2010-03-12 13:49:02

by Jani Nikula

[permalink] [raw]
Subject: [PATCH] sunrpc: fix error path - actually return ERR_PTR() on error

Signed-off-by: Jani Nikula <[email protected]>

---

NOTE: I'm afraid I'm unable to test this; please consider this more a
bug report than a complete patch.
---
net/sunrpc/xprtsock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 7124129..5b83ff9 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -2481,7 +2481,7 @@ static struct rpc_xprt *xs_setup_bc_tcp(struct xprt_create *args)
struct svc_sock *bc_sock;

if (!args->bc_xprt)
- ERR_PTR(-EINVAL);
+ return ERR_PTR(-EINVAL);

xprt = xs_setup_xprt(args, xprt_tcp_slot_table_entries);
if (IS_ERR(xprt))
--
1.6.5.2



2010-03-12 14:14:13

by Tetsuo Handa

[permalink] [raw]
Subject: Re: [PATCH] sunrpc: fix error path - actually return ERR_PTR() on error

Jani Nikula wrote:
> Signed-off-by: Jani Nikula <[email protected]>
>
> ---
>
> NOTE: I'm afraid I'm unable to test this; please consider this more a
> bug report than a complete patch.
> ---
Indeed, it has to be "return ERR_PTR(-EINVAL);".
Otherwise, it will trigger NULL pointer dereference some lines later.

bc_sock = container_of(args->bc_xprt, struct svc_sock, sk_xprt);
bc_sock->sk_bc_xprt = xprt;

This bug was introduced by f300baba5a1536070d6d77bf0c8c4ca999bb4f0f
"nfsd41: sunrpc: add new xprt class for nfsv4.1 backchannel" and
exists in 2.6.32 and later.

2010-03-12 15:10:34

by Myklebust, Trond

[permalink] [raw]
Subject: Re: [PATCH] sunrpc: fix error path - actually return ERR_PTR() on error

On Fri, 2010-03-12 at 23:14 +0900, Tetsuo Handa wrote:
> Jani Nikula wrote:
> > Signed-off-by: Jani Nikula <[email protected]>
> >
> > ---
> >
> > NOTE: I'm afraid I'm unable to test this; please consider this more a
> > bug report than a complete patch.
> > ---
> Indeed, it has to be "return ERR_PTR(-EINVAL);".
> Otherwise, it will trigger NULL pointer dereference some lines later.
>
> bc_sock = container_of(args->bc_xprt, struct svc_sock, sk_xprt);
> bc_sock->sk_bc_xprt = xprt;
>
> This bug was introduced by f300baba5a1536070d6d77bf0c8c4ca999bb4f0f
> "nfsd41: sunrpc: add new xprt class for nfsv4.1 backchannel" and
> exists in 2.6.32 and later.

Or it should just be dropped. I don't see any reason why nfsd should be
trying to set up a callback channel if it doesn't already know that it
has a socket. Returning an error value in that case would just be
papering over a design bug.

Trond