diff options
author | J. Bruce Fields <bfields@redhat.com> | 2020-08-05 21:10:11 +0200 |
---|---|---|
committer | Chuck Lever <chuck.lever@oracle.com> | 2020-08-16 22:51:18 +0200 |
commit | 34b09af4f54e6485e28f138ccad159611a240cc1 (patch) | |
tree | cb6eb798908b79762eb4e775abd24ec1b6fc26cc | |
parent | Linux 5.9-rc1 (diff) | |
download | linux-34b09af4f54e6485e28f138ccad159611a240cc1.tar.xz linux-34b09af4f54e6485e28f138ccad159611a240cc1.zip |
nfsd: fix oops on mixed NFSv4/NFSv3 client access
If an NFSv2/v3 client breaks an NFSv4 client's delegation, it will hit a
NULL dereference in nfsd_breaker_owns_lease().
Easily reproduceable with for example
mount -overs=4.2 server:/export /mnt/
sleep 1h </mnt/file &
mount -overs=3 server:/export /mnt2/
touch /mnt2/file
Reported-by: Robert Dinse <nanook@eskimo.com>
Fixes: 28df3d1539de50 ("nfsd: clients don't need to break their own delegations")
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208807
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
-rw-r--r-- | fs/nfsd/nfs4state.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 81ed8e8bab3f..1ea9bbcc7c24 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -4597,6 +4597,8 @@ static bool nfsd_breaker_owns_lease(struct file_lock *fl) if (!i_am_nfsd()) return NULL; rqst = kthread_data(current); + if (!rqst->rq_lease_breaker) + return NULL; clp = *(rqst->rq_lease_breaker); return dl->dl_stid.sc_client == clp; } |