Update to MediaWiki 1.19.0

5 files changed, 1237 insertions, 0 deletions

diff --git a/includes/filerepo/backend/lockmanager/DBLockManager.php b/includes/filerepo/backend/lockmanager/DBLockManager.php
new file mode 100644
index 00000000..045056ea
--- /dev/null
+++ b/includes/filerepo/backend/lockmanager/DBLockManager.php
@@ -0,0 +1,469 @@
+<?php
+
+/**
+ * Version of LockManager based on using DB table locks.
+ * This is meant for multi-wiki systems that may share files.
+ * All locks are blocking, so it might be useful to set a small
+ * lock-wait timeout via server config to curtail deadlocks.
+ *
+ * All lock requests for a resource, identified by a hash string, will map
+ * to one bucket. Each bucket maps to one or several peer DBs, each on their
+ * own server, all having the filelocks.sql tables (with row-level locking).
+ * A majority of peer DBs must agree for a lock to be acquired.
+ *
+ * Caching is used to avoid hitting servers that are down.
+ *
+ * @ingroup LockManager
+ * @since 1.19
+ */
+class DBLockManager extends LockManager {
+	/** @var Array Map of DB names to server config */
+	protected $dbServers; // (DB name => server config array)
+	/** @var Array Map of bucket indexes to peer DB lists */
+	protected $dbsByBucket; // (bucket index => (ldb1, ldb2, ...))
+	/** @var BagOStuff */
+	protected $statusCache;
+
+	protected $lockExpiry; // integer number of seconds
+	protected $safeDelay; // integer number of seconds
+
+	protected $session = 0; // random integer
+	/** @var Array Map Database connections (DB name => Database) */
+	protected $conns = array();
+
+	/**
+	 * Construct a new instance from configuration.
+	 * 
+	 * $config paramaters include:
+	 *     'dbServers'   : Associative array of DB names to server configuration.
+	 *                     Configuration is an associative array that includes:
+	 *                     'host'        - DB server name
+	 *                     'dbname'      - DB name
+	 *                     'type'        - DB type (mysql,postgres,...)
+	 *                     'user'        - DB user
+	 *                     'password'    - DB user password
+	 *                     'tablePrefix' - DB table prefix
+	 *                     'flags'       - DB flags (see DatabaseBase)
+	 *     'dbsByBucket' : Array of 1-16 consecutive integer keys, starting from 0,
+	 *                     each having an odd-numbered list of DB names (peers) as values.
+	 *                     Any DB named 'localDBMaster' will automatically use the DB master
+	 *                     settings for this wiki (without the need for a dbServers entry).
+	 *     'lockExpiry'  : Lock timeout (seconds) for dropped connections. [optional]
+	 *                     This tells the DB server how long to wait before assuming
+	 *                     connection failure and releasing all the locks for a session.
+	 *
+	 * @param Array $config 
+	 */
+	public function __construct( array $config ) {
+		$this->dbServers = isset( $config['dbServers'] )
+			? $config['dbServers']
+			: array(); // likely just using 'localDBMaster'
+		// Sanitize dbsByBucket config to prevent PHP errors
+		$this->dbsByBucket = array_filter( $config['dbsByBucket'], 'is_array' );
+		$this->dbsByBucket = array_values( $this->dbsByBucket ); // consecutive
+
+		if ( isset( $config['lockExpiry'] ) ) {
+			$this->lockExpiry = $config['lockExpiry'];
+		} else {
+			$met = ini_get( 'max_execution_time' );
+			$this->lockExpiry = $met ? $met : 60; // use some sane amount if 0
+		}
+		$this->safeDelay = ( $this->lockExpiry <= 0 )
+			? 60 // pick a safe-ish number to match DB timeout default
+			: $this->lockExpiry; // cover worst case
+
+		foreach ( $this->dbsByBucket as $bucket ) {
+			if ( count( $bucket ) > 1 ) {
+				// Tracks peers that couldn't be queried recently to avoid lengthy
+				// connection timeouts. This is useless if each bucket has one peer.
+				$this->statusCache = wfGetMainCache();
+				break;
+			}
+		}
+
+		$this->session = '';
+		for ( $i = 0; $i < 5; $i++ ) {
+			$this->session .= mt_rand( 0, 2147483647 );
+		}
+		$this->session = wfBaseConvert( sha1( $this->session ), 16, 36, 31 );
+	}
+
+	/**
+	 * @see LockManager::doLock()
+	 */
+	protected function doLock( array $paths, $type ) {
+		$status = Status::newGood();
+
+		$pathsToLock = array();
+		// Get locks that need to be acquired (buckets => locks)...
+		foreach ( $paths as $path ) {
+			if ( isset( $this->locksHeld[$path][$type] ) ) {
+				++$this->locksHeld[$path][$type];
+			} elseif ( isset( $this->locksHeld[$path][self::LOCK_EX] ) ) {
+				$this->locksHeld[$path][$type] = 1;
+			} else {
+				$bucket = $this->getBucketFromKey( $path );
+				$pathsToLock[$bucket][] = $path;
+			}
+		}
+
+		$lockedPaths = array(); // files locked in this attempt
+		// Attempt to acquire these locks...
+		foreach ( $pathsToLock as $bucket => $paths ) {
+			// Try to acquire the locks for this bucket
+			$res = $this->doLockingQueryAll( $bucket, $paths, $type );
+			if ( $res === 'cantacquire' ) {
+				// Resources already locked by another process.
+				// Abort and unlock everything we just locked.
+				foreach ( $paths as $path ) {
+					$status->fatal( 'lockmanager-fail-acquirelock', $path );
+				}
+				$status->merge( $this->doUnlock( $lockedPaths, $type ) );
+				return $status;
+			} elseif ( $res !== true ) {
+				// Couldn't contact any DBs for this bucket.
+				// Abort and unlock everything we just locked.
+				$status->fatal( 'lockmanager-fail-db-bucket', $bucket );
+				$status->merge( $this->doUnlock( $lockedPaths, $type ) );
+				return $status;
+			}
+			// Record these locks as active
+			foreach ( $paths as $path ) {
+				$this->locksHeld[$path][$type] = 1; // locked
+			}
+			// Keep track of what locks were made in this attempt
+			$lockedPaths = array_merge( $lockedPaths, $paths );
+		}
+
+		return $status;
+	}
+
+	/**
+	 * @see LockManager::doUnlock()
+	 */
+	protected function doUnlock( array $paths, $type ) {
+		$status = Status::newGood();
+
+		foreach ( $paths as $path ) {
+			if ( !isset( $this->locksHeld[$path] ) ) {
+				$status->warning( 'lockmanager-notlocked', $path );
+			} elseif ( !isset( $this->locksHeld[$path][$type] ) ) {
+				$status->warning( 'lockmanager-notlocked', $path );
+			} else {
+				--$this->locksHeld[$path][$type];
+				if ( $this->locksHeld[$path][$type] <= 0 ) {
+					unset( $this->locksHeld[$path][$type] );
+				}
+				if ( !count( $this->locksHeld[$path] ) ) {
+					unset( $this->locksHeld[$path] ); // no SH or EX locks left for key
+				}
+			}
+		}
+
+		// Reference count the locks held and COMMIT when zero
+		if ( !count( $this->locksHeld ) ) {
+			$status->merge( $this->finishLockTransactions() );
+		}
+
+		return $status;
+	}
+
+	/**
+	 * Get a connection to a lock DB and acquire locks on $paths.
+	 * This does not use GET_LOCK() per http://bugs.mysql.com/bug.php?id=1118.
+	 *
+	 * @param $lockDb string
+	 * @param $paths Array
+	 * @param $type integer LockManager::LOCK_EX or LockManager::LOCK_SH
+	 * @return bool Resources able to be locked
+	 * @throws DBError
+	 */
+	protected function doLockingQuery( $lockDb, array $paths, $type ) {
+		if ( $type == self::LOCK_EX ) { // writer locks
+			$db = $this->getConnection( $lockDb );
+			if ( !$db ) {
+				return false; // bad config
+			}
+			$keys = array_unique( array_map( 'LockManager::sha1Base36', $paths ) );
+			# Build up values for INSERT clause
+			$data = array();
+			foreach ( $keys as $key ) {
+				$data[] = array( 'fle_key' => $key );
+			}
+			# Wait on any existing writers and block new ones if we get in
+			$db->insert( 'filelocks_exclusive', $data, __METHOD__ );
+		}
+		return true;
+	}
+
+	/**
+	 * Attempt to acquire locks with the peers for a bucket.
+	 * This should avoid throwing any exceptions.
+	 *
+	 * @param $bucket integer
+	 * @param $paths Array List of resource keys to lock
+	 * @param $type integer LockManager::LOCK_EX or LockManager::LOCK_SH
+	 * @return bool|string One of (true, 'cantacquire', 'dberrors')
+	 */
+	protected function doLockingQueryAll( $bucket, array $paths, $type ) {
+		$yesVotes = 0; // locks made on trustable DBs
+		$votesLeft = count( $this->dbsByBucket[$bucket] ); // remaining DBs
+		$quorum = floor( $votesLeft/2 + 1 ); // simple majority
+		// Get votes for each DB, in order, until we have enough...
+		foreach ( $this->dbsByBucket[$bucket] as $lockDb ) {
+			// Check that DB is not *known* to be down
+			if ( $this->cacheCheckFailures( $lockDb ) ) {
+				try {
+					// Attempt to acquire the lock on this DB
+					if ( !$this->doLockingQuery( $lockDb, $paths, $type ) ) {
+						return 'cantacquire'; // vetoed; resource locked
+					}
+					++$yesVotes; // success for this peer
+					if ( $yesVotes >= $quorum ) {
+						return true; // lock obtained
+					}
+				} catch ( DBConnectionError $e ) {
+					$this->cacheRecordFailure( $lockDb );
+				} catch ( DBError $e ) {
+					if ( $this->lastErrorIndicatesLocked( $lockDb ) ) {
+						return 'cantacquire'; // vetoed; resource locked
+					}
+				}
+			}
+			--$votesLeft;
+			$votesNeeded = $quorum - $yesVotes;
+			if ( $votesNeeded > $votesLeft ) {
+				// In "trust cache" mode we don't have to meet the quorum
+				break; // short-circuit
+			}
+		}
+		// At this point, we must not have meet the quorum
+		return 'dberrors'; // not enough votes to ensure correctness
+	}
+
+	/**
+	 * Get (or reuse) a connection to a lock DB
+	 *
+	 * @param $lockDb string
+	 * @return Database
+	 * @throws DBError
+	 */
+	protected function getConnection( $lockDb ) {
+		if ( !isset( $this->conns[$lockDb] ) ) {
+			$db = null;
+			if ( $lockDb === 'localDBMaster' ) {
+				$lb = wfGetLBFactory()->newMainLB();
+				$db = $lb->getConnection( DB_MASTER );
+			} elseif ( isset( $this->dbServers[$lockDb] ) ) {
+				$config = $this->dbServers[$lockDb];
+				$db = DatabaseBase::factory( $config['type'], $config );
+			}
+			if ( !$db ) {
+				return null; // config error?
+			}
+			$this->conns[$lockDb] = $db;
+			$this->conns[$lockDb]->clearFlag( DBO_TRX );
+			# If the connection drops, try to avoid letting the DB rollback
+			# and release the locks before the file operations are finished.
+			# This won't handle the case of DB server restarts however.
+			$options = array();
+			if ( $this->lockExpiry > 0 ) {
+				$options['connTimeout'] = $this->lockExpiry;
+			}
+			$this->conns[$lockDb]->setSessionOptions( $options );
+			$this->initConnection( $lockDb, $this->conns[$lockDb] );
+		}
+		if ( !$this->conns[$lockDb]->trxLevel() ) {
+			$this->conns[$lockDb]->begin(); // start transaction
+		}
+		return $this->conns[$lockDb];
+	}
+
+	/**
+	 * Do additional initialization for new lock DB connection
+	 *
+	 * @param $lockDb string
+	 * @param $db DatabaseBase
+	 * @return void
+	 * @throws DBError
+	 */
+	protected function initConnection( $lockDb, DatabaseBase $db ) {}
+
+	/**
+	 * Commit all changes to lock-active databases.
+	 * This should avoid throwing any exceptions.
+	 *
+	 * @return Status
+	 */
+	protected function finishLockTransactions() {
+		$status = Status::newGood();
+		foreach ( $this->conns as $lockDb => $db ) {
+			if ( $db->trxLevel() ) { // in transaction
+				try {
+					$db->rollback(); // finish transaction and kill any rows
+				} catch ( DBError $e ) {
+					$status->fatal( 'lockmanager-fail-db-release', $lockDb );
+				}
+			}
+		}
+		return $status;
+	}
+
+	/**
+	 * Check if the last DB error for $lockDb indicates
+	 * that a requested resource was locked by another process.
+	 * This should avoid throwing any exceptions.
+	 * 
+	 * @param $lockDb string
+	 * @return bool
+	 */
+	protected function lastErrorIndicatesLocked( $lockDb ) {
+		if ( isset( $this->conns[$lockDb] ) ) { // sanity
+			$db = $this->conns[$lockDb];
+			return ( $db->wasDeadlock() || $db->wasLockTimeout() );
+		}
+		return false;
+	}
+
+	/**
+	 * Checks if the DB has not recently had connection/query errors.
+	 * This just avoids wasting time on doomed connection attempts.
+	 * 
+	 * @param $lockDb string
+	 * @return bool
+	 */
+	protected function cacheCheckFailures( $lockDb ) {
+		if ( $this->statusCache && $this->safeDelay > 0 ) {
+			$path = $this->getMissKey( $lockDb );
+			$misses = $this->statusCache->get( $path );
+			return !$misses;
+		}
+		return true;
+	}
+
+	/**
+	 * Log a lock request failure to the cache
+	 *
+	 * @param $lockDb string
+	 * @return bool Success
+	 */
+	protected function cacheRecordFailure( $lockDb ) {
+		if ( $this->statusCache && $this->safeDelay > 0 ) {
+			$path = $this->getMissKey( $lockDb );
+			$misses = $this->statusCache->get( $path );
+			if ( $misses ) {
+				return $this->statusCache->incr( $path );
+			} else {
+				return $this->statusCache->add( $path, 1, $this->safeDelay );
+			}
+		}
+		return true;
+	}
+
+	/**
+	 * Get a cache key for recent query misses for a DB
+	 *
+	 * @param $lockDb string
+	 * @return string
+	 */
+	protected function getMissKey( $lockDb ) {
+		return 'lockmanager:querymisses:' . str_replace( ' ', '_', $lockDb );
+	}
+
+	/**
+	 * Get the bucket for resource path.
+	 * This should avoid throwing any exceptions.
+	 *
+	 * @param $path string
+	 * @return integer
+	 */
+	protected function getBucketFromKey( $path ) {
+		$prefix = substr( sha1( $path ), 0, 2 ); // first 2 hex chars (8 bits)
+		return intval( base_convert( $prefix, 16, 10 ) ) % count( $this->dbsByBucket );
+	}
+
+	/**
+	 * Make sure remaining locks get cleared for sanity
+	 */
+	function __destruct() {
+		foreach ( $this->conns as $lockDb => $db ) {
+			if ( $db->trxLevel() ) { // in transaction
+				try {
+					$db->rollback(); // finish transaction and kill any rows
+				} catch ( DBError $e ) {
+					// oh well
+				}
+			}
+			$db->close();
+		}
+	}
+}
+
+/**
+ * MySQL version of DBLockManager that supports shared locks.
+ * All locks are non-blocking, which avoids deadlocks.
+ *
+ * @ingroup LockManager
+ */
+class MySqlLockManager extends DBLockManager {
+	/** @var Array Mapping of lock types to the type actually used */
+	protected $lockTypeMap = array(
+		self::LOCK_SH => self::LOCK_SH,
+		self::LOCK_UW => self::LOCK_SH,
+		self::LOCK_EX => self::LOCK_EX
+	);
+
+	protected function initConnection( $lockDb, DatabaseBase $db ) {
+		# Let this transaction see lock rows from other transactions
+		$db->query( "SET SESSION TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;" );
+	}
+
+	protected function doLockingQuery( $lockDb, array $paths, $type ) {
+		$db = $this->getConnection( $lockDb );
+		if ( !$db ) {
+			return false;
+		}
+		$keys = array_unique( array_map( 'LockManager::sha1Base36', $paths ) );
+		# Build up values for INSERT clause
+		$data = array();
+		foreach ( $keys as $key ) {
+			$data[] = array( 'fls_key' => $key, 'fls_session' => $this->session );
+		}
+		# Block new writers...
+		$db->insert( 'filelocks_shared', $data, __METHOD__, array( 'IGNORE' ) );
+		# Actually do the locking queries...
+		if ( $type == self::LOCK_SH ) { // reader locks
+			# Bail if there are any existing writers...
+			$blocked = $db->selectField( 'filelocks_exclusive', '1',
+				array( 'fle_key' => $keys ),
+				__METHOD__
+			);
+			# Prospective writers that haven't yet updated filelocks_exclusive
+			# will recheck filelocks_shared after doing so and bail due to our entry.
+		} else { // writer locks
+			$encSession = $db->addQuotes( $this->session );
+			# Bail if there are any existing writers...
+			# The may detect readers, but the safe check for them is below.
+			# Note: if two writers come at the same time, both bail :)
+			$blocked = $db->selectField( 'filelocks_shared', '1',
+				array( 'fls_key' => $keys, "fls_session != $encSession" ),
+				__METHOD__
+			);
+			if ( !$blocked ) {
+				# Build up values for INSERT clause
+				$data = array();
+				foreach ( $keys as $key ) {
+					$data[] = array( 'fle_key' => $key );
+				}
+				# Block new readers/writers...
+				$db->insert( 'filelocks_exclusive', $data, __METHOD__ );
+				# Bail if there are any existing readers...
+				$blocked = $db->selectField( 'filelocks_shared', '1',
+					array( 'fls_key' => $keys, "fls_session != $encSession" ),
+					__METHOD__
+				);
+			}
+		}
+		return !$blocked;
+	}
+}
diff --git a/includes/filerepo/backend/lockmanager/FSLockManager.php b/includes/filerepo/backend/lockmanager/FSLockManager.php
new file mode 100644
index 00000000..42074fd3
--- /dev/null
+++ b/includes/filerepo/backend/lockmanager/FSLockManager.php
@@ -0,0 +1,202 @@
+<?php
+
+/**
+ * Simple version of LockManager based on using FS lock files.
+ * All locks are non-blocking, which avoids deadlocks.
+ *
+ * This should work fine for small sites running off one server.
+ * Do not use this with 'lockDirectory' set to an NFS mount unless the
+ * NFS client is at least version 2.6.12. Otherwise, the BSD flock()
+ * locks will be ignored; see http://nfs.sourceforge.net/#section_d.
+ *
+ * @ingroup LockManager
+ * @since 1.19
+ */
+class FSLockManager extends LockManager {
+	/** @var Array Mapping of lock types to the type actually used */
+	protected $lockTypeMap = array(
+		self::LOCK_SH => self::LOCK_SH,
+		self::LOCK_UW => self::LOCK_SH,
+		self::LOCK_EX => self::LOCK_EX
+	);
+
+	protected $lockDir; // global dir for all servers
+
+	/** @var Array Map of (locked key => lock type => lock file handle) */
+	protected $handles = array();
+
+	/**
+	 * Construct a new instance from configuration.
+	 * 
+	 * $config includes:
+	 *     'lockDirectory' : Directory containing the lock files
+	 *
+	 * @param array $config
+	 */
+	function __construct( array $config ) {
+		parent::__construct( $config );
+		$this->lockDir = $config['lockDirectory'];
+	}
+
+	protected function doLock( array $paths, $type ) {
+		$status = Status::newGood();
+
+		$lockedPaths = array(); // files locked in this attempt
+		foreach ( $paths as $path ) {
+			$status->merge( $this->doSingleLock( $path, $type ) );
+			if ( $status->isOK() ) {
+				$lockedPaths[] = $path;
+			} else {
+				// Abort and unlock everything
+				$status->merge( $this->doUnlock( $lockedPaths, $type ) );
+				return $status;
+			}
+		}
+
+		return $status;
+	}
+
+	protected function doUnlock( array $paths, $type ) {
+		$status = Status::newGood();
+
+		foreach ( $paths as $path ) {
+			$status->merge( $this->doSingleUnlock( $path, $type ) );
+		}
+
+		return $status;
+	}
+
+	/**
+	 * Lock a single resource key
+	 *
+	 * @param $path string
+	 * @param $type integer
+	 * @return Status 
+	 */
+	protected function doSingleLock( $path, $type ) {
+		$status = Status::newGood();
+
+		if ( isset( $this->locksHeld[$path][$type] ) ) {
+			++$this->locksHeld[$path][$type];
+		} elseif ( isset( $this->locksHeld[$path][self::LOCK_EX] ) ) {
+			$this->locksHeld[$path][$type] = 1;
+		} else {
+			wfSuppressWarnings();
+			$handle = fopen( $this->getLockPath( $path ), 'a+' );
+			wfRestoreWarnings();
+			if ( !$handle ) { // lock dir missing?
+				wfMkdirParents( $this->lockDir );
+				$handle = fopen( $this->getLockPath( $path ), 'a+' ); // try again
+			}
+			if ( $handle ) {
+				// Either a shared or exclusive lock
+				$lock = ( $type == self::LOCK_SH ) ? LOCK_SH : LOCK_EX;
+				if ( flock( $handle, $lock | LOCK_NB ) ) {
+					// Record this lock as active
+					$this->locksHeld[$path][$type] = 1;
+					$this->handles[$path][$type] = $handle;
+				} else {
+					fclose( $handle );
+					$status->fatal( 'lockmanager-fail-acquirelock', $path );
+				}
+			} else {
+				$status->fatal( 'lockmanager-fail-openlock', $path );
+			}
+		}
+
+		return $status;
+	}
+
+	/**
+	 * Unlock a single resource key
+	 * 
+	 * @param $path string
+	 * @param $type integer
+	 * @return Status 
+	 */
+	protected function doSingleUnlock( $path, $type ) {
+		$status = Status::newGood();
+
+		if ( !isset( $this->locksHeld[$path] ) ) {
+			$status->warning( 'lockmanager-notlocked', $path );
+		} elseif ( !isset( $this->locksHeld[$path][$type] ) ) {
+			$status->warning( 'lockmanager-notlocked', $path );
+		} else {
+			$handlesToClose = array();
+			--$this->locksHeld[$path][$type];
+			if ( $this->locksHeld[$path][$type] <= 0 ) {
+				unset( $this->locksHeld[$path][$type] );
+				// If a LOCK_SH comes in while we have a LOCK_EX, we don't
+				// actually add a handler, so check for handler existence.
+				if ( isset( $this->handles[$path][$type] ) ) {
+					// Mark this handle to be unlocked and closed
+					$handlesToClose[] = $this->handles[$path][$type];
+					unset( $this->handles[$path][$type] );
+				}
+			}
+			// Unlock handles to release locks and delete
+			// any lock files that end up with no locks on them...
+			if ( wfIsWindows() ) {
+				// Windows: for any process, including this one,
+				// calling unlink() on a locked file will fail
+				$status->merge( $this->closeLockHandles( $path, $handlesToClose ) );
+				$status->merge( $this->pruneKeyLockFiles( $path ) );
+			} else {
+				// Unix: unlink() can be used on files currently open by this 
+				// process and we must do so in order to avoid race conditions
+				$status->merge( $this->pruneKeyLockFiles( $path ) );
+				$status->merge( $this->closeLockHandles( $path, $handlesToClose ) );
+			}
+		}
+
+		return $status;
+	}
+
+	private function closeLockHandles( $path, array $handlesToClose ) {
+		$status = Status::newGood();
+		foreach ( $handlesToClose as $handle ) {
+			wfSuppressWarnings();
+			if ( !flock( $handle, LOCK_UN ) ) {
+				$status->fatal( 'lockmanager-fail-releaselock', $path );
+			}
+			if ( !fclose( $handle ) ) {
+				$status->warning( 'lockmanager-fail-closelock', $path );
+			}
+			wfRestoreWarnings();
+		}
+		return $status;
+	}
+
+	private function pruneKeyLockFiles( $path ) {
+		$status = Status::newGood();
+		if ( !count( $this->locksHeld[$path] ) ) {
+			wfSuppressWarnings();
+			# No locks are held for the lock file anymore
+			if ( !unlink( $this->getLockPath( $path ) ) ) {
+				$status->warning( 'lockmanager-fail-deletelock', $path );
+			}
+			wfRestoreWarnings();
+			unset( $this->locksHeld[$path] );
+			unset( $this->handles[$path] );
+		}
+		return $status;
+	}
+
+	/**
+	 * Get the path to the lock file for a key
+	 * @param $path string
+	 * @return string
+	 */
+	protected function getLockPath( $path ) {
+		$hash = self::sha1Base36( $path );
+		return "{$this->lockDir}/{$hash}.lock";
+	}
+
+	function __destruct() {
+		// Make sure remaining locks get cleared for sanity
+		foreach ( $this->locksHeld as $path => $locks ) {
+			$this->doSingleUnlock( $path, self::LOCK_EX );
+			$this->doSingleUnlock( $path, self::LOCK_SH );
+		}
+	}
+}
diff --git a/includes/filerepo/backend/lockmanager/LSLockManager.php b/includes/filerepo/backend/lockmanager/LSLockManager.php
new file mode 100644
index 00000000..b7ac743c
--- /dev/null
+++ b/includes/filerepo/backend/lockmanager/LSLockManager.php
@@ -0,0 +1,295 @@
+<?php
+
+/**
+ * Manage locks using a lock daemon server.
+ *
+ * Version of LockManager based on using lock daemon servers.
+ * This is meant for multi-wiki systems that may share files.
+ * All locks are non-blocking, which avoids deadlocks.
+ *
+ * All lock requests for a resource, identified by a hash string, will map
+ * to one bucket. Each bucket maps to one or several peer servers, each
+ * running LockServerDaemon.php, listening on a designated TCP port.
+ * A majority of peers must agree for a lock to be acquired.
+ *
+ * @ingroup LockManager
+ * @since 1.19
+ */
+class LSLockManager extends LockManager {
+	/** @var Array Mapping of lock types to the type actually used */
+	protected $lockTypeMap = array(
+		self::LOCK_SH => self::LOCK_SH,
+		self::LOCK_UW => self::LOCK_SH,
+		self::LOCK_EX => self::LOCK_EX
+	);
+
+	/** @var Array Map of server names to server config */
+	protected $lockServers; // (server name => server config array)
+	/** @var Array Map of bucket indexes to peer server lists */
+	protected $srvsByBucket; // (bucket index => (lsrv1, lsrv2, ...))
+
+	/** @var Array Map Server connections (server name => resource) */
+	protected $conns = array();
+
+	protected $connTimeout; // float number of seconds
+	protected $session = ''; // random SHA-1 string
+
+	/**
+	 * Construct a new instance from configuration.
+	 * 
+	 * $config paramaters include:
+	 *     'lockServers'  : Associative array of server names to configuration.
+	 *                      Configuration is an associative array that includes:
+	 *                      'host'    - IP address/hostname
+	 *                      'port'    - TCP port
+	 *                      'authKey' - Secret string the lock server uses
+	 *     'srvsByBucket' : Array of 1-16 consecutive integer keys, starting from 0,
+	 *                      each having an odd-numbered list of server names (peers) as values.
+	 *     'connTimeout'  : Lock server connection attempt timeout. [optional]
+	 *
+	 * @param Array $config 
+	 */
+	public function __construct( array $config ) {
+		$this->lockServers = $config['lockServers'];
+		// Sanitize srvsByBucket config to prevent PHP errors
+		$this->srvsByBucket = array_filter( $config['srvsByBucket'], 'is_array' );
+		$this->srvsByBucket = array_values( $this->srvsByBucket ); // consecutive
+
+		if ( isset( $config['connTimeout'] ) ) {
+			$this->connTimeout = $config['connTimeout'];
+		} else {
+			$this->connTimeout = 3; // use some sane amount
+		}
+
+		$this->session = '';
+		for ( $i = 0; $i < 5; $i++ ) {
+			$this->session .= mt_rand( 0, 2147483647 );
+		}
+		$this->session = wfBaseConvert( sha1( $this->session ), 16, 36, 31 );
+	}
+
+	protected function doLock( array $paths, $type ) {
+		$status = Status::newGood();
+
+		$pathsToLock = array();
+		// Get locks that need to be acquired (buckets => locks)...
+		foreach ( $paths as $path ) {
+			if ( isset( $this->locksHeld[$path][$type] ) ) {
+				++$this->locksHeld[$path][$type];
+			} elseif ( isset( $this->locksHeld[$path][self::LOCK_EX] ) ) {
+				$this->locksHeld[$path][$type] = 1;
+			} else {
+				$bucket = $this->getBucketFromKey( $path );
+				$pathsToLock[$bucket][] = $path;
+			}
+		}
+
+		$lockedPaths = array(); // files locked in this attempt
+		// Attempt to acquire these locks...
+		foreach ( $pathsToLock as $bucket => $paths ) {
+			// Try to acquire the locks for this bucket
+			$res = $this->doLockingRequestAll( $bucket, $paths, $type );
+			if ( $res === 'cantacquire' ) {
+				// Resources already locked by another process.
+				// Abort and unlock everything we just locked.
+				foreach ( $paths as $path ) {
+					$status->fatal( 'lockmanager-fail-acquirelock', $path );
+				}
+				$status->merge( $this->doUnlock( $lockedPaths, $type ) );
+				return $status;
+			} elseif ( $res !== true ) {
+				// Couldn't contact any servers for this bucket.
+				// Abort and unlock everything we just locked.
+				foreach ( $paths as $path ) {
+					$status->fatal( 'lockmanager-fail-acquirelock', $path );
+				}
+				$status->merge( $this->doUnlock( $lockedPaths, $type ) );
+				return $status;
+			}
+			// Record these locks as active
+			foreach ( $paths as $path ) {
+				$this->locksHeld[$path][$type] = 1; // locked
+			}
+			// Keep track of what locks were made in this attempt
+			$lockedPaths = array_merge( $lockedPaths, $paths );
+		}
+
+		return $status;
+	}
+
+	protected function doUnlock( array $paths, $type ) {
+		$status = Status::newGood();
+
+		foreach ( $paths as $path ) {
+			if ( !isset( $this->locksHeld[$path] ) ) {
+				$status->warning( 'lockmanager-notlocked', $path );
+			} elseif ( !isset( $this->locksHeld[$path][$type] ) ) {
+				$status->warning( 'lockmanager-notlocked', $path );
+			} else {
+				--$this->locksHeld[$path][$type];
+				if ( $this->locksHeld[$path][$type] <= 0 ) {
+					unset( $this->locksHeld[$path][$type] );
+				}
+				if ( !count( $this->locksHeld[$path] ) ) {
+					unset( $this->locksHeld[$path] ); // no SH or EX locks left for key
+				}
+			}
+		}
+
+		// Reference count the locks held and release locks when zero
+		if ( !count( $this->locksHeld ) ) {
+			$status->merge( $this->releaseLocks() );
+		}
+
+		return $status;
+	}
+
+	/**
+	 * Get a connection to a lock server and acquire locks on $paths
+	 *
+	 * @param $lockSrv string
+	 * @param $paths Array
+	 * @param $type integer LockManager::LOCK_EX or LockManager::LOCK_SH
+	 * @return bool Resources able to be locked
+	 */
+	protected function doLockingRequest( $lockSrv, array $paths, $type ) {
+		if ( $type == self::LOCK_SH ) { // reader locks
+			$type = 'SH';
+		} elseif ( $type == self::LOCK_EX ) { // writer locks
+			$type = 'EX';
+		} else {
+			return true; // ok...
+		}
+
+		// Send out the command and get the response...
+		$keys = array_unique( array_map( 'LockManager::sha1Base36', $paths ) );
+		$response = $this->sendCommand( $lockSrv, 'ACQUIRE', $type, $keys );
+
+		return ( $response === 'ACQUIRED' );
+	}
+
+	/**
+	 * Send a command and get back the response
+	 *
+	 * @param $lockSrv string
+	 * @param $action string
+	 * @param $type string
+	 * @param $values Array
+	 * @return string|false
+	 */
+	protected function sendCommand( $lockSrv, $action, $type, $values ) {
+		$conn = $this->getConnection( $lockSrv );
+		if ( !$conn ) {
+			return false; // no connection
+		}
+		$authKey = $this->lockServers[$lockSrv]['authKey'];
+		// Build of the command as a flat string...
+		$values = implode( '|', $values );
+		$key = sha1( $this->session . $action . $type . $values . $authKey );
+		// Send out the command...
+		if ( fwrite( $conn, "{$this->session}:$key:$action:$type:$values\n" ) === false ) {
+			return false;
+		}
+		// Get the response...
+		$response = fgets( $conn );
+		if ( $response === false ) {
+			return false;
+		}
+		return trim( $response );
+	}
+
+	/**
+	 * Attempt to acquire locks with the peers for a bucket
+	 *
+	 * @param $bucket integer
+	 * @param $paths Array List of resource keys to lock
+	 * @param $type integer LockManager::LOCK_EX or LockManager::LOCK_SH
+	 * @return bool|string One of (true, 'cantacquire', 'srverrors')
+	 */
+	protected function doLockingRequestAll( $bucket, array $paths, $type ) {
+		$yesVotes = 0; // locks made on trustable servers
+		$votesLeft = count( $this->srvsByBucket[$bucket] ); // remaining peers
+		$quorum = floor( $votesLeft/2 + 1 ); // simple majority
+		// Get votes for each peer, in order, until we have enough...
+		foreach ( $this->srvsByBucket[$bucket] as $lockSrv ) {
+			// Attempt to acquire the lock on this peer
+			if ( !$this->doLockingRequest( $lockSrv, $paths, $type ) ) {
+				return 'cantacquire'; // vetoed; resource locked
+			}
+			++$yesVotes; // success for this peer
+			if ( $yesVotes >= $quorum ) {
+				return true; // lock obtained
+			}
+			--$votesLeft;
+			$votesNeeded = $quorum - $yesVotes;
+			if ( $votesNeeded > $votesLeft ) {
+				// In "trust cache" mode we don't have to meet the quorum
+				break; // short-circuit
+			}
+		}
+		// At this point, we must not have meet the quorum
+		return 'srverrors'; // not enough votes to ensure correctness
+	}
+
+	/**
+	 * Get (or reuse) a connection to a lock server
+	 *
+	 * @param $lockSrv string
+	 * @return resource
+	 */
+	protected function getConnection( $lockSrv ) {
+		if ( !isset( $this->conns[$lockSrv] ) ) {
+			$cfg = $this->lockServers[$lockSrv];
+			wfSuppressWarnings();
+			$errno = $errstr = '';
+			$conn = fsockopen( $cfg['host'], $cfg['port'], $errno, $errstr, $this->connTimeout );
+			wfRestoreWarnings();
+			if ( $conn === false ) {
+				return null;
+			}
+			$sec = floor( $this->connTimeout );
+			$usec = floor( ( $this->connTimeout - floor( $this->connTimeout ) ) * 1e6 );
+			stream_set_timeout( $conn, $sec, $usec );
+			$this->conns[$lockSrv] = $conn;
+		}
+		return $this->conns[$lockSrv];
+	}
+
+	/**
+	 * Release all locks that this session is holding
+	 *
+	 * @return Status
+	 */
+	protected function releaseLocks() {
+		$status = Status::newGood();
+		foreach ( $this->conns as $lockSrv => $conn ) {
+			$response = $this->sendCommand( $lockSrv, 'RELEASE_ALL', '', array() );
+			if ( $response !== 'RELEASED_ALL' ) {
+				$status->fatal( 'lockmanager-fail-svr-release', $lockSrv );
+			}
+		}
+		return $status;
+	}
+
+	/**
+	 * Get the bucket for resource path.
+	 * This should avoid throwing any exceptions.
+	 *
+	 * @param $path string
+	 * @return integer
+	 */
+	protected function getBucketFromKey( $path ) {
+		$prefix = substr( sha1( $path ), 0, 2 ); // first 2 hex chars (8 bits)
+		return intval( base_convert( $prefix, 16, 10 ) ) % count( $this->srvsByBucket );
+	}
+
+	/**
+	 * Make sure remaining locks get cleared for sanity
+	 */
+	function __destruct() {
+		$this->releaseLocks();
+		foreach ( $this->conns as $conn ) {
+			fclose( $conn );
+		}
+	}
+}
diff --git a/includes/filerepo/backend/lockmanager/LockManager.php b/includes/filerepo/backend/lockmanager/LockManager.php
new file mode 100644
index 00000000..23603a4f
--- /dev/null
+++ b/includes/filerepo/backend/lockmanager/LockManager.php
@@ -0,0 +1,182 @@
+<?php
+/**
+ * @defgroup LockManager Lock management
+ * @ingroup FileBackend
+ */
+
+/**
+ * @file
+ * @ingroup LockManager
+ * @author Aaron Schulz
+ */
+
+/**
+ * Class for handling resource locking.
+ *
+ * Locks on resource keys can either be shared or exclusive.
+ *
+ * Implementations must keep track of what is locked by this proccess
+ * in-memory and support nested locking calls (using reference counting).
+ * At least LOCK_UW and LOCK_EX must be implemented. LOCK_SH can be a no-op.
+ * Locks should either be non-blocking or have low wait timeouts.
+ *
+ * Subclasses should avoid throwing exceptions at all costs.
+ *
+ * @ingroup LockManager
+ * @since 1.19
+ */
+abstract class LockManager {
+	/** @var Array Mapping of lock types to the type actually used */
+	protected $lockTypeMap = array(
+		self::LOCK_SH => self::LOCK_SH,
+		self::LOCK_UW => self::LOCK_EX, // subclasses may use self::LOCK_SH
+		self::LOCK_EX => self::LOCK_EX
+	);
+
+	/** @var Array Map of (resource path => lock type => count) */
+	protected $locksHeld = array();
+
+	/* Lock types; stronger locks have higher values */
+	const LOCK_SH = 1; // shared lock (for reads)
+	const LOCK_UW = 2; // shared lock (for reads used to write elsewhere)
+	const LOCK_EX = 3; // exclusive lock (for writes)
+
+	/**
+	 * Construct a new instance from configuration
+	 *
+	 * @param $config Array
+	 */
+	public function __construct( array $config ) {}
+
+	/**
+	 * Lock the resources at the given abstract paths
+	 * 
+	 * @param $paths Array List of resource names
+	 * @param $type integer LockManager::LOCK_* constant
+	 * @return Status 
+	 */
+	final public function lock( array $paths, $type = self::LOCK_EX ) {
+		return $this->doLock( array_unique( $paths ), $this->lockTypeMap[$type] );
+	}
+
+	/**
+	 * Unlock the resources at the given abstract paths
+	 * 
+	 * @param $paths Array List of storage paths
+	 * @param $type integer LockManager::LOCK_* constant
+	 * @return Status 
+	 */
+	final public function unlock( array $paths, $type = self::LOCK_EX ) {
+		return $this->doUnlock( array_unique( $paths ), $this->lockTypeMap[$type] );
+	}
+
+	/**
+	 * Get the base 36 SHA-1 of a string, padded to 31 digits
+	 * 
+	 * @param $path string
+	 * @return string
+	 */
+	final protected static function sha1Base36( $path ) {
+		return wfBaseConvert( sha1( $path ), 16, 36, 31 );
+	}
+
+	/**
+	 * Lock resources with the given keys and lock type
+	 * 
+	 * @param $paths Array List of storage paths
+	 * @param $type integer LockManager::LOCK_* constant
+	 * @return string
+	 */
+	abstract protected function doLock( array $paths, $type );
+
+	/**
+	 * Unlock resources with the given keys and lock type
+	 * 
+	 * @param $paths Array List of storage paths
+	 * @param $type integer LockManager::LOCK_* constant
+	 * @return string
+	 */
+	abstract protected function doUnlock( array $paths, $type );
+}
+
+/**
+ * Self releasing locks
+ *
+ * LockManager helper class to handle scoped locks, which
+ * release when an object is destroyed or goes out of scope.
+ *
+ * @ingroup LockManager
+ * @since 1.19
+ */
+class ScopedLock {
+	/** @var LockManager */
+	protected $manager;
+	/** @var Status */
+	protected $status;
+	/** @var Array List of resource paths*/
+	protected $paths;
+
+	protected $type; // integer lock type
+
+	/**
+	 * @param $manager LockManager
+	 * @param $paths Array List of storage paths
+	 * @param $type integer LockManager::LOCK_* constant
+	 * @param $status Status
+	 */
+	protected function __construct(
+		LockManager $manager, array $paths, $type, Status $status
+	) {
+		$this->manager = $manager;
+		$this->paths = $paths;
+		$this->status = $status;
+		$this->type = $type;
+	}
+
+	protected function __clone() {}
+
+	/**
+	 * Get a ScopedLock object representing a lock on resource paths.
+	 * Any locks are released once this object goes out of scope.
+	 * The status object is updated with any errors or warnings.
+	 * 
+	 * @param $manager LockManager
+	 * @param $paths Array List of storage paths
+	 * @param $type integer LockManager::LOCK_* constant
+	 * @param $status Status
+	 * @return ScopedLock|null Returns null on failure
+	 */
+	public static function factory(
+		LockManager $manager, array $paths, $type, Status $status
+	) {
+		$lockStatus = $manager->lock( $paths, $type );
+		$status->merge( $lockStatus );
+		if ( $lockStatus->isOK() ) {
+			return new self( $manager, $paths, $type, $status );
+		}
+		return null;
+	}
+
+	function __destruct() {
+		$wasOk = $this->status->isOK();
+		$this->status->merge( $this->manager->unlock( $this->paths, $this->type ) );
+		if ( $wasOk ) {
+			// Make sure status is OK, despite any unlockFiles() fatals
+			$this->status->setResult( true, $this->status->value );
+		}
+	}
+}
+
+/**
+ * Simple version of LockManager that does nothing
+ * @since 1.19
+ */
+class NullLockManager extends LockManager {
+	protected function doLock( array $paths, $type ) {
+		return Status::newGood();
+	}
+
+	protected function doUnlock( array $paths, $type ) {
+		return Status::newGood();
+	}
+}
diff --git a/includes/filerepo/backend/lockmanager/LockManagerGroup.php b/includes/filerepo/backend/lockmanager/LockManagerGroup.php
new file mode 100644
index 00000000..11e77972
--- /dev/null
+++ b/includes/filerepo/backend/lockmanager/LockManagerGroup.php
@@ -0,0 +1,89 @@
+<?php
+/**
+ * Class to handle file lock manager registration
+ * 
+ * @ingroup LockManager
+ * @author Aaron Schulz
+ * @since 1.19
+ */
+class LockManagerGroup {
+
+	/**
+	 * @var LockManagerGroup
+	 */
+	protected static $instance = null;
+
+	/** @var Array of (name => ('class' =>, 'config' =>, 'instance' =>)) */
+	protected $managers = array();
+
+	protected function __construct() {}
+	protected function __clone() {}
+
+	/**
+	 * @return LockManagerGroup
+	 */
+	public static function singleton() {
+		if ( self::$instance == null ) {
+			self::$instance = new self();
+			self::$instance->initFromGlobals();
+		}
+		return self::$instance;
+	}
+
+	/**
+	 * Register lock managers from the global variables
+	 * 
+	 * @return void
+	 */
+	protected function initFromGlobals() {
+		global $wgLockManagers;
+
+		$this->register( $wgLockManagers );
+	}
+
+	/**
+	 * Register an array of file lock manager configurations
+	 *
+	 * @param $configs Array
+	 * @return void
+	 * @throws MWException
+	 */
+	protected function register( array $configs ) {
+		foreach ( $configs as $config ) {
+			if ( !isset( $config['name'] ) ) {
+				throw new MWException( "Cannot register a lock manager with no name." );
+			}
+			$name = $config['name'];
+			if ( !isset( $config['class'] ) ) {
+				throw new MWException( "Cannot register lock manager `{$name}` with no class." );
+			}
+			$class = $config['class'];
+			unset( $config['class'] ); // lock manager won't need this
+			$this->managers[$name] = array(
+				'class'    => $class,
+				'config'   => $config,
+				'instance' => null
+			);
+		}
+	}
+
+	/**
+	 * Get the lock manager object with a given name
+	 *
+	 * @param $name string
+	 * @return LockManager
+	 * @throws MWException
+	 */
+	public function get( $name ) {
+		if ( !isset( $this->managers[$name] ) ) {
+			throw new MWException( "No lock manager defined with the name `$name`." );
+		}
+		// Lazy-load the actual lock manager instance
+		if ( !isset( $this->managers[$name]['instance'] ) ) {
+			$class = $this->managers[$name]['class'];
+			$config = $this->managers[$name]['config'];
+			$this->managers[$name]['instance'] = new $class( $config );
+		}
+		return $this->managers[$name]['instance'];
+	}
+}