Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Jun 2020 20:54:18 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r362154 - projects/nfs-over-tls/sys/rpc
Message-ID:  <202006132054.05DKsIvg048466@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rmacklem
Date: Sat Jun 13 20:54:18 2020
New Revision: 362154
URL: https://svnweb.freebsd.org/changeset/base/362154

Log:
  Fix clnt_vc_soupcall() for the case where a server uses multiple TCP
  record fragments.
  
  In practice, I do not believe that any extant NFS servers generate
  an RPC reply message in multiple TCP record fragments.
  The code in head is broken for this case, too.
  However, the patch fixes this case.
  It also changes the code to force a TCP reconnect when a bogus
  RPC message record is received, since the data in the TCP stream must
  be corrupted.

Modified:
  projects/nfs-over-tls/sys/rpc/clnt_vc.c

Modified: projects/nfs-over-tls/sys/rpc/clnt_vc.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/clnt_vc.c	Sat Jun 13 18:38:59 2020	(r362153)
+++ projects/nfs-over-tls/sys/rpc/clnt_vc.c	Sat Jun 13 20:54:18 2020	(r362154)
@@ -1091,7 +1091,6 @@ printf("Got weird type=%d\n", tgr.tls_type);
 			m_copydata(ct->ct_raw, 0, sizeof(uint32_t),
 			    (char *)&header);
 			header = ntohl(header);
-			ct->ct_record = NULL;
 			ct->ct_record_resid = header & 0x7fffffff;
 			ct->ct_record_eor = ((header & 0x80000000) != 0);
 			if (ct->ct_record_resid < 20 ||
@@ -1140,7 +1139,7 @@ printf("soup m_split returned NULL\n");
 					 * connection and allow
 					 * clnt_reconnect_XXX() to try
 					 * and establish a new one.
-					 * If we just return and there are
+					 * If we just return and there is
 					 * no more data received, the
 					 * connection will be hung.
 					 */
@@ -1173,9 +1172,21 @@ printf("soup m_split returned NULL\n");
 				    sizeof(xid_plus_direction) &&
 				    m_length(ct->ct_record, NULL) <
 				    sizeof(xid_plus_direction)) {
-					m_freem(ct->ct_record);
-					ct->ct_record = NULL;
-					break;
+					/*
+					 * What to do now?
+					 * The TCP stream is messed up.
+					 * I think it best to close this
+					 * connection and allow
+					 * clnt_reconnect_XXX() to try
+					 * and establish a new one.
+					 * If we just return and there is
+					 * no more data received, the
+					 * connection will be hung.
+					 */
+					printf("clnt_vc_soupcall: "
+					    "connection data corrupted\n");
+					error = ECONNRESET;
+					goto wakeup_all;
 				}
 				m_copydata(ct->ct_record, 0,
 				    sizeof(xid_plus_direction),

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006132054.05DKsIvg048466>