22613b25ec
In the tmp-objdir api, tmp_objdir_create will create a temporary
directory but also register signal handlers responsible for removing
the directory's contents and the directory itself. However, the
function responsible for recursively removing the contents and
directory, remove_dir_recurse() calls opendir(3) and closedir(3).
This can be problematic because these functions allocate and free
memory, which are not async-signal-safe functions. This can lead to
deadlocks.
One place we call tmp_objdir_create() is in git-receive-pack, where
we create a temporary quarantine directory "incoming". Incoming
objects will be written to this directory before they get moved to
the object directory.
We have observed this code leading to a deadlock:
Thread 1 (Thread 0x7f621ba0b200 (LWP 326305)):
#0 __lll_lock_wait_private (futex=futex@entry=0x7f621bbf8b80
<main_arena>) at ./lowlevellock.c:35
#1 0x00007f621baa635b in __GI___libc_malloc
(bytes=bytes@entry=32816) at malloc.c:3064
#2 0x00007f621bae9f49 in __alloc_dir (statp=0x7fff2ea7ed60,
flags=0, close_fd=true, fd=5)
at ../sysdeps/posix/opendir.c:118
#3 opendir_tail (fd=5) at ../sysdeps/posix/opendir.c:69
#4 __opendir (name=<optimized out>)
at ../sysdeps/posix/opendir.c:92
#5 0x0000557c19c77de1 in remove_dir_recurse ()
git#6 0x0000557c19d81a4f in remove_tmp_objdir_on_signal ()
#7 <signal handler called>
git#8 _int_malloc (av=av@entry=0x7f621bbf8b80 <main_arena>,
bytes=bytes@entry=7160) at malloc.c:4116
git#9 0x00007f621baa62c9 in __GI___libc_malloc (bytes=7160)
at malloc.c:3066
git#10 0x00007f621bd1e987 in inflateInit2_ ()
from /opt/gitlab/embedded/lib/libz.so.1
git#11 0x0000557c19dbe5f4 in git_inflate_init ()
git#12 0x0000557c19cee02a in unpack_compressed_entry ()
git#13 0x0000557c19cf08cb in unpack_entry ()
git#14 0x0000557c19cf0f32 in packed_object_info ()
git#15 0x0000557c19cd68cd in do_oid_object_info_extended ()
git#16 0x0000557c19cd6e2b in read_object_file_extended ()
git#17 0x0000557c19cdec2f in parse_object ()
git#18 0x0000557c19c34977 in lookup_commit_reference_gently ()
git#19 0x0000557c19d69309 in mark_uninteresting ()
git#20 0x0000557c19d2d180 in do_for_each_repo_ref_iterator ()
git#21 0x0000557c19d21678 in for_each_ref ()
git#22 0x0000557c19d6a94f in assign_shallow_commits_to_refs ()
git#23 0x0000557c19bc02b2 in cmd_receive_pack ()
git#24 0x0000557c19b29fdd in handle_builtin ()
git#25 0x0000557c19b2a526 in cmd_main ()
git#26 0x0000557c19b28ea2 in main ()
Since we can't do the cleanup in a portable and signal-safe way, skip
the cleanup when we're handling a signal.
This means that when signal handling, the temporary directory may not
get cleaned up properly. This is mitigated by b3cecf49ea
(tmp-objdir: new
API for creating temporary writable databases, 2021-12-06) which changed
the default name and allows gc to clean up these temporary directories.
In the event of a normal exit, we should still be cleaning up via the
atexit() handler.
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: John Cai <johncai86@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
317 lines
7.0 KiB
C
317 lines
7.0 KiB
C
#include "cache.h"
|
|
#include "tmp-objdir.h"
|
|
#include "chdir-notify.h"
|
|
#include "dir.h"
|
|
#include "sigchain.h"
|
|
#include "string-list.h"
|
|
#include "strbuf.h"
|
|
#include "strvec.h"
|
|
#include "quote.h"
|
|
#include "object-store.h"
|
|
|
|
struct tmp_objdir {
|
|
struct strbuf path;
|
|
struct strvec env;
|
|
struct object_directory *prev_odb;
|
|
int will_destroy;
|
|
};
|
|
|
|
/*
|
|
* Allow only one tmp_objdir at a time in a running process, which simplifies
|
|
* our atexit cleanup routines. It's doubtful callers will ever need
|
|
* more than one, and we can expand later if so. You can have many such
|
|
* tmp_objdirs simultaneously in many processes, of course.
|
|
*/
|
|
static struct tmp_objdir *the_tmp_objdir;
|
|
|
|
static void tmp_objdir_free(struct tmp_objdir *t)
|
|
{
|
|
strbuf_release(&t->path);
|
|
strvec_clear(&t->env);
|
|
free(t);
|
|
}
|
|
|
|
int tmp_objdir_destroy(struct tmp_objdir *t)
|
|
{
|
|
int err;
|
|
|
|
if (!t)
|
|
return 0;
|
|
|
|
if (t == the_tmp_objdir)
|
|
the_tmp_objdir = NULL;
|
|
|
|
if (t->prev_odb)
|
|
restore_primary_odb(t->prev_odb, t->path.buf);
|
|
|
|
err = remove_dir_recursively(&t->path, 0);
|
|
|
|
tmp_objdir_free(t);
|
|
|
|
return err;
|
|
}
|
|
|
|
static void remove_tmp_objdir(void)
|
|
{
|
|
tmp_objdir_destroy(the_tmp_objdir);
|
|
}
|
|
|
|
void tmp_objdir_discard_objects(struct tmp_objdir *t)
|
|
{
|
|
remove_dir_recursively(&t->path, REMOVE_DIR_KEEP_TOPLEVEL);
|
|
}
|
|
|
|
/*
|
|
* These env_* functions are for setting up the child environment; the
|
|
* "replace" variant overrides the value of any existing variable with that
|
|
* "key". The "append" variant puts our new value at the end of a list,
|
|
* separated by PATH_SEP (which is what separate values in
|
|
* GIT_ALTERNATE_OBJECT_DIRECTORIES).
|
|
*/
|
|
static void env_append(struct strvec *env, const char *key, const char *val)
|
|
{
|
|
struct strbuf quoted = STRBUF_INIT;
|
|
const char *old;
|
|
|
|
/*
|
|
* Avoid quoting if it's not necessary, for maximum compatibility
|
|
* with older parsers which don't understand the quoting.
|
|
*/
|
|
if (*val == '"' || strchr(val, PATH_SEP)) {
|
|
strbuf_addch("ed, '"');
|
|
quote_c_style(val, "ed, NULL, 1);
|
|
strbuf_addch("ed, '"');
|
|
val = quoted.buf;
|
|
}
|
|
|
|
old = getenv(key);
|
|
if (!old)
|
|
strvec_pushf(env, "%s=%s", key, val);
|
|
else
|
|
strvec_pushf(env, "%s=%s%c%s", key, old, PATH_SEP, val);
|
|
|
|
strbuf_release("ed);
|
|
}
|
|
|
|
static void env_replace(struct strvec *env, const char *key, const char *val)
|
|
{
|
|
strvec_pushf(env, "%s=%s", key, val);
|
|
}
|
|
|
|
static int setup_tmp_objdir(const char *root)
|
|
{
|
|
char *path;
|
|
int ret = 0;
|
|
|
|
path = xstrfmt("%s/pack", root);
|
|
ret = mkdir(path, 0777);
|
|
free(path);
|
|
|
|
return ret;
|
|
}
|
|
|
|
struct tmp_objdir *tmp_objdir_create(const char *prefix)
|
|
{
|
|
static int installed_handlers;
|
|
struct tmp_objdir *t;
|
|
|
|
if (the_tmp_objdir)
|
|
BUG("only one tmp_objdir can be used at a time");
|
|
|
|
t = xcalloc(1, sizeof(*t));
|
|
strbuf_init(&t->path, 0);
|
|
strvec_init(&t->env);
|
|
|
|
/*
|
|
* Use a string starting with tmp_ so that the builtin/prune.c code
|
|
* can recognize any stale objdirs left behind by a crash and delete
|
|
* them.
|
|
*/
|
|
strbuf_addf(&t->path, "%s/tmp_objdir-%s-XXXXXX", get_object_directory(), prefix);
|
|
|
|
if (!mkdtemp(t->path.buf)) {
|
|
/* free, not destroy, as we never touched the filesystem */
|
|
tmp_objdir_free(t);
|
|
return NULL;
|
|
}
|
|
|
|
the_tmp_objdir = t;
|
|
if (!installed_handlers) {
|
|
atexit(remove_tmp_objdir);
|
|
installed_handlers++;
|
|
}
|
|
|
|
if (setup_tmp_objdir(t->path.buf)) {
|
|
tmp_objdir_destroy(t);
|
|
return NULL;
|
|
}
|
|
|
|
env_append(&t->env, ALTERNATE_DB_ENVIRONMENT,
|
|
absolute_path(get_object_directory()));
|
|
env_replace(&t->env, DB_ENVIRONMENT, absolute_path(t->path.buf));
|
|
env_replace(&t->env, GIT_QUARANTINE_ENVIRONMENT,
|
|
absolute_path(t->path.buf));
|
|
|
|
return t;
|
|
}
|
|
|
|
/*
|
|
* Make sure we copy packfiles and their associated metafiles in the correct
|
|
* order. All of these ends_with checks are slightly expensive to do in
|
|
* the midst of a sorting routine, but in practice it shouldn't matter.
|
|
* We will have a relatively small number of packfiles to order, and loose
|
|
* objects exit early in the first line.
|
|
*/
|
|
static int pack_copy_priority(const char *name)
|
|
{
|
|
if (!starts_with(name, "pack"))
|
|
return 0;
|
|
if (ends_with(name, ".keep"))
|
|
return 1;
|
|
if (ends_with(name, ".pack"))
|
|
return 2;
|
|
if (ends_with(name, ".rev"))
|
|
return 3;
|
|
if (ends_with(name, ".idx"))
|
|
return 4;
|
|
return 5;
|
|
}
|
|
|
|
static int pack_copy_cmp(const char *a, const char *b)
|
|
{
|
|
return pack_copy_priority(a) - pack_copy_priority(b);
|
|
}
|
|
|
|
static int read_dir_paths(struct string_list *out, const char *path)
|
|
{
|
|
DIR *dh;
|
|
struct dirent *de;
|
|
|
|
dh = opendir(path);
|
|
if (!dh)
|
|
return -1;
|
|
|
|
while ((de = readdir(dh)))
|
|
if (de->d_name[0] != '.')
|
|
string_list_append(out, de->d_name);
|
|
|
|
closedir(dh);
|
|
return 0;
|
|
}
|
|
|
|
static int migrate_paths(struct strbuf *src, struct strbuf *dst);
|
|
|
|
static int migrate_one(struct strbuf *src, struct strbuf *dst)
|
|
{
|
|
struct stat st;
|
|
|
|
if (stat(src->buf, &st) < 0)
|
|
return -1;
|
|
if (S_ISDIR(st.st_mode)) {
|
|
if (!mkdir(dst->buf, 0777)) {
|
|
if (adjust_shared_perm(dst->buf))
|
|
return -1;
|
|
} else if (errno != EEXIST)
|
|
return -1;
|
|
return migrate_paths(src, dst);
|
|
}
|
|
return finalize_object_file(src->buf, dst->buf);
|
|
}
|
|
|
|
static int migrate_paths(struct strbuf *src, struct strbuf *dst)
|
|
{
|
|
size_t src_len = src->len, dst_len = dst->len;
|
|
struct string_list paths = STRING_LIST_INIT_DUP;
|
|
int i;
|
|
int ret = 0;
|
|
|
|
if (read_dir_paths(&paths, src->buf) < 0)
|
|
return -1;
|
|
paths.cmp = pack_copy_cmp;
|
|
string_list_sort(&paths);
|
|
|
|
for (i = 0; i < paths.nr; i++) {
|
|
const char *name = paths.items[i].string;
|
|
|
|
strbuf_addf(src, "/%s", name);
|
|
strbuf_addf(dst, "/%s", name);
|
|
|
|
ret |= migrate_one(src, dst);
|
|
|
|
strbuf_setlen(src, src_len);
|
|
strbuf_setlen(dst, dst_len);
|
|
}
|
|
|
|
string_list_clear(&paths, 0);
|
|
return ret;
|
|
}
|
|
|
|
int tmp_objdir_migrate(struct tmp_objdir *t)
|
|
{
|
|
struct strbuf src = STRBUF_INIT, dst = STRBUF_INIT;
|
|
int ret;
|
|
|
|
if (!t)
|
|
return 0;
|
|
|
|
if (t->prev_odb) {
|
|
if (the_repository->objects->odb->will_destroy)
|
|
BUG("migrating an ODB that was marked for destruction");
|
|
restore_primary_odb(t->prev_odb, t->path.buf);
|
|
t->prev_odb = NULL;
|
|
}
|
|
|
|
strbuf_addbuf(&src, &t->path);
|
|
strbuf_addstr(&dst, get_object_directory());
|
|
|
|
ret = migrate_paths(&src, &dst);
|
|
|
|
strbuf_release(&src);
|
|
strbuf_release(&dst);
|
|
|
|
tmp_objdir_destroy(t);
|
|
return ret;
|
|
}
|
|
|
|
const char **tmp_objdir_env(const struct tmp_objdir *t)
|
|
{
|
|
if (!t)
|
|
return NULL;
|
|
return t->env.v;
|
|
}
|
|
|
|
void tmp_objdir_add_as_alternate(const struct tmp_objdir *t)
|
|
{
|
|
add_to_alternates_memory(t->path.buf);
|
|
}
|
|
|
|
void tmp_objdir_replace_primary_odb(struct tmp_objdir *t, int will_destroy)
|
|
{
|
|
if (t->prev_odb)
|
|
BUG("the primary object database is already replaced");
|
|
t->prev_odb = set_temporary_primary_odb(t->path.buf, will_destroy);
|
|
t->will_destroy = will_destroy;
|
|
}
|
|
|
|
struct tmp_objdir *tmp_objdir_unapply_primary_odb(void)
|
|
{
|
|
if (!the_tmp_objdir || !the_tmp_objdir->prev_odb)
|
|
return NULL;
|
|
|
|
restore_primary_odb(the_tmp_objdir->prev_odb, the_tmp_objdir->path.buf);
|
|
the_tmp_objdir->prev_odb = NULL;
|
|
return the_tmp_objdir;
|
|
}
|
|
|
|
void tmp_objdir_reapply_primary_odb(struct tmp_objdir *t, const char *old_cwd,
|
|
const char *new_cwd)
|
|
{
|
|
char *path;
|
|
|
|
path = reparent_relative_path(old_cwd, new_cwd, t->path.buf);
|
|
strbuf_reset(&t->path);
|
|
strbuf_addstr(&t->path, path);
|
|
free(path);
|
|
tmp_objdir_replace_primary_odb(t, t->will_destroy);
|
|
}
|