From: Chuck Lever <chuck.lever@xxxxxxxxxx>
On Wed, 04 Jun 2025 12:01:10 -0400, Jeff Layton wrote:
> Lei Lu recently reported that nfsd4_setclientid_confirm() did not check
> the return value from get_client_locked(). a SETCLIENTID_CONFIRM could
> race with a confirmed client expiring and fail to get a reference. That
> could later lead to a UAF.
>
> Fix this by getting a reference early in the case where there is an
> extant confirmed client. If that fails then treat it as if there were no
> confirmed client found at all.
>
> [...]
Applied to nfsd-testing, thanks!
[1/1] nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
commit: 2de843e11f5d16b31742259f2d3929b681a2de32
--
Chuck Lever
