|
package tempfile
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
tmsync "github.com/tendermint/tendermint/libs/sync"
|
|
)
|
|
|
|
const (
|
|
atomicWriteFilePrefix = "write-file-atomic-"
|
|
// Maximum number of atomic write file conflicts before we start reseeding
|
|
// (reduced from golang's default 10 due to using an increased randomness space)
|
|
atomicWriteFileMaxNumConflicts = 5
|
|
// Maximum number of attempts to make at writing the write file before giving up
|
|
// (reduced from golang's default 10000 due to using an increased randomness space)
|
|
atomicWriteFileMaxNumWriteAttempts = 1000
|
|
// LCG constants from Donald Knuth MMIX
|
|
// This LCG's has a period equal to 2**64
|
|
lcgA = 6364136223846793005
|
|
lcgC = 1442695040888963407
|
|
// Create in case it doesn't exist and force kernel
|
|
// flush, which still leaves the potential of lingering disk cache.
|
|
// Never overwrites files
|
|
atomicWriteFileFlag = os.O_WRONLY | os.O_CREATE | os.O_SYNC | os.O_TRUNC | os.O_EXCL
|
|
)
|
|
|
|
var (
|
|
atomicWriteFileRand uint64
|
|
atomicWriteFileRandMu tmsync.Mutex
|
|
)
|
|
|
|
func writeFileRandReseed() uint64 {
|
|
// Scale the PID, to minimize the chance that two processes seeded at similar times
|
|
// don't get the same seed. Note that PID typically ranges in [0, 2**15), but can be
|
|
// up to 2**22 under certain configurations. We left bit-shift the PID by 20, so that
|
|
// a PID difference of one corresponds to a time difference of 2048 seconds.
|
|
// The important thing here is that now for a seed conflict, they would both have to be on
|
|
// the correct nanosecond offset, and second-based offset, which is much less likely than
|
|
// just a conflict with the correct nanosecond offset.
|
|
return uint64(time.Now().UnixNano() + int64(os.Getpid()<<20))
|
|
}
|
|
|
|
// Use a fast thread safe LCG for atomic write file names.
|
|
// Returns a string corresponding to a 64 bit int.
|
|
// If it was a negative int, the leading number is a 0.
|
|
func randWriteFileSuffix() string {
|
|
atomicWriteFileRandMu.Lock()
|
|
r := atomicWriteFileRand
|
|
if r == 0 {
|
|
r = writeFileRandReseed()
|
|
}
|
|
|
|
// Update randomness according to lcg
|
|
r = r*lcgA + lcgC
|
|
|
|
atomicWriteFileRand = r
|
|
atomicWriteFileRandMu.Unlock()
|
|
// Can have a negative name, replace this in the following
|
|
suffix := strconv.Itoa(int(r))
|
|
if string(suffix[0]) == "-" {
|
|
// Replace first "-" with "0". This is purely for UI clarity,
|
|
// as otherwhise there would be two `-` in a row.
|
|
suffix = strings.Replace(suffix, "-", "0", 1)
|
|
}
|
|
return suffix
|
|
}
|
|
|
|
// WriteFileAtomic creates a temporary file with data and provided perm and
|
|
// swaps it atomically with filename if successful.
|
|
func WriteFileAtomic(filename string, data []byte, perm os.FileMode) (err error) {
|
|
// This implementation is inspired by the golang stdlibs method of creating
|
|
// tempfiles. Notable differences are that we use different flags, a 64 bit LCG
|
|
// and handle negatives differently.
|
|
// The core reason we can't use golang's TempFile is that we must write
|
|
// to the file synchronously, as we need this to persist to disk.
|
|
// We also open it in write-only mode, to avoid concerns that arise with read.
|
|
var (
|
|
dir = filepath.Dir(filename)
|
|
f *os.File
|
|
)
|
|
|
|
nconflict := 0
|
|
// Limit the number of attempts to create a file. Something is seriously
|
|
// wrong if it didn't get created after 1000 attempts, and we don't want
|
|
// an infinite loop
|
|
i := 0
|
|
for ; i < atomicWriteFileMaxNumWriteAttempts; i++ {
|
|
name := filepath.Join(dir, atomicWriteFilePrefix+randWriteFileSuffix())
|
|
f, err = os.OpenFile(name, atomicWriteFileFlag, perm)
|
|
// If the file already exists, try a new file
|
|
if os.IsExist(err) {
|
|
// If the files exists too many times, start reseeding as we've
|
|
// likely hit another instances seed.
|
|
if nconflict++; nconflict > atomicWriteFileMaxNumConflicts {
|
|
atomicWriteFileRandMu.Lock()
|
|
atomicWriteFileRand = writeFileRandReseed()
|
|
atomicWriteFileRandMu.Unlock()
|
|
}
|
|
continue
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
break
|
|
}
|
|
if i == atomicWriteFileMaxNumWriteAttempts {
|
|
return fmt.Errorf("could not create atomic write file after %d attempts", i)
|
|
}
|
|
|
|
// Clean up in any case. Defer stacking order is last-in-first-out.
|
|
defer os.Remove(f.Name())
|
|
defer f.Close()
|
|
|
|
if n, err := f.Write(data); err != nil {
|
|
return err
|
|
} else if n < len(data) {
|
|
return io.ErrShortWrite
|
|
}
|
|
// Close the file before renaming it, otherwise it will cause "The process
|
|
// cannot access the file because it is being used by another process." on windows.
|
|
f.Close()
|
|
|
|
return os.Rename(f.Name(), filename)
|
|
}
|