[PATCH 04/19] nfsd: fix netlink dumpit error handling for rpc_status_get

Netdev List
 help / color / mirror / Atom feed

From: Jeff Layton <jlayton@kernel.org>
To: Trond Myklebust <trondmy@kernel.org>,
	Anna Schumaker <anna@kernel.org>,
	 Chuck Lever <chuck.lever@oracle.com>,
	NeilBrown <neil@brown.name>,
	 Olga Kornievskaia <okorniev@redhat.com>,
	Dai Ngo <Dai.Ngo@oracle.com>,  Tom Talpey <tom@talpey.com>,
	"David S. Miller" <davem@davemloft.net>,
	 Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	 Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
	 Christian Brauner <brauner@kernel.org>,
	 Benjamin Coddington <bcodding@redhat.com>,
	 Donald Hunter <donald.hunter@gmail.com>,
	 Lorenzo Bianconi <lorenzo@kernel.org>,
	Qi Zheng <qi.zheng@linux.dev>,
	 Andrew Morton <akpm@linux-foundation.org>,
	 Muchun Song <muchun.song@linux.dev>
Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org,
	 netdev@vger.kernel.org, Jeff Layton <jlayton@kernel.org>
Subject: [PATCH 04/19] nfsd: fix netlink dumpit error handling for rpc_status_get
Date: Tue, 09 Jun 2026 13:47:25 -0400	[thread overview]
Message-ID: <20260609-nfsd-testing-v1-4-e83acead2ae8@kernel.org> (raw)
In-Reply-To: <20260609-nfsd-testing-v1-0-e83acead2ae8@kernel.org>

nfsd_genl_rpc_status_compose_msg() returns -ENOBUFS on nla_put failure
without calling genlmsg_cancel(), leaving a partial message in the skb.
The caller then propagates -ENOBUFS directly, which the netlink dump
infrastructure treats as a fatal error, aborting the entire dump.

The correct netlink dump convention is:
 - Cancel any partial message with genlmsg_cancel()
 - If prior messages were added to the skb (skb->len > 0), save the
   current iterator position and return skb->len to paginate
 - Only return a negative errno when no messages fit at all

Fix compose_msg to cancel the partial message on all nla_put failure
paths, and fix the caller to paginate when possible rather than
returning a fatal error.

Fixes: ac18892ea3f7 ("NFSD: add rpc_status netlink support")
Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 fs/nfsd/nfsctl.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index a4b5b1467fe2..ab10692ee937 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -1452,7 +1452,7 @@ static int nfsd_genl_rpc_status_compose_msg(struct sk_buff *skb,
 	    nla_put_s64(skb, NFSD_A_RPC_STATUS_SERVICE_TIME,
 			ktime_to_us(genl_rqstp->rq_stime),
 			NFSD_A_RPC_STATUS_PAD))
-		return -ENOBUFS;
+		goto out_cancel;
 
 	switch (genl_rqstp->rq_saddr.ss_family) {
 	case AF_INET: {
@@ -1468,7 +1468,7 @@ static int nfsd_genl_rpc_status_compose_msg(struct sk_buff *skb,
 				 s_in->sin_port) ||
 		    nla_put_be16(skb, NFSD_A_RPC_STATUS_DPORT,
 				 d_in->sin_port))
-			return -ENOBUFS;
+			goto out_cancel;
 		break;
 	}
 	case AF_INET6: {
@@ -1484,7 +1484,7 @@ static int nfsd_genl_rpc_status_compose_msg(struct sk_buff *skb,
 				 s_in->sin6_port) ||
 		    nla_put_be16(skb, NFSD_A_RPC_STATUS_DPORT,
 				 d_in->sin6_port))
-			return -ENOBUFS;
+			goto out_cancel;
 		break;
 	}
 	}
@@ -1492,10 +1492,14 @@ static int nfsd_genl_rpc_status_compose_msg(struct sk_buff *skb,
 	for (i = 0; i < genl_rqstp->rq_opcnt; i++)
 		if (nla_put_u32(skb, NFSD_A_RPC_STATUS_COMPOUND_OPS,
 				genl_rqstp->rq_opnum[i]))
-			return -ENOBUFS;
+			goto out_cancel;
 
 	genlmsg_end(skb, hdr);
 	return 0;
+
+out_cancel:
+	genlmsg_cancel(skb, hdr);
+	return -ENOBUFS;
 }
 
 /**
@@ -1587,8 +1591,14 @@ int nfsd_nl_rpc_status_get_dumpit(struct sk_buff *skb,
 
 			ret = nfsd_genl_rpc_status_compose_msg(skb, cb,
 							       &genl_rqstp);
-			if (ret)
+			if (ret) {
+				if (skb->len) {
+					cb->args[0] = i;
+					cb->args[1] = rqstp_index - 1;
+					ret = skb->len;
+				}
 				goto out;
+			}
 		}
 	}
 

-- 
2.54.0

next prev parent reply	other threads:[~2026-06-09 17:47 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-09 17:47 [PATCH 00/19] nfsd: more bugfixes Jeff Layton
2026-06-09 17:47 ` [PATCH 01/19] nfs/localio: fix nfsd_file ref leak on nfs_local_doio() init failure Jeff Layton
2026-06-09 17:47 ` [PATCH 02/19] nfsd: clear opcnt on compound arg release to prevent OOB read Jeff Layton
2026-06-09 17:47 ` [PATCH 03/19] nfsd: add missing read barrier to rpc_status_get dumpit seqcount retry Jeff Layton
2026-06-09 17:47 ` Jeff Layton [this message]
2026-06-09 17:47 ` [PATCH 05/19] sunrpc: defer rq_argp and rq_resp free until after RCU grace period Jeff Layton
2026-06-09 17:47 ` [PATCH 06/19] nfsd: check nfsd4_acl_to_attr() return value in nfsd4_create() Jeff Layton
2026-06-09 17:47 ` [PATCH 07/19] nfsd: add filehandle match check to nfsd4_delegreturn() Jeff Layton
2026-06-09 17:47 ` [PATCH 08/19] nfsd: validate nseconds in TIME_DELEG decode paths Jeff Layton
2026-06-09 17:47 ` [PATCH 09/19] nfsd: remove premature NFS4_OO_CONFIRMED in CLAIM_PREVIOUS path Jeff Layton
2026-06-09 17:47 ` [PATCH 10/19] nfsd: fix version mismatch loops in nfsd_acl_init_request() Jeff Layton
2026-06-09 17:47 ` [PATCH 11/19] nfsd: fix FL_SLEEP being set unconditionally for all LOCK types Jeff Layton
2026-06-09 17:47 ` [PATCH 12/19] nfsd: add fh_want_write() for early-verified SETATTR in nfsd_proc_setattr() Jeff Layton
2026-06-09 17:47 ` [PATCH 13/19] nfsd: fix clock domain mismatch in clients_still_reclaiming() Jeff Layton
2026-06-09 17:47 ` [PATCH 14/19] nfsd: use test_and_clear_bit for somebody_reclaimed to prevent lost update Jeff Layton
2026-06-09 17:47 ` [PATCH 15/19] nfsd: reject reclaim LOCK after RECLAIM_COMPLETE Jeff Layton
2026-06-09 17:47 ` [PATCH 16/19] nfsd: validate sockaddr length per family in listener_set Jeff Layton
2026-06-09 17:47 ` [PATCH 17/19] lockd, nfsd: RCU-protect nlmsvc_ops dispatch Jeff Layton
2026-06-09 17:47 ` [PATCH 18/19] nfsd: move nfsd_debugfs_init() after nfsd4_init_slabs() in init_nfsd() Jeff Layton
2026-06-09 17:47 ` [PATCH 19/19] nfsd: initialize DRC hash table before registering shrinker Jeff Layton

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a4b5b1467fe dfblob:ab10692ee93 )
 OR (
bs:"[PATCH 04/19] nfsd: fix netlink dumpit error handling for rpc_status_get" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260609-nfsd-testing-v1-4-e83acead2ae8@kernel.org \
    --to=jlayton@kernel.org \
    --cc=Dai.Ngo@oracle.com \
    --cc=akpm@linux-foundation.org \
    --cc=anna@kernel.org \
    --cc=bcodding@redhat.com \
    --cc=brauner@kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=davem@davemloft.net \
    --cc=donald.hunter@gmail.com \
    --cc=edumazet@google.com \
    --cc=horms@kernel.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=lorenzo@kernel.org \
    --cc=muchun.song@linux.dev \
    --cc=neil@brown.name \
    --cc=netdev@vger.kernel.org \
    --cc=okorniev@redhat.com \
    --cc=pabeni@redhat.com \
    --cc=qi.zheng@linux.dev \
    --cc=tom@talpey.com \
    --cc=trondmy@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox