On Tue, Apr 23, 2019 at 07:38:41AM -0500, Eric Blake wrote:
[adding NBD list]
On 4/23/19 2:36 AM, Richard W.M. Jones wrote:
> On Mon, Apr 22, 2019 at 07:50:22PM -0500, Eric Blake wrote:
>> Previously, we were squashing EOVERFLOW into EINVAL; continue to do so
>> at points in the protocol where the client may not be expecting
>> EOVERFLOW.
>
> The protocol spec is unclear on whether EOVERFLOW can be returned in
> cases other than the DF flag being set. Whether we include this patch
> or not seems to hinge on the interpretation of the protocol spec which
> I'm not really in a position to make.
Context: nbdkit previously did not allow the EOVERFLOW value over the
wire, so I'm proposing a patch to nbdkit to support it. But it raises
the question on whether allowing EOVERFLOW to any arbitrary command is
okay, or whether EOVERFLOW should only be exposed over the wire to a
client that is likely to expect it. The NBD spec added EOVERFLOW as a
valid error value when commit 7ff2e45e (Apr 2016) promoted structured
replies to be part of the protocol, so any client that negotiates
structured replies is thus new enough to expect EOVERFLOW; conversely,
EOVERFLOW is only documented as being reasonable for the server to send
in response to a client using NBD_CMD_FLAG_DF to NBD_CMD_READ (again,
which implies the client negotiated structured replies), and not all
clients support structured replies.
OTOH, for backcompat reasons it is reasonable to state that older
versions of nbd-server could send pretty much anything over the wire[1],
and that clients should therefore treat any nonzero value as an unknown
error.
I think that might also be a correct way to deal with error numbers in
cases where the client does not know what to do with it.
[1] I originally thought that errno values were way more standardized
than they happen to be in practice, and so the initial error handling in
nbd-server just sent the value of errno, whatever it happened to be,
over the wire. That worked just fine if client and server were the same
platform -- and more so since all the client would ever do when it saw
an error was yell "the server sent error code X" and abort, so that the
actual error number didn't even matter -- but it obviously wasn't ideal;
and when we chose the error values that got written in stone, we chose
the errno values that Linux/x86 uses for the types of errors that seemed
reasonable. What older servers sent is however not really defined, and
therefore should be treated as nasal daemons.
[...]
SHOULD NOT rather than MUST NOT, as a server may still choose to
expose
non-standard errors over the wire if a client might benefit from those
errors, and a well-written client will squash non-standard errors
received over the wire back to EINVAL.
Indeed; I think that is what we should do.
So the question at hand is whether I should patch the NBD spec to
recommend that a server SHOULD NOT send EOVERFLOW except in response to
NBD_CMD_READ when the NBD_CMD_FLAG_DF bit is set (similar to my proposed
wording that a server SHOULD NOT send ENOTSUP except in response to
NBD_CMD_FLAG_FAST_ZERO).
I think we can say that, but we should definitely also say that a client
should treat unknown errors in a particular way. Possibly "abort the
connection and give up", but something.
--
To the thief who stole my anti-depressants: I hope you're happy
-- seen somewhere on the Internet on a photo of a billboard