From: Junio C Hamano <gitster@pobox.com>
To: Patrick Steinhardt <ps@pks.im>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 2/2] reftable/stack: fix race in up-to-date check
Date: Thu, 18 Jan 2024 12:07:06 -0800 [thread overview]
Message-ID: <xmqqcytyquc5.fsf@gitster.g> (raw)
In-Reply-To: <713e51a25c1c4cfa830db97f71cd7c39e85864d4.1705585037.git.ps@pks.im> (Patrick Steinhardt's message of "Thu, 18 Jan 2024 14:41:56 +0100")
Patrick Steinhardt <ps@pks.im> writes:
> This should address the race in a POSIX-compliant way. The only real
> downside is that this mechanism cannot be used on non-POSIX-compliant
> systems like Windows. But we at least have the second-level caching
> mechanism in place that compares contents of "files.list" with the
> currently loaded list of tables.
OK.
> + /*
> + * Cache stat information in case it provides a useful signal to us.
> + * According to POSIX, "The st_ino and st_dev fields taken together
> + * uniquely identify the file within the system." That being said,
> + * Windows is not POSIX compliant and we do not have these fields
> + * available. So the information we have there is insufficient to
> + * determine whether two file descriptors point to the same file.
> + *
> + * While we could fall back to using other signals like the file's
> + * mtime, those are not sufficient to avoid races. We thus refrain from
> + * using the stat cache on such systems and fall back to the secondary
> + * caching mechanism, which is to check whether contents of the file
> + * have changed.
OK.
> + *
> + * On other systems which are POSIX compliant we must keep the file
> + * descriptor open. This is to avoid a race condition where two
> + * processes access the reftable stack at the same point in time:
> + *
> + * 1. A reads the reftable stack and caches its stat info.
> + *
> + * 2. B updates the stack, appending a new table to "tables.list".
> + * This will both use a new inode and result in a different file
> + * size, thus invalidating A's cache in theory.
> + *
> + * 3. B decides to auto-compact the stack and merges two tables. The
> + * file size now matches what A has cached again. Furthermore, the
> + * filesystem may decide to recycle the inode number of the file
> + * we have replaced in (2) because it is not in use anymore.
> + *
> + * 4. A reloads the reftable stack. Neither the inode number nor the
> + * file size changed. If the timestamps did not change either then
> + * we think the cached copy of our stack is up-to-date.
> + *
> + * By keeping the file descriptor open the inode number cannot be
> + * recycled, mitigating the race.
> + */
This is nasty. Well diagnosed and fixed.
Will queue.
Thanks.
next prev parent reply other threads:[~2024-01-18 20:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-18 13:41 [PATCH 0/2] reftable/stack: fix race in up-to-date check Patrick Steinhardt
2024-01-18 13:41 ` [PATCH 1/2] reftable/stack: unconditionally reload stack after commit Patrick Steinhardt
2024-01-18 13:41 ` [PATCH 2/2] reftable/stack: fix race in up-to-date check Patrick Steinhardt
2024-01-18 20:07 ` Junio C Hamano [this message]
2024-01-20 1:05 ` Jeff King
2024-01-22 10:32 ` Patrick Steinhardt
2024-01-23 0:32 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqcytyquc5.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.