Commit 658e46e8 authored Dec 30, 2024 by NeilBrown Committed by Li Lingfeng Dec 30, 2024

nfsd: restore callback functionality for NFSv4.0

mainline inclusion
from mainline-v6.13-rc5
commit 7917f01a286ce01e9c085e24468421f596ee1a0c
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEAET
CVE: CVE-2024-53217

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7917f01a286ce01e9c085e24468421f596ee1a0c



--------------------------------

A recent patch inadvertently broke callbacks for NFSv4.0.

In the 4.0 case we do not expect a session to be found but still need to
call setup_callback_client() which will not try to dereference it.

This patch moves the check for failure to find a session into the 4.1+
branch of setup_callback_client()

Fixes: 1e02c641c3a4 ("NFSD: Prevent NULL dereference in nfsd4_process_cb_update()")
Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>

parent 2c0929d0

fs/nfsd/nfs4callback.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -986,7 +986,7 @@ static int setup_callback_client(struct nfs4_client clp, struct nfs4_cb_conn c
		args.authflavor = clp->cl_cred.cr_flavor;
		clp->cl_cb_ident = conn->cb_ident;
		} else {
		if (!conn->cb_xprt)
		if (!conn->cb_xprt \|\| !ses)
		return -EINVAL;
		clp->cl_cb_session = ses;
		args.bc_xprt = conn->cb_xprt;
		@@ -1380,8 +1380,6 @@ static void nfsd4_process_cb_update(struct nfsd4_callback *cb)
		ses = c->cn_session;
		}
		spin_unlock(&clp->cl_lock);
		if (!c)
		return;

		err = setup_callback_client(clp, &conn, ses);
		if (err) {