* etc/NEWS: Document this.
* nt/inc/unistd.h (O_NOFOLLOW): New macro.
* src/filelock.c: Include <c-ctype.h>.
(MAX_LFINFO): New top-level constant.
(lock_info_type): Remove members pid, boot_time. Add members at,
dot, colon. Change user member to be the entire buffer, not a
pointer. This allows us to handle the case where a foreign
pid or boot time exceeds the local range. All uses changed.
(LINKS_MIGHT_NOT_WORK): New constant.
(FREE_LOCK_INFO): Remove, as the pieces no longer need freeing.
(defined_WINDOWSNT): Remove.
(MAKE_LOCK_NAME, file_in_lock_file_name):
Always use .#FILE (not .#-FILE) for the file lock,
even if it is a regular file.
(rename_lock_file): New function.
(create_lock_file): Use it.
(create_lock_file, read_lock_data):
Prefer a symbolic link for the lock file, falling back on a
regular file if symlinks don't work. Do not try to create
symlinks on MS-Windows, due to security hassles. Stick with
POSIXish functions (open, read, write, close, fchmod, readlink, symlink,
link, rename, unlink, mkstemp) when creating locks, as a GNUish
host may be using a Windowsish file system, and cannot use
MS-Windows-only system calls. Fall back on mktemp if mkstemp
doesn't work. Don't fail merely because of a symlink-contents
length limit in the current file system; fall back on regular
files. Increase the symlink contents length limit to 8 KiB, this
should be big enough for any real use and doesn't crunch the
stack.
(create_lock_file, lock_file_1, read_lock_data):
Simplify allocation of lock file buffers now that they fit in 8 KiB.
(lock_file_1): Return error number, not bool. All callers changed.
(ELOOP): New macro, if not already defined.
(read_lock_data): Return size of lock file contents, not Lisp object.
All callers changed. Handle a race condition if some other process
replaces a regular-file lock with a symlink lock or vice versa,
while we're trying to read the lock.
(current_lock_owner): Parse contents more carefully, to help avoid
confusing a regular-file lock with some other application's use
of the file. Check for lock file contents being too long, or
not parsing correctly.
(current_lock_owner, lock_file):
Allow foreign pid and boot times that exceed the local range.
(current_lock_owner, lock_if_free, lock_file):
Simplify allocation of lock file contents.
* src/w32.c (sys_rename_replace): New function, containing most of
the contents of the old sys_rename.
(sys_rename): Use it.
(fchmod): New dummy function.
* src/w32.h (sys_rename_replace, fchmod): New decls.
Fixes: debbugs:13807
src/filelock.c [WINDOWSNT]: Include w32.h.
(MAKE_LOCK_NAME): Don't use 'lock', it clashes with MS runtime
function of that name. Up-case the macro arguments.
(IS_LOCK_FILE): New macro.
(fill_in_lock_file_name): Use IS_LOCK_FILE instead of S_ISLNK.
(create_lock_file): New function, with body extracted from
lock_file_1.
[WINDOWSNT]: Implement lock files by writing a regular file with
the lock information as its contents.
(read_lock_data): New function, on Posix platforms just calls
emacs_readlinkat.
[WINDOWSNT]: Read the lock info from the file.
(current_lock_owner): Call read_lock_data instead of calling
emacs_readlinkat directly.
(lock_file) [WINDOWSNT]: Run the file name through
dostounix_filename.
src/w32proc.c (sys_kill): Support the case of SIG = 0, in which case
just check if the process by that PID exists.
src/w32.c (sys_open): Don't reset the _O_CREAT flag if _O_EXCL is
also present, as doing so will fail to error out if the file
already exists.
src/makefile.w32-in ($(BLD)/filelock.$(O)): Depend on src/w32.h.
nt/inc/ms-w32.h (BOOT_TIME_FILE): Define.
nt/config.nt (CLASH_DETECTION): Define to 1.
lisp/emacs-lisp/bytecomp.el (byte-recompile-directory): Reject files
that match "\`\.#", to avoid compiling lock files, even if they
are readable (as they are on MS-Windows).
doc/emacs/files.texi (Interlocking): Don't refer to symlinks as the
exclusive means of locking files.
etc/NEWS: Mention support for lock files on MS-Windows.
On my host, this speeds up directory-files-and-attributes by a
factor of 3, when applied to Emacs's src directory.
These functions are standardized by POSIX and are common these
days; fall back on a (slower) gnulib implementation if the host
is too old to supply them.
* .bzrignore: Add lib/dirent.h.
* lib/Makefile.am (libgnu_a_SOURCES): Add openat-die.c, save-cwd.c.
* lib/careadlinkat.c, lib/careadlinkat.h: Merge from gnulib,
incorporating: 2013-01-29 careadlinkat: do not provide careadlinkatcwd.
* lib/gnulib.mk, m4/gnulib-comp.m4: Regenerate.
* lib/dirent.in.h, lib/fdopendir.c, lib/fstatat.c, lib/openat-priv.h:
* lib/openat-proc.c, lib/openat.h, m4/dirent_h.m4, m4/fdopendir.m4:
* m4/fstatat.m4: New files, from gnulib.
* lib/openat-die.c, lib/save-cwd.c, lib/save-cwd.h: New files.
These last three are specific to Emacs and are not copied from gnulib.
They are simpler than the gnulib versions and are tuned for Emacs.
* admin/merge-gnulib (GNULIB_MODULES): Add fdopendir, fstatat, readlinkat.
(GNULIB_TOOL_FLAGS): Do not avoid at-internal, openat-h.
Avoid dup, open, opendir.
* nt/inc/sys/stat.h (fstatat):
* nt/inc/unistd.h (readlinkat): New decls.
* src/conf_post.h (GNULIB_SUPPORT_ONLY_AT_FDCWD): Remove.
* src/dired.c: Include <fcntl.h>.
(open_directory): New function, which uses open and fdopendir
rather than opendir. DOS_NT platforms still use opendir, though.
(directory_files_internal, file_name_completion): Use it.
(file_attributes): New function, with most of the old Ffile_attributes.
(directory_files_internal, Ffile_attributes): Use it.
(file_attributes, file_name_completion_stat): First arg is now fd,
not dir name. All uses changed. Use fstatat rather than lstat +
stat.
(file_attributes): Use emacs_readlinkat rather than Ffile_symlink_p.
* src/fileio.c: Include <allocator.h>, <careadlinkat.h>.
(emacs_readlinkat): New function, with much of the old
Ffile_symlink_p, but with an fd argument for speed.
It uses readlinkat rather than careadlinkatcwd, so that it
need not assume the working directory.
(Ffile_symlink_p): Use it.
* src/filelock.c (current_lock_owner): Use emacs_readlinkat
rather than emacs_readlink.
* src/lisp.h (emacs_readlinkat): New decl.
(READLINK_BUFSIZE, emacs_readlink): Remove.
* src/sysdep.c: Do not include <allocator.h>, <careadlinkat.h>.
(emacs_norealloc_allocator, emacs_readlink): Remove.
This stuff is moved to fileio.c.
* src/w32.c (fstatat, readlinkat): New functions.
(careadlinkat): Don't check that fd == AT_FDCWD.
(careadlinkatcwd): Remove; no longer needed.
Fixes: debbugs:13539
nt/inc/sys/stat.h (S_ISMPX): Define to zero, to accommodate changes
in lib/filemode.c that broke the MS-Windows build.
Suggested by Andy Moreton <andrewjmoreton@gmail.com>.
src/w32.c: Include sddl.h and sys/acl.h.
(SDDL_REVISION_1): Define if not already defined.
(g_b_init_get_security_descriptor_dacl)
(g_b_init_convert_sd_to_sddl, g_b_init_convert_sddl_to_sd)
(g_b_init_is_valid_security_descriptor)
(g_b_init_set_file_security): New static flags.
(globals_of_w32): Initialize them to zero.
(SetFileSecurity_Name): New string constant.
(SetFileSecurity_Proc, GetSecurityDescriptorDacl_Proc)
(ConvertStringSecurityDescriptorToSecurityDescriptor_Proc)
(ConvertSecurityDescriptorToStringSecurityDescriptor_Proc)
(IsValidSecurityDescriptor_Proc): New typedefs.
(get_file_security, get_security_descriptor_owner)
(get_security_descriptor_group): Set errno to ENOTSUP.
(set_file_security, get_security_descriptor_dacl)
(is_valid_security_descriptor, convert_sd_to_sddl)
(convert_sddl_to_sd, acl_valid, acl_to_text, acl_from_text)
(acl_free, acl_get_file, acl_set_file): New functions.
src/fileio.c (Fcopy_file) [WINDOWSNT]: Support copying ACLs.
nt/inc/sys/acl.h: New file.
nt/inc/ms-w32.h (ENOTSUP): Define if undefined.
nt/config.nt (HAVE_POSIX_ACL): Define.
doc/lispref/files.texi (File Attributes, Changing Files): Update to include
MS-Windows support for ACLs.
src/w32.h (_child_process): New members input_file and
pending_deletion.
(register_child): First argument is now pid_t.
(record_infile, record_pending_deletion): New prototypes.
src/w32proc.c (new_child): Initialize input_file and
pending_deletion members of the child.
(delete_child): Delete the child's temporary input file, if any,
that is pending deletion.
(register_child): First argument is now pid_t.
(record_infile, record_pending_deletion): New functions.
(reap_subprocess): Fix a typo in DebPrint string.
(sys_spawnve, sys_kill): Use pid_t for PID arguments.
src/fileio.c (internal_delete_file): Return an int again: non-zero
if delete-file succeeds, zero otherwise.
src/lisp.h (internal_delete_file): Adjust prototype.
src/callproc.c (Fcall_process): Don't overwrite infile with result
of DECODE_FILE.
[WINDOWSNT] If BUFFER is an integer, i.e. we are launching an
asynchronous subprocess, record the name of the input file name,
if any.
(delete_temp_file) [WINDOWSNT]: If internal_delete_file fails to
delete the file, record it as pending deletion when the subprocess
exits.
nt/inc/ms-w32.h (sys_unlink): Provide prototype.
src/w32.c (stat_worker): If w32_stat_get_owner_group is zero, do not
try to get accurate owner and group information from NT file
security APIs. This is to make most callers of 'stat' and
'lstat', which don't need that information, much faster.
src/dired.c (Ffile_attributes) [WINDOWSNT]: Set
w32_stat_get_owner_group to a non-zero value, to request accurate
owner and group information from 'lstat'.
nt/inc/sys/stat.h: Declare w32_stat_get_owner_group.
This is a backport from the trunk, consisting of:
2012-11-17 Eli Zaretskii <eliz@gnu.org>
* nt/inc/sys/wait.h: New file, with prototype of waitpid and
definitions of macros it needs.
* nt/inc/ms-w32.h (wait): Don't define, 'wait' is not used anymore.
(sys_wait): Remove prototype.
* nt/config.nt (HAVE_SYS_WAIT_H): Define to 1.
* src/w32proc.c (create_child): Don't clip the PID of the child
process to fit into an Emacs integer, as this is no longer a
restriction.
(waitpid): Rename from sys_wait. Emulate a Posix 'waitpid' by
reaping only the process specified by PID argument, if that is
positive. Use PID instead of dead_child to know which process to
reap. Wait for the child to die only if WNOHANG is not in
OPTIONS.
(sys_select): Don't set dead_child.
* src/sysdep.c (wait_for_termination_1): Remove the WINDOWSNT portion,
as it is no longer needed.
* src/process.c (waitpid, WUNTRACED) [!WNOHANG]: Remove definitions,
no longer needed.
(record_child_status_change): Remove the setting of
record_at_most_one_child for the !WNOHANG case.
2012-11-03 Paul Eggert <eggert@cs.ucla.edu>
Fix a race condition that causes Emacs to mess up glib (Bug#8855).
This is a backport from the trunk.
The symptom is a diagnostic "GLib-WARNING **: In call to
g_spawn_sync(), exit status of a child process was requested but
SIGCHLD action was set to SIG_IGN and ECHILD was received by
waitpid(), so exit status can't be returned." The diagnostic
is partly wrong, as the SIGCHLD action is not set to SIG_IGN.
The real bug is a race condition between Emacs and glib: Emacs
does a waitpid (-1, ...) and reaps glib's subprocess by mistake,
so that glib can't find it. Work around the bug by invoking
waitpid only on subprocesses that Emacs itself creates.
* src/process.c (create_process, record_child_status_change):
Don't use special value -1 in pid field, as the caller now must
know the pid rather than having the callee infer it. The
inference was sometimes incorrect anyway, due to another race.
(create_process): Set new 'alive' member if child is created.
(process_status_retrieved): New function.
(record_child_status_change): Use it.
Accept negative 1st argument, which means to wait for the
processes that Emacs already knows about. Move special-case code
for DOS_NT (which lacks WNOHANG) here, from caller. Keep track of
processes that have already been waited for, by testing and
clearing new 'alive' member.
(CAN_HANDLE_MULTIPLE_CHILDREN): Remove, as record_child_status_change
now does this internally.
(handle_child_signal): Let record_child_status_change do all
the work, since we do not want to reap all exited child processes,
only the child processes that Emacs itself created.
* src/process.h (Lisp_Process): New boolean member 'alive'.
* admin/CPP-DEFINES (HAVE_CLOSEDIR, HAVE_DIRENT_H): Remove.
* admin/notes/copyright: Adjust to src/ndir.h -> nt/inc/dirent.h renaming.
* configure.ac: Do not check for dirent.h or closdir.
* nt/inc/dirent.h: Rename from ../src/ndir.h, with these changes:
(struct dirent): Rename from struct direct. All uses changed.
* nt/inc/sys/dir.h: Remove.
* src/dired.c: Assume HAVE_DIRENT_H.
(NAMLEN): Remove, replacing with ...
(dirent_namelen): New function. All uses changed. Use the GNU macro
_D_EXACT_NAMELEN if available, as it's faster than strlen.
(DIRENTRY): Remove, replacing all uses with 'struct dirent'.
(DIRENTRY_NONEMPTY): Remove. All callers now assume it's nonzero.
* src/makefile.w32-in (DIR_H): Remove. All uses replaced with
$(NT_INC)/dirent.h.
($(BLD)/w32.$(O)): Do not depend on $(SRC)/ndir.h.
* src/ndir.h: Rename to ../nt/inc/dirent.h.
* src/sysdep.h (closedir) [!HAVE_CLOSEDIR]: Remove.
Do not include <dirent.h>; no longer needed.
* src/w32.c: Include <dirent.h> rather than "ndir.h".
Fixes: debbugs:12958