Re: [PATCH] nfsd: block non-SAVEFH ops after FOREIGN PUTFH to prevent NULL deref

Next message: Gary Guo: "[PATCH 7/8] rust: pin-init: make `[pin_]init_array_from_fn` unwind safe"
Previous message: Mark Brown: "Re: [PATCH 3/4] drm/exynos: Drop exynos_drm_gem.size field"
In reply to: Jeff Layton: "[PATCH] nfsd: block non-SAVEFH ops after FOREIGN PUTFH to prevent NULL deref"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chuck Lever

Date: Wed May 27 2026 - 13:20:30 EST

From: Chuck Lever <chuck.lever@xxxxxxxxxx>

On Wed, 27 May 2026 10:53:37 -0400, Jeff Layton wrote:
> When CONFIG_NFSD_V4_2_INTER_SSC is enabled, nfsd4_putfh() can return
> success with fh_dentry and fh_export both NULL if fh_verify() returns
> nfserr_stale and putfh->no_verify is true. The NFSD4_FH_FOREIGN flag
> is set, but the compound dispatch loop only uses this flag to bypass
> the nfserr_nofilehandle check -- it does not prevent subsequent ops
> from running with a NULL fh_dentry.
>
> [...]

Applied to nfsd-testing, thanks!

[1/1] nfsd: block non-SAVEFH ops after FOREIGN PUTFH to prevent NULL deref
commit: d8db9ced22a876091c432c4adb35e5d05be196aa

--
Chuck Lever <chuck.lever@xxxxxxxxxx>