From: Trond Myklebust <trond.myklebust@hammerspace.com>
Date: Thu, 6 Jan 2022 18:24:03 -0500
Subject: [PATCH] NFSv4: nfs_atomic_open() can race when looking up a
non-regular file
Git-commit: 1751fc1db36f6f411709e143d5393f92d12137a9
Patch-mainline: v5.17
References: bsc#1195612 CVE-2022-24448 git-fixes
If the file type changes back to being a regular file on the server
between the failed OPEN and our LOOKUP, then we need to re-run the OPEN.
Fixes: 0dd2b474d0b6 ("nfs: implement i_op->atomic_open()")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Acked-by: NeilBrown <neilb@suse.com>
Acked-by: Vasant Karasulli <vkarasulli@suse.de>
---
fs/nfs/dir.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1989,12 +1989,17 @@ no_open:
if ((lookup_flags & LOOKUP_DIRECTORY) && inode &&
!S_ISDIR(inode->i_mode))
res = ERR_PTR(-ENOTDIR);
+ else if (inode && S_ISREG(inode->i_mode))
+ res = ERR_PTR(-EOPENSTALE);
} else if (!IS_ERR(res)) {
inode = d_inode(res);
if ((lookup_flags & LOOKUP_DIRECTORY) && inode &&
!S_ISDIR(inode->i_mode)) {
dput(res);
res = ERR_PTR(-ENOTDIR);
+ } else if (inode && S_ISREG(inode->i_mode)) {
+ dput(res);
+ res = ERR_PTR(-EOPENSTALE);
}
}
if (switched) {