Hi Peff,

On Tue, 9 Aug 2022, Jeff King wrote:

> On Mon, Aug 08, 2022 at 02:59:49PM +0200, Johannes Schindelin wrote:
>
> > On Tue, 2 Aug 2022, Jeff King wrote:
> >
> > > diff --git a/run-command.c b/run-command.c
> > > index 14f17830f5..ed99503b22 100644
> > > --- a/run-command.c
> > > +++ b/run-command.c
> > > @@ -1438,6 +1439,15 @@ int pipe_command(struct child_process *cmd,
> > >  		return -1;
> > >
> > >  	if (in) {
> > > +		if (enable_nonblock(cmd->in) < 0) {
> > > +			error_errno("unable to make pipe non-blocking");
> >
> > It might be a bit heavy-handed to error out in this case, as it usually
> > does not cause problems. At least that's what the fact suggests to me that
> > I personally never encountered the dead-lock myself, and neither do I
> > recall anybody piping more than two megabytes through `git checkout -p`.

Ugh, I think that my reasoning was flawed, as I somehow based it on the
assumption that `enable_nonblock()` would return -1 on platforms without
O_NONBLOCK. Even if I had read that you fall back to returning 0 on those
platforms.

And only when reading your reply did it occur to me that this was a thinko
on my part.

So I would like to retract my assessment that it is heavy-handed to error
out in this case. It would have been if we had errored out on platforms
without O_NONBLOCK support, but we don't.

Sorry for the noise,
Dscho

>
> That thought crossed my mind, as well, but I'm hesitant to leave a known
> bug in place that can cause a deadlock. It would be one thing if we
> could muddle through without nonblock in a slower way, but I don't think
> we can easily detect this situation after the fact.
>
> So maybe some options are:
>
>   - don't bother with O_NONBLOCK unless the size of the input is over N
>     bytes. The trouble there is that it's not clear what N should be.
>     It's fcntl(F_GETPIPE_SZ) on Linux, but that's not portable. We could
>     possibly come up with a conservative value if we had a ballpark for
>     pipe size on Windows. It feels a bit hacky, though.
>
>   - we could actually guess at a deadlock by putting a timeout on the
>     poll(). That would also catch hanging or slow filter processes. I
>     really hate putting clock-based limits on things, though, as it
>     means the tool behaves differently under load. And keep in mind this
>     is deep in the pipe_command() code. It happens to only trigger for
>     diff filters now, but it may be used in other spots (in fact it
>     already is, and it's only the size of current gpg payloads/responses
>     that means it doesn't happen to trigger).
>
> Stepping back, though, I think we should consider why we'd see an error
> here. I wouldn't expect it to ever fail on a system where O_NONBLOCK was
> supported. If we want to make it a silent noop on some platforms, then
> we can stick that into the enable_nonblock() function (which is what I
> did, but as René showed, that is probably not a good enough solution).
>
> -Peff
>