nfsd: don't ignore the return code of svc_proc_register()

jira LE-4321
cve CVE-2025-22026
Rebuild_History Non-Buildable kernel-4.18.0-553.77.1.el8_10
commit-author Jeff Layton <jlayton@kernel.org>
commit 930b64c
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
Will be included in final tarball splat. Ref for failed cherry-pick at:
ciq/ciq_backports/kernel-4.18.0-553.77.1.el8_10/930b64ca.failed

Currently, nfsd_proc_stat_init() ignores the return value of
svc_proc_register(). If the procfile creation fails, then the kernel
will WARN when it tries to remove the entry later.

Fix nfsd_proc_stat_init() to return the same type of pointer as
svc_proc_register(), and fix up nfsd_net_init() to check that and fail
the nfsd_net construction if it occurs.

svc_proc_register() can fail if the dentry can't be allocated, or if an
identical dentry already exists. The second case is pretty unlikely in
the nfsd_net construction codepath, so if this happens, return -ENOMEM.

	Reported-by: syzbot+e34ad04f27991521104c@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.com/
	Cc: stable@vger.kernel.org # v6.9
	Signed-off-by: Jeff Layton <jlayton@kernel.org>
	Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
(cherry picked from commit 930b64c)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

# Conflicts:
#	fs/nfsd/nfsctl.c
#	fs/nfsd/stats.c
#	fs/nfsd/stats.h

Author: PlaidCat

ciq/ciq_backports/kernel-4.18.0-553.77.1.el8_10/930b64ca.failed

@@ -0,0 +1,251 @@
+nfsd: don't ignore the return code of svc_proc_register()
+
+jira LE-4321
+cve CVE-2025-22026
+Rebuild_History Non-Buildable kernel-4.18.0-553.77.1.el8_10
+commit-author Jeff Layton <jlayton@kernel.org>
+commit 930b64ca0c511521f0abdd1d57ce52b2a6e3476b
+Empty-Commit: Cherry-Pick Conflicts during history rebuild.
+Will be included in final tarball splat. Ref for failed cherry-pick at:
+ciq/ciq_backports/kernel-4.18.0-553.77.1.el8_10/930b64ca.failed
+
+Currently, nfsd_proc_stat_init() ignores the return value of
+svc_proc_register(). If the procfile creation fails, then the kernel
+will WARN when it tries to remove the entry later.
+
+Fix nfsd_proc_stat_init() to return the same type of pointer as
+svc_proc_register(), and fix up nfsd_net_init() to check that and fail
+the nfsd_net construction if it occurs.
+
+svc_proc_register() can fail if the dentry can't be allocated, or if an
+identical dentry already exists. The second case is pretty unlikely in
+the nfsd_net construction codepath, so if this happens, return -ENOMEM.
+
+	Reported-by: syzbot+e34ad04f27991521104c@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.com/
+	Cc: stable@vger.kernel.org # v6.9
+	Signed-off-by: Jeff Layton <jlayton@kernel.org>
+	Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+(cherry picked from commit 930b64ca0c511521f0abdd1d57ce52b2a6e3476b)
+	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
+
+# Conflicts:
+#	fs/nfsd/nfsctl.c
+#	fs/nfsd/stats.c
+#	fs/nfsd/stats.h
+diff --cc fs/nfsd/nfsctl.c
+index 9bd5cf3f6d3c,ac265d6fde35..000000000000
+--- a/fs/nfsd/nfsctl.c
++++ b/fs/nfsd/nfsctl.c
+@@@ -1463,27 -2198,36 +1463,57 @@@ static __net_init int nfsd_init_net(str
+  	retval = nfsd_idmap_init(net);
+  	if (retval)
+  		goto out_idmap_error;
+ -	retval = percpu_counter_init_many(nn->counter, 0, GFP_KERNEL,
+ -					  NFSD_STATS_COUNTERS_NUM);
+ +	nn->nfsd_versions = NULL;
+ +	nn->nfsd4_minorversions = NULL;
+ +	retval = nfsd_reply_cache_init(nn);
+  	if (retval)
+++<<<<<<< HEAD
+ +		goto out_drc_error;
+ +	nn->nfsd4_lease = 90;	/* default lease time */
+ +	nn->nfsd4_grace = 90;
+ +	nn->somebody_reclaimed = false;
+ +	nn->track_reclaim_completes = false;
+ +	nn->clverifier_counter = prandom_u32();
+ +	nn->clientid_base = prandom_u32();
+ +	nn->clientid_counter = nn->clientid_base + 1;
+ +	nn->s2s_cp_cl_id = nn->clientid_counter++;
+ +
+ +	atomic_set(&nn->ntf_refcnt, 0);
+ +	init_waitqueue_head(&nn->ntf_wq);
+ +	seqlock_init(&nn->boot_lock);
+ +
+ +	return 0;
+ +
+ +out_drc_error:
+++=======
++ 		goto out_repcache_error;
++ 
++ 	memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats));
++ 	nn->nfsd_svcstats.program = &nfsd_programs[0];
++ 	if (!nfsd_proc_stat_init(net)) {
++ 		retval = -ENOMEM;
++ 		goto out_proc_error;
++ 	}
++ 
++ 	for (i = 0; i < sizeof(nn->nfsd_versions); i++)
++ 		nn->nfsd_versions[i] = nfsd_support_version(i);
++ 	for (i = 0; i < sizeof(nn->nfsd4_minorversions); i++)
++ 		nn->nfsd4_minorversions[i] = nfsd_support_version(4);
++ 	nn->nfsd_info.mutex = &nfsd_mutex;
++ 	nn->nfsd_serv = NULL;
++ 	nfsd4_init_leases_net(nn);
++ 	get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key));
++ 	seqlock_init(&nn->writeverf_lock);
++ #if IS_ENABLED(CONFIG_NFS_LOCALIO)
++ 	spin_lock_init(&nn->local_clients_lock);
++ 	INIT_LIST_HEAD(&nn->local_clients);
++ #endif
++ 	return 0;
++ 
++ out_proc_error:
++ 	percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM);
++ out_repcache_error:
+++>>>>>>> 930b64ca0c51 (nfsd: don't ignore the return code of svc_proc_register())
+  	nfsd_idmap_shutdown(net);
+  out_idmap_error:
+  	nfsd_export_shutdown(net);
+diff --cc fs/nfsd/stats.c
+index 9bce3b913189,f7eaf95e20fc..000000000000
+--- a/fs/nfsd/stats.c
++++ b/fs/nfsd/stats.c
+@@@ -79,26 -71,16 +79,36 @@@ static int nfsd_proc_show(struct seq_fi
+  	return 0;
+  }
+  
+++<<<<<<< HEAD
+ +static int nfsd_proc_open(struct inode *inode, struct file *file)
+ +{
+ +	return single_open(file, nfsd_proc_show, NULL);
+++=======
++ DEFINE_PROC_SHOW_ATTRIBUTE(nfsd);
++ 
++ struct proc_dir_entry *nfsd_proc_stat_init(struct net *net)
++ {
++ 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
++ 
++ 	return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
+++>>>>>>> 930b64ca0c51 (nfsd: don't ignore the return code of svc_proc_register())
+ +}
+ +
+ +static const struct file_operations nfsd_proc_fops = {
+ +	.open = nfsd_proc_open,
+ +	.read  = seq_read,
+ +	.llseek = seq_lseek,
+ +	.release = single_release,
+ +};
+ +
+ +void
+ +nfsd_stat_init(void)
+ +{
+ +	svc_proc_register(&init_net, &nfsd_svcstats, &nfsd_proc_fops);
+  }
+  
+ -void nfsd_proc_stat_shutdown(struct net *net)
+ +void
+ +nfsd_stat_shutdown(void)
+  {
+ -	svc_proc_unregister(net, "nfsd");
+ +	svc_proc_unregister(&init_net, "nfsd");
+  }
+diff --cc fs/nfsd/stats.h
+index b23fdac69820,e4efb0e4e56d..000000000000
+--- a/fs/nfsd/stats.h
++++ b/fs/nfsd/stats.h
+@@@ -8,37 -8,69 +8,96 @@@
+  #define _NFSD_STATS_H
+  
+  #include <uapi/linux/nfsd/stats.h>
+ -#include <linux/percpu_counter.h>
+  
+++<<<<<<< HEAD
+++=======
++ struct proc_dir_entry *nfsd_proc_stat_init(struct net *net);
++ void nfsd_proc_stat_shutdown(struct net *net);
++ 
++ static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn)
++ {
++ 	percpu_counter_inc(&nn->counter[NFSD_STATS_RC_HITS]);
++ }
++ 
++ static inline void nfsd_stats_rc_misses_inc(struct nfsd_net *nn)
++ {
++ 	percpu_counter_inc(&nn->counter[NFSD_STATS_RC_MISSES]);
++ }
++ 
++ static inline void nfsd_stats_rc_nocache_inc(struct nfsd_net *nn)
++ {
++ 	percpu_counter_inc(&nn->counter[NFSD_STATS_RC_NOCACHE]);
++ }
++ 
++ static inline void nfsd_stats_fh_stale_inc(struct nfsd_net *nn,
++ 					   struct svc_export *exp)
++ {
++ 	percpu_counter_inc(&nn->counter[NFSD_STATS_FH_STALE]);
++ 	if (exp && exp->ex_stats)
++ 		percpu_counter_inc(&exp->ex_stats->counter[EXP_STATS_FH_STALE]);
++ }
++ 
++ static inline void nfsd_stats_io_read_add(struct nfsd_net *nn,
++ 					  struct svc_export *exp, s64 amount)
++ {
++ 	percpu_counter_add(&nn->counter[NFSD_STATS_IO_READ], amount);
++ 	if (exp && exp->ex_stats)
++ 		percpu_counter_add(&exp->ex_stats->counter[EXP_STATS_IO_READ], amount);
++ }
++ 
++ static inline void nfsd_stats_io_write_add(struct nfsd_net *nn,
++ 					   struct svc_export *exp, s64 amount)
++ {
++ 	percpu_counter_add(&nn->counter[NFSD_STATS_IO_WRITE], amount);
++ 	if (exp && exp->ex_stats)
++ 		percpu_counter_add(&exp->ex_stats->counter[EXP_STATS_IO_WRITE], amount);
++ }
++ 
++ static inline void nfsd_stats_payload_misses_inc(struct nfsd_net *nn)
++ {
++ 	percpu_counter_inc(&nn->counter[NFSD_STATS_PAYLOAD_MISSES]);
++ }
++ 
++ static inline void nfsd_stats_drc_mem_usage_add(struct nfsd_net *nn, s64 amount)
++ {
++ 	percpu_counter_add(&nn->counter[NFSD_STATS_DRC_MEM_USAGE], amount);
++ }
++ 
++ static inline void nfsd_stats_drc_mem_usage_sub(struct nfsd_net *nn, s64 amount)
++ {
++ 	percpu_counter_sub(&nn->counter[NFSD_STATS_DRC_MEM_USAGE], amount);
++ }
+++>>>>>>> 930b64ca0c51 (nfsd: don't ignore the return code of svc_proc_register())
+  
+ +struct nfsd_stats {
+ +	unsigned int	rchits;		/* repcache hits */
+ +	unsigned int	rcmisses;	/* repcache hits */
+ +	unsigned int	rcnocache;	/* uncached reqs */
+ +	unsigned int	fh_stale;	/* FH stale error */
+ +	unsigned int	fh_lookup;	/* dentry cached */
+ +	unsigned int	fh_anon;	/* anon file dentry returned */
+ +	unsigned int	fh_nocache_dir;	/* filehandle not found in dcache */
+ +	unsigned int	fh_nocache_nondir;	/* filehandle not found in dcache */
+ +	unsigned int	io_read;	/* bytes returned to read requests */
+ +	unsigned int	io_write;	/* bytes passed in write requests */
+ +	unsigned int	th_cnt;		/* number of available threads */
+ +	unsigned int	th_usage[10];	/* number of ticks during which n perdeciles
+ +					 * of available threads were in use */
+ +	unsigned int	th_fullcnt;	/* number of times last free thread was used */
+ +	unsigned int	ra_size;	/* size of ra cache */
+ +	unsigned int	ra_depth[11];	/* number of times ra entry was found that deep
+ +					 * in the cache (10percentiles). [10] = not found */
+  #ifdef CONFIG_NFSD_V4
+ -static inline void nfsd_stats_wdeleg_getattr_inc(struct nfsd_net *nn)
+ -{
+ -	percpu_counter_inc(&nn->counter[NFSD_STATS_WDELEG_GETATTR]);
+ -}
+ +	unsigned int	nfs4_opcount[LAST_NFS4_OP + 1];	/* count of individual nfsv4 operations */
+  #endif
+ +
+ +};
+ +
+ +
+ +extern struct nfsd_stats	nfsdstats;
+ +extern struct svc_stat		nfsd_svcstats;
+ +
+ +void	nfsd_stat_init(void);
+ +void	nfsd_stat_shutdown(void);
+ +
+  #endif /* _NFSD_STATS_H */
+* Unmerged path fs/nfsd/nfsctl.c
+* Unmerged path fs/nfsd/stats.c
+* Unmerged path fs/nfsd/stats.h