From: Chuck Lever <chuck.lever@oracle.com>
Date: Thu, 17 Oct 2024 15:03:53 +0000 (-0400)
Subject: NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
X-Git-Tag: v4.19.325~53
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9a0d1f6e15859ea7a86a327f28491e23deaaa62;p=thirdparty%2Fkernel%2Fstable.git

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

[ Upstream commit 1e02c641c3a43c88cecc08402000418e15578d38 ]

@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no
available backchannel session, setup_callback_client() will try to
dereference @ses and segfault.

Fixes: dcbeaa68dbbd ("nfsd4: allow backchannel recovery")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index e6c7448d3d89a..8ca4c12dd22ec 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1134,6 +1134,8 @@ static void nfsd4_process_cb_update(struct nfsd4_callback *cb)
 		ses = c->cn_session;
 	}
 	spin_unlock(&clp->cl_lock);
+	if (!c)
+		return;
 
 	err = setup_callback_client(clp, &conn, ses);
 	if (err) {