| Message ID | 20250128165806.15153-1-okorniev@redhat.com (mailing list archive) |
|---|---|
| State | Under Review |
| Delegated to: | Chuck Lever |
| Headers | show |
| Series | [1/1] nfsd: fix __fh_verify for localio | expand |
From: Chuck Lever <chuck.lever@oracle.com> On Tue, 28 Jan 2025 11:58:06 -0500, Olga Kornievskaia wrote: > __fh_verify() added a call to svc_xprt_set_valid() to help do connection > management but during LOCALIO path rqstp argument is NULL, leading to > NULL pointer dereferencing and a crash. > > Applied to nfsd-testing, thanks! [1/1] nfsd: fix __fh_verify for localio commit: 3c6a376bcbc815e3bdae0816b32e600c4c63599e -- Chuck Lever
On Tue, 2025-01-28 at 11:58 -0500, Olga Kornievskaia wrote: > __fh_verify() added a call to svc_xprt_set_valid() to help do connection > management but during LOCALIO path rqstp argument is NULL, leading to > NULL pointer dereferencing and a crash. > > Fixes: eccbbc7c00a5 ("nfsd: don't use sv_nrthreads in connection limiting calculations.") > Signed-off-by: Olga Kornievskaia <okorniev@redhat.com> > --- > fs/nfsd/nfsfh.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c > index bf59f83c6224..91bf0e6d5895 100644 > --- a/fs/nfsd/nfsfh.c > +++ b/fs/nfsd/nfsfh.c > @@ -381,8 +381,9 @@ __fh_verify(struct svc_rqst *rqstp, > error = check_nfsd_access(exp, rqstp, may_bypass_gss); > if (error) > goto out; > - > - svc_xprt_set_valid(rqstp->rq_xprt); > + /* During LOCALIO call to fh_verify will be called with a NULL rqstp */ > + if (rqstp) > + svc_xprt_set_valid(rqstp->rq_xprt); > > /* Finally, check access permissions. */ > error = nfsd_permission(cred, exp, dentry, access); Nice catch! Reviewed-by: Jeff Layton <jlayton@kernel.org>
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index bf59f83c6224..91bf0e6d5895 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -381,8 +381,9 @@ __fh_verify(struct svc_rqst *rqstp, error = check_nfsd_access(exp, rqstp, may_bypass_gss); if (error) goto out; - - svc_xprt_set_valid(rqstp->rq_xprt); + /* During LOCALIO call to fh_verify will be called with a NULL rqstp */ + if (rqstp) + svc_xprt_set_valid(rqstp->rq_xprt); /* Finally, check access permissions. */ error = nfsd_permission(cred, exp, dentry, access);
__fh_verify() added a call to svc_xprt_set_valid() to help do connection management but during LOCALIO path rqstp argument is NULL, leading to NULL pointer dereferencing and a crash. Fixes: eccbbc7c00a5 ("nfsd: don't use sv_nrthreads in connection limiting calculations.") Signed-off-by: Olga Kornievskaia <okorniev@redhat.com> --- fs/nfsd/nfsfh.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)