nfsd: fix oops on mixed NFSv4/NFSv3 client access

If an NFSv2/v3 client breaks an NFSv4 client's delegation, it will hit a
NULL dereference in nfsd_breaker_owns_lease().

Easily reproduceable with for example

	mount -overs=4.2 server:/export /mnt/
	sleep 1h </mnt/file &
	mount -overs=3 server:/export /mnt2/
	touch /mnt2/file

Reported-by: Robert Dinse <[email protected]>
Fixes: 28df3d1539de50 ("nfsd: clients don't need to break their own delegations")
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208807
Signed-off-by: J. Bruce Fields <[email protected]>
Signed-off-by: Chuck Lever <[email protected]>

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 81ed8e8bab3fc786561580f2b752af2919e9208e..1ea9bbcc7c24818f88e34b6a4a460b3b5b557cca 100644 (file)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4597,6 +4597,8 @@ static bool nfsd_breaker_owns_lease(struct file_lock *fl)
        if (!i_am_nfsd())
                return NULL;
        rqst = kthread_data(current);
+       if (!rqst->rq_lease_breaker)
+               return NULL;
        clp = *(rqst->rq_lease_breaker);
        return dl->dl_stid.sc_client == clp;
 }