rpcsec_tls: cleanup the rpctls_syscall()

With all the recent changes we don't need extra argument that specifies
what exactly the syscalls does, neither we need a copyout-able pointer,
just a pointer sized integer.

Reviewed by:		rmacklem
Differential Revision:	https://reviews.freebsd.org/D48649
This commit is contained in:
Gleb Smirnoff
2025-01-31 17:03:27 -08:00
parent 8e5f80da89
commit 765ad4f039
5 changed files with 53 additions and 56 deletions
+1 -2
View File
@@ -3249,8 +3249,7 @@
; 576 is initialised by the krpc code, if present.
576 AUE_NULL NOSTD {
int rpctls_syscall(
int op,
_In_z_ const char *path
uint64_t socookie
);
}
577 AUE_SPECIALFD STD|CAPENABLED {
+2 -6
View File
@@ -28,12 +28,8 @@
#ifndef _RPC_RPCSEC_TLS_H_
#define _RPC_RPCSEC_TLS_H_
/* Operation values for rpctls syscall. */
#define RPCTLS_SYSC_CLSOCKET 2
#define RPCTLS_SYSC_SRVSOCKET 5
/* System call used by the rpctlscd, rpctlssd daemons. */
int rpctls_syscall(int, const char *);
/* System call used by the rpc.tlsclntd(8), rpc.tlsservd(8) daemons. */
int rpctls_syscall(uint64_t);
/* Flag bits to indicate certificate results. */
#define RPCTLS_FLAGS_HANDSHAKE 0x01
+48 -46
View File
@@ -88,6 +88,7 @@ struct upsock {
CLIENT *cl;
SVCXPRT *xp;
};
bool server;
};
static RB_HEAD(upsock_t, upsock) upcall_sockets;
@@ -169,7 +170,7 @@ int
sys_rpctls_syscall(struct thread *td, struct rpctls_syscall_args *uap)
{
struct file *fp;
struct upsock *ups;
struct upsock *upsp, ups;
int fd = -1, error;
error = priv_check(td, PRIV_NFS_DAEMON);
@@ -177,52 +178,51 @@ sys_rpctls_syscall(struct thread *td, struct rpctls_syscall_args *uap)
return (error);
KRPC_CURVNET_SET(KRPC_TD_TO_VNET(td));
switch (uap->op) {
case RPCTLS_SYSC_CLSOCKET:
case RPCTLS_SYSC_SRVSOCKET:
mtx_lock(&rpctls_lock);
ups = RB_FIND(upsock_t, &upcall_sockets,
&(struct upsock){
.so = __DECONST(struct socket *, uap->path) });
if (__predict_true(ups != NULL))
RB_REMOVE(upsock_t, &upcall_sockets, ups);
mtx_unlock(&rpctls_lock);
if (ups == NULL) {
printf("%s: socket lookup failed\n", __func__);
error = EPERM;
break;
}
if ((error = falloc(td, &fp, &fd, 0)) != 0)
break;
soref(ups->so);
switch (uap->op) {
case RPCTLS_SYSC_CLSOCKET:
/*
* Initialize TLS state so that clnt_vc_destroy() will
* not close the socket and will leave that for the
* daemon to do.
*/
CLNT_CONTROL(ups->cl, CLSET_TLS,
&(int){RPCTLS_INHANDSHAKE});
break;
case RPCTLS_SYSC_SRVSOCKET:
/*
* Once this file descriptor is associated
* with the socket, it cannot be closed by
* the server side krpc code (svc_vc.c).
*/
sx_xlock(&ups->xp->xp_lock);
ups->xp->xp_tls = RPCTLS_FLAGS_HANDSHFAIL;
sx_xunlock(&ups->xp->xp_lock);
break;
}
finit(fp, FREAD | FWRITE, DTYPE_SOCKET, ups->so, &socketops);
fdrop(fp, td); /* Drop fp reference. */
td->td_retval[0] = fd;
break;
default:
error = EINVAL;
mtx_lock(&rpctls_lock);
upsp = RB_FIND(upsock_t, &upcall_sockets,
&(struct upsock){
.so = __DECONST(struct socket *, uap->socookie) });
if (__predict_true(upsp != NULL)) {
RB_REMOVE(upsock_t, &upcall_sockets, upsp);
/*
* The upsp points to stack of NFS mounting thread. Even
* though we removed it from the tree, we still don't own it.
* Make a copy before releasing the lock. The mounting thread
* may timeout the RPC and unroll its stack.
*/
ups = *upsp;
}
mtx_unlock(&rpctls_lock);
if (upsp == NULL) {
KRPC_CURVNET_RESTORE();
printf("%s: socket lookup failed\n", __func__);
return (EPERM);
}
if ((error = falloc(td, &fp, &fd, 0)) != 0) {
KRPC_CURVNET_RESTORE();
return (error);
}
soref(ups.so);
if (ups.server) {
/*
* Once this file descriptor is associated
* with the socket, it cannot be closed by
* the server side krpc code (svc_vc.c).
*/
sx_xlock(&ups.xp->xp_lock);
ups.xp->xp_tls = RPCTLS_FLAGS_HANDSHFAIL;
sx_xunlock(&ups.xp->xp_lock);
} else {
/*
* Initialize TLS state so that clnt_vc_destroy() will
* not close the socket and will leave that for the
* daemon to do.
*/
CLNT_CONTROL(ups.cl, CLSET_TLS, &(int){RPCTLS_INHANDSHAKE});
}
finit(fp, FREAD | FWRITE, DTYPE_SOCKET, ups.so, &socketops);
fdrop(fp, td); /* Drop fp reference. */
td->td_retval[0] = fd;
KRPC_CURVNET_RESTORE();
return (error);
@@ -269,6 +269,7 @@ rpctls_connect(CLIENT *newclient, char *certname, struct socket *so,
struct upsock ups = {
.so = so,
.cl = newclient,
.server = false,
};
CLIENT *cl = KRPC_VNET(rpctls_connect_handle);
@@ -390,6 +391,7 @@ rpctls_server(SVCXPRT *xprt, uint32_t *flags, uid_t *uid, int *ngrps,
struct upsock ups = {
.so = xprt->xp_socket,
.xp = xprt,
.server = true,
};
CLIENT *cl = KRPC_VNET(rpctls_server_handle);
struct rpctlssd_connect_arg arg;
+1 -1
View File
@@ -258,7 +258,7 @@ rpctlscd_connect_2_svc(struct rpctlscd_connect_arg *argp,
rpctls_verbose_out("rpctlsd_connect: started\n");
/* Get the socket fd from the kernel. */
s = rpctls_syscall(RPCTLS_SYSC_CLSOCKET, (char *)argp->socookie);
s = rpctls_syscall(argp->socookie);
if (s < 0) {
result->reterr = RPCTLSERR_NOSOCKET;
return (TRUE);
+1 -1
View File
@@ -403,7 +403,7 @@ rpctlssd_connect_thread(void *v)
}
/* Get the socket fd from the kernel. */
s = rpctls_syscall(RPCTLS_SYSC_SRVSOCKET, (char *)socookie);
s = rpctls_syscall(socookie);
if (s < 0) {
rpctls_verbose_out("rpctlssd_connect_svc: rpctls_syscall "
"accept failed\n");