On 05/08/2015 06:41 AM, Paolo Bonzini wrote: > > > On 08/05/2015 14:40, Eric Blake wrote: >> On 05/08/2015 03:50 AM, Paolo Bonzini wrote: >>> Right now, NBD includes potentially platform-specific error values in >>> the wire protocol. >>>
>> >> Do we also want to handle "case 0: return 0;" on either conversion, or >> even "case 0: abort();" to ensure that callers are using these helpers >> correctly? > > Yes, it's much better that way. Thinking about it a bit more: abort() is fine on the sending side, to ensure we aren't putting garbage on the wire; but abort() on the receiving side is a bit risky (we should be handling a corrupted incoming stream gracefully - a malicious sender should not be able to crash us). Of course, once we've detected a corrupted incoming stream, we can't do much for the block device the stream was supposed to represent (perhaps treat it as EIO and declare the device dead), but that's still better than aborting. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
