From: Taylor Blau <me@ttaylorr.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Jeff King <peff@peff.net>, Kyle Lippincott <spectral@google.com>,
Git Mailing List <git@vger.kernel.org>
Subject: Re: MSan failures in pack-bitmap
Date: Sun, 9 Jun 2024 16:00:57 -0400 [thread overview]
Message-ID: <ZmYJ+d3+j1E08Ms/@nand.local> (raw)
In-Reply-To: <xmqqmsnuaqus.fsf@gitster.g>
On Sun, Jun 09, 2024 at 11:55:07AM -0700, Junio C Hamano wrote:
> Taylor Blau <me@ttaylorr.com> writes:
>
> > Unfortunately, the regression happened in 795006fff4, so this is in a
> > released version of Git. But this is all behind a configuration option,
> > so affected users can reasonably work around this issue.
>
> Can you elaborate a bit about "reasonably work around"?
>
> I am imagining that you are saying that the user can say "do not use
> bitmap, because it may be corrupted due to an earlier regression" in
> some configuration, so that a corrupt bitmap data is not used to
> further spread the damage, but how does a user find out that on-disc
> midx is broken and a workaround needs to be employed in the first
> place?
I don't think the issue here is a corrupt on-disk bitmap or MIDX. The
regression that Kyle reported was a logic issue reading a
ordinary/non-corrupt MIDX file, not a result of some on-disk corruption.
I think it is possible to generate a corrupt pack as a result of this
bug which would incorrectly "reuse" parts of an existing MIDX's
preferred pack, but the result would be far worse than a corrupt MIDX
(which, again, I don't think is what's happening here).
But I do not think that repository corruption is a likely outcome here,
since we only do pack reuse when packing to stdout (i.e. by passing the
`--stdout` option to `pack-objects`). So repacks (which would otherwise
be the thing I'm most worried about) are safe: repacks trigger
pack-objects to write a tempfile directly, and so `pack_to_stdout` is
zero'd, and we do not allow verbatim pack reuse to take place.
So a doomsday scenario whereby we'd write a corrupt pack based on this
bug and then delete a non-corrupt pack is not directly possible via
'repack' alone. The lesser-used 'git multi-pack-index repack' is also
not affected, since it similarly does not use `pack-objects --stdout`.
A more likely outcome would be if a Git client who was using MIDX
bitmaps, but only doing single-pack reuse tried to generate a pack to
push to some remote (or vice-versa, replacing client and server/remote)
which ended up being corrupt in some fashion. I haven't had enough of a
chance to determine if this possible, though I suspect it is.
Thanks,
Taylor
next prev parent reply other threads:[~2024-06-09 20:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-08 2:43 MSan failures in pack-bitmap Kyle Lippincott
2024-06-08 8:18 ` Jeff King
2024-06-09 15:31 ` Taylor Blau
2024-06-09 18:55 ` Junio C Hamano
2024-06-09 20:00 ` Taylor Blau [this message]
2024-06-09 20:23 ` Junio C Hamano
2024-06-09 20:30 ` Taylor Blau
2024-06-09 20:24 ` Taylor Blau
2024-06-11 8:02 ` Jeff King
2024-06-11 9:12 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZmYJ+d3+j1E08Ms/@nand.local \
--to=me@ttaylorr.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=spectral@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.