On 3/14/22 1:47 PM, Junio C Hamano wrote:
Derrick Stolee <derrickstolee@xxxxxxxxxx> writes:
On 3/14/2022 4:00 AM, Ævar Arnfjörð Bjarmason wrote:
On Fri, Mar 11 2022, Jeff Hostetler via GitGitGadget wrote:
+ /*
+ * Technically, close() and unlink() can fail, but we don't
+ * care here. We only created the file to trigger a watch
+ * event from the FS to know that when we're up to date.
+ */
+ close(fd);
It still seems odd to explicitly want to ignore close() return values.
I realize that we do in (too many) existing places, but why wouldn't we
want to e.g. catch an I/O error here early?
What exactly do you propose we do here if there is an I/O error
during close()?
We created the file to trigger a watch event, but now we have a
reason to suspect that the wished-for watch event may not come.
We only did so to know that when we're up to date. Now we may never
know? We may go without realizing we are already up to date a bit
longer than the reality?
How much damage would it cause us to miss a watch event in this
case? Very little? Is it a thing that sysadmins may care if we see
too many of, but there is nothing the end user can immediately do
about? If it is, perhaps a trace2 event to report it (and other "we
do not care here" syscalls that fail)?
The open(... O_CREAT ...) succeeded, so we actually created a
new file and expect a FS event for it. That FS event (when seen
by the FS listener thread) will cause our condition to be
signaled and allow this thread to wake up and respond to the client.
The odds of the close() failing on a plain file (after a successful
open()) are very slim. And there's nothing that we can do about
the failure anyway. (And we're not relying on an FS event from the
close() succeeding, so it really doesn't matter.) Technically, it
is possible that the daemon could run out of fd's if this close()
fails often, so at some point the daemon might not be able to create
new cookie files. But the daemon currently defaults to sending a
trivial response to the client -- if this turns out to be a real
issue, we could have the daemon restart or something, but I'm not
going to worry about that right now.
The odds of a failure in unlink() is a little more interesting.
This would mean that a stale cookie file would be left in the
cookie directory (and waste a little disk space). But that is
not likely either (for a plain file that we just created).
Since we're not relying on the FS event for the unlink(), the
failure here won't block the current thread either. Deleting
stale cookie files is something that we could try to address
in the future if it turns out to be a problem.
Jeff
