Signed-off-by: Jani Nikula <ext-jani.1.nikula@nokia.com>

---

NOTE: I'm afraid I'm unable to test this; please consider this more a
bug report than a complete patch.
---
 net/sunrpc/xprtsock.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 7124129..5b83ff9 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -2481,7 +2481,7 @@ static struct rpc_xprt *xs_setup_bc_tcp(struct xprt_create *args)
 	struct svc_sock *bc_sock;
 
 	if (!args->bc_xprt)
-		ERR_PTR(-EINVAL);
+		return ERR_PTR(-EINVAL);
 
 	xprt = xs_setup_xprt(args, xprt_tcp_slot_table_entries);
 	if (IS_ERR(xprt))
-- 
1.6.5.2

--

[ message continues ]

Indeed, it has to be "return ERR_PTR(-EINVAL);".
Otherwise, it will trigger NULL pointer dereference some lines later.

    bc_sock = container_of(args->bc_xprt, struct svc_sock, sk_xprt);
    bc_sock->sk_bc_xprt = xprt;

This bug was introduced by f300baba5a1536070d6d77bf0c8c4ca999bb4f0f
"nfsd41: sunrpc: add new xprt class for nfsv4.1 backchannel" and
exists in 2.6.32 and later.
--

[ message continues ]

Or it should just be dropped. I don't see any reason why nfsd should be
trying to set up a callback channel if it doesn't already know that it
has a socket. Returning an error value in that case would just be
papering over a design bug.

   Trond
--

[ message continues ]

Yup.  At most it could be a BUG_ON, but it's probably better just to
delete the check.

--b.
--

[ message continues ]