On Tue, 2025-01-28 at 11:58 -0500, Olga Kornievskaia wrote:
> __fh_verify() added a call to svc_xprt_set_valid() to help do connection
> management but during LOCALIO path rqstp argument is NULL, leading to
> NULL pointer dereferencing and a crash.
>
> Fixes: eccbbc7c00a5 ("nfsd: don't use sv_nrthreads in connection limiting calculations.")
> Signed-off-by: Olga Kornievskaia <okorniev@xxxxxxxxxx>
> ---
> fs/nfsd/nfsfh.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
> index bf59f83c6224..91bf0e6d5895 100644
> --- a/fs/nfsd/nfsfh.c
> +++ b/fs/nfsd/nfsfh.c
> @@ -381,8 +381,9 @@ __fh_verify(struct svc_rqst *rqstp,
> error = check_nfsd_access(exp, rqstp, may_bypass_gss);
> if (error)
> goto out;
> -
> - svc_xprt_set_valid(rqstp->rq_xprt);
> + /* During LOCALIO call to fh_verify will be called with a NULL rqstp */
> + if (rqstp)
> + svc_xprt_set_valid(rqstp->rq_xprt);
>
> /* Finally, check access permissions. */
> error = nfsd_permission(cred, exp, dentry, access);
Nice catch!
Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
