git: 26ee05939209 - main - rpctls_impl.c: Fix handling of socket for daemon failure
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 21 Jun 2025 23:52:18 UTC
The branch main has been updated by rmacklem:
URL: https://cgit.FreeBSD.org/src/commit/?id=26ee0593920946646882a14997d15e16b1bec772
commit 26ee0593920946646882a14997d15e16b1bec772
Author: Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2025-06-21 23:49:13 +0000
Commit: Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2025-06-21 23:49:13 +0000
rpctls_impl.c: Fix handling of socket for daemon failure
If the client side rpc.tlsclntd is not running when a
NFS-over-TLS connection attempt is made, the socket
is left open. This results in the rpc.tlsservd daemon on
the NFS server being stuck in SSL_accept() until the
daemon is restarted.
This patch fixes this by doing soclose() on the socket
for the cases where the daemon has not acquired the
socket.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D50961
---
sys/rpc/rpcsec_tls/rpctls_impl.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c
index 6745a04e8ac8..93fe283e65fd 100644
--- a/sys/rpc/rpcsec_tls/rpctls_impl.c
+++ b/sys/rpc/rpcsec_tls/rpctls_impl.c
@@ -181,6 +181,12 @@ sys_rpctls_syscall(struct thread *td, struct rpctls_syscall_args *uap)
return (EPERM);
}
if ((error = falloc(td, &fp, &fd, 0)) != 0) {
+ /*
+ * The socket will not be acquired by the daemon,
+ * but has been removed from the upcall socket RB.
+ * As such, it needs to be closed here.
+ */
+ soclose(ups.so);
KRPC_CURVNET_RESTORE();
return (error);
}
@@ -223,13 +229,11 @@ rpctls_rpc_failed(struct upsock *ups, struct socket *so)
mtx_unlock(&rpctls_lock);
MPASS(removed == ups);
/*
- * Do a shutdown on the socket, since the daemon is
- * probably stuck in SSL_accept() trying to read the
- * socket. Do not soclose() the socket, since the
- * daemon will close() the socket after SSL_accept()
- * returns an error.
+ * Since the socket was still in the RB tree when
+ * this function was called, the daemon will not
+ * close it. As such, it needs to be closed here.
*/
- soshutdown(so, SHUT_RD);
+ soclose(so);
} else {
/*
* The daemon has taken the socket from the tree, but