[meta-freescale] [meta-fsl-ppc][PATCH] fs: umount on symlink leaks mnt count, CVE-2014-5045

Sona Sarmadi sona.sarmadi at enea.com
Fri Sep 5 05:59:02 PDT 2014 

Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
---
 ...r-CVE-2014-5045-fs-umount-on-symlink-leak.patch | 47 ++++++++++++++++++++++
 recipes-kernel/linux/linux-qoriq_3.12.bb           |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch

diff --git a/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
new file mode 100644
index 0000000..1ae600f
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
@@ -0,0 +1,47 @@
+fs: umount on symlink leaks mnt count
+
+commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream.
+
+Currently umount on symlink blocks following umount:
+
+/vz is separate mount
+
+drwxr-xr-x.  2 root root       4096 Jul 19 01:14 testdir
+lrwxrwxrwx.  1 root root         11 Jul 19 01:16 testlink -> /vz/testdir
+umount: /vz/testlink: not mounted (expected)
+
+umount: /vz: device is busy. (unexpected)
+
+In this case mountpoint_last() gets an extra refcount on path->mnt
+
+Upstream-Status: Backport
+
+Signed-off-by: Vasily Averin <vvs at openvz.org>
+Acked-by: Ian Kent <raven at themaw.net>
+Acked-by: Jeff Layton <jlayton at primarydata.com>
+Cc: stable at vger.kernel.org
+Signed-off-by: Christoph Hellwig <hch at lst.de>
+Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
+---
+ fs/namei.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/namei.c b/fs/namei.c
+index 187cacf..c199dcc 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -2280,9 +2280,10 @@ done:
+ 		goto out;
+ 	}
+ 	path->dentry = dentry;
+-	path->mnt = mntget(nd->path.mnt);
++	path->mnt = nd->path.mnt;
+ 	if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW))
+ 		return 1;
++	mntget(path->mnt);
+ 	follow_mount(path);
+ 	error = 0;
+ out:
+-- 
+1.9.1
+
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb
index 5d9a1f0..4e9c50b 100644
--- a/recipes-kernel/linux/linux-qoriq_3.12.bb
+++ b/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -2,6 +2,7 @@ require recipes-kernel/linux/linux-qoriq.inc
 
 SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
     file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \
+    file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \
 "
 SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd"
 
-- 
1.9.1

More information about the meta-freescale mailing list