From nobody Thu May  2 01:20:56 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VVGN84sqMz5KPDn;
	Thu,  2 May 2024 01:20:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VVGN82NTnz3wsW;
	Thu,  2 May 2024 01:20:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1714612856;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1ELtroNkqrLE0DlAkJeL8k/MopWq6m7djf/eNJBrrBs=;
	b=OwD7jogqzDglK0Idev6Q/gFXuYmtDxJgILoH68etg6d6Y473T94tG1JwPCsQtTftfmmWnm
	4cgtB7NZbeR2v4XOsmpahcGJu4TwGCevVCJams8QHRdoPnVAtULE+EPE4MisiX5mvsWjue
	vxrEJ2hExHFQZuRoMkybM7S+UAGxW8AOsPCVRyuhQD9Xdc/bZLuunqNByAzGmgKTbF8YdW
	5CbVBmViYJ8cCLewFSnTGcVPQSweBMhYTFIrdXNt+GKtNxWWbd4Ojs//lZubF4yPO7sC21
	yikVhbGwdJhZcGJt1l/uVLSfHOAk2TJE7UOeDnyU/X7c4Oe+tXFjV+nmebIHOQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714612856; a=rsa-sha256; cv=none;
	b=WISDVfhHeqvhQbn3XlTpv34hLVBnsYJ73r26DQ6kmazkTTeHdcZqkCtYI+qYnRPZztMkSk
	rF83mhgKq/8wT6OftVggCGcBoMyJdFG0fmwXCZcsQUagGWoc7cOQ4nVb6Hk0CMQ+2zFi4O
	he7CRZyxyP5KYvWFD6Y2QFChGrWDgkwR6ChFR2NMFPa2nbCVHLxRYIdFCkYIekI5zN4r8n
	bBhbbCCbGxUWrG6pNZrpLJVpWIrAyezy9N9QsH3i7hba+9sOB9oV674uzQ0pnt8PEmA2ek
	NrR9Y6muY/rZCD4efJ0g2YwIteUgYYY14zGaMsXHjtYG9OVt/pgCV9gEpmuo2g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1714612856;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1ELtroNkqrLE0DlAkJeL8k/MopWq6m7djf/eNJBrrBs=;
	b=J14617mlCmvBv+6fF0vJmYmkDSaVScedCumyjDGmpZX1bPe0UjE8ay0sJN3q0cLHlOd0Ge
	weBNoVDsbdLKb/czhhtspcz8wJy532I7bYKm6nnXUC3PHOXJ0BY/xSq6sb9oJpW3RKb8JA
	nHTPZYolj0UJcNsZCTMBYImH8QmdQrrdZv+dWBqHyJNxpTEuacI3w2qpl0MwNymwLTiYB9
	xI4FdgX0OemBuEsT4NXkbaMaOfC3DAvsK/Fx6NMD/ZWfIG8vEd5DUXDsL+isVa2c1t8Hje
	niBZT0Dz1wm5qfv/4dDG7H/3FWuv5PAf+nmgiT/gQP1KO1d6th94KYoP6hBzUQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VVGN820ySzjJS;
	Thu,  2 May 2024 01:20:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4421Kuae053432;
	Thu, 2 May 2024 01:20:56 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4421KuNn053430;
	Thu, 2 May 2024 01:20:56 GMT
	(envelope-from git)
Date: Thu, 2 May 2024 01:20:56 GMT
Message-Id: <202405020120.4421KuNn053430@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: f8575d4e4758 - stable/13 - krpc: Ref cnt the client
  structures for TLS upcalls
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: f8575d4e47587dc0153360debd3a6ec5665a57b5
Auto-Submitted: auto-generated

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=f8575d4e47587dc0153360debd3a6ec5665a57b5

commit f8575d4e47587dc0153360debd3a6ec5665a57b5
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2024-04-27 00:55:24 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2024-05-02 01:19:09 +0000

    krpc: Ref cnt the client structures for TLS upcalls
    
    A crash occurred during testing, where the client structures had
    already been free'd when the upcall thread tried to lock them.
    
    This patch acquires a reference count on both of the structures
    and these are released when the upcall is done, so that the
    structures cannot be free'd prematurely.  This happened because
    the testing is done over a very slow vpn.
    
    Found during a IETF bakeathon testing event this week.
    
    (cherry picked from commit 4ba444de708bada46a88ecac17b2f6c1dc912234)
---
 sys/rpc/clnt_vc.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sys/rpc/clnt_vc.c b/sys/rpc/clnt_vc.c
index 2edd7421f5c8..a8670553546e 100644
--- a/sys/rpc/clnt_vc.c
+++ b/sys/rpc/clnt_vc.c
@@ -759,6 +759,7 @@ clnt_vc_control(CLIENT *cl, u_int request, void *info)
 	case CLSET_BACKCHANNEL:
 		xprt = (SVCXPRT *)info;
 		if (ct->ct_backchannelxprt == NULL) {
+			SVC_ACQUIRE(xprt);
 			xprt->xp_p2 = ct;
 			if (ct->ct_sslrefno != 0)
 				xprt->xp_tls = RPCTLS_FLAGS_HANDSHAKE;
@@ -772,9 +773,11 @@ clnt_vc_control(CLIENT *cl, u_int request, void *info)
 		ct->ct_sslusec = *p++;
 		ct->ct_sslrefno = *p;
 		if (ct->ct_sslrefno != RPCTLS_REFNO_HANDSHAKE) {
+			/* cl ref cnt is released by clnt_vc_dotlsupcall(). */
+			CLNT_ACQUIRE(cl);
 			mtx_unlock(&ct->ct_lock);
 			/* Start the kthread that handles upcalls. */
-			error = kthread_add(clnt_vc_dotlsupcall, ct,
+			error = kthread_add(clnt_vc_dotlsupcall, cl,
 			    NULL, NULL, 0, 0, "krpctls%u", thrdnum++);
 			if (error != 0)
 				panic("Can't add KRPC thread error %d", error);
@@ -874,6 +877,7 @@ clnt_vc_destroy(CLIENT *cl)
 		mtx_lock(&ct->ct_lock);
 		xprt->xp_p2 = NULL;
 		sx_xunlock(&xprt->xp_lock);
+		SVC_RELEASE(xprt);
 	}
 
 	if (ct->ct_socket) {
@@ -1275,7 +1279,8 @@ clnt_vc_upcallsdone(struct ct_data *ct)
 static void
 clnt_vc_dotlsupcall(void *data)
 {
-	struct ct_data *ct = (struct ct_data *)data;
+	CLIENT *cl = (CLIENT *)data;
+	struct ct_data *ct = (struct ct_data *)cl->cl_private;
 	enum clnt_stat ret;
 	uint32_t reterr;
 
@@ -1312,5 +1317,6 @@ clnt_vc_dotlsupcall(void *data)
 	ct->ct_rcvstate &= ~RPCRCVSTATE_UPCALLTHREAD;
 	wakeup(&ct->ct_sslrefno);
 	mtx_unlock(&ct->ct_lock);
+	CLNT_RELEASE(cl);
 	kthread_exit();
 }