nfsd: don't ignore the return code of svc_proc_register()

JIRA: https://issues.redhat.com/browse/RHEL-93612
CVE: CVE-2025-22026
Conflicts: several conflicts
	patching file fs/nfsd/nfsctl.c
	Hunk #1 FAILED at 2202.
	Due to missing 86ab08b "SUNRPC: replace program list with program
	array" -- a part of a large patch series
	Due to missing 73598a0 "nfsd: don't allocate the versions array."
	-- a part of the large patch series
	Hunk #2 FAILED at 2213.
	because there is no LOCALIO functionality but specifically
	fa49838 "nfsd: add LOCALIO support"
	checking file fs/nfsd/stats.h
	Hunk #1 FAILED at 10.
	Due to missing 7d12cce "fs: nfsd: use group allocation/free of
	per-cpu counters API"

commit 930b64c
Author: Jeff Layton <[email protected]>
Date: Thu, 6 Feb 2025 13:12:13 -0500

    Currently, nfsd_proc_stat_init() ignores the return value of
    svc_proc_register(). If the procfile creation fails, then the kernel
    will WARN when it tries to remove the entry later.

    Fix nfsd_proc_stat_init() to return the same type of pointer as
    svc_proc_register(), and fix up nfsd_net_init() to check that and fail
    the nfsd_net construction if it occurs.

    svc_proc_register() can fail if the dentry can't be allocated, or if an
    identical dentry already exists. The second case is pretty unlikely in
    the nfsd_net construction codepath, so if this happens, return -ENOMEM.

    Reported-by: [email protected]
    Closes: https://lore.kernel.org/linux-nfs/[email protected]/
    Cc: [email protected] # v6.9
    Signed-off-by: Jeff Layton <[email protected]>
    Signed-off-by: Chuck Lever <[email protected]>

Signed-off-by: Olga Kornievskaia <[email protected]>

Author: Olga Kornievskaia

fs/nfsd/nfsctl.c

@@ -2236,19 +2236,25 @@ static __net_init int nfsd_net_init(struct net *net)
 	retval = nfsd_stat_counters_init(nn);
 	if (retval)
 		goto out_repcache_error;
+
 	memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats));
 	nn->nfsd_svcstats.program = &nfsd_program;
+	if (!nfsd_proc_stat_init(net)) {
+		retval = -ENOMEM;
+		goto out_proc_error;
+	}
 	nn->nfsd_versions = NULL;
 	nn->nfsd4_minorversions = NULL;
 	nn->nfsd_info.mutex = &nfsd_mutex;
 	nn->nfsd_serv = NULL;
 	nfsd4_init_leases_net(nn);
 	get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key));
 	seqlock_init(&nn->writeverf_lock);
-	nfsd_proc_stat_init(net);
 
 	return 0;
 
+out_proc_error:
+	percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM);
 out_repcache_error:
 	nfsd_idmap_shutdown(net);
 out_idmap_error:

fs/nfsd/stats.c

@@ -115,11 +115,11 @@ void nfsd_stat_counters_destroy(struct nfsd_net *nn)
 	nfsd_percpu_counters_destroy(nn->counter, NFSD_STATS_COUNTERS_NUM);
 }
 
-void nfsd_proc_stat_init(struct net *net)
+struct proc_dir_entry *nfsd_proc_stat_init(struct net *net)
 {
 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
 
-	svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
+	return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
 }
 
 void nfsd_proc_stat_shutdown(struct net *net)

fs/nfsd/stats.h

@@ -15,7 +15,7 @@ void nfsd_percpu_counters_reset(struct percpu_counter *counters, int num);
 void nfsd_percpu_counters_destroy(struct percpu_counter *counters, int num);
 int nfsd_stat_counters_init(struct nfsd_net *nn);
 void nfsd_stat_counters_destroy(struct nfsd_net *nn);
-void nfsd_proc_stat_init(struct net *net);
+struct proc_dir_entry *nfsd_proc_stat_init(struct net *net);
 void nfsd_proc_stat_shutdown(struct net *net);
 
 static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn)