Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
From: chenxiaosong (A)
Date: Tue Mar 29 2022 - 10:32:21 EST
在 2022/3/29 19:32, ChenXiaoSong 写道:
This series fixes following bugs:
When lseek() a file secondly opened with O_ACCMODE|O_DIRECT flags,
nfs4_valid_open_stateid() will dereference NULL nfs4_state.
open() with O_ACCMODE|O_DIRECT flags secondly will fail.
ChenXiaoSong (2):
Revert "NFSv4: Handle the special Linux file open access mode"
NFSv4: fix open failure with O_ACCMODE flag
fs/nfs/dir.c | 10 ----------
fs/nfs/inode.c | 1 -
fs/nfs/internal.h | 10 ++++++++++
fs/nfs/nfs4file.c | 6 ++++--
4 files changed, 14 insertions(+), 13 deletions(-)
I wonder if these bugs related to
[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) ?
[Question about
CVE-2022-24448](https://lore.kernel.org/all/1bb42908-8f58-bf56-c2da-42739ee48d16@xxxxxxxxxx/T/)
Is there POC of patch ac795161c936 ("NFSv4: Handle case where the lookup
of a directory fails") ?
CVE-2022-24448 Description:
An issue was discovered in fs/nfs/dir.c in the Linux kernel before
5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a
regular file, nfs_atomic_open() performs a regular lookup. If a regular
file is found, ENOTDIR should occur, but the server instead returns
uninitialized data in the file descriptor.