14554080340

Committed 19 Apr 2025 11:46AM UTC coverage: 72.101% (-0.03%) from 72.13%

Build # 14554080340

Build Type

push

github

Committed by

web-flow

Commit Message

Add two new paragraphs to coding style about header files (#37188)

Coverage Stats

296880 of 411754 relevant lines covered (72.1%)

687547.52 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.38

/src/basic/lock-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/wait.h>

#include "alloc-util.h"
#include "fd-util.h"
#include "fs-util.h"
#include "lock-util.h"
#include "log.h"
#include "macro.h"
#include "missing_fcntl.h"
#include "path-util.h"
#include "process-util.h"

int make_lock_file_at(int dir_fd, const char *p, int operation, LockFile *ret) {
        _cleanup_close_ int fd = -EBADF, dfd = -EBADF;
        _cleanup_free_ char *t = NULL;

        assert(dir_fd >= 0 || dir_fd == AT_FDCWD);
        assert(p);
        assert(IN_SET(operation & ~LOCK_NB, LOCK_EX, LOCK_SH));
        assert(ret);

        if (isempty(p))
                return -EINVAL;

        /* We use UNPOSIX locks as they have nice semantics, and are mostly compatible with NFS. */

        dfd = fd_reopen(dir_fd, O_CLOEXEC|O_PATH|O_DIRECTORY);
        if (dfd < 0)
                return dfd;

        t = strdup(p);
        if (!t)
                return -ENOMEM;

        fd = xopenat_lock_full(dfd,
                               p,
                               O_CREAT|O_RDWR|O_NOFOLLOW|O_CLOEXEC|O_NOCTTY,
                               /* xopen_flags = */ 0,
                               0600,
                               LOCK_UNPOSIX,
                               operation);
        if (fd < 0)
                return fd == -EAGAIN ? -EBUSY : fd;

        *ret = (LockFile) {
                .dir_fd = TAKE_FD(dfd),
                .path = TAKE_PTR(t),
                .fd = TAKE_FD(fd),
                .operation = operation,
        };

        return 0;
}

int make_lock_file_for(const char *p, int operation, LockFile *ret) {
        _cleanup_free_ char *fn = NULL, *dn = NULL, *t = NULL;
        int r;

        assert(p);
        assert(ret);

        r = path_extract_filename(p, &fn);
        if (r < 0)
                return r;

        r = path_extract_directory(p, &dn);
        if (r < 0)
                return r;

        t = strjoin(dn, "/.#", fn, ".lck");
        if (!t)
                return -ENOMEM;

        return make_lock_file(t, operation, ret);
}

void release_lock_file(LockFile *f) {
        if (!f)
                return;

        if (f->path) {

                /* If we are the exclusive owner we can safely delete
                 * the lock file itself. If we are not the exclusive
                 * owner, we can try becoming it. */

                if (f->fd >= 0 &&
                    (f->operation & ~LOCK_NB) == LOCK_SH &&
                    unposix_lock(f->fd, LOCK_EX|LOCK_NB) >= 0)
                        f->operation = LOCK_EX|LOCK_NB;

                if ((f->operation & ~LOCK_NB) == LOCK_EX)
                        (void) unlinkat(f->dir_fd, f->path, 0);

                f->path = mfree(f->path);
        }

        f->dir_fd = safe_close(f->dir_fd);
        f->fd = safe_close(f->fd);
        f->operation = 0;
}

static int fcntl_lock(int fd, int operation, bool ofd) {
        int cmd, type, r;

        assert(fd >= 0);

        if (ofd)
                cmd = (operation & LOCK_NB) ? F_OFD_SETLK : F_OFD_SETLKW;
        else
                cmd = (operation & LOCK_NB) ? F_SETLK : F_SETLKW;

        switch (operation & ~LOCK_NB) {
                case LOCK_EX:
                        type = F_WRLCK;
                        break;
                case LOCK_SH:
                        type = F_RDLCK;
                        break;
                case LOCK_UN:
                        type = F_UNLCK;
                        break;
                default:
                        assert_not_reached();
        }

        r = RET_NERRNO(fcntl(fd, cmd, &(struct flock) {
                .l_type = type,
                .l_whence = SEEK_SET,
                .l_start = 0,
                .l_len = 0,
        }));

        /* If we are doing non-blocking operations, treat EACCES/EAGAIN the same as per man page. But if
         * not, propagate EACCES back, as it will likely be due to an LSM denying the operation (for example
         * LXC with AppArmor when running on kernel < 6.2), and in some cases we want to gracefully
         * fallback (e.g.: PrivateNetwork=yes). As per documentation, it's only the non-blocking operation
         * F_SETLK that might return EACCES on some platforms (although the Linux implementation doesn't
         * seem to), as F_SETLKW and F_OFD_SETLKW block so this is not an issue, and F_OFD_SETLK is documented
         * to only return EAGAIN if the lock is already held. */
        if ((operation & LOCK_NB) && r == -EACCES)
                r = -EAGAIN;

        return r;
}

int posix_lock(int fd, int operation) {
        return fcntl_lock(fd, operation, /*ofd=*/ false);
}

int unposix_lock(int fd, int operation) {
        return fcntl_lock(fd, operation, /*ofd=*/ true);
}

void posix_unlockpp(int **fd) {
        assert(fd);

        if (!*fd || **fd < 0)
                return;

        (void) fcntl_lock(**fd, LOCK_UN, /*ofd=*/ false);
        *fd = NULL;
}

void unposix_unlockpp(int **fd) {
        assert(fd);

        if (!*fd || **fd < 0)
                return;

        (void) fcntl_lock(**fd, LOCK_UN, /*ofd=*/ true);
        *fd = NULL;
}

int lock_generic(int fd, LockType type, int operation) {
        assert(fd >= 0);

        switch (type) {
        case LOCK_NONE:
                return 0;
        case LOCK_BSD:
                return RET_NERRNO(flock(fd, operation));
        case LOCK_POSIX:
                return posix_lock(fd, operation);
        case LOCK_UNPOSIX:
                return unposix_lock(fd, operation);
        default:
                assert_not_reached();
        }
}

int lock_generic_with_timeout(int fd, LockType type, int operation, usec_t timeout) {
        _cleanup_(sigkill_waitp) pid_t pid = 0;
        int r;

        assert(fd >= 0);

        /* A version of lock_generic(), but with a timeout. We do this in a child process, since the kernel
         * APIs natively don't support a timeout. We set a SIGALRM timer that will kill the child after the
         * timeout is hit. Returns -ETIMEDOUT if the timeout is hit, and 0 on success.
         *
         * This only works for BSD and UNPOSIX locks, as only those are fd-bound, and hence can be acquired
         * from any process that has access to the fd. POSIX locks OTOH are process-bound, and hence if we'd
         * acquire them in a child process they'd remain unlocked in the parent. */

        if (type == LOCK_NONE)
                return 0;
        if (!IN_SET(type, LOCK_BSD, LOCK_UNPOSIX)) /* Not for POSIX locks, see above. */
                return -EOPNOTSUPP;

        /* First, try without forking anything off */
        r = lock_generic(fd, type, operation | (timeout == USEC_INFINITY ? 0 : LOCK_NB));
        if (r != -EAGAIN || timeout == 0 || FLAGS_SET(operation, LOCK_NB))
                return r;

        /* If that didn't work, try with a child */

        r = safe_fork("(sd-flock)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL, &pid);
        if (r < 0)
                return log_error_errno(r, "Failed to flock block device in child process: %m");
        if (r == 0) {
                struct sigevent sev = {
                        .sigev_notify = SIGEV_SIGNAL,
                        .sigev_signo = SIGALRM,
                };
                timer_t id;

                if (timer_create(CLOCK_MONOTONIC, &sev, &id) < 0) {
                        log_error_errno(errno, "Failed to allocate CLOCK_MONOTONIC timer: %m");
                        _exit(EXIT_FAILURE);
                }

                struct itimerspec its = {};
                timespec_store(&its.it_value, timeout);

                if (timer_settime(id, /* flags= */ 0, &its, NULL) < 0) {
                        log_error_errno(errno, "Failed to start CLOCK_MONOTONIC timer: %m");
                        _exit(EXIT_FAILURE);
                }

                if (lock_generic(fd, type, operation) < 0) {
                        log_error_errno(errno, "Unable to get an exclusive lock on the device: %m");
                        _exit(EXIT_FAILURE);
                }

                _exit(EXIT_SUCCESS);
        }

        siginfo_t status;
        r = wait_for_terminate(pid, &status);
        if (r < 0)
                return r;

        TAKE_PID(pid);

        switch (status.si_code) {

        case CLD_EXITED:
                if (status.si_status != EXIT_SUCCESS)
                        return -EPROTO;

                return 0;

        case CLD_KILLED:
                if (status.si_status == SIGALRM)
                        return -ETIMEDOUT;

                _fallthrough_;

        case CLD_DUMPED:
                return -EPROTO;

        default:
                assert_not_reached();
        }
}

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <errno.h>
4	#include <fcntl.h>
5	#include <signal.h>
6	#include <stdio.h>
7	#include <string.h>
8	#include <sys/file.h>
9	#include <sys/stat.h>
10	#include <sys/wait.h>
11
12	#include "alloc-util.h"
13	#include "fd-util.h"
14	#include "fs-util.h"
15	#include "lock-util.h"
16	#include "log.h"
17	#include "macro.h"
18	#include "missing_fcntl.h"
19	#include "path-util.h"
20	#include "process-util.h"
21
22	int make_lock_file_at(int dir_fd, const char p, int operation, LockFile ret) {	215,363✔
23	_cleanup_close_ int fd = -EBADF, dfd = -EBADF;	215,363✔
24	_cleanup_free_ char *t = NULL;	215,363✔
25
26	assert(dir_fd >= 0 \|\| dir_fd == AT_FDCWD);	215,363✔
27	assert(p);	215,363✔
28	assert(IN_SET(operation & ~LOCK_NB, LOCK_EX, LOCK_SH));	215,363✔
29	assert(ret);	215,363✔
30
31	if (isempty(p))	430,726✔
32	return -EINVAL;
33
34	/* We use UNPOSIX locks as they have nice semantics, and are mostly compatible with NFS. */
35
36	dfd = fd_reopen(dir_fd, O_CLOEXEC\|O_PATH\|O_DIRECTORY);	215,363✔
37	if (dfd < 0)	215,363✔
38	return dfd;
39
40	t = strdup(p);	215,363✔
41	if (!t)	215,363✔
42	return -ENOMEM;
43
44	fd = xopenat_lock_full(dfd,	215,363✔
45	p,
46	O_CREAT\|O_RDWR\|O_NOFOLLOW\|O_CLOEXEC\|O_NOCTTY,
47	/* xopen_flags = */ 0,
48	0600,
49	LOCK_UNPOSIX,
50	operation);
51	if (fd < 0)	215,363✔
52	return fd == -EAGAIN ? -EBUSY : fd;	3✔
53
54	*ret = (LockFile) {	215,360✔
55	.dir_fd = TAKE_FD(dfd),	215,360✔
56	.path = TAKE_PTR(t),	215,360✔
57	.fd = TAKE_FD(fd),	215,360✔
58	.operation = operation,
59	};
60
61	return 0;	215,360✔
62	}
63
64	int make_lock_file_for(const char p, int operation, LockFile ret) {	608✔
65	_cleanup_free_ char fn = NULL, dn = NULL, *t = NULL;	608✔
66	int r;	608✔
67
68	assert(p);	608✔
69	assert(ret);	608✔
70
71	r = path_extract_filename(p, &fn);	608✔
72	if (r < 0)	608✔
73	return r;
74
75	r = path_extract_directory(p, &dn);	608✔
76	if (r < 0)	608✔
77	return r;
78
79	t = strjoin(dn, "/.#", fn, ".lck");	608✔
80	if (!t)	608✔
81	return -ENOMEM;
82
83	return make_lock_file(t, operation, ret);	608✔
84	}
85
86	void release_lock_file(LockFile *f) {	430,115✔
87	if (!f)	430,115✔
88	return;
89
90	if (f->path) {	430,115✔
91
92	/* If we are the exclusive owner we can safely delete
93	* the lock file itself. If we are not the exclusive
94	* owner, we can try becoming it. */
95
96	if (f->fd >= 0 &&	214,949✔
97	(f->operation & ~LOCK_NB) == LOCK_SH &&	215,381✔
98	unposix_lock(f->fd, LOCK_EX\|LOCK_NB) >= 0)	432✔
99	f->operation = LOCK_EX\|LOCK_NB;	431✔
100
101	if ((f->operation & ~LOCK_NB) == LOCK_EX)	214,949✔
102	(void) unlinkat(f->dir_fd, f->path, 0);	214,948✔
103
104	f->path = mfree(f->path);	214,949✔
105	}
106
107	f->dir_fd = safe_close(f->dir_fd);	430,115✔
108	f->fd = safe_close(f->fd);	430,115✔
109	f->operation = 0;	430,115✔
110	}
111
112	static int fcntl_lock(int fd, int operation, bool ofd) {	234,707✔
113	int cmd, type, r;	234,707✔
114
115	assert(fd >= 0);	234,707✔
116
117	if (ofd)	234,707✔
118	cmd = (operation & LOCK_NB) ? F_OFD_SETLK : F_OFD_SETLKW;	234,308✔
119	else
120	cmd = (operation & LOCK_NB) ? F_SETLK : F_SETLKW;	399✔
121
122	switch (operation & ~LOCK_NB) {	234,707✔
123	case LOCK_EX:
124	type = F_WRLCK;
125	break;
126	case LOCK_SH:	468✔
127	type = F_RDLCK;	468✔
128	break;	468✔
129	case LOCK_UN:	199✔
130	type = F_UNLCK;	199✔
131	break;	199✔
132	default:	×
133	assert_not_reached();	×
134	}
135
136	r = RET_NERRNO(fcntl(fd, cmd, &(struct flock) {	234,707✔
137	.l_type = type,
138	.l_whence = SEEK_SET,
139	.l_start = 0,
140	.l_len = 0,
141	}));
142
143	/* If we are doing non-blocking operations, treat EACCES/EAGAIN the same as per man page. But if
144	* not, propagate EACCES back, as it will likely be due to an LSM denying the operation (for example
145	* LXC with AppArmor when running on kernel < 6.2), and in some cases we want to gracefully
146	* fallback (e.g.: PrivateNetwork=yes). As per documentation, it's only the non-blocking operation
147	* F_SETLK that might return EACCES on some platforms (although the Linux implementation doesn't
148	* seem to), as F_SETLKW and F_OFD_SETLKW block so this is not an issue, and F_OFD_SETLK is documented
149	* to only return EAGAIN if the lock is already held. */
150	if ((operation & LOCK_NB) && r == -EACCES)	234,707✔
151	r = -EAGAIN;	×
152
153	return r;	234,707✔
154	}
155
156	int posix_lock(int fd, int operation) {	256✔
157	return fcntl_lock(fd, operation, /ofd=/ false);	256✔
158	}
159
160	int unposix_lock(int fd, int operation) {	234,308✔
161	return fcntl_lock(fd, operation, /ofd=/ true);	234,308✔
162	}
163
164	void posix_unlockpp(int **fd) {	143✔
165	assert(fd);	143✔
166
167	if (!fd \|\| *fd < 0)	143✔
168	return;
169
170	(void) fcntl_lock(*fd, LOCK_UN, /ofd=*/ false);	143✔
171	*fd = NULL;	143✔
172	}
173
174	void unposix_unlockpp(int **fd) {	×
175	assert(fd);	×
176
177	if (!fd \|\| *fd < 0)	×
178	return;
179
180	(void) fcntl_lock(*fd, LOCK_UN, /ofd=*/ true);	×
181	*fd = NULL;	×
182	}
183
184	int lock_generic(int fd, LockType type, int operation) {	271,351✔
185	assert(fd >= 0);	271,351✔
186
187	switch (type) {	271,351✔
188	case LOCK_NONE:
189	return 0;
190	case LOCK_BSD:	3,311✔
191	return RET_NERRNO(flock(fd, operation));	3,311✔
192	case LOCK_POSIX:	1✔
193	return posix_lock(fd, operation);	1✔
194	case LOCK_UNPOSIX:	233,595✔
195	return unposix_lock(fd, operation);	233,595✔
196	default:	×
197	assert_not_reached();	×
198	}
199	}
200
201	int lock_generic_with_timeout(int fd, LockType type, int operation, usec_t timeout) {	625✔
202	_cleanup_(sigkill_waitp) pid_t pid = 0;	625✔
203	int r;	625✔
204
205	assert(fd >= 0);	625✔
206
207	/* A version of lock_generic(), but with a timeout. We do this in a child process, since the kernel
208	* APIs natively don't support a timeout. We set a SIGALRM timer that will kill the child after the
209	* timeout is hit. Returns -ETIMEDOUT if the timeout is hit, and 0 on success.
210	*
211	* This only works for BSD and UNPOSIX locks, as only those are fd-bound, and hence can be acquired
212	* from any process that has access to the fd. POSIX locks OTOH are process-bound, and hence if we'd
213	* acquire them in a child process they'd remain unlocked in the parent. */
214
215	if (type == LOCK_NONE)	625✔
216	return 0;
217	if (!IN_SET(type, LOCK_BSD, LOCK_UNPOSIX)) /* Not for POSIX locks, see above. */	625✔
218	return -EOPNOTSUPP;
219
220	/* First, try without forking anything off */
221	r = lock_generic(fd, type, operation \| (timeout == USEC_INFINITY ? 0 : LOCK_NB));	1,250✔
222	if (r != -EAGAIN \|\| timeout == 0 \|\| FLAGS_SET(operation, LOCK_NB))	625✔
223	return r;
224
225	/* If that didn't work, try with a child */
226
227	r = safe_fork("(sd-flock)", FORK_RESET_SIGNALS\|FORK_DEATHSIG_SIGKILL, &pid);	606✔
228	if (r < 0)	1,210✔
229	return log_error_errno(r, "Failed to flock block device in child process: %m");	×
230	if (r == 0) {	1,210✔
231	struct sigevent sev = {	604✔
232	.sigev_notify = SIGEV_SIGNAL,
233	.sigev_signo = SIGALRM,
234	};
235	timer_t id;	604✔
236
237	if (timer_create(CLOCK_MONOTONIC, &sev, &id) < 0) {	604✔
238	log_error_errno(errno, "Failed to allocate CLOCK_MONOTONIC timer: %m");	×
239	_exit(EXIT_FAILURE);	×
240	}
241
242	struct itimerspec its = {};	604✔
243	timespec_store(&its.it_value, timeout);	604✔
244
245	if (timer_settime(id, /* flags= */ 0, &its, NULL) < 0) {	604✔
246	log_error_errno(errno, "Failed to start CLOCK_MONOTONIC timer: %m");	×
247	_exit(EXIT_FAILURE);	×
248	}
249
250	if (lock_generic(fd, type, operation) < 0) {	604✔
251	log_error_errno(errno, "Unable to get an exclusive lock on the device: %m");	×
252	_exit(EXIT_FAILURE);	×
253	}
254
255	_exit(EXIT_SUCCESS);	604✔
256	}
257
258	siginfo_t status;	606✔
259	r = wait_for_terminate(pid, &status);	606✔
260	if (r < 0)	606✔
261	return r;
262
263	TAKE_PID(pid);	606✔
264
265	switch (status.si_code) {	606✔
266
267	case CLD_EXITED:	604✔
268	if (status.si_status != EXIT_SUCCESS)	604✔
269	return -EPROTO;	×
270
271	return 0;
272
273	case CLD_KILLED:	2✔
274	if (status.si_status == SIGALRM)	2✔
275	return -ETIMEDOUT;	2✔
276
277	_fallthrough_;
278
279	case CLD_DUMPED:
280	return -EPROTO;
281
282	default:	×
283	assert_not_reached();	×
284	}
285	}

systemd / systemd / 14554080340

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous