rpms/kernel
9
2
Fork 4
Code Issues Pull Requests Releases Activity

CVE-2014-5045 vfs: refcount issues during lazy umount on symlink (rhbz 1122471 1122482)

Browse Source
This commit is contained in:
Josh Boyer 2014-07-24 12:02:58 -04:00
parent eae6506625
commit b052f24552
2 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
fs-umount-on-symlink-leaks-mnt-count.patch Normal file
View File

@ -0,0 +1,41 @@
Bugzilla: 1122482
Upstream-status: Sent for 3.16
From: Vasily Averin <vvs@openvz.org>
Subject: [PATCH v4] fs: umount on symlink leaks mnt count
Currently umount on symlink blocks following umount:
/vz is separate mount
# ls /vz/ -al | grep test
drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
# umount -l /vz/testlink
umount: /vz/testlink: not mounted (expected)
# lsof /vz
# umount /vz
umount: /vz: device is busy. (unexpected)
In this case mountpoint_last() gets an extra refcount on path->mnt
Signed-off-by: Vasily Averin <vvs@openvz.org>
---
fs/namei.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 985c6f3..9eb787e 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2256,9 +2256,10 @@ done:
goto out;
}
path->dentry = dentry;
- path->mnt = mntget(nd->path.mnt);
+ path->mnt = nd->path.mnt;
if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
return 1;
+ mntget(path->mnt);
follow_mount(path);
error = 0;
out:
--
1.7.5.4

7
kernel.spec
View File

@ -639,6 +639,9 @@ Patch25110: 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
#rhbz 1117942 #rhbz 1117942
Patch25118: sched-fix-sched_setparam-policy-1-logic.patch Patch25118: sched-fix-sched_setparam-policy-1-logic.patch
#CVE-2014-5045 rhbz 1122472 1122482
Patch25119: fs-umount-on-symlink-leaks-mnt-count.patch
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
Patch30000: kernel-arm64.patch Patch30000: kernel-arm64.patch
@ -1364,6 +1367,9 @@ ApplyPatch 0001-ideapad-laptop-Change-Lenovo-Yoga-2-series-rfkill-ha.patch
#rhbz 1117942 #rhbz 1117942
ApplyPatch sched-fix-sched_setparam-policy-1-logic.patch ApplyPatch sched-fix-sched_setparam-policy-1-logic.patch
#CVE-2014-5045 rhbz 1122472 1122482
ApplyPatch fs-umount-on-symlink-leaks-mnt-count.patch
%if 0%{?aarch64patches} %if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch ApplyPatch kernel-arm64.patch
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@ -2247,6 +2253,7 @@ fi
# || || # || ||
%changelog %changelog
* Thu Jul 24 2014 Josh Boyer <jwboyer@fedoraproject.org> * Thu Jul 24 2014 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2014-5045 vfs: refcount issues during lazy umount on symlink (rhbz 1122471 1122482)
- Fix regression in sched_setparam (rhbz 1117942) - Fix regression in sched_setparam (rhbz 1117942)
* Tue Jul 22 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.16.0-0.rc6.git1.1 * Tue Jul 22 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.16.0-0.rc6.git1.1