cargo/util/cache_lock.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548
//! Support for locking the package and index caches.
//!
//! This implements locking on the package and index caches (source files,
//! `.crate` files, and index caches) to coordinate when multiple cargos are
//! running at the same time.
//!
//! ## Usage
//!
//! There is a global [`CacheLocker`] held inside cargo's venerable
//! [`GlobalContext`]. The `CacheLocker` manages creating and tracking the locks
//! being held. There are methods on [`GlobalContext`] for managing the locks:
//!
//! - [`GlobalContext::acquire_package_cache_lock`] --- Acquires a lock. May block if
//! another process holds a lock.
//! - [`GlobalContext::try_acquire_package_cache_lock`] --- Acquires a lock, returning
//! immediately if it would block.
//! - [`GlobalContext::assert_package_cache_locked`] --- This is used to ensure the
//! proper lock is being held.
//!
//! Lower-level code that accesses the package cache typically just use
//! `assert_package_cache_locked` to ensure that the correct lock is being
//! held. Higher-level code is responsible for acquiring the appropriate lock,
//! and holding it during the duration that it is performing its operation.
//!
//! ## Types of locking
//!
//! There are three styles of locks:
//!
//! * [`CacheLockMode::DownloadExclusive`] -- This is an exclusive lock
//! acquired while downloading packages and doing resolution.
//! * [`CacheLockMode::Shared`] -- This is a shared lock acquired while a
//! build is running. In other words, whenever cargo just needs to read from
//! the cache, it should hold this lock. This is here to ensure that no
//! cargos are trying to read the source caches when cache garbage
//! collection runs.
//! * [`CacheLockMode::MutateExclusive`] -- This is an exclusive lock acquired
//! whenever needing to modify existing source files (for example, with
//! cache garbage collection). This is acquired to make sure that no other
//! cargo is reading from the cache.
//!
//! Importantly, a `DownloadExclusive` lock does *not* interfere with a
//! `Shared` lock. The download process generally does not modify source files
//! (it only adds new ones), so other cargos should be able to safely proceed
//! in reading source files[^1].
//!
//! See the [`CacheLockMode`] enum docs for more details on when the different
//! modes should be used.
//!
//! ## Locking implementation details
//!
//! This is implemented by two separate lock files, the "download" one and the
//! "mutate" one. The `MutateExclusive` lock acquired both the "mutate" and
//! "download" locks. The `Shared` lock acquires the "mutate" lock in share
//! mode.
//!
//! An important rule is that `MutateExclusive` acquires the locks in the
//! order "mutate" first and then the "download". That helps prevent
//! deadlocks. It is not allowed for a cargo to first acquire a
//! `DownloadExclusive` lock and then a `Shared` lock because that would open
//! it up for deadlock.
//!
//! Another rule is that there should be only one [`CacheLocker`] per process
//! to uphold the ordering rules. You could in theory have multiple if you
//! could ensure that other threads would make progress and drop a lock, but
//! cargo is not architected that way.
//!
//! It is safe to recursively acquire a lock as many times as you want.
//!
//! ## Interaction with older cargos
//!
//! Before version 1.74, cargo only acquired the `DownloadExclusive` lock when
//! downloading and doing resolution. Newer cargos that acquire
//! `MutateExclusive` should still correctly block when an old cargo is
//! downloading (because it also acquires `DownloadExclusive`), but they do
//! not properly coordinate when an old cargo is in the build phase (because
//! it holds no locks). This isn't expected to be much of a problem because
//! the intended use of mutating the cache is only to delete old contents
//! which aren't currently being used. It is possible for there to be a
//! conflict, particularly if the user manually deletes the entire cache, but
//! it is not expected for this scenario to happen too often, and the only
//! consequence is that one side or the other encounters an error and needs to
//! retry.
//!
//! [^1]: A minor caveat is that downloads will delete an existing `src`
//! directory if it was extracted via an old cargo. See
//! [`crate::sources::registry::RegistrySource::unpack_package`]. This
//! should probably be fixed, but is unlikely to be a problem if the user is
//! only using versions of cargo with the same deletion logic.
use super::FileLock;
use crate::CargoResult;
use crate::GlobalContext;
use anyhow::Context as _;
use std::cell::RefCell;
use std::io;
/// The style of lock to acquire.
#[derive(Copy, Clone, Debug, PartialEq)]
pub enum CacheLockMode {
/// A `DownloadExclusive` lock ensures that only one cargo is doing
/// resolution and downloading new packages.
///
/// You should use this when downloading new packages or doing resolution.
///
/// If another cargo has a `MutateExclusive` lock, then an attempt to get
/// a `DownloadExclusive` lock will block.
///
/// If another cargo has a `Shared` lock, then both can operate
/// concurrently.
DownloadExclusive,
/// A `Shared` lock allows multiple cargos to read from the source files.
///
/// You should use this when cargo is reading source files from the
/// package cache. This is typically done during the build phase, since
/// cargo only needs to read files during that time. This allows multiple
/// cargo processes to build concurrently without interfering with one
/// another, while guarding against other cargos using `MutateExclusive`.
///
/// If another cargo has a `MutateExclusive` lock, then an attempt to get
/// a `Shared` will block.
///
/// If another cargo has a `DownloadExclusive` lock, then they both can
/// operate concurrently under the assumption that downloading does not
/// modify existing source files.
Shared,
/// A `MutateExclusive` lock ensures no other cargo is reading or writing
/// from the package caches.
///
/// You should use this when modifying existing files in the package
/// cache. For example, things like garbage collection want to avoid
/// deleting files while other cargos are trying to read (`Shared`) or
/// resolve or download (`DownloadExclusive`).
///
/// If another cargo has a `DownloadExclusive` or `Shared` lock, then this
/// will block until they all release their locks.
MutateExclusive,
}
/// Whether or not a lock attempt should block.
#[derive(Copy, Clone)]
enum BlockingMode {
Blocking,
NonBlocking,
}
use BlockingMode::*;
/// Whether or not a lock attempt blocked or succeeded.
#[derive(PartialEq, Copy, Clone)]
#[must_use]
enum LockingResult {
LockAcquired,
WouldBlock,
}
use LockingResult::*;
/// A file lock, with a counter to assist with recursive locking.
#[derive(Debug)]
struct RecursiveLock {
/// The file lock.
///
/// An important note is that locks can be `None` even when they are held.
/// This can happen on things like old NFS mounts where locking isn't
/// supported. We otherwise pretend we have a lock via the lock count. See
/// [`FileLock`] for more detail on that.
lock: Option<FileLock>,
/// Number locks held, to support recursive locking.
count: u32,
/// If this is `true`, it is an exclusive lock, otherwise it is shared.
is_exclusive: bool,
/// The filename of the lock.
filename: &'static str,
}
impl RecursiveLock {
fn new(filename: &'static str) -> RecursiveLock {
RecursiveLock {
lock: None,
count: 0,
is_exclusive: false,
filename,
}
}
/// Low-level lock count increment routine.
fn increment(&mut self) {
self.count = self.count.checked_add(1).unwrap();
}
/// Unlocks a previously acquired lock.
fn decrement(&mut self) {
let new_cnt = self.count.checked_sub(1).unwrap();
self.count = new_cnt;
if new_cnt == 0 {
// This will drop, releasing the lock.
self.lock = None;
}
}
/// Acquires a shared lock.
fn lock_shared(
&mut self,
gctx: &GlobalContext,
description: &'static str,
blocking: BlockingMode,
) -> LockingResult {
match blocking {
Blocking => {
self.lock_shared_blocking(gctx, description);
LockAcquired
}
NonBlocking => self.lock_shared_nonblocking(gctx),
}
}
/// Acquires a shared lock, blocking if held by another locker.
fn lock_shared_blocking(&mut self, gctx: &GlobalContext, description: &'static str) {
if self.count == 0 {
self.is_exclusive = false;
self.lock = match gctx
.home()
.open_ro_shared_create(self.filename, gctx, description)
{
Ok(lock) => Some(lock),
Err(e) => {
// There is no error here because locking is mostly a
// best-effort attempt. If cargo home is read-only, we don't
// want to fail just because we couldn't create the lock file.
tracing::warn!("failed to acquire cache lock {}: {e:?}", self.filename);
None
}
};
}
self.increment();
}
/// Acquires a shared lock, returns [`WouldBlock`] if held by another locker.
fn lock_shared_nonblocking(&mut self, gctx: &GlobalContext) -> LockingResult {
if self.count == 0 {
self.is_exclusive = false;
self.lock = match gctx.home().try_open_ro_shared_create(self.filename) {
Ok(Some(lock)) => Some(lock),
Ok(None) => {
return WouldBlock;
}
Err(e) => {
// Pretend that the lock was acquired (see lock_shared_blocking).
tracing::warn!("failed to acquire cache lock {}: {e:?}", self.filename);
None
}
};
}
self.increment();
LockAcquired
}
/// Acquires an exclusive lock.
fn lock_exclusive(
&mut self,
gctx: &GlobalContext,
description: &'static str,
blocking: BlockingMode,
) -> CargoResult<LockingResult> {
if self.count > 0 && !self.is_exclusive {
// Lock upgrades are dicey. It might be possible to support
// this but would take a bit of work, and so far it isn't
// needed.
panic!("lock upgrade from shared to exclusive not supported");
}
match blocking {
Blocking => {
self.lock_exclusive_blocking(gctx, description)?;
Ok(LockAcquired)
}
NonBlocking => self.lock_exclusive_nonblocking(gctx),
}
}
/// Acquires an exclusive lock, blocking if held by another locker.
fn lock_exclusive_blocking(
&mut self,
gctx: &GlobalContext,
description: &'static str,
) -> CargoResult<()> {
if self.count == 0 {
self.is_exclusive = true;
match gctx
.home()
.open_rw_exclusive_create(self.filename, gctx, description)
{
Ok(lock) => self.lock = Some(lock),
Err(e) => {
if maybe_readonly(&e) {
// This is a best-effort attempt to at least try to
// acquire some sort of lock. This can help in the
// situation where this cargo only has read-only access,
// but maybe some other cargo has read-write. This will at
// least attempt to coordinate with it.
//
// We don't want to fail on a read-only mount because
// cargo grabs an exclusive lock in situations where it
// may only be reading from the package cache. In that
// case, cargo isn't writing anything, and we don't want
// to fail on that.
self.lock_shared_blocking(gctx, description);
// This has to pretend it is exclusive for recursive locks to work.
self.is_exclusive = true;
return Ok(());
} else {
return Err(e).context("failed to acquire package cache lock");
}
}
}
}
self.increment();
Ok(())
}
/// Acquires an exclusive lock, returns [`WouldBlock`] if held by another locker.
fn lock_exclusive_nonblocking(&mut self, gctx: &GlobalContext) -> CargoResult<LockingResult> {
if self.count == 0 {
self.is_exclusive = true;
match gctx.home().try_open_rw_exclusive_create(self.filename) {
Ok(Some(lock)) => self.lock = Some(lock),
Ok(None) => return Ok(WouldBlock),
Err(e) => {
if maybe_readonly(&e) {
let result = self.lock_shared_nonblocking(gctx);
// This has to pretend it is exclusive for recursive locks to work.
self.is_exclusive = true;
return Ok(result);
} else {
return Err(e).context("failed to acquire package cache lock");
}
}
}
}
self.increment();
Ok(LockAcquired)
}
}
/// The state of the [`CacheLocker`].
#[derive(Debug)]
struct CacheState {
/// The cache lock guards the package cache used for download and
/// resolution (append operations that should not interfere with reading
/// from existing src files).
cache_lock: RecursiveLock,
/// The mutate lock is used to either guard the entire package cache for
/// destructive modifications (in exclusive mode), or for reading the
/// package cache src files (in shared mode).
///
/// Note that [`CacheLockMode::MutateExclusive`] holds both
/// [`CacheState::mutate_lock`] and [`CacheState::cache_lock`].
mutate_lock: RecursiveLock,
}
impl CacheState {
fn lock(
&mut self,
gctx: &GlobalContext,
mode: CacheLockMode,
blocking: BlockingMode,
) -> CargoResult<LockingResult> {
use CacheLockMode::*;
if mode == Shared && self.cache_lock.count > 0 && self.mutate_lock.count == 0 {
// Shared lock, when a DownloadExclusive is held.
//
// This isn't supported because it could cause a deadlock. If
// one cargo is attempting to acquire a MutateExclusive lock,
// and acquires the mutate lock, but is blocked on the
// download lock, and the cargo that holds the download lock
// attempts to get a shared lock, they would end up blocking
// each other.
panic!("shared lock while holding download lock is not allowed");
}
match mode {
Shared => {
if self.mutate_lock.lock_shared(gctx, SHARED_DESCR, blocking) == WouldBlock {
return Ok(WouldBlock);
}
}
DownloadExclusive => {
if self
.cache_lock
.lock_exclusive(gctx, DOWNLOAD_EXCLUSIVE_DESCR, blocking)?
== WouldBlock
{
return Ok(WouldBlock);
}
}
MutateExclusive => {
if self
.mutate_lock
.lock_exclusive(gctx, MUTATE_EXCLUSIVE_DESCR, blocking)?
== WouldBlock
{
return Ok(WouldBlock);
}
// Part of the contract of MutateExclusive is that it doesn't
// allow any processes to have a lock on the package cache, so
// this acquires both locks.
match self
.cache_lock
.lock_exclusive(gctx, DOWNLOAD_EXCLUSIVE_DESCR, blocking)
{
Ok(LockAcquired) => {}
Ok(WouldBlock) => return Ok(WouldBlock),
Err(e) => {
self.mutate_lock.decrement();
return Err(e);
}
}
}
}
Ok(LockAcquired)
}
}
/// A held lock guard.
///
/// When this is dropped, the lock will be released.
#[must_use]
pub struct CacheLock<'lock> {
mode: CacheLockMode,
locker: &'lock CacheLocker,
}
impl Drop for CacheLock<'_> {
fn drop(&mut self) {
use CacheLockMode::*;
let mut state = self.locker.state.borrow_mut();
match self.mode {
Shared => {
state.mutate_lock.decrement();
}
DownloadExclusive => {
state.cache_lock.decrement();
}
MutateExclusive => {
state.cache_lock.decrement();
state.mutate_lock.decrement();
}
}
}
}
/// The filename for the [`CacheLockMode::DownloadExclusive`] lock.
const CACHE_LOCK_NAME: &str = ".package-cache";
/// The filename for the [`CacheLockMode::MutateExclusive`] and
/// [`CacheLockMode::Shared`] lock.
const MUTATE_NAME: &str = ".package-cache-mutate";
// Descriptions that are displayed in the "Blocking" message shown to the user.
const SHARED_DESCR: &str = "shared package cache";
const DOWNLOAD_EXCLUSIVE_DESCR: &str = "package cache";
const MUTATE_EXCLUSIVE_DESCR: &str = "package cache mutation";
/// A locker that can be used to acquire locks.
///
/// See the [`crate::util::cache_lock`] module documentation for an overview
/// of how cache locking works.
#[derive(Debug)]
pub struct CacheLocker {
/// The state of the locker.
///
/// [`CacheLocker`] uses interior mutability because it is stuffed inside
/// [`GlobalContext`], which does not allow mutation.
state: RefCell<CacheState>,
}
impl CacheLocker {
/// Creates a new `CacheLocker`.
pub fn new() -> CacheLocker {
CacheLocker {
state: RefCell::new(CacheState {
cache_lock: RecursiveLock::new(CACHE_LOCK_NAME),
mutate_lock: RecursiveLock::new(MUTATE_NAME),
}),
}
}
/// Acquires a lock with the given mode, possibly blocking if another
/// cargo is holding the lock.
pub fn lock(&self, gctx: &GlobalContext, mode: CacheLockMode) -> CargoResult<CacheLock<'_>> {
let mut state = self.state.borrow_mut();
let _ = state.lock(gctx, mode, Blocking)?;
Ok(CacheLock { mode, locker: self })
}
/// Acquires a lock with the given mode, returning `None` if another cargo
/// is holding the lock.
pub fn try_lock(
&self,
gctx: &GlobalContext,
mode: CacheLockMode,
) -> CargoResult<Option<CacheLock<'_>>> {
let mut state = self.state.borrow_mut();
if state.lock(gctx, mode, NonBlocking)? == LockAcquired {
Ok(Some(CacheLock { mode, locker: self }))
} else {
Ok(None)
}
}
/// Returns whether or not a lock is held for the given mode in this locker.
///
/// This does not tell you whether or not it is locked in some other
/// locker (such as in another process).
///
/// Note that `Shared` will return true if a `MutateExclusive` lock is
/// held, since `MutateExclusive` is just an upgraded `Shared`. Likewise,
/// `DownloadExclusive` will return true if a `MutateExclusive` lock is
/// held since they overlap.
pub fn is_locked(&self, mode: CacheLockMode) -> bool {
let state = self.state.borrow();
match (
mode,
state.cache_lock.count,
state.mutate_lock.count,
state.mutate_lock.is_exclusive,
) {
(CacheLockMode::Shared, _, 1.., _) => true,
(CacheLockMode::MutateExclusive, _, 1.., true) => true,
(CacheLockMode::DownloadExclusive, 1.., _, _) => true,
_ => false,
}
}
}
/// Returns whether or not the error appears to be from a read-only filesystem.
fn maybe_readonly(err: &anyhow::Error) -> bool {
err.chain().any(|err| {
if let Some(io) = err.downcast_ref::<io::Error>() {
if io.kind() == io::ErrorKind::PermissionDenied {
return true;
}
#[cfg(unix)]
return io.raw_os_error() == Some(libc::EROFS);
}
false
})
}