nfsd: don't ignore the return code of svc_proc_register()

jira VULN-64896
cve CVE-2025-22026
commit-author Jeff Layton <jlayton@kernel.org>
commit 930b64c
upstream-diff |
  nfsd underwent considerable architectural changes related to the
  exposition of network stats in the user space since `ciqlts9_4' branched
  off, which are assumed by the upstream fix
  930b64c to be in place - see patches
  d98416c, 93483ac, 4b14885, e41ee44, 16fb980. This backport
  addresses the core of the issue without pulling in all of these changes,
  which is checking the value returned by `svc_proc_register'.

Currently, nfsd_proc_stat_init() ignores the return value of
svc_proc_register(). If the procfile creation fails, then the kernel
will WARN when it tries to remove the entry later.

Fix nfsd_proc_stat_init() to return the same type of pointer as
svc_proc_register(), and fix up nfsd_net_init() to check that and fail
the nfsd_net construction if it occurs.

svc_proc_register() can fail if the dentry can't be allocated, or if an
identical dentry already exists. The second case is pretty unlikely in
the nfsd_net construction codepath, so if this happens, return -ENOMEM.

	Reported-by: syzbot+e34ad04f27991521104c@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.com/
	Cc: stable@vger.kernel.org # v6.9
	Signed-off-by: Jeff Layton <jlayton@kernel.org>
	Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
(cherry picked from commit 930b64c)
	Signed-off-by: Marcin Wcisło <marcin.wcislo@conclusive.pl>

Author: pvts-mat

fs/nfsd/stats.c

@@ -126,7 +126,10 @@ int nfsd_stat_init(void)
 	if (err)
 		return err;
 
-	svc_proc_register(&init_net, &nfsd_svcstats, &nfsd_proc_ops);
+	if (!svc_proc_register(&init_net, &nfsd_svcstats, &nfsd_proc_ops)) {
+		nfsd_stat_counters_destroy();
+		return -ENOMEM;
+	}
 
 	return 0;
 }