From owner-svn-src-projects@freebsd.org  Sat Jun 13 20:54:19 2020
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 01622342E98
 for <svn-src-projects@mailman.nyi.freebsd.org>;
 Sat, 13 Jun 2020 20:54:19 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49kqZy6F9Cz4Tn8;
 Sat, 13 Jun 2020 20:54:18 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D19EE21323;
 Sat, 13 Jun 2020 20:54:18 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 05DKsII1048468;
 Sat, 13 Jun 2020 20:54:18 GMT (envelope-from rmacklem@FreeBSD.org)
Received: (from rmacklem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 05DKsIvg048466;
 Sat, 13 Jun 2020 20:54:18 GMT (envelope-from rmacklem@FreeBSD.org)
Message-Id: <202006132054.05DKsIvg048466@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to
 rmacklem@FreeBSD.org using -f
From: Rick Macklem <rmacklem@FreeBSD.org>
Date: Sat, 13 Jun 2020 20:54:18 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r362154 - projects/nfs-over-tls/sys/rpc
X-SVN-Group: projects
X-SVN-Commit-Author: rmacklem
X-SVN-Commit-Paths: projects/nfs-over-tls/sys/rpc
X-SVN-Commit-Revision: 362154
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2020 20:54:19 -0000

Author: rmacklem
Date: Sat Jun 13 20:54:18 2020
New Revision: 362154
URL: https://svnweb.freebsd.org/changeset/base/362154

Log:
  Fix clnt_vc_soupcall() for the case where a server uses multiple TCP
  record fragments.
  
  In practice, I do not believe that any extant NFS servers generate
  an RPC reply message in multiple TCP record fragments.
  The code in head is broken for this case, too.
  However, the patch fixes this case.
  It also changes the code to force a TCP reconnect when a bogus
  RPC message record is received, since the data in the TCP stream must
  be corrupted.

Modified:
  projects/nfs-over-tls/sys/rpc/clnt_vc.c

Modified: projects/nfs-over-tls/sys/rpc/clnt_vc.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/clnt_vc.c	Sat Jun 13 18:38:59 2020	(r362153)
+++ projects/nfs-over-tls/sys/rpc/clnt_vc.c	Sat Jun 13 20:54:18 2020	(r362154)
@@ -1091,7 +1091,6 @@ printf("Got weird type=%d\n", tgr.tls_type);
 			m_copydata(ct->ct_raw, 0, sizeof(uint32_t),
 			    (char *)&header);
 			header = ntohl(header);
-			ct->ct_record = NULL;
 			ct->ct_record_resid = header & 0x7fffffff;
 			ct->ct_record_eor = ((header & 0x80000000) != 0);
 			if (ct->ct_record_resid < 20 ||
@@ -1140,7 +1139,7 @@ printf("soup m_split returned NULL\n");
 					 * connection and allow
 					 * clnt_reconnect_XXX() to try
 					 * and establish a new one.
-					 * If we just return and there are
+					 * If we just return and there is
 					 * no more data received, the
 					 * connection will be hung.
 					 */
@@ -1173,9 +1172,21 @@ printf("soup m_split returned NULL\n");
 				    sizeof(xid_plus_direction) &&
 				    m_length(ct->ct_record, NULL) <
 				    sizeof(xid_plus_direction)) {
-					m_freem(ct->ct_record);
-					ct->ct_record = NULL;
-					break;
+					/*
+					 * What to do now?
+					 * The TCP stream is messed up.
+					 * I think it best to close this
+					 * connection and allow
+					 * clnt_reconnect_XXX() to try
+					 * and establish a new one.
+					 * If we just return and there is
+					 * no more data received, the
+					 * connection will be hung.
+					 */
+					printf("clnt_vc_soupcall: "
+					    "connection data corrupted\n");
+					error = ECONNRESET;
+					goto wakeup_all;
 				}
 				m_copydata(ct->ct_record, 0,
 				    sizeof(xid_plus_direction),