On Fri, Sep 04, 2020 at 04:18:41PM -0500, Eric Blake wrote:
Right now, libnbd has refused to issue a command not advertised as
supported by a server, including unknown flags, mainly because the NBD
protocol does not guarantee what the server will do, and libnbd would
rather stay in sync with the server than drop the connection.
However, for integration purposes, it can be handy to coerce libnbd
into sending something to see how the server will react (whether it be
an extension libnbd has not yet learned, or an intentional bad request
to test server error handling). Time to make this something the user
can control, by adding a new strictness mode. A later patch will add
another knob to the mode.
---
Question: Should we split this into two knobs? Sending unknown flags
is dangerous (in the future, a flag might be defined to alter the
on-wire layout expected by either the client or server, and get things
out-of-sync or even cause data corruption), while sending known
commands contrary to advertised flags is less risky (so far,
NBD_CMD_WRITE is the only command that alters what the client sends,
so a server can easily reject unknown commands by assuming they match
the layout of NBD_CMD_READ; and I just fixed a long-standing bug where
we were sending trim and zero requests contrary to server
advertisement). Trying to provoke a write to a read-only server is
different than trying to experiment with an unknown flag, which is why
it might make sense to have two separate knobs for the gating done in
this patch.
Patch looks fine, ACK.
I've no particular opinion on whether this should be one or two flags.
Whatever you think is best.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top