The branch releng/14.1 has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=4fdb8d1ab316c5b80abc0c566b5d05d605e38b12
commit 4fdb8d1ab316c5b80abc0c566b5d05d605e38b12
Author: Rick Macklem <rmack...@freebsd.org>
AuthorDate: 2024-05-28 02:22:04 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2025-01-29 17:11:29 +0000
svc.c: Check for a non-NULL xp_socket
Commit a16ff32f04b5 added support to the kernel RPC to set
TCP_USE_DDP.
However, for the unusual case of a NFSv4.1/4.2 non-NULL callback,
the xp_socket field of SVCXPRT is NULL, since it uses the same
socket as the client->server connection.
This patch adds the check for this to avoid crashes.
This only affects NFSv4.1/4.2 mounts where either pNFS or
delegations are in use.
Approved by: so
Security: FreeBSD-EN-25:01.rpc
(cherry picked from commit 6c9170e0afc4ebec81ba88a6370ebf6cb55520ba)
(cherry picked from commit 4c136aad80e6da1c9aa99de863642fe64a54f9a8)
---
sys/rpc/svc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sys/rpc/svc.c b/sys/rpc/svc.c
index 6d19a0b1ea7d..1e0e02c23cc1 100644
--- a/sys/rpc/svc.c
+++ b/sys/rpc/svc.c
@@ -1000,6 +1000,7 @@ svc_getreq(SVCXPRT *xprt, struct svc_req **rqstp_ret)
* enable TLS offload first.
*/
if (xprt->xp_doneddp == 0 && r->rq_proc != NULLPROC &&
+ xprt->xp_socket != NULL &&
atomic_cmpset_int(&xprt->xp_doneddp, 0, 1)) {
if (xprt->xp_socket->so_proto->pr_protocol ==
IPPROTO_TCP) {
