nbd/server.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)
Commit 37ec36f6 intentionally ignores errors when trying to reply
to an NBD_OPT_ABORT request for plaintext clients, but did not make
the same change for a TLS server. Since NBD_OPT_ABORT is
documented as being a potential for an EPIPE when the client hangs
up without waiting for our reply, we don't need to pollute the
server's output with that failure.
Signed-off-by: Eric Blake <eblake@redhat.com>
---
nbd/server.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/nbd/server.c b/nbd/server.c
index 056cfa5ad47..dc04513de70 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1134,12 +1134,16 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,
return -EINVAL;
default:
- ret = nbd_opt_drop(client, NBD_REP_ERR_TLS_REQD, errp,
+ /* Let the client keep trying, unless they asked to
+ * quit. Always try to give an error back to the
+ * client; but when replying to OPT_ABORT, be aware
+ * that the client may hang up before receiving the
+ * error, in which case we are fine ignoring the
+ * resulting EPIPE. */
+ ret = nbd_opt_drop(client, NBD_REP_ERR_TLS_REQD,
+ option == NBD_OPT_ABORT ? NULL : errp,
"Option 0x%" PRIx32
" not permitted before TLS", option);
- /* Let the client keep trying, unless they asked to
- * quit. In this mode, we've already sent an error, so
- * we can't ack the abort. */
if (option == NBD_OPT_ABORT) {
return 1;
}
--
2.17.2
On Sat, Nov 17, 2018 at 04:32:21PM -0600, Eric Blake wrote: > Commit 37ec36f6 intentionally ignores errors when trying to reply > to an NBD_OPT_ABORT request for plaintext clients, but did not make > the same change for a TLS server. Since NBD_OPT_ABORT is > documented as being a potential for an EPIPE when the client hangs > up without waiting for our reply, we don't need to pollute the > server's output with that failure. > > Signed-off-by: Eric Blake <eblake@redhat.com> > --- > nbd/server.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/nbd/server.c b/nbd/server.c > index 056cfa5ad47..dc04513de70 100644 > --- a/nbd/server.c > +++ b/nbd/server.c > @@ -1134,12 +1134,16 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags, > return -EINVAL; > > default: > - ret = nbd_opt_drop(client, NBD_REP_ERR_TLS_REQD, errp, > + /* Let the client keep trying, unless they asked to > + * quit. Always try to give an error back to the > + * client; but when replying to OPT_ABORT, be aware > + * that the client may hang up before receiving the > + * error, in which case we are fine ignoring the > + * resulting EPIPE. */ > + ret = nbd_opt_drop(client, NBD_REP_ERR_TLS_REQD, > + option == NBD_OPT_ABORT ? NULL : errp, > "Option 0x%" PRIx32 > " not permitted before TLS", option); > - /* Let the client keep trying, unless they asked to > - * quit. In this mode, we've already sent an error, so > - * we can't ack the abort. */ > if (option == NBD_OPT_ABORT) { > return 1; > } Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2024 Red Hat, Inc.