Re: [PATCH] nfsd: return -EINVAL when namelen is 0

From: Chuck Lever
Date: Tue Sep 03 2024 - 17:37:11 EST

Next message: Yu Zhao: "[PATCH mm-unstable v1 1/3] mm/codetag: fix a typo"
Previous message: kernel test robot: "Re: [PATCH] longsoon/percpu: Simplify _percpu_read() and _percpu_write()"
In reply to: Jeff Layton: "Re: [PATCH] nfsd: return -EINVAL when namelen is 0"
Next in thread: Guoqing Jiang: "Re: [PATCH] nfsd: return -EINVAL when namelen is 0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 03 Sep 2024 19:14:46 +0800, Li Lingfeng wrote:
> When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may
> result in namelen being 0, which will cause memdup_user() to return
> ZERO_SIZE_PTR.
> When we access the name.data that has been assigned the value of
> ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is
> triggered.
>
> [...]

Kept the new dprintk call sites since this is not a hot path and
there needs to be some observability here rather than a silent
failure. I'm not convinced the error text is especially clear, but
I don't have a better suggestion at the moment.

Applied to nfsd-next for v6.12, thanks!

[1/1] nfsd: return -EINVAL when namelen is 0
commit: e492841732bbce2b2dd19cd285d5e7f61b1bdaee

--
Chuck Lever

Next message: Yu Zhao: "[PATCH mm-unstable v1 1/3] mm/codetag: fix a typo"
Previous message: kernel test robot: "Re: [PATCH] longsoon/percpu: Simplify _percpu_read() and _percpu_write()"
In reply to: Jeff Layton: "Re: [PATCH] nfsd: return -EINVAL when namelen is 0"
Next in thread: Guoqing Jiang: "Re: [PATCH] nfsd: return -EINVAL when namelen is 0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]