ANDROID: regression introduced override_creds=off
Solve a regression introduced by commit f5f87eca ("ANDROID: overlayfs: override_creds=off option bypass creator_cred") where a crash is observed a crash in ovl_create_or_link() when a simple re-direction command in vendor directory. /vendor/bin/<Any test> > /vendor/bin/test_log.txt 2>&1& After further debugging we see that if the output is redirected to a file which doesn’t exist we see this stack: [ 377.382745] ovl_create_or_link+0xac/0x710 [ 377.382745] ovl_create_object+0xb8/0x110 [ 377.382745] ovl_create+0x34/0x40 [ 377.382745] path_openat+0xd44/0x15a8 [ 377.382745] do_filp_open+0x80/0x128 [ 377.382745] do_sys_open+0x140/0x250 [ 377.382745] __arm64_sys_openat+0x2c/0x38 ovl_override_creds returns NULL because the override_cred flag is set to false. This causes ovl_revert_creds also to fail. There is another call to check override_cred in override_cred call which overrides the creds permanently as there no revert_creds associated. So whenever next commit_cred is called we see the crash as the credentials are permanently overridden. Signed-off-by:Mark Salyzyn <salyzyn@google.com> Tested-by:
Loading
Please register or sign in to comment