* Potential for a race condition with latest-repository-commit
@ 2020-02-29 21:22 Christopher Baines
2020-03-18 16:19 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Christopher Baines @ 2020-02-29 21:22 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1611 bytes --]
Hey,
So one of the things that's currently restricted to doing by one job at
a time in the Guix Data Service is running latest-repository-commit from
the (guix git) module.
Previously this was more of a problem for the Guix Data Service, as a
large section of the work for loading information about a revision was
serialised to avoid the potential for contention over the cached
checkout this procedure uses. There's still a lock used now, but I
realised when looking in to this further that it's only necessary to
lock around this specific call, not the larger section that was
restricted previously.
I think that add-to-store which this procedure uses isn't atomic for a
directory, so there's a risk of weird results if the repository is
changed after the required revision is checked out. While it isn't
common to run guix pull twice, I think this could happen there if you
ran guix pull concurrently for the same repository, but two different
profiles. I added a sleep call just prior to the add-to-store call in
latest-repository-commit, and tested running guix pull twice at roughly
the same time, with different branches and profiles, and I did see both
profiles then reflecting a single branch, so one profile was mistakenly
referring to the wrong branch.
Is this something that is worth guarding against? Maybe
latest-repository-commit could double check the Git repo state after
add-to-store completes, and raise an error if it's different to what it
expects. Or perhaps individual worktrees could be used for each process,
which would hopefully avoid the race condition entirely.
Thanks,
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Potential for a race condition with latest-repository-commit
2020-02-29 21:22 Potential for a race condition with latest-repository-commit Christopher Baines
@ 2020-03-18 16:19 ` Ludovic Courtès
2020-03-29 14:10 ` Christopher Baines
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2020-03-18 16:19 UTC (permalink / raw)
To: Christopher Baines; +Cc: guix-devel
Hi,
Christopher Baines <mail@cbaines.net> skribis:
> So one of the things that's currently restricted to doing by one job at
> a time in the Guix Data Service is running latest-repository-commit from
> the (guix git) module.
>
> Previously this was more of a problem for the Guix Data Service, as a
> large section of the work for loading information about a revision was
> serialised to avoid the potential for contention over the cached
> checkout this procedure uses. There's still a lock used now, but I
> realised when looking in to this further that it's only necessary to
> lock around this specific call, not the larger section that was
> restricted previously.
>
> I think that add-to-store which this procedure uses isn't atomic for a
> directory, so there's a risk of weird results if the repository is
> changed after the required revision is checked out. While it isn't
> common to run guix pull twice, I think this could happen there if you
> ran guix pull concurrently for the same repository, but two different
> profiles. I added a sleep call just prior to the add-to-store call in
> latest-repository-commit, and tested running guix pull twice at roughly
> the same time, with different branches and profiles, and I did see both
> profiles then reflecting a single branch, so one profile was mistakenly
> referring to the wrong branch.
Yes, we’ve also seen this problem with ‘static-web-site-service’¹,
whereby if several instances would try to pull from, say,
guix-artwork.git, we’d get non-deterministic results. We worked around
it by using different cache directories…
¹ https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/modules/sysadmin/web.scm
> Is this something that is worth guarding against? Maybe
> latest-repository-commit could double check the Git repo state after
> add-to-store completes, and raise an error if it's different to what it
> expects. Or perhaps individual worktrees could be used for each process,
> which would hopefully avoid the race condition entirely.
It think it’d be worth guarding against it, yes. What we could do is
lock the cache directory, with something like ‘with-file-lock’.
WDYT?
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Potential for a race condition with latest-repository-commit
2020-03-18 16:19 ` Ludovic Courtès
@ 2020-03-29 14:10 ` Christopher Baines
0 siblings, 0 replies; 3+ messages in thread
From: Christopher Baines @ 2020-03-29 14:10 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 2359 bytes --]
Ludovic Courtès <ludo@gnu.org> writes:
> Hi,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> So one of the things that's currently restricted to doing by one job at
>> a time in the Guix Data Service is running latest-repository-commit from
>> the (guix git) module.
>>
>> Previously this was more of a problem for the Guix Data Service, as a
>> large section of the work for loading information about a revision was
>> serialised to avoid the potential for contention over the cached
>> checkout this procedure uses. There's still a lock used now, but I
>> realised when looking in to this further that it's only necessary to
>> lock around this specific call, not the larger section that was
>> restricted previously.
>>
>> I think that add-to-store which this procedure uses isn't atomic for a
>> directory, so there's a risk of weird results if the repository is
>> changed after the required revision is checked out. While it isn't
>> common to run guix pull twice, I think this could happen there if you
>> ran guix pull concurrently for the same repository, but two different
>> profiles. I added a sleep call just prior to the add-to-store call in
>> latest-repository-commit, and tested running guix pull twice at roughly
>> the same time, with different branches and profiles, and I did see both
>> profiles then reflecting a single branch, so one profile was mistakenly
>> referring to the wrong branch.
>
> Yes, we’ve also seen this problem with ‘static-web-site-service’¹,
> whereby if several instances would try to pull from, say,
> guix-artwork.git, we’d get non-deterministic results. We worked around
> it by using different cache directories…
>
> ¹ https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/modules/sysadmin/web.scm
>
>> Is this something that is worth guarding against? Maybe
>> latest-repository-commit could double check the Git repo state after
>> add-to-store completes, and raise an error if it's different to what it
>> expects. Or perhaps individual worktrees could be used for each process,
>> which would hopefully avoid the race condition entirely.
>
> It think it’d be worth guarding against it, yes. What we could do is
> lock the cache directory, with something like ‘with-file-lock’.
>
> WDYT?
That sounds good to me :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-03-29 14:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-29 21:22 Potential for a race condition with latest-repository-commit Christopher Baines
2020-03-18 16:19 ` Ludovic Courtès
2020-03-29 14:10 ` Christopher Baines
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).