Commit Graph

180 Commits

Author SHA1 Message Date
Jens Axboe
7872e05567 git-daemon poll() spinning out of control
With the '0' timeout given to poll, it returns instantly without any
events on my system, causing git-daemon to consume all the CPU time. Use
-1 as the timeout so poll() only returns in case of EINTR or actually
events being available.

Signed-off-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-10-20 21:26:31 -07:00
H. Peter Anvin
960deccb26 git-daemon: timeout, eliminate double DWIM
It turns out that not only did git-daemon do DWIM, but git-upload-pack
does as well.  This is bad; security checks have to be performed *after*
canonicalization, not before.

Additionally, the current git-daemon can be trivially DoSed by spewing
SYNs at the target port.

This patch adds a --strict option to git-upload-pack to disable all
DWIM, a --timeout option to git-daemon and git-upload-pack, and an
--init-timeout option to git-daemon (which is typically set to a much
lower value, since the initial request should come immediately from the
client.)

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-10-19 14:27:01 -07:00
H. Peter Anvin
3e04c62daa revised^2: git-daemon extra paranoia, and path DWIM
This patch adds some extra paranoia to the git-daemon filename test.  In
particular, it now rejects pathnames containing //; it also adds a
redundant test for pathname absoluteness (belts and suspenders.)

A single / at the end of the path is still permitted, however, and the
.git and /.git append DWIM stuff is now handled in an integrated manner,
which means the resulting path will always be subjected to pathname checks.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-10-18 18:26:52 -07:00
Linus Torvalds
230f13225d Create object subdirectories on demand
This makes it possible to have a "sparse" git object subdirectory
structure, something that has become much more attractive now that people
use pack-files all the time.

As a result of pack-files, a git object directory doesn't necessarily have
any individual objects lying around, and in that case it's just wasting
space to keep the empty first-level object directories around: on many
filesystems the 256 empty directories will be aboue 1MB of diskspace.

Even more importantly, after you re-pack a project that _used_ to be
unpacked, you could be left with huge directories that no longer contain
anything, but that waste space and take time to look through.

With this change, "git prune-packed" can just do an rmdir() on the
directories, and they'll get removed if empty, and re-created on demand.

This patch also tries to fix up "write_sha1_from_fd()" to use the new
common infrastructure for creating the object files, closing a hole where
we might otherwise leave half-written objects in the object database.

[jc: I unoptimized the part that really removes the fan-out directories
 to ease transition.  init-db still wastes 1MB of diskspace to hold 256
 empty fan-outs, and prune-packed rmdir()'s the grown but empty directories,
 but runs mkdir() immediately after that -- reducing the saving from 150KB
 to 146KB.  These parts will be re-introduced when everybody has the
 on-demand capability.]

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-10-08 15:54:01 -07:00
H. Peter Anvin
9220282a9c Move signal setting into service_loop() 2005-09-30 11:01:57 -07:00
H. Peter Anvin
7626e49e9f socklen_t is unsigned int on most Linux platforms 2005-09-30 10:48:21 -07:00
H. Peter Anvin
1b4713fb9e Use xmalloc/xcalloc 2005-09-30 10:47:50 -07:00
H. Peter Anvin
d6b89e7bf8 Don't need <alloca.h> 2005-09-30 10:46:42 -07:00
H. Peter Anvin
300b4801b7 Merge with master.kernel.org:/pub/scm/git/git.git 2005-09-30 10:44:21 -07:00
Pavel Roskin
cdda474525 [PATCH] Make logerror() and loginfo() static
Make logerror() and loginfo() static

logerror() and loginfo() in daemon.c are never declared and never called
from other files, therefore they should be declared static.  Found by
sparse.

Signed-off-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-29 22:47:40 -07:00
Peter Anvin
e72456bb67 Remove variables not needed when using poll 2005-09-28 18:01:55 -07:00
Peter Anvin
6573faff34 NO_IPV6 support for git daemon 2005-09-28 17:26:44 -07:00
H. Peter Anvin
47888f0f31 Restore chdir(".git") 2005-09-27 08:49:40 -07:00
H. Peter Anvin
4ae9568269 Support a modicum of path validation, and allow an export all trees option. 2005-09-26 19:10:55 -07:00
Petr Baudis
da38641d7c [PATCH] Rename daemon.c's lognotice() to loginfo()
The syslog code logs with severity LOG_INFO in the loginfo() function, so make
things less confusing.

Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-24 11:20:45 -07:00
Petr Baudis
9048fe1c50 [PATCH] git-daemon --syslog to log through syslog
Well, this makes it even more clear that we need the packet reader and
friends to use the daemon logging code. :/  Therefore, we at least indicate
in the "Disconnect" log message if the child process exitted with an error
code or not.

Idea by Linus.

Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-24 11:20:45 -07:00
Junio C Hamano
1bedd4ca21 daemon.c: pid_t is not int.
Reported by Morten Welinder <mwelinder@gmail.com>.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-23 23:26:55 -07:00
Petr Baudis
f8ff0c0641 [PATCH] Verbose git-daemon logging
This patch makes git-daemon --verbose log some useful things on stderr -
in particular connects, disconnects and upload requests, and in such a
way to be able to trace a particular session. Some more errors are now
also logged (even when --verbose is not passed). It is still not perfect
since messages produced by the non-daemon-specific code are obviously
not formatted properly.

[jc: With minor fix up in the log line truncation, and
 use of write(2) as suggested by Linus.]

Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-22 18:00:28 -07:00
Junio C Hamano
7fa090844f Use int instead of socklen_t
This should work around the compilation problem Johannes Schindelin
and others had on Mac OS/X.

Quoting Linus:

    Any operating system where socklen_t is anything else than "int" is
    terminally broken. The people who introduced that typedef were confused,
    and I actually had to argue with them that it was fundamentally wrong:
    there is no other valid type than "int" that makes sense for it.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-11 18:55:20 -07:00
lars.doelle@on-line.de
7c3693f1f2 [PATCH] git-daemon --inetd
git-daemon using inetd. does not work properly. inetd routes stderr onto the
network line just like stdout, which was apparently not expected to be so.

As the result of this, the stream is closed by the receiver, because some
"Packing %d objects\n" originating from pack_objects is first reported over
the line instead of the expected pack_header, and so the SIGNATURE test
fails.  Here is a workaround.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-07 22:08:30 -07:00
Jason Riedy
3cd6ecda4a Include sys/time.h in daemon.c.
Some systems and feature levels want sys/time.h for fd_set
functionality.

Signed-off-by: Jason Riedy <ejr@cs.berkeley.edu>
2005-08-23 20:41:12 -07:00
Junio C Hamano
1eef0b33c6 daemon.c: squelch error message from EINTR
Every time after servicing the connection, select() first fails
with EINTR and ends up waiting for one second before serving the
next client.  The sleep() was placed by the original author per
suggestion from the list to avoid spinning on failing select,
but at least this EINTR situation should not result in "at most
one client per second" service limit.

I am not sure if this is the right fix, but WTH.  The king
penguin says that serious people would run the daemon under
inetd anyway, and I agree with that.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-08-05 01:27:13 -07:00
Linus Torvalds
4d8fa916c9 [PATCH] Fix sparse warnings
A few sparse warnings have crept in again since I checked last time:
undeclared variables with global scope.

Fix them by marking the private variables properly "static".

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-08-01 13:28:58 -07:00
YOSHIFUJI Hideaki
df076bdbcc [PATCH] GIT: Listen on IPv6 as well, if available.
Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-07-27 22:47:07 -07:00
Linus Torvalds
02d57da4a5 Be slightly smarter about git-daemon client shutdown
Shut down connections that haven't even identified themselves as git
clients first.  That should get rid of people who just connect to the
port and wait for something to happen.
2005-07-15 22:53:31 -07:00
Linus Torvalds
66e631def8 git-daemon: actually remember the children we have outstanding
This is using a lockless approach that allows us to handle children
dying without having to block SIGCHLD.

Right now our "solution" to too many kids is pretty damn rough, but it
at least shows what you can do.
2005-07-15 21:51:57 -07:00
Linus Torvalds
eaa9491955 git-daemon: keep track of children
We don't want them as zombies, and eventually we'll want to limit their
number. Right now we just count them.
2005-07-15 20:42:28 -07:00
Linus Torvalds
e64e1b79d7 Add "--inetd" flag to git-daemon
All credit go to Alexey Nezhdanov <snake@penza-gsm.ru>, I just ended up
re-implementing his idea.
2005-07-15 09:32:16 -07:00
Linus Torvalds
7d80694af1 git-daemon: re-organize code a bit for --inetd flag
Alexey Nezhdanov sent a patch that made git-daemon usable from inetd (ie
where inetd has already done the accept on the new connection, the fork,
and the setup of stdin/stdout).  I wanted to organize the thing slightly
differently, though.
2005-07-15 09:27:05 -07:00
Linus Torvalds
a87e8be2ae Add a "git-daemon" that listens on a TCP port
.. and does a "git-upload-pack" on demand.
2005-07-13 19:45:26 -07:00