[PATCH 5.10 211/459] NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

12 Dec 2024

5.10-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Chuck Lever chuck.lever@oracle.com
[ Upstream commit 1e02c641c3a43c88cecc08402000418e15578d38 ]
@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no
available backchannel session, setup_callback_client() will try to
dereference @ses and segfault.
Fixes: dcbeaa68dbbd ("nfsd4: allow backchannel recovery")
Reviewed-by: Jeff Layton jlayton@kernel.org
Signed-off-by: Chuck Lever chuck.lever@oracle.com
Signed-off-by: Sasha Levin sashal@kernel.org
---
 fs/nfsd/nfs4callback.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index 4eae2c5af2edf..18d62d3424c1a 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1379,6 +1379,8 @@ static void nfsd4_process_cb_update(struct nfsd4_callback *cb)
    	ses = c->cn_session;
    }
    spin_unlock(&clp->cl_lock);
+	if (!c)
+		return;
err = setup_callback_client(clp, &conn, ses);
    if (err) {
-- 
2.43.0





    

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 5.10 211/459] NFSD: Prevent NULL dereference in nfsd4_process_cb_update()