Page MenuHomeFreeBSD

install: Always use a temporary file.
ClosedPublic

Authored by des on Apr 10 2024, 7:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 16, 8:25 PM
Unknown Object (File)
Dec 10 2024, 9:49 PM
Unknown Object (File)
Nov 25 2024, 4:45 PM
Unknown Object (File)
Oct 24 2024, 8:08 AM
Unknown Object (File)
Oct 1 2024, 12:01 PM
Unknown Object (File)
Sep 16 2024, 6:27 PM
Unknown Object (File)
Sep 10 2024, 11:32 PM
Unknown Object (File)
Sep 10 2024, 10:28 PM

Details

Summary

Previously, we would only use a temporary file if explicitly asked to
with the -S option, and even then, only if the target file already
existed. This meant that an outside observer looking for the target
file might see a partial file, and might see the file disappear and
then reappear.

With this patch, we always use a temporary file, ensuring atomicity.
The downside is slightly increased disk usage. The upside is never
having to worry about, for instance, cron jobs randomly failing if
they happen to run simultaneously with make installworld.

The -S option is retained, partly for compatibility, and partly
to control the use of fsync(2), which has a non-negligible cost
(approximately 10% increase in wall time for make installworld).

MFC after: 1 week
Sponsored by: Klara, Inc.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 57051
Build 53939: arc lint + arc unit

Event Timeline

The downside is slightly increased disk usage.

Won't this now also be a fair bit slower since install now fsync()s its output files before exiting? I don't particularly object to the change overall, but does it make a significant difference to, say, installworld runtime?

brooks added a subscriber: brooks.

Atomicity is well worth the quite minimal potential cost here.

usr.bin/xinstall/install.1
235–236
This revision is now accepted and ready to land.Apr 10 2024, 7:55 PM

Generally this looks like a nop vs always forcing S on.
One or two places might me a smidge less efficient. I'm having trouble seeing that it could be measured, much lass it having a material impact on installworld.

usr.bin/xinstall/install.1
236–241

Hmmm, looking at the code, it doesn't do anything now. I didn't get that sense from reading this description, though.

.It Fl S
Install always copies safely, so this option is only parsed for backwards compatibility.

might be better?

usr.bin/xinstall/xinstall.c
901

This is a little less efficient... But I strongly suspect with today's slowest disks, even, one couldn't measure a difference.

usr.bin/xinstall/install.1
235–236

I copied the wording from the entry for -c. I can change both or neither but not just one.

236–241

Exactly, it doesn't do anything, but we don't want to break scripts and Makefiles that use it, so we're keeping it for backwards compatibility, just like the -c option.

Won't this now also be a fair bit slower since install now fsync()s its output files before exiting? I don't particularly object to the change overall, but does it make a significant difference to, say, installworld runtime?

OK, I built world without the patch and then ran sudo make installworld -j8 twice in a row, timing the second run.

sudo make installworld -j8  77.59s user 86.52s system 251% cpu 1:05.35 total

Then I reapplied the patch and did the same thing again:

sudo make installworld -j8  77.56s user 87.40s system 227% cpu 1:12.65 total

That's a 10% slowdown in wall time. Not insignificant.

What if we make the fsync() calls, and _only_ the fsync() calls, conditional on -S? That way we get most of the benefit (atomicity from the point of view of other processes running concurrently with installworld, but not crash resistance) at a lower cost:

sudo make installworld -j8  78.50s user 89.57s system 250% cpu 1:07.05 total

make fsync conditional again

This revision now requires review to proceed.Apr 12 2024, 11:53 AM
des marked 3 inline comments as done.Apr 12 2024, 11:59 AM
0mp added inline comments.
usr.bin/xinstall/install.1
229

Maybe s/Previously/Historically/?

Also, the current behavior should be listed first I think. The historical would then be another paragraph in the description of the flag.

des marked an inline comment as done.Apr 12 2024, 12:39 PM

The manual page change LGTM.

This revision is now accepted and ready to land.Apr 12 2024, 12:43 PM
markj added inline comments.
usr.bin/xinstall/xinstall.c
1234

An older bug: I think we're failing to fsync in this path.

des marked an inline comment as done.Apr 12 2024, 2:08 PM
des added inline comments.
usr.bin/xinstall/xinstall.c
1234

Thank you, see D44756.

This revision was automatically updated to reflect the committed changes.
des marked an inline comment as done.