CVE-2014-5045 vfs: refcount issues during lazy umount on symlink (rhbz 1122471 1122482)
This commit is contained in:
Josh Boyer
parent
170dfe3d58
commit
909e1c68d1
|
|
@ -0,0 +1,41 @@
|
|||
Bugzilla: 1122482
|
||||
Upstream-status: Sent for 3.16
|
||||
From: Vasily Averin <vvs@openvz.org>
|
||||
Subject: [PATCH v4] fs: umount on symlink leaks mnt count
|
||||
Currently umount on symlink blocks following umount:
|
||||
|
||||
/vz is separate mount
|
||||
|
||||
# ls /vz/ -al | grep test
|
||||
drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
|
||||
lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
|
||||
# umount -l /vz/testlink
|
||||
umount: /vz/testlink: not mounted (expected)
|
||||
# lsof /vz
|
||||
# umount /vz
|
||||
umount: /vz: device is busy. (unexpected)
|
||||
|
||||
In this case mountpoint_last() gets an extra refcount on path->mnt
|
||||
|
||||
Signed-off-by: Vasily Averin <vvs@openvz.org>
|
||||
---
|
||||
fs/namei.c | 3 ++-
|
||||
1 files changed, 2 insertions(+), 1 deletions(-)
|
||||
diff --git a/fs/namei.c b/fs/namei.c
|
||||
index 985c6f3..9eb787e 100644
|
||||
--- a/fs/namei.c
|
||||
+++ b/fs/namei.c
|
||||
@@ -2256,9 +2256,10 @@ done:
|
||||
goto out;
|
||||
}
|
||||
path->dentry = dentry;
|
||||
- path->mnt = mntget(nd->path.mnt);
|
||||
+ path->mnt = nd->path.mnt;
|
||||
if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
|
||||
return 1;
|
||||
+ mntget(path->mnt);
|
||||
follow_mount(path);
|
||||
error = 0;
|
||||
out:
|
||||
--
|
||||
1.7.5.4
|
||||
|
|
@ -767,6 +767,9 @@ Patch25117: s390-ptrace-fix-PSW-mask-check.patch
|
|||
#rhbz 1117942
|
||||
Patch25118: sched-fix-sched_setparam-policy-1-logic.patch
|
||||
|
||||
#CVE-2014-5045 rhbz 1122472 1122482
|
||||
Patch25119: fs-umount-on-symlink-leaks-mnt-count.patch
|
||||
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
|
|
@ -1478,6 +1481,9 @@ ApplyPatch s390-ptrace-fix-PSW-mask-check.patch
|
|||
#rhbz 1117942
|
||||
ApplyPatch sched-fix-sched_setparam-policy-1-logic.patch
|
||||
|
||||
#CVE-2014-5045 rhbz 1122472 1122482
|
||||
ApplyPatch fs-umount-on-symlink-leaks-mnt-count.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2291,6 +2297,7 @@ fi
|
|||
|
||||
%changelog
|
||||
* Thu Jul 24 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2014-5045 vfs: refcount issues during lazy umount on symlink (rhbz 1122471 1122482)
|
||||
- Fix regression in sched_setparam (rhbz 1117942)
|
||||
- CVE-2014-3534 s390: ptrace: insufficient sanitization with psw mask (rhbz 1114089 1122612)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue