Commit 2216190e authored by Eric Blake's avatar Eric Blake Committed by Richard W.M. Jones
Browse files

opt_go: Tolerate unplanned server death

While debugging some experimental nbdkit code that was triggering an
assertion failure in nbdkit, I noticed a secondary failure of nbdsh
also dying from an assertion:

libnbd: debug: nbdsh: nbd_opt_go: transition: NEWSTYLE.OPT_GO.SEND -> DEAD
libnbd: debug: nbdsh: nbd_opt_go: option queued, ignoring state machine failure
nbdsh: opt.c:86: nbd_unlocked_opt_go: Assertion `nbd_internal_is_state_negotiating (get_next_state (h))' failed.

Although my trigger was from non-production nbdkit code, libnbd should
never die from an assertion failure merely because a server
disappeared at the wrong moment during an incomplete reply to
NBD_OPT_GO or NBD_OPT_INFO.  If this is assigned a CVE, a followup
patch will add mention of it in docs/libnbd-security.pod.

Fixes: bbf1c513 (api: Give aio_opt_go a completion callback)
(cherry picked from commit fb4440de)
parent a1d13ca2
/* NBD client library in userspace
* Copyright (C) 2020 Red Hat Inc.
* Copyright (C) 2020-2021 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -83,7 +83,8 @@ nbd_unlocked_opt_go (struct nbd_handle *h)
r = wait_for_option (h);
if (r == 0 && err) {
assert (nbd_internal_is_state_negotiating (get_next_state (h)));
assert (nbd_internal_is_state_negotiating (get_next_state (h)) ||
nbd_internal_is_state_dead (get_next_state (h)));
set_error (err, "server replied with error to opt_go request");
return -1;
}
......@@ -105,7 +106,8 @@ nbd_unlocked_opt_info (struct nbd_handle *h)
r = wait_for_option (h);
if (r == 0 && err) {
assert (nbd_internal_is_state_negotiating (get_next_state (h)));
assert (nbd_internal_is_state_negotiating (get_next_state (h)) ||
nbd_internal_is_state_dead (get_next_state (h)));
set_error (err, "server replied with error to opt_info request");
return -1;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment