diff options
| author | NeilBrown <neil@brown.name> | 2025-05-26 14:08:25 +1000 | 
|---|---|---|
| committer | Anna Schumaker <anna.schumaker@oracle.com> | 2025-05-28 17:17:14 -0400 | 
| commit | dd862da61e91123ca745e06c03ba39ce71a929d9 (patch) | |
| tree | 64f417e169762c64870f951f65a6d175f13e3bc8 /lib/net_utils.c | |
| parent | 80c4de6ab44c14e910117a02f2f8241ffc6ec54a (diff) | |
nfs: fix incorrect handling of large-number NFS errors in nfs4_do_mkdir()
A recent commit introduced nfs4_do_mkdir() which reports an error from
nfs4_call_sync() by returning it with ERR_PTR().
This is a problem as nfs4_call_sync() can return negative NFS-specific
errors with values larger than MAX_ERRNO (4095).  One example is
NFS4ERR_DELAY which has value 10008.
This "pointer" gets to PTR_ERR_OR_ZERO() in nfs4_proc_mkdir() which
chooses ZERO because it isn't in the range of value errors.  Ultimately
the pointer is dereferenced.
This patch changes nfs4_do_mkdir() to report the dentry pointer and
status separately - pointer as a return value, status in an "int *"
parameter.
The same separation is used for _nfs4_proc_mkdir() and the two are
combined only in nfs4_proc_mkdir() after the status has passed through
nfs4_handle_exception(), which ensures the error code does not exceed
MAX_ERRNO.
It also fixes a problem in the even when nfs4_handle_exception() updated
the error value, the original 'alias' was still returned.
Reported-by: Anna Schumaker <anna@kernel.org>
Fixes: 8376583b84a1 ("nfs: change mkdir inode_operation to return alternate dentry if needed.")
Signed-off-by: NeilBrown <neil@brown.name>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
Diffstat (limited to 'lib/net_utils.c')
0 files changed, 0 insertions, 0 deletions
