Received: by 2002:a17:90b:8d0:0:0:0:0 with SMTP id ds16csp4882721pjb; Mon, 27 Jul 2020 07:31:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvRury5BPlYHOiVW6F87BDRBH4jYE5iSvqWmCrLyZVoOuogrSQnhSUr5r3LXq/K80ZGsMh X-Received: by 2002:a17:906:7e4e:: with SMTP id z14mr6264580ejr.87.1595860304741; Mon, 27 Jul 2020 07:31:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595860304; cv=none; d=google.com; s=arc-20160816; b=Ue6t+/vexG4b6sQ6JTyn/d6123o4IrIZN5r4/w4VGCxoI+nrqhARz0ozHzP2vBEcau +IDjusuNCVwqvugpGMpotLGGov1qECronjHWRkI8FLPlJzN/zZtr6iPfy9VN0cxW+2MX T9nqVeVp79Juh3vi9J5bWzsyuMPojTWG4Ilcz0Vz2uyBTvbghi7SIz5OVXSWIDFPv1Fm yPsaI4s4BYVdq90LM16egWCDVBiWu3esH45oh/O7lVPsMDAZ3fG8ufmMAz2VG5HyLMNK n2Z/7bJtPfmBYD3uIf1AulHIZNJ7hd4/d1jo1lV6gr6imS0PcItpC2yExRP7JA6LaljI uWGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=n29t5MzACUjokWlBvK/6Zzr71IgBnIscOwlTYzOIi8s=; b=fPHK5pWrujwIoYP1sJv4KfBwSSdcUsrF106JzQfzxsoh3Qb0f23hdJn5rWC951zlTY bUIkLa+5MOtgo4D/6NAO/Q7pS1ml88/gAbrx0vTSN2U4ehHouQtnRzomSVjoyiHZLcXh XvROAFMQHmAhZrwLSeFT9XUtue8rj+ymjwLJyE3cqTzETOcSqbh26reZqrrltvQPgf9k IuBA1fEg3V/bbbRzxnOoOkc6Uo/bximWemVglgvMfkKzr2h517uYC9IGP6dcgW5nEk6G JKLT65kOmAddP0aUBfZ0Zw4oGKVOgcyPfg+7K4y4JbTf3YE6xUOGBMZfOkuTNtOFIigs iV5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MeJtpgDa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lz17si1436184ejb.521.2020.07.27.07.31.22; Mon, 27 Jul 2020 07:31:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MeJtpgDa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732145AbgG0OXq (ORCPT + 99 others); Mon, 27 Jul 2020 10:23:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:53070 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732139AbgG0OXo (ORCPT ); Mon, 27 Jul 2020 10:23:44 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A466A2075A; Mon, 27 Jul 2020 14:23:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595859824; bh=AffMlMTKO4zKS4T/9efGfxZ+ta1j6Jw3kXv1B/QFf7Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MeJtpgDayWF8oy8xDAqujdbtS0xRWLWtguuhCp2agQ77Dno2rUXatQhVlvunAFxo+ nGjEzx27Sw4YUB6xBNW+s/htmXnlmuuvtyKFo4WzJ+OdlHDCxPzPISimShMsBNrvHv JWfK0IRsqWrCbSuU8nyIvoh6ljxZ4dXvmmiqW27A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, NeilBrown , "J. Bruce Fields" , Sasha Levin Subject: [PATCH 5.7 089/179] nfsd4: fix NULL dereference in nfsd/clients display code Date: Mon, 27 Jul 2020 16:04:24 +0200 Message-Id: <20200727134937.011848345@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200727134932.659499757@linuxfoundation.org> References: <20200727134932.659499757@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: J. Bruce Fields [ Upstream commit 9affa435817711861d774f5626c393c80f16d044 ] We hold the cl_lock here, and that's enough to keep stateid's from going away, but it's not enough to prevent the files they point to from going away. Take fi_lock and a reference and check for NULL, as we do in other code. Reported-by: NeilBrown Fixes: 78599c42ae3c ("nfsd4: add file to display list of client's opens") Reviewed-by: NeilBrown Signed-off-by: J. Bruce Fields Signed-off-by: Sasha Levin --- fs/nfsd/nfs4state.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index bdfae3ba39539..0a201bb074b0e 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -509,6 +509,17 @@ find_any_file(struct nfs4_file *f) return ret; } +static struct nfsd_file *find_deleg_file(struct nfs4_file *f) +{ + struct nfsd_file *ret = NULL; + + spin_lock(&f->fi_lock); + if (f->fi_deleg_file) + ret = nfsd_file_get(f->fi_deleg_file); + spin_unlock(&f->fi_lock); + return ret; +} + static atomic_long_t num_delegations; unsigned long max_delegations; @@ -2436,6 +2447,8 @@ static int nfs4_show_open(struct seq_file *s, struct nfs4_stid *st) oo = ols->st_stateowner; nf = st->sc_file; file = find_any_file(nf); + if (!file) + return 0; seq_printf(s, "- 0x%16phN: { type: open, ", &st->sc_stateid); @@ -2469,6 +2482,8 @@ static int nfs4_show_lock(struct seq_file *s, struct nfs4_stid *st) oo = ols->st_stateowner; nf = st->sc_file; file = find_any_file(nf); + if (!file) + return 0; seq_printf(s, "- 0x%16phN: { type: lock, ", &st->sc_stateid); @@ -2497,7 +2512,9 @@ static int nfs4_show_deleg(struct seq_file *s, struct nfs4_stid *st) ds = delegstateid(st); nf = st->sc_file; - file = nf->fi_deleg_file; + file = find_deleg_file(nf); + if (!file) + return 0; seq_printf(s, "- 0x%16phN: { type: deleg, ", &st->sc_stateid); @@ -2509,6 +2526,7 @@ static int nfs4_show_deleg(struct seq_file *s, struct nfs4_stid *st) nfs4_show_superblock(s, file); seq_printf(s, " }\n"); + nfsd_file_put(file); return 0; } -- 2.25.1