From nobody Thu May  2 01:11:25 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VVG995xd4z5KNXy;
	Thu,  2 May 2024 01:11:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VVG993KgHz58lg;
	Thu,  2 May 2024 01:11:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1714612285;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NGB5+KXsQAAhBjHfDPFzelW5yNxIGaN2xfAR4oH+KEU=;
	b=D5b2tgXK3acCFAo4AW03d6zcfXrofWG7MJc0aqmcFwJ3Q5bxehMxvhAmItqPFQVCWdQArw
	2OqN0CXViCWhlZkeGwaz1SIqtHZSY85rWLXMDE7LPfTXXoeXCCrsIhV0ezng8N7X75bboD
	As1vuwhCLcL3+3/hg1qgx/EOb7Wbs51n30fg/i3y4AL3qtc+3huCBtRk3tGT6CBGHNIwsZ
	5XjiKrDkjSrjO3occ3+9MFUTNze5uSuqw64qd1+JteBxJRLihh4avoKnHc4VMbSPoZ0YWt
	ms6rkfsUPzd3Q92JZFK9ueJnyOYxS4ypL/sD7BrghvUSzjfP2eFNujaXyV63BA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714612285; a=rsa-sha256; cv=none;
	b=FEYKoi6e4u0QN8knWYzDkqrR0XHJ0hA7Ar978LUwlPxPTixD8WV1U+8X14PsJPiP5bHUMV
	oXN3G9Giyb+kiTTrx9umDtwfZSWydNB2OgyaUbij6PWxH3UKsTLdvbVvbHKUSKw6lYEmN3
	PHYkZa7OSJxEJRgRIB+vCEwUR6aT8uLNtOTx++QhPxfBCCiWowhazCWZAMwbMc9bcreXmw
	nCKgRXVxGL9I6iX4sTm8Empr73nd+vQ5xv1tP8GGP8m9ClZurUx5JX2YvUh3w0awdhXx73
	Yky4ree6xjQRubfcyF+is6pM4NBOWztGjvNT68QGwoOxS8seYO9TjT12bH5N7w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1714612285;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NGB5+KXsQAAhBjHfDPFzelW5yNxIGaN2xfAR4oH+KEU=;
	b=TaNupRtjb7i1IO9JkooomhcacdVFXJgdXQ0kE7T/YJ3i+AjIGq8HdHmFeKbjF1HQ9ekjNI
	VbjdJQak+BQDbuqLdafQPlkGOvwdDZYeHb+FkDto3PKaOpeRu1qAZRifUKwxwyF98Wjt5W
	Q95aVwGrIut3/SWsYpVAMsChkKU00lZljLJ144kGRkTYmp9wIB8Y3zeR0ejr1U249RXY/X
	DyyHUfhWygGP+qevZffJ39xk1aO2JOKSHU/UicJ40REGprDJPWq0k/t6FLrnxeKGyAWihG
	wJM7ss6/1gMUY8HKNZcquOgShcshCtrmwdXR0bggDDngO3P7dNlsGqTfs2FflQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VVG992xDPzhmK;
	Thu,  2 May 2024 01:11:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4421BP1I040028;
	Thu, 2 May 2024 01:11:25 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4421BPP3040025;
	Thu, 2 May 2024 01:11:25 GMT
	(envelope-from git)
Date: Thu, 2 May 2024 01:11:25 GMT
Message-Id: <202405020111.4421BPP3040025@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: f6b902a4117a - stable/14 - krpc: Ref cnt the client
  structures for TLS upcalls
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: f6b902a4117a9893179be4e46c50358d32321301
Auto-Submitted: auto-generated

The branch stable/14 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=f6b902a4117a9893179be4e46c50358d32321301

commit f6b902a4117a9893179be4e46c50358d32321301
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2024-04-27 00:55:24 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2024-05-02 01:09:52 +0000

    krpc: Ref cnt the client structures for TLS upcalls
    
    A crash occurred during testing, where the client structures had
    already been free'd when the upcall thread tried to lock them.
    
    This patch acquires a reference count on both of the structures
    and these are released when the upcall is done, so that the
    structures cannot be free'd prematurely.  This happened because
    the testing is done over a very slow vpn.
    
    Found during a IETF bakeathon testing event this week.
    
    (cherry picked from commit 4ba444de708bada46a88ecac17b2f6c1dc912234)
---
 sys/rpc/clnt_vc.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sys/rpc/clnt_vc.c b/sys/rpc/clnt_vc.c
index b4ddaec3cbdc..cc2471f95e8c 100644
--- a/sys/rpc/clnt_vc.c
+++ b/sys/rpc/clnt_vc.c
@@ -759,6 +759,7 @@ clnt_vc_control(CLIENT *cl, u_int request, void *info)
 	case CLSET_BACKCHANNEL:
 		xprt = (SVCXPRT *)info;
 		if (ct->ct_backchannelxprt == NULL) {
+			SVC_ACQUIRE(xprt);
 			xprt->xp_p2 = ct;
 			if (ct->ct_sslrefno != 0)
 				xprt->xp_tls = RPCTLS_FLAGS_HANDSHAKE;
@@ -772,9 +773,11 @@ clnt_vc_control(CLIENT *cl, u_int request, void *info)
 		ct->ct_sslusec = *p++;
 		ct->ct_sslrefno = *p;
 		if (ct->ct_sslrefno != RPCTLS_REFNO_HANDSHAKE) {
+			/* cl ref cnt is released by clnt_vc_dotlsupcall(). */
+			CLNT_ACQUIRE(cl);
 			mtx_unlock(&ct->ct_lock);
 			/* Start the kthread that handles upcalls. */
-			error = kthread_add(clnt_vc_dotlsupcall, ct,
+			error = kthread_add(clnt_vc_dotlsupcall, cl,
 			    NULL, NULL, 0, 0, "krpctls%u", thrdnum++);
 			if (error != 0)
 				panic("Can't add KRPC thread error %d", error);
@@ -874,6 +877,7 @@ clnt_vc_destroy(CLIENT *cl)
 		mtx_lock(&ct->ct_lock);
 		xprt->xp_p2 = NULL;
 		sx_xunlock(&xprt->xp_lock);
+		SVC_RELEASE(xprt);
 	}
 
 	if (ct->ct_socket) {
@@ -1274,7 +1278,8 @@ clnt_vc_upcallsdone(struct ct_data *ct)
 static void
 clnt_vc_dotlsupcall(void *data)
 {
-	struct ct_data *ct = (struct ct_data *)data;
+	CLIENT *cl = (CLIENT *)data;
+	struct ct_data *ct = (struct ct_data *)cl->cl_private;
 	enum clnt_stat ret;
 	uint32_t reterr;
 
@@ -1311,5 +1316,6 @@ clnt_vc_dotlsupcall(void *data)
 	ct->ct_rcvstate &= ~RPCRCVSTATE_UPCALLTHREAD;
 	wakeup(&ct->ct_sslrefno);
 	mtx_unlock(&ct->ct_lock);
+	CLNT_RELEASE(cl);
 	kthread_exit();
 }