[v5,2/6] refs/files-backend: stop setting errno from lock_ref_oid_basic

Commit Message

Han-Wen Nienhuys July 7, 2021, 7:07 p.m. UTC

From: Han-Wen Nienhuys <hanwen@google.com>

refs/files-backend.c::lock_ref_oid_basic() tries to signal how it failed
to its callers using errno.

It is safe to stop setting errno here, because the callers of this
file-scope static function are

* files_copy_or_rename_ref()
* files_create_symref()
* files_reflog_expire()

None of them looks at errno after seeing a negative return from
lock_ref_oid_basic() to make any decision, and no caller of these three
functions looks at errno after they signal a failure by returning a
negative value. In particular,

* files_copy_or_rename_ref() - here, calls are followed by error()
(which performs I/O) or write_ref_to_lockfile() (which calls
parse_object() which may perform I/O)

* files_create_symref() - here, calls are followed by error() or
create_symref_locked() (which performs I/O and does not inspect
errno)

* files_reflog_expire() - here, calls are followed by error() or
refs_reflog_exists() (which calls a function in a vtable that is not
documented to use and/or preserve errno)

Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
---
 refs/files-backend.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

Comments

Ævar Arnfjörð Bjarmason July 11, 2021, 11:38 a.m. UTC | #1

On Wed, Jul 07 2021, Han-Wen Nienhuys via GitGitGadget wrote:

>  /*
>   * Locks a ref returning the lock on success and NULL on failure.
> - * On failure errno is set to something meaningful.
>   */
>  static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
>  					   const char *refname,
> @@ -922,7 +921,6 @@ static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
>  {
>  	struct strbuf ref_file = STRBUF_INIT;
>  	struct ref_lock *lock;
> -	int last_errno = 0;
>  	int mustexist = (old_oid && !is_null_oid(old_oid));
>  	int resolve_flags = RESOLVE_REF_NO_RECURSE;
>  	int resolved;
> @@ -949,7 +947,6 @@ static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
>  		 * to remain.
>  		 */
>  		if (remove_empty_directories(&ref_file)) {
> -			last_errno = errno;
>  			if (!refs_verify_refname_available(
>  					    &refs->base,
>  					    refname, extras, skip, err))
> @@ -962,10 +959,13 @@ static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
>  						     &lock->old_oid, type);
>  	}
>  	if (!resolved) {
> -		last_errno = errno;
> +		int last_errno = errno;
>  		if (last_errno != ENOTDIR ||
> -		    !refs_verify_refname_available(&refs->base, refname,
> -						   extras, skip, err))
> +		    /* in case of D/F conflict, try to generate a better error
> +		     * message. If that fails, fall back to strerror(ENOTDIR).
> +		     */
> +		    !refs_verify_refname_available(&refs->base, refname, extras,
> +						   skip, err))
>  			strbuf_addf(err, "unable to resolve reference '%s': %s",
>  				    refname, strerror(last_errno));

I don't think it's some dealbreaker and we can move on, but just FWIW I
think what I mentioned ending in your
https://lore.kernel.org/git/CAFQ2z_NpyJQLuM70MhJ8K1h2v3QXFuAZRjN=SvSsjnukNRJ8pw@mail.gmail.com/
is still outstanding.

I.e. you added the comment, which is just says what the error emitting
looks like, that's all well & good.

But what I was pointing out that it didn't make sense to do any
"last_errno" here at all anymore. You pointed to 5b2d8d6f218
(lock_ref_sha1_basic(): improve diagnostics for ref D/F conflicts,
2015-05-11), we started setting "last_errno" there, but that was *not*
to avoid clobbering between the !resolved and the
strbuf_add(strerror(last_errno)) here, but rather to carry the
"last_errno" forward to the end of this lock_ref_oid_basic(), because
other things (after this hunk) might reset/clear errno.

Anyway, as noted there it doesn't actually matter, just reviewing &
looking if there's any loose ends, and for future source spelunking for
anyone reading this thread.

I.e. something like what I mentioned in
https://lore.kernel.org/git/87k0mae0ga.fsf@evledraar.gmail.com/ could be
squashed in, or better yet (probably) this:

diff --git a/refs/files-backend.c b/refs/files-backend.c
index 83ddfb3b627..f0ce0aac857 100644
--- a/refs/files-backend.c
+++ b/refs/files-backend.c
@@ -958,17 +958,15 @@ static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
 						     refname, resolve_flags,
 						     &lock->old_oid, type);
 	}
-	if (!resolved) {
-		int last_errno = errno;
-		if (last_errno != ENOTDIR ||
-		    /* in case of D/F conflict, try to generate a better error
-		     * message. If that fails, fall back to strerror(ENOTDIR).
-		     */
-		    !refs_verify_refname_available(&refs->base, refname, extras,
-						   skip, err))
-			strbuf_addf(err, "unable to resolve reference '%s': %s",
-				    refname, strerror(last_errno));
-
+	if (!resolved &&
+	    (errno != ENOTDIR ||
+	     /* in case of D/F conflict, try to generate a better error
+	      * message. If that fails, fall back to strerror(ENOTDIR).
+	      */
+	     !refs_verify_refname_available(&refs->base, refname, extras,
+					    skip, err))) {
+		strbuf_addf(err, "unable to resolve reference '%s': %s",
+			    refname, strerror(errno));
 		goto error_return;
 	}

Han-Wen Nienhuys July 13, 2021, 8 a.m. UTC | #2

On Sun, Jul 11, 2021 at 1:48 PM Ævar Arnfjörð Bjarmason
<avarab@gmail.com> wrote:
>
>
> On Wed, Jul 07 2021, Han-Wen Nienhuys via GitGitGadget wrote:
>
> >  /*
> >   * Locks a ref returning the lock on success and NULL on failure.
> > - * On failure errno is set to something meaningful.
> >   */
> >  static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
> >                                          const char *refname,
> > @@ -922,7 +921,6 @@ static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
> >  {
> >       struct strbuf ref_file = STRBUF_INIT;
> >       struct ref_lock *lock;
> > -     int last_errno = 0;
> >       int mustexist = (old_oid && !is_null_oid(old_oid));
> >       int resolve_flags = RESOLVE_REF_NO_RECURSE;
> >       int resolved;
> > @@ -949,7 +947,6 @@ static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
> >                * to remain.
> >                */
> >               if (remove_empty_directories(&ref_file)) {
> > -                     last_errno = errno;
> >                       if (!refs_verify_refname_available(
> >                                           &refs->base,
> >                                           refname, extras, skip, err))
> > @@ -962,10 +959,13 @@ static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
> >                                                    &lock->old_oid, type);
> >       }
> >       if (!resolved) {
> > -             last_errno = errno;
> > +             int last_errno = errno;
> >               if (last_errno != ENOTDIR ||
> > -                 !refs_verify_refname_available(&refs->base, refname,
> > -                                                extras, skip, err))
> > +                 /* in case of D/F conflict, try to generate a better error
> > +                  * message. If that fails, fall back to strerror(ENOTDIR).
> > +                  */
> > +                 !refs_verify_refname_available(&refs->base, refname, extras,
> > +                                                skip, err))
> >                       strbuf_addf(err, "unable to resolve reference '%s': %s",
> >                                   refname, strerror(last_errno));
>
> I don't think it's some dealbreaker and we can move on, but just FWIW I
> think what I mentioned ending in your
> https://lore.kernel.org/git/CAFQ2z_NpyJQLuM70MhJ8K1h2v3QXFuAZRjN=SvSsjnukNRJ8pw@mail.gmail.com/
> is still outstanding.
>
> I.e. you added the comment, which is just says what the error emitting
> looks like, that's all well & good.
>
> But what I was pointing out that it didn't make sense to do any
> "last_errno" here at all anymore. You pointed to 5b2d8d6f218
> (lock_ref_sha1_basic(): improve diagnostics for ref D/F conflicts,
> 2015-05-11), we started setting "last_errno" there, but that was *not*
> to avoid clobbering between the !resolved and the
> strbuf_add(strerror(last_errno)) here, but rather to carry the
> "last_errno" forward to the end of this lock_ref_oid_basic(), because
> other things (after this hunk) might reset/clear errno.

I disagree. In your suggested change

> +       if (!resolved &&
> +           (errno != ENOTDIR ||
> +            /* in case of D/F conflict, try to generate a better error
> +             * message. If that fails, fall back to strerror(ENOTDIR).
> +             */
> +            !refs_verify_refname_available(&refs->base, refname, extras,
> +                                           skip, err))) {
> +               strbuf_addf(err, "unable to resolve reference '%s': %s",
> +                           refname, strerror(errno));
>                 goto error_return;

the refs_verify_refname_available() call happens only if
errno==ENOTDIR. The call might clobber the ENOTDIR errno and then
fail. Then we'd be printing the last errno that
refs_verify_refname_available() saw, which may be different from
ENOTDIR.

Other than that, for clarity's sake, it's always better to avoid the
use of global errno if we can.

--
Han-Wen Nienhuys - Google Munich
I work 80%. Don't expect answers from me on Fridays.
--
Google Germany GmbH, Erika-Mann-Strasse 33, 80636 Munich
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado

Patch

diff --git a/refs/files-backend.c b/refs/files-backend.c
index 677b7e4cdd2..83ddfb3b627 100644
--- a/refs/files-backend.c
+++ b/refs/files-backend.c
@@ -910,7 +910,6 @@  static int create_reflock(const char *path, void *cb)
 
 /*
  * Locks a ref returning the lock on success and NULL on failure.
- * On failure errno is set to something meaningful.
  */
 static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
 					   const char *refname,
@@ -922,7 +921,6 @@  static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
 {
 	struct strbuf ref_file = STRBUF_INIT;
 	struct ref_lock *lock;
-	int last_errno = 0;
 	int mustexist = (old_oid && !is_null_oid(old_oid));
 	int resolve_flags = RESOLVE_REF_NO_RECURSE;
 	int resolved;
@@ -949,7 +947,6 @@  static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
 		 * to remain.
 		 */
 		if (remove_empty_directories(&ref_file)) {
-			last_errno = errno;
 			if (!refs_verify_refname_available(
 					    &refs->base,
 					    refname, extras, skip, err))
@@ -962,10 +959,13 @@  static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
 						     &lock->old_oid, type);
 	}
 	if (!resolved) {
-		last_errno = errno;
+		int last_errno = errno;
 		if (last_errno != ENOTDIR ||
-		    !refs_verify_refname_available(&refs->base, refname,
-						   extras, skip, err))
+		    /* in case of D/F conflict, try to generate a better error
+		     * message. If that fails, fall back to strerror(ENOTDIR).
+		     */
+		    !refs_verify_refname_available(&refs->base, refname, extras,
+						   skip, err))
 			strbuf_addf(err, "unable to resolve reference '%s': %s",
 				    refname, strerror(last_errno));
 
@@ -981,20 +981,17 @@  static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
 	if (is_null_oid(&lock->old_oid) &&
 	    refs_verify_refname_available(refs->packed_ref_store, refname,
 					  extras, skip, err)) {
-		last_errno = ENOTDIR;
 		goto error_return;
 	}
 
 	lock->ref_name = xstrdup(refname);
 
 	if (raceproof_create_file(ref_file.buf, create_reflock, &lock->lk)) {
-		last_errno = errno;
 		unable_to_lock_message(ref_file.buf, errno, err);
 		goto error_return;
 	}
 
 	if (verify_lock(&refs->base, lock, old_oid, mustexist, err)) {
-		last_errno = errno;
 		goto error_return;
 	}
 	goto out;
@@ -1005,7 +1002,6 @@  static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
 
  out:
 	strbuf_release(&ref_file);
-	errno = last_errno;
 	return lock;
 }