1 files changed, 47 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
new file mode 100644
index 0000000..1ae600f
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
@@ -0,0 +1,47 @@
+fs: umount on symlink leaks mnt count
+commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream.
+Currently umount on symlink blocks following umount:
+/vz is separate mount
+drwxr-xr-x.  2 root root       4096 Jul 19 01:14 testdir
+lrwxrwxrwx.  1 root root         11 Jul 19 01:16 testlink -> /vz/testdir
+umount: /vz/testlink: not mounted (expected)
+umount: /vz: device is busy. (unexpected)
+In this case mountpoint_last() gets an extra refcount on path->mnt
+Upstream-Status: Backport
+Signed-off-by: Vasily Averin <vvs@openvz.org>
+Acked-by: Ian Kent <raven@themaw.net>
+Acked-by: Jeff Layton <jlayton@primarydata.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/namei.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/fs/namei.c b/fs/namei.c
+index 187cacf..c199dcc 100644
+--- a/fs/namei.c
+++ b/fs/namei.c
+@@ -2280,9 +2280,10 @@ done:
+                goto out;
+        }
+        path->dentry = dentry;
+-       path->mnt = mntget(nd->path.mnt);
+       path->mnt = nd->path.mnt;
+        if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW))
+                return 1;
+       mntget(path->mnt);
+        follow_mount(path);
+        error = 0;
+ out:
+-- 
+1.9.1

diff --git a/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch new file mode 100644 index 0000000..1ae600f --- /dev/null +++ b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
@@ -0,0 +1,47 @@
	1	fs: umount on symlink leaks mnt count
	2
	3	commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream.
	4
	5	Currently umount on symlink blocks following umount:
	6
	7	/vz is separate mount
	8
	9	drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
	10	lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
	11	umount: /vz/testlink: not mounted (expected)
	12
	13	umount: /vz: device is busy. (unexpected)
	14
	15	In this case mountpoint_last() gets an extra refcount on path->mnt
	16
	17	Upstream-Status: Backport
	18
	19	Signed-off-by: Vasily Averin <vvs@openvz.org>
	20	Acked-by: Ian Kent <raven@themaw.net>
	21	Acked-by: Jeff Layton <jlayton@primarydata.com>
	22	Cc: stable@vger.kernel.org
	23	Signed-off-by: Christoph Hellwig <hch@lst.de>
	24	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	25	---
	26	fs/namei.c \| 3 ++-
	27	1 file changed, 2 insertions(+), 1 deletion(-)
	28
	29	diff --git a/fs/namei.c b/fs/namei.c
	30	index 187cacf..c199dcc 100644
	31	--- a/fs/namei.c
	32	+++ b/fs/namei.c
	33	@@ -2280,9 +2280,10 @@ done:
	34	goto out;
	35	}
	36	path->dentry = dentry;
	37	- path->mnt = mntget(nd->path.mnt);
	38	+ path->mnt = nd->path.mnt;
	39	if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW))
	40	return 1;
	41	+ mntget(path->mnt);
	42	follow_mount(path);
	43	error = 0;
	44	out:
	45	--
	46	1.9.1
	47