Google Git
Sign in
android/kernel/common/bcf6dddd9746bc5ea3a4af2d9dee6977f3d2d318^!/.
commit
bcf6dddd9746bc5ea3a4af2d9dee6977f3d2d318
[log] [tgz]
author
Tadeusz Struk <tadeusz.struk@linaro.org>
Tue Sep 13 10:56:54 2022 -0700
committer
Todd Kjos <tkjos@google.com>
Mon Sep 19 16:16:16 2022 +0000
tree
abfceb1ec3e53006aa514925fbce80e17bdbcb4b
parent
d915364e92446d1b9dbd51fa274f1698d9906cba [diff]
ANDROID: incfs: Add check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr

Add an explicite check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr.
Both of these attributes can not be set at the same time, otherwise
notify_change() function will check it and invoke BUG(), crashing
the system.

Bug: 243394930

Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Change-Id: I91080d68efbd62f1441e20a5c02feef3d1b06e4e

diff --git a/fs/incfs/vfs.c b/fs/incfs/vfs.c
index 7766404..342998f 100644
--- a/fs/incfs/vfs.c
+++ b/fs/incfs/vfs.c

@@ -1592,6 +1592,10 @@ static int incfs_setattr(struct dentry *dentry, struct iattr *ia)
 	if (ia->ia_valid & ATTR_SIZE)
 		return -EINVAL;
 
+	if ((ia->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) &&
+	    (ia->ia_valid & ATTR_MODE))
+		return -EINVAL;
+
 	if (!di)
 		return -EINVAL;
 	backing_dentry = di->backing_path.dentry;