git-commit-vandalism/refs
Patrick Steinhardt bc22d845c4 core.fsync: new option to harden references
When writing both loose and packed references to disk we first create a
lockfile, write the updated values into that lockfile, and on commit we
rename the file into place. According to filesystem developers, this
behaviour is broken because applications should always sync data to disk
before doing the final rename to ensure data consistency [1][2][3]. If
applications fail to do this correctly, a hard crash of the machine can
easily result in corrupted on-disk data.

This kind of corruption can in fact be easily observed with Git when the
machine hard-resets shortly after writing references to disk. On
machines with ext4, this will likely lead to the "empty files" problem:
the file has been renamed, but its data has not been synced to disk. The
result is that the reference is corrupt, and in the worst case this can
lead to data loss.

Implement a new option to harden references so that users and admins can
avoid this scenario by syncing locked loose and packed references to
disk before we rename them into place.

[1]: https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/
[2]: https://btrfs.wiki.kernel.org/index.php/FAQ (What are the crash guarantees of overwrite-by-rename)
[3]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/ext4.rst (see auto_da_alloc)

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-03-15 13:30:58 -07:00
..
debug.c refs: centralize initialization of the base ref_store. 2021-12-22 13:51:38 -08:00
files-backend.c core.fsync: new option to harden references 2022-03-15 13:30:58 -07:00
iterator.c use CALLOC_ARRAY 2021-03-13 16:00:09 -08:00
packed-backend.c core.fsync: new option to harden references 2022-03-15 13:30:58 -07:00
packed-backend.h Merge branch 'ps/avoid-unnecessary-hook-invocation-with-packed-refs' 2022-02-18 13:53:27 -08:00
ref-cache.c Merge branch 'jt/no-abuse-alternate-odb-for-submodules' 2021-10-25 16:06:56 -07:00
ref-cache.h Merge branch 'jt/no-abuse-alternate-odb-for-submodules' 2021-10-25 16:06:56 -07:00
refs-internal.h Merge branch 'ps/avoid-unnecessary-hook-invocation-with-packed-refs' 2022-02-18 13:53:27 -08:00