xref: /freebsd/sys/rpc/clnt_vc.c (revision 2008043f386721d58158e37e0d7e50df8095942d)
1 /*	$NetBSD: clnt_vc.c,v 1.4 2000/07/14 08:40:42 fvdl Exp $	*/
2 
3 /*-
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  * Copyright (c) 2009, Sun Microsystems, Inc.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions are met:
11  * - Redistributions of source code must retain the above copyright notice,
12  *   this list of conditions and the following disclaimer.
13  * - Redistributions in binary form must reproduce the above copyright notice,
14  *   this list of conditions and the following disclaimer in the documentation
15  *   and/or other materials provided with the distribution.
16  * - Neither the name of Sun Microsystems, Inc. nor the names of its
17  *   contributors may be used to endorse or promote products derived
18  *   from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
24  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  * POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 #if defined(LIBC_SCCS) && !defined(lint)
34 static char *sccsid2 = "@(#)clnt_tcp.c 1.37 87/10/05 Copyr 1984 Sun Micro";
35 static char *sccsid = "@(#)clnt_tcp.c	2.2 88/08/01 4.0 RPCSRC";
36 static char sccsid3[] = "@(#)clnt_vc.c 1.19 89/03/16 Copyr 1988 Sun Micro";
37 #endif
38 #include <sys/cdefs.h>
39 /*
40  * clnt_tcp.c, Implements a TCP/IP based, client side RPC.
41  *
42  * Copyright (C) 1984, Sun Microsystems, Inc.
43  *
44  * TCP based RPC supports 'batched calls'.
45  * A sequence of calls may be batched-up in a send buffer.  The rpc call
46  * return immediately to the client even though the call was not necessarily
47  * sent.  The batching occurs if the results' xdr routine is NULL (0) AND
48  * the rpc timeout value is zero (see clnt.h, rpc).
49  *
50  * Clients should NOT casually batch calls that in fact return results; that is,
51  * the server side should be aware that a call is batched and not produce any
52  * return message.  Batched calls that produce many result messages can
53  * deadlock (netlock) the client and the server....
54  *
55  * Now go hang yourself.
56  */
57 
58 #include "opt_kern_tls.h"
59 
60 #include <sys/param.h>
61 #include <sys/systm.h>
62 #include <sys/kernel.h>
63 #include <sys/kthread.h>
64 #include <sys/ktls.h>
65 #include <sys/lock.h>
66 #include <sys/malloc.h>
67 #include <sys/mbuf.h>
68 #include <sys/mutex.h>
69 #include <sys/pcpu.h>
70 #include <sys/proc.h>
71 #include <sys/protosw.h>
72 #include <sys/socket.h>
73 #include <sys/socketvar.h>
74 #include <sys/sx.h>
75 #include <sys/syslog.h>
76 #include <sys/time.h>
77 #include <sys/uio.h>
78 
79 #include <net/vnet.h>
80 
81 #include <netinet/tcp.h>
82 
83 #include <rpc/rpc.h>
84 #include <rpc/rpc_com.h>
85 #include <rpc/krpc.h>
86 #include <rpc/rpcsec_tls.h>
87 
88 struct cmessage {
89         struct cmsghdr cmsg;
90         struct cmsgcred cmcred;
91 };
92 
93 static enum clnt_stat clnt_vc_call(CLIENT *, struct rpc_callextra *,
94     rpcproc_t, struct mbuf *, struct mbuf **, struct timeval);
95 static void clnt_vc_geterr(CLIENT *, struct rpc_err *);
96 static bool_t clnt_vc_freeres(CLIENT *, xdrproc_t, void *);
97 static void clnt_vc_abort(CLIENT *);
98 static bool_t clnt_vc_control(CLIENT *, u_int, void *);
99 static void clnt_vc_close(CLIENT *);
100 static void clnt_vc_destroy(CLIENT *);
101 static bool_t time_not_ok(struct timeval *);
102 static int clnt_vc_soupcall(struct socket *so, void *arg, int waitflag);
103 static void clnt_vc_dotlsupcall(void *data);
104 
105 static const struct clnt_ops clnt_vc_ops = {
106 	.cl_call =	clnt_vc_call,
107 	.cl_abort =	clnt_vc_abort,
108 	.cl_geterr =	clnt_vc_geterr,
109 	.cl_freeres =	clnt_vc_freeres,
110 	.cl_close =	clnt_vc_close,
111 	.cl_destroy =	clnt_vc_destroy,
112 	.cl_control =	clnt_vc_control
113 };
114 
115 static void clnt_vc_upcallsdone(struct ct_data *);
116 
117 /*
118  * Create a client handle for a connection.
119  * Default options are set, which the user can change using clnt_control()'s.
120  * The rpc/vc package does buffering similar to stdio, so the client
121  * must pick send and receive buffer sizes, 0 => use the default.
122  * NB: fd is copied into a private area.
123  * NB: The rpch->cl_auth is set null authentication. Caller may wish to
124  * set this something more useful.
125  *
126  * fd should be an open socket
127  */
128 CLIENT *
129 clnt_vc_create(
130 	struct socket *so,		/* open file descriptor */
131 	struct sockaddr *raddr,		/* servers address */
132 	const rpcprog_t prog,		/* program number */
133 	const rpcvers_t vers,		/* version number */
134 	size_t sendsz,			/* buffer recv size */
135 	size_t recvsz,			/* buffer send size */
136 	int intrflag)			/* interruptible */
137 {
138 	CLIENT *cl;			/* client handle */
139 	struct ct_data *ct = NULL;	/* client handle */
140 	struct timeval now;
141 	struct rpc_msg call_msg;
142 	static uint32_t disrupt;
143 	struct __rpc_sockinfo si;
144 	XDR xdrs;
145 	int error, interrupted, one = 1, sleep_flag;
146 	struct sockopt sopt;
147 
148 	if (disrupt == 0)
149 		disrupt = (uint32_t)(long)raddr;
150 
151 	cl = (CLIENT *)mem_alloc(sizeof (*cl));
152 	ct = (struct ct_data *)mem_alloc(sizeof (*ct));
153 
154 	mtx_init(&ct->ct_lock, "ct->ct_lock", NULL, MTX_DEF);
155 	ct->ct_threads = 0;
156 	ct->ct_closing = FALSE;
157 	ct->ct_closed = FALSE;
158 	ct->ct_upcallrefs = 0;
159 	ct->ct_rcvstate = RPCRCVSTATE_NORMAL;
160 
161 	if ((so->so_state & (SS_ISCONNECTED|SS_ISCONFIRMING)) == 0) {
162 		error = soconnect(so, raddr, curthread);
163 		SOCK_LOCK(so);
164 		interrupted = 0;
165 		sleep_flag = PSOCK;
166 		if (intrflag != 0)
167 			sleep_flag |= PCATCH;
168 		while ((so->so_state & SS_ISCONNECTING)
169 		    && so->so_error == 0) {
170 			error = msleep(&so->so_timeo, SOCK_MTX(so),
171 			    sleep_flag, "connec", 0);
172 			if (error) {
173 				if (error == EINTR || error == ERESTART)
174 					interrupted = 1;
175 				break;
176 			}
177 		}
178 		if (error == 0) {
179 			error = so->so_error;
180 			so->so_error = 0;
181 		}
182 		SOCK_UNLOCK(so);
183 		if (error) {
184 			if (!interrupted)
185 				so->so_state &= ~SS_ISCONNECTING;
186 			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
187 			rpc_createerr.cf_error.re_errno = error;
188 			goto err;
189 		}
190 	}
191 
192 	if (!__rpc_socket2sockinfo(so, &si)) {
193 		goto err;
194 	}
195 
196 	if (so->so_proto->pr_flags & PR_CONNREQUIRED) {
197 		bzero(&sopt, sizeof(sopt));
198 		sopt.sopt_dir = SOPT_SET;
199 		sopt.sopt_level = SOL_SOCKET;
200 		sopt.sopt_name = SO_KEEPALIVE;
201 		sopt.sopt_val = &one;
202 		sopt.sopt_valsize = sizeof(one);
203 		sosetopt(so, &sopt);
204 	}
205 
206 	if (so->so_proto->pr_protocol == IPPROTO_TCP) {
207 		bzero(&sopt, sizeof(sopt));
208 		sopt.sopt_dir = SOPT_SET;
209 		sopt.sopt_level = IPPROTO_TCP;
210 		sopt.sopt_name = TCP_NODELAY;
211 		sopt.sopt_val = &one;
212 		sopt.sopt_valsize = sizeof(one);
213 		sosetopt(so, &sopt);
214 	}
215 
216 	ct->ct_closeit = FALSE;
217 
218 	/*
219 	 * Set up private data struct
220 	 */
221 	ct->ct_socket = so;
222 	ct->ct_wait.tv_sec = -1;
223 	ct->ct_wait.tv_usec = -1;
224 	memcpy(&ct->ct_addr, raddr, raddr->sa_len);
225 
226 	/*
227 	 * Initialize call message
228 	 */
229 	getmicrotime(&now);
230 	ct->ct_xid = ((uint32_t)++disrupt) ^ __RPC_GETXID(&now);
231 	call_msg.rm_xid = ct->ct_xid;
232 	call_msg.rm_direction = CALL;
233 	call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
234 	call_msg.rm_call.cb_prog = (uint32_t)prog;
235 	call_msg.rm_call.cb_vers = (uint32_t)vers;
236 
237 	/*
238 	 * pre-serialize the static part of the call msg and stash it away
239 	 */
240 	xdrmem_create(&xdrs, ct->ct_mcallc, MCALL_MSG_SIZE,
241 	    XDR_ENCODE);
242 	if (! xdr_callhdr(&xdrs, &call_msg)) {
243 		if (ct->ct_closeit) {
244 			soclose(ct->ct_socket);
245 		}
246 		goto err;
247 	}
248 	ct->ct_mpos = XDR_GETPOS(&xdrs);
249 	XDR_DESTROY(&xdrs);
250 	ct->ct_waitchan = "rpcrecv";
251 	ct->ct_waitflag = 0;
252 
253 	/*
254 	 * Create a client handle which uses xdrrec for serialization
255 	 * and authnone for authentication.
256 	 */
257 	sendsz = __rpc_get_t_size(si.si_af, si.si_proto, (int)sendsz);
258 	recvsz = __rpc_get_t_size(si.si_af, si.si_proto, (int)recvsz);
259 	error = soreserve(ct->ct_socket, sendsz, recvsz);
260 	if (error != 0) {
261 		if (ct->ct_closeit) {
262 			soclose(ct->ct_socket);
263 		}
264 		goto err;
265 	}
266 	cl->cl_refs = 1;
267 	cl->cl_ops = &clnt_vc_ops;
268 	cl->cl_private = ct;
269 	cl->cl_auth = authnone_create();
270 
271 	SOCKBUF_LOCK(&ct->ct_socket->so_rcv);
272 	soupcall_set(ct->ct_socket, SO_RCV, clnt_vc_soupcall, ct);
273 	SOCKBUF_UNLOCK(&ct->ct_socket->so_rcv);
274 
275 	ct->ct_raw = NULL;
276 	ct->ct_record = NULL;
277 	ct->ct_record_resid = 0;
278 	ct->ct_sslrefno = 0;
279 	TAILQ_INIT(&ct->ct_pending);
280 	return (cl);
281 
282 err:
283 	mtx_destroy(&ct->ct_lock);
284 	mem_free(ct, sizeof (struct ct_data));
285 	mem_free(cl, sizeof (CLIENT));
286 
287 	return ((CLIENT *)NULL);
288 }
289 
290 static enum clnt_stat
291 clnt_vc_call(
292 	CLIENT		*cl,		/* client handle */
293 	struct rpc_callextra *ext,	/* call metadata */
294 	rpcproc_t	proc,		/* procedure number */
295 	struct mbuf	*args,		/* pointer to args */
296 	struct mbuf	**resultsp,	/* pointer to results */
297 	struct timeval	utimeout)
298 {
299 	struct ct_data *ct = (struct ct_data *) cl->cl_private;
300 	AUTH *auth;
301 	struct rpc_err *errp;
302 	enum clnt_stat stat;
303 	XDR xdrs;
304 	struct rpc_msg reply_msg;
305 	bool_t ok;
306 	int nrefreshes = 2;		/* number of times to refresh cred */
307 	struct timeval timeout;
308 	uint32_t xid;
309 	struct mbuf *mreq = NULL, *results;
310 	struct ct_request *cr;
311 	int error, maxextsiz, trycnt;
312 #ifdef KERN_TLS
313 	u_int maxlen;
314 #endif
315 
316 	cr = malloc(sizeof(struct ct_request), M_RPC, M_WAITOK);
317 
318 	mtx_lock(&ct->ct_lock);
319 
320 	if (ct->ct_closing || ct->ct_closed) {
321 		mtx_unlock(&ct->ct_lock);
322 		free(cr, M_RPC);
323 		return (RPC_CANTSEND);
324 	}
325 	ct->ct_threads++;
326 
327 	if (ext) {
328 		auth = ext->rc_auth;
329 		errp = &ext->rc_err;
330 	} else {
331 		auth = cl->cl_auth;
332 		errp = &ct->ct_error;
333 	}
334 
335 	cr->cr_mrep = NULL;
336 	cr->cr_error = 0;
337 
338 	if (ct->ct_wait.tv_usec == -1) {
339 		timeout = utimeout;	/* use supplied timeout */
340 	} else {
341 		timeout = ct->ct_wait;	/* use default timeout */
342 	}
343 
344 	/*
345 	 * After 15sec of looping, allow it to return RPC_CANTSEND, which will
346 	 * cause the clnt_reconnect layer to create a new TCP connection.
347 	 */
348 	trycnt = 15 * hz;
349 call_again:
350 	mtx_assert(&ct->ct_lock, MA_OWNED);
351 	if (ct->ct_closing || ct->ct_closed) {
352 		ct->ct_threads--;
353 		wakeup(ct);
354 		mtx_unlock(&ct->ct_lock);
355 		free(cr, M_RPC);
356 		return (RPC_CANTSEND);
357 	}
358 
359 	ct->ct_xid++;
360 	xid = ct->ct_xid;
361 
362 	mtx_unlock(&ct->ct_lock);
363 
364 	/*
365 	 * Leave space to pre-pend the record mark.
366 	 */
367 	mreq = m_gethdr(M_WAITOK, MT_DATA);
368 	mreq->m_data += sizeof(uint32_t);
369 	KASSERT(ct->ct_mpos + sizeof(uint32_t) <= MHLEN,
370 	    ("RPC header too big"));
371 	bcopy(ct->ct_mcallc, mreq->m_data, ct->ct_mpos);
372 	mreq->m_len = ct->ct_mpos;
373 
374 	/*
375 	 * The XID is the first thing in the request.
376 	 */
377 	*mtod(mreq, uint32_t *) = htonl(xid);
378 
379 	xdrmbuf_create(&xdrs, mreq, XDR_ENCODE);
380 
381 	errp->re_status = stat = RPC_SUCCESS;
382 
383 	if ((! XDR_PUTINT32(&xdrs, &proc)) ||
384 	    (! AUTH_MARSHALL(auth, xid, &xdrs,
385 		m_copym(args, 0, M_COPYALL, M_WAITOK)))) {
386 		errp->re_status = stat = RPC_CANTENCODEARGS;
387 		mtx_lock(&ct->ct_lock);
388 		goto out;
389 	}
390 	mreq->m_pkthdr.len = m_length(mreq, NULL);
391 
392 	/*
393 	 * Prepend a record marker containing the packet length.
394 	 */
395 	M_PREPEND(mreq, sizeof(uint32_t), M_WAITOK);
396 	*mtod(mreq, uint32_t *) =
397 		htonl(0x80000000 | (mreq->m_pkthdr.len - sizeof(uint32_t)));
398 
399 	cr->cr_xid = xid;
400 	mtx_lock(&ct->ct_lock);
401 	/*
402 	 * Check to see if the other end has already started to close down
403 	 * the connection. The upcall will have set ct_error.re_status
404 	 * to RPC_CANTRECV if this is the case.
405 	 * If the other end starts to close down the connection after this
406 	 * point, it will be detected later when cr_error is checked,
407 	 * since the request is in the ct_pending queue.
408 	 */
409 	if (ct->ct_error.re_status == RPC_CANTRECV) {
410 		if (errp != &ct->ct_error) {
411 			errp->re_errno = ct->ct_error.re_errno;
412 			errp->re_status = RPC_CANTRECV;
413 		}
414 		stat = RPC_CANTRECV;
415 		goto out;
416 	}
417 
418 	/* For TLS, wait for an upcall to be done, as required. */
419 	while ((ct->ct_rcvstate & (RPCRCVSTATE_NORMAL |
420 	    RPCRCVSTATE_NONAPPDATA)) == 0)
421 		msleep(&ct->ct_rcvstate, &ct->ct_lock, 0, "rpcrcvst", hz);
422 
423 	TAILQ_INSERT_TAIL(&ct->ct_pending, cr, cr_link);
424 	mtx_unlock(&ct->ct_lock);
425 
426 	if (ct->ct_sslrefno != 0) {
427 		/*
428 		 * Copy the mbuf chain to a chain of ext_pgs mbuf(s)
429 		 * as required by KERN_TLS.
430 		 */
431 		maxextsiz = TLS_MAX_MSG_SIZE_V10_2;
432 #ifdef KERN_TLS
433 		if (rpctls_getinfo(&maxlen, false, false))
434 			maxextsiz = min(maxextsiz, maxlen);
435 #endif
436 		mreq = _rpc_copym_into_ext_pgs(mreq, maxextsiz);
437 	}
438 	/*
439 	 * sosend consumes mreq.
440 	 */
441 	error = sosend(ct->ct_socket, NULL, NULL, mreq, NULL, 0, curthread);
442 	mreq = NULL;
443 	if (error == EMSGSIZE || (error == ERESTART &&
444 	    (ct->ct_waitflag & PCATCH) == 0 && trycnt-- > 0)) {
445 		SOCKBUF_LOCK(&ct->ct_socket->so_snd);
446 		sbwait(ct->ct_socket, SO_SND);
447 		SOCKBUF_UNLOCK(&ct->ct_socket->so_snd);
448 		AUTH_VALIDATE(auth, xid, NULL, NULL);
449 		mtx_lock(&ct->ct_lock);
450 		TAILQ_REMOVE(&ct->ct_pending, cr, cr_link);
451 		/* Sleep for 1 clock tick before trying the sosend() again. */
452 		mtx_unlock(&ct->ct_lock);
453 		pause("rpclpsnd", 1);
454 		mtx_lock(&ct->ct_lock);
455 		goto call_again;
456 	}
457 
458 	reply_msg.acpted_rply.ar_verf.oa_flavor = AUTH_NULL;
459 	reply_msg.acpted_rply.ar_verf.oa_base = cr->cr_verf;
460 	reply_msg.acpted_rply.ar_verf.oa_length = 0;
461 	reply_msg.acpted_rply.ar_results.where = NULL;
462 	reply_msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_void;
463 
464 	mtx_lock(&ct->ct_lock);
465 	if (error) {
466 		TAILQ_REMOVE(&ct->ct_pending, cr, cr_link);
467 		errp->re_errno = error;
468 		errp->re_status = stat = RPC_CANTSEND;
469 		goto out;
470 	}
471 
472 	/*
473 	 * Check to see if we got an upcall while waiting for the
474 	 * lock. In both these cases, the request has been removed
475 	 * from ct->ct_pending.
476 	 */
477 	if (cr->cr_error) {
478 		TAILQ_REMOVE(&ct->ct_pending, cr, cr_link);
479 		errp->re_errno = cr->cr_error;
480 		errp->re_status = stat = RPC_CANTRECV;
481 		goto out;
482 	}
483 	if (cr->cr_mrep) {
484 		TAILQ_REMOVE(&ct->ct_pending, cr, cr_link);
485 		goto got_reply;
486 	}
487 
488 	/*
489 	 * Hack to provide rpc-based message passing
490 	 */
491 	if (timeout.tv_sec == 0 && timeout.tv_usec == 0) {
492 		TAILQ_REMOVE(&ct->ct_pending, cr, cr_link);
493 		errp->re_status = stat = RPC_TIMEDOUT;
494 		goto out;
495 	}
496 
497 	error = msleep(cr, &ct->ct_lock, ct->ct_waitflag, ct->ct_waitchan,
498 	    tvtohz(&timeout));
499 
500 	TAILQ_REMOVE(&ct->ct_pending, cr, cr_link);
501 
502 	if (error) {
503 		/*
504 		 * The sleep returned an error so our request is still
505 		 * on the list. Turn the error code into an
506 		 * appropriate client status.
507 		 */
508 		errp->re_errno = error;
509 		switch (error) {
510 		case EINTR:
511 			stat = RPC_INTR;
512 			break;
513 		case EWOULDBLOCK:
514 			stat = RPC_TIMEDOUT;
515 			break;
516 		default:
517 			stat = RPC_CANTRECV;
518 		}
519 		errp->re_status = stat;
520 		goto out;
521 	} else {
522 		/*
523 		 * We were woken up by the upcall.  If the
524 		 * upcall had a receive error, report that,
525 		 * otherwise we have a reply.
526 		 */
527 		if (cr->cr_error) {
528 			errp->re_errno = cr->cr_error;
529 			errp->re_status = stat = RPC_CANTRECV;
530 			goto out;
531 		}
532 	}
533 
534 got_reply:
535 	/*
536 	 * Now decode and validate the response. We need to drop the
537 	 * lock since xdr_replymsg may end up sleeping in malloc.
538 	 */
539 	mtx_unlock(&ct->ct_lock);
540 
541 	if (ext && ext->rc_feedback)
542 		ext->rc_feedback(FEEDBACK_OK, proc, ext->rc_feedback_arg);
543 
544 	xdrmbuf_create(&xdrs, cr->cr_mrep, XDR_DECODE);
545 	ok = xdr_replymsg(&xdrs, &reply_msg);
546 	cr->cr_mrep = NULL;
547 
548 	if (ok) {
549 		if ((reply_msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
550 		    (reply_msg.acpted_rply.ar_stat == SUCCESS))
551 			errp->re_status = stat = RPC_SUCCESS;
552 		else
553 			stat = _seterr_reply(&reply_msg, errp);
554 
555 		if (stat == RPC_SUCCESS) {
556 			results = xdrmbuf_getall(&xdrs);
557 			if (!AUTH_VALIDATE(auth, xid,
558 				&reply_msg.acpted_rply.ar_verf,
559 				&results)) {
560 				errp->re_status = stat = RPC_AUTHERROR;
561 				errp->re_why = AUTH_INVALIDRESP;
562 			} else {
563 				KASSERT(results,
564 				    ("auth validated but no result"));
565 				*resultsp = results;
566 			}
567 		}		/* end successful completion */
568 		/*
569 		 * If unsuccessful AND error is an authentication error
570 		 * then refresh credentials and try again, else break
571 		 */
572 		else if (stat == RPC_AUTHERROR)
573 			/* maybe our credentials need to be refreshed ... */
574 			if (nrefreshes > 0 &&
575 			    AUTH_REFRESH(auth, &reply_msg)) {
576 				nrefreshes--;
577 				XDR_DESTROY(&xdrs);
578 				mtx_lock(&ct->ct_lock);
579 				goto call_again;
580 			}
581 		/* end of unsuccessful completion */
582 	}	/* end of valid reply message */
583 	else {
584 		errp->re_status = stat = RPC_CANTDECODERES;
585 	}
586 	XDR_DESTROY(&xdrs);
587 	mtx_lock(&ct->ct_lock);
588 out:
589 	mtx_assert(&ct->ct_lock, MA_OWNED);
590 
591 	KASSERT(stat != RPC_SUCCESS || *resultsp,
592 	    ("RPC_SUCCESS without reply"));
593 
594 	if (mreq)
595 		m_freem(mreq);
596 	if (cr->cr_mrep)
597 		m_freem(cr->cr_mrep);
598 
599 	ct->ct_threads--;
600 	if (ct->ct_closing)
601 		wakeup(ct);
602 
603 	mtx_unlock(&ct->ct_lock);
604 
605 	if (auth && stat != RPC_SUCCESS)
606 		AUTH_VALIDATE(auth, xid, NULL, NULL);
607 
608 	free(cr, M_RPC);
609 
610 	return (stat);
611 }
612 
613 static void
614 clnt_vc_geterr(CLIENT *cl, struct rpc_err *errp)
615 {
616 	struct ct_data *ct = (struct ct_data *) cl->cl_private;
617 
618 	*errp = ct->ct_error;
619 }
620 
621 static bool_t
622 clnt_vc_freeres(CLIENT *cl, xdrproc_t xdr_res, void *res_ptr)
623 {
624 	XDR xdrs;
625 	bool_t dummy;
626 
627 	xdrs.x_op = XDR_FREE;
628 	dummy = (*xdr_res)(&xdrs, res_ptr);
629 
630 	return (dummy);
631 }
632 
633 /*ARGSUSED*/
634 static void
635 clnt_vc_abort(CLIENT *cl)
636 {
637 }
638 
639 static bool_t
640 clnt_vc_control(CLIENT *cl, u_int request, void *info)
641 {
642 	struct ct_data *ct = (struct ct_data *)cl->cl_private;
643 	void *infop = info;
644 	SVCXPRT *xprt;
645 	uint64_t *p;
646 	int error;
647 	static u_int thrdnum = 0;
648 
649 	mtx_lock(&ct->ct_lock);
650 
651 	switch (request) {
652 	case CLSET_FD_CLOSE:
653 		ct->ct_closeit = TRUE;
654 		mtx_unlock(&ct->ct_lock);
655 		return (TRUE);
656 	case CLSET_FD_NCLOSE:
657 		ct->ct_closeit = FALSE;
658 		mtx_unlock(&ct->ct_lock);
659 		return (TRUE);
660 	default:
661 		break;
662 	}
663 
664 	/* for other requests which use info */
665 	if (info == NULL) {
666 		mtx_unlock(&ct->ct_lock);
667 		return (FALSE);
668 	}
669 	switch (request) {
670 	case CLSET_TIMEOUT:
671 		if (time_not_ok((struct timeval *)info)) {
672 			mtx_unlock(&ct->ct_lock);
673 			return (FALSE);
674 		}
675 		ct->ct_wait = *(struct timeval *)infop;
676 		break;
677 	case CLGET_TIMEOUT:
678 		*(struct timeval *)infop = ct->ct_wait;
679 		break;
680 	case CLGET_SERVER_ADDR:
681 		(void) memcpy(info, &ct->ct_addr, (size_t)ct->ct_addr.ss_len);
682 		break;
683 	case CLGET_SVC_ADDR:
684 		/*
685 		 * Slightly different semantics to userland - we use
686 		 * sockaddr instead of netbuf.
687 		 */
688 		memcpy(info, &ct->ct_addr, ct->ct_addr.ss_len);
689 		break;
690 	case CLSET_SVC_ADDR:		/* set to new address */
691 		mtx_unlock(&ct->ct_lock);
692 		return (FALSE);
693 	case CLGET_XID:
694 		*(uint32_t *)info = ct->ct_xid;
695 		break;
696 	case CLSET_XID:
697 		/* This will set the xid of the NEXT call */
698 		/* decrement by 1 as clnt_vc_call() increments once */
699 		ct->ct_xid = *(uint32_t *)info - 1;
700 		break;
701 	case CLGET_VERS:
702 		/*
703 		 * This RELIES on the information that, in the call body,
704 		 * the version number field is the fifth field from the
705 		 * beginning of the RPC header. MUST be changed if the
706 		 * call_struct is changed
707 		 */
708 		*(uint32_t *)info =
709 		    ntohl(*(uint32_t *)(void *)(ct->ct_mcallc +
710 		    4 * BYTES_PER_XDR_UNIT));
711 		break;
712 
713 	case CLSET_VERS:
714 		*(uint32_t *)(void *)(ct->ct_mcallc +
715 		    4 * BYTES_PER_XDR_UNIT) =
716 		    htonl(*(uint32_t *)info);
717 		break;
718 
719 	case CLGET_PROG:
720 		/*
721 		 * This RELIES on the information that, in the call body,
722 		 * the program number field is the fourth field from the
723 		 * beginning of the RPC header. MUST be changed if the
724 		 * call_struct is changed
725 		 */
726 		*(uint32_t *)info =
727 		    ntohl(*(uint32_t *)(void *)(ct->ct_mcallc +
728 		    3 * BYTES_PER_XDR_UNIT));
729 		break;
730 
731 	case CLSET_PROG:
732 		*(uint32_t *)(void *)(ct->ct_mcallc +
733 		    3 * BYTES_PER_XDR_UNIT) =
734 		    htonl(*(uint32_t *)info);
735 		break;
736 
737 	case CLSET_WAITCHAN:
738 		ct->ct_waitchan = (const char *)info;
739 		break;
740 
741 	case CLGET_WAITCHAN:
742 		*(const char **) info = ct->ct_waitchan;
743 		break;
744 
745 	case CLSET_INTERRUPTIBLE:
746 		if (*(int *) info)
747 			ct->ct_waitflag = PCATCH;
748 		else
749 			ct->ct_waitflag = 0;
750 		break;
751 
752 	case CLGET_INTERRUPTIBLE:
753 		if (ct->ct_waitflag)
754 			*(int *) info = TRUE;
755 		else
756 			*(int *) info = FALSE;
757 		break;
758 
759 	case CLSET_BACKCHANNEL:
760 		xprt = (SVCXPRT *)info;
761 		if (ct->ct_backchannelxprt == NULL) {
762 			xprt->xp_p2 = ct;
763 			if (ct->ct_sslrefno != 0)
764 				xprt->xp_tls = RPCTLS_FLAGS_HANDSHAKE;
765 			ct->ct_backchannelxprt = xprt;
766 		}
767 		break;
768 
769 	case CLSET_TLS:
770 		p = (uint64_t *)info;
771 		ct->ct_sslsec = *p++;
772 		ct->ct_sslusec = *p++;
773 		ct->ct_sslrefno = *p;
774 		if (ct->ct_sslrefno != RPCTLS_REFNO_HANDSHAKE) {
775 			mtx_unlock(&ct->ct_lock);
776 			/* Start the kthread that handles upcalls. */
777 			error = kthread_add(clnt_vc_dotlsupcall, ct,
778 			    NULL, NULL, 0, 0, "krpctls%u", thrdnum++);
779 			if (error != 0)
780 				panic("Can't add KRPC thread error %d", error);
781 		} else
782 			mtx_unlock(&ct->ct_lock);
783 		return (TRUE);
784 
785 	case CLSET_BLOCKRCV:
786 		if (*(int *) info) {
787 			ct->ct_rcvstate &= ~RPCRCVSTATE_NORMAL;
788 			ct->ct_rcvstate |= RPCRCVSTATE_TLSHANDSHAKE;
789 		} else {
790 			ct->ct_rcvstate &= ~RPCRCVSTATE_TLSHANDSHAKE;
791 			ct->ct_rcvstate |= RPCRCVSTATE_NORMAL;
792 		}
793 		break;
794 
795 	default:
796 		mtx_unlock(&ct->ct_lock);
797 		return (FALSE);
798 	}
799 
800 	mtx_unlock(&ct->ct_lock);
801 	return (TRUE);
802 }
803 
804 static void
805 clnt_vc_close(CLIENT *cl)
806 {
807 	struct ct_data *ct = (struct ct_data *) cl->cl_private;
808 	struct ct_request *cr;
809 
810 	mtx_lock(&ct->ct_lock);
811 
812 	if (ct->ct_closed) {
813 		mtx_unlock(&ct->ct_lock);
814 		return;
815 	}
816 
817 	if (ct->ct_closing) {
818 		while (ct->ct_closing)
819 			msleep(ct, &ct->ct_lock, 0, "rpcclose", 0);
820 		KASSERT(ct->ct_closed, ("client should be closed"));
821 		mtx_unlock(&ct->ct_lock);
822 		return;
823 	}
824 
825 	if (ct->ct_socket) {
826 		ct->ct_closing = TRUE;
827 		mtx_unlock(&ct->ct_lock);
828 
829 		SOCKBUF_LOCK(&ct->ct_socket->so_rcv);
830 		if (ct->ct_socket->so_rcv.sb_upcall != NULL) {
831 			soupcall_clear(ct->ct_socket, SO_RCV);
832 			clnt_vc_upcallsdone(ct);
833 		}
834 		SOCKBUF_UNLOCK(&ct->ct_socket->so_rcv);
835 
836 		/*
837 		 * Abort any pending requests and wait until everyone
838 		 * has finished with clnt_vc_call.
839 		 */
840 		mtx_lock(&ct->ct_lock);
841 		TAILQ_FOREACH(cr, &ct->ct_pending, cr_link) {
842 			cr->cr_xid = 0;
843 			cr->cr_error = ESHUTDOWN;
844 			wakeup(cr);
845 		}
846 
847 		while (ct->ct_threads)
848 			msleep(ct, &ct->ct_lock, 0, "rpcclose", 0);
849 	}
850 
851 	ct->ct_closing = FALSE;
852 	ct->ct_closed = TRUE;
853 	wakeup(&ct->ct_sslrefno);
854 	mtx_unlock(&ct->ct_lock);
855 	wakeup(ct);
856 }
857 
858 static void
859 clnt_vc_destroy(CLIENT *cl)
860 {
861 	struct ct_data *ct = (struct ct_data *) cl->cl_private;
862 	struct socket *so = NULL;
863 	SVCXPRT *xprt;
864 	uint32_t reterr;
865 
866 	clnt_vc_close(cl);
867 
868 	mtx_lock(&ct->ct_lock);
869 	xprt = ct->ct_backchannelxprt;
870 	ct->ct_backchannelxprt = NULL;
871 	if (xprt != NULL) {
872 		mtx_unlock(&ct->ct_lock);	/* To avoid a LOR. */
873 		sx_xlock(&xprt->xp_lock);
874 		mtx_lock(&ct->ct_lock);
875 		xprt->xp_p2 = NULL;
876 		sx_xunlock(&xprt->xp_lock);
877 	}
878 
879 	if (ct->ct_socket) {
880 		if (ct->ct_closeit) {
881 			so = ct->ct_socket;
882 		}
883 	}
884 
885 	/* Wait for the upcall kthread to terminate. */
886 	while ((ct->ct_rcvstate & RPCRCVSTATE_UPCALLTHREAD) != 0)
887 		msleep(&ct->ct_sslrefno, &ct->ct_lock, 0,
888 		    "clntvccl", hz);
889 	mtx_unlock(&ct->ct_lock);
890 
891 	mtx_destroy(&ct->ct_lock);
892 	if (so) {
893 		if (ct->ct_sslrefno != 0) {
894 			/*
895 			 * If the TLS handshake is in progress, the upcall
896 			 * will fail, but the socket should be closed by the
897 			 * daemon, since the connect upcall has just failed.
898 			 */
899 			if (ct->ct_sslrefno != RPCTLS_REFNO_HANDSHAKE) {
900 				/*
901 				 * If the upcall fails, the socket has
902 				 * probably been closed via the rpctlscd
903 				 * daemon having crashed or been
904 				 * restarted, so ignore return stat.
905 				 */
906 				rpctls_cl_disconnect(ct->ct_sslsec,
907 				    ct->ct_sslusec, ct->ct_sslrefno,
908 				    &reterr);
909 			}
910 			/* Must sorele() to get rid of reference. */
911 			CURVNET_SET(so->so_vnet);
912 			sorele(so);
913 			CURVNET_RESTORE();
914 		} else {
915 			soshutdown(so, SHUT_WR);
916 			soclose(so);
917 		}
918 	}
919 	m_freem(ct->ct_record);
920 	m_freem(ct->ct_raw);
921 	mem_free(ct, sizeof(struct ct_data));
922 	if (cl->cl_netid && cl->cl_netid[0])
923 		mem_free(cl->cl_netid, strlen(cl->cl_netid) +1);
924 	if (cl->cl_tp && cl->cl_tp[0])
925 		mem_free(cl->cl_tp, strlen(cl->cl_tp) +1);
926 	mem_free(cl, sizeof(CLIENT));
927 }
928 
929 /*
930  * Make sure that the time is not garbage.   -1 value is disallowed.
931  * Note this is different from time_not_ok in clnt_dg.c
932  */
933 static bool_t
934 time_not_ok(struct timeval *t)
935 {
936 	return (t->tv_sec <= -1 || t->tv_sec > 100000000 ||
937 		t->tv_usec <= -1 || t->tv_usec > 1000000);
938 }
939 
940 int
941 clnt_vc_soupcall(struct socket *so, void *arg, int waitflag)
942 {
943 	struct ct_data *ct = (struct ct_data *) arg;
944 	struct uio uio;
945 	struct mbuf *m, *m2;
946 	struct ct_request *cr;
947 	int error, rcvflag, foundreq;
948 	uint32_t xid_plus_direction[2], header;
949 	SVCXPRT *xprt;
950 	struct cf_conn *cd;
951 	u_int rawlen;
952 	struct cmsghdr *cmsg;
953 	struct tls_get_record tgr;
954 
955 	/*
956 	 * RPC-over-TLS needs to block reception during
957 	 * upcalls since the upcall will be doing I/O on
958 	 * the socket via openssl library calls.
959 	 */
960 	mtx_lock(&ct->ct_lock);
961 	if ((ct->ct_rcvstate & (RPCRCVSTATE_NORMAL |
962 	    RPCRCVSTATE_NONAPPDATA)) == 0) {
963 		/* Mark that a socket upcall needs to be done. */
964 		if ((ct->ct_rcvstate & (RPCRCVSTATE_UPCALLNEEDED |
965 		    RPCRCVSTATE_UPCALLINPROG)) != 0)
966 			ct->ct_rcvstate |= RPCRCVSTATE_SOUPCALLNEEDED;
967 		mtx_unlock(&ct->ct_lock);
968 		return (SU_OK);
969 	}
970 	mtx_unlock(&ct->ct_lock);
971 
972 	/*
973 	 * If another thread is already here, it must be in
974 	 * soreceive(), so just return to avoid races with it.
975 	 * ct_upcallrefs is protected by the SOCKBUF_LOCK(),
976 	 * which is held in this function, except when
977 	 * soreceive() is called.
978 	 */
979 	if (ct->ct_upcallrefs > 0)
980 		return (SU_OK);
981 	ct->ct_upcallrefs++;
982 
983 	/*
984 	 * Read as much as possible off the socket and link it
985 	 * onto ct_raw.
986 	 */
987 	for (;;) {
988 		uio.uio_resid = 1000000000;
989 		uio.uio_td = curthread;
990 		m2 = m = NULL;
991 		rcvflag = MSG_DONTWAIT | MSG_SOCALLBCK;
992 		if (ct->ct_sslrefno != 0 && (ct->ct_rcvstate &
993 		    RPCRCVSTATE_NORMAL) != 0)
994 			rcvflag |= MSG_TLSAPPDATA;
995 		SOCKBUF_UNLOCK(&so->so_rcv);
996 		error = soreceive(so, NULL, &uio, &m, &m2, &rcvflag);
997 		SOCKBUF_LOCK(&so->so_rcv);
998 
999 		if (error == EWOULDBLOCK) {
1000 			/*
1001 			 * We must re-test for readability after
1002 			 * taking the lock to protect us in the case
1003 			 * where a new packet arrives on the socket
1004 			 * after our call to soreceive fails with
1005 			 * EWOULDBLOCK.
1006 			 */
1007 			error = 0;
1008 			if (!soreadable(so))
1009 				break;
1010 			continue;
1011 		}
1012 		if (error == 0 && m == NULL) {
1013 			/*
1014 			 * We must have got EOF trying
1015 			 * to read from the stream.
1016 			 */
1017 			error = ECONNRESET;
1018 		}
1019 
1020 		/*
1021 		 * A return of ENXIO indicates that there is an
1022 		 * alert record at the head of the
1023 		 * socket's receive queue, for TLS connections.
1024 		 * This record needs to be handled in userland
1025 		 * via an SSL_read() call, so do an upcall to the daemon.
1026 		 */
1027 		if (ct->ct_sslrefno != 0 && error == ENXIO) {
1028 			/* Disable reception, marking an upcall needed. */
1029 			mtx_lock(&ct->ct_lock);
1030 			ct->ct_rcvstate |= RPCRCVSTATE_UPCALLNEEDED;
1031 			/*
1032 			 * If an upcall in needed, wake up the kthread
1033 			 * that runs clnt_vc_dotlsupcall().
1034 			 */
1035 			wakeup(&ct->ct_sslrefno);
1036 			mtx_unlock(&ct->ct_lock);
1037 			break;
1038 		}
1039 		if (error != 0)
1040 			break;
1041 
1042 		/* Process any record header(s). */
1043 		if (m2 != NULL) {
1044 			cmsg = mtod(m2, struct cmsghdr *);
1045 			if (cmsg->cmsg_type == TLS_GET_RECORD &&
1046 			    cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
1047 				memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
1048 				/*
1049 				 * TLS_RLTYPE_ALERT records should be handled
1050 				 * since soreceive() would have returned
1051 				 * ENXIO.  Just throw any other
1052 				 * non-TLS_RLTYPE_APP records away.
1053 				 */
1054 				if (tgr.tls_type != TLS_RLTYPE_APP) {
1055 					m_freem(m);
1056 					m_free(m2);
1057 					mtx_lock(&ct->ct_lock);
1058 					ct->ct_rcvstate &=
1059 					    ~RPCRCVSTATE_NONAPPDATA;
1060 					ct->ct_rcvstate |= RPCRCVSTATE_NORMAL;
1061 					mtx_unlock(&ct->ct_lock);
1062 					continue;
1063 				}
1064 			}
1065 			m_free(m2);
1066 		}
1067 
1068 		if (ct->ct_raw != NULL)
1069 			m_last(ct->ct_raw)->m_next = m;
1070 		else
1071 			ct->ct_raw = m;
1072 	}
1073 	rawlen = m_length(ct->ct_raw, NULL);
1074 
1075 	/* Now, process as much of ct_raw as possible. */
1076 	for (;;) {
1077 		/*
1078 		 * If ct_record_resid is zero, we are waiting for a
1079 		 * record mark.
1080 		 */
1081 		if (ct->ct_record_resid == 0) {
1082 			if (rawlen < sizeof(uint32_t))
1083 				break;
1084 			m_copydata(ct->ct_raw, 0, sizeof(uint32_t),
1085 			    (char *)&header);
1086 			header = ntohl(header);
1087 			ct->ct_record_resid = header & 0x7fffffff;
1088 			ct->ct_record_eor = ((header & 0x80000000) != 0);
1089 			m_adj(ct->ct_raw, sizeof(uint32_t));
1090 			rawlen -= sizeof(uint32_t);
1091 		} else {
1092 			/*
1093 			 * Move as much of the record as possible to
1094 			 * ct_record.
1095 			 */
1096 			if (rawlen == 0)
1097 				break;
1098 			if (rawlen <= ct->ct_record_resid) {
1099 				if (ct->ct_record != NULL)
1100 					m_last(ct->ct_record)->m_next =
1101 					    ct->ct_raw;
1102 				else
1103 					ct->ct_record = ct->ct_raw;
1104 				ct->ct_raw = NULL;
1105 				ct->ct_record_resid -= rawlen;
1106 				rawlen = 0;
1107 			} else {
1108 				m = m_split(ct->ct_raw, ct->ct_record_resid,
1109 				    M_NOWAIT);
1110 				if (m == NULL)
1111 					break;
1112 				if (ct->ct_record != NULL)
1113 					m_last(ct->ct_record)->m_next =
1114 					    ct->ct_raw;
1115 				else
1116 					ct->ct_record = ct->ct_raw;
1117 				rawlen -= ct->ct_record_resid;
1118 				ct->ct_record_resid = 0;
1119 				ct->ct_raw = m;
1120 			}
1121 			if (ct->ct_record_resid > 0)
1122 				break;
1123 
1124 			/*
1125 			 * If we have the entire record, see if we can
1126 			 * match it to a request.
1127 			 */
1128 			if (ct->ct_record_eor) {
1129 				/*
1130 				 * The XID is in the first uint32_t of
1131 				 * the reply and the message direction
1132 				 * is the second one.
1133 				 */
1134 				if (ct->ct_record->m_len <
1135 				    sizeof(xid_plus_direction) &&
1136 				    m_length(ct->ct_record, NULL) <
1137 				    sizeof(xid_plus_direction)) {
1138 					/*
1139 					 * What to do now?
1140 					 * The data in the TCP stream is
1141 					 * corrupted such that there is no
1142 					 * valid RPC message to parse.
1143 					 * I think it best to close this
1144 					 * connection and allow
1145 					 * clnt_reconnect_call() to try
1146 					 * and establish a new one.
1147 					 */
1148 					printf("clnt_vc_soupcall: "
1149 					    "connection data corrupted\n");
1150 					error = ECONNRESET;
1151 					goto wakeup_all;
1152 				}
1153 				m_copydata(ct->ct_record, 0,
1154 				    sizeof(xid_plus_direction),
1155 				    (char *)xid_plus_direction);
1156 				xid_plus_direction[0] =
1157 				    ntohl(xid_plus_direction[0]);
1158 				xid_plus_direction[1] =
1159 				    ntohl(xid_plus_direction[1]);
1160 				/* Check message direction. */
1161 				if (xid_plus_direction[1] == CALL) {
1162 					/* This is a backchannel request. */
1163 					mtx_lock(&ct->ct_lock);
1164 					xprt = ct->ct_backchannelxprt;
1165 					if (xprt == NULL) {
1166 						mtx_unlock(&ct->ct_lock);
1167 						/* Just throw it away. */
1168 						m_freem(ct->ct_record);
1169 						ct->ct_record = NULL;
1170 					} else {
1171 						cd = (struct cf_conn *)
1172 						    xprt->xp_p1;
1173 						m2 = cd->mreq;
1174 						/*
1175 						 * The requests are chained
1176 						 * in the m_nextpkt list.
1177 						 */
1178 						while (m2 != NULL &&
1179 						    m2->m_nextpkt != NULL)
1180 							/* Find end of list. */
1181 							m2 = m2->m_nextpkt;
1182 						if (m2 != NULL)
1183 							m2->m_nextpkt =
1184 							    ct->ct_record;
1185 						else
1186 							cd->mreq =
1187 							    ct->ct_record;
1188 						ct->ct_record->m_nextpkt =
1189 						    NULL;
1190 						ct->ct_record = NULL;
1191 						xprt_active(xprt);
1192 						mtx_unlock(&ct->ct_lock);
1193 					}
1194 				} else {
1195 					mtx_lock(&ct->ct_lock);
1196 					foundreq = 0;
1197 					TAILQ_FOREACH(cr, &ct->ct_pending,
1198 					    cr_link) {
1199 						if (cr->cr_xid ==
1200 						    xid_plus_direction[0]) {
1201 							/*
1202 							 * This one
1203 							 * matches. We leave
1204 							 * the reply mbuf in
1205 							 * cr->cr_mrep. Set
1206 							 * the XID to zero so
1207 							 * that we will ignore
1208 							 * any duplicated
1209 							 * replies.
1210 							 */
1211 							cr->cr_xid = 0;
1212 							cr->cr_mrep =
1213 							    ct->ct_record;
1214 							cr->cr_error = 0;
1215 							foundreq = 1;
1216 							wakeup(cr);
1217 							break;
1218 						}
1219 					}
1220 					mtx_unlock(&ct->ct_lock);
1221 
1222 					if (!foundreq)
1223 						m_freem(ct->ct_record);
1224 					ct->ct_record = NULL;
1225 				}
1226 			}
1227 		}
1228 	}
1229 
1230 	if (error != 0) {
1231 	wakeup_all:
1232 		/*
1233 		 * This socket is broken, so mark that it cannot
1234 		 * receive and fail all RPCs waiting for a reply
1235 		 * on it, so that they will be retried on a new
1236 		 * TCP connection created by clnt_reconnect_X().
1237 		 */
1238 		mtx_lock(&ct->ct_lock);
1239 		ct->ct_error.re_status = RPC_CANTRECV;
1240 		ct->ct_error.re_errno = error;
1241 		TAILQ_FOREACH(cr, &ct->ct_pending, cr_link) {
1242 			cr->cr_error = error;
1243 			wakeup(cr);
1244 		}
1245 		mtx_unlock(&ct->ct_lock);
1246 	}
1247 
1248 	ct->ct_upcallrefs--;
1249 	if (ct->ct_upcallrefs < 0)
1250 		panic("rpcvc upcall refcnt");
1251 	if (ct->ct_upcallrefs == 0)
1252 		wakeup(&ct->ct_upcallrefs);
1253 	return (SU_OK);
1254 }
1255 
1256 /*
1257  * Wait for all upcalls in progress to complete.
1258  */
1259 static void
1260 clnt_vc_upcallsdone(struct ct_data *ct)
1261 {
1262 
1263 	SOCKBUF_LOCK_ASSERT(&ct->ct_socket->so_rcv);
1264 
1265 	while (ct->ct_upcallrefs > 0)
1266 		(void) msleep(&ct->ct_upcallrefs,
1267 		    SOCKBUF_MTX(&ct->ct_socket->so_rcv), 0, "rpcvcup", 0);
1268 }
1269 
1270 /*
1271  * Do a TLS upcall to the rpctlscd daemon, as required.
1272  * This function runs as a kthread.
1273  */
1274 static void
1275 clnt_vc_dotlsupcall(void *data)
1276 {
1277 	struct ct_data *ct = (struct ct_data *)data;
1278 	enum clnt_stat ret;
1279 	uint32_t reterr;
1280 
1281 	mtx_lock(&ct->ct_lock);
1282 	ct->ct_rcvstate |= RPCRCVSTATE_UPCALLTHREAD;
1283 	while (!ct->ct_closed) {
1284 		if ((ct->ct_rcvstate & RPCRCVSTATE_UPCALLNEEDED) != 0) {
1285 			ct->ct_rcvstate &= ~RPCRCVSTATE_UPCALLNEEDED;
1286 			ct->ct_rcvstate |= RPCRCVSTATE_UPCALLINPROG;
1287 			if (ct->ct_sslrefno != 0 && ct->ct_sslrefno !=
1288 			    RPCTLS_REFNO_HANDSHAKE) {
1289 				mtx_unlock(&ct->ct_lock);
1290 				ret = rpctls_cl_handlerecord(ct->ct_sslsec,
1291 				    ct->ct_sslusec, ct->ct_sslrefno, &reterr);
1292 				mtx_lock(&ct->ct_lock);
1293 			}
1294 			ct->ct_rcvstate &= ~RPCRCVSTATE_UPCALLINPROG;
1295 			if (ret == RPC_SUCCESS && reterr == RPCTLSERR_OK)
1296 				ct->ct_rcvstate |= RPCRCVSTATE_NORMAL;
1297 			else
1298 				ct->ct_rcvstate |= RPCRCVSTATE_NONAPPDATA;
1299 			wakeup(&ct->ct_rcvstate);
1300 		}
1301 		if ((ct->ct_rcvstate & RPCRCVSTATE_SOUPCALLNEEDED) != 0) {
1302 			ct->ct_rcvstate &= ~RPCRCVSTATE_SOUPCALLNEEDED;
1303 			mtx_unlock(&ct->ct_lock);
1304 			SOCKBUF_LOCK(&ct->ct_socket->so_rcv);
1305 			clnt_vc_soupcall(ct->ct_socket, ct, M_NOWAIT);
1306 			SOCKBUF_UNLOCK(&ct->ct_socket->so_rcv);
1307 			mtx_lock(&ct->ct_lock);
1308 		}
1309 		msleep(&ct->ct_sslrefno, &ct->ct_lock, 0, "clntvcdu", hz);
1310 	}
1311 	ct->ct_rcvstate &= ~RPCRCVSTATE_UPCALLTHREAD;
1312 	wakeup(&ct->ct_sslrefno);
1313 	mtx_unlock(&ct->ct_lock);
1314 	kthread_exit();
1315 }
1316