From: Jeff King <peff@peff.net>
To: Wincent Colaiuta <win@wincent.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] status: read submodule process output before calling wait()
Date: Sun, 22 Mar 2015 04:07:08 -0400 [thread overview]
Message-ID: <20150322080708.GA3456@peff.net> (raw)
In-Reply-To: <20150322074455.GA1303@peff.net>
On Sun, Mar 22, 2015 at 03:44:55AM -0400, Jeff King wrote:
> The status code tries to read the output of "git submodule
> summary" over a pipe by waiting for the program to finish
> and then reading its output, like this:
>
> run_command(&sm_summary);
> len = strbuf_read(&cmd_stdout, sm_summary.out, 1024);
By the way, I spotted this code as bogus immediately upon seeing it
(though certainly it helped to know there was a deadlock in the area,
which had me thinking about such things). So I wondered if it could have
been easy to catch in review, but its introduction was a little bit
subtle.
The original run_command invocation came in ac8d5af (builtin-status:
submodule summary support, 2008-04-12), which just let the sub-process
dump its stdout to the same descriptor that the rest of the status
output was going to. So the use of run_command there was fine. It was
later, in 3ba7407 (submodule summary: ignore --for-status option,
2013-09-06), that we started post-processing the output and it became
buggy. But that's harder to see in review.
> Besides being a violation of the run-command API (which
> makes no promises about the state of the struct after
> run_command returns),
This may be overly harsh of me. Certainly we make no guarantees (and
things like the dynamic "args" and "env_array" are cleaned up
automatically after finish_command returns), but I would not be
surprised if there are other spots that treat "struct child_process" as
transparent rather than as a black box.
It's really the run_command + pipe construct that is really the danger
here. I wonder if we should do something like this:
diff --git a/run-command.c b/run-command.c
index 3afb124..78807de 100644
--- a/run-command.c
+++ b/run-command.c
@@ -557,7 +557,12 @@ int finish_command(struct child_process *cmd)
int run_command(struct child_process *cmd)
{
- int code = start_command(cmd);
+ int code;
+
+ if (cmd->out < 0)
+ die("BUG: run_command with a pipe can cause deadlock");
+
+ code = start_command(cmd);
if (code)
return code;
return finish_command(cmd);
It seems to catch at least one other dubious construct.
-Peff
next prev parent reply other threads:[~2015-03-22 8:07 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-22 5:56 status hangs trying to get submodule summary Wincent Colaiuta
2015-03-22 7:44 ` [PATCH] status: read submodule process output before calling wait() Jeff King
2015-03-22 8:07 ` Jeff King [this message]
2015-03-22 9:59 ` [PATCH 0/7] introduce strbuf_read_cmd to avoid deadlocks Jeff King
2015-03-22 10:00 ` [PATCH 1/7] wt-status: don't flush before running "submodule status" Jeff King
2015-03-22 10:00 ` [PATCH 2/7] wt_status: fix signedness mismatch in strbuf_read call Jeff King
2015-03-22 10:07 ` [PATCH 3/7] strbuf: introduce strbuf_read_cmd helper Jeff King
2015-03-22 19:36 ` Eric Sunshine
2015-03-22 22:54 ` Junio C Hamano
2015-03-22 23:40 ` Junio C Hamano
2015-03-23 3:53 ` [PATCH v2 0/7] introduce capture_command to avoid deadlocks Jeff King
2015-03-23 3:53 ` [PATCH v2 1/7] wt-status: don't flush before running "submodule status" Jeff King
2015-03-23 3:53 ` [PATCH v2 2/7] wt_status: fix signedness mismatch in strbuf_read call Jeff King
2015-03-23 3:53 ` [PATCH v2 3/7] run-command: introduce capture_command helper Jeff King
2015-03-23 3:53 ` [PATCH v2 4/7] wt-status: use capture_command Jeff King
2015-03-23 3:53 ` [PATCH v2 5/7] submodule: " Jeff King
2015-03-23 3:54 ` [PATCH v2 6/7] trailer: " Jeff King
2015-03-23 3:54 ` [PATCH v2 7/7] run-command: forbid using run_command with piped output Jeff King
2015-03-23 4:40 ` [PATCH v2 0/7] introduce capture_command to avoid deadlocks Junio C Hamano
2015-03-22 23:34 ` [PATCH 3/7] strbuf: introduce strbuf_read_cmd helper Jeff King
2015-03-22 23:22 ` Junio C Hamano
2015-03-22 23:36 ` Jeff King
2015-03-22 10:08 ` [PATCH 4/7] wt-status: use strbuf_read_cmd Jeff King
2015-03-22 10:08 ` [PATCH 5/7] submodule: " Jeff King
2015-03-22 10:09 ` [PATCH 6/7] trailer: " Jeff King
2015-03-22 10:10 ` [PATCH 7/7] run-command: forbid using run_command with piped output Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150322080708.GA3456@peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=win@wincent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).