Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1630096pxb; Thu, 4 Mar 2021 16:57:41 -0800 (PST) X-Google-Smtp-Source: ABdhPJyvhNlRTTTe+uehpH/xQBMZ7hAdU0V206fzjhb/0B68Kiw3Qko04h9HTINeeMQdGXbkMgJu X-Received: by 2002:a5e:a519:: with SMTP id 25mr5522088iog.3.1614905861414; Thu, 04 Mar 2021 16:57:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614905861; cv=none; d=google.com; s=arc-20160816; b=SY54QGRb81qQGaEb0WuUrcQO7b+wf+fwRW5N96hF8itgFc6733R+73sYKrfAVSJMwH PXBNp4d4E4Xc8wBEO5YIRzeUxzWflAzxetDmIwmTQNpxpQf3XbPNeHvAWNWon8pmHuk/ QmQN9lh4GMFDhpDOSQHiTDTz3XbGr7fP9uqxl1Ay5MzyccAqMr9WCykeM6lStH7yQVOd E5FjSmnkX+wXO7dl5XVUX6Y5w6ci1TiFlnJMN9TzdbF8K/Ys0W/Ukus0upquuas1a7Ut RafL3aPJPhPKqNrmBhNE13T6EniUnULYV2a3a5QkZK2nuygpH5urvHLHInoYXAE4/nGG HrgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :message-id:subject:cc:to:from:date; bh=AQOIEmk5GpJ1c61Y735Pz3a9eDykSqv1qsOT5kYxGQ4=; b=euJWaLKt7fdgT5+GWW/+NEXRB7zUbKkTQABGyCWTxCZNO03NgSDJrUg/iLD8JZrD9a Ru2VFd5A9lDJA0gKGcdhbnwgcAdqYU4Y9cO2v5GBn5dI8tSKSH8xCfMd/O+c16rE32RH adpIu1yuzxOugzxPAEBa61IzqvRh5tXe2hZNuDNhQuBycijj3AwfwJdTAoeCdVuQ6Zc+ D85RIsIxseqe5jFUgvfKCyFuFwvgbmFHWI+6IeDsiHGFv9/oH6B204VT78XfklveSIIn PnzXdii3pYZqPbEMCnQ3/zWwOjkF0TKQ1mlmCVzvhjOtgpNuWWW2W9FylmBEjzM3lJuM bWKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n12si828499ilk.3.2021.03.04.16.57.28; Thu, 04 Mar 2021 16:57:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232430AbhCDUxL (ORCPT + 99 others); Thu, 4 Mar 2021 15:53:11 -0500 Received: from relay5-d.mail.gandi.net ([217.70.183.197]:55419 "EHLO relay5-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232444AbhCDUwj (ORCPT ); Thu, 4 Mar 2021 15:52:39 -0500 X-Originating-IP: 50.39.163.217 Received: from localhost (unknown [50.39.163.217]) (Authenticated sender: josh@joshtriplett.org) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id B096E1C0005; Thu, 4 Mar 2021 20:51:43 +0000 (UTC) Date: Thu, 4 Mar 2021 12:51:40 -0800 From: Josh Triplett To: linux-kernel@vger.kernel.org, git@vger.kernel.org Cc: Linus Torvalds Subject: Re: A note on the 5.12-rc1 tag Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [CCing the git list] On Wed, Mar 03, 2021 at 12:53:18PM -0800, Linus Torvalds wrote: > Hey peeps - some of you may have already noticed that in my public git > tree, the "v5.12-rc1" tag has magically been renamed to > "v5.12-rc1-dontuse". It's still the same object, it still says > "v5.12-rc1" internally, and it is still is signed by me, but the > user-visible name of the tag has changed. > > The reason is fairly straightforward: this merge window, we had a very > innocuous code cleanup and simplification that raised no red flags at > all, but had a subtle and very nasty bug in it: swap files stopped > working right. And they stopped working in a particularly bad way: > the offset of the start of the swap file was lost. > > Swapping still happened, but it happened to the wrong part of the > filesystem, with the obvious catastrophic end results. [...] > One additional reason for this note is that I want to not just warn > people to not run this if you have a swapfile - even if you are > personally not impacted (like I am, and probably most people are - > swap partitions all around) - I want to make sure that nobody starts > new topic branches using that 5.12-rc1 tag. I know a few developers > tend to go "Ok, rc1 is out, I got all my development work into this > merge window, I will now fast-forward to rc1 and use that as a base > for the next release". Don't do it this time. It may work perfectly > well for you because you have the common partition setup, but it can > end up being a horrible base for anybody else that might end up > bisecting into that area. Even if people avoid basing their topic branches on 5.12-rc1, it's still possible for a future bisect to end up wandering to one of the existing dangerous commits, if someone's trying to find a historical bug and git happens to choose that as a halfway point. And if they happen to be using a swap file, they could end up with serious data loss, years from now when "5.12-rc1 is broken" isn't on the top of their mind or even something they heard about originally. Would it make sense to add a feature to git that allows defining a "dangerous" region for bisect? Rough sketch: - Add a `/.git-bisect-dangerous` file to the repository, containing a list of of commit range expressions (contains commit X, doesn't contain commit Y) and associated messages ("Do not use these kernels if you have a swap file; if you need to bisect into here, disable swap files first"). - git-bisect, as it navigates commits, always checks that file for any commit it processes, and adds any new entries it sees into `.git/bisect-dangerous`; it never removes entries from there. - git-bisect avoids choosing bisection points anywhere in that range until it absolutely has to (because it's narrowed an issue to that range). This can use something similar to the existing `git bisect skip` machinery. Manual bisections print the message at that point. Automated bisections (`git bisect run`) stop and print the range without narrowing further, unless the user passes something like `--dangerous-ok=commit-range`. (git notes would be nice for this, but they're hard to share reliably; the above mechanism to accumulate entries from a file in the repo seems simpler. I can imagine other possibilities.) Does something like this seem potentially reasonable, and worth doing to help people avoid future catastrophic data loss? - Josh Triplett