On Tue, Jan 12, 2016 at 03:42:29PM -0500, Jeff King wrote: > Ah, I see. When calling git-symbolic-ref, we don't provide an old_sha1, > and therefore never call verify_lock(). And we get whatever value in > lock->old_oid we happened to read earlier in resolve_ref_unsafe(). Which > happened outside of a lock. Yikes. It seems like we could racily write > the wrong reflog entry in such a case. > > [...] > The patch above is not quite right; I'll work up a series that takes > this approach. OK, here it is. This replaces the top two patches of jk/symbolic-ref (i.e., everything in this thread I've sent in the last day or two). Besides fixing the race (which is detailed in patch 2/3), I think the resulting 3/3 is much cleaner. Sorry for all the false starts. The more I looked at this, the more complex it seemed to get. But I _think_ this is the right solution. :) [1/3]: checkout,clone: check return value of create_symref [2/3]: lock_ref_sha1_basic: always fill old_oid while holding lock [3/3]: lock_ref_sha1_basic: handle REF_NODEREF with invalid refs -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html