From: NeilBrown neilb@suse.de
mainline inclusion from mainline-v6.13-rc5 commit 7917f01a286ce01e9c085e24468421f596ee1a0c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEAET CVE: CVE-2024-53217
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
A recent patch inadvertently broke callbacks for NFSv4.0.
In the 4.0 case we do not expect a session to be found but still need to call setup_callback_client() which will not try to dereference it.
This patch moves the check for failure to find a session into the 4.1+ branch of setup_callback_client()
Fixes: 1e02c641c3a4 ("NFSD: Prevent NULL dereference in nfsd4_process_cb_update()") Signed-off-by: NeilBrown neilb@suse.de Reviewed-by: Jeff Layton jlayton@kernel.org Signed-off-by: Chuck Lever chuck.lever@oracle.com
Conflicts: fs/nfsd/nfs4callback.c [Commit 3bc8edc98bd4 ("nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure") move the set of cb_xprt.] Signed-off-by: Li Lingfeng lilingfeng3@huawei.com --- fs/nfsd/nfs4callback.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c index 7ee25be394dc..838502aa5160 100644 --- a/fs/nfsd/nfs4callback.c +++ b/fs/nfsd/nfs4callback.c @@ -798,7 +798,7 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c args.authflavor = clp->cl_cred.cr_flavor; clp->cl_cb_ident = conn->cb_ident; } else { - if (!conn->cb_xprt) + if (!conn->cb_xprt || !ses) return -EINVAL; clp->cl_cb_conn.cb_xprt = conn->cb_xprt; clp->cl_cb_session = ses; @@ -1145,8 +1145,6 @@ static void nfsd4_process_cb_update(struct nfsd4_callback *cb) ses = c->cn_session; } spin_unlock(&clp->cl_lock); - if (!c) - return;
err = setup_callback_client(clp, &conn, ses); if (err) {