mnt: Add missing pieces of fix for CVE-2014-9717
svn path=/dists/trunk/linux/; revision=22605
This commit is contained in:
parent
8bd2312d62
commit
8ed388e21b
|
@ -147,6 +147,9 @@ linux (4.0.2-1) unstable; urgency=medium
|
||||||
* [x86] nfc: Enable NFC_HCI, NFC_MEI_PHY, NFC_PN544, NFC_PN544_MEI as
|
* [x86] nfc: Enable NFC_HCI, NFC_MEI_PHY, NFC_PN544, NFC_PN544_MEI as
|
||||||
modules (Closes: #770323)
|
modules (Closes: #770323)
|
||||||
* Set ABI to 1
|
* Set ABI to 1
|
||||||
|
* mnt: Add missing pieces of fix for CVE-2014-9717:
|
||||||
|
- mnt: Fail collect_mounts when applied to unmounted mounts
|
||||||
|
- fs_pin: Allow for the possibility that m_list or s_list go unused.
|
||||||
|
|
||||||
[ Ian Campbell ]
|
[ Ian Campbell ]
|
||||||
* [armhf] Enable support for Freescale SNVS RTC. (Closes: #782364)
|
* [armhf] Enable support for Freescale SNVS RTC. (Closes: #782364)
|
||||||
|
@ -155,7 +158,7 @@ linux (4.0.2-1) unstable; urgency=medium
|
||||||
udeb. Patches from both Vagrant Cascadian and Wookey. (Closes: #783275)
|
udeb. Patches from both Vagrant Cascadian and Wookey. (Closes: #783275)
|
||||||
* [arm*] Install DTBS using dtbs_install target. (Closes: #784761)
|
* [arm*] Install DTBS using dtbs_install target. (Closes: #784761)
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Sun, 10 May 2015 21:08:37 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Mon, 11 May 2015 04:29:06 +0100
|
||||||
|
|
||||||
linux (4.0-1~exp1) experimental; urgency=medium
|
linux (4.0-1~exp1) experimental; urgency=medium
|
||||||
|
|
||||||
|
|
51
debian/patches/bugfix/all/fs_pin-allow-for-the-possibility-that-m_list-or-s_li.patch
vendored
Normal file
51
debian/patches/bugfix/all/fs_pin-allow-for-the-possibility-that-m_list-or-s_li.patch
vendored
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||||
|
Date: Thu, 2 Apr 2015 16:35:48 -0500
|
||||||
|
Subject: fs_pin: Allow for the possibility that m_list or s_list go unused.
|
||||||
|
Origin: https://git.kernel.org/linus/820f9f147dcce2602eefd9b575bbbd9ea14f0953
|
||||||
|
|
||||||
|
This is needed to support lazily umounting locked mounts. Because the
|
||||||
|
entire unmounted subtree needs to stay together until there are no
|
||||||
|
users with references to any part of the subtree.
|
||||||
|
|
||||||
|
To support this guarantee that the fs_pin m_list and s_list nodes
|
||||||
|
are initialized by initializing them in init_fs_pin allowing
|
||||||
|
for the possibility that pin_insert_group does not touch them.
|
||||||
|
|
||||||
|
Further use hlist_del_init in pin_remove so that there is
|
||||||
|
a hlist_unhashed test before the list we attempt to update
|
||||||
|
the previous list item.
|
||||||
|
|
||||||
|
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||||
|
---
|
||||||
|
fs/fs_pin.c | 4 ++--
|
||||||
|
include/linux/fs_pin.h | 2 ++
|
||||||
|
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fs/fs_pin.c b/fs/fs_pin.c
|
||||||
|
index b06c987..611b540 100644
|
||||||
|
--- a/fs/fs_pin.c
|
||||||
|
+++ b/fs/fs_pin.c
|
||||||
|
@@ -9,8 +9,8 @@ static DEFINE_SPINLOCK(pin_lock);
|
||||||
|
void pin_remove(struct fs_pin *pin)
|
||||||
|
{
|
||||||
|
spin_lock(&pin_lock);
|
||||||
|
- hlist_del(&pin->m_list);
|
||||||
|
- hlist_del(&pin->s_list);
|
||||||
|
+ hlist_del_init(&pin->m_list);
|
||||||
|
+ hlist_del_init(&pin->s_list);
|
||||||
|
spin_unlock(&pin_lock);
|
||||||
|
spin_lock_irq(&pin->wait.lock);
|
||||||
|
pin->done = 1;
|
||||||
|
diff --git a/include/linux/fs_pin.h b/include/linux/fs_pin.h
|
||||||
|
index 9dc4e03..3886b3b 100644
|
||||||
|
--- a/include/linux/fs_pin.h
|
||||||
|
+++ b/include/linux/fs_pin.h
|
||||||
|
@@ -13,6 +13,8 @@ struct vfsmount;
|
||||||
|
static inline void init_fs_pin(struct fs_pin *p, void (*kill)(struct fs_pin *))
|
||||||
|
{
|
||||||
|
init_waitqueue_head(&p->wait);
|
||||||
|
+ INIT_HLIST_NODE(&p->s_list);
|
||||||
|
+ INIT_HLIST_NODE(&p->m_list);
|
||||||
|
p->kill = kill;
|
||||||
|
}
|
||||||
|
|
44
debian/patches/bugfix/all/mnt-fail-collect_mounts-when-applied-to-unmounted-mo.patch
vendored
Normal file
44
debian/patches/bugfix/all/mnt-fail-collect_mounts-when-applied-to-unmounted-mo.patch
vendored
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||||
|
Date: Wed, 7 Jan 2015 14:28:26 -0600
|
||||||
|
Subject: mnt: Fail collect_mounts when applied to unmounted mounts
|
||||||
|
Origin: https://git.kernel.org/linus/cd4a40174b71acd021877341684d8bb1dc8ea4ae
|
||||||
|
|
||||||
|
The only users of collect_mounts are in audit_tree.c
|
||||||
|
|
||||||
|
In audit_trim_trees and audit_add_tree_rule the path passed into
|
||||||
|
collect_mounts is generated from kern_path passed an audit_tree
|
||||||
|
pathname which is guaranteed to be an absolute path. In those cases
|
||||||
|
collect_mounts is obviously intended to work on mounted paths and
|
||||||
|
if a race results in paths that are unmounted when collect_mounts
|
||||||
|
it is reasonable to fail early.
|
||||||
|
|
||||||
|
The paths passed into audit_tag_tree don't have the absolute path
|
||||||
|
check. But are used to play with fsnotify and otherwise interact with
|
||||||
|
the audit_trees, so again operating only on mounted paths appears
|
||||||
|
reasonable.
|
||||||
|
|
||||||
|
Avoid having to worry about what happens when we try and audit
|
||||||
|
unmounted filesystems by restricting collect_mounts to mounts
|
||||||
|
that appear in the mount tree.
|
||||||
|
|
||||||
|
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||||
|
---
|
||||||
|
fs/namespace.c | 7 +++++--
|
||||||
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
--- a/fs/namespace.c
|
||||||
|
+++ b/fs/namespace.c
|
||||||
|
@@ -1709,8 +1709,11 @@ struct vfsmount *collect_mounts(struct p
|
||||||
|
{
|
||||||
|
struct mount *tree;
|
||||||
|
namespace_lock();
|
||||||
|
- tree = copy_tree(real_mount(path->mnt), path->dentry,
|
||||||
|
- CL_COPY_ALL | CL_PRIVATE);
|
||||||
|
+ if (!check_mnt(real_mount(path->mnt)))
|
||||||
|
+ tree = ERR_PTR(-EINVAL);
|
||||||
|
+ else
|
||||||
|
+ tree = copy_tree(real_mount(path->mnt), path->dentry,
|
||||||
|
+ CL_COPY_ALL | CL_PRIVATE);
|
||||||
|
namespace_unlock();
|
||||||
|
if (IS_ERR(tree))
|
||||||
|
return ERR_CAST(tree);
|
|
@ -66,3 +66,5 @@ debian/emmc-don-t-initialize-partitions-on-rpmb-flagged-areas.patch
|
||||||
features/all/efi-autoload-efi-pstore.patch
|
features/all/efi-autoload-efi-pstore.patch
|
||||||
bugfix/all/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch
|
bugfix/all/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch
|
||||||
bugfix/all/path_openat-fix-double-fput.patch
|
bugfix/all/path_openat-fix-double-fput.patch
|
||||||
|
bugfix/all/mnt-fail-collect_mounts-when-applied-to-unmounted-mo.patch
|
||||||
|
bugfix/all/fs_pin-allow-for-the-possibility-that-m_list-or-s_li.patch
|
||||||
|
|
Loading…
Reference in New Issue