git: 26ee05939209 - main - rpctls_impl.c: Fix handling of socket for daemon failure

Sat, 21 Jun 2025 16:53:06 -0700 

The branch main has been updated by rmacklem:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=26ee0593920946646882a14997d15e16b1bec772

commit 26ee0593920946646882a14997d15e16b1bec772
Author:     Rick Macklem <rmack...@freebsd.org>
AuthorDate: 2025-06-21 23:49:13 +0000
Commit:     Rick Macklem <rmack...@freebsd.org>
CommitDate: 2025-06-21 23:49:13 +0000

    rpctls_impl.c: Fix handling of socket for daemon failure
    
    If the client side rpc.tlsclntd is not running when a
    NFS-over-TLS connection attempt is made, the socket
    is left open. This results in the rpc.tlsservd daemon on
    the NFS server being stuck in SSL_accept() until the
    daemon is restarted.
    
    This patch fixes this by doing soclose() on the socket
    for the cases where the daemon has not acquired the
    socket.
    
    Reviewed by:    glebius
    Differential Revision:  https://reviews.freebsd.org/D50961
---
 sys/rpc/rpcsec_tls/rpctls_impl.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c
index 6745a04e8ac8..93fe283e65fd 100644
--- a/sys/rpc/rpcsec_tls/rpctls_impl.c
+++ b/sys/rpc/rpcsec_tls/rpctls_impl.c
@@ -181,6 +181,12 @@ sys_rpctls_syscall(struct thread *td, struct 
rpctls_syscall_args *uap)
                return (EPERM);
        }
        if ((error = falloc(td, &fp, &fd, 0)) != 0) {
+               /*
+                * The socket will not be acquired by the daemon,
+                * but has been removed from the upcall socket RB.
+                * As such, it needs to be closed here.
+                */
+               soclose(ups.so);
                KRPC_CURVNET_RESTORE();
                return (error);
        }
@@ -223,13 +229,11 @@ rpctls_rpc_failed(struct upsock *ups, struct socket *so)
                mtx_unlock(&rpctls_lock);
                MPASS(removed == ups);
                /*
-                * Do a shutdown on the socket, since the daemon is
-                * probably stuck in SSL_accept() trying to read the
-                * socket.  Do not soclose() the socket, since the
-                * daemon will close() the socket after SSL_accept()
-                * returns an error.
+                * Since the socket was still in the RB tree when
+                * this function was called, the daemon will not
+                * close it.  As such, it needs to be closed here.
                 */
-               soshutdown(so, SHUT_RD);
+               soclose(so);
        } else {
                /*
                 * The daemon has taken the socket from the tree, but

Reply via email to