From nobody Tue Oct 28 20:42:57 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cx2Pt1Ph0z6DS6V for ; Tue, 28 Oct 2025 20:42:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cx2Pt0k6fz3fcV for ; Tue, 28 Oct 2025 20:42:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1761684178; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/uLLJ3UdF4b+rjWC6dZeooQsUWgGcQUZxAtDDRhzXfQ=; b=GBdYQT81Et+TcoMAbV4OsrS5inovRxgpRF7w2+8X7IZenCAWplG8lWRPRTbrIoZfB1Fqv8 DeHcOQZ10X1khLfn+36OdlA89wwGWYGz29uU5KIKNiTuNykOhKPCcCBk6tyTkoJl9lUxIj uVpcansXgMqOlx6+q/ywrCU/y1dtCg0/8Z8p6XwxEygxWA+I0wuJWSrcQwYT94P6SDNPxR sJPlQfylPoPWOj8/9ZXDCY3P5OMuI0/aKaD37g+5BZno3bDR4t2GAcX7eXvnDuQ8TrxmUn BjJfMUvzJWFc2YygR6l/Eye1hTzwZGEficu21W83oFPoOeF1BS+Q8wJG7iO2vA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1761684178; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/uLLJ3UdF4b+rjWC6dZeooQsUWgGcQUZxAtDDRhzXfQ=; b=cJGXBLgonQIJicvBefuSSguUg2NlSPTRU7FBThK062M+84lib8dqua0ogi+/xA6bi7Naos UPK56Z0b/kOgzQwtmXCB8p1TvvO2L9jCq5dVH8ubVK3h6O15GOoxo+VOot2Ube7wBip/QJ +VzJLVLgyF9vI8CsReeecoAGwKlhB9xjznAgm0QBLT645TAvh+NJlD1YphjKCOvo6zU1Bf q8VCNshlZOAjcryKNABC4/57rEFHZa/NrpEPaMsjLS9XnVCBrWFdRmKmwIiG64BMCVcCAs pofsrRPwTnbbPhT1UhNKrbGDA+WbkI6Z1KIzu2wjZ3B2PQJJdiBcpmpx/wEybQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1761684178; a=rsa-sha256; cv=none; b=Z9et46Vn5IPi+Ni9GoaPnHbd/4wFEmGXl4EIh9gW9CaYBC8eYn6Vt+44OdlKAsWeRBtnjZ 6uACfbo/1xJoNPMPmbl5k8dwrgyo3xbwE5YVVC+j8z86JbpNZmLu7V5o7nmzjY79td1bH+ LK/EcrvS9vI1sfO5NAeW9X2YpFQt+aRTkPodCeictyNbHITG+vDXExyp6l8R78jWiy4xTr /A9aA4DI35ngXuvOywp6LBiOvVpNsODuUTJdnb+nTaFh4/NNUOW0nlBf2wO7e2IP0ao9WO gX4fZs4Ev7y2N3AxRTZ5t05sQp3g9w2nexkaWI+s3hDXYqMXXO8aAd1y/q9hVg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cx2Pt0Fd3z159w for ; Tue, 28 Oct 2025 20:42:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 59SKgvUw001388 for ; Tue, 28 Oct 2025 20:42:57 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 59SKgvaH001387 for net@FreeBSD.org; Tue, 28 Oct 2025 20:42:57 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 289734] panic tcp_usr_close while running mount command after configure NFS over TLS Date: Tue, 28 Oct 2025 20:42:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 15.0-CURRENT X-Bugzilla-Keywords: crash, vendor X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: rmacklem@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D289734 --- Comment #18 from Rick Macklem --- (In reply to Gleb Smirnoff from comment #17) I haven't found time to look at the code, but here is what the old (FreeBSD-14) code does: (A) - When the krpc receives a "needs a TLS handshake" request (a Null RPC with "STARTTLS" stuffed in it), the krpc does an upcall to the userland daemon (rpc.tlsservd). (B) - The userland daemon (rpc.tlsservd) does a syscall that says "I need a file descriptor for the socket". The krpc cobbles a file descriptor for the daemon for the socket. *** At this point the krpc marks the socket (closed by daemon and not soclose() here in the kernel) and returns the file descriptor to the daemon. (C) - The daemon sets the SSL library to use the socket file descriptor, notes that it is responsible for doing a close(s) on the socket and calls SSL_accept() to do the actual handshake. (D) - After SSL_accept() returns, it replies to the upcall done at (A) with the results of the TLS handshake. Note that (B) at "***" is the exact point at which responsibility for closing the socket is given to the daemon (rpc.tlsservd). My understanding is that the glebius@ patch got rid of (B) and my hunch is there is now a time window between (A) and (D) where both the daemon (rpc.tlsservd) and the krpc might do a [so]close() on the socket. The easy way for me to fix this (since I am not familiar with glebius@'s code) is to go back to the FreeBSD-14 code and make the minimal changes needed for it to use netlink for the upcall instead of an AF_LOCAL socket (which was what I understand was the original goal of the glebius@ patch). --> In other words, return it to using the syscall at (B) and using separate daemon processes (with a TCP connection pinned to one of them) instead of pthreads. If glebius@ is ok with doing this, I can do so fairly quickly and come with a patch for testing. --=20 You are receiving this mail because: You are the assignee for the bug.=