From: Jeff King <peff@peff.net>
To: Duy Nguyen <pclouds@gmail.com>
Cc: "Martin Ågren" <martin.agren@gmail.com>,
"Git Mailing List" <git@vger.kernel.org>
Subject: Re: [PATCH 4/5] lock_file: make function-local locks non-static
Date: Tue, 8 May 2018 14:18:40 -0400 [thread overview]
Message-ID: <20180508181839.GC7210@sigill.intra.peff.net> (raw)
In-Reply-To: <CACsJy8DDyrUinwXx1b66DCHB+2DLt1KBmFt_83R1+HWjbzGH2A@mail.gmail.com>
On Mon, May 07, 2018 at 05:24:05PM +0200, Duy Nguyen wrote:
> >>>> - static struct lock_file lock;
> >>>> + struct lock_file lock = LOCK_INIT;
> >>>
> >>> Is it really safe to do this? I vaguely remember something about
> >>> (global) linked list and signal handling which could trigger any time
> >>> and probably at atexit() time too (i.e. die()). You don't want to
> >>> depend on stack-based variables in that case.
> >>
> >> So I dug in a bit more about this. The original implementation does
> >> not allow stack-based lock files at all in 415e96c8b7 ([PATCH]
> >> Implement git-checkout-cache -u to update stat information in the
> >> cache. - 2005-05-15). The situation has changed since 422a21c6a0
> >> (tempfile: remove deactivated list entries - 2017-09-05). At the end
> >> of that second commit, Jeff mentioned "We can clean them up
> >> individually" which I guess is what these patches do. Though I do not
> >> know if we need to make sure to call "release" function or something/
> >> Either way you need more explanation and assurance than just "we can
> >> drop their staticness" in the commit mesage.
> >
> > Thank you Duy for your comments. How about I write the commit message
> > like so:
>
> +Jeff. Since he made it possible to remove lock file from the global
> linked list, he probably knows well what to check when switching from
> a static lock file to a stack-local one.
It should be totally safe. If you look at "struct lock_file", it is now
simply a pointer to a tempfile allocated on the heap (in fact, I thought
about getting rid of lock_file entirely, but the diff is noisy and it
actually has some value as an abstraction over a pure tempfile).
If you fail to call a release function, it will just hang around until
program exit, which is more or less what the static version would do.
The big difference is that if we re-enter the function while still
holding the lock, then the static version would BUG() on trying to use
the already-active lockfile. Whereas after this series, we'd try to
create a new lockfile and say "woah, somebody else is holding the lock".
> > After 076aa2cbd (tempfile: auto-allocate tempfiles on heap, 2017-09-05),
> > we can have lockfiles on the stack. These `struct lock_file`s are local
> > to their respective functions and we can drop their staticness.
> >
> > Each of these users either commits or rolls back the lock in every
> > codepath, with these possible exceptions:
> >
> > * We bail using a call to `die()` or `exit()`. The lock will be
> > cleaned up automatically.
> >
> > * We return early from a function `cmd_foo()` in builtin/, i.e., we
> > are just about to exit. The lock will be cleaned up automatically.
>
> There are also signals which can be caught and run on its own stack (I
> think) so whatever variable on the current stack should be safe, I
> guess.
Yes, the stack variables should all be intact during an exit or a
signal.
> > If I have missed some codepath where we do not exit, yet leave a locked
> > lock around, that was so also before this patch. If we would later
> > re-enter the same function, then before this patch, we would be retaking
> > a lock for the very same `struct lock_file`, which feels awkward, but to
> > the best of my reading has well-defined behavior. Whereas after this
> > patch, we would attempt to take the lock with a completely fresh `struct
> > lock_file`. In both cases, the result would simply be that the lock can
> > not be taken, which is a situation we already handle.
>
> There is a difference here, if the lock is not released properly,
> previously the lockfile is still untouched. If it's on stack, it may
> be overwritten which can corrupt the linked list to get to the next
> lock file. (and this is about calling the function in question just
> _once_ not the second time).
The only bits on the stack are just a pointer to the list item. So the
linked list is fine if it goes out of scope while the tempfile is still
active. That was the point of 076aa2cbd.
-Peff
next prev parent reply other threads:[~2018-05-08 18:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-06 14:10 [PATCH 4/5] lock_file: make function-local locks non-static Martin Ågren
2018-05-06 17:26 ` Duy Nguyen
2018-05-06 17:42 ` Duy Nguyen
2018-05-06 19:32 ` Martin Ågren
2018-05-07 15:24 ` Duy Nguyen
2018-05-07 21:19 ` Martin Ågren
2018-05-08 18:18 ` Jeff King [this message]
2018-05-09 16:19 ` Duy Nguyen
2018-05-09 17:07 ` Martin Ågren
2018-05-10 4:26 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180508181839.GC7210@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=martin.agren@gmail.com \
--cc=pclouds@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.