From: Michael Haggerty <mhagger@alum.mit.edu>
To: Jeff King <peff@peff.net>
Cc: "Brandon Williams" <bmwill@google.com>,
"Lars Schneider" <larsxschneider@gmail.com>,
"Martin Ågren" <martin.agren@gmail.com>,
"Git Users" <git@vger.kernel.org>
Subject: Re: [PATCH] config: use a static lock_file struct
Date: Wed, 30 Aug 2017 06:55:04 +0200 [thread overview]
Message-ID: <CAMy9T_Eq+XJyhXk99RA9AMUVx3L8qw+0=KfAOjYsPsTSVSLchQ@mail.gmail.com> (raw)
In-Reply-To: <20170830043147.culn63luzdsbpuuw@sigill.intra.peff.net>
On Wed, Aug 30, 2017 at 6:31 AM, Jeff King <peff@peff.net> wrote:
> On Wed, Aug 30, 2017 at 05:25:18AM +0200, Michael Haggerty wrote:
>> It was surprisingly hard trying to get that code to do the right thing,
>> non-racily, in every error path. Since `remove_tempfiles()` can be
>> called any time (even from a signal handler), the linked list of
>> `tempfile` objects has to be kept valid at all times but can't use
>> mutexes. I didn't have the energy to keep going and make the lock
>> objects freeable.
>>
>> I suppose the task could be made a bit easier by using `sigprocmask(2)`
>> or `pthread_sigmask(3)` to make its running environment a little bit
>> less hostile.
>
> I think there are really two levels of carefulness here:
>
> 1. Avoiding complicated things during a signal handler that may rely
> on having a sane state from the rest of the program (e.g.,
> half-formed entries, stdio locks, etc).
>
> 2. Being truly race-free in the face of a signal arriving while we're
> running arbitrary code that might have a tempfile struct in a funny
> state.
>
> I feel like right now we meet (1) and not (2). But I think if we keep to
> that lower bar of (1), it might not be that bad. We're assuming now that
> there's no race on the tempfile->active flag, for instance. We could
> probably make a similar assumption about putting items onto or taking
> them off of a linked list (it's not really atomic, but a single pointer
> assignment is probably "atomic enough" for our purposes).
>
> Or I dunno. There's a lot of "volatile" modifiers sprinkled around.
> Maybe those are enough to give us (2) as well (though in that case, I
> think we'd still be as OK with the list manipulation as we are with the
> active flag manipulation).
I did in fact strive for both (1) and (2), though I know that there
are a couple of short races remaining in the code (plus who knows how
many bugs).
Actually, I think you're right that a single "probably-atomic" pointer
assignment would be enough to remove an entry from the list safely. I
was thinking about what it would take to make the list thread-safe
(which it currently is not, but probably doesn't need to be(?)).
Modifying the linked list is not that difficult if you assume that
there is only a single thread modifying the list at any given time.
Michael
next prev parent reply other threads:[~2017-08-30 4:55 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-27 7:37 [PATCH] pkt-line: re-'static'-ify buffer in packet_write_fmt_1() Martin Ågren
2017-08-27 15:41 ` Jeff King
2017-08-27 18:25 ` Jeff King
2017-08-27 18:21 ` Lars Schneider
2017-08-27 19:09 ` Martin Ågren
2017-08-27 19:15 ` Jeff King
2017-08-27 20:04 ` Lars Schneider
2017-08-27 23:23 ` Jeff King
2017-08-28 4:11 ` Martin Ågren
2017-08-28 17:52 ` Stefan Beller
2017-08-28 17:58 ` Jeff King
2017-09-05 10:03 ` Junio C Hamano
2017-08-29 17:51 ` Lars Schneider
2017-08-29 18:53 ` Jeff King
2017-08-29 18:58 ` [PATCH] config: use a static lock_file struct Jeff King
2017-08-29 19:09 ` Brandon Williams
2017-08-29 19:10 ` Brandon Williams
2017-08-29 19:12 ` Jeff King
2017-08-30 3:25 ` Michael Haggerty
2017-08-30 4:31 ` Jeff King
2017-08-30 4:55 ` Michael Haggerty [this message]
2017-08-30 4:55 ` Jeff King
2017-08-30 5:55 ` Jeff King
2017-08-30 7:07 ` Michael Haggerty
2017-09-02 8:44 ` Jeff King
2017-09-02 13:50 ` Jeff King
2017-08-30 6:55 ` Michael Haggerty
2017-08-30 19:53 ` Jeff King
2017-08-30 19:57 ` Brandon Williams
2017-08-30 20:11 ` Jeff King
2017-08-30 21:06 ` Brandon Williams
2017-08-31 4:09 ` Jeff King
2017-09-06 3:59 ` Junio C Hamano
2017-09-06 12:41 ` Jeff King
2017-08-29 19:22 ` [PATCH] pkt-line: re-'static'-ify buffer in packet_write_fmt_1() Martin Ågren
2017-08-29 21:48 ` Jeff King
2017-08-30 5:31 ` Jeff King
2017-09-05 10:03 ` Junio C Hamano
2017-10-10 4:06 ` [PATCH 0/2] Do not call cmd_*() as a subroutine Junio C Hamano
2017-10-10 4:06 ` [PATCH 1/2] describe: do not use " Junio C Hamano
2017-10-10 13:43 ` SZEDER Gábor
2017-10-11 6:00 ` Junio C Hamano
2017-10-10 4:06 ` [PATCH 2/2] merge-ours: " Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMy9T_Eq+XJyhXk99RA9AMUVx3L8qw+0=KfAOjYsPsTSVSLchQ@mail.gmail.com' \
--to=mhagger@alum.mit.edu \
--cc=bmwill@google.com \
--cc=git@vger.kernel.org \
--cc=larsxschneider@gmail.com \
--cc=martin.agren@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.