From: cel@kernel.org
To: Neil Brown <neilb@suse.de>, Jeff Layton <jlayton@kernel.org>,
Olga Kornievskaia <okorniev@redhat.com>,
Dai Ngo <dai.ngo@oracle.com>, Tom Talpey <tom@talpey.com>
Cc: <linux-nfs@vger.kernel.org>, Chuck Lever <chuck.lever@oracle.com>
Subject: [RFC PATCH 3/6] NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
Date: Thu, 17 Oct 2024 11:03:53 -0400 [thread overview]
Message-ID: <20241017150349.216096-11-cel@kernel.org> (raw)
In-Reply-To: <20241017150349.216096-8-cel@kernel.org>
From: Chuck Lever <chuck.lever@oracle.com>
@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no
available backchannel session, setup_callback_client() will try to
dereference @ses and segfault.
Fixes: dcbeaa68dbbd ("nfsd4: allow backchannel recovery")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
fs/nfsd/nfs4callback.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index d86a7b983785..2e18f635078f 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1500,6 +1500,8 @@ static void nfsd4_process_cb_update(struct nfsd4_callback *cb)
ses = c->cn_session;
}
spin_unlock(&clp->cl_lock);
+ if (!c)
+ return;
err = setup_callback_client(clp, &conn, ses);
if (err) {
--
2.46.2
next prev parent reply other threads:[~2024-10-17 15:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-17 15:03 [RFC PATCH 0/6] Fix nits found by static analysis cel
2024-10-17 15:03 ` [RFC PATCH 1/6] NFSD: Remove dead code in nfsd4_create_session() cel
2024-10-17 15:03 ` [RFC PATCH 2/6] NFSD: Remove a never-true comparison cel
2024-10-17 15:03 ` cel [this message]
2024-10-17 15:03 ` [RFC PATCH 4/6] NFSD: Remove unused results in nfsd4_encode_pathname4() cel
2024-10-17 15:03 ` [RFC PATCH 5/6] NFSD: Remove unused values from nfsd4_encode_components_esc() cel
2024-10-17 15:03 ` [RFC PATCH 6/6] NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() cel
2024-10-17 15:16 ` [RFC PATCH 0/6] Fix nits found by static analysis Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241017150349.216096-11-cel@kernel.org \
--to=cel@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=dai.ngo@oracle.com \
--cc=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=okorniev@redhat.com \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.