diff options
Diffstat (limited to 'meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch')
-rw-r--r-- | meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch new file mode 100644 index 00000000..1ae600fb --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch @@ -0,0 +1,47 @@ +fs: umount on symlink leaks mnt count + +commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream. + +Currently umount on symlink blocks following umount: + +/vz is separate mount + +drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir +lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir +umount: /vz/testlink: not mounted (expected) + +umount: /vz: device is busy. (unexpected) + +In this case mountpoint_last() gets an extra refcount on path->mnt + +Upstream-Status: Backport + +Signed-off-by: Vasily Averin <vvs@openvz.org> +Acked-by: Ian Kent <raven@themaw.net> +Acked-by: Jeff Layton <jlayton@primarydata.com> +Cc: stable@vger.kernel.org +Signed-off-by: Christoph Hellwig <hch@lst.de> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + fs/namei.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/namei.c b/fs/namei.c +index 187cacf..c199dcc 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2280,9 +2280,10 @@ done: + goto out; + } + path->dentry = dentry; +- path->mnt = mntget(nd->path.mnt); ++ path->mnt = nd->path.mnt; + if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW)) + return 1; ++ mntget(path->mnt); + follow_mount(path); + error = 0; + out: +-- +1.9.1 + |