diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-46923.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-46923.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-46923.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-46923.patch new file mode 100644 index 000000000..eb2b5cc93 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-46923.patch @@ -0,0 +1,44 @@ +From 012e332286e2bb9f6ac77d195f17e74b2963d663 Mon Sep 17 00:00:00 2001 +From: Christian Brauner <christian.brauner@ubuntu.com> +Date: Thu, 30 Dec 2021 20:23:09 +0100 +Subject: fs/mount_setattr: always cleanup mount_kattr + +Make sure that finish_mount_kattr() is called after mount_kattr was +succesfully built in both the success and failure case to prevent +leaking any references we took when we built it. We returned early if +path lookup failed thereby risking to leak an additional reference we +took when building mount_kattr when an idmapped mount was requested. + +Cc: linux-fsdevel@vger.kernel.org +Cc: stable@vger.kernel.org +Fixes: 9caccd41541a ("fs: introduce MOUNT_ATTR_IDMAP") +Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +--- + fs/namespace.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/fs/namespace.c b/fs/namespace.c +index 659a8f39c61afb..b696543adab848 100644 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -4263,12 +4263,11 @@ SYSCALL_DEFINE5(mount_setattr, int, dfd, const char __user *, path, + return err; + + err = user_path_at(dfd, path, kattr.lookup_flags, &target); +- if (err) +- return err; +- +- err = do_mount_setattr(&target, &kattr); ++ if (!err) { ++ err = do_mount_setattr(&target, &kattr); ++ path_put(&target); ++ } + finish_mount_kattr(&kattr); +- path_put(&target); + return err; + } + +-- +cgit 1.2.3-korg + |