Re: [PATCH] wrapper: Fix a errno discrepancy on NetBSD.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: shejialuo <shejialuo@gmail.com>
To: Jeff King <peff@peff.net>
Cc: Junio C Hamano <gitster@pobox.com>,
	"brian m. carlson" <sandals@crustytoothpaste.net>,
	Collin Funk <collin.funk1@gmail.com>,
	git@vger.kernel.org
Subject: Re: [PATCH] wrapper: Fix a errno discrepancy on NetBSD.
Date: Tue, 6 May 2025 21:43:14 +0800	[thread overview]
Message-ID: <aBoR8hrcpK6CzbA3@ArchLinux> (raw)
In-Reply-To: <20250505180311.GA29783@coredump.intra.peff.net>

On Mon, May 05, 2025 at 02:03:11PM -0400, Jeff King wrote:
> On Mon, May 05, 2025 at 08:43:18AM -0700, Junio C Hamano wrote:
> 
> > But for other kind of requirements, we want to fulfill them on all
> > platforms that we claim to support.  Using open_nofollow() to
> > achieve hard atomicity requirement would be a bug in such a
> > situation.  Should we somehow warn our developers against its use?
> 
> The comment above the declaration says:
> 
>   /*
>    * Open with O_NOFOLLOW, or equivalent. Note that the fallback equivalent
>    * may be racy. Do not use this as protection against an attacker who can
>    * simultaneously create paths.
>    */
>   int open_nofollow(const char *path, int flags);
> 
> though that may not be enough. 00611d8440 (add open_nofollow() helper,
> 2021-02-16) discusses a way that it could be made less racy, at a
> slightly increased cost.
> 
> IMHO that is somewhat orthogonal to the issue here, though, which is
> purely about the case where O_NOFOLLOW does exist (ironically, our
> racy fallback code consistently returns ELOOP ;) ).
> 
> The issue at hand is that particular errno responses are not always
> portable. The patch discussed here improves that. My point was more that
> I'm not sure to what degree we should care about errno consistency in
> our wrappers (which is inherently a bit whack-a-mole as we find new
> cases), versus trying not to care too hard about specific errno values
> in calling code.
> 
> I can see arguments either way (and as I said, an argument for making
> errno values consistent even if we try to rely on them less). Mostly I
> was just a little surprised to see open_nofollow() being used in this
> way (especially since we have to end up stat()-ing anyway to check for
> other cases).
> 

IIRC, we wanted to try our best to make our code consistent. In the very
early implementation, I actually firstly checked the file type and then
opened the file.

However, there is a chance that the raw "packed-refs" file could be
converted to symlink between checking the filetype and opening the file
to get the fd. Although, in fsck, we may just ignore this. But during
the review, I found out that using "open_nofollow" could avoid race in
some platforms. Sadly, I haven't realized that this would break
compatibility ;)

Because using "open_nofollow" could only check whether the filetype is
the symlink, we also need to use "stat" again to check whether the
filetype is OK. I agree that it is a little redundant.

Since the patch from Collin would solve the problem. I won't change the
logic. I'll focus on using `mmap` to open the "packed-refs" file.

> -Peff

Thanks,
Jialuo

next prev parent reply	other threads:[~2025-05-06 13:42 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-05-02 23:33 [PATCH] wrapper: Fix a errno discrepancy on NetBSD Collin Funk
2025-05-03  0:57 ` brian m. carlson
2025-05-03  1:05   ` Junio C Hamano
2025-05-03  4:21     ` Collin Funk
2025-05-03 17:32       ` Junio C Hamano
2025-05-03  3:48   ` Collin Funk
2025-05-03 13:31   ` Jeff King
2025-05-03 14:58     ` shejialuo
2025-05-03 15:49       ` Jeff King
2025-05-05  6:39         ` Patrick Steinhardt
2025-05-05 12:17           ` shejialuo
2025-05-03 18:56     ` Collin Funk
2025-05-05 15:43     ` Junio C Hamano
2025-05-05 18:03       ` Jeff King
2025-05-06 13:43         ` shejialuo [this message]
2025-05-06 22:58         ` Junio C Hamano
2025-05-03  4:16 ` [PATCH v2] wrapper: NetBSD gives EFTYPE and FreeBSD gives EMFILE where POSIX uses ELOOP Collin Funk
2025-05-03 15:45   ` brian m. carlson
2025-05-03 18:44     ` Collin Funk
2025-05-05  6:43   ` Patrick Steinhardt
2025-05-05 20:41     ` Junio C Hamano
2025-05-06  1:16       ` Collin Funk
2025-05-06 13:23         ` Patrick Steinhardt
2025-05-06  1:08   ` [PATCH v3] " Collin Funk
2025-05-06 13:24     ` Patrick Steinhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aBoR8hrcpK6CzbA3@ArchLinux \
    --to=shejialuo@gmail.com \
    --cc=collin.funk1@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=peff@peff.net \
    --cc=sandals@crustytoothpaste.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.