You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by sv...@apache.org on 2017/05/24 04:00:11 UTC
svn commit: r1795993 - in /subversion/branches/1.9.x: ./ STATUS
subversion/libsvn_fs_fs/cached_data.c subversion/libsvn_fs_fs/cached_data.h
subversion/libsvn_fs_fs/transaction.c subversion/libsvn_fs_x/
subversion/tests/libsvn_fs/fs-test.c
Author: svn-role
Date: Wed May 24 04:00:11 2017
New Revision: 1795993
URL: http://svn.apache.org/viewvc?rev=1795993&view=rev
Log:
Merge the 1.9.x-strict-rep-sharing branch:
* r1785737, r1785738, r1785734, r1786447, r1785754, r1786445, r1786446, r1786515, r1794530, r1794536, r1794611
Make FSFS consistency no longer depend on hash algorithms.
Justification:
This eliminates any existing or future FSFS vulnerability due to
attacks on MD5 or SHA1.
Branch:
^/subversion/branches/1.9.x-strict-rep-sharing
Notes:
Depends on r1759116 for correctness with older APR.
While the backport code is very close to the /trunk changes, it is
easier to review them as r1786580, r1786581 and r1786619 on the branch.
Will create a text conflict with the r1785053 backport. Depending on
which change gets merged first, the respective other must be updated.
Votes:
+1: stsp, stefan2, rhuijben
Modified:
subversion/branches/1.9.x/ (props changed)
subversion/branches/1.9.x/STATUS
subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.c
subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.h
subversion/branches/1.9.x/subversion/libsvn_fs_fs/transaction.c
subversion/branches/1.9.x/subversion/libsvn_fs_x/ (props changed)
subversion/branches/1.9.x/subversion/tests/libsvn_fs/fs-test.c
Propchange: subversion/branches/1.9.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 24 04:00:11 2017
@@ -15,6 +15,7 @@
/subversion/branches/1.9.x-r1758224-group:1758407-1758693
/subversion/branches/1.9.x-r1785053:1786519-1794526
/subversion/branches/1.9.x-rep-cache-db-fixes:1743185-1757778
+/subversion/branches/1.9.x-strict-rep-sharing:1786535-1795992
/subversion/branches/10Gb:1388102,1388163-1388190,1388195,1388202,1388205,1388211,1388276,1388362,1388375,1388394,1388636,1388639-1388640,1388643-1388644,1388654,1388720,1388789,1388795,1388801,1388805,1388807,1388810,1388816,1389044,1389276,1389289,1389662,1389867,1390017,1390209,1390216,1390407,1390409,1390414,1390419,1390955
/subversion/branches/atomic-revprop:965046-1000689
/subversion/branches/authzperf:1615360
@@ -104,4 +105,4 @@
/subversion/branches/verify-at-commit:1462039-1462408
/subversion/branches/verify-keep-going:1439280-1546110
/subversion/branches/wc-collate-path:1402685-1480384
-/subversion/trunk:1660545-1660547,1660549-1662901,1663003,1663183-1663184,1663253,1663286,1663338,1663347,1663355,1663374,1663450,1663500,1663530,1663671,1663697,1663706,1663738,1663749,1663791,1663991,1664035,1664078,1664080,1664084-1664085,1664187,1664191,1664193,1664200,1664344,1664476,1664480-1664481,1664483,1664489-1664490,1664507,1664520-1664521,1664523,1664526-1664527,1664531-1664532,1664588,1664593-1664594,1664596,1664653,1664664,1664672,1664674,1664684,1664927,1664938-1664940,1664978,1664984,1664997,1665164,1665195,1665213,1665259,1665318,1665437-1665438,1665609,1665611-1665612,1665845,1665850,1665852,1665873,1665886,1665894,1665896,1666096,1666258,1666270,1666272,1666379,1666449,1666690,1666832,1666851,1666965,1667101,1667106-1667107,1667120,1667228,1667233-1667235,1667249-1667250,1667258,1667290,1667301,1667471,1667691-1667693,1667699-1667700,1667715,1667941,1667976,1668320,1668598-1668600,1668602-1668603,1668607-1668608,1668618,1668625,1669743,1669746,1669749,1669945,167
0139,1670149,1670152,1670329,1670337,1670347,1670353,1671164,1671388,1672295,1672311,1672372,1672404,1672511-1672512,1672578,1672728,1673044,1673062-1673063,1673065,1673153,1673170,1673172,1673197,1673202,1673204,1673228,1673282,1673445,1673691-1673692,1673746,1673785,1673803,1674015,1674032,1674170,1674301,1674305,1674308,1674339-1674340,1674406,1674415,1674455-1674456,1674475,1674487,1674522,1674580,1674626-1674627,1674785,1674891,1675771,1675774,1676526,1676535,1676538,1676555,1676564,1676570,1676665,1676667,1676769,1677003,1677191,1677267,1677440,1678147,1678149,1678494,1678571,1678734,1678742,1678745-1678746,1678755,1678839,1678846,1678894,1678950,1678963,1679166,1679169,1679228,1679230,1679240,1679287,1679864,1679866,1679909,1680242,1680264,1680495,1680705,1680819,1681317,1682714,1682854,1683071,1683126,1683135,1683266-1683267,1683290,1683303,1683311,1683378,1683387,1684034,1684077,1684322,1684325,1684344,1684412,1684940,1685034,1685085,1686175,1686239,1686478,1686541,1686543,
1686554,1686557,1686802,1686888,1686984,1687029,1687304,1687389,1687769,1687776,1687812,1688258,1688273,1688395,1689214,1689216,1689721,1689729,1691712-1691713,1691924,1691928,1692091,1692093,1692098,1692448,1692469-1692470,1692798-1692799,1693135,1693138,1693159,1693886,1694023,1694194,1694481,1694929,1695022,1695600,1695606,1695681,1696222,1696225,1696387,1696695,1697381,1697384,1697387,1697664,1697824,1697835,1697845,1697914,1697967,1698106,1698312,1700130,1700215,1700219-1700220,1700740,1700951,1701064,1701206,1701270,1701298,1701598,1701603,1701611,1701633,1701638,1701646,1701736,1701792,1701797,1701838,1701997,1702198,1702200,1702203,1702218,1702231,1702237-1702239,1702247,1702288,1702299-1702300,1702310,1702397,1702407,1702467,1702472,1702474,1702478,1702533,1702549,1702553,1702565,1702891,1702974,1702991,1703470,1703475-1703477,1703544,1703581,1703675,1703688-1703689,1703740,1704292,1704573,1704821,1704847,1705060,1705062,1705064,1705088,1705328,1705843,1706241,1706323-17063
24,1706375,1706428,1706432,1706437,1706783,1706983,1706999,1708699,1709388-1709389,1709553,1709562,1710104,1710167,1710215,1710290,1710558,1711250,1711346,1711507,1711510,1714314,1714358,1714790,1715224,1715232,1715262,1715777,1715793,1716808,1717154,1717869,1717871,1717873-1717875,1717878,1718167,1718267,1718269,1718484,1720015,1720643,1721174-1721175,1721285,1721488,1721648,1722164,1722860-1722861,1722879,1722887,1724448,1725180,1728308,1728387,1729060,1729519,1730856,1734106,1734926,1735179,1735826,1736432,1737122,1738259,1738659,1738828,1739278,1739280,1740252,1740254,1740316,1741071-1741073,1741078,1741096,1741200,1741206,1741401,1745515,1746053,1746277,1746364,1748514,1754190,1756266,1757529,1757532,1757539,1758128-1758130,1758153,1758202,1758204,1758207,1758209,1758224,1758269,1758385,1758781,1759116-1759124,1759686,1760570,1761334,1761653,1761755,1762338-1762339,1763934,1764034,1764676,1764851,1766240,1766323,1766327,1766352,1766590,1766699,1766704,1766711,1767768,1769152,17
69456,1769973,1770677,1774109,1776742,1776783,1776788,1779948,1781507,1781655,1783704,1785053
+/subversion/trunk:1660545-1660547,1660549-1662901,1663003,1663183-1663184,1663253,1663286,1663338,1663347,1663355,1663374,1663450,1663500,1663530,1663671,1663697,1663706,1663738,1663749,1663791,1663991,1664035,1664078,1664080,1664084-1664085,1664187,1664191,1664193,1664200,1664344,1664476,1664480-1664481,1664483,1664489-1664490,1664507,1664520-1664521,1664523,1664526-1664527,1664531-1664532,1664588,1664593-1664594,1664596,1664653,1664664,1664672,1664674,1664684,1664927,1664938-1664940,1664978,1664984,1664997,1665164,1665195,1665213,1665259,1665318,1665437-1665438,1665609,1665611-1665612,1665845,1665850,1665852,1665873,1665886,1665894,1665896,1666096,1666258,1666270,1666272,1666379,1666449,1666690,1666832,1666851,1666965,1667101,1667106-1667107,1667120,1667228,1667233-1667235,1667249-1667250,1667258,1667290,1667301,1667471,1667691-1667693,1667699-1667700,1667715,1667941,1667976,1668320,1668598-1668600,1668602-1668603,1668607-1668608,1668618,1668625,1669743,1669746,1669749,1669945,167
0139,1670149,1670152,1670329,1670337,1670347,1670353,1671164,1671388,1672295,1672311,1672372,1672404,1672511-1672512,1672578,1672728,1673044,1673062-1673063,1673065,1673153,1673170,1673172,1673197,1673202,1673204,1673228,1673282,1673445,1673691-1673692,1673746,1673785,1673803,1674015,1674032,1674170,1674301,1674305,1674308,1674339-1674340,1674406,1674415,1674455-1674456,1674475,1674487,1674522,1674580,1674626-1674627,1674785,1674891,1675771,1675774,1676526,1676535,1676538,1676555,1676564,1676570,1676665,1676667,1676769,1677003,1677191,1677267,1677440,1678147,1678149,1678494,1678571,1678734,1678742,1678745-1678746,1678755,1678839,1678846,1678894,1678950,1678963,1679166,1679169,1679228,1679230,1679240,1679287,1679864,1679866,1679909,1680242,1680264,1680495,1680705,1680819,1681317,1682714,1682854,1683071,1683126,1683135,1683266-1683267,1683290,1683303,1683311,1683378,1683387,1684034,1684077,1684322,1684325,1684344,1684412,1684940,1685034,1685085,1686175,1686239,1686478,1686541,1686543,
1686554,1686557,1686802,1686888,1686984,1687029,1687304,1687389,1687769,1687776,1687812,1688258,1688273,1688395,1689214,1689216,1689721,1689729,1691712-1691713,1691924,1691928,1692091,1692093,1692098,1692448,1692469-1692470,1692798-1692799,1693135,1693138,1693159,1693886,1694023,1694194,1694481,1694929,1695022,1695600,1695606,1695681,1696222,1696225,1696387,1696695,1697381,1697384,1697387,1697664,1697824,1697835,1697845,1697914,1697967,1698106,1698312,1700130,1700215,1700219-1700220,1700740,1700951,1701064,1701206,1701270,1701298,1701598,1701603,1701611,1701633,1701638,1701646,1701736,1701792,1701797,1701838,1701997,1702198,1702200,1702203,1702218,1702231,1702237-1702239,1702247,1702288,1702299-1702300,1702310,1702397,1702407,1702467,1702472,1702474,1702478,1702533,1702549,1702553,1702565,1702891,1702974,1702991,1703470,1703475-1703477,1703544,1703581,1703675,1703688-1703689,1703740,1704292,1704573,1704821,1704847,1705060,1705062,1705064,1705088,1705328,1705843,1706241,1706323-17063
24,1706375,1706428,1706432,1706437,1706783,1706983,1706999,1708699,1709388-1709389,1709553,1709562,1710104,1710167,1710215,1710290,1710558,1711250,1711346,1711507,1711510,1714314,1714358,1714790,1715224,1715232,1715262,1715777,1715793,1716808,1717154,1717869,1717871,1717873-1717875,1717878,1718167,1718267,1718269,1718484,1720015,1720643,1721174-1721175,1721285,1721488,1721648,1722164,1722860-1722861,1722879,1722887,1724448,1725180,1728308,1728387,1729060,1729519,1730856,1734106,1734926,1735179,1735826,1736432,1737122,1738259,1738659,1738828,1739278,1739280,1740252,1740254,1740316,1741071-1741073,1741078,1741096,1741200,1741206,1741401,1745515,1746053,1746277,1746364,1748514,1754190,1756266,1757529,1757532,1757539,1758128-1758130,1758153,1758202,1758204,1758207,1758209,1758224,1758269,1758385,1758781,1759116-1759124,1759686,1760570,1761334,1761653,1761755,1762338-1762339,1763934,1764034,1764676,1764851,1766240,1766323,1766327,1766352,1766590,1766699,1766704,1766711,1767768,1769152,17
69456,1769973,1770677,1774109,1776742,1776783,1776788,1779948,1781507,1781655,1783704,1785053,1785734,1785737-1785738,1785754,1786445-1786447,1786515,1794611
Modified: subversion/branches/1.9.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.9.x/STATUS?rev=1795993&r1=1795992&r2=1795993&view=diff
==============================================================================
--- subversion/branches/1.9.x/STATUS (original)
+++ subversion/branches/1.9.x/STATUS Wed May 24 04:00:11 2017
@@ -71,19 +71,3 @@ Veto-blocked changes:
Approved changes:
=================
-
- * r1785737, r1785738, r1785734, r1786447, r1785754, r1786445, r1786446, r1786515, r1794530, r1794536, r1794611
- Make FSFS consistency no longer depend on hash algorithms.
- Justification:
- This eliminates any existing or future FSFS vulnerability due to
- attacks on MD5 or SHA1.
- Branch:
- ^/subversion/branches/1.9.x-strict-rep-sharing
- Notes:
- Depends on r1759116 for correctness with older APR.
- While the backport code is very close to the /trunk changes, it is
- easier to review them as r1786580, r1786581 and r1786619 on the branch.
- Will create a text conflict with the r1785053 backport. Depending on
- which change gets merged first, the respective other must be updated.
- Votes:
- +1: stsp, stefan2, rhuijben
Modified: subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.c?rev=1795993&r1=1795992&r2=1795993&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.c Wed May 24 04:00:11 2017
@@ -2029,8 +2029,13 @@ rep_read_contents(void *baton,
SVN_ERR(skip_contents(rb, rb->fulltext_delivered));
}
- /* Get the next block of data. */
- SVN_ERR(get_contents_from_windows(rb, buf, len));
+ /* Get the next block of data.
+ * Keep in mind that the representation might be empty and leave us
+ * already positioned at the end of the rep. */
+ if (rb->off == rb->len)
+ *len = 0;
+ else
+ SVN_ERR(get_contents_from_windows(rb, buf, len));
if (rb->current_fulltext)
svn_stringbuf_appendbytes(rb->current_fulltext, buf, *len);
@@ -2122,6 +2127,96 @@ svn_fs_fs__get_contents(svn_stream_t **c
return SVN_NO_ERROR;
}
+
+svn_error_t *
+svn_fs_fs__get_contents_from_file(svn_stream_t **contents_p,
+ svn_fs_t *fs,
+ representation_t *rep,
+ apr_file_t *file,
+ apr_off_t offset,
+ apr_pool_t *pool)
+{
+ struct rep_read_baton *rb;
+ pair_cache_key_t fulltext_cache_key = { SVN_INVALID_REVNUM, 0 };
+ rep_state_t *rs = apr_pcalloc(pool, sizeof(*rs));
+ svn_fs_fs__rep_header_t *rh;
+
+ /* Initialize the reader baton. Some members may added lazily
+ * while reading from the stream. */
+ SVN_ERR(rep_read_get_baton(&rb, fs, rep, fulltext_cache_key, pool));
+
+ /* Continue constructing RS. Leave caches as NULL. */
+ rs->size = rep->size;
+ rs->revision = SVN_INVALID_REVNUM;
+ rs->item_index = 0;
+ rs->ver = -1;
+ rs->start = -1;
+
+ /* Provide just enough file access info to allow for a basic read from
+ * FILE but leave all index / footer info with empty values b/c FILE
+ * probably is not a complete revision file. */
+ rs->sfile = apr_pcalloc(pool, sizeof(*rs->sfile));
+ rs->sfile->revision = rep->revision;
+ rs->sfile->pool = pool;
+ rs->sfile->fs = fs;
+ rs->sfile->rfile = apr_pcalloc(pool, sizeof(*rs->sfile->rfile));
+ rs->sfile->rfile->start_revision = SVN_INVALID_REVNUM;
+ rs->sfile->rfile->file = file;
+ rs->sfile->rfile->stream = svn_stream_from_aprfile2(file, TRUE, pool);
+
+ /* Read the rep header. */
+ SVN_ERR(aligned_seek(fs, file, NULL, offset, pool));
+ SVN_ERR(svn_fs_fs__read_rep_header(&rh, rs->sfile->rfile->stream,
+ pool, pool));
+ SVN_ERR(get_file_offset(&rs->start, rs, pool));
+ rs->header_size = rh->header_size;
+
+ /* Log the access. */
+ SVN_ERR(dbg_log_access(fs, SVN_INVALID_REVNUM, 0, rh,
+ SVN_FS_FS__ITEM_TYPE_ANY_REP, pool));
+
+ /* Build the representation list (delta chain). */
+ if (rh->type == svn_fs_fs__rep_plain)
+ {
+ rb->rs_list = apr_array_make(pool, 0, sizeof(rep_state_t *));
+ rb->src_state = rs;
+ }
+ else if (rh->type == svn_fs_fs__rep_self_delta)
+ {
+ rb->rs_list = apr_array_make(pool, 1, sizeof(rep_state_t *));
+ APR_ARRAY_PUSH(rb->rs_list, rep_state_t *) = rs;
+ rb->src_state = NULL;
+ }
+ else
+ {
+ representation_t next_rep = { 0 };
+
+ /* skip "SVNx" diff marker */
+ rs->current = 4;
+
+ /* REP's base rep is inside a proper revision.
+ * It can be reconstructed in the usual way. */
+ next_rep.revision = rh->base_revision;
+ next_rep.item_index = rh->base_item_index;
+ next_rep.size = rh->base_length;
+ svn_fs_fs__id_txn_reset(&next_rep.txn_id);
+
+ SVN_ERR(build_rep_list(&rb->rs_list, &rb->base_window,
+ &rb->src_state, &rb->len, rb->fs, &next_rep,
+ rb->filehandle_pool));
+
+ /* Insert the access to REP as the first element of the delta chain. */
+ svn_sort__array_insert(rb->rs_list, &rs, 0);
+ }
+
+ /* Now, the baton is complete and we can assemble the stream around it. */
+ *contents_p = svn_stream_create(rb, pool);
+ svn_stream_set_read2(*contents_p, NULL /* only full read support */,
+ rep_read_contents);
+ svn_stream_set_close(*contents_p, rep_read_contents_close);
+
+ return SVN_NO_ERROR;
+}
/* Baton for cache_access_wrapper. Wraps the original parameters of
* svn_fs_fs__try_process_file_content().
Modified: subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.h
URL: http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.h?rev=1795993&r1=1795992&r2=1795993&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.h (original)
+++ subversion/branches/1.9.x/subversion/libsvn_fs_fs/cached_data.h Wed May 24 04:00:11 2017
@@ -81,6 +81,18 @@ svn_fs_fs__get_contents(svn_stream_t **c
svn_boolean_t cache_fulltext,
apr_pool_t *pool);
+/* Set *CONTENTS_P to be a readable svn_stream_t that receives the text
+ representation REP as seen in filesystem FS. Read the latest element
+ of the delta chain from FILE at offset OFFSET.
+ Use POOL for allocations. */
+svn_error_t *
+svn_fs_fs__get_contents_from_file(svn_stream_t **contents_p,
+ svn_fs_t *fs,
+ representation_t *rep,
+ apr_file_t *file,
+ apr_off_t offset,
+ apr_pool_t *pool);
+
/* Attempt to fetch the text representation of node-revision NODEREV as
seen in filesystem FS and pass it along with the BATON to the PROCESSOR.
Set *SUCCESS only of the data could be provided and the processing
Modified: subversion/branches/1.9.x/subversion/libsvn_fs_fs/transaction.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_fs_fs/transaction.c?rev=1795993&r1=1795992&r2=1795993&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_fs_fs/transaction.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_fs_fs/transaction.c Wed May 24 04:00:11 2017
@@ -2128,6 +2128,11 @@ rep_write_get_baton(struct rep_write_bat
there may be new duplicate representations within the same uncommitted
revision, those can be passed in REPS_HASH (maps a sha1 digest onto
representation_t*), otherwise pass in NULL for REPS_HASH.
+
+ The content of both representations will be compared, taking REP's content
+ from FILE at OFFSET. Only if they actually match, will *OLD_REP not be
+ NULL.
+
Use RESULT_POOL for *OLD_REP allocations and SCRATCH_POOL for temporaries.
The lifetime of *OLD_REP is limited by both, RESULT_POOL and REP lifetime.
*/
@@ -2135,6 +2140,8 @@ static svn_error_t *
get_shared_rep(representation_t **old_rep,
svn_fs_t *fs,
representation_t *rep,
+ apr_file_t *file,
+ apr_off_t offset,
apr_hash_t *reps_hash,
apr_pool_t *result_pool,
apr_pool_t *scratch_pool)
@@ -2142,6 +2149,10 @@ get_shared_rep(representation_t **old_re
svn_error_t *err;
fs_fs_data_t *ffd = fs->fsap_data;
+ svn_checksum_t checksum;
+ checksum.digest = rep->sha1_digest;
+ checksum.kind = svn_checksum_sha1;
+
/* Return NULL, if rep sharing has been disabled. */
*old_rep = NULL;
if (!ffd->rep_sharing_allowed)
@@ -2158,9 +2169,6 @@ get_shared_rep(representation_t **old_re
/* If we haven't found anything yet, try harder and consult our DB. */
if (*old_rep == NULL)
{
- svn_checksum_t checksum;
- checksum.digest = rep->sha1_digest;
- checksum.kind = svn_checksum_sha1;
err = svn_fs_fs__get_rep_reference(old_rep, fs, &checksum, result_pool);
/* ### Other error codes that we shouldn't mask out? */
if (err == SVN_NO_ERROR)
@@ -2235,6 +2243,72 @@ get_shared_rep(representation_t **old_re
(*old_rep)->uniquifier = rep->uniquifier;
}
+ /* If we (very likely) found a matching representation, compare the actual
+ * contents such that we can be sure that no rep-cache.db corruption or
+ * hash collision produced a false positive. */
+ if (*old_rep)
+ {
+ apr_off_t old_position;
+ svn_stream_t *contents;
+ svn_stream_t *old_contents;
+ svn_boolean_t same;
+
+ /* The existing representation may itself be part of the current
+ * transaction. In that case, it may be in different stages of
+ * the commit finalization process.
+ *
+ * OLD_REP_NORM is the same as that OLD_REP but it is assigned
+ * explicitly to REP's transaction if OLD_REP does not point
+ * to an already committed revision. This then prevents the
+ * revision lookup and the txn data will be accessed.
+ */
+ representation_t old_rep_norm = **old_rep;
+ if ( !SVN_IS_VALID_REVNUM(old_rep_norm.revision)
+ || old_rep_norm.revision > ffd->youngest_rev_cache)
+ old_rep_norm.txn_id = rep->txn_id;
+
+ /* Make sure we can later restore FILE's current position. */
+ SVN_ERR(svn_fs_fs__get_file_offset(&old_position, file, scratch_pool));
+
+ /* Compare the two representations.
+ * Note that the stream comparison might also produce MD5 checksum
+ * errors or other failures in case of SHA1 collisions. */
+ SVN_ERR(svn_fs_fs__get_contents_from_file(&contents, fs, rep, file,
+ offset, scratch_pool));
+ SVN_ERR(svn_fs_fs__get_contents(&old_contents, fs, &old_rep_norm,
+ FALSE, scratch_pool));
+ err = svn_stream_contents_same2(&same, contents, old_contents,
+ scratch_pool);
+
+ /* A mismatch should be extremely rare.
+ * If it does happen, reject the commit. */
+ if (!same || err)
+ {
+ /* SHA1 collision or worse. */
+ svn_stringbuf_t *old_rep_str
+ = svn_fs_fs__unparse_representation(*old_rep,
+ ffd->format, FALSE,
+ scratch_pool,
+ scratch_pool);
+ svn_stringbuf_t *rep_str
+ = svn_fs_fs__unparse_representation(rep,
+ ffd->format, FALSE,
+ scratch_pool,
+ scratch_pool);
+ const char *checksum__str
+ = svn_checksum_to_cstring_display(&checksum, scratch_pool);
+
+ return svn_error_createf(SVN_ERR_FS_GENERAL,
+ err, "SHA1 of reps '%s' and '%s' "
+ "matches (%s) but contents differ",
+ old_rep_str->data, rep_str->data,
+ checksum__str);
+ }
+
+ /* Restore FILE's read / write position. */
+ SVN_ERR(svn_io_file_seek(file, APR_SET, &old_position, scratch_pool));
+ }
+
return SVN_NO_ERROR;
}
@@ -2293,8 +2367,8 @@ rep_write_contents_close(void *baton)
/* Check and see if we already have a representation somewhere that's
identical to the one we just wrote out. */
- SVN_ERR(get_shared_rep(&old_rep, b->fs, rep, NULL, b->result_pool,
- b->scratch_pool));
+ SVN_ERR(get_shared_rep(&old_rep, b->fs, rep, b->file, b->rep_offset, NULL,
+ b->result_pool, b->scratch_pool));
if (old_rep)
{
@@ -2543,7 +2617,6 @@ write_container_rep(representation_t *re
svn_stream_t *stream;
struct write_container_baton *whb;
svn_checksum_ctx_t *fnv1a_checksum_ctx;
- representation_t *old_rep = NULL;
apr_off_t offset = 0;
SVN_ERR(svn_fs_fs__get_file_offset(&offset, file, scratch_pool));
@@ -2568,19 +2641,26 @@ write_container_rep(representation_t *re
/* Store the results. */
SVN_ERR(digests_final(rep, whb->md5_ctx, whb->sha1_ctx, scratch_pool));
+ /* Update size info. */
+ rep->expanded_size = whb->size;
+ rep->size = whb->size;
+
/* Check and see if we already have a representation somewhere that's
identical to the one we just wrote out. */
if (allow_rep_sharing)
- SVN_ERR(get_shared_rep(&old_rep, fs, rep, reps_hash, scratch_pool,
- scratch_pool));
-
- if (old_rep)
{
- /* We need to erase from the protorev the data we just wrote. */
- SVN_ERR(svn_io_file_trunc(file, offset, scratch_pool));
+ representation_t *old_rep;
+ SVN_ERR(get_shared_rep(&old_rep, fs, rep, file, offset, reps_hash,
+ scratch_pool, scratch_pool));
- /* Use the old rep for this content. */
- memcpy(rep, old_rep, sizeof (*rep));
+ if (old_rep)
+ {
+ /* We need to erase from the protorev the data we just wrote. */
+ SVN_ERR(svn_io_file_trunc(file, offset, scratch_pool));
+
+ /* Use the old rep for this content. */
+ memcpy(rep, old_rep, sizeof (*rep));
+ }
}
else
{
@@ -2603,10 +2683,6 @@ write_container_rep(representation_t *re
scratch_pool));
SVN_ERR(store_p2l_index_entry(fs, &rep->txn_id, &entry, scratch_pool));
-
- /* update the representation */
- rep->size = whb->size;
- rep->expanded_size = whb->size;
}
return SVN_NO_ERROR;
@@ -2646,7 +2722,6 @@ write_container_delta_rep(representation
svn_stream_t *file_stream;
svn_stream_t *stream;
representation_t *base_rep;
- representation_t *old_rep = NULL;
svn_checksum_ctx_t *fnv1a_checksum_ctx;
svn_stream_t *source;
svn_fs_fs__rep_header_t header = { 0 };
@@ -2712,26 +2787,33 @@ write_container_delta_rep(representation
/* Store the results. */
SVN_ERR(digests_final(rep, whb->md5_ctx, whb->sha1_ctx, scratch_pool));
+ /* Update size info. */
+ SVN_ERR(svn_fs_fs__get_file_offset(&rep_end, file, scratch_pool));
+ rep->size = rep_end - delta_start;
+ rep->expanded_size = whb->size;
+
/* Check and see if we already have a representation somewhere that's
identical to the one we just wrote out. */
if (allow_rep_sharing)
- SVN_ERR(get_shared_rep(&old_rep, fs, rep, reps_hash, scratch_pool,
- scratch_pool));
-
- if (old_rep)
{
- /* We need to erase from the protorev the data we just wrote. */
- SVN_ERR(svn_io_file_trunc(file, offset, scratch_pool));
+ representation_t *old_rep;
+ SVN_ERR(get_shared_rep(&old_rep, fs, rep, file, offset, reps_hash,
+ scratch_pool, scratch_pool));
- /* Use the old rep for this content. */
- memcpy(rep, old_rep, sizeof (*rep));
+ if (old_rep)
+ {
+ /* We need to erase from the protorev the data we just wrote. */
+ SVN_ERR(svn_io_file_trunc(file, offset, scratch_pool));
+
+ /* Use the old rep for this content. */
+ memcpy(rep, old_rep, sizeof (*rep));
+ }
}
else
{
svn_fs_fs__p2l_entry_t entry;
/* Write out our cosmetic end marker. */
- SVN_ERR(svn_fs_fs__get_file_offset(&rep_end, file, scratch_pool));
SVN_ERR(svn_stream_puts(file_stream, "ENDREP\n"));
SVN_ERR(allocate_item_index(&rep->item_index, fs, &rep->txn_id,
@@ -2748,10 +2830,6 @@ write_container_delta_rep(representation
scratch_pool));
SVN_ERR(store_p2l_index_entry(fs, &rep->txn_id, &entry, scratch_pool));
-
- /* update the representation */
- rep->expanded_size = whb->size;
- rep->size = rep_end - delta_start;
}
return SVN_NO_ERROR;
Propchange: subversion/branches/1.9.x/subversion/libsvn_fs_x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 24 04:00:11 2017
@@ -1,5 +1,6 @@
/subversion/branches/1.5.x-r30215/subversion/libsvn_fs_x:870312
/subversion/branches/1.7.x-fs-verify/subversion/libsvn_fs_x:1146708,1161180
+/subversion/branches/1.9.x-strict-rep-sharing/subversion/libsvn_fs_x:1786535-1795992
/subversion/branches/10Gb/subversion/libsvn_fs_x:1388102,1388163-1388190,1388195,1388202,1388205,1388211,1388276,1388362,1388375,1388394,1388636,1388639-1388640,1388643-1388644,1388654,1388720,1388789,1388795,1388801,1388805,1388807,1388810,1388816,1389044,1389276,1389289,1389662,1389867,1390017,1390209,1390216,1390407,1390409,1390414,1390419,1390955
/subversion/branches/atomic-revprop/subversion/libsvn_fs_x:965046-1000689
/subversion/branches/auto-props-sdc/subversion/libsvn_fs_x:1384106-1401643
@@ -90,4 +91,4 @@
/subversion/branches/verify-keep-going/subversion/libsvn_fs_x:1439280-1492639,1546002-1546110
/subversion/branches/wc-collate-path/subversion/libsvn_fs_x:1402685-1480384
/subversion/trunk/subversion/libsvn_fs_fs:1415133-1596500,1596567,1597414,1597989,1598273,1599140,1600872,1601633,1603485-1603487,1603499,1603605,1604128,1604188,1604413-1604414,1604416-1604417,1604421,1604442,1604700,1604717,1604720,1604726,1604755,1604794,1604802,1604824,1604836,1604844,1604902-1604903,1604911,1604925,1604933,1604947,1605059-1605060,1605064-1605065,1605068,1605071-1605073,1605075,1605123,1605188-1605189,1605191,1605197,1605444,1605633,1606132,1606142,1606144,1606514,1606526,1606528,1606551,1606554,1606564,1606598-1606599,1606656,1606658,1606662,1606744,1606840,1607085,1607572,1612407,1612810,1613339,1613872,1614611,1615348,1615351-1615352,1615356,1616338-1616339,1616613,1617586,1617688,1618138,1618151,1618153,1618226,1618641,1618653,1618662,1619068,1619358,1619413,1619769,1619774,1620602,1620909,1620912,1620928,1620930,1621275,1621635,1622931,1622937,1622942,1622946,1622959-1622960,1622963,1622987,1623007,1623368,1623373,1623377,1623379,1623381,1623398,1623402,162
4011,1624265,1624512,1626246,1626871,1626873,1626886,1627497-1627498,1627502,1627947-1627949,1627966,1628083,1628093,1628158-1628159,1628161,1628392-1628393,1628415,1628427,1628676,1628738,1628762,1628764,1629854-1629855,1629857,1629865,1629873,1629875,1629879,1630067,1630070,1631049-1631051,1631075,1631115,1631171,1631180,1631185-1631186,1631196-1631197,1631239-1631240,1631548,1631550,1631563,1631567,1631588,1631598,1632646,1632776,1632849,1632851-1632853,1632856-1632857,1632868,1632908,1632926,1633232,1633617-1633618,1634872,1634875,1634879-1634880,1634920,1636478,1636483,1636629,1636644,1637184,1637186,1637330,1637358,1637363,1637393,1639319,1639322,1639335,1639348,1639352,1639355,1639358,1639414,1639419,1639426,1639430,1639436,1639440,1639549,1640061-1640062,1640197,1640915,1640966,1641013,1643139,1643233,1645567,1646021,1646712,1646716,1647537,1647540-1647541,1647820,1647905,1648230,1648238,1648241-1648243,1648253,1648272,1648532,1648537-1648539,1648542,1648591,1648612,1653608,
1658482
-/subversion/trunk/subversion/libsvn_fs_x:1414756-1509914,1665318,1665894,1667101,1669746,1669749,1670139,1670149,1670152,1670347,1673170,1673172,1673692,1673746,1679287,1682714,1682854,1683126,1683135,1683290,1683311,1696695
+/subversion/trunk/subversion/libsvn_fs_x:1414756-1509914,1665318,1665894,1667101,1669746,1669749,1670139,1670149,1670152,1670347,1673170,1673172,1673692,1673746,1679287,1682714,1682854,1683126,1683135,1683290,1683311,1696695,1794611
Modified: subversion/branches/1.9.x/subversion/tests/libsvn_fs/fs-test.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/tests/libsvn_fs/fs-test.c?rev=1795993&r1=1795992&r2=1795993&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/tests/libsvn_fs/fs-test.c (original)
+++ subversion/branches/1.9.x/subversion/tests/libsvn_fs/fs-test.c Wed May 24 04:00:11 2017
@@ -7106,6 +7106,67 @@ commit_with_locked_rep_cache(const svn_t
return SVN_NO_ERROR;
}
+static svn_error_t *
+test_rep_sharing_strict_content_check(const svn_test_opts_t *opts,
+ apr_pool_t *pool)
+{
+ svn_fs_t *fs;
+ svn_fs_txn_t *txn;
+ svn_fs_root_t *txn_root;
+ svn_revnum_t new_rev;
+ const char *fs_path, *fs_path2;
+ apr_pool_t *subpool = svn_pool_create(pool);
+ svn_error_t *err;
+
+ /* Bail (with success) on known-untestable scenarios */
+ if (strcmp(opts->fs_type, SVN_FS_TYPE_BDB) == 0)
+ return svn_error_create(SVN_ERR_TEST_SKIPPED, NULL,
+ "BDB repositories don't support rep-sharing");
+
+ /* Create 2 repos with same structure & size but different contents */
+ fs_path = "test-rep-sharing-strict-content-check1";
+ fs_path2 = "test-rep-sharing-strict-content-check2";
+
+ SVN_ERR(svn_test__create_fs(&fs, fs_path, opts, subpool));
+
+ SVN_ERR(svn_fs_begin_txn2(&txn, fs, 0, 0, subpool));
+ SVN_ERR(svn_fs_txn_root(&txn_root, txn, subpool));
+ SVN_ERR(svn_fs_make_file(txn_root, "/foo", subpool));
+ SVN_ERR(svn_test__set_file_contents(txn_root, "foo", "quite bad", subpool));
+ SVN_ERR(test_commit_txn(&new_rev, txn, NULL, subpool));
+ SVN_TEST_INT_ASSERT(new_rev, 1);
+
+ SVN_ERR(svn_test__create_fs(&fs, fs_path2, opts, subpool));
+
+ SVN_ERR(svn_fs_begin_txn2(&txn, fs, 0, 0, subpool));
+ SVN_ERR(svn_fs_txn_root(&txn_root, txn, subpool));
+ SVN_ERR(svn_fs_make_file(txn_root, "foo", subpool));
+ SVN_ERR(svn_test__set_file_contents(txn_root, "foo", "very good", subpool));
+ SVN_ERR(test_commit_txn(&new_rev, txn, NULL, subpool));
+ SVN_TEST_INT_ASSERT(new_rev, 1);
+
+ /* Close both repositories. */
+ svn_pool_clear(subpool);
+
+ /* Doctor the first repo such that it uses the wrong rep-cache. */
+ SVN_ERR(svn_io_copy_file(svn_relpath_join(fs_path2, "rep-cache.db", pool),
+ svn_relpath_join(fs_path, "rep-cache.db", pool),
+ FALSE, pool));
+
+ /* Changing the file contents such that rep-sharing would kick in if
+ the file contents was not properly compared. */
+ SVN_ERR(svn_fs_open2(&fs, fs_path, NULL, subpool, subpool));
+
+ SVN_ERR(svn_fs_begin_txn2(&txn, fs, 1, 0, subpool));
+ SVN_ERR(svn_fs_txn_root(&txn_root, txn, subpool));
+ err = svn_test__set_file_contents(txn_root, "foo", "very good", subpool);
+ SVN_TEST_ASSERT_ERROR(err, SVN_ERR_FS_GENERAL);
+
+ svn_pool_destroy(subpool);
+
+ return SVN_NO_ERROR;
+}
+
/* ------------------------------------------------------------------------ */
�
/* The test table. */
@@ -7245,6 +7306,9 @@ static struct svn_test_descriptor_t test
"freeze and commit"),
SVN_TEST_OPTS_PASS(commit_with_locked_rep_cache,
"test commit with locked rep-cache"),
+ SVN_TEST_OPTS_XFAIL_OTOH(test_rep_sharing_strict_content_check,
+ "test rep-sharing on content rather than SHA1",
+ SVN_TEST_PASS_IF_FS_TYPE_IS(SVN_FS_TYPE_FSFS)),
SVN_TEST_NULL
};