diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2014-09-05 14:59:02 +0200 |
---|---|---|
committer | Zhenhua Luo <zhenhua.luo@freescale.com> | 2014-09-09 17:17:37 +0800 |
commit | bfec563fa7ddde87748cb30e4e581629623df652 (patch) | |
tree | 1bb81d29cbc84a66d3514725c7da8b4572443bb9 | |
parent | 473dc89bb6b7bd24018e9899950e9258ff5e560e (diff) | |
download | meta-fsl-ppc-bfec563fa7ddde87748cb30e4e581629623df652.tar.gz |
fs: umount on symlink leaks mnt count, CVE-2014-5045
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
-rw-r--r-- | recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch | 47 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-qoriq_3.12.bb | 1 |
2 files changed, 48 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch new file mode 100644 index 0000000..1ae600f --- /dev/null +++ b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch | |||
@@ -0,0 +1,47 @@ | |||
1 | fs: umount on symlink leaks mnt count | ||
2 | |||
3 | commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream. | ||
4 | |||
5 | Currently umount on symlink blocks following umount: | ||
6 | |||
7 | /vz is separate mount | ||
8 | |||
9 | drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir | ||
10 | lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir | ||
11 | umount: /vz/testlink: not mounted (expected) | ||
12 | |||
13 | umount: /vz: device is busy. (unexpected) | ||
14 | |||
15 | In this case mountpoint_last() gets an extra refcount on path->mnt | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | |||
19 | Signed-off-by: Vasily Averin <vvs@openvz.org> | ||
20 | Acked-by: Ian Kent <raven@themaw.net> | ||
21 | Acked-by: Jeff Layton <jlayton@primarydata.com> | ||
22 | Cc: stable@vger.kernel.org | ||
23 | Signed-off-by: Christoph Hellwig <hch@lst.de> | ||
24 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
25 | --- | ||
26 | fs/namei.c | 3 ++- | ||
27 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
28 | |||
29 | diff --git a/fs/namei.c b/fs/namei.c | ||
30 | index 187cacf..c199dcc 100644 | ||
31 | --- a/fs/namei.c | ||
32 | +++ b/fs/namei.c | ||
33 | @@ -2280,9 +2280,10 @@ done: | ||
34 | goto out; | ||
35 | } | ||
36 | path->dentry = dentry; | ||
37 | - path->mnt = mntget(nd->path.mnt); | ||
38 | + path->mnt = nd->path.mnt; | ||
39 | if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW)) | ||
40 | return 1; | ||
41 | + mntget(path->mnt); | ||
42 | follow_mount(path); | ||
43 | error = 0; | ||
44 | out: | ||
45 | -- | ||
46 | 1.9.1 | ||
47 | |||
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb index 5d9a1f0..4e9c50b 100644 --- a/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/recipes-kernel/linux/linux-qoriq_3.12.bb | |||
@@ -2,6 +2,7 @@ require recipes-kernel/linux/linux-qoriq.inc | |||
2 | 2 | ||
3 | SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ | 3 | SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ |
4 | file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \ | 4 | file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \ |
5 | file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \ | ||
5 | " | 6 | " |
6 | SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd" | 7 | SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd" |
7 | 8 | ||