在 2022/3/29 19:32, ChenXiaoSong 写道:
> This series fixes following bugs:
>
> When lseek() a file secondly opened with O_ACCMODE|O_DIRECT flags,
> nfs4_valid_open_stateid() will dereference NULL nfs4_state.
>
> open() with O_ACCMODE|O_DIRECT flags secondly will fail.
>
> ChenXiaoSong (2):
> Revert "NFSv4: Handle the special Linux file open access mode"
> NFSv4: fix open failure with O_ACCMODE flag
>
> fs/nfs/dir.c | 10 ----------
> fs/nfs/inode.c | 1 -
> fs/nfs/internal.h | 10 ++++++++++
> fs/nfs/nfs4file.c | 6 ++++--
> 4 files changed, 14 insertions(+), 13 deletions(-)
>
I wonder if these bugs related to
[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) ?
[Question about
CVE-2022-24448](https://lore.kernel.org/all/[email protected]/T/)
Is there POC of patch ac795161c936 ("NFSv4: Handle case where the lookup
of a directory fails") ?
CVE-2022-24448 Description:
An issue was discovered in fs/nfs/dir.c in the Linux kernel before
5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a
regular file, nfs_atomic_open() performs a regular lookup. If a regular
file is found, ENOTDIR should occur, but the server instead returns
uninitialized data in the file descriptor.