Re: Credential Store: Don't acquire lock when only reading the file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Oct 29, 2020 at 07:20:20PM +0000, Simão Afonso wrote:

> When git is configured for parallel fetches `fetch.parallel = 0` and
> uses the `store` credential helper, fetching all remotes might lead to a
> spurious lock fail. It's a race condition when several remotes require
> the credentials at the same time.
> 
> This shouldn't happen, using the `get` operation should not lock the
> file.

I agree that "get" should not be taking a lock. And looking at the code,
I don't think that it is.

However, after successfully using a password, Git will then trigger each
helper with a "store" command. So likely what you are seeing is each
fetch telling credential-store to store the successful password.

There are a few options here:

  - we could have Git not do that. And indeed, I wrote a patch for that
    long ago:

      https://lore.kernel.org/git/20120407033417.GA13914@xxxxxxxxxxxxxxxxxxxxx/

    but it turns out that some people rely on it. There were some
    options discussed there for moving it forward, but nothing ever
    happened.

    Another option that we didn't discuss there: we could remember which
    helper gave us the credential and not feed it back to itself. That
    would let simple cases work without the extra request, but would let
    more complex ones (feeding the result of one helper to another)
    continue to work the same.

  - the problem with `store` is that it has unfriendly concurrency
    semantics. Only one instance can hold the lock at a time, and
    clients which see that the lock is held just fail immediately, even
    though they could probably succeed by waiting a few milliseconds.
    Whereas other helpers are likely a bit smarter about this. So if we
    just wanted to improve credential-store, some other options are:

      - teach it to try the lock until hitting a timeout. I think just
	swapping out hold_lock_file_for_update() for
	hold_lock_file_for_update_timeout() would do it (I probably
	would have used it back then, but it didn't exist yet).

      - teach it to check whether the requested update is a noop
	(because we already have the identical entry in the file)
	without holding the lock. This implies an extra pass over the
	file when we _do_ write something, but the noop case is clearly
	going to be the more common one (and will also be faster,
	because we won't do any writing at all).

	I think I do prefer handling this inside Git, though (i.e.,
	having it realize it would be a noop and avoid calling the
	helper at all).

Interested in trying a patch for any of those?

-Peff
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux