diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2024-10-17 17:03:53 +0200 |
|---|---|---|
| committer | Chuck Lever <chuck.lever@oracle.com> | 2024-11-19 02:23:01 +0100 |
| commit | 1e02c641c3a43c88cecc08402000418e15578d38 (patch) | |
| tree | ddfe5ed3c42a0f64c4abf70e0791f0b8f38351cd /fs/nfsd | |
| parent | NFSD: Remove a never-true comparison (diff) | |
| download | linux-1e02c641c3a43c88cecc08402000418e15578d38.tar.xz linux-1e02c641c3a43c88cecc08402000418e15578d38.zip | |
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no
available backchannel session, setup_callback_client() will try to
dereference @ses and segfault.
Fixes: dcbeaa68dbbd ("nfsd4: allow backchannel recovery")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'fs/nfsd')
| -rw-r--r-- | fs/nfsd/nfs4callback.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c index f5ba9be91770..1ffac2b32d81 100644 --- a/fs/nfsd/nfs4callback.c +++ b/fs/nfsd/nfs4callback.c @@ -1464,6 +1464,8 @@ static void nfsd4_process_cb_update(struct nfsd4_callback *cb) ses = c->cn_session; } spin_unlock(&clp->cl_lock); + if (!c) + return; err = setup_callback_client(clp, &conn, ses); if (err) { |