If the server sends CB_ calls on a connection that is not associated
with the backchannel, refuse to process the call and shut down the
connection. This avoids a NULL dereference crash in
xprt_complete_bc_request(). There's not much more we can do in this
situation unless we want to look into allowing all connections to be
associated with the fore and back channel.
Signed-off-by: Benjamin Coddington <bcodding@xxxxxxxxxx>
---
net/sunrpc/xprtsock.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index c56a66cdf4ac..6a477e2acf70 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -558,6 +558,10 @@ xs_read_stream_call(struct sock_xprt *transport, struct msghdr *msg, int flags)
struct rpc_rqst *req;
ssize_t ret;
+ /* Is this transport associated with the backchannel? */
+ if (!xprt->bc_serv)
+ return -ESHUTDOWN;
+
/* Look up and lock the request corresponding to the given XID */
req = xprt_lookup_bc_request(xprt, transport->recv.xid);
if (!req) {
--
2.29.2
