Commit Graph

37816 Commits

Author SHA1 Message Date
Michael Haggerty
daccee387a try_merge_strategy(): use a statically-allocated lock_file object
Even the one lockfile object needn't be allocated each time the
function is called.  Instead, define one statically-allocated
lock_file object and reuse it for every call.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:49:01 -07:00
Michael Haggerty
1fef4b5041 try_merge_strategy(): remove redundant lock_file allocation
By the time the "if" block is entered, the lock_file instance from the
main function block is no longer in use, so re-use that one instead of
allocating a second one.

Note that the "lock" variable in the "if" block shadowed the "lock"
variable at function scope, so the only change needed is to remove the
inner definition.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:49:00 -07:00
Michael Haggerty
2091c5062c struct lock_file: declare some fields volatile
The function remove_lock_file_on_signal() is used as a signal handler.
It is not realistic to make the signal handler conform strictly to the
C standard, which is very restrictive about what a signal handler is
allowed to do.  But let's increase the likelihood that it will work:

The lock_file_list global variable and several fields from struct
lock_file are used by the signal handler.  Declare those values
"volatile" to (1) force the main process to write the values to RAM
promptly, and (2) prevent updates to these fields from being reordered
in a way that leaves an opportunity for a jump to the signal handler
while the object is in an inconsistent state.

We don't mark the filename field volatile because that would prevent
the use of strcpy(), and it is anyway unlikely that a compiler
re-orders a strcpy() call across other expressions.  So in practice it
should be possible to get away without "volatile" in the "filename"
case.

Suggested-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:49:00 -07:00
Michael Haggerty
707103fdfd lockfile: avoid transitory invalid states
Because remove_lock_file() can be called any time by the signal
handler, it is important that any lock_file objects that are in the
lock_file_list are always in a valid state.  And since lock_file
objects are often reused (but are never removed from lock_file_list),
that means we have to be careful whenever mutating a lock_file object
to always keep it in a well-defined state.

This was formerly not the case, because part of the state was encoded
by setting lk->filename to the empty string vs. a valid filename.  It
is wrong to assume that this string can be updated atomically; for
example, even

    strcpy(lk->filename, value)

is unsafe.  But the old code was even more reckless; for example,

    strcpy(lk->filename, path);
    if (!(flags & LOCK_NODEREF))
            resolve_symlink(lk->filename, max_path_len);
    strcat(lk->filename, ".lock");

During the call to resolve_symlink(), lk->filename contained the name
of the file that was being locked, not the name of the lockfile.  If a
signal were raised during that interval, then the signal handler would
have deleted the valuable file!

We could probably continue to use the filename field to encode the
state by being careful to write characters 1..N-1 of the filename
first, and then overwrite the NUL at filename[0] with the first
character of the filename, but that would be awkward and error-prone.

So, instead of using the filename field to determine whether the
lock_file object is active, add a new field "lock_file::active" for
this purpose.  Be careful to set this field only when filename really
contains the name of a file that should be deleted on cleanup.

Helped-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:48:59 -07:00
Michael Haggerty
e831855ecc git_config_set_multivar_in_file(): avoid call to rollback_lock_file()
After commit_lock_file() is called, then the lock_file object is
necessarily either committed or rolled back.  So there is no need to
call rollback_lock_file() again in either of these cases.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:48:59 -07:00
Michael Haggerty
32c3ec258e dump_marks(): remove a redundant call to rollback_lock_file()
When commit_lock_file() fails, it now always calls
rollback_lock_file() internally, so there is no need to call that
function here.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:48:59 -07:00
Michael Haggerty
d75145acf6 api-lockfile: document edge cases
* Document the behavior of commit_lock_file() when it fails, namely
  that it rolls back the lock_file object and sets errno
  appropriately.

* Document the behavior of rollback_lock_file() when called for a
  lock_file object that has already been committed or rolled back,
  namely that it is a NOOP.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:14 -07:00
Michael Haggerty
1b1648f46b commit_lock_file(): rollback lock file on failure to rename
If rename() fails, call rollback_lock_file() to delete the lock file
(in case it is still present) and reset the filename field to the
empty string so that the lockfile object is left in a valid state.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:14 -07:00
Michael Haggerty
8e86c155d2 close_lock_file(): if close fails, roll back
If closing an open lockfile fails, then we cannot be sure of the
contents of the lockfile, so there is nothing sensible to do but
delete it. This change also insures that the lock_file object is left
in a defined state in this error path (namely, unlocked).

The only caller that is ultimately affected by this change is
try_merge_strategy() -> write_locked_index(), which can call
close_lock_file() via various execution paths. This caller uses a
static lock_file object which previously could have been reused after
a failed close_lock_file() even though it was still in locked state.
This change causes the lock_file object to be unlocked on failure,
thus fixing this error-handling path.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:13 -07:00
Michael Haggerty
8a1c7533e2 commit_lock_file(): die() if called for unlocked lockfile object
It was previously a bug to call commit_lock_file() with a lock_file
object that was not active (an illegal access would happen within the
function).  It was presumably never done, but this would be an easy
programming error to overlook.  So before continuing, do a consistency
check that the lock_file object really is locked.

Helped-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:13 -07:00
Michael Haggerty
4f4713df94 commit_lock_file(): inline temporary variable
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:13 -07:00
Michael Haggerty
a1754bcce9 remove_lock_file(): call rollback_lock_file()
It does just what we need.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:12 -07:00
Michael Haggerty
e31e949b9f lock_file(): exit early if lockfile cannot be opened
This is a bit easier to read than the old version, which nested part
of the non-error code in an "if" block.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Ronnie Sahlberg <sahlberg@google.com>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:12 -07:00
Michael Haggerty
35ff08be09 prepare_index(): declare return value to be (const char *)
Declare the return value to be const to make it clear that we aren't
giving callers permission to write over the string that it points at.
(The return value is the filename field of a struct lock_file, which
can be used by a signal handler at any time and therefore shouldn't be
tampered with.)

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:12 -07:00
Michael Haggerty
91f1f19184 delete_ref_loose(): don't muck around in the lock_file's filename
It's bad manners. Especially since there could be a signal during the
call to unlink_or_warn(), in which case the signal handler will see
the wrong filename and delete the reference file, leaving the lockfile
behind.

So make our own copy to work with.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:11 -07:00
Michael Haggerty
7108ad232f cache.h: define constants LOCK_SUFFIX and LOCK_SUFFIX_LEN
There are a few places that use these values, so define constants for
them.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:11 -07:00
Michael Haggerty
0a06f14837 lockfile.c: document the various states of lock_file objects
Document the valid states of lock_file objects, how they get into each
state, and how the state is encoded in the object's fields.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Ronnie Sahlberg <sahlberg@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:11 -07:00
Michael Haggerty
04e57d4d32 lock_file(): always initialize and register lock_file object
The purpose of this change is to make the state diagram for
lock_file objects simpler and deterministic.

If locking fails, lock_file() sometimes leaves the lock_file object
partly initialized, but sometimes not. It sometimes registers the
object in lock_file_list, but sometimes not. This makes the state
diagram for lock_file objects effectively indeterministic and hard
to reason about. A future patch will also change the filename field
into a strbuf, which needs more involved initialization, so it will
become even more important that the state of a lock_file object is
well-defined after a failed attempt to lock.

The ambiguity doesn't currently have any ill effects, because
lock_file objects cannot be removed from the lock_file_list anyway.
But to make it easier to document and reason about the code, make
this behavior consistent: *always* initialize the lock_file object
and *always* register it in lock_file_list the first time it is
used, regardless of whether an error occurs.

While we're at it, make sure that all of the lock_file fields are
initialized to values appropriate for an unlocked object; the caller
is only responsible for making sure that on_list is set to zero before
the first time it is used.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:43:50 -07:00
Michael Haggerty
ebb8e380e9 hold_lock_file_for_append(): release lock on errors
If there is an error copying the old contents to the lockfile, roll
back the lockfile before exiting so that the lockfile is not held
until process cleanup.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:42 -07:00
Michael Haggerty
41dd4ffaf9 lockfile: unlock file if lockfile permissions cannot be adjusted
If the call to adjust_shared_perm() fails, lock_file returns -1, which
to the caller looks like any other failure to lock the file.  So in
this case, roll back the lockfile before returning so that the lock
file is deleted immediately and the lockfile object is left in a
predictable state (namely, unlocked).  Previously, the lockfile was
retained until process cleanup in this situation.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:41 -07:00
Michael Haggerty
26f5d3b65f rollback_lock_file(): set fd to -1
When rolling back the lockfile, call close_lock_file() so that the
lock_file's fd field gets set back to -1. This keeps the lock_file
object in a valid state, which is important because these objects are
allowed to be reused. It also makes it unnecessary to check whether
the file has already been closed, because close_lock_file() takes care
of that.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:41 -07:00
Michael Haggerty
9085f8e279 rollback_lock_file(): exit early if lock is not active
Eliminate a layer of nesting.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Ronnie Sahlberg <sahlberg@google.com>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:40 -07:00
Michael Haggerty
5527d5349b rollback_lock_file(): do not clear filename redundantly
It is only necessary to clear the lock_file's filename field if it was
not already clear.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Ronnie Sahlberg <sahlberg@google.com>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:39 -07:00
Michael Haggerty
419f0c0f68 close_lock_file(): exit (successfully) if file is already closed
Suggested-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:39 -07:00
Michael Haggerty
a5e48669a2 api-lockfile: revise and expand the documentation
Document a couple more functions and the flags argument as used by
hold_lock_file_for_update() and hold_lock_file_for_append().
Reorganize the document to make it more accessible.

Helped-by: Jonathan Nieder <jrnieder@gmail.com>
Helped-by: Junio Hamano <gitster@pobox.com>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:38 -07:00
Michael Haggerty
e197c21807 unable_to_lock_die(): rename function from unable_to_lock_index_die()
This function is used for other things besides the index, so rename it
accordingly.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Ronnie Sahlberg <sahlberg@google.com>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:38 -07:00
Junio C Hamano
565301e416 Sync with 2.1.2
* maint:
  Git 2.1.2
2014-09-29 22:17:57 -07:00
Junio C Hamano
7dded6610e Merge branch 'jt/itimer-autoconf'
setitmer(2) and related API elements can be configured from
Makefile but autoconf did not know about it.

* jt/itimer-autoconf:
  autoconf: check for setitimer()
  autoconf: check for struct itimerval
  git-compat-util.h: add missing semicolon after struct itimerval
2014-09-29 22:17:24 -07:00
Junio C Hamano
0ba92ef338 Merge branch 'jc/test-lazy-prereq'
Test-script clean-up.

* jc/test-lazy-prereq:
  tests: drop GIT_*_TIMING_TESTS environment variable support
2014-09-29 22:17:23 -07:00
Junio C Hamano
ab9bc95d53 Merge branch 'sb/merge-recursive-copy-paste-fix'
"git merge-recursive" had a small bug that could have made it
mishandle "one side deleted, the other side did not touch it" in a
rare corner case, where the other side actually did touch to cause
the blob object names to be different but both blobs before and
after the change normalize to the same (e.g. correcting mistake to
check in a blob with CRLF line endings by replacing it with another
blob that records the same contents with LF line endings).

* sb/merge-recursive-copy-paste-fix:
  merge-recursive: remove stale commented debugging code
  merge-recursive: fix copy-paste mistake
2014-09-29 22:17:22 -07:00
Junio C Hamano
131f0315c4 Merge branch 'pr/use-default-sigpipe-setting'
We used to get confused when a process called us with SIGPIPE
ignored; we do want to die with SIGPIPE when the output is not
read by default, and do ignore the signal when appropriate.

* pr/use-default-sigpipe-setting:
  mingw.h: add dummy functions for sigset_t operations
  unblock and unignore SIGPIPE
2014-09-29 22:17:20 -07:00
Junio C Hamano
80b616d04b Git 2.1.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-29 22:15:00 -07:00
Junio C Hamano
46c8f859b7 Merge branch 'jk/fsck-exit-code-fix' into maint
"git fsck" failed to report that it found corrupt objects via its
exit status in some cases.

* jk/fsck-exit-code-fix:
  fsck: return non-zero status on missing ref tips
  fsck: exit with non-zero status upon error from fsck_obj()
2014-09-29 22:10:55 -07:00
Junio C Hamano
102edda4df Merge branch 'ta/config-add-to-empty-or-true-fix' into maint
"git config --add section.var val" used to lose existing
section.var whose value was an empty string.

* ta/config-add-to-empty-or-true-fix:
  config: avoid a funny sentinel value "a^"
  make config --add behave correctly for empty and NULL values
2014-09-29 22:10:25 -07:00
Junio C Hamano
421ec4f8d1 Merge branch 'mk/reachable-protect-detached-head' into maint
Reachability check (used in "git prune" and friends) did not add a
detached HEAD as a starting point to traverse objects still in use.

* mk/reachable-protect-detached-head:
  reachable.c: add HEAD to reachability starting commits
2014-09-29 22:10:04 -07:00
Junio C Hamano
5b830a8588 Merge branch 'mb/fast-import-delete-root' into maint
An attempt to remove the entire tree in the "git fast-import" input
stream caused it to misbehave.

* mb/fast-import-delete-root:
  fast-import: fix segfault in store_tree()
  t9300: test filedelete command
2014-09-29 22:09:48 -07:00
Junio C Hamano
46092ebf22 Merge branch 'jk/index-pack-threading-races' into maint
When receiving an invalid pack stream that records the same object
twice, multiple threads got confused due to a race.

* jk/index-pack-threading-races:
  index-pack: fix race condition with duplicate bases
2014-09-29 22:09:24 -07:00
Junio C Hamano
060517093e Merge branch 'jk/send-pack-many-refspecs' into maint
"git push" over HTTP transport had an artificial limit on number of
refs that can be pushed imposed by the command line length.

* jk/send-pack-many-refspecs:
  send-pack: take refspecs over stdin
2014-09-29 22:08:17 -07:00
Junio C Hamano
e7867e80f0 Merge branch 'so/rebase-doc' into maint
* so/rebase-doc:
  Documentation/git-rebase.txt: <upstream> must be given to specify <branch>
  Documentation/git-rebase.txt: -f forces a rebase that would otherwise be a no-op
2014-09-29 22:08:12 -07:00
Junio C Hamano
0bf7dd652c Update draft release notes to 2.2 2014-09-29 12:44:43 -07:00
Junio C Hamano
26d0587389 Merge branch 'jk/mbox-from-line'
Some MUAs mangled a line in a message that begins with "From " to
">From " when writing to a mailbox file and feeding such an input
to "git am" used to lose such a line.

* jk/mbox-from-line:
  mailinfo: work around -Wstring-plus-int warning
  mailinfo: make ">From" in-body header check more robust
2014-09-29 12:36:15 -07:00
Junio C Hamano
12ba0e771c Merge branch 'sb/t6031-typofix'
* sb/t6031-typofix:
  t6031-test-merge-recursive: do not forget to add file to be committed
2014-09-29 12:36:14 -07:00
Junio C Hamano
4d4dc66df0 Merge branch 'sb/t9300-typofix'
* sb/t9300-typofix:
  t9300-fast-import: fix typo in test description
2014-09-29 12:36:13 -07:00
Junio C Hamano
60dfd8461b Merge branch 'rs/remote-simplify'
* rs/remote-simplify:
  remote: simplify match_name_with_pattern() using strbuf
2014-09-29 12:36:12 -07:00
Junio C Hamano
0a2ba82c76 Merge branch 'rs/graph-simplify'
* rs/graph-simplify:
  graph: simplify graph_padding_line()
2014-09-29 12:36:11 -07:00
Junio C Hamano
507fe835ed Merge branch 'da/rev-parse-verify-quiet'
"rev-parse --verify --quiet $name" is meant to quietly exit with a
non-zero status when $name is not a valid object name, but still
gave error messages in some cases.

* da/rev-parse-verify-quiet:
  stash: prefer --quiet over shell redirection of the standard error stream
  refs: make rev-parse --quiet actually quiet
  t1503: use test_must_be_empty
  Documentation: a note about stdout for git rev-parse --verify --quiet
2014-09-29 12:36:10 -07:00
Junio C Hamano
b8e533f12a Merge branch 'hj/pretty-naked-decoration'
The pretty-format specifier "%d", which expanded to " (tagname)"
for a tagged commit, gained a cousin "%D" that just gives the
"tagname" without frills.

* hj/pretty-naked-decoration:
  pretty: add %D format specifier
2014-09-29 12:36:09 -07:00
Junio C Hamano
a9583afc1d Merge branch 'maint'
* maint:
  l10n: de.po: use comma before "um"
  l10n: de.po: change Email to E-Mail
  po/TEAMS: add new member to German translation team
2014-09-28 00:03:25 -07:00
Junio C Hamano
62b553cdd6 Merge branch 'maint' of git://github.com/git-l10n/git-po into maint
* 'maint' of git://github.com/git-l10n/git-po:
  l10n: de.po: use comma before "um"
  l10n: de.po: change Email to E-Mail
  po/TEAMS: add new member to German translation team
2014-09-28 00:02:57 -07:00
Junio C Hamano
d29e9c89db Update draft release notes to 2.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-26 14:59:32 -07:00