From ad65f7e3b71aac841d771cd75392747d6945cc3c Mon Sep 17 00:00:00 2001 From: Ben Wijen Date: Thu, 18 Aug 2016 16:51:12 +0200 Subject: t6026-merge-attr: child processes must not inherit index.lock handles On Windows, a file cannot be removed unless all file handles to it have been released. Hence it is particularly important to close handles when spawning children (which would probably not even know that they hold on to those handles). The example chosen for this test is a custom merge driver that indeed has no idea that it blocks the deletion of index.lock. The full use case is a daemon that lives on after the merge, with subsequent invocations handing off to the daemon, thereby avoiding hefty start-up costs. We simulate this behavior by simply sleeping one second. Note that the test only fails on Windows, due to the file locking issue. Since we have no way to say "expect failure with MINGW, success otherwise", we simply skip this test on Windows for now. Signed-off-by: Ben Wijen Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- t/t6026-merge-attr.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/t/t6026-merge-attr.sh b/t/t6026-merge-attr.sh index ef0cbceaf..3d28c7868 100755 --- a/t/t6026-merge-attr.sh +++ b/t/t6026-merge-attr.sh @@ -181,4 +181,17 @@ test_expect_success 'up-to-date merge without common ancestor' ' ) ' +test_expect_success !MINGW 'custom merge does not lock index' ' + git reset --hard anchor && + write_script sleep-one-second.sh <<-\EOF && + sleep 1 & + EOF + + test_write_lines >.gitattributes \ + "* merge=ours" "text merge=sleep-one-second" && + test_config merge.ours.driver true && + test_config merge.sleep-one-second.driver ./sleep-one-second.sh && + git merge master +' + test_done -- cgit v1.2.1 From 05d1ed6148305d299693000856e4971e9f642662 Mon Sep 17 00:00:00 2001 From: Ben Wijen Date: Mon, 22 Aug 2016 14:47:55 +0200 Subject: mingw: ensure temporary file handles are not inherited by child processes When the index is locked and child processes inherit the handle to said lock and the parent process wants to remove the lock before the child process exits, on Windows there is a problem: it won't work because files cannot be deleted if a process holds a handle on them. The symptom: Rename from 'xxx/.git/index.lock' to 'xxx/.git/index' failed. Should I try again? (y/n) Spawning child processes with bInheritHandles==FALSE would not work because no file handles would be inherited, not even the hStdXxx handles in STARTUPINFO (stdin/stdout/stderr). Opening every file with O_NOINHERIT does not work, either, as e.g. git-upload-pack expects inherited file handles. This leaves us with the only way out: creating temp files with the O_NOINHERIT flag. This flag is Windows-specific, however. For our purposes, it is equivalent to O_CLOEXEC (which does not exist on Windows), so let's just open temporary files with the O_CLOEXEC flag and map that flag to O_NOINHERIT on Windows. As Eric Wong pointed out, we need to be careful to handle the case where the Linux headers used to compile Git support O_CLOEXEC but the Linux kernel used to run Git does not: it returns an EINVAL. This fixes the test that we just introduced to demonstrate the problem. Signed-off-by: Ben Wijen Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.h | 4 ++++ git-compat-util.h | 4 ++++ lockfile.h | 4 ++++ t/t6026-merge-attr.sh | 2 +- tempfile.c | 7 ++++++- tempfile.h | 4 ++++ 6 files changed, 23 insertions(+), 2 deletions(-) diff --git a/compat/mingw.h b/compat/mingw.h index ef22cbb05..6090e8394 100644 --- a/compat/mingw.h +++ b/compat/mingw.h @@ -67,6 +67,10 @@ typedef int pid_t; #define F_SETFD 2 #define FD_CLOEXEC 0x1 +#if !defined O_CLOEXEC && defined O_NOINHERIT +#define O_CLOEXEC O_NOINHERIT +#endif + #ifndef EAFNOSUPPORT #define EAFNOSUPPORT WSAEAFNOSUPPORT #endif diff --git a/git-compat-util.h b/git-compat-util.h index 49d4029b8..f1f98b50d 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -650,6 +650,10 @@ void *gitmemmem(const void *haystack, size_t haystacklen, #define getpagesize() sysconf(_SC_PAGESIZE) #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + #ifdef FREAD_READS_DIRECTORIES #ifdef fopen #undef fopen diff --git a/lockfile.h b/lockfile.h index 3d301937b..d26ad27b2 100644 --- a/lockfile.h +++ b/lockfile.h @@ -55,6 +55,10 @@ * * calling `fdopen_lock_file()` to get a `FILE` pointer for the * open file and writing to the file using stdio. * + * Note that the file descriptor returned by hold_lock_file_for_update() + * is marked O_CLOEXEC, so the new contents must be written by the + * current process, not a spawned one. + * * When finished writing, the caller can: * * * Close the file descriptor and rename the lockfile to its final diff --git a/t/t6026-merge-attr.sh b/t/t6026-merge-attr.sh index 3d28c7868..dd8f88d18 100755 --- a/t/t6026-merge-attr.sh +++ b/t/t6026-merge-attr.sh @@ -181,7 +181,7 @@ test_expect_success 'up-to-date merge without common ancestor' ' ) ' -test_expect_success !MINGW 'custom merge does not lock index' ' +test_expect_success 'custom merge does not lock index' ' git reset --hard anchor && write_script sleep-one-second.sh <<-\EOF && sleep 1 & diff --git a/tempfile.c b/tempfile.c index 0af7ebf01..2990c9242 100644 --- a/tempfile.c +++ b/tempfile.c @@ -120,7 +120,12 @@ int create_tempfile(struct tempfile *tempfile, const char *path) prepare_tempfile_object(tempfile); strbuf_add_absolute_path(&tempfile->filename, path); - tempfile->fd = open(tempfile->filename.buf, O_RDWR | O_CREAT | O_EXCL, 0666); + tempfile->fd = open(tempfile->filename.buf, + O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, 0666); + if (O_CLOEXEC && tempfile->fd < 0 && errno == EINVAL) + /* Try again w/o O_CLOEXEC: the kernel might not support it */ + tempfile->fd = open(tempfile->filename.buf, + O_RDWR | O_CREAT | O_EXCL, 0666); if (tempfile->fd < 0) { strbuf_reset(&tempfile->filename); return -1; diff --git a/tempfile.h b/tempfile.h index 4219fe41b..2f0038dec 100644 --- a/tempfile.h +++ b/tempfile.h @@ -33,6 +33,10 @@ * * calling `fdopen_tempfile()` to get a `FILE` pointer for the * open file and writing to the file using stdio. * + * Note that the file descriptor returned by create_tempfile() + * is marked O_CLOEXEC, so the new contents must be written by + * the current process, not any spawned one. + * * When finished writing, the caller can: * * * Close the file descriptor and remove the temporary file by -- cgit v1.2.1