[Libguestfs] [nbdkit PATCH 3/7] RFC: protocol: Only send EOVERFLOW when valid

Eric Blake eblake at redhat.com
Tue Apr 23 12:38:41 UTC 2019 

[adding NBD list]

On 4/23/19 2:36 AM, Richard W.M. Jones wrote:
> On Mon, Apr 22, 2019 at 07:50:22PM -0500, Eric Blake wrote:
>> Previously, we were squashing EOVERFLOW into EINVAL; continue to do so
>> at points in the protocol where the client may not be expecting
>> EOVERFLOW.

> 
> The protocol spec is unclear on whether EOVERFLOW can be returned in
> cases other than the DF flag being set.  Whether we include this patch
> or not seems to hinge on the interpretation of the protocol spec which
> I'm not really in a position to make.

Context: nbdkit previously did not allow the EOVERFLOW value over the
wire, so I'm proposing a patch to nbdkit to support it.  But it raises
the question on whether allowing EOVERFLOW to any arbitrary command is
okay, or whether EOVERFLOW should only be exposed over the wire to a
client that is likely to expect it. The NBD spec added EOVERFLOW as a
valid error value when commit 7ff2e45e (Apr 2016) promoted structured
replies to be part of the protocol, so any client that negotiates
structured replies is thus new enough to expect EOVERFLOW; conversely,
EOVERFLOW is only documented as being reasonable for the server to send
in response to a client using NBD_CMD_FLAG_DF to NBD_CMD_READ (again,
which implies the client negotiated structured replies), and not all
clients support structured replies.

See also my recent thread about the potential of adding ENOTSUP as a
valid error, towards the end of the message:
https://lists.debian.org/nbd/2019/03/msg00007.html

There, I argued that since clients do not have to have a 1:1 mapping
from system errno values to NBD wire error values, that any addition of
a new error value over the wire should at least think about back-compat
considerations, where we should consider documenting that a server
SHOULD NOT send the new error except to clients that are obviously new
enough to be aware that the error is possible.  I intentionally used
SHOULD NOT rather than MUST NOT, as a server may still choose to expose
non-standard errors over the wire if a client might benefit from those
errors, and a well-written client will squash non-standard errors
received over the wire back to EINVAL.

So the question at hand is whether I should patch the NBD spec to
recommend that a server SHOULD NOT send EOVERFLOW except in response to
NBD_CMD_READ when the NBD_CMD_FLAG_DF bit is set (similar to my proposed
wording that a server SHOULD NOT send ENOTSUP except in response to
NBD_CMD_FLAG_FAST_ZERO).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20190423/0502a4c9/attachment.sig>

More information about the Libguestfs mailing list