Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp4372552ioo; Tue, 31 May 2022 03:01:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1toBEnL/fyf/k3VNCyWRIbTNjfJ/soHI122T9ZsC1by5/3GBkg8b2ebzi3wHzvGEAjgyr X-Received: by 2002:a17:907:7208:b0:6ff:78da:e280 with SMTP id dr8-20020a170907720800b006ff78dae280mr8394397ejc.514.1653991275295; Tue, 31 May 2022 03:01:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653991275; cv=none; d=google.com; s=arc-20160816; b=qMMpkVbWSVMPWcnS52J1E6iKUEw2I1ZFdRTg5sKj3/UzQYCRczTg4FcrNGBtVWiUnF UIPjSV6h/GkVTngEX4SztRE8fAt5nvnuXdk4GZB5Ap3cnJ1yp7uojlKpOQESsYRbGxY+ w2AZWVsTiq7ZthULGgF8zWf3XFoRlzKmMJwHHapkYbZDkF+cv9UUIP1O2p3kjEsArc7o annQqCm9QjLHdlD0e01OruiYBDSDqAN8bxXNFgwXZn+2Wn2i8WIlaWkQ7pXzy3y6XNPg iZHqlO+DOgQJvgnQfJQA9ByGGaMtSc5dzfHjOsKrpnIPYtK02esAcU+fqobomN0toJtM GhdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=1O5+LSe1k4PO7fMrCjCxtC7AmytVxGy++vAYcDfxD10=; b=M3VcU2oni+0Tc9K0IfXxGL7Upx6v3N9xvlX66Yh4JdYQDggyHyt6CigkvwIxSF1oX4 B4freEtJBBXLdW8JufJ/+dMY838VvqxA2ap6iQpkmIobjbBYpsPiNeSI+rsymaSNaJco nkJcw9QyS8YF5VWCVACPts69T4icwBWm6X4V44d8noBfe4d+Ofj1FjCLMZ7rBXuLMCIg Mz61kR0p8T9TcXpo7kwD1Hq2qDXk9OZGU3bk3uP1KKJckc1xbnCOXf9XG96IyfTAQHTI w+OK7kO6W1wvPGBUHUVt+Xo2YJWJUmp78GaIfAxI1kQhOXjmoD/sJ4T9275O9MYNWo1K qR4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@epfl.ch header.s=epfl header.b=I5IKk7dW; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=epfl.ch Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y4-20020a17090614c400b006fefe7aa3fdsi1631058ejc.353.2022.05.31.03.00.34; Tue, 31 May 2022 03:01:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@epfl.ch header.s=epfl header.b=I5IKk7dW; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=epfl.ch Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244088AbiEaIQx (ORCPT + 99 others); Tue, 31 May 2022 04:16:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38758 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236918AbiEaIQv (ORCPT ); Tue, 31 May 2022 04:16:51 -0400 Received: from smtp0.epfl.ch (smtp0.epfl.ch [IPv6:2001:620:618:1e0:1:80b2:e058:1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF119642C for ; Tue, 31 May 2022 01:16:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=epfl.ch; s=epfl; t=1653985005; h=From:To:CC:Subject:Date:Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version; bh=CenNLQP0Ef7wJoHeA8U/Ob0luMBRirbbvmY7kmaaVkY=; b=I5IKk7dWIzb+GLjLorcNs9vCtTo/kHyBjVp8eNNmkrDzKMuDvGJpfy7bQgR9I7Up7 XAPmYKVoVrmy4Sh58RhwypXlzvj6JEd07kIPTlRCVD+2PN824zINXmC+OLbozzGzU aGkVnnehAwe3UkCwcgE7OEowvwR3V6qIeof/oDzGI= Received: (qmail 28771 invoked by uid 107); 31 May 2022 08:16:45 -0000 Received: from ax-snat-224-174.epfl.ch (HELO ewa05.intranet.epfl.ch) (192.168.224.174) (TLS, ECDHE-RSA-AES256-GCM-SHA384 (X25519 curve) cipher) by mail.epfl.ch (AngelmatoPhylax SMTP proxy) with ESMTPS; Tue, 31 May 2022 10:16:45 +0200 X-EPFL-Auth: 7mmrPyVAJhj3wNhy0HajVRgjTyhUFsrx17t6gNEQQFqXLLVCFOc= Received: from ewa07.intranet.epfl.ch (128.178.224.178) by ewa05.intranet.epfl.ch (128.178.224.174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.24; Tue, 31 May 2022 10:16:45 +0200 Received: from ewa07.intranet.epfl.ch ([fe80::f470:9b62:7382:7f3a]) by ewa07.intranet.epfl.ch ([fe80::f470:9b62:7382:7f3a%4]) with mapi id 15.01.2375.024; Tue, 31 May 2022 10:16:45 +0200 From: Lyu Tao To: "chenxiaosong (A)" CC: "linux-nfs@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "bjschuma@netapp.com" , "anna@kernel.org" , Trond Myklebust , "liuyongqiang13@huawei.com" , "yi.zhang@huawei.com" , "zhangxiaoxu5@huawei.com" Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag Thread-Topic: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag Thread-Index: AQHYQ16YLIpFlrH2FUmiiFZ5HnfMO6zWS0oAgBdxzEuAABNUgIAABmuAgAAjKin//+c4gIAAL0qEgACZlICAAHFaAYAgkWkAgAIEEb+AJxlXAIAAOaef Date: Tue, 31 May 2022 08:16:45 +0000 Message-ID: <0a0ed6d1f34f49a9b847cb2891876d27@epfl.ch> References: <20220329113208.2466000-1-chenxiaosong2@huawei.com> <68b65889-3b2c-fb72-a0a8-d0afc15a03e0@huawei.com> <0b6546f7-8a04-9d6e-50c3-483c8a1a6591@huawei.com> <3ee78045f18b4932b1651de776ee73c4@epfl.ch> <55415e44b4b04bbfa66c42d5f2788384@epfl.ch> <88231dee-760f-b992-f1d1-81309076071e@huawei.com> <67d6a536-9027-1928-99b6-af512a36cd1a@huawei.com> <018da3c0453845329d5ae2ec8924af06@epfl.ch>, In-Reply-To: Accept-Language: en-US, fr-CH Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [128.178.116.84] Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Hi Xiaosong, I sent the first email on 05.05.2022 to CVE-Request@mitre.org to require th= em update the description with the following information. They replied that= they will update the information within that day. However, they didn't upd= ated the description and then I sent the second email and they didn't reply= me. Do you know any other ways to update the description. "I need to update the CVE description as below: After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_ope= n_stateid() will dereference NULL nfs4_state when lseek(). And its references should be updated as this: https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e= 68898a " Best, Tao >From: chenxiaosong (A) >Sent: Tuesday, May 31, 2022 8:40 AM >To: Lyu Tao >Cc: linux-nfs@vger.kernel.org; linux-kernel@vger.kernel.org; bjschuma@neta= pp.com; anna@kernel.org; Trond Myklebust; liuyongqiang13@huawei.com; yi.zha= ng@huawei.com; zhangxiaoxu5@huawei.com >Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE fl= ag > =20 >Hi Tao: > >"NVD Last Modified" date of=20 >[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is=20 >already updated to 05/12/2022, but the description of the cve is still=20 >wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where=20 >the lookup of a directory=20 >fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8= cc23a65a1eceaf) >is still shown in the web. > >There is two fix patches of the cve, the web just show one of my patches. > >one patch is already shown in the web: [Revert "NFSv4: Handle the=20 >special Linux file open access=20 >mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b= 82742f9e68898a) > >second patch is not shown in the web: [NFSv4: fix open failure with=20 >O_ACCMODE=20 >flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e922= 2cacdc15e159c) > >=1B$B:_=1B(B 2022/5/6 15:40, Lyu Tao =1B$B>> From: chenxiaosong (A) >>> Sent: Thursday, May 5, 2022 4:48 AM >>> To: Lyu Tao >>> Cc: linux-nfs@vger.kernel.org; linux-kernel@vger.kernel.org; bjschuma@n= etapp.com; anna@kernel.org; Trond Myklebust; liuyongqiang13@huawei.com; yi.= zhang@huawei.com; zhangxiaoxu5@huawei.com >>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE= flag >> =20 >>> "NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, bu= t the content of the cve is old. >>> https://nvd.nist.gov/vuln/detail/CVE-2022-24448 >> =20 >> Hi, >>=20 >> Thanks for reaching out. >>=20 >> I've requested to update the CVE description and they replied me that it= would be updated yesterday. Maybe the system need some time to reflesh. Le= t's wait a few more days. >>=20 >> Best, >> Tao. >>=20 =