On Tue, 10 Jun 2008, Ben Lynn wrote: > 2. Kudos to everyone who figured out the nasty race condition and its > complex solution as described in Documentation/technical/racy-git.txt > and the comments of read-cache.c. It took me a while to get my head > around it. > > Unfortunately, the solution isn't perfect. Try this: > > $ echo xyzzy > file > $ git update-index --add file # don't zero size since contents match > $ echo frotz > file # all stats still match, contents don't > $ echo nitfol > other # can be done much earlier > $ git update-index --add other # now the cached size is zeroed > $ : > file # zero the file size muahahaha > $ # Type fast! The above must take place within the same second! ;-) > $ sleep 2 > $ echo filfre > other > $ git update-index --add other # stats of "file" match, hash is wrong > > Essentially, we trigger two index writes that avoid operations on > "file": one immediately after "file" is first committed and identified > as racily clean, and the second some time later, after we have > sneakily zeroed the file behind git's back (after previously editing > its contents in place). We defeat the safeguards and end up with a bad > hash in the index that appears valid. > > The"other" file merely causes index writes without reading the "file" > entry. It is also racily clean in the above, but this is irrelevant. > > It's unlikely this sequence of operations would occur in real usage, > but I'd sleep better if this index corruption bug were eliminated. One > practical but unsatisfactory easy "fix" is to mark racily clean > entries with SIZE_MAX instead of 0. We could distinguish a "racily clean" entry from a 0-length file entry based on the hash. That is, say that a file isn't clean even though the size matches, if the size is 0 and the entry's hash isn't the same as the file's hash, which is e69de29bb2d1d6434b8b29ae775ad8c2e48c5391. Nice thing about 0-length files is that you can compute their hashes without reading them. -Daniel *This .sig left intentionally blank* -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
