Fix race condition in fs::create_dir_all #30152
Conversation
The code would crash if the directory was created after create_dir_all checked whether the directory already existed. This was contrary to the documentation which claimed to create the directory if it doesn't exist, implying (but not stating) that there would not be a failure due to the directory existing.
|
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @brson (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. Please see the contribution instructions for more information. |
|
@bors r+ Thanks. |
|
📌 Commit 9710b31 has been approved by |
|
⌛ Testing commit 9710b31 with merge 268dbba... |
|
@bors: r- Ah sorry I was hoping to discuss this a little more before sending off to bors. These sorts of semantics are pretty subtle and it's often hard to define what a race here is. For example this same error will happen if two threads call Concurrent operations can't always be detected and when they do happen on the filesystem it often indicates that something else is going awry and needs to be kicked up further. As an example, the boost implementation of this function has the same semantics as this where the error isn't inspected on the way out. Overall I think that we don't have a concrete enough handle on what a race is for a function like this that I don't think we should add an extra check after-the-fact. |
|
💔 Test failed - auto-linux-32-opt |
|
I feel that the after-the-fact check is the only correct way to do this. I In any case, like with mkdir -p, I value this kind of function because it For some background, the reason I discovered this problem was a set of test David On Tue, Dec 1, 2015, 6:33 PM Alex Crichton notifications@github.com wrote:
|
|
Oh, to respond to the different behavior with create_dir, I agree that its semantics are different, as the documentation clearly states. If you have two calls to create_dir, it is expected that I've of them must always fail. In contrast, if create_dir_all fails (I assert), it means that the directory does not exist. |
|
I don't think it's possible for Overall most |
|
I would assert that there is a difference between a race between competing On Wed, Dec 2, 2015 at 12:30 PM Alex Crichton notifications@github.com
|
|
Even if we do start classifying races into different categories I'd prefer to not try to handle some and not others, it seems weird that we pick an arbitrary set of racy conditions for each call to handle but other (just as legitimate races) are left up to callers. |
alexcrichton
added
the
T-libs-api
|
I had some tests failing because of this. I agree with @alexcrichton reasoning though |
|
I wish we would at least provide better feedback in the |
|
Closing pr @alexcrichton |
|
Since I can't reopen, I have created a new issue for this problem #33707 . Please read my arguments and reconsider. |
The code would crash if the directory was created after create_dir_all
checked whether the directory already existed. This was contrary to
the documentation which claimed to create the directory if it doesn't
exist, implying (but not stating) that there would not be a failure
due to the directory existing.