Merge branch 'ps/reftable-exclude' into ps/reftable-alloc-failures
[git/gitster.git] / wrapper.c
blobf87d90bf5794a55418d657160f3c86735c1e4bd7
1 /*
2 * Various trivial helper wrappers around standard functions
3 */
4 #include "git-compat-util.h"
5 #include "abspath.h"
6 #include "parse.h"
7 #include "gettext.h"
8 #include "strbuf.h"
9 #include "trace2.h"
11 #ifdef HAVE_RTLGENRANDOM
12 /* This is required to get access to RtlGenRandom. */
13 #define SystemFunction036 NTAPI SystemFunction036
14 #include <ntsecapi.h>
15 #undef SystemFunction036
16 #endif
18 static int memory_limit_check(size_t size, int gentle)
20 static size_t limit = 0;
21 if (!limit) {
22 limit = git_env_ulong("GIT_ALLOC_LIMIT", 0);
23 if (!limit)
24 limit = SIZE_MAX;
26 if (size > limit) {
27 if (gentle) {
28 error("attempting to allocate %"PRIuMAX" over limit %"PRIuMAX,
29 (uintmax_t)size, (uintmax_t)limit);
30 return -1;
31 } else
32 die("attempting to allocate %"PRIuMAX" over limit %"PRIuMAX,
33 (uintmax_t)size, (uintmax_t)limit);
35 return 0;
38 char *xstrdup(const char *str)
40 char *ret = strdup(str);
41 if (!ret)
42 die("Out of memory, strdup failed");
43 return ret;
46 static void *do_xmalloc(size_t size, int gentle)
48 void *ret;
50 if (memory_limit_check(size, gentle))
51 return NULL;
52 ret = malloc(size);
53 if (!ret && !size)
54 ret = malloc(1);
55 if (!ret) {
56 if (!gentle)
57 die("Out of memory, malloc failed (tried to allocate %lu bytes)",
58 (unsigned long)size);
59 else {
60 error("Out of memory, malloc failed (tried to allocate %lu bytes)",
61 (unsigned long)size);
62 return NULL;
65 #ifdef XMALLOC_POISON
66 memset(ret, 0xA5, size);
67 #endif
68 return ret;
71 void *xmalloc(size_t size)
73 return do_xmalloc(size, 0);
76 static void *do_xmallocz(size_t size, int gentle)
78 void *ret;
79 if (unsigned_add_overflows(size, 1)) {
80 if (gentle) {
81 error("Data too large to fit into virtual memory space.");
82 return NULL;
83 } else
84 die("Data too large to fit into virtual memory space.");
86 ret = do_xmalloc(size + 1, gentle);
87 if (ret)
88 ((char*)ret)[size] = 0;
89 return ret;
92 void *xmallocz(size_t size)
94 return do_xmallocz(size, 0);
97 void *xmallocz_gently(size_t size)
99 return do_xmallocz(size, 1);
103 * xmemdupz() allocates (len + 1) bytes of memory, duplicates "len" bytes of
104 * "data" to the allocated memory, zero terminates the allocated memory,
105 * and returns a pointer to the allocated memory. If the allocation fails,
106 * the program dies.
108 void *xmemdupz(const void *data, size_t len)
110 return memcpy(xmallocz(len), data, len);
113 char *xstrndup(const char *str, size_t len)
115 char *p = memchr(str, '\0', len);
116 return xmemdupz(str, p ? p - str : len);
119 int xstrncmpz(const char *s, const char *t, size_t len)
121 int res = strncmp(s, t, len);
122 if (res)
123 return res;
124 return s[len] == '\0' ? 0 : 1;
127 void *xrealloc(void *ptr, size_t size)
129 void *ret;
131 if (!size) {
132 free(ptr);
133 return xmalloc(0);
136 memory_limit_check(size, 0);
137 ret = realloc(ptr, size);
138 if (!ret)
139 die("Out of memory, realloc failed");
140 return ret;
143 void *xcalloc(size_t nmemb, size_t size)
145 void *ret;
147 if (unsigned_mult_overflows(nmemb, size))
148 die("data too large to fit into virtual memory space");
150 memory_limit_check(size * nmemb, 0);
151 ret = calloc(nmemb, size);
152 if (!ret && (!nmemb || !size))
153 ret = calloc(1, 1);
154 if (!ret)
155 die("Out of memory, calloc failed");
156 return ret;
159 void xsetenv(const char *name, const char *value, int overwrite)
161 if (setenv(name, value, overwrite))
162 die_errno(_("could not setenv '%s'"), name ? name : "(null)");
166 * xopen() is the same as open(), but it die()s if the open() fails.
168 int xopen(const char *path, int oflag, ...)
170 mode_t mode = 0;
171 va_list ap;
174 * va_arg() will have undefined behavior if the specified type is not
175 * compatible with the argument type. Since integers are promoted to
176 * ints, we fetch the next argument as an int, and then cast it to a
177 * mode_t to avoid undefined behavior.
179 va_start(ap, oflag);
180 if (oflag & O_CREAT)
181 mode = va_arg(ap, int);
182 va_end(ap);
184 for (;;) {
185 int fd = open(path, oflag, mode);
186 if (fd >= 0)
187 return fd;
188 if (errno == EINTR)
189 continue;
191 if ((oflag & (O_CREAT | O_EXCL)) == (O_CREAT | O_EXCL))
192 die_errno(_("unable to create '%s'"), path);
193 else if ((oflag & O_RDWR) == O_RDWR)
194 die_errno(_("could not open '%s' for reading and writing"), path);
195 else if ((oflag & O_WRONLY) == O_WRONLY)
196 die_errno(_("could not open '%s' for writing"), path);
197 else
198 die_errno(_("could not open '%s' for reading"), path);
202 static int handle_nonblock(int fd, short poll_events, int err)
204 struct pollfd pfd;
206 if (err != EAGAIN && err != EWOULDBLOCK)
207 return 0;
209 pfd.fd = fd;
210 pfd.events = poll_events;
213 * no need to check for errors, here;
214 * a subsequent read/write will detect unrecoverable errors
216 poll(&pfd, 1, -1);
217 return 1;
221 * xread() is the same a read(), but it automatically restarts read()
222 * operations with a recoverable error (EAGAIN and EINTR). xread()
223 * DOES NOT GUARANTEE that "len" bytes is read even if the data is available.
225 ssize_t xread(int fd, void *buf, size_t len)
227 ssize_t nr;
228 if (len > MAX_IO_SIZE)
229 len = MAX_IO_SIZE;
230 while (1) {
231 nr = read(fd, buf, len);
232 if (nr < 0) {
233 if (errno == EINTR)
234 continue;
235 if (handle_nonblock(fd, POLLIN, errno))
236 continue;
238 return nr;
243 * xwrite() is the same a write(), but it automatically restarts write()
244 * operations with a recoverable error (EAGAIN and EINTR). xwrite() DOES NOT
245 * GUARANTEE that "len" bytes is written even if the operation is successful.
247 ssize_t xwrite(int fd, const void *buf, size_t len)
249 ssize_t nr;
250 if (len > MAX_IO_SIZE)
251 len = MAX_IO_SIZE;
252 while (1) {
253 nr = write(fd, buf, len);
254 if (nr < 0) {
255 if (errno == EINTR)
256 continue;
257 if (handle_nonblock(fd, POLLOUT, errno))
258 continue;
261 return nr;
266 * xpread() is the same as pread(), but it automatically restarts pread()
267 * operations with a recoverable error (EAGAIN and EINTR). xpread() DOES
268 * NOT GUARANTEE that "len" bytes is read even if the data is available.
270 ssize_t xpread(int fd, void *buf, size_t len, off_t offset)
272 ssize_t nr;
273 if (len > MAX_IO_SIZE)
274 len = MAX_IO_SIZE;
275 while (1) {
276 nr = pread(fd, buf, len, offset);
277 if ((nr < 0) && (errno == EAGAIN || errno == EINTR))
278 continue;
279 return nr;
283 ssize_t read_in_full(int fd, void *buf, size_t count)
285 char *p = buf;
286 ssize_t total = 0;
288 while (count > 0) {
289 ssize_t loaded = xread(fd, p, count);
290 if (loaded < 0)
291 return -1;
292 if (loaded == 0)
293 return total;
294 count -= loaded;
295 p += loaded;
296 total += loaded;
299 return total;
302 ssize_t write_in_full(int fd, const void *buf, size_t count)
304 const char *p = buf;
305 ssize_t total = 0;
307 while (count > 0) {
308 ssize_t written = xwrite(fd, p, count);
309 if (written < 0)
310 return -1;
311 if (!written) {
312 errno = ENOSPC;
313 return -1;
315 count -= written;
316 p += written;
317 total += written;
320 return total;
323 ssize_t pread_in_full(int fd, void *buf, size_t count, off_t offset)
325 char *p = buf;
326 ssize_t total = 0;
328 while (count > 0) {
329 ssize_t loaded = xpread(fd, p, count, offset);
330 if (loaded < 0)
331 return -1;
332 if (loaded == 0)
333 return total;
334 count -= loaded;
335 p += loaded;
336 total += loaded;
337 offset += loaded;
340 return total;
343 int xdup(int fd)
345 int ret = dup(fd);
346 if (ret < 0)
347 die_errno("dup failed");
348 return ret;
352 * xfopen() is the same as fopen(), but it die()s if the fopen() fails.
354 FILE *xfopen(const char *path, const char *mode)
356 for (;;) {
357 FILE *fp = fopen(path, mode);
358 if (fp)
359 return fp;
360 if (errno == EINTR)
361 continue;
363 if (*mode && mode[1] == '+')
364 die_errno(_("could not open '%s' for reading and writing"), path);
365 else if (*mode == 'w' || *mode == 'a')
366 die_errno(_("could not open '%s' for writing"), path);
367 else
368 die_errno(_("could not open '%s' for reading"), path);
372 FILE *xfdopen(int fd, const char *mode)
374 FILE *stream = fdopen(fd, mode);
375 if (!stream)
376 die_errno("Out of memory? fdopen failed");
377 return stream;
380 FILE *fopen_for_writing(const char *path)
382 FILE *ret = fopen(path, "w");
384 if (!ret && errno == EPERM) {
385 if (!unlink(path))
386 ret = fopen(path, "w");
387 else
388 errno = EPERM;
390 return ret;
393 static void warn_on_inaccessible(const char *path)
395 warning_errno(_("unable to access '%s'"), path);
398 int warn_on_fopen_errors(const char *path)
400 if (errno != ENOENT && errno != ENOTDIR) {
401 warn_on_inaccessible(path);
402 return -1;
405 return 0;
408 FILE *fopen_or_warn(const char *path, const char *mode)
410 FILE *fp = fopen(path, mode);
412 if (fp)
413 return fp;
415 warn_on_fopen_errors(path);
416 return NULL;
419 int xmkstemp(char *filename_template)
421 int fd;
422 char origtemplate[PATH_MAX];
423 strlcpy(origtemplate, filename_template, sizeof(origtemplate));
425 fd = mkstemp(filename_template);
426 if (fd < 0) {
427 int saved_errno = errno;
428 const char *nonrelative_template;
430 if (strlen(filename_template) != strlen(origtemplate))
431 filename_template = origtemplate;
433 nonrelative_template = absolute_path(filename_template);
434 errno = saved_errno;
435 die_errno("Unable to create temporary file '%s'",
436 nonrelative_template);
438 return fd;
441 /* Adapted from libiberty's mkstemp.c. */
443 #undef TMP_MAX
444 #define TMP_MAX 16384
446 int git_mkstemps_mode(char *pattern, int suffix_len, int mode)
448 static const char letters[] =
449 "abcdefghijklmnopqrstuvwxyz"
450 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
451 "0123456789";
452 static const int num_letters = ARRAY_SIZE(letters) - 1;
453 static const char x_pattern[] = "XXXXXX";
454 static const int num_x = ARRAY_SIZE(x_pattern) - 1;
455 char *filename_template;
456 size_t len;
457 int fd, count;
459 len = strlen(pattern);
461 if (len < num_x + suffix_len) {
462 errno = EINVAL;
463 return -1;
466 if (strncmp(&pattern[len - num_x - suffix_len], x_pattern, num_x)) {
467 errno = EINVAL;
468 return -1;
472 * Replace pattern's XXXXXX characters with randomness.
473 * Try TMP_MAX different filenames.
475 filename_template = &pattern[len - num_x - suffix_len];
476 for (count = 0; count < TMP_MAX; ++count) {
477 int i;
478 uint64_t v;
479 if (csprng_bytes(&v, sizeof(v)) < 0)
480 return error_errno("unable to get random bytes for temporary file");
482 /* Fill in the random bits. */
483 for (i = 0; i < num_x; i++) {
484 filename_template[i] = letters[v % num_letters];
485 v /= num_letters;
488 fd = open(pattern, O_CREAT | O_EXCL | O_RDWR, mode);
489 if (fd >= 0)
490 return fd;
492 * Fatal error (EPERM, ENOSPC etc).
493 * It doesn't make sense to loop.
495 if (errno != EEXIST)
496 break;
498 /* We return the null string if we can't find a unique file name. */
499 pattern[0] = '\0';
500 return -1;
503 int git_mkstemp_mode(char *pattern, int mode)
505 /* mkstemp is just mkstemps with no suffix */
506 return git_mkstemps_mode(pattern, 0, mode);
509 int xmkstemp_mode(char *filename_template, int mode)
511 int fd;
512 char origtemplate[PATH_MAX];
513 strlcpy(origtemplate, filename_template, sizeof(origtemplate));
515 fd = git_mkstemp_mode(filename_template, mode);
516 if (fd < 0) {
517 int saved_errno = errno;
518 const char *nonrelative_template;
520 if (!filename_template[0])
521 filename_template = origtemplate;
523 nonrelative_template = absolute_path(filename_template);
524 errno = saved_errno;
525 die_errno("Unable to create temporary file '%s'",
526 nonrelative_template);
528 return fd;
532 * Some platforms return EINTR from fsync. Since fsync is invoked in some
533 * cases by a wrapper that dies on failure, do not expose EINTR to callers.
535 static int fsync_loop(int fd)
537 int err;
539 do {
540 err = fsync(fd);
541 } while (err < 0 && errno == EINTR);
542 return err;
545 int git_fsync(int fd, enum fsync_action action)
547 switch (action) {
548 case FSYNC_WRITEOUT_ONLY:
549 trace2_counter_add(TRACE2_COUNTER_ID_FSYNC_WRITEOUT_ONLY, 1);
551 #ifdef __APPLE__
553 * On macOS, fsync just causes filesystem cache writeback but
554 * does not flush hardware caches.
556 return fsync_loop(fd);
557 #endif
559 #ifdef HAVE_SYNC_FILE_RANGE
561 * On linux 2.6.17 and above, sync_file_range is the way to
562 * issue a writeback without a hardware flush. An offset of
563 * 0 and size of 0 indicates writeout of the entire file and the
564 * wait flags ensure that all dirty data is written to the disk
565 * (potentially in a disk-side cache) before we continue.
568 return sync_file_range(fd, 0, 0, SYNC_FILE_RANGE_WAIT_BEFORE |
569 SYNC_FILE_RANGE_WRITE |
570 SYNC_FILE_RANGE_WAIT_AFTER);
571 #endif
573 #ifdef fsync_no_flush
574 return fsync_no_flush(fd);
575 #endif
577 errno = ENOSYS;
578 return -1;
580 case FSYNC_HARDWARE_FLUSH:
581 trace2_counter_add(TRACE2_COUNTER_ID_FSYNC_HARDWARE_FLUSH, 1);
584 * On macOS, a special fcntl is required to really flush the
585 * caches within the storage controller. As of this writing,
586 * this is a very expensive operation on Apple SSDs.
588 #ifdef __APPLE__
589 return fcntl(fd, F_FULLFSYNC);
590 #else
591 return fsync_loop(fd);
592 #endif
593 default:
594 BUG("unexpected git_fsync(%d) call", action);
598 static int warn_if_unremovable(const char *op, const char *file, int rc)
600 int err;
601 if (!rc || errno == ENOENT)
602 return 0;
603 err = errno;
604 warning_errno("unable to %s '%s'", op, file);
605 errno = err;
606 return rc;
609 int unlink_or_msg(const char *file, struct strbuf *err)
611 int rc = unlink(file);
613 assert(err);
615 if (!rc || errno == ENOENT)
616 return 0;
618 strbuf_addf(err, "unable to unlink '%s': %s",
619 file, strerror(errno));
620 return -1;
623 int unlink_or_warn(const char *file)
625 return warn_if_unremovable("unlink", file, unlink(file));
628 int rmdir_or_warn(const char *file)
630 return warn_if_unremovable("rmdir", file, rmdir(file));
633 static int access_error_is_ok(int err, unsigned flag)
635 return (is_missing_file_error(err) ||
636 ((flag & ACCESS_EACCES_OK) && err == EACCES));
639 int access_or_warn(const char *path, int mode, unsigned flag)
641 int ret = access(path, mode);
642 if (ret && !access_error_is_ok(errno, flag))
643 warn_on_inaccessible(path);
644 return ret;
647 int access_or_die(const char *path, int mode, unsigned flag)
649 int ret = access(path, mode);
650 if (ret && !access_error_is_ok(errno, flag))
651 die_errno(_("unable to access '%s'"), path);
652 return ret;
655 char *xgetcwd(void)
657 struct strbuf sb = STRBUF_INIT;
658 if (strbuf_getcwd(&sb))
659 die_errno(_("unable to get current working directory"));
660 return strbuf_detach(&sb, NULL);
663 int xsnprintf(char *dst, size_t max, const char *fmt, ...)
665 va_list ap;
666 int len;
668 va_start(ap, fmt);
669 len = vsnprintf(dst, max, fmt, ap);
670 va_end(ap);
672 if (len < 0)
673 die(_("unable to format message: %s"), fmt);
674 if (len >= max)
675 BUG("attempt to snprintf into too-small buffer");
676 return len;
679 void write_file_buf(const char *path, const char *buf, size_t len)
681 int fd = xopen(path, O_WRONLY | O_CREAT | O_TRUNC, 0666);
682 if (write_in_full(fd, buf, len) < 0)
683 die_errno(_("could not write to '%s'"), path);
684 if (close(fd))
685 die_errno(_("could not close '%s'"), path);
688 void write_file(const char *path, const char *fmt, ...)
690 va_list params;
691 struct strbuf sb = STRBUF_INIT;
693 va_start(params, fmt);
694 strbuf_vaddf(&sb, fmt, params);
695 va_end(params);
697 strbuf_complete_line(&sb);
699 write_file_buf(path, sb.buf, sb.len);
700 strbuf_release(&sb);
703 void sleep_millisec(int millisec)
705 poll(NULL, 0, millisec);
708 int xgethostname(char *buf, size_t len)
711 * If the full hostname doesn't fit in buf, POSIX does not
712 * specify whether the buffer will be null-terminated, so to
713 * be safe, do it ourselves.
715 int ret = gethostname(buf, len);
716 if (!ret)
717 buf[len - 1] = 0;
718 return ret;
721 int is_empty_or_missing_file(const char *filename)
723 struct stat st;
725 if (stat(filename, &st) < 0) {
726 if (errno == ENOENT)
727 return 1;
728 die_errno(_("could not stat %s"), filename);
731 return !st.st_size;
734 int open_nofollow(const char *path, int flags)
736 #ifdef O_NOFOLLOW
737 return open(path, flags | O_NOFOLLOW);
738 #else
739 struct stat st;
740 if (lstat(path, &st) < 0)
741 return -1;
742 if (S_ISLNK(st.st_mode)) {
743 errno = ELOOP;
744 return -1;
746 return open(path, flags);
747 #endif
750 int csprng_bytes(void *buf, size_t len)
752 #if defined(HAVE_ARC4RANDOM) || defined(HAVE_ARC4RANDOM_LIBBSD)
753 /* This function never returns an error. */
754 arc4random_buf(buf, len);
755 return 0;
756 #elif defined(HAVE_GETRANDOM)
757 ssize_t res;
758 char *p = buf;
759 while (len) {
760 res = getrandom(p, len, 0);
761 if (res < 0)
762 return -1;
763 len -= res;
764 p += res;
766 return 0;
767 #elif defined(HAVE_GETENTROPY)
768 int res;
769 char *p = buf;
770 while (len) {
771 /* getentropy has a maximum size of 256 bytes. */
772 size_t chunk = len < 256 ? len : 256;
773 res = getentropy(p, chunk);
774 if (res < 0)
775 return -1;
776 len -= chunk;
777 p += chunk;
779 return 0;
780 #elif defined(HAVE_RTLGENRANDOM)
781 if (!RtlGenRandom(buf, len))
782 return -1;
783 return 0;
784 #elif defined(HAVE_OPENSSL_CSPRNG)
785 int res = RAND_bytes(buf, len);
786 if (res == 1)
787 return 0;
788 if (res == -1)
789 errno = ENOTSUP;
790 else
791 errno = EIO;
792 return -1;
793 #else
794 ssize_t res;
795 char *p = buf;
796 int fd, err;
797 fd = open("/dev/urandom", O_RDONLY);
798 if (fd < 0)
799 return -1;
800 while (len) {
801 res = xread(fd, p, len);
802 if (res < 0) {
803 err = errno;
804 close(fd);
805 errno = err;
806 return -1;
808 len -= res;
809 p += res;
811 close(fd);
812 return 0;
813 #endif
816 uint32_t git_rand(void)
818 uint32_t result;
820 if (csprng_bytes(&result, sizeof(result)) < 0)
821 die(_("unable to get random bytes"));
823 return result;