Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1051428pxb; Tue, 29 Mar 2022 16:00:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzYs9QkAdO2HhjO00w+b6FWMDjfZoa8KJDbtuYvJZ/EyOTPJnDU6HL3JKpmwa48T4Ab0ARJ X-Received: by 2002:a63:586:0:b0:386:326:f486 with SMTP id 128-20020a630586000000b003860326f486mr3734314pgf.3.1648594810456; Tue, 29 Mar 2022 16:00:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648594810; cv=none; d=google.com; s=arc-20160816; b=L6yPU4Na6EyY/nDHrlcUhAhjXaIRaoXztJc5K3OuWbbMbD5p0YcTPluxmBlOJX/0vQ eNVL/S5AsRE57NFtU//U2ZSSRQ3/1GAh5D+LlIeiT9yxDel/EEU8MOqJJpTKi7jDCA3S BRFQrvAlN2UT9erAwcAacgZbrovfkduYkeFyh5MqsnvF1hM1XkVwpVdHvuiavBAetKZm WDgE6wm1im1MXaakOKv8aNhNL03rWVrfyc2+2cU5Q25tW8iPPC19zalEDccWI6jW+3m2 9/APLoDYafJBgUhvNMdBFd9Nbo9sVVWFfxC7Na2PW2p7N7PpbjI1MliulPm0yQjt+edf AkSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=Q0stgGoRRpmQXVpaEy8nb9JydxdWYgNzckmRtLoJf0A=; b=jML68owQV8OPKeAHfuIDHYXcOvHz4kAoJwxDKS1tM2JMZbhi4wGw0owDbsicozd2Ao uqqkzVK2tTOhokHsS7gOiUPmh45N8McDDkYmKkqkwjvqe3DeIUtVY5921tB3hbN2LQCU UfEbbFHbpthw/qYTlVOcOVkfVMpP9v5Bf9hba3Rjb6iN433Yj8mIF6YWrowbHqzwDEwT 05fibl5ngx/Vr7jO3BcI7sQpQsKKE9FQt5v2qpjQ/9WGOwrgH5szI77qsy0b5TpJaVta xAPSY1LuGenizN/wnI3nDIMQDHw8J5HT3ur+EgAgwV1F0vdwDyyBfR6FUlhb/jRc4UJS dIIg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oo8-20020a17090b1c8800b001c6d5497bb9si410840pjb.28.2022.03.29.15.59.54; Tue, 29 Mar 2022 16:00:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237878AbiC2OeB (ORCPT + 99 others); Tue, 29 Mar 2022 10:34:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233669AbiC2OeA (ORCPT ); Tue, 29 Mar 2022 10:34:00 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2F7E1C907; Tue, 29 Mar 2022 07:32:16 -0700 (PDT) Received: from kwepemi100008.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4KSX7x5ghhzcbPQ; Tue, 29 Mar 2022 22:31:57 +0800 (CST) Received: from kwepemm600015.china.huawei.com (7.193.23.52) by kwepemi100008.china.huawei.com (7.221.188.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 29 Mar 2022 22:32:14 +0800 Received: from [10.174.176.52] (10.174.176.52) by kwepemm600015.china.huawei.com (7.193.23.52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 29 Mar 2022 22:32:13 +0800 Message-ID: <68b65889-3b2c-fb72-a0a8-d0afc15a03e0@huawei.com> Date: Tue, 29 Mar 2022 22:32:12 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag To: , , CC: , , , , , , ChenXiaoSong References: <20220329113208.2466000-1-chenxiaosong2@huawei.com> From: "chenxiaosong (A)" In-Reply-To: <20220329113208.2466000-1-chenxiaosong2@huawei.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.176.52] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemm600015.china.huawei.com (7.193.23.52) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2022/3/29 19:32, ChenXiaoSong 写道: > This series fixes following bugs: > > When lseek() a file secondly opened with O_ACCMODE|O_DIRECT flags, > nfs4_valid_open_stateid() will dereference NULL nfs4_state. > > open() with O_ACCMODE|O_DIRECT flags secondly will fail. > > ChenXiaoSong (2): > Revert "NFSv4: Handle the special Linux file open access mode" > NFSv4: fix open failure with O_ACCMODE flag > > fs/nfs/dir.c | 10 ---------- > fs/nfs/inode.c | 1 - > fs/nfs/internal.h | 10 ++++++++++ > fs/nfs/nfs4file.c | 6 ++++-- > 4 files changed, 14 insertions(+), 13 deletions(-) > I wonder if these bugs related to [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) ? [Question about CVE-2022-24448](https://lore.kernel.org/all/1bb42908-8f58-bf56-c2da-42739ee48d16@huawei.com/T/) Is there POC of patch ac795161c936 ("NFSv4: Handle case where the lookup of a directory fails") ? CVE-2022-24448 Description: An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.