From: Junio C Hamano <gitster@pobox.com>
To: Patrick Steinhardt <ps@pks.im>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 2/2] reftable/stack: fix race in up-to-date check
Date: Thu, 18 Jan 2024 12:07:06 -0800 [thread overview]
Message-ID: <xmqqcytyquc5.fsf@gitster.g> (raw)
In-Reply-To: <713e51a25c1c4cfa830db97f71cd7c39e85864d4.1705585037.git.ps@pks.im> (Patrick Steinhardt's message of "Thu, 18 Jan 2024 14:41:56 +0100")
Patrick Steinhardt <ps@pks.im> writes:
> This should address the race in a POSIX-compliant way. The only real
> downside is that this mechanism cannot be used on non-POSIX-compliant
> systems like Windows. But we at least have the second-level caching
> mechanism in place that compares contents of "files.list" with the
> currently loaded list of tables.
OK.
> + /*
> + * Cache stat information in case it provides a useful signal to us.
> + * According to POSIX, "The st_ino and st_dev fields taken together
> + * uniquely identify the file within the system." That being said,
> + * Windows is not POSIX compliant and we do not have these fields
> + * available. So the information we have there is insufficient to
> + * determine whether two file descriptors point to the same file.
> + *
> + * While we could fall back to using other signals like the file's
> + * mtime, those are not sufficient to avoid races. We thus refrain from
> + * using the stat cache on such systems and fall back to the secondary
> + * caching mechanism, which is to check whether contents of the file
> + * have changed.
OK.
> + *
> + * On other systems which are POSIX compliant we must keep the file
> + * descriptor open. This is to avoid a race condition where two
> + * processes access the reftable stack at the same point in time:
> + *
> + * 1. A reads the reftable stack and caches its stat info.
> + *
> + * 2. B updates the stack, appending a new table to "tables.list".
> + * This will both use a new inode and result in a different file
> + * size, thus invalidating A's cache in theory.
> + *
> + * 3. B decides to auto-compact the stack and merges two tables. The
> + * file size now matches what A has cached again. Furthermore, the
> + * filesystem may decide to recycle the inode number of the file
> + * we have replaced in (2) because it is not in use anymore.
> + *
> + * 4. A reloads the reftable stack. Neither the inode number nor the
> + * file size changed. If the timestamps did not change either then
> + * we think the cached copy of our stack is up-to-date.
> + *
> + * By keeping the file descriptor open the inode number cannot be
> + * recycled, mitigating the race.
> + */
This is nasty. Well diagnosed and fixed.
Will queue.
Thanks.
next prev parent reply other threads:[~2024-01-18 20:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-18 13:41 [PATCH 0/2] reftable/stack: fix race in up-to-date check Patrick Steinhardt
2024-01-18 13:41 ` [PATCH 1/2] reftable/stack: unconditionally reload stack after commit Patrick Steinhardt
2024-01-18 13:41 ` [PATCH 2/2] reftable/stack: fix race in up-to-date check Patrick Steinhardt
2024-01-18 20:07 ` Junio C Hamano [this message]
2024-01-20 1:05 ` Jeff King
2024-01-22 10:32 ` Patrick Steinhardt
2024-01-23 0:32 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqcytyquc5.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).