Re: [PATCH] nfsd: check get_user() return when reading princhashlen

Next message: Chuck Lever: "Re: [PATCH] nfsd: fix posix_acl leak and ignored error in nfsd4_create_file"
Previous message: Frank . Li: "[PATCH v2 1/1] dt-bindings: display: imx: Add television encoder (TVE) for imx53"
In reply to: Jeff Layton: "Re: [PATCH] nfsd: check get_user() return when reading princhashlen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chuck Lever

Date: Thu May 21 2026 - 15:38:28 EST

From: Chuck Lever <chuck.lever@xxxxxxxxxx>

On Thu, 21 May 2026 17:46:56 +0200, Dominik Woźniak wrote:
> In __cld_pipe_inprogress_downcall(), the get_user() that reads
> princhashlen from the userspace cld_msg_v2 buffer does not check its
> return value. A failing copy leaves princhashlen with uninitialised
> stack contents, which are then used to drive memdup_user() and stored
> as princhash.len on the resulting reclaim record. The other get_user()
> calls in this function all check the return; only this one is missed,
> which is most likely a copy-paste oversight from when v2 upcalls were
> introduced.
>
> [...]

Applied to nfsd-testing, thanks!

[1/1] nfsd: check get_user() return when reading princhashlen
commit: aff199f9ef2d1870edbc27253798bd97ee9c65be

--
Chuck Lever <chuck.lever@xxxxxxxxxx>