From: Jeff King <peff@peff.net>
To: Duy Nguyen <pclouds@gmail.com>
Cc: "Martin Ågren" <martin.agren@gmail.com>,
"Git Mailing List" <git@vger.kernel.org>
Subject: Re: [PATCH 4/5] lock_file: make function-local locks non-static
Date: Tue, 8 May 2018 14:18:40 -0400 [thread overview]
Message-ID: <20180508181839.GC7210@sigill.intra.peff.net> (raw)
In-Reply-To: <CACsJy8DDyrUinwXx1b66DCHB+2DLt1KBmFt_83R1+HWjbzGH2A@mail.gmail.com>
On Mon, May 07, 2018 at 05:24:05PM +0200, Duy Nguyen wrote:
> >>>> - static struct lock_file lock;
> >>>> + struct lock_file lock = LOCK_INIT;
> >>>
> >>> Is it really safe to do this? I vaguely remember something about
> >>> (global) linked list and signal handling which could trigger any time
> >>> and probably at atexit() time too (i.e. die()). You don't want to
> >>> depend on stack-based variables in that case.
> >>
> >> So I dug in a bit more about this. The original implementation does
> >> not allow stack-based lock files at all in 415e96c8b7 ([PATCH]
> >> Implement git-checkout-cache -u to update stat information in the
> >> cache. - 2005-05-15). The situation has changed since 422a21c6a0
> >> (tempfile: remove deactivated list entries - 2017-09-05). At the end
> >> of that second commit, Jeff mentioned "We can clean them up
> >> individually" which I guess is what these patches do. Though I do not
> >> know if we need to make sure to call "release" function or something/
> >> Either way you need more explanation and assurance than just "we can
> >> drop their staticness" in the commit mesage.
> >
> > Thank you Duy for your comments. How about I write the commit message
> > like so:
>
> +Jeff. Since he made it possible to remove lock file from the global
> linked list, he probably knows well what to check when switching from
> a static lock file to a stack-local one.
It should be totally safe. If you look at "struct lock_file", it is now
simply a pointer to a tempfile allocated on the heap (in fact, I thought
about getting rid of lock_file entirely, but the diff is noisy and it
actually has some value as an abstraction over a pure tempfile).
If you fail to call a release function, it will just hang around until
program exit, which is more or less what the static version would do.
The big difference is that if we re-enter the function while still
holding the lock, then the static version would BUG() on trying to use
the already-active lockfile. Whereas after this series, we'd try to
create a new lockfile and say "woah, somebody else is holding the lock".
> > After 076aa2cbd (tempfile: auto-allocate tempfiles on heap, 2017-09-05),
> > we can have lockfiles on the stack. These `struct lock_file`s are local
> > to their respective functions and we can drop their staticness.
> >
> > Each of these users either commits or rolls back the lock in every
> > codepath, with these possible exceptions:
> >
> > * We bail using a call to `die()` or `exit()`. The lock will be
> > cleaned up automatically.
> >
> > * We return early from a function `cmd_foo()` in builtin/, i.e., we
> > are just about to exit. The lock will be cleaned up automatically.
>
> There are also signals which can be caught and run on its own stack (I
> think) so whatever variable on the current stack should be safe, I
> guess.
Yes, the stack variables should all be intact during an exit or a
signal.
> > If I have missed some codepath where we do not exit, yet leave a locked
> > lock around, that was so also before this patch. If we would later
> > re-enter the same function, then before this patch, we would be retaking
> > a lock for the very same `struct lock_file`, which feels awkward, but to
> > the best of my reading has well-defined behavior. Whereas after this
> > patch, we would attempt to take the lock with a completely fresh `struct
> > lock_file`. In both cases, the result would simply be that the lock can
> > not be taken, which is a situation we already handle.
>
> There is a difference here, if the lock is not released properly,
> previously the lockfile is still untouched. If it's on stack, it may
> be overwritten which can corrupt the linked list to get to the next
> lock file. (and this is about calling the function in question just
> _once_ not the second time).
The only bits on the stack are just a pointer to the list item. So the
linked list is fine if it goes out of scope while the tempfile is still
active. That was the point of 076aa2cbd.
-Peff
next prev parent reply other threads:[~2018-05-08 18:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-06 14:10 [PATCH 4/5] lock_file: make function-local locks non-static Martin Ågren
2018-05-06 17:26 ` Duy Nguyen
2018-05-06 17:42 ` Duy Nguyen
2018-05-06 19:32 ` Martin Ågren
2018-05-07 15:24 ` Duy Nguyen
2018-05-07 21:19 ` Martin Ågren
2018-05-08 18:18 ` Jeff King [this message]
2018-05-09 16:19 ` Duy Nguyen
2018-05-09 17:07 ` Martin Ågren
2018-05-10 4:26 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180508181839.GC7210@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=martin.agren@gmail.com \
--cc=pclouds@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).