Mercurial > hg-stable
view rust/hg-core/src/lock.rs @ 48463:5734b03ecf3e
rhg: Initial repository locking
Initial Rust implementation of locking based on the `.hg/wlock` symlink (or file),
with lock breaking when the recorded pid and hostname show that a lock was
left by a local process that is not running anymore (as it might have been
killed).
Differential Revision: https://phab.mercurial-scm.org/D11835
author | Simon Sapin <simon.sapin@octobus.net> |
---|---|
date | Mon, 22 Mar 2021 09:07:10 +0100 |
parents | |
children | 59be65b7cdfd |
line wrap: on
line source
//! Filesystem-based locks for local repositories use crate::errors::HgError; use crate::errors::HgResultExt; use crate::utils::StrExt; use crate::vfs::Vfs; use std::io; use std::io::ErrorKind; #[derive(derive_more::From)] pub enum LockError { AlreadyHeld, #[from] Other(HgError), } /// Try to call `f` with the lock acquired, without waiting. /// /// If the lock is aready held, `f` is not called and `LockError::AlreadyHeld` /// is returned. `LockError::Io` is returned for any unexpected I/O error /// accessing the lock file, including for removing it after `f` was called. /// The return value of `f` is dropped in that case. If all is successful, the /// return value of `f` is forwarded. pub fn try_with_lock_no_wait<R>( hg_vfs: Vfs, lock_filename: &str, f: impl FnOnce() -> R, ) -> Result<R, LockError> { let our_lock_data = &*OUR_LOCK_DATA; for _retry in 0..5 { match make_lock(hg_vfs, lock_filename, our_lock_data) { Ok(()) => { let result = f(); unlock(hg_vfs, lock_filename)?; return Ok(result); } Err(HgError::IoError { error, .. }) if error.kind() == ErrorKind::AlreadyExists => { let lock_data = read_lock(hg_vfs, lock_filename)?; if lock_data.is_none() { // Lock was apparently just released, retry acquiring it continue; } if !lock_should_be_broken(&lock_data) { return Err(LockError::AlreadyHeld); } // The lock file is left over from a process not running // anymore. Break it, but with another lock to // avoid a race. break_lock(hg_vfs, lock_filename)?; // Retry acquiring } Err(error) => Err(error)?, } } Err(LockError::AlreadyHeld) } fn break_lock(hg_vfs: Vfs, lock_filename: &str) -> Result<(), LockError> { try_with_lock_no_wait(hg_vfs, &format!("{}.break", lock_filename), || { // Check again in case some other process broke and // acquired the lock in the meantime let lock_data = read_lock(hg_vfs, lock_filename)?; if !lock_should_be_broken(&lock_data) { return Err(LockError::AlreadyHeld); } Ok(hg_vfs.remove_file(lock_filename)?) })? } #[cfg(unix)] fn make_lock( hg_vfs: Vfs, lock_filename: &str, data: &str, ) -> Result<(), HgError> { // Use a symbolic link because creating it is atomic. // The link’s "target" contains data not representing any path. let fake_symlink_target = data; hg_vfs.create_symlink(lock_filename, fake_symlink_target) } fn read_lock( hg_vfs: Vfs, lock_filename: &str, ) -> Result<Option<String>, HgError> { let link_target = hg_vfs.read_link(lock_filename).io_not_found_as_none()?; if let Some(target) = link_target { let data = target .into_os_string() .into_string() .map_err(|_| HgError::corrupted("non-UTF-8 lock data"))?; Ok(Some(data)) } else { Ok(None) } } fn unlock(hg_vfs: Vfs, lock_filename: &str) -> Result<(), HgError> { hg_vfs.remove_file(lock_filename) } /// Return whether the process that is/was holding the lock is known not to be /// running anymore. fn lock_should_be_broken(data: &Option<String>) -> bool { (|| -> Option<bool> { let (prefix, pid) = data.as_ref()?.split_2(':')?; if prefix != &*LOCK_PREFIX { return Some(false); } let process_is_running; #[cfg(unix)] { let pid: libc::pid_t = pid.parse().ok()?; unsafe { let signal = 0; // Test if we could send a signal, without sending let result = libc::kill(pid, signal); if result == 0 { process_is_running = true } else { let errno = io::Error::last_os_error().raw_os_error().unwrap(); process_is_running = errno != libc::ESRCH } } } Some(!process_is_running) })() .unwrap_or(false) } lazy_static::lazy_static! { /// A string which is used to differentiate pid namespaces /// /// It's useful to detect "dead" processes and remove stale locks with /// confidence. Typically it's just hostname. On modern linux, we include an /// extra Linux-specific pid namespace identifier. static ref LOCK_PREFIX: String = { // Note: this must match the behavior of `_getlockprefix` in `mercurial/lock.py` /// Same as https://github.com/python/cpython/blob/v3.10.0/Modules/socketmodule.c#L5414 const BUFFER_SIZE: usize = 1024; let mut buffer = [0_i8; BUFFER_SIZE]; let hostname_bytes = unsafe { let result = libc::gethostname(buffer.as_mut_ptr(), BUFFER_SIZE); if result != 0 { panic!("gethostname: {}", io::Error::last_os_error()) } std::ffi::CStr::from_ptr(buffer.as_mut_ptr()).to_bytes() }; let hostname = std::str::from_utf8(hostname_bytes).expect("non-UTF-8 hostname"); #[cfg(target_os = "linux")] { use std::os::linux::fs::MetadataExt; match std::fs::metadata("/proc/self/ns/pid") { Ok(meta) => { return format!("{}/{:x}", hostname, meta.st_ino()) } Err(error) => { // TODO: match on `error.kind()` when `NotADirectory` // is available on all supported Rust versions: // https://github.com/rust-lang/rust/issues/86442 use libc::{ ENOENT, // ErrorKind::NotFound ENOTDIR, // ErrorKind::NotADirectory EACCES, // ErrorKind::PermissionDenied }; match error.raw_os_error() { Some(ENOENT) | Some(ENOTDIR) | Some(EACCES) => {} _ => panic!("stat /proc/self/ns/pid: {}", error), } } } } hostname.to_owned() }; static ref OUR_LOCK_DATA: String = format!("{}:{}", &*LOCK_PREFIX, std::process::id()); }