From: Sona Sarmadi Date: Fri, 5 Sep 2014 12:59:02 +0000 (+0200) Subject: fs: umount on symlink leaks mnt count, CVE-2014-5045 X-Git-Tag: 2.1~534^2~82 X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=8efb769207b4e96afecc47129983eadfd77fc008;p=meta-freescale.git fs: umount on symlink leaks mnt count, CVE-2014-5045 Signed-off-by: Sona Sarmadi --- diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch new file mode 100644 index 00000000..1ae600fb --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch @@ -0,0 +1,47 @@ +fs: umount on symlink leaks mnt count + +commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream. + +Currently umount on symlink blocks following umount: + +/vz is separate mount + +drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir +lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir +umount: /vz/testlink: not mounted (expected) + +umount: /vz: device is busy. (unexpected) + +In this case mountpoint_last() gets an extra refcount on path->mnt + +Upstream-Status: Backport + +Signed-off-by: Vasily Averin +Acked-by: Ian Kent +Acked-by: Jeff Layton +Cc: stable@vger.kernel.org +Signed-off-by: Christoph Hellwig +Signed-off-by: Sona Sarmadi +--- + fs/namei.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/namei.c b/fs/namei.c +index 187cacf..c199dcc 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2280,9 +2280,10 @@ done: + goto out; + } + path->dentry = dentry; +- path->mnt = mntget(nd->path.mnt); ++ path->mnt = nd->path.mnt; + if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW)) + return 1; ++ mntget(path->mnt); + follow_mount(path); + error = 0; + out: +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb index 5d9a1f0d..4e9c50b5 100644 --- a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb @@ -2,6 +2,7 @@ require recipes-kernel/linux/linux-qoriq.inc SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \ + file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \ " SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd"