NFSD: fix decoding in nfs4_xdr_dec_cb_getattr

If a client were to send an error to a CB_GETATTR call, the code
erronously continues to try decode past the error code. It ends
up returning BAD_XDR error to the rpc layer and then in turn
trigger a WARN_ONCE in nfsd4_cb_done() function.

Fixes: 6487a13b5c6b ("NFSD: add support for CB_GETATTR callback")
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index 94479483c3d6b6294eaa7d48e356aa33fce5614b..151de0285d220e775e79ff0e362dfba1575e582f 100644 (file)
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -647,7 +647,7 @@ static int nfs4_xdr_dec_cb_getattr(struct rpc_rqst *rqstp,
                return status;
 
        status = decode_cb_op_status(xdr, OP_CB_GETATTR, &cb->cb_status);
-       if (status)
+       if (unlikely(status || cb->cb_seq_status))
                return status;
        if (xdr_stream_decode_uint32_array(xdr, bitmap, 3) < 0)
                return -NFSERR_BAD_XDR;