config: fix correctness issues in reading #44230
Conversation
pulsejet
added
3. to review
pulsejet
requested review from
skjnldsv,
a team,
ArtificialOwl and
Fenn-CS
and removed request for
a team
pulsejet
force-pushed
the
varun/config-read
branch
from
54b467a
to
0b86a50
Compare
|
I believe this is low risk and can be backported as a bugfix (there are technically two "bugs": the handle never being unlocked / closed in certain cases, and all the issues caused by the missing opcache invalidation) |
pulsejet
force-pushed
the
varun/config-read
branch
from
0b86a50
to
2759a28
Compare
There was a problem hiding this comment.
Overall, I like these changes a lot actually. No need to check if a file is readable or not if all we are doing is locking it :) just a small question regarding the sanitization that was removed for the configFilePath
EDIT: it does need to be removed after reading the explanation below!
|
What bugs are you trying to fix? Are those bugs that you encountered yourself? I’d expect PHP to release all locks on crash, I’m surprised the finally block is needed. Otherwise we’d need this kind of thing in a lot of places. |
Opcache. For example pulsejet/memories#578 (comment) I'm aware the server tuning docs mention the pitfalls of disabling revalidation, but revalidating one file (
Correct, it's not strictly needed but this is cleaner / more resilient. In case the exception is caught, we no longer rely on
Errors like? There were checks on existence and readability so this would've never logged anything either way (this one is a performance fix to save a couple of kernel calls) |
|
Also note, the locked/critical block should always be as small as possible (generally speaking), and the shortest way to do it is this. |
We should not impact everyone to handle the case of a badly configured opcache. If opcache is used without revalidation it must be manually cleaned on app install/update, no? Or maybe it can be done automatically, don’t know. But disabling opcache for everyone on config file looks overkill.
Good point, did not think of the case it’s catched.
Any |
I wouldn't say it's badly configured, this is actually good for performance (even the server tuning doc makes a passing mention). The problem isn't with app installation; opcache is reset when upgrading anyway. But the config file changing is what is the problem; this can happen more often and give rise to very subtle bugs.
Opcache is not disabled, even on the config file. Just the timestamp is revalidated on every request, which is very minimal overhead (notice Here's another way of looking at it: if we consider turning off revalidation as "bad", then the total cost paid here is basically nothing since the timestamp was validated anyway. On the other hand, just validating the config file makes turning off revalidation generally a "valid" opcache configuration (which we actually expect to work well), and reduce the overall overhead.
Point taken, though I wouldn't consider this a big deal. The check for a valid config file is needed only once (ever), but we pay the cost for every single request, which seems very excessive. Anyway, can revert this one if you prefer. |
|
More thoughts? |
There was a problem hiding this comment.
Can you detail the rationale on "Skip even for non-main fails when we can't open it (it'll crash later anyway otherwise)" ?
With this PR the admin will have a hard time noticing the permissions on an additional config file are wrong, nothing is logged or shown.
pulsejet
force-pushed
the
varun/config-read
branch
from
2759a28
to
817ab23
Compare
True ... the current behavior (before this patch) is odd; it just goes on with a I've updated the patch to show a better error. (note we can't actually
Also updated PR description |
|
I can't merge due to CI failure, seems unrelated |
|
Rerunning CI |
Signed-off-by: Varun Patil <varunpatil@ucla.edu>
pulsejet
force-pushed
the
varun/config-read
branch
from
817ab23
to
1585587
Compare
|
/backport to stable28 |
|
/backport to stable29 |
|
The backport to # Switch to the target branch and update it
git checkout stable29
git pull origin stable29
# Create the new backport branch
git checkout -b backport/44230/stable29
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts, resolve them
git cherry-pick 15855876
# Push the cherry pick commit to the remote repository and open a pull request
git push origin backport/44230/stable29Error: No changes found in backport branch Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports. |
@szaimen this is already merged to 29 |
|
Ah I see |
Multiple fixes here.
(it even logs a warning when the file isn't readable, which is very nice)Skip even for non-main fails when we can't open it (it'll crash later anyway otherwise)Show the admin a better error message when a config file cannot be opened instead of throwing a TypeError (see config: fix correctness issues in reading #44230 (comment))config.php(even if timestamp validation is disabled in the opcache config) and actually fixes a lot of correctness issues. Some actions such as upgrading an app make it obvious that the opcache may need to be refreshed, but config changes might happen more subtly, and opcache defeats the whole point of locking the file to begin with.Side note: while
Config::writeDatadoes invalidate the opcache anyway, this is not sufficient since