From: "chenxiaosong (A)" <chenxiaosong2@huawei.com>
To: <trond.myklebust@hammerspace.com>, <anna@kernel.org>,
<bjschuma@netapp.com>
Cc: <linux-nfs@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<liuyongqiang13@huawei.com>, <yi.zhang@huawei.com>,
<zhangxiaoxu5@huawei.com>, <tao.lyu@epfl.ch>,
ChenXiaoSong <chenxiaosong2@huawei.com>
Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
Date: Tue, 29 Mar 2022 22:32:12 +0800 [thread overview]
Message-ID: <68b65889-3b2c-fb72-a0a8-d0afc15a03e0@huawei.com> (raw)
In-Reply-To: <20220329113208.2466000-1-chenxiaosong2@huawei.com>
在 2022/3/29 19:32, ChenXiaoSong 写道:
> This series fixes following bugs:
>
> When lseek() a file secondly opened with O_ACCMODE|O_DIRECT flags,
> nfs4_valid_open_stateid() will dereference NULL nfs4_state.
>
> open() with O_ACCMODE|O_DIRECT flags secondly will fail.
>
> ChenXiaoSong (2):
> Revert "NFSv4: Handle the special Linux file open access mode"
> NFSv4: fix open failure with O_ACCMODE flag
>
> fs/nfs/dir.c | 10 ----------
> fs/nfs/inode.c | 1 -
> fs/nfs/internal.h | 10 ++++++++++
> fs/nfs/nfs4file.c | 6 ++++--
> 4 files changed, 14 insertions(+), 13 deletions(-)
>
I wonder if these bugs related to
[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) ?
[Question about
CVE-2022-24448](https://lore.kernel.org/all/1bb42908-8f58-bf56-c2da-42739ee48d16@huawei.com/T/)
Is there POC of patch ac795161c936 ("NFSv4: Handle case where the lookup
of a directory fails") ?
CVE-2022-24448 Description:
An issue was discovered in fs/nfs/dir.c in the Linux kernel before
5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a
regular file, nfs_atomic_open() performs a regular lookup. If a regular
file is found, ENOTDIR should occur, but the server instead returns
uninitialized data in the file descriptor.
next prev parent reply other threads:[~2022-03-29 14:32 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-29 11:32 [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag ChenXiaoSong
2022-03-29 11:32 ` [PATCH -next 1/2] Revert "NFSv4: Handle the special Linux file open access mode" ChenXiaoSong
2022-03-29 11:32 ` [PATCH -next 2/2] NFSv4: fix open failure with O_ACCMODE flag ChenXiaoSong
2022-03-29 13:05 ` Trond Myklebust
2022-03-29 13:44 ` chenxiaosong (A)
2022-03-29 13:56 ` Trond Myklebust
2022-03-29 14:32 ` chenxiaosong (A) [this message]
[not found] ` <e0c2d7ec62b447cabddbc8a9274be955@epfl.ch>
2022-04-13 13:42 ` [PATCH -next 0/2] fix nfsv4 bugs of opening " chenxiaosong (A)
2022-04-13 14:05 ` chenxiaosong (A)
2022-04-13 14:34 ` chenxiaosong (A)
[not found] ` <3ee78045f18b4932b1651de776ee73c4@epfl.ch>
2022-04-13 14:42 ` chenxiaosong (A)
[not found] ` <55415e44b4b04bbfa66c42d5f2788384@epfl.ch>
2022-04-14 2:41 ` chenxiaosong (A)
2022-04-14 7:33 ` Lyu Tao
2022-05-05 2:48 ` chenxiaosong (A)
2022-05-06 7:40 ` Lyu Tao
2022-05-31 6:40 ` chenxiaosong (A)
2022-05-31 8:16 ` Lyu Tao
2022-05-31 8:47 ` chenxiaosong (A)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=68b65889-3b2c-fb72-a0a8-d0afc15a03e0@huawei.com \
--to=chenxiaosong2@huawei.com \
--cc=anna@kernel.org \
--cc=bjschuma@netapp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=liuyongqiang13@huawei.com \
--cc=tao.lyu@epfl.ch \
--cc=trond.myklebust@hammerspace.com \
--cc=yi.zhang@huawei.com \
--cc=zhangxiaoxu5@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).