From: Trond Myklebust trond.myklebust@hammerspace.com
mainline inclusion from mainline-v5.17-rc2 commit 1751fc1db36f6f411709e143d5393f92d12137a9 category: bugfix bugzilla: 186205 https://gitee.com/openeuler/kernel/issues/I4U2NK CVE: CVE-2022-24448
-----------------------------------------------
If the file type changes back to being a regular file on the server between the failed OPEN and our LOOKUP, then we need to re-run the OPEN.
Fixes: 0dd2b474d0b6 ("nfs: implement i_op->atomic_open()") Signed-off-by: Trond Myklebust trond.myklebust@hammerspace.com Signed-off-by: Anna Schumaker Anna.Schumaker@Netapp.com Signed-off-by: Zhang Xiaoxu zhangxiaoxu5@huawei.com Reviewed-by: Zhang Yi yi.zhang@huawei.com Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- fs/nfs/dir.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index 6e55d9763a19..1276437b48de 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -1782,12 +1782,17 @@ int nfs_atomic_open(struct inode *dir, struct dentry *dentry, if ((lookup_flags & LOOKUP_DIRECTORY) && inode && !S_ISDIR(inode->i_mode)) res = ERR_PTR(-ENOTDIR); + else if (inode && S_ISREG(inode->i_mode)) + res = ERR_PTR(-EOPENSTALE); } else if (!IS_ERR(res)) { inode = d_inode(res); if ((lookup_flags & LOOKUP_DIRECTORY) && inode && !S_ISDIR(inode->i_mode)) { dput(res); res = ERR_PTR(-ENOTDIR); + } else if (inode && S_ISREG(inode->i_mode)) { + dput(res); + res = ERR_PTR(-EOPENSTALE); } } if (switched) {