From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADC52C433EF for ; Tue, 29 Mar 2022 14:32:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237886AbiC2OeC (ORCPT ); Tue, 29 Mar 2022 10:34:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233669AbiC2OeA (ORCPT ); Tue, 29 Mar 2022 10:34:00 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2F7E1C907; Tue, 29 Mar 2022 07:32:16 -0700 (PDT) Received: from kwepemi100008.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4KSX7x5ghhzcbPQ; Tue, 29 Mar 2022 22:31:57 +0800 (CST) Received: from kwepemm600015.china.huawei.com (7.193.23.52) by kwepemi100008.china.huawei.com (7.221.188.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 29 Mar 2022 22:32:14 +0800 Received: from [10.174.176.52] (10.174.176.52) by kwepemm600015.china.huawei.com (7.193.23.52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 29 Mar 2022 22:32:13 +0800 Message-ID: <68b65889-3b2c-fb72-a0a8-d0afc15a03e0@huawei.com> Date: Tue, 29 Mar 2022 22:32:12 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag To: , , CC: , , , , , , ChenXiaoSong References: <20220329113208.2466000-1-chenxiaosong2@huawei.com> From: "chenxiaosong (A)" In-Reply-To: <20220329113208.2466000-1-chenxiaosong2@huawei.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.176.52] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemm600015.china.huawei.com (7.193.23.52) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2022/3/29 19:32, ChenXiaoSong 写道: > This series fixes following bugs: > > When lseek() a file secondly opened with O_ACCMODE|O_DIRECT flags, > nfs4_valid_open_stateid() will dereference NULL nfs4_state. > > open() with O_ACCMODE|O_DIRECT flags secondly will fail. > > ChenXiaoSong (2): > Revert "NFSv4: Handle the special Linux file open access mode" > NFSv4: fix open failure with O_ACCMODE flag > > fs/nfs/dir.c | 10 ---------- > fs/nfs/inode.c | 1 - > fs/nfs/internal.h | 10 ++++++++++ > fs/nfs/nfs4file.c | 6 ++++-- > 4 files changed, 14 insertions(+), 13 deletions(-) > I wonder if these bugs related to [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) ? [Question about CVE-2022-24448](https://lore.kernel.org/all/1bb42908-8f58-bf56-c2da-42739ee48d16@huawei.com/T/) Is there POC of patch ac795161c936 ("NFSv4: Handle case where the lookup of a directory fails") ? CVE-2022-24448 Description: An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.