certain set of objects, but
does not care about the particular representation. In
practice, no part of git makes use of that, and in many
cases it is potentially harmful. For example, if a dumb http
client fetches the .idx file, it must be sure to get the
exact .pack that matches it. Similarly, a partial transfer
of a .pack file cannot be safely resumed, as the actual
bytes may have changed. This could also affect a local
client which opened the .idx and .pack files, closes the
.pack file (due to memory or file descriptor limits), and
then re-opens a changed packfile.
In all of these cases, git can detect the problem, as we
have the sha1 of the bytes themselves in the pack trailer
(which we verify on transfer), and the .idx file references
the trailer from the matching packfile. But it would be
simpler and more efficient to actually get the correct
bytes, rather than noticing the problem and having to
restart the operation.
This patch simply uses the pack trailer sha1 as the pack
name. It should be similarly unique, but covers the exact
representation of the objects. Other parts of git should not
care, as the pack name is returned by pack-objects and is
essentially opaque.
One test needs to be updated, because it actually corrupts a
pack and expects that re-packing the corrupted bytes will
use the same name. It won't anymore, but we can easily just
use the name that pack-objects hands back.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-05 21:28:07 +01:00
|
|
|
const unsigned char *sha1)
|
2007-06-01 21:18:05 +02:00
|
|
|
{
|
2018-02-01 03:18:46 +01:00
|
|
|
struct hashfile *f;
|
2007-06-01 21:18:05 +02:00
|
|
|
struct pack_idx_entry **sorted_by_sha, **list, **last;
|
|
|
|
off_t last_obj_offset = 0;
|
|
|
|
uint32_t array[256];
|
|
|
|
int i, fd;
|
|
|
|
uint32_t index_version;
|
|
|
|
|
|
|
|
if (nr_objects) {
|
|
|
|
sorted_by_sha = objects;
|
|
|
|
list = sorted_by_sha;
|
|
|
|
last = sorted_by_sha + nr_objects;
|
|
|
|
for (i = 0; i < nr_objects; ++i) {
|
|
|
|
if (objects[i]->offset > last_obj_offset)
|
|
|
|
last_obj_offset = objects[i]->offset;
|
|
|
|
}
|
2016-09-29 17:27:31 +02:00
|
|
|
QSORT(sorted_by_sha, nr_objects, sha1_compare);
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
sorted_by_sha = list = last = NULL;
|
|
|
|
|
2011-02-03 02:29:01 +01:00
|
|
|
if (opts->flags & WRITE_IDX_VERIFY) {
|
|
|
|
assert(index_name);
|
2018-02-01 03:18:46 +01:00
|
|
|
f = hashfd_check(index_name);
|
2007-06-01 21:18:05 +02:00
|
|
|
} else {
|
2011-02-03 02:29:01 +01:00
|
|
|
if (!index_name) {
|
2017-03-28 21:45:43 +02:00
|
|
|
struct strbuf tmp_file = STRBUF_INIT;
|
|
|
|
fd = odb_mkstemp(&tmp_file, "pack/tmp_idx_XXXXXX");
|
|
|
|
index_name = strbuf_detach(&tmp_file, NULL);
|
2011-02-03 02:29:01 +01:00
|
|
|
} else {
|
|
|
|
unlink(index_name);
|
|
|
|
fd = open(index_name, O_CREAT|O_EXCL|O_WRONLY, 0600);
|
2017-03-28 21:45:25 +02:00
|
|
|
if (fd < 0)
|
|
|
|
die_errno("unable to create '%s'", index_name);
|
2011-02-03 02:29:01 +01:00
|
|
|
}
|
2018-02-01 03:18:46 +01:00
|
|
|
f = hashfd(fd, index_name);
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* if last object's offset is >= 2^31 we should use index V2 */
|
2011-02-26 01:54:00 +01:00
|
|
|
index_version = need_large_offset(last_obj_offset, opts) ? 2 : opts->version;
|
2007-06-01 21:18:05 +02:00
|
|
|
|
|
|
|
/* index versions 2 and above need a header */
|
|
|
|
if (index_version >= 2) {
|
|
|
|
struct pack_idx_header hdr;
|
|
|
|
hdr.idx_signature = htonl(PACK_IDX_SIGNATURE);
|
|
|
|
hdr.idx_version = htonl(index_version);
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, &hdr, sizeof(hdr));
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Write the first-level table (the list is sorted,
|
|
|
|
* but we use a 256-entry lookup to be able to avoid
|
|
|
|
* having to do eight extra binary search iterations).
|
|
|
|
*/
|
|
|
|
for (i = 0; i < 256; i++) {
|
|
|
|
struct pack_idx_entry **next = list;
|
|
|
|
while (next < last) {
|
|
|
|
struct pack_idx_entry *obj = *next;
|
2017-05-07 00:10:11 +02:00
|
|
|
if (obj->oid.hash[0] != i)
|
2007-06-01 21:18:05 +02:00
|
|
|
break;
|
|
|
|
next++;
|
|
|
|
}
|
|
|
|
array[i] = htonl(next - sorted_by_sha);
|
|
|
|
list = next;
|
|
|
|
}
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, array, 256 * 4);
|
2007-06-01 21:18:05 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Write the actual SHA1 entries..
|
|
|
|
*/
|
|
|
|
list = sorted_by_sha;
|
|
|
|
for (i = 0; i < nr_objects; i++) {
|
|
|
|
struct pack_idx_entry *obj = *list++;
|
|
|
|
if (index_version < 2) {
|
|
|
|
uint32_t offset = htonl(obj->offset);
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, &offset, 4);
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, obj->oid.hash, the_hash_algo->rawsz);
|
2011-11-17 07:04:13 +01:00
|
|
|
if ((opts->flags & WRITE_IDX_STRICT) &&
|
2017-05-07 00:10:11 +02:00
|
|
|
(i && !oidcmp(&list[-2]->oid, &obj->oid)))
|
2011-11-17 07:04:13 +01:00
|
|
|
die("The same object %s appears twice in the pack",
|
2017-05-07 00:10:11 +02:00
|
|
|
oid_to_hex(&obj->oid));
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (index_version >= 2) {
|
|
|
|
unsigned int nr_large_offset = 0;
|
|
|
|
|
|
|
|
/* write the crc32 table */
|
|
|
|
list = sorted_by_sha;
|
|
|
|
for (i = 0; i < nr_objects; i++) {
|
|
|
|
struct pack_idx_entry *obj = *list++;
|
|
|
|
uint32_t crc32_val = htonl(obj->crc32);
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, &crc32_val, 4);
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* write the 32-bit offset table */
|
|
|
|
list = sorted_by_sha;
|
|
|
|
for (i = 0; i < nr_objects; i++) {
|
|
|
|
struct pack_idx_entry *obj = *list++;
|
2011-02-26 01:54:00 +01:00
|
|
|
uint32_t offset;
|
|
|
|
|
|
|
|
offset = (need_large_offset(obj->offset, opts)
|
|
|
|
? (0x80000000 | nr_large_offset++)
|
|
|
|
: obj->offset);
|
2007-06-01 21:18:05 +02:00
|
|
|
offset = htonl(offset);
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, &offset, 4);
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* write the large offset table */
|
|
|
|
list = sorted_by_sha;
|
|
|
|
while (nr_large_offset) {
|
|
|
|
struct pack_idx_entry *obj = *list++;
|
|
|
|
uint64_t offset = obj->offset;
|
2011-02-26 01:54:00 +01:00
|
|
|
uint32_t split[2];
|
|
|
|
|
|
|
|
if (!need_large_offset(offset, opts))
|
|
|
|
continue;
|
|
|
|
split[0] = htonl(offset >> 32);
|
|
|
|
split[1] = htonl(offset & 0xffffffff);
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, split, 8);
|
2011-02-26 01:54:00 +01:00
|
|
|
nr_large_offset--;
|
2007-06-01 21:18:05 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, sha1, the_hash_algo->rawsz);
|
2018-04-02 22:34:15 +02:00
|
|
|
finalize_hashfile(f, NULL, CSUM_HASH_IN_STREAM | CSUM_CLOSE |
|
|
|
|
((opts->flags & WRITE_IDX_VERIFY)
|
|
|
|
? 0 : CSUM_FSYNC));
|
2007-06-01 21:18:05 +02:00
|
|
|
return index_name;
|
|
|
|
}
|
2007-05-02 18:13:14 +02:00
|
|
|
|
2018-02-01 03:18:46 +01:00
|
|
|
off_t write_pack_header(struct hashfile *f, uint32_t nr_entries)
|
2011-10-28 20:40:48 +02:00
|
|
|
{
|
|
|
|
struct pack_header hdr;
|
|
|
|
|
|
|
|
hdr.hdr_signature = htonl(PACK_SIGNATURE);
|
|
|
|
hdr.hdr_version = htonl(PACK_VERSION);
|
|
|
|
hdr.hdr_entries = htonl(nr_entries);
|
2018-02-01 03:18:46 +01:00
|
|
|
hashwrite(f, &hdr, sizeof(hdr));
|
2011-10-28 20:40:48 +02:00
|
|
|
return sizeof(hdr);
|
|
|
|
}
|
|
|
|
|
2008-08-29 22:07:59 +02:00
|
|
|
/*
|
|
|
|
* Update pack header with object_count and compute new SHA1 for pack data
|
|
|
|
* associated to pack_fd, and write that SHA1 at the end. That new SHA1
|
|
|
|
* is also returned in new_pack_sha1.
|
|
|
|
*
|
|
|
|
* If partial_pack_sha1 is non null, then the SHA1 of the existing pack
|
|
|
|
* (without the header update) is computed and validated against the
|
|
|
|
* one provided in partial_pack_sha1. The validation is performed at
|
|
|
|
* partial_pack_offset bytes in the pack file. The SHA1 of the remaining
|
|
|
|
* data (i.e. from partial_pack_offset to the end) is then computed and
|
|
|
|
* returned in partial_pack_sha1.
|
|
|
|
*
|
|
|
|
* Note that new_pack_sha1 is updated last, so both new_pack_sha1 and
|
|
|
|
* partial_pack_sha1 can refer to the same buffer if the caller is not
|
|
|
|
* interested in the resulting SHA1 of pack data above partial_pack_offset.
|
|
|
|
*/
|
2007-05-02 18:13:14 +02:00
|
|
|
void fixup_pack_header_footer(int pack_fd,
|
2018-02-01 03:18:44 +01:00
|
|
|
unsigned char *new_pack_hash,
|
2007-05-02 18:13:14 +02:00
|
|
|
const char *pack_name,
|
2008-08-29 22:07:59 +02:00
|
|
|
uint32_t object_count,
|
2018-02-01 03:18:44 +01:00
|
|
|
unsigned char *partial_pack_hash,
|
2008-08-29 22:07:59 +02:00
|
|
|
off_t partial_pack_offset)
|
2007-05-02 18:13:14 +02:00
|
|
|
{
|
2008-08-29 22:08:02 +02:00
|
|
|
int aligned_sz, buf_sz = 8 * 1024;
|
2018-02-01 03:18:44 +01:00
|
|
|
git_hash_ctx old_hash_ctx, new_hash_ctx;
|
2007-05-02 18:13:14 +02:00
|
|
|
struct pack_header hdr;
|
|
|
|
char *buf;
|
2017-09-27 08:01:07 +02:00
|
|
|
ssize_t read_result;
|
2007-05-02 18:13:14 +02:00
|
|
|
|
2018-02-01 03:18:44 +01:00
|
|
|
the_hash_algo->init_fn(&old_hash_ctx);
|
|
|
|
the_hash_algo->init_fn(&new_hash_ctx);
|
2008-08-29 22:07:59 +02:00
|
|
|
|
2007-05-02 18:13:14 +02:00
|
|
|
if (lseek(pack_fd, 0, SEEK_SET) != 0)
|
2009-06-27 17:58:46 +02:00
|
|
|
die_errno("Failed seeking to start of '%s'", pack_name);
|
2017-09-27 08:01:07 +02:00
|
|
|
read_result = read_in_full(pack_fd, &hdr, sizeof(hdr));
|
|
|
|
if (read_result < 0)
|
2009-06-27 17:58:46 +02:00
|
|
|
die_errno("Unable to reread header of '%s'", pack_name);
|
2017-09-27 08:01:07 +02:00
|
|
|
else if (read_result != sizeof(hdr))
|
|
|
|
die_errno("Unexpected short read for header of '%s'",
|
|
|
|
pack_name);
|
2007-05-02 18:13:14 +02:00
|
|
|
if (lseek(pack_fd, 0, SEEK_SET) != 0)
|
2009-06-27 17:58:46 +02:00
|
|
|
die_errno("Failed seeking to start of '%s'", pack_name);
|
2018-02-01 03:18:44 +01:00
|
|
|
the_hash_algo->update_fn(&old_hash_ctx, &hdr, sizeof(hdr));
|
2007-05-02 18:13:14 +02:00
|
|
|
hdr.hdr_entries = htonl(object_count);
|
2018-02-01 03:18:44 +01:00
|
|
|
the_hash_algo->update_fn(&new_hash_ctx, &hdr, sizeof(hdr));
|
2007-05-02 18:13:14 +02:00
|
|
|
write_or_die(pack_fd, &hdr, sizeof(hdr));
|
2008-08-29 22:07:59 +02:00
|
|
|
partial_pack_offset -= sizeof(hdr);
|
2007-05-02 18:13:14 +02:00
|
|
|
|
|
|
|
buf = xmalloc(buf_sz);
|
2008-08-29 22:08:02 +02:00
|
|
|
aligned_sz = buf_sz - sizeof(hdr);
|
2007-05-02 18:13:14 +02:00
|
|
|
for (;;) {
|
2008-08-29 22:07:59 +02:00
|
|
|
ssize_t m, n;
|
2018-02-01 03:18:44 +01:00
|
|
|
m = (partial_pack_hash && partial_pack_offset < aligned_sz) ?
|
2008-08-29 22:08:02 +02:00
|
|
|
partial_pack_offset : aligned_sz;
|
2008-08-29 22:07:59 +02:00
|
|
|
n = xread(pack_fd, buf, m);
|
2007-05-02 18:13:14 +02:00
|
|
|
if (!n)
|
|
|
|
break;
|
|
|
|
if (n < 0)
|
2009-06-27 17:58:46 +02:00
|
|
|
die_errno("Failed to checksum '%s'", pack_name);
|
2018-02-01 03:18:44 +01:00
|
|
|
the_hash_algo->update_fn(&new_hash_ctx, buf, n);
|
2008-08-29 22:07:59 +02:00
|
|
|
|
2008-08-29 22:08:02 +02:00
|
|
|
aligned_sz -= n;
|
|
|
|
if (!aligned_sz)
|
|
|
|
aligned_sz = buf_sz;
|
|
|
|
|
2018-02-01 03:18:44 +01:00
|
|
|
if (!partial_pack_hash)
|
2008-08-29 22:07:59 +02:00
|
|
|
continue;
|
|
|
|
|
2018-02-01 03:18:44 +01:00
|
|
|
the_hash_algo->update_fn(&old_hash_ctx, buf, n);
|
2008-08-29 22:07:59 +02:00
|
|
|
partial_pack_offset -= n;
|
|
|
|
if (partial_pack_offset == 0) {
|
2018-02-01 03:18:44 +01:00
|
|
|
unsigned char hash[GIT_MAX_RAWSZ];
|
|
|
|
the_hash_algo->final_fn(hash, &old_hash_ctx);
|
|
|
|
if (hashcmp(hash, partial_pack_hash) != 0)
|
2008-08-29 22:07:59 +02:00
|
|
|
die("Unexpected checksum for %s "
|
|
|
|
"(disk corruption?)", pack_name);
|
|
|
|
/*
|
|
|
|
* Now let's compute the SHA1 of the remainder of the
|
|
|
|
* pack, which also means making partial_pack_offset
|
|
|
|
* big enough not to matter anymore.
|
|
|
|
*/
|
2018-02-01 03:18:44 +01:00
|
|
|
the_hash_algo->init_fn(&old_hash_ctx);
|
2008-08-29 22:07:59 +02:00
|
|
|
partial_pack_offset = ~partial_pack_offset;
|
|
|
|
partial_pack_offset -= MSB(partial_pack_offset, 1);
|
|
|
|
}
|
2007-05-02 18:13:14 +02:00
|
|
|
}
|
|
|
|
free(buf);
|
|
|
|
|
2018-02-01 03:18:44 +01:00
|
|
|
if (partial_pack_hash)
|
|
|
|
the_hash_algo->final_fn(partial_pack_hash, &old_hash_ctx);
|
|
|
|
the_hash_algo->final_fn(new_pack_hash, &new_hash_ctx);
|
|
|
|
write_or_die(pack_fd, new_pack_hash, the_hash_algo->rawsz);
|
2008-08-27 21:48:00 +02:00
|
|
|
fsync_or_die(pack_fd, pack_name);
|
2007-05-02 18:13:14 +02:00
|
|
|
}
|
2007-09-14 09:31:16 +02:00
|
|
|
|
|
|
|
char *index_pack_lockfile(int ip_out)
|
|
|
|
{
|
2018-02-01 03:18:44 +01:00
|
|
|
char packname[GIT_MAX_HEXSZ + 6];
|
|
|
|
const int len = the_hash_algo->hexsz + 6;
|
2007-09-14 09:31:16 +02:00
|
|
|
|
|
|
|
/*
|
2009-02-25 08:11:29 +01:00
|
|
|
* The first thing we expect from index-pack's output
|
2007-09-14 09:31:16 +02:00
|
|
|
* is "pack\t%40s\n" or "keep\t%40s\n" (46 bytes) where
|
|
|
|
* %40s is the newly created pack SHA1 name. In the "keep"
|
|
|
|
* case, we need it to remove the corresponding .keep file
|
|
|
|
* later on. If we don't get that then tough luck with it.
|
|
|
|
*/
|
2018-02-01 03:18:44 +01:00
|
|
|
if (read_in_full(ip_out, packname, len) == len && packname[len-1] == '\n') {
|
2014-08-30 11:47:19 +02:00
|
|
|
const char *name;
|
2018-02-01 03:18:44 +01:00
|
|
|
packname[len-1] = 0;
|
2014-08-30 11:47:19 +02:00
|
|
|
if (skip_prefix(packname, "keep\t", &name))
|
|
|
|
return xstrfmt("%s/pack/pack-%s.keep",
|
|
|
|
get_object_directory(), name);
|
2007-09-14 09:31:16 +02:00
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
2010-02-23 21:02:37 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The per-object header is a pretty dense thing, which is
|
|
|
|
* - first byte: low four bits are "size", then three bits of "type",
|
|
|
|
* and the high bit is "size continues".
|
|
|
|
* - each byte afterwards: low seven bits are size continuation,
|
|
|
|
* with the high bit being "size continues"
|
|
|
|
*/
|
encode_in_pack_object_header: respect output buffer length
The encode_in_pack_object_header() writes a variable-length
header to an output buffer, but it doesn't actually know
long the buffer is. At first glance, this looks like it
might be possible to overflow.
In practice, this is probably impossible. The smallest
buffer we use is 10 bytes, which would hold the header for
an object up to 2^67 bytes. Obviously we're not likely to
see such an object, but we might worry that an object could
lie about its size (causing us to overflow before we realize
it does not actually have that many bytes). But the argument
is passed as a uintmax_t. Even on systems that have __int128
available, uintmax_t is typically restricted to 64-bit by
the ABI.
So it's unlikely that a system exists where this could be
exploited. Still, it's easy enough to use a normal out/len
pair and make sure we don't write too far. That protects the
hypothetical 128-bit system, makes it harder for callers to
accidentally specify a too-small buffer, and makes the
resulting code easier to audit.
Note that the one caller in fast-import tried to catch such
a case, but did so _after_ the call (at which point we'd
have already overflowed!). This check can now go away.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-24 18:26:40 +01:00
|
|
|
int encode_in_pack_object_header(unsigned char *hdr, int hdr_len,
|
|
|
|
enum object_type type, uintmax_t size)
|
2010-02-23 21:02:37 +01:00
|
|
|
{
|
|
|
|
int n = 1;
|
|
|
|
unsigned char c;
|
|
|
|
|
|
|
|
if (type < OBJ_COMMIT || type > OBJ_REF_DELTA)
|
|
|
|
die("bad type %d", type);
|
|
|
|
|
|
|
|
c = (type << 4) | (size & 15);
|
|
|
|
size >>= 4;
|
|
|
|
while (size) {
|
encode_in_pack_object_header: respect output buffer length
The encode_in_pack_object_header() writes a variable-length
header to an output buffer, but it doesn't actually know
long the buffer is. At first glance, this looks like it
might be possible to overflow.
In practice, this is probably impossible. The smallest
buffer we use is 10 bytes, which would hold the header for
an object up to 2^67 bytes. Obviously we're not likely to
see such an object, but we might worry that an object could
lie about its size (causing us to overflow before we realize
it does not actually have that many bytes). But the argument
is passed as a uintmax_t. Even on systems that have __int128
available, uintmax_t is typically restricted to 64-bit by
the ABI.
So it's unlikely that a system exists where this could be
exploited. Still, it's easy enough to use a normal out/len
pair and make sure we don't write too far. That protects the
hypothetical 128-bit system, makes it harder for callers to
accidentally specify a too-small buffer, and makes the
resulting code easier to audit.
Note that the one caller in fast-import tried to catch such
a case, but did so _after_ the call (at which point we'd
have already overflowed!). This check can now go away.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-24 18:26:40 +01:00
|
|
|
if (n == hdr_len)
|
|
|
|
die("object size is too enormous to format");
|
2010-02-23 21:02:37 +01:00
|
|
|
*hdr++ = c | 0x80;
|
|
|
|
c = size & 0x7f;
|
|
|
|
size >>= 7;
|
|
|
|
n++;
|
|
|
|
}
|
|
|
|
*hdr = c;
|
|
|
|
return n;
|
|
|
|
}
|
2011-10-28 20:52:14 +02:00
|
|
|
|
2018-02-01 03:18:46 +01:00
|
|
|
struct hashfile *create_tmp_packfile(char **pack_tmp_name)
|
2011-10-28 20:52:14 +02:00
|
|
|
{
|
2017-03-28 21:45:43 +02:00
|
|
|
struct strbuf tmpname = STRBUF_INIT;
|
2011-10-28 20:52:14 +02:00
|
|
|
int fd;
|
|
|
|
|
2017-03-28 21:45:43 +02:00
|
|
|
fd = odb_mkstemp(&tmpname, "pack/tmp_pack_XXXXXX");
|
|
|
|
*pack_tmp_name = strbuf_detach(&tmpname, NULL);
|
2018-02-01 03:18:46 +01:00
|
|
|
return hashfd(fd, *pack_tmp_name);
|
2011-10-28 20:52:14 +02:00
|
|
|
}
|
2011-10-28 21:34:09 +02:00
|
|
|
|
2014-03-03 10:24:29 +01:00
|
|
|
void finish_tmp_packfile(struct strbuf *name_buffer,
|
2011-10-28 21:34:09 +02:00
|
|
|
const char *pack_tmp_name,
|
|
|
|
struct pack_idx_entry **written_list,
|
|
|
|
uint32_t nr_written,
|
|
|
|
struct pack_idx_option *pack_idx_opts,
|
|
|
|
unsigned char sha1[])
|
|
|
|
{
|
|
|
|
const char *idx_tmp_name;
|
2014-03-03 10:24:29 +01:00
|
|
|
int basename_len = name_buffer->len;
|
2011-10-28 21:34:09 +02:00
|
|
|
|
|
|
|
if (adjust_shared_perm(pack_tmp_name))
|
|
|
|
die_errno("unable to make temporary pack file readable");
|
|
|
|
|
|
|
|
idx_tmp_name = write_idx_file(NULL, written_list, nr_written,
|
|
|
|
pack_idx_opts, sha1);
|
|
|
|
if (adjust_shared_perm(idx_tmp_name))
|
|
|
|
die_errno("unable to make temporary index file readable");
|
|
|
|
|
2014-03-03 10:24:29 +01:00
|
|
|
strbuf_addf(name_buffer, "%s.pack", sha1_to_hex(sha1));
|
2011-10-28 21:34:09 +02:00
|
|
|
|
2014-03-03 10:24:29 +01:00
|
|
|
if (rename(pack_tmp_name, name_buffer->buf))
|
2011-10-28 21:34:09 +02:00
|
|
|
die_errno("unable to rename temporary pack file");
|
|
|
|
|
2014-03-03 10:24:29 +01:00
|
|
|
strbuf_setlen(name_buffer, basename_len);
|
|
|
|
|
|
|
|
strbuf_addf(name_buffer, "%s.idx", sha1_to_hex(sha1));
|
|
|
|
if (rename(idx_tmp_name, name_buffer->buf))
|
2011-10-28 21:34:09 +02:00
|
|
|
die_errno("unable to rename temporary index file");
|
|
|
|
|
2014-03-03 10:24:29 +01:00
|
|
|
strbuf_setlen(name_buffer, basename_len);
|
pack-objects: implement bitmap writing
This commit extends more the functionality of `pack-objects` by allowing
it to write out a `.bitmap` index next to any written packs, together
with the `.idx` index that currently gets written.
If bitmap writing is enabled for a given repository (either by calling
`pack-objects` with the `--write-bitmap-index` flag or by having
`pack.writebitmaps` set to `true` in the config) and pack-objects is
writing a packfile that would normally be indexed (i.e. not piping to
stdout), we will attempt to write the corresponding bitmap index for the
packfile.
Bitmap index writing happens after the packfile and its index has been
successfully written to disk (`finish_tmp_packfile`). The process is
performed in several steps:
1. `bitmap_writer_set_checksum`: this call stores the partial
checksum for the packfile being written; the checksum will be
written in the resulting bitmap index to verify its integrity
2. `bitmap_writer_build_type_index`: this call uses the array of
`struct object_entry` that has just been sorted when writing out
the actual packfile index to disk to generate 4 type-index bitmaps
(one for each object type).
These bitmaps have their nth bit set if the given object is of
the bitmap's type. E.g. the nth bit of the Commits bitmap will be
1 if the nth object in the packfile index is a commit.
This is a very cheap operation because the bitmap writing code has
access to the metadata stored in the `struct object_entry` array,
and hence the real type for each object in the packfile.
3. `bitmap_writer_reuse_bitmaps`: if there exists an existing bitmap
index for one of the packfiles we're trying to repack, this call
will efficiently rebuild the existing bitmaps so they can be
reused on the new index. All the existing bitmaps will be stored
in a `reuse` hash table, and the commit selection phase will
prioritize these when selecting, as they can be written directly
to the new index without having to perform a revision walk to
fill the bitmap. This can greatly speed up the repack of a
repository that already has bitmaps.
4. `bitmap_writer_select_commits`: if bitmap writing is enabled for
a given `pack-objects` run, the sequence of commits generated
during the Counting Objects phase will be stored in an array.
We then use that array to build up the list of selected commits.
Writing a bitmap in the index for each object in the repository
would be cost-prohibitive, so we use a simple heuristic to pick
the commits that will be indexed with bitmaps.
The current heuristics are a simplified version of JGit's
original implementation. We select a higher density of commits
depending on their age: the 100 most recent commits are always
selected, after that we pick 1 commit of each 100, and the gap
increases as the commits grow older. On top of that, we make sure
that every single branch that has not been merged (all the tips
that would be required from a clone) gets their own bitmap, and
when selecting commits between a gap, we tend to prioritize the
commit with the most parents.
Do note that there is no right/wrong way to perform commit
selection; different selection algorithms will result in
different commits being selected, but there's no such thing as
"missing a commit". The bitmap walker algorithm implemented in
`prepare_bitmap_walk` is able to adapt to missing bitmaps by
performing manual walks that complete the bitmap: the ideal
selection algorithm, however, would select the commits that are
more likely to be used as roots for a walk in the future (e.g.
the tips of each branch, and so on) to ensure a bitmap for them
is always available.
5. `bitmap_writer_build`: this is the computationally expensive part
of bitmap generation. Based on the list of commits that were
selected in the previous step, we perform several incremental
walks to generate the bitmap for each commit.
The walks begin from the oldest commit, and are built up
incrementally for each branch. E.g. consider this dag where A, B,
C, D, E, F are the selected commits, and a, b, c, e are a chunk
of simplified history that will not receive bitmaps.
A---a---B--b--C--c--D
\
E--e--F
We start by building the bitmap for A, using A as the root for a
revision walk and marking all the objects that are reachable
until the walk is over. Once this bitmap is stored, we reuse the
bitmap walker to perform the walk for B, assuming that once we
reach A again, the walk will be terminated because A has already
been SEEN on the previous walk.
This process is repeated for C, and D, but when we try to
generate the bitmaps for E, we can reuse neither the current walk
nor the bitmap we have generated so far.
What we do now is resetting both the walk and clearing the
bitmap, and performing the walk from scratch using E as the
origin. This new walk, however, does not need to be completed.
Once we hit B, we can lookup the bitmap we have already stored
for that commit and OR it with the existing bitmap we've composed
so far, allowing us to limit the walk early.
After all the bitmaps have been generated, another iteration
through the list of commits is performed to find the best XOR
offsets for compression before writing them to disk. Because of
the incremental nature of these bitmaps, XORing one of them with
its predecesor results in a minimal "bitmap delta" most of the
time. We can write this delta to the on-disk bitmap index, and
then re-compose the original bitmaps by XORing them again when
loaded.
This is a phase very similar to pack-object's `find_delta` (using
bitmaps instead of objects, of course), except the heuristics
have been greatly simplified: we only check the 10 bitmaps before
any given one to find best compressing one. This gives good
results in practice, because there is locality in the ordering of
the objects (and therefore bitmaps) in the packfile.
6. `bitmap_writer_finish`: the last step in the process is
serializing to disk all the bitmap data that has been generated
in the two previous steps.
The bitmap is written to a tmp file and then moved atomically to
its final destination, using the same process as
`pack-write.c:write_idx_file`.
Signed-off-by: Vicent Marti <tanoku@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-21 15:00:16 +01:00
|
|
|
|
2011-10-28 21:34:09 +02:00
|
|
|
free((void *)idx_tmp_name);
|
|
|
|
}
|