On Mon, May 18, 2020 at 01:12:49PM -0400, Denton Liu wrote:
> > I just wonder if there is a better place to put this logic that would be
> > more certain to catch every place we'd expect to read to the end of a
> > response. But I suppose not. We could push it down into process_acks(),
> > but it would have the same READY logic that's here. I'll admit part of
> > my complaint is that the existing do_fetch_pack_v2 state-machine switch
> > is kind of hard to follow, but that's not your fault.
>
> I debated between the current implementation and doing something like
>
> int first_iteration = 1;
>
> ...
>
> while (state != FETCH_DONE) {
> switch (...) {
> ...
> }
>
> if (args->stateless_rpc && !first_iteration && (state == FETCH_SEND_REQUEST || state == FETCH_DONE)) {
> if (packet_reader_read(&reader) != PACKET_READ_RESPONSE_END)
> die(_("git fetch-pack: expected response end packet"));
> if (packet_reader_read(&reader) != PACKET_READ_FLUSH)
> die(_("git fetch-pack: expected flush packet"));
> }
> first_iteration = 0;
> }
>
> I think that this catches _all_ the cases without fiddling with any of
> the state machine logic.
I think you're right that it does, but TBH I find it harder to follow,
because now we're even further away from the actual response reads. What
I most want to verify is:
- there is no response-reading code path that does not check the
delimiters
- there is no code path where we check delimiters but did not actually
read a response
So to me, putting the check as close to the response-reads as possible
makes sense. I think the patch below is equivalent and easier to verify,
but I admit it's somewhat subjective:
diff --git a/fetch-pack.c b/fetch-pack.c
index 5325649eda..0bf1e5760c 100644
--- a/fetch-pack.c
+++ b/fetch-pack.c
@@ -1443,6 +1443,17 @@ static void receive_wanted_refs(struct packet_reader *reader,
die(_("error processing wanted refs: %d"), reader->status);
}
+static void check_stateless_delimiter(struct fetch_pack_args *args,
+ struct packet_reader *reader)
+{
+ if (!args->stateless_rpc)
+ return; /* not in stateless mode, no delimiter expected */
+ if (packet_reader_read(reader) != PACKET_READ_RESPONSE_END)
+ die(_("git fetch-pack: expected response end packet"));
+ if (packet_reader_read(reader) != PACKET_READ_FLUSH)
+ die(_("git fetch-pack: expected flush packet"));
+}
+
enum fetch_state {
FETCH_CHECK_LOCAL = 0,
FETCH_SEND_REQUEST,
@@ -1469,7 +1480,6 @@ static struct ref *do_fetch_pack_v2(struct fetch_pack_args *args,
struct fetch_negotiator negotiator_alloc;
struct fetch_negotiator *negotiator;
int seen_ack = 0;
- int check_http_delimiter;
if (args->no_dependents) {
negotiator = NULL;
@@ -1488,8 +1498,6 @@ static struct ref *do_fetch_pack_v2(struct fetch_pack_args *args,
}
while (state != FETCH_DONE) {
- check_http_delimiter = 0;
-
switch (state) {
case FETCH_CHECK_LOCAL:
sort_ref_list(&ref, ref_compare_name);
@@ -1538,15 +1546,19 @@ static struct ref *do_fetch_pack_v2(struct fetch_pack_args *args,
/* Process ACKs/NAKs */
switch (process_acks(negotiator, &reader, &common)) {
case READY:
+ /*
+ * Don't check for response delimiter; get_pack() will
+ * read the rest of this response.
+ */
state = FETCH_GET_PACK;
break;
case COMMON_FOUND:
in_vain = 0;
seen_ack = 1;
/* fallthrough */
case NO_COMMON_FOUND:
state = FETCH_SEND_REQUEST;
- check_http_delimiter = 1;
+ check_stateless_delimiter(args, &reader);
break;
}
break;
@@ -1565,20 +1577,13 @@ static struct ref *do_fetch_pack_v2(struct fetch_pack_args *args,
process_section_header(&reader, "packfile", 0);
if (get_pack(args, fd, pack_lockfile, sought, nr_sought))
die(_("git fetch-pack: fetch failed."));
+ check_stateless_delimiter(args, &reader);
state = FETCH_DONE;
- check_http_delimiter = 1;
break;
case FETCH_DONE:
continue;
}
-
- if (args->stateless_rpc && check_http_delimiter) {
- if (packet_reader_read(&reader) != PACKET_READ_RESPONSE_END)
- die(_("git fetch-pack: expected response end packet"));
- if (packet_reader_read(&reader) != PACKET_READ_FLUSH)
- die(_("git fetch-pack: expected flush packet"));
- }
}
if (negotiator)
> > Speaking of which: this is a change to the remote-helper protocol, since
> > we're now expecting stateless-connect helpers to produce these delim
> > packets (and failing if they don't). I kind of doubt that anybody but
> > remote-curl has implemented v2 stateless-connect, but should we be
> > marking this with an extra capability to be on the safe side?
>
> I think that we're probably safe from breaking anything external.
> According to the gitremote-helpers documentation,
>
> 'stateless-connect'::
> Experimental; for internal use only.
>
> so I think that gives us a bit of leeway in terms of the changes we can
> make to the stateless-connect protocol. They've been warned ;)
OK, I didn't realize we had explicitly marked it as experimental. I
agree we're probably fine here, then (now that v2 is starting to settle
a bit more, we might think about lifting that warning, but this patch
series shows we're not quite there yet :) ).
-Peff
