The branch main has been updated by rmacklem:
URL:
https://cgit.FreeBSD.org/src/commit/?id=2420e64c463a4873a7f0cb86837148bc66a6474a
commit 2420e64c463a4873a7f0cb86837148bc66a6474a
Author: Rick Macklem <rmack...@freebsd.org>
AuthorDate: 2025-07-18 18:27:50 +0000
Commit: Rick Macklem <rmack...@freebsd.org>
CommitDate: 2025-07-18 18:27:50 +0000
rpctls_impl.c: Fix handling of hung rpc tls daemon
Commit 26ee05939209 replaced soshutdown()
with soclose() for the case where the RPC TLS
daemon has not removed the socket from the RB
tree during an upcall.
It turns out that soshutdown() is needed for the
"else" case, which is the case that occurs when the
daemon is stuck in SSL_accept() or SSL_connect().
This patch adds a soshutdown() call to this else case,
which unsticks the daemon when the other end does
not do the actual TLS handshake. This can occur if
the daemon is not running at the other end.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D51083
Fixes: 26ee05939209 ("rpctls_impl.c: Fix handling of socket for daemon
failure")
---
sys/rpc/rpcsec_tls/rpctls_impl.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c
index 93fe283e65fd..51fe270b13d9 100644
--- a/sys/rpc/rpcsec_tls/rpctls_impl.c
+++ b/sys/rpc/rpcsec_tls/rpctls_impl.c
@@ -240,6 +240,14 @@ rpctls_rpc_failed(struct upsock *ups, struct socket *so)
* failed to do the handshake.
*/
mtx_unlock(&rpctls_lock);
+ /*
+ * Do a shutdown on the socket, since the daemon is
+ * probably stuck in SSL_accept() or SSL_connect() trying to
+ * read the socket. Do not soclose() the socket, since the
+ * daemon will close() the socket after SSL_accept()
+ * returns an error.
+ */
+ soshutdown(so, SHUT_RD);
}
}
