From: Michael Haggerty <mhagger@alum.mit.edu>
To: Jeff King <peff@peff.net>
Cc: "Junio C Hamano" <gitster@pobox.com>,
"Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>,
"Stefan Beller" <sbeller@google.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"David Turner" <novalis@novalis.org>,
"Brandon Williams" <bmwill@google.com>,
git@vger.kernel.org
Subject: Re: [PATCH v2 22/29] commit_packed_refs(): use a staging file separate from the lockfile
Date: Sat, 24 Jun 2017 13:43:09 +0200 [thread overview]
Message-ID: <8156514c-f255-5bda-2011-db8f512d6fb9@alum.mit.edu> (raw)
In-Reply-To: <20170623194610.o2eyte4xmlsscrlz@sigill.intra.peff.net>
On 06/23/2017 09:46 PM, Jeff King wrote:
> On Fri, Jun 23, 2017 at 09:01:40AM +0200, Michael Haggerty wrote:
>
>> @@ -522,10 +529,16 @@ int lock_packed_refs(struct ref_store *ref_store, int flags)
>> timeout_configured = 1;
>> }
>>
>> + /*
>> + * Note that we close the lockfile immediately because we
>> + * don't write new content to it, but rather to a separate
>> + * tempfile.
>> + */
>> if (hold_lock_file_for_update_timeout(
>> &refs->lock,
>> refs->path,
>> - flags, timeout_value) < 0)
>> + flags, timeout_value) < 0 ||
>> + close_lock_file(&refs->lock))
>> return -1;
>
> I was wondering whether we'd catch a case which accidentally wrote to
> the lockfile (instead of the new tempfile, but this close() is a good
> safety check).
>
>> - if (commit_lock_file(&refs->lock)) {
>> - strbuf_addf(err, "error overwriting %s: %s",
>> + if (rename_tempfile(&refs->tempfile, refs->path)) {
>> + strbuf_addf(err, "error replacing %s: %s",
>> refs->path, strerror(errno));
>> goto out;
>> }
>
> So our idea of committing now is the tempfile rename, and then...
>
>> @@ -617,9 +640,10 @@ int commit_packed_refs(struct ref_store *ref_store, struct strbuf *err)
>> goto out;
>>
>> error:
>> - rollback_lock_file(&refs->lock);
>> + delete_tempfile(&refs->tempfile);
>>
>> out:
>> + rollback_lock_file(&refs->lock);
>
> We always rollback the lockfile regardless, because committing it would
> overwrite our new content with an empty file. There's no real safety
> against somebody calling commit_lock_file() on it, but it also seems
> like an uncommon error to make.
If this seems too dangerous, we could add a `LOCK_NO_COMMIT` flag for
`hold_lock_file_for_update()` and `hold_lock_file_for_update_timeout()`,
which would die() if somebody tries to commit the associated lockfile. I
think we can live without it. I hope that any such bugs would be caught
immediately by CI. But I admit that the prospect of renaming an empty
file on top of a `packed-refs` file is quite sobering, so if anybody is
worried about this, let me know and I'll implement it.
Michael
next prev parent reply other threads:[~2017-06-24 11:43 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-23 7:01 [PATCH v2 00/29] Create a reference backend for packed refs Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 01/29] t1408: add a test of stale packed refs covered by loose refs Michael Haggerty
2017-06-23 18:59 ` Jeff King
2017-06-23 20:22 ` Junio C Hamano
2017-06-23 7:01 ` [PATCH v2 02/29] add_packed_ref(): teach function to overwrite existing refs Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 03/29] packed_ref_store: new struct Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 04/29] packed_ref_store: move `packed_refs_path` here Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 05/29] packed_ref_store: move `packed_refs_lock` member here Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 06/29] clear_packed_ref_cache(): take a `packed_ref_store *` parameter Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 07/29] validate_packed_ref_cache(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 08/29] get_packed_ref_cache(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 09/29] get_packed_refs(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 10/29] add_packed_ref(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 11/29] lock_packed_refs(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 12/29] commit_packed_refs(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 13/29] rollback_packed_refs(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 14/29] get_packed_ref(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 15/29] repack_without_refs(): " Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 16/29] packed_peel_ref(): new function, extracted from `files_peel_ref()` Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 17/29] packed_ref_store: support iteration Michael Haggerty
2017-06-23 19:12 ` Jeff King
2017-06-23 7:01 ` [PATCH v2 18/29] packed_read_raw_ref(): new function, replacing `resolve_packed_ref()` Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 19/29] packed-backend: new module for handling packed references Michael Haggerty
2017-06-23 19:35 ` Jeff King
2017-06-23 19:46 ` Stefan Beller
2017-06-23 21:20 ` Junio C Hamano
2017-06-23 7:01 ` [PATCH v2 20/29] packed_ref_store: make class into a subclass of `ref_store` Michael Haggerty
2017-06-23 19:40 ` Jeff King
2017-06-23 7:01 ` [PATCH v2 21/29] commit_packed_refs(): report errors rather than dying Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 22/29] commit_packed_refs(): use a staging file separate from the lockfile Michael Haggerty
2017-06-23 19:46 ` Jeff King
2017-06-24 11:43 ` Michael Haggerty [this message]
2017-06-24 11:57 ` Jeff King
2017-06-23 7:01 ` [PATCH v2 23/29] packed_refs_lock(): function renamed from lock_packed_refs() Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 24/29] packed_refs_lock(): report errors via a `struct strbuf *err` Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 25/29] packed_refs_unlock(), packed_refs_is_locked(): new functions Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 26/29] clear_packed_ref_cache(): don't protest if the lock is held Michael Haggerty
2017-06-23 19:49 ` Jeff King
2017-06-23 7:01 ` [PATCH v2 27/29] commit_packed_refs(): remove call to `packed_refs_unlock()` Michael Haggerty
2017-06-23 19:51 ` Jeff King
2017-06-23 7:01 ` [PATCH v2 28/29] repack_without_refs(): don't lock or unlock the packed refs Michael Haggerty
2017-06-23 19:56 ` Jeff King
2017-07-01 17:11 ` Michael Haggerty
2017-06-23 7:01 ` [PATCH v2 29/29] read_packed_refs(): die if `packed-refs` contains bogus data Michael Haggerty
2017-06-23 19:58 ` Jeff King
2017-07-01 18:15 ` Michael Haggerty
2017-06-23 19:01 ` [PATCH v2 00/29] Create a reference backend for packed refs Jeff King
2017-06-23 20:00 ` Jeff King
2017-06-23 21:47 ` Junio C Hamano
2017-06-24 1:11 ` Jeff King
2017-06-24 11:14 ` Michael Haggerty
2017-06-23 20:24 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8156514c-f255-5bda-2011-db8f512d6fb9@alum.mit.edu \
--to=mhagger@alum.mit.edu \
--cc=avarab@gmail.com \
--cc=bmwill@google.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=novalis@novalis.org \
--cc=pclouds@gmail.com \
--cc=peff@peff.net \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).