* [PATCH] midx.c: clear auxiliary MIDX files first @ 2022-10-25 18:25 Taylor Blau 2022-10-26 5:41 ` Jeff King 0 siblings, 1 reply; 5+ messages in thread From: Taylor Blau @ 2022-10-25 18:25 UTC (permalink / raw) To: git, git; +Cc: Junio C Hamano, Derrick Stolee, Victoria Dye Since they were added in c528e17966 (pack-bitmap: write multi-pack bitmaps, 2021-08-31), the routine to remove MIDXs removed the multi-pack-index file itself before removing its associated .bitmap and .rev file(s), if any. This creates a window where a MIDX's .bitmap file exists without its corresponding MIDX. If a reader tries to load a MIDX bitmap during that time, they will get a warning, and the MIDX bitmap code will gracefully degrade. Remove this window entirely by removing the MIDX last, and removing its auxiliary files first. The order here is important, too. We remove the MIDX's .bitmap file ahead of its .rev, since callers try and read the .bitmap first. The .rev file is no longer generated by modern versions of Git, but cleaning up old ones generated by previous versions of Git is still important to do. Signed-off-by: Taylor Blau <me@ttaylorr.com> --- midx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/midx.c b/midx.c index 3a8dcfe98e..994129aecd 100644 --- a/midx.c +++ b/midx.c @@ -1619,12 +1619,12 @@ void clear_midx_file(struct repository *r) r->objects->multi_pack_index = NULL; } - if (remove_path(midx.buf)) - die(_("failed to clear multi-pack-index at %s"), midx.buf); - clear_midx_files_ext(r->objects->odb->path, ".bitmap", NULL); clear_midx_files_ext(r->objects->odb->path, ".rev", NULL); + if (remove_path(midx.buf)) + die(_("failed to clear multi-pack-index at %s"), midx.buf); + strbuf_release(&midx); } -- 2.38.0.16.g393fd4c6db ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] midx.c: clear auxiliary MIDX files first 2022-10-25 18:25 [PATCH] midx.c: clear auxiliary MIDX files first Taylor Blau @ 2022-10-26 5:41 ` Jeff King 2022-10-26 13:31 ` Derrick Stolee 0 siblings, 1 reply; 5+ messages in thread From: Jeff King @ 2022-10-26 5:41 UTC (permalink / raw) To: Taylor Blau; +Cc: git, Junio C Hamano, Derrick Stolee, Victoria Dye On Tue, Oct 25, 2022 at 02:25:20PM -0400, Taylor Blau wrote: > Since they were added in c528e17966 (pack-bitmap: write multi-pack > bitmaps, 2021-08-31), the routine to remove MIDXs removed the > multi-pack-index file itself before removing its associated .bitmap and > .rev file(s), if any. > > This creates a window where a MIDX's .bitmap file exists without its > corresponding MIDX. If a reader tries to load a MIDX bitmap during that > time, they will get a warning, and the MIDX bitmap code will gracefully > degrade. > > Remove this window entirely by removing the MIDX last, and removing its > auxiliary files first. We remove that window, but don't we create a new one where a reader may see the midx but not the bitmap? That won't generate a warning (it just looks like a midx that never had a bitmap generated), but it will cause the reader to follow the slow, non-bitmap path. Ideally this would just be atomic, but short of stuffing the metadata into the same file, we can't do that. But the replacement of the midx file itself is atomic, and I'd think everything would (or should at least) follow from there. I.e., why are we reading the midx bitmap without having opened the midx file? Ideally we'd be holding a descriptor for it. -Peff ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] midx.c: clear auxiliary MIDX files first 2022-10-26 5:41 ` Jeff King @ 2022-10-26 13:31 ` Derrick Stolee 2022-10-26 19:59 ` Taylor Blau 2022-10-27 20:28 ` Jeff King 0 siblings, 2 replies; 5+ messages in thread From: Derrick Stolee @ 2022-10-26 13:31 UTC (permalink / raw) To: Jeff King, Taylor Blau; +Cc: git, Junio C Hamano, Victoria Dye On 10/26/22 1:41 AM, Jeff King wrote: > On Tue, Oct 25, 2022 at 02:25:20PM -0400, Taylor Blau wrote: > >> Since they were added in c528e17966 (pack-bitmap: write multi-pack >> bitmaps, 2021-08-31), the routine to remove MIDXs removed the >> multi-pack-index file itself before removing its associated .bitmap and >> .rev file(s), if any. >> >> This creates a window where a MIDX's .bitmap file exists without its >> corresponding MIDX. If a reader tries to load a MIDX bitmap during that >> time, they will get a warning, and the MIDX bitmap code will gracefully >> degrade. >> >> Remove this window entirely by removing the MIDX last, and removing its >> auxiliary files first. > > We remove that window, but don't we create a new one where a reader may > see the midx but not the bitmap? That won't generate a warning (it just > looks like a midx that never had a bitmap generated), but it will cause > the reader to follow the slow, non-bitmap path. Yes, this is the worrisome direction. The midx is read first, then that points to the .bitmap file (based on its trailing hash). If the midx isn't there, then the .bitmap will not be read. > Ideally this would just be atomic, but short of stuffing the metadata > into the same file, we can't do that. But the replacement of the midx > file itself is atomic, and I'd think everything would (or should at > least) follow from there. The interesting case here is that this is in clear_midx_file(), which is called when repacking to a single pack and no longer needing a midx file. So it's not using the atomic rewrite from the midx writing code, but instead the "atomic" deletion. In this case, a reader will check for the midx first, before looking for individual packs. Further, the new pack is written, but the old packs have not been deleted (or the midx would be invalid). So the new code introduces the window where a midx exists without a bitmap, so some readers will act as if no bitmap exists on-disk. This was always possible before, too: the midx could be read by a reader process before the repack process deletes that file. However, if the reader does not also gain a handle on the corresponding .bitmap before the repack process deletes that file, too, then the reader is also left thinking that no .bitmap exists. I think the old code is more correct, here. The window is slightly smaller, and the new code creates a window where the filesystem doesn't need to change for readers to get an imperfect view of things. Aside: in these cases where a .bitmap file is not found for a midx, do we fall back to trying to find a .bitmap file for a pack-file? That would assuage most of the concerns here about what happens in this window where the repack has a new .pack/.bitmap pair but the old midx still exists (without a .bitmap, depending on timing). Thanks, -Stolee ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] midx.c: clear auxiliary MIDX files first 2022-10-26 13:31 ` Derrick Stolee @ 2022-10-26 19:59 ` Taylor Blau 2022-10-27 20:28 ` Jeff King 1 sibling, 0 replies; 5+ messages in thread From: Taylor Blau @ 2022-10-26 19:59 UTC (permalink / raw) To: Derrick Stolee; +Cc: Jeff King, git, Junio C Hamano, Victoria Dye On Wed, Oct 26, 2022 at 09:31:28AM -0400, Derrick Stolee wrote: > On 10/26/22 1:41 AM, Jeff King wrote: > > On Tue, Oct 25, 2022 at 02:25:20PM -0400, Taylor Blau wrote: > > > >> Since they were added in c528e17966 (pack-bitmap: write multi-pack > >> bitmaps, 2021-08-31), the routine to remove MIDXs removed the > >> multi-pack-index file itself before removing its associated .bitmap and > >> .rev file(s), if any. > >> > >> This creates a window where a MIDX's .bitmap file exists without its > >> corresponding MIDX. If a reader tries to load a MIDX bitmap during that > >> time, they will get a warning, and the MIDX bitmap code will gracefully > >> degrade. > >> > >> Remove this window entirely by removing the MIDX last, and removing its > >> auxiliary files first. > > > > We remove that window, but don't we create a new one where a reader may > > see the midx but not the bitmap? That won't generate a warning (it just > > looks like a midx that never had a bitmap generated), but it will cause > > the reader to follow the slow, non-bitmap path. > > Yes, this is the worrisome direction. The midx is read first, then that > points to the .bitmap file (based on its trailing hash). If the midx isn't > there, then the .bitmap will not be read. Yes, thinking on it more I agree with this and (the elided) analysis below. Let's drop this one. Thanks, both! Thanks, Taylor ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] midx.c: clear auxiliary MIDX files first 2022-10-26 13:31 ` Derrick Stolee 2022-10-26 19:59 ` Taylor Blau @ 2022-10-27 20:28 ` Jeff King 1 sibling, 0 replies; 5+ messages in thread From: Jeff King @ 2022-10-27 20:28 UTC (permalink / raw) To: Derrick Stolee; +Cc: Taylor Blau, git, Junio C Hamano, Victoria Dye On Wed, Oct 26, 2022 at 09:31:28AM -0400, Derrick Stolee wrote: > This was always possible before, too: the midx could be read by a > reader process before the repack process deletes that file. However, > if the reader does not also gain a handle on the corresponding > .bitmap before the repack process deletes that file, too, then the > reader is also left thinking that no .bitmap exists. Good point. Neither the writer _nor_ the reader is atomic. :) > I think the old code is more correct, here. The window is slightly > smaller, and the new code creates a window where the filesystem > doesn't need to change for readers to get an imperfect view of > things. Yeah, I agree that the old code is nicer in that the window is a little smaller. Do we want to do something about the warning, though? Falling back to a slow path sucks, of course, but racily generating user-visible warnings for something that is not actually a problem is also not great. > Aside: in these cases where a .bitmap file is not found for a midx, > do we fall back to trying to find a .bitmap file for a pack-file? > That would assuage most of the concerns here about what happens in > this window where the repack has a new .pack/.bitmap pair but the > old midx still exists (without a .bitmap, depending on timing). Yes, we should. Code paths generally go through open_bitmap(), which tries the midx first, then looks for pack bitmaps. And in that sense, the race after this patch is fairly harmless. We fail to see the midx bitmap, but we'll see the pack one (which must have been created before we deleted the midx one, assuming this is a "git repack -adb" or equivalent). Is that also true of the race before this patch? I'm not sure which warning is being generated, but if it's in open_midx_bitmap_1(), then the same logic would apply. -Peff ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-10-27 20:28 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-10-25 18:25 [PATCH] midx.c: clear auxiliary MIDX files first Taylor Blau 2022-10-26 5:41 ` Jeff King 2022-10-26 13:31 ` Derrick Stolee 2022-10-26 19:59 ` Taylor Blau 2022-10-27 20:28 ` Jeff King
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).