Date: Sat, 21 Jun 2025 23:52:18 GMT From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 26ee05939209 - main - rpctls_impl.c: Fix handling of socket for daemon failure Message-ID: <202506212352.55LNqIc5089144@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=26ee0593920946646882a14997d15e16b1bec772 commit 26ee0593920946646882a14997d15e16b1bec772 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2025-06-21 23:49:13 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2025-06-21 23:49:13 +0000 rpctls_impl.c: Fix handling of socket for daemon failure If the client side rpc.tlsclntd is not running when a NFS-over-TLS connection attempt is made, the socket is left open. This results in the rpc.tlsservd daemon on the NFS server being stuck in SSL_accept() until the daemon is restarted. This patch fixes this by doing soclose() on the socket for the cases where the daemon has not acquired the socket. Reviewed by: glebius Differential Revision: https://reviews.freebsd.org/D50961 --- sys/rpc/rpcsec_tls/rpctls_impl.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c index 6745a04e8ac8..93fe283e65fd 100644 --- a/sys/rpc/rpcsec_tls/rpctls_impl.c +++ b/sys/rpc/rpcsec_tls/rpctls_impl.c @@ -181,6 +181,12 @@ sys_rpctls_syscall(struct thread *td, struct rpctls_syscall_args *uap) return (EPERM); } if ((error = falloc(td, &fp, &fd, 0)) != 0) { + /* + * The socket will not be acquired by the daemon, + * but has been removed from the upcall socket RB. + * As such, it needs to be closed here. + */ + soclose(ups.so); KRPC_CURVNET_RESTORE(); return (error); } @@ -223,13 +229,11 @@ rpctls_rpc_failed(struct upsock *ups, struct socket *so) mtx_unlock(&rpctls_lock); MPASS(removed == ups); /* - * Do a shutdown on the socket, since the daemon is - * probably stuck in SSL_accept() trying to read the - * socket. Do not soclose() the socket, since the - * daemon will close() the socket after SSL_accept() - * returns an error. + * Since the socket was still in the RB tree when + * this function was called, the daemon will not + * close it. As such, it needs to be closed here. */ - soshutdown(so, SHUT_RD); + soclose(so); } else { /* * The daemon has taken the socket from the tree, but
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506212352.55LNqIc5089144>