NFSD: fix decoding in nfs4_xdr_dec_cb_getattr

commit 1b3e26a5ccbfc2f85bda1930cc278e313165e353 upstream.

If a client were to send an error to a CB_GETATTR call, the code
erronously continues to try decode past the error code. It ends
up returning BAD_XDR error to the rpc layer and then in turn
trigger a WARN_ONCE in nfsd4_cb_done() function.

Fixes: 6487a13b5c6b ("NFSD: add support for CB_GETATTR callback")
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index b7b70ab962f880ff0e3b46dd1f305e14f2d066a2..60630149bc2c6081b7e535931dc3febc8f9eb3c2 100644 (file)
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -647,7 +647,7 @@ static int nfs4_xdr_dec_cb_getattr(struct rpc_rqst *rqstp,
                return status;
 
        status = decode_cb_op_status(xdr, OP_CB_GETATTR, &cb->cb_status);
-       if (status)
+       if (unlikely(status || cb->cb_seq_status))
                return status;
        if (xdr_stream_decode_uint32_array(xdr, bitmap, 3) < 0)
                return -NFSERR_BAD_XDR;