From nobody Sat Apr 27 00:56:35 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VRB4M25FRz5JZyp;
	Sat, 27 Apr 2024 00:56:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VRB4M1R7Xz4c1P;
	Sat, 27 Apr 2024 00:56:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1714179395;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=r5R6ME5probAOMUSs1utt3s3rE3eQquea1nq49b4fl0=;
	b=PmhHZ7WAT4GPuHIOeBOLH8rYidYm6Dqj9k5XPldE6BLJZk6nPtDMhVjyWMy/y5Qg5JAa/c
	Ct0U6GmSfk3OuTF4lUVUSKN4mv/ms9mIIvWlKfGuhg6aFsN+m3mIrHy4ea9Kdirfq2R0ju
	ypi9aUqalAwop3gDc8S3Iy9dNxTytRTAo9oP7S9hMp7okISy94FSZmNZrsYN5/TYYrxvc5
	lidrdAIfKzpaEvYgTe1ckl3/Cfl5xkvKaI6hya31b/dSojMq/LgEerKA0OzwTRkXzxsKM5
	5cXuwdz6zIAWZ22El2HGoblhdQEG/llDR10O6P+sVtD1wq5lqMpWx2F4FZLxmQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714179395; a=rsa-sha256; cv=none;
	b=fhw8g5OO9wsZFVoGbGWwK+DuQGpvsZ0usl/rjanh+DfeyNCoq5Mh19e5VOkCNTxL4noG2x
	kA3fMU+VbptFBtegV3SMtZE7T/sYAyLH9kwhqhquqdNjFfLg72Vv7nBKT3t9twmHqBMFUS
	U0QrKNtJIjbFsVYjonxtgbw8qlHW8+KkEr5F/xuHUIdGQrajaGS3ZJ7waE+y6GJRAu5PsT
	E+LJyT2qd/OSaAL5rjRzK0QaDXhgbbb9Y5cHY36SVOW/T9/GC1sXpSZuXUxRzJjhUCC6Ul
	Tn3QEdzsN+lftrgIdCKb1IVGfwmFNb2inhqt5wQEMuAHUzyR/TQKVxLqWSr4+w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1714179395;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=r5R6ME5probAOMUSs1utt3s3rE3eQquea1nq49b4fl0=;
	b=IsHoZT08nWir7on8WfFKS32EZePCyL80F8kWYYIaQQkgRCcUEE8mKK5IUm6alc9UNNTSPZ
	RZCNPbdyx6QyrCr1npuRrBdt9NmWW3O70iGatmXCxQEXVe7ctLEENn/tVvYxeGUQQDpyfa
	P2JHdJuujAS2SyWmzmbziopQoS2/TB9wH0OqWz4A8t8GXSldVjQ64QlZjxYM/WjrbwdorQ
	cZKLGqOY3Lu6zErsJ/E4Ksxnny+w2HP2j0a7iVAOC2SgD4knKUVrj3jN6GtusLIfo/pGHp
	elR86bOjQE1jtDoFxerUN5sTuoh1DjndE+Vz1Yg9cfgJijBXl7UaDXGg+Yi0Bw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VRB4M12lpz152G;
	Sat, 27 Apr 2024 00:56:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43R0uZj2007495;
	Sat, 27 Apr 2024 00:56:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43R0uZC4007492;
	Sat, 27 Apr 2024 00:56:35 GMT
	(envelope-from git)
Date: Sat, 27 Apr 2024 00:56:35 GMT
Message-Id: <202404270056.43R0uZC4007492@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 4ba444de708b - main - krpc: Ref cnt the client
  structures for TLS upcalls
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 4ba444de708bada46a88ecac17b2f6c1dc912234
Auto-Submitted: auto-generated

The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=4ba444de708bada46a88ecac17b2f6c1dc912234

commit 4ba444de708bada46a88ecac17b2f6c1dc912234
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2024-04-27 00:55:24 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2024-04-27 00:55:24 +0000

    krpc: Ref cnt the client structures for TLS upcalls
    
    A crash occurred during testing, where the client structures had
    already been free'd when the upcall thread tried to lock them.
    
    This patch acquires a reference count on both of the structures
    and these are released when the upcall is done, so that the
    structures cannot be free'd prematurely.  This happened because
    the testing is done over a very slow vpn.
    
    Found during a IETF bakeathon testing event this week.
    
    MFC after:      5 days
---
 sys/rpc/clnt_vc.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sys/rpc/clnt_vc.c b/sys/rpc/clnt_vc.c
index 386153dc1f36..91556dddebaa 100644
--- a/sys/rpc/clnt_vc.c
+++ b/sys/rpc/clnt_vc.c
@@ -754,6 +754,7 @@ clnt_vc_control(CLIENT *cl, u_int request, void *info)
 	case CLSET_BACKCHANNEL:
 		xprt = (SVCXPRT *)info;
 		if (ct->ct_backchannelxprt == NULL) {
+			SVC_ACQUIRE(xprt);
 			xprt->xp_p2 = ct;
 			if (ct->ct_sslrefno != 0)
 				xprt->xp_tls = RPCTLS_FLAGS_HANDSHAKE;
@@ -767,9 +768,11 @@ clnt_vc_control(CLIENT *cl, u_int request, void *info)
 		ct->ct_sslusec = *p++;
 		ct->ct_sslrefno = *p;
 		if (ct->ct_sslrefno != RPCTLS_REFNO_HANDSHAKE) {
+			/* cl ref cnt is released by clnt_vc_dotlsupcall(). */
+			CLNT_ACQUIRE(cl);
 			mtx_unlock(&ct->ct_lock);
 			/* Start the kthread that handles upcalls. */
-			error = kthread_add(clnt_vc_dotlsupcall, ct,
+			error = kthread_add(clnt_vc_dotlsupcall, cl,
 			    NULL, NULL, 0, 0, "krpctls%u", thrdnum++);
 			if (error != 0)
 				panic("Can't add KRPC thread error %d", error);
@@ -869,6 +872,7 @@ clnt_vc_destroy(CLIENT *cl)
 		mtx_lock(&ct->ct_lock);
 		xprt->xp_p2 = NULL;
 		sx_xunlock(&xprt->xp_lock);
+		SVC_RELEASE(xprt);
 	}
 
 	if (ct->ct_socket) {
@@ -1269,7 +1273,8 @@ clnt_vc_upcallsdone(struct ct_data *ct)
 static void
 clnt_vc_dotlsupcall(void *data)
 {
-	struct ct_data *ct = (struct ct_data *)data;
+	CLIENT *cl = (CLIENT *)data;
+	struct ct_data *ct = (struct ct_data *)cl->cl_private;
 	enum clnt_stat ret;
 	uint32_t reterr;
 
@@ -1306,5 +1311,6 @@ clnt_vc_dotlsupcall(void *data)
 	ct->ct_rcvstate &= ~RPCRCVSTATE_UPCALLTHREAD;
 	wakeup(&ct->ct_sslrefno);
 	mtx_unlock(&ct->ct_lock);
+	CLNT_RELEASE(cl);
 	kthread_exit();
 }