1 /* Temporary files with automatic cleanup.
2 Copyright (C) 2006-2023 Free Software Foundation, Inc.
3 Written by Bruno Haible <bruno@clisp.org>, 2006.
4
5 This file is free software: you can redistribute it and/or modify
6 it under the terms of the GNU Lesser General Public License as
7 published by the Free Software Foundation; either version 2.1 of the
8 License, or (at your option) any later version.
9
10 This file is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public License
16 along with this program. If not, see <https://www.gnu.org/licenses/>. */
17
18 #include <config.h>
19
20 /* Specification. */
21 #include "clean-temp-simple.h"
22 #include "clean-temp-private.h"
23
24 #include <errno.h>
25 #include <limits.h>
26 #include <signal.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <unistd.h>
30
31 #include "error.h"
32 #include "fatal-signal.h"
33 #include "asyncsafe-spin.h"
34 #include "glthread/lock.h"
35 #include "thread-optim.h"
36 #include "gl_list.h"
37 #include "gl_linkedhash_list.h"
38 #include "gettext.h"
39
40 #define _(str) gettext (str)
41
42
43 /* Lock that protects the file_cleanup_list from concurrent modification in
44 different threads. */
45 gl_lock_define_initialized (static, file_cleanup_list_lock)
46
47 /* List of all temporary files without temporary directories. */
48 static gl_list_t /* <char *> */ volatile file_cleanup_list;
49
50
51 /* List of all temporary directories. */
52 struct all_tempdirs dir_cleanup_list /* = { NULL, 0, 0 } */;
53
54
55 /* List of all open file descriptors to temporary files. */
56 gl_list_t /* <closeable_fd *> */ volatile descriptors;
57
58
59 /* For the subdirs and for the files, we use a gl_list_t of type LINKEDHASH.
60 Why? We need a data structure that
61
62 1) Can contain an arbitrary number of 'char *' values. The strings
63 are compared via strcmp, not pointer comparison.
64 2) Has insertion and deletion operations that are fast: ideally O(1),
65 or possibly O(log n). This is important for GNU sort, which may
66 create a large number of temporary files.
67 3) Allows iteration through all elements from within a signal handler.
68 4) May or may not allow duplicates. It doesn't matter here, since
69 any file or subdir can only be removed once.
70
71 Criterion 1) would allow any gl_list_t or gl_oset_t implementation.
72
73 Criterion 2) leaves only GL_LINKEDHASH_LIST, GL_TREEHASH_LIST, or
74 GL_TREE_OSET.
75
76 Criterion 3) puts at disadvantage GL_TREEHASH_LIST and GL_TREE_OSET.
77 Namely, iteration through the elements of a binary tree requires access
78 to many ->left, ->right, ->parent pointers. However, the rebalancing
79 code for insertion and deletion in an AVL or red-black tree is so
80 complicated that we cannot assume that >left, ->right, ->parent pointers
81 are in a consistent state throughout these operations. Therefore, to
82 avoid a crash in the signal handler, all destructive operations to the
83 lists would have to be protected by a
84 block_fatal_signals ();
85 ...
86 unblock_fatal_signals ();
87 pair. Which causes extra system calls.
88
89 Criterion 3) would also discourage GL_ARRAY_LIST and GL_CARRAY_LIST,
90 if they were not already excluded. Namely, these implementations use
91 xrealloc(), leaving a time window in which in the list->elements pointer
92 points to already deallocated memory. To avoid a crash in the signal
93 handler at such a moment, all destructive operations would have to
94 protected by block/unblock_fatal_signals (), in this case too.
95
96 A list of type GL_LINKEDHASH_LIST without duplicates fulfills all
97 requirements:
98 2) Insertion and deletion are O(1) on average.
99 3) The gl_list_iterator, gl_list_iterator_next implementations do
100 not trigger memory allocations, nor other system calls, and are
101 therefore safe to be called from a signal handler.
102 Furthermore, since SIGNAL_SAFE_LIST is defined, the implementation
103 of the destructive functions ensures that the list structure is
104 safe to be traversed at any moment, even when interrupted by an
105 asynchronous signal.
106 */
107
108 /* String equality and hash code functions used by the lists. */
109
110 bool
111 clean_temp_string_equals (const void *x1, const void *x2)
112 {
113 const char *s1 = (const char *) x1;
114 const char *s2 = (const char *) x2;
115 return strcmp (s1, s2) == 0;
116 }
117
118 #define SIZE_BITS (sizeof (size_t) * CHAR_BIT)
119
120 /* A hash function for NUL-terminated char* strings using
121 the method described by Bruno Haible.
122 See https://www.haible.de/bruno/hashfunc.html. */
123 size_t
124 clean_temp_string_hash (const void *x)
125 {
126 const char *s = (const char *) x;
127 size_t h = 0;
128
129 for (; *s; s++)
130 h = *s + ((h << 9) | (h >> (SIZE_BITS - 9)));
131
132 return h;
133 }
134
135
136 /* The set of fatal signal handlers.
137 Cached here because we are not allowed to call get_fatal_signal_set ()
138 from a signal handler. */
139 static const sigset_t *fatal_signal_set /* = NULL */;
140
141 static void
142 init_fatal_signal_set (void)
143 {
144 if (fatal_signal_set == NULL)
145 fatal_signal_set = get_fatal_signal_set ();
146 }
147
148
149 /* Close a file descriptor.
150 Avoids race conditions with normal thread code or signal-handler code that
151 might want to close the same file descriptor. */
152 _GL_ASYNC_SAFE int
153 clean_temp_asyncsafe_close (struct closeable_fd *element)
154 {
155 sigset_t saved_mask;
156 int ret;
157 int saved_errno;
158
159 asyncsafe_spin_lock (&element->lock, fatal_signal_set, &saved_mask);
160 if (!element->closed)
161 {
162 ret = close (element->fd);
163 saved_errno = errno;
164 element->closed = true;
165 }
166 else
167 {
168 ret = 0;
169 saved_errno = 0;
170 }
171 asyncsafe_spin_unlock (&element->lock, &saved_mask);
172 element->done = true;
173
174 errno = saved_errno;
175 return ret;
176 }
177 /* Initializations for use of this function. */
178 void
179 clean_temp_init_asyncsafe_close (void)
180 {
181 init_fatal_signal_set ();
182 }
183
184 /* The signal handler. It gets called asynchronously. */
185 static _GL_ASYNC_SAFE void
186 cleanup_action (_GL_UNUSED int sig)
187 {
188 size_t i;
189
190 /* First close all file descriptors to temporary files. */
191 {
192 gl_list_t fds = descriptors;
193
194 if (fds != NULL)
195 {
196 gl_list_iterator_t iter;
197 const void *element;
198
199 iter = gl_list_iterator (fds);
200 while (gl_list_iterator_next (&iter, &element, NULL))
201 {
202 clean_temp_asyncsafe_close ((struct closeable_fd *) element);
203 }
204 gl_list_iterator_free (&iter);
205 }
206 }
207
208 {
209 gl_list_t files = file_cleanup_list;
210
211 if (files != NULL)
212 {
213 gl_list_iterator_t iter;
214 const void *element;
215
216 iter = gl_list_iterator (files);
217 while (gl_list_iterator_next (&iter, &element, NULL))
218 {
219 const char *file = (const char *) element;
220 unlink (file);
221 }
222 gl_list_iterator_free (&iter);
223 }
224 }
225
226 for (i = 0; i < dir_cleanup_list.tempdir_count; i++)
227 {
228 struct tempdir *dir = dir_cleanup_list.tempdir_list[i];
229
230 if (dir != NULL)
231 {
232 gl_list_iterator_t iter;
233 const void *element;
234
235 /* First cleanup the files in the subdirectories. */
236 iter = gl_list_iterator (dir->files);
237 while (gl_list_iterator_next (&iter, &element, NULL))
238 {
239 const char *file = (const char *) element;
240 unlink (file);
241 }
242 gl_list_iterator_free (&iter);
243
244 /* Then cleanup the subdirectories. */
245 iter = gl_list_iterator (dir->subdirs);
246 while (gl_list_iterator_next (&iter, &element, NULL))
247 {
248 const char *subdir = (const char *) element;
249 rmdir (subdir);
250 }
251 gl_list_iterator_free (&iter);
252
253 /* Then cleanup the temporary directory itself. */
254 rmdir (dir->dirname);
255 }
256 }
257 }
258
259
260 /* Set to -1 if initialization of this facility failed. */
261 static int volatile init_failed /* = 0 */;
262
263 /* Initializes this facility. */
264 static void
265 do_clean_temp_init (void)
266 {
267 /* Initialize the data used by the cleanup handler. */
268 init_fatal_signal_set ();
269 /* Register the cleanup handler. */
270 if (at_fatal_signal (&cleanup_action) < 0)
271 init_failed = -1;
272 }
273
274 /* Ensure that do_clean_temp_init is called once only. */
275 gl_once_define(static, clean_temp_once)
276
277 /* Initializes this facility upon first use.
278 Return 0 upon success, or -1 if there was a memory allocation problem. */
279 int
280 clean_temp_init (void)
281 {
282 gl_once (clean_temp_once, do_clean_temp_init);
283 return init_failed;
284 }
285
286
287 /* Remove a file, with optional error message.
288 Return 0 upon success, or -1 if there was some problem. */
289 int
290 clean_temp_unlink (const char *absolute_file_name, bool cleanup_verbose)
291 {
292 if (unlink (absolute_file_name) < 0 && cleanup_verbose
293 && errno != ENOENT)
294 {
295 error (0, errno,
296 _("cannot remove temporary file %s"), absolute_file_name);
297 return -1;
298 }
299 return 0;
300 }
301
302
303 /* ============= Temporary files without temporary directories ============= */
304
305 /* Register the given ABSOLUTE_FILE_NAME as being a file that needs to be
306 removed.
307 Should be called before the file ABSOLUTE_FILE_NAME is created.
308 Return 0 upon success, or -1 if there was a memory allocation problem. */
309 int
310 register_temporary_file (const char *absolute_file_name)
311 {
312 bool mt = gl_multithreaded ();
313
314 if (mt) gl_lock_lock (file_cleanup_list_lock);
315
316 int ret = 0;
317
318 /* Make sure that this facility and the file_cleanup_list are initialized. */
319 if (file_cleanup_list == NULL)
320 {
321 if (clean_temp_init () < 0)
322 {
323 ret = -1;
324 goto done;
325 }
326 file_cleanup_list =
327 gl_list_nx_create_empty (GL_LINKEDHASH_LIST,
328 clean_temp_string_equals,
329 clean_temp_string_hash,
330 NULL, false);
331 if (file_cleanup_list == NULL)
332 {
333 ret = -1;
334 goto done;
335 }
336 }
337
338 /* Add absolute_file_name to file_cleanup_list, without duplicates. */
339 if (gl_list_search (file_cleanup_list, absolute_file_name) == NULL)
340 {
341 char *absolute_file_name_copy = strdup (absolute_file_name);
342 if (absolute_file_name_copy == NULL)
343 {
344 ret = -1;
345 goto done;
346 }
347 if (gl_list_nx_add_first (file_cleanup_list, absolute_file_name_copy)
348 == NULL)
349 {
350 free (absolute_file_name_copy);
351 ret = -1;
352 goto done;
353 }
354 }
355
356 done:
357 if (mt) gl_lock_unlock (file_cleanup_list_lock);
358
359 return ret;
360 }
361
362 /* Unregister the given ABSOLUTE_FILE_NAME as being a file that needs to be
363 removed.
364 Should be called when the file ABSOLUTE_FILE_NAME could not be created. */
365 void
366 unregister_temporary_file (const char *absolute_file_name)
367 {
368 bool mt = gl_multithreaded ();
369
370 if (mt) gl_lock_lock (file_cleanup_list_lock);
371
372 gl_list_t list = file_cleanup_list;
373 if (list != NULL)
374 {
375 gl_list_node_t node = gl_list_search (list, absolute_file_name);
376 if (node != NULL)
377 {
378 char *old_string = (char *) gl_list_node_value (list, node);
379
380 gl_list_remove_node (list, node);
381 free (old_string);
382 }
383 }
384
385 if (mt) gl_lock_unlock (file_cleanup_list_lock);
386 }
387
388 /* Remove the given ABSOLUTE_FILE_NAME and unregister it.
389 CLEANUP_VERBOSE determines whether errors are reported to standard error.
390 Return 0 upon success, or -1 if there was some problem. */
391 int
392 cleanup_temporary_file (const char *absolute_file_name, bool cleanup_verbose)
393 {
394 int err;
395
396 err = clean_temp_unlink (absolute_file_name, cleanup_verbose);
397 unregister_temporary_file (absolute_file_name);
398
399 return err;
400 }