This is an archive of the discontinued Mercurial Phabricator instance.

Differential D11817

sparse: lock the store when updating requirements config
ClosedPublic

Authored by aalekseyev on Nov 29 2021, 7:27 AM.

Details

Reviewers
Alphare
marmoute
Group Reviewers
hg-reviewers
Commits
rHGb74ee41addee: sparse: lock the store when updating requirements config

Diff Detail

Repository
rHG Mercurial
Branch
stable
Lint
No Linters Available
Unit
No Unit Test Coverage

Event Timeline

aalekseyev created this revision.Nov 29 2021, 7:27 AM
This revision is now accepted and ready to land.Nov 29 2021, 7:47 AM
Alphare requested changes to this revision.Nov 30 2021, 10:06 AM

Looks like this breaks another test: https://foss.heptapod.net/mercurial/mercurial-devel/-/jobs/269970

This revision now requires changes to proceed.Nov 30 2021, 10:06 AM
aalekseyev added a comment.Nov 30 2021, 2:42 PM

Wow, looks I just didn't run all tests here. Sorry!
Investigating this, I went pretty deep into a rabbit hole and may need rescuing.
The bug seems to go like this:

When cloning:

  • hg.py:868: lock is obtained and stored into destlock variable
  • a few lines later, the repo is actually created and the python object representing it is made by destpeer = peer(srcrepo, peeropts, dest) (which makes it unaware of the lock being held)
  • hg.py:1038: _update is called on a repo that still doesn't know that it's locked; since _update is where sparse hooks in, updateconfig runs and deadlocks

Note that a few lines later (hg.py:1041-1047) the repo actually "learns" that it's locked (in a racy way).

Intuitively it seems good to "tell" the repo that it's locked from the very start, when calling peer or immediately after. But since this is the first time I see all of this code I can't make that call.

Another confusing thing is that during the clone we don't take wlock at all (other than in sparse), even though it seems reasonable to expect everything to be locked during the clone.
Taking wlock after the lock is supposed to be wrong (deadlock-prone), and yet here we are effectively doing it (clone takes the lock from the very start, and then sparse does it during clone).

Any advice would be appreciated.

marmoute added a subscriber: marmoute.EditedDec 3 2021, 11:58 AM
  1. I agree that we should take the wlock in addition to the lock as we will be running an upgrade. (this should be a different commit, prior to the other one)
  1. the best way to get out of your trouble is to make the "new" peer (created after status) aware of the locking. Something like the logic below seems "suitable", Since this only happens in this specific cases, it seems like a bad idea to alter too much of the main peer API (we could still have a dedicated method on the repository for that). Same would have to be done for the wlock too

(I did not run this code, and it is not intended to be the final state.)

diff --git a/mercurial/hg.py b/mercurial/hg.py
--- a/mercurial/hg.py
+++ b/mercurial/hg.py
@@ -873,6 +873,13 @@ def clone(
             # we need to re-init the repo after manually copying the data
             # into it
             destpeer = peer(srcrepo, peeropts, dest)
+
+            # make the peer aware that is it already locked
+            #
+            # important:
+            #
+            #    We still need to release that lock at the end of the function
+            destpeer.local()._lockref = weakref.ref(destlock)
             srcrepo.hook(
                 b'outgoing', source=b'clone', node=srcrepo.nodeconstants.nullhex
             )
aalekseyev updated this revision to Diff 31323.Dec 6 2021, 2:05 PM
aalekseyev added a comment.EditedDec 6 2021, 2:07 PM

I tried this, and ran into another problem: dirstate is linked to wlock, so if you share a wlock then you must also share the dirstate.
I wrote a patch that does this, but I can't tell how safe that is. All tests pass, at least.

@marmoute, please have a look at the patch.

aalekseyev updated this revision to Diff 31324.Dec 6 2021, 2:09 PM
marmoute accepted this revision.Dec 16 2021, 8:38 AM
In D11817#181925, @aalekseyev wrote:

I tried this, and ran into another problem: dirstate is linked to wlock, so if you share a wlock then you must also share the dirstate.

I see, the wlock's releasefn refer to the original dirstate.

I wrote a patch that does this, but I can't tell how safe that is. All tests pass, at least.

That seems "fine", it test are happy, lets try this route.

@marmoute, please have a look at the patch.

Alphare accepted this revision.Dec 17 2021, 7:59 AM

We all came to the same conclusion then. This is a hack, but it's very localized and clearly documented.

This revision is now accepted and ready to land.Dec 17 2021, 7:59 AM

Revision Contents
Changeset List

PathPackages
Mmercurial/hg.py (24 lines)
Mmercurial/sparse.py (2 lines)
Mtests/test-sparse-with-safe-share.t (6 lines)

Diff 31323

mercurial/hg.py

# hg.py - repository classes for mercurial # hg.py - repository classes for mercurial
# #
# Copyright 2005-2007 Olivia Mackall <olivia@selenic.com> # Copyright 2005-2007 Olivia Mackall <olivia@selenic.com>
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
# #
# This software may be used and distributed according to the terms of the # This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version. # GNU General Public License version 2 or any later version.
from __future__ import absolute_import from __future__ import absolute_import
import errno import errno
import os import os
import shutil import shutil
import stat import stat
import weakref
from .i18n import _ from .i18n import _
from .node import ( from .node import (
hex, hex,
sha1nodeconstants, sha1nodeconstants,
short, short,
) )
from .pycompat import getattr from .pycompat import getattr
if isinstance(source, bytes): if isinstance(source, bytes):
src = urlutil.get_clone_path(ui, source, branch) src = urlutil.get_clone_path(ui, source, branch)
origsource, source, branches = src origsource, source, branches = src
srcpeer = peer(ui, peeropts, source) srcpeer = peer(ui, peeropts, source)
else: else:
srcpeer = source.peer() # in case we were called with a localrepo srcpeer = source.peer() # in case we were called with a localrepo
branches = (None, branch or []) branches = (None, branch or [])
origsource = source = srcpeer.url() origsource = source = srcpeer.url()
srclock = destlock = cleandir = None srclock = destlock = destwlock = cleandir = None
destpeer = None destpeer = None
try: try:
revs, checkout = addbranchrevs(srcpeer, srcpeer, branches, revs) revs, checkout = addbranchrevs(srcpeer, srcpeer, branches, revs)
if dest is None: if dest is None:
dest = defaultdest(source) dest = defaultdest(source)
if dest: if dest:
ui.status(_(b"destination directory: %s\n") % dest) ui.status(_(b"destination directory: %s\n") % dest)
destrootpath = urlutil.urllocalpath(dest) destrootpath = urlutil.urllocalpath(dest)
dest_reqs = localrepo.clone_requirements(ui, createopts, srcrepo) dest_reqs = localrepo.clone_requirements(ui, createopts, srcrepo)
localrepo.createrepository( localrepo.createrepository(
ui, ui,
destrootpath, destrootpath,
requirements=dest_reqs, requirements=dest_reqs,
) )
destrepo = localrepo.makelocalrepository(ui, destrootpath) destrepo = localrepo.makelocalrepository(ui, destrootpath)
do_wlock = True
if do_wlock:
destwlock = destrepo.wlock()
destlock = destrepo.lock() destlock = destrepo.lock()
from . import streamclone # avoid cycle from . import streamclone # avoid cycle
streamclone.local_copy(srcrepo, destrepo) streamclone.local_copy(srcrepo, destrepo)
# we need to re-init the repo after manually copying the data # we need to re-init the repo after manually copying the data
# into it # into it
destpeer = peer(srcrepo, peeropts, dest) destpeer = peer(srcrepo, peeropts, dest)
# make the peer aware that is it already locked
#
# important:
#
# We still need to release that lock at the end of the function
destpeer.local()._lockref = weakref.ref(destlock)
if do_wlock:
destpeer.local()._wlockref = weakref.ref(destwlock)
# dirstate also needs to be copied because `_wlockref` has a reference
# to it: this dirstate is saved to disk when the wlock is released
destpeer.local().dirstate = destrepo.dirstate
srcrepo.hook( srcrepo.hook(
b'outgoing', source=b'clone', node=srcrepo.nodeconstants.nullhex b'outgoing', source=b'clone', node=srcrepo.nodeconstants.nullhex
) )
else: else:
try: try:
# only pass ui when no srcrepo # only pass ui when no srcrepo
destpeer = peer( destpeer = peer(
srcrepo or ui, srcrepo or ui,
bn = destrepo[uprev].branch() bn = destrepo[uprev].branch()
status = _(b"updating to branch %s\n") % bn status = _(b"updating to branch %s\n") % bn
destrepo.ui.status(status) destrepo.ui.status(status)
_update(destrepo, uprev) _update(destrepo, uprev)
if update in destrepo._bookmarks: if update in destrepo._bookmarks:
bookmarks.activate(destrepo, update) bookmarks.activate(destrepo, update)
if destlock is not None: if destlock is not None:
release(destlock) release(destlock)
if destwlock is not None:
release(destlock)
# here is a tiny windows were someone could end up writing the # here is a tiny windows were someone could end up writing the
# repository before the cache are sure to be warm. This is "fine" # repository before the cache are sure to be warm. This is "fine"
# as the only "bad" outcome would be some slowness. That potential # as the only "bad" outcome would be some slowness. That potential
# slowness already affect reader. # slowness already affect reader.
with destrepo.lock(): with destrepo.lock():
destrepo.updatecaches(caches=repositorymod.CACHES_POST_CLONE) destrepo.updatecaches(caches=repositorymod.CACHES_POST_CLONE)
finally: finally:
release(srclock, destlock) release(srclock, destlock, destwlock)
if cleandir is not None: if cleandir is not None:
shutil.rmtree(cleandir, True) shutil.rmtree(cleandir, True)
if srcpeer is not None: if srcpeer is not None:
srcpeer.close() srcpeer.close()
if destpeer and destpeer.local() is None: if destpeer and destpeer.local() is None:
destpeer.close() destpeer.close()
return srcpeer, destpeer return srcpeer, destpeer

mercurial/sparse.py

usereporootpaths=False, usereporootpaths=False,
): ):
"""Perform a sparse config update. """Perform a sparse config update.
Only one of the actions may be performed. Only one of the actions may be performed.
The new config is written out and a working directory refresh is performed. The new config is written out and a working directory refresh is performed.
""" """
with repo.wlock(), repo.dirstate.parentchange(): with repo.wlock(), repo.lock(), repo.dirstate.parentchange():
raw = repo.vfs.tryread(b'sparse') raw = repo.vfs.tryread(b'sparse')
oldinclude, oldexclude, oldprofiles = parseconfig( oldinclude, oldexclude, oldprofiles = parseconfig(
repo.ui, raw, b'sparse' repo.ui, raw, b'sparse'
) )
if reset: if reset:
newinclude = set() newinclude = set()
newexclude = set() newexclude = set()

tests/test-sparse-with-safe-share.t

> [extensions] > [extensions]
> sparse= > sparse=
> EOF > EOF
$ echo a > show $ echo a > show
$ echo x > hide $ echo x > hide
$ hg ci -Aqm 'initial' $ hg ci -Aqm 'initial'
Verify basic --include Regression test: checks that this command correctly locks the store
before updating the store [requirements] config.
$ hg up -q 0 $ hg up -q 0
$ hg debugsparse --include 'hide' $ hg debugsparse --include 'hide'
devel-warn: write with no lock: "requires" at: *mercurial/scmutil.py:1558 (writerequires) (glob)
TODO: bug in sparse when used together with safe-share^