[CAS] Avoid using mmap for storeFromOpenFileImpl

akyrtzi · akyrtzi · commit 14ee8b918ff2 · 2023-02-24T16:18:09.000-08:00
`mmap` is unsafe since the contents of the mapped region may change after we get the contents digest.
This manifested as an issue in linux, where all the tests doing

```
llvm-cas --cas %t/cas --ingest --data %t
```

were ingesting the files of the CAS directory itself, and were creating invalid objects.
diff --git a/llvm/include/llvm/CAS/ObjectStore.h b/llvm/include/llvm/CAS/ObjectStore.h
@@ -172,7 +172,7 @@ class ObjectStore {
   /// Get ObjectRef from open file.
   virtual Expected<ObjectRef>
   storeFromOpenFileImpl(sys::fs::file_t FD,
-                        Optional<sys::fs::file_status> Status) = 0;
+                        Optional<sys::fs::file_status> Status);
 
   /// Get a lifetime-extended StringRef pointing at \p Data.
   ///
@@ -246,6 +246,9 @@ class ObjectStore {
     return Data.size();
   }
 
+  /// Validate the whole node tree.
+  Error validateTree(ObjectRef Ref);
+
   /// Print the ObjectStore internals for debugging purpose.
   virtual void print(raw_ostream &) const {}
   void dump() const;
diff --git a/llvm/lib/CAS/BuiltinCAS.cpp b/llvm/lib/CAS/BuiltinCAS.cpp
@@ -49,57 +49,6 @@ const BuiltinCASContext &BuiltinCASContext::getDefaultContext() {
   return DefaultContext;
 }
 
-static size_t getPageSize() {
-  static int PageSize = sys::Process::getPageSizeEstimate();
-  return PageSize;
-}
-
-Expected<ObjectRef>
-BuiltinCAS::storeFromOpenFileImpl(sys::fs::file_t FD,
-                                  Optional<sys::fs::file_status> Status) {
-  int PageSize = getPageSize();
-
-  if (!Status) {
-    Status.emplace();
-    if (std::error_code EC = sys::fs::status(FD, *Status))
-      return errorCodeToError(EC);
-  }
-
-  constexpr size_t MinMappedSize = 4 * 4096;
-  auto readWithStream = [&]() -> Expected<ObjectRef> {
-    // FIXME: MSVC: SmallString<MinMappedSize * 2>
-    SmallString<4 * 4096 * 2> Data;
-    if (Error E = sys::fs::readNativeFileToEOF(FD, Data, MinMappedSize))
-      return std::move(E);
-    return store(None, makeArrayRef(Data.data(), Data.size()));
-  };
-
-  // Check whether we can trust the size from stat.
-  if (Status->type() != sys::fs::file_type::regular_file &&
-      Status->type() != sys::fs::file_type::block_file)
-    return readWithStream();
-
-  if (Status->getSize() < MinMappedSize)
-    return readWithStream();
-
-  std::error_code EC;
-  sys::fs::mapped_file_region Map(FD, sys::fs::mapped_file_region::readonly,
-                                  Status->getSize(),
-                                  /*offset=*/0, EC);
-  if (EC)
-    return errorCodeToError(EC);
-
-  // If the file is guaranteed to be null-terminated, use it directly. Note
-  // that the file size may have changed from ::stat if this file is volatile,
-  // so we need to check for an actual null character at the end.
-  ArrayRef<char> Data(Map.data(), Map.size());
-  HashType ComputedHash =
-      BuiltinObjectHasher<HasherT>::hashObject(*this, None, Data);
-  if (!isAligned(Align(PageSize), Data.size()) && Data.end()[0] == 0)
-    return storeFromNullTerminatedRegion(ComputedHash, std::move(Map));
-  return storeImpl(ComputedHash, None, Data);
-}
-
 Expected<ObjectRef> BuiltinCAS::store(ArrayRef<ObjectRef> Refs,
                                       ArrayRef<char> Data) {
   return storeImpl(BuiltinObjectHasher<HasherT>::hashObject(*this, Refs, Data),
diff --git a/llvm/lib/CAS/BuiltinCAS.h b/llvm/lib/CAS/BuiltinCAS.h
@@ -96,9 +96,6 @@ class BuiltinCAS : public ObjectStore {
                                         ArrayRef<ObjectRef> Refs,
                                         ArrayRef<char> Data) = 0;
 
-  Expected<ObjectRef>
-  storeFromOpenFileImpl(sys::fs::file_t FD,
-                        Optional<sys::fs::file_status> Status) override;
   virtual Expected<ObjectRef>
   storeFromNullTerminatedRegion(ArrayRef<uint8_t> ComputedHash,
                                 sys::fs::mapped_file_region Map) {
diff --git a/llvm/lib/CAS/HierarchicalTreeBuilder.cpp b/llvm/lib/CAS/HierarchicalTreeBuilder.cpp
@@ -255,5 +255,12 @@ Expected<ObjectProxy> HierarchicalTreeBuilder::create(ObjectStore &CAS) {
     T->Ref = ExpectedTree->getRef();
   }
 
-  return cantFail(CAS.getProxy(*Root.Ref));
+  Expected<ObjectProxy> Obj = cantFail(CAS.getProxy(*Root.Ref));
+#ifndef NDEBUG
+  if (Obj) {
+    if (Error E = CAS.validateTree(Obj->getRef()))
+      return std::move(E);
+  }
+#endif
+  return Obj;
 }
diff --git a/llvm/lib/CAS/ObjectStore.cpp b/llvm/lib/CAS/ObjectStore.cpp
@@ -7,6 +7,7 @@
 //===----------------------------------------------------------------------===//
 
 #include "llvm/CAS/ObjectStore.h"
+#include "llvm/ADT/DenseSet.h"
 #include "llvm/ADT/StringMap.h"
 #include "llvm/Support/Debug.h"
 #include "llvm/Support/FileSystem.h"
@@ -98,6 +99,49 @@ Expected<ObjectProxy> ObjectStore::createProxy(ArrayRef<ObjectRef> Refs,
   return getProxy(*Ref);
 }
 
+Expected<ObjectRef>
+ObjectStore::storeFromOpenFileImpl(sys::fs::file_t FD,
+                                   Optional<sys::fs::file_status> Status) {
+  // Copy the file into an immutable memory buffer and call \c store on that.
+  // Using \c mmap would be unsafe because there's a race window between when we
+  // get the digest hash for the \c mmap contents and when we store the data; if
+  // the file changes in-between we will create an invalid object.
+
+  // FIXME: For the on-disk CAS implementation use cloning to store it as a
+  // standalone file if the file-system supports it and the file is large.
+
+  constexpr size_t ChunkSize = 4 * 4096;
+  SmallString<0> Data;
+  Data.reserve(ChunkSize * 2);
+  if (Error E = sys::fs::readNativeFileToEOF(FD, Data, ChunkSize))
+    return std::move(E);
+  return store(std::nullopt, ArrayRef(Data.data(), Data.size()));
+}
+
+Error ObjectStore::validateTree(ObjectRef Root) {
+  SmallDenseSet<ObjectRef> ValidatedRefs;
+  SmallVector<ObjectRef, 16> RefsToValidate;
+  RefsToValidate.push_back(Root);
+
+  while (!RefsToValidate.empty()) {
+    ObjectRef Ref = RefsToValidate.pop_back_val();
+    auto [I, Inserted] = ValidatedRefs.insert(Ref);
+    if (!Inserted)
+      continue; // already validated.
+    if (Error E = validate(getID(Ref)))
+      return E;
+    Expected<ObjectHandle> Obj = load(Ref);
+    if (!Obj)
+      return Obj.takeError();
+    if (Error E = forEachRef(*Obj, [&RefsToValidate](ObjectRef R) -> Error {
+          RefsToValidate.push_back(R);
+          return Error::success();
+        }))
+      return E;
+  }
+  return Error::success();
+}
+
 std::unique_ptr<MemoryBuffer>
 ObjectProxy::getMemoryBuffer(StringRef Name,
                              bool RequiresNullTerminator) const {

Original file line number	Diff line number	Diff line change
`@@ -255,5 +255,12 @@ Expected<ObjectProxy> HierarchicalTreeBuilder::create(ObjectStore &CAS) {`
`255`	`255`	`T->Ref = ExpectedTree->getRef();`
`256`	`256`	`}`
`257`	`257`
`258`		`- return cantFail(CAS.getProxy(*Root.Ref));`
	`258`	`+ Expected<ObjectProxy> Obj = cantFail(CAS.getProxy(*Root.Ref));`
	`259`	`+#ifndef NDEBUG`
	`260`	`+ if (Obj) {`
	`261`	`+ if (Error E = CAS.validateTree(Obj->getRef()))`
	`262`	`+ return std::move(E);`
	`263`	`+ }`
	`264`	`+#endif`
	`265`	`+ return Obj;`
`259`	`266`	`}`