Re: [Nbd] NBD server terminates on SIGPIPE during negotiation

[Wouter Verhelst <w@...112...>]

On Wed, Feb 06, 2013 at 08:40:14AM +0000, Alex Bligh wrote:
> Wouter,
> 
> On 5 Feb 2013, at 21:37, Wouter Verhelst wrote:
> 
> >> #1 Set the default action of SIGPIPE to Ign.
> >> 
> >> This is simplest to do, but not the right thing in my opinion.
> > 
> > It feels utterly wrong to me. If the client isn't talking to us anymore,
> > we need to stop, not try to continue. Doing otherwise could cause
> > different issues down the road; I don't want to go there.
> 
> Why do you think ignoring SIGPIPE is wrong? Provided you catch the
> condition in your select loop, you can tell when the client is not
> talking to you any more.

receiving SIGPIPE means you're doing something wrong. The system will
always give you an error state when you try to perform some operation on
a filedescriptor that has been closed, /before/ you receive SIGPIPE.
Missing that means you're not doing some kind of error handling. That
can have all sorts of bad consequences; e.g., you may be incorrectly
initializing variables, or you may start spinning, or something similar.

While I agree that avoiding a complete DoS due to a SIGPIPE would be a
good thing, I think the right way to do that is to completely
compartmentalize the communication behind a fork(), and to make sure the
error handling is done well.

This situation is of course different if the server is not using a
fork-per-client paradigm; but since that's what we're doing, I fail to
see any benefit in ignoring SIGPIPE, while there is some benefit to be
had in not ignoring it.

[...]

-- 
Copyshops should do vouchers. So that next time some bureaucracy requires you
to mail a form in triplicate, you can mail it just once, add a voucher, and
save on postage.