On Thu, Nov 26, 2020 at 09:04:35PM +0100, René Scharfe wrote:
> Before I could submit that one (or something similar) formally, I'd need
> to understand what's happening here a lot better and witness the effect
> of the patch.
>
> I understand that the main benefit of stopping the child upon
> termination of the parent is to avoid using CPU cycles on a heavy task
> whose results will just go to waste. But wouldn't the orphaned child
> then become a zombie? Init would reap it eventually, but are there
> perhaps init-less deployments (containerized daemon?) where such
> zombies could pile up?
I think an init-less deployment like that is already broken. If we
encounter any error at all in upload-pack we may quit without reaping
all of our children. And this could never be protected against entirely;
we could be killed by SIGSEGV, SIGKILL, etc.
My understanding is container deployments often have a tiny pid-1 init
that takes care of zombie processes like this (but it's not something
I've dealt with much myself).
> For a test, winning the race condition should be easy if we cheat by
> letting the child loop forever. But I struggle even with the most
> basic task: Making upload-pack invoked by clone call pack-objects.
> (Feeling a bit silly.)
Here's an easy reproduction. On a clone of something large-ish (by
number of objects) like linux.git:
- make sure you don't have bitmaps on (since they make the enumerating
phase go quickly). For linux.git it takes ~30s or so to walk the
whole graph on my machine.
- run "git clone --no-local -q . dst"; the "-q" is important because
if pack-objects is writing progress to upload-pack (to get
multiplexed over the sideband to the client), then it will notice
pretty quickly the failure to write to stderr
- kill just upload-pack with "pkill git-upload-pack" or whatever you
like
- run "ps au | grep pack-objects" (or just "top") to see pack-objects
chugging on 100% CPU (and consuming 1GB+ of RAM)
With the patch adding clean_on_exit, that last step turns up nothing.
Now the situation above is probably pretty rare. Nobody is usually going
to kill upload-pack specifically. The more common case is when
upload-pack realizes that the client (or the network) has gone away,
because it tries to write and finds the connection gone. But what is it
writing? Most of the time it's stuff from pack-objects! So in the normal
case, pack-objects is continually writing either data or progress
reports, so it would notice for its next write.
But again, a client asking for no progress is a problem. upload-pack
will be sending keepalives every 5s or so, so it will notice client
death then. But pack-objects will keep running, not generating any
output until it starts spewing the pack.
So you could probably make the scenario above a bit more realistic by
killing the parent git-clone process. But don't use ^C; that will send
SIGINT to all of the processes. Simulate a network failure by killing
the "git clone" process specifically. This shows the same problem, and
the same improvement after the patch (though remember it may take up to
5 seconds for upload-pack to send a keepalive and notice the problem).
-Peff
