Re: [PATCH v2 2/3] send-pack: fix push nego. when remote has refs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Thu, Jul 15 2021, Jonathan Tan wrote:
> 
> > Commit 477673d6f3 ("send-pack: support push negotiation", 2021-05-05)
> > did not test the case in which a remote advertises at least one ref. In
> > such a case, "remote_refs" in get_commons_through_negotiation() in
> > send-pack.c would also contain those refs with a zero ref->new_oid (in
> > addition to the refs being pushed with a nonzero ref->new_oid). Passing
> > them as negotiation tips to "git fetch" causes an error, so filter them
> > out.
> >
> > (The exact error that would happen in "git fetch" in this case is a
> > segmentation fault, which is unwanted. This will be fixed in the
> > subsequent commit.)
> 
> Let's add the test from the subsequent here as a test_expect_failure and
> flip it to "success".

What is the subsequent?

> > @@ -425,8 +425,10 @@ static void get_commons_through_negotiation(const char *url,
> >  	child.no_stdin = 1;
> >  	child.out = -1;
> >  	strvec_pushl(&child.args, "fetch", "--negotiate-only", NULL);
> > -	for (ref = remote_refs; ref; ref = ref->next)
> > -		strvec_pushf(&child.args, "--negotiation-tip=%s", oid_to_hex(&ref->new_oid));
> > +	for (ref = remote_refs; ref; ref = ref->next) {
> > +		if (!is_null_oid(&ref->new_oid))
> > +			strvec_pushf(&child.args, "--negotiation-tip=%s", oid_to_hex(&ref->new_oid));
> > +	}
> >  	strvec_push(&child.args, url);
> 
> This will run into my eff40457a4 (fetch: fix segfault in
> --negotiate-only without --negotiation-tip=*, 2021-07-08) if we supply a
> --negotiate-only without --negotiation-tip=, but trying it it looks like
> even when you push to an empty repo and your repo is itself empty we'll
> always add the tip you're pushing as the negotiation tip.
> 
> Let's add a test for that, i.e. I instrumented your test to check what
> happens whe I do the push without any remote/local refs, both for
> one/both cases (and both combinations), it seems to work...

I'm not sure how useful this no-ref test will be, because if my existing
tests are correct, the thing we're pushing is guaranteed to be in this
list (so the list will be non-empty).

> For code that's doing a loop over "refs" testing that seems to be
> worthwhile, i.e. we don't actually depend on "refs" in the sense that
> they exist, but the refs we've constructed in-memory to be created on
> the remote, correct?

Yes.

> But also: looking at the trace output we already have the ref
> advertisement at this point, so in the case of an empty repo we'll see
> it has no refs, but then we're going to provide a --negotiation-tip=*
> pointing to our local OID anyway.

Hmm...are you running under protocol v0? In protocol v2, there should be
no ref advertisement at this point.

> That seems like a fairly non-obvious edge case that should be called out
> / tested.
> 
> I.e. aren't we at least just going to engage in redundant work there in
> trying to negotiate with empty repos, or is it going to noop anyway.
> 
> Or maybe we'll get lucky and they have the OID already, they just
> recently deleted their reference(s), then we won't need to send as much
> over? Is that what this is trying to do?
> 
> But hrm, won't that sort of thing increase the odds of repository
> corruption?

No, trying to be lucky in finding an OID that the server has no plans of
advertising is not the aim.

> I.e. now we make the implicit assumption that an OID we see in the
> advertisement is one the server isn't going to aggressively prune while
> our push is underday (Jeff King has a good E-Mail summarizing that
> somewhere, not digging it up now, but I could...).
> 
> So such a remote will negotiate with us using that OID, but unlike with
> advertised OIDs we can't safely assume that the OID won't be racily
> deleted during our negotiation.
> 
> Or maybe I'm entirely wrong here....

There's always the risk that the server will say it has something and
then aggressively prune it, but I think that all fetch/push code has to
deal with it. A more realistic scenario is that one server in a
load-balanced arrangement advertises a commit that the other does not
have, but we are unlikely to be affected by that here because the ref
negotiation would usually concern old commits that the local user has
built upon, not the very latest commits that someone else just pushed.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux