diff options
author | Jeff Hostetler <jeffhost@microsoft.com> | 2021-03-15 22:08:27 +0100 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2021-03-15 22:32:51 +0100 |
commit | 9fd19027621fc4f8beb2e57ba37d91465d1906f6 (patch) | |
tree | 72e88d15033dd50ec434f003c0d68e7431fece43 /unix-stream-server.h | |
parent | unix-socket: disallow chdir() when creating unix domain sockets (diff) | |
download | git-9fd19027621fc4f8beb2e57ba37d91465d1906f6.tar.xz git-9fd19027621fc4f8beb2e57ba37d91465d1906f6.zip |
unix-stream-server: create unix domain socket under lock
Create a wrapper class for `unix_stream_listen()` that uses a ".lock"
lockfile to create the unix domain socket in a race-free manner.
Unix domain sockets have a fundamental problem on Unix systems because
they persist in the filesystem until they are deleted. This is
independent of whether a server is actually listening for connections.
Well-behaved servers are expected to delete the socket when they
shutdown. A new server cannot easily tell if a found socket is
attached to an active server or is leftover cruft from a dead server.
The traditional solution used by `unix_stream_listen()` is to force
delete the socket pathname and then create a new socket. This solves
the latter (cruft) problem, but in the case of the former, it orphans
the existing server (by stealing the pathname associated with the
socket it is listening on).
We cannot directly use a .lock lockfile to create the socket because
the socket is created by `bind(2)` rather than the `open(2)` mechanism
used by `tempfile.c`.
As an alternative, we hold a plain lockfile ("<path>.lock") as a
mutual exclusion device. Under the lock, we test if an existing
socket ("<path>") is has an active server. If not, we create a new
socket and begin listening. Then we use "rollback" to delete the
lockfile in all cases.
This wrapper code conceptually exists at a higher-level than the core
unix_stream_connect() and unix_stream_listen() routines that it
consumes. It is isolated in a wrapper class for clarity.
Signed-off-by: Jeff Hostetler <jeffhost@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'unix-stream-server.h')
-rw-r--r-- | unix-stream-server.h | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/unix-stream-server.h b/unix-stream-server.h new file mode 100644 index 0000000000..ae2712ba39 --- /dev/null +++ b/unix-stream-server.h @@ -0,0 +1,33 @@ +#ifndef UNIX_STREAM_SERVER_H +#define UNIX_STREAM_SERVER_H + +#include "unix-socket.h" + +struct unix_ss_socket { + char *path_socket; + struct stat st_socket; + int fd_socket; +}; + +/* + * Create a Unix Domain Socket at the given path under the protection + * of a '.lock' lockfile. + * + * Returns 0 on success, -1 on error, -2 if socket is in use. + */ +int unix_ss_create(const char *path, + const struct unix_stream_listen_opts *opts, + long timeout_ms, + struct unix_ss_socket **server_socket); + +/* + * Close and delete the socket. + */ +void unix_ss_free(struct unix_ss_socket *server_socket); + +/* + * Return 1 if the inode of the pathname to our socket changes. + */ +int unix_ss_was_stolen(struct unix_ss_socket *server_socket); + +#endif /* UNIX_STREAM_SERVER_H */ |