From: Junio C Hamano <gitster@pobox.com>
To: larsxschneider@gmail.com
Cc: git@vger.kernel.org, peff@peff.net, sbeller@google.com,
Johannes.Schindelin@gmx.de, jnareb@gmail.com, mlbright@gmail.com
Subject: Re: [PATCH v6 13/13] read-cache: make sure file handles are not inherited by child processes
Date: Mon, 29 Aug 2016 11:05:48 -0700 [thread overview]
Message-ID: <xmqqy43fbgcj.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <20160825110752.31581-14-larsxschneider@gmail.com> (larsxschneider@gmail.com's message of "Thu, 25 Aug 2016 13:07:52 +0200")
larsxschneider@gmail.com writes:
> From: Lars Schneider <larsxschneider@gmail.com>
>
> Consider the case of a file that requires filtering and is present in
> branch A but not in branch B. If A is the current HEAD and we checkout B
> then the following happens:
>
> 1. ce_compare_data() opens the file
> 2. index_fd() detects that the file requires to run a clean filter and
> calls index_stream_convert_blob()
> 4. index_stream_convert_blob() calls convert_to_git_filter_fd()
> 5. convert_to_git_filter_fd() calls apply_filter() which creates a
> new long running filter process (in case it is the first file
> of this kind to be filtered)
> 6. The new filter process inherits all file handles. This is the
> default on Linux/OSX and is explicitly defined in the
> `CreateProcessW` call in `mingw.c` on Windows.
> 7. ce_compare_data() closes the file
> 8. Git unlinks the file as it is not present in B
>
> The unlink operation does not work on Windows because the filter process
> has still an open handle to the file. Apparently that is no problem on
> Linux/OSX. Probably because "[...] the two file descriptors share open
> file status flags" (see fork(2)).
Wait, a, minute. "that is no problem" may be true as long as "that"
is "unlinking the now-gone file in the filesystem", but the reason
does not have anything to do with the "open-file status flags";
unlike Windows, you _can_ unlink file that has an open file
descriptor on it.
And even on POSIX systems, if you are doing a long-running helper
any open file descriptor in the parent process when the long-running
helper is spawned will become leaked fd. CLOEXEC is a possible
solution (but not necessarily the only or the best one) to the fd
leak in this case.
How much does the code that spawns these long-running helpers know
about the file descriptors that happen to be open? The parent is
very likely to have pack windows open into .pack files and they need
to be closed on the child side after fork(2) starts the child
process but before execve(2) runs the helper, if we want to avoid
file descriptor leaks.
> Fix this problem by opening files in read-cache with the `O_CLOEXEC`
> flag to ensure that the file descriptor does not remain open in a newly
> spawned process. `O_CLOEXEC` is defined as `O_NOINHERIT` on Windows. A
> similar fix for temporary file handles was applied on Git for Windows
> already:
> https://github.com/git-for-windows/git/commit/667b8b51ec850c3e1c7d75dee69dc13c29d1f162
After a few iterations, the final version of the same commit is now
in our tree as d5cb9cbd ("Git 2.10-rc2", 2016-08-26).
next prev parent reply other threads:[~2016-08-29 18:05 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-25 11:07 [PATCH v6 00/13] Git filter protocol larsxschneider
2016-08-25 11:07 ` [PATCH v6 01/13] pkt-line: rename packet_write() to packet_write_fmt() larsxschneider
2016-08-25 11:07 ` [PATCH v6 02/13] pkt-line: extract set_packet_header() larsxschneider
2016-08-25 11:07 ` [PATCH v6 03/13] pkt-line: add packet_write_fmt_gently() larsxschneider
2016-08-25 18:12 ` Stefan Beller
2016-08-25 18:47 ` Lars Schneider
2016-08-25 21:41 ` Junio C Hamano
2016-08-26 9:17 ` Lars Schneider
2016-08-26 17:10 ` Junio C Hamano
2016-08-26 17:23 ` Jeff King
2016-08-25 11:07 ` [PATCH v6 04/13] pkt-line: add packet_flush_gently() larsxschneider
2016-08-25 11:07 ` [PATCH v6 05/13] pkt-line: add packet_write_gently() larsxschneider
2016-08-25 21:50 ` Junio C Hamano
2016-08-26 9:40 ` Lars Schneider
2016-08-26 17:15 ` Junio C Hamano
2016-08-29 9:40 ` Lars Schneider
2016-08-25 11:07 ` [PATCH v6 06/13] pkt-line: add functions to read/write flush terminated packet streams larsxschneider
2016-08-25 18:46 ` Stefan Beller
2016-08-25 19:33 ` Lars Schneider
2016-08-25 22:31 ` Junio C Hamano
2016-08-26 0:55 ` Jacob Keller
2016-08-26 17:02 ` Stefan Beller
2016-08-26 17:21 ` Jeff King
2016-08-26 17:17 ` Junio C Hamano
2016-08-25 22:27 ` Junio C Hamano
2016-08-26 10:13 ` Lars Schneider
2016-08-26 17:21 ` Junio C Hamano
2016-08-29 9:43 ` Lars Schneider
2016-08-25 11:07 ` [PATCH v6 07/13] pack-protocol: fix maximum pkt-line size larsxschneider
2016-08-25 18:59 ` Stefan Beller
2016-08-25 19:35 ` Lars Schneider
2016-08-26 19:44 ` Junio C Hamano
2016-08-25 11:07 ` [PATCH v6 08/13] convert: quote filter names in error messages larsxschneider
2016-08-26 19:45 ` Junio C Hamano
2016-08-25 11:07 ` [PATCH v6 09/13] convert: modernize tests larsxschneider
2016-08-26 20:03 ` Junio C Hamano
2016-08-29 10:09 ` Lars Schneider
2016-08-25 11:07 ` [PATCH v6 10/13] convert: generate large test files only once larsxschneider
2016-08-25 19:17 ` Stefan Beller
2016-08-25 19:54 ` Lars Schneider
2016-08-29 17:52 ` Junio C Hamano
2016-08-30 11:47 ` Lars Schneider
2016-08-30 16:55 ` Junio C Hamano
2016-08-29 17:46 ` Junio C Hamano
2016-08-30 11:41 ` Lars Schneider
2016-08-30 16:37 ` Jeff King
2016-08-25 11:07 ` [PATCH v6 11/13] convert: make apply_filter() adhere to standard Git error handling larsxschneider
2016-08-25 11:07 ` [PATCH v6 12/13] convert: add filter.<driver>.process option larsxschneider
2016-08-29 22:21 ` Junio C Hamano
2016-08-30 16:27 ` Lars Schneider
2016-08-30 18:59 ` Junio C Hamano
2016-08-30 20:38 ` Lars Schneider
2016-08-30 22:23 ` Junio C Hamano
2016-08-31 4:57 ` Torsten Bögershausen
2016-08-31 13:14 ` Jakub Narębski
2016-08-30 20:46 ` Jakub Narębski
2016-09-05 19:47 ` Lars Schneider
2016-08-25 11:07 ` [PATCH v6 13/13] read-cache: make sure file handles are not inherited by child processes larsxschneider
2016-08-29 18:05 ` Junio C Hamano [this message]
2016-08-29 19:03 ` Lars Schneider
2016-08-29 19:45 ` Junio C Hamano
2016-08-30 12:32 ` Lars Schneider
2016-08-30 14:54 ` Torsten Bögershausen
2016-09-01 17:15 ` Junio C Hamano
2016-08-29 15:39 ` [PATCH v6 00/13] Git filter protocol Lars Schneider
2016-08-29 18:09 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqy43fbgcj.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=jnareb@gmail.com \
--cc=larsxschneider@gmail.com \
--cc=mlbright@gmail.com \
--cc=peff@peff.net \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).