Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 847c6900 authored by Mark Salyzyn's avatar Mark Salyzyn
Browse files

ANDROID: regression introduced override_creds=off 



Solve a regression introduced by
commit 272fcd1c
("ANDROID: overlayfs: override_creds=off option bypass creator_cred")
where a crash is observed a crash in ovl_create_or_link() when a
simple re-direction command in vendor directory.

/vendor/bin/<Any test> > /vendor/bin/test_log.txt 2>&1&

After further debugging we see that if the output is redirected to a
file which doesn’t exist we see this stack:

[  377.382745]  ovl_create_or_link+0xac/0x710
[  377.382745]  ovl_create_object+0xb8/0x110
[  377.382745]  ovl_create+0x34/0x40
[  377.382745]  path_openat+0xd44/0x15a8
[  377.382745]  do_filp_open+0x80/0x128
[  377.382745]  do_sys_open+0x140/0x250
[  377.382745]  __arm64_sys_openat+0x2c/0x38

ovl_override_creds returns NULL because the override_cred flag is set
to false.  This causes ovl_revert_creds also to fail.

There is another call to check override_cred in override_cred call
which overrides the creds permanently as there no revert_creds
associated.  So whenever next commit_cred is called we see the crash
as the credentials are permanently overridden.

Signed-off-by: default avatarMark Salyzyn <salyzyn@google.com>
Tested-by: default avatarRishabh/Jeevan <jshriram@qualcomm.corp-partner.google.com>
Bug: 140816499
Change-Id: Icd0d9be82fc57af5ead1eeab99f79adf3adf62ef
parent 64f28a85

fs/overlayfs/dir.c

+5 −3
Original line number Original line Diff line number Diff line
@@ -540,7 +540,7 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, 
			      struct ovl_cattr *attr, bool origin)

			      struct ovl_cattr *attr, bool origin)

{

{

	int err;

	int err;

	const struct cred *old_cred;

	const struct cred *old_cred, *hold_cred = NULL;

	struct cred *override_cred;

	struct cred *override_cred;

	struct dentry *parent = dentry->d_parent;

	struct dentry *parent = dentry->d_parent;
@@ -575,7 +575,7 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, 
				goto out_revert_creds;

				goto out_revert_creds;

			}

			}

		}

		}

		put_cred(override_creds(override_cred));

		hold_cred = override_creds(override_cred);

		put_cred(override_cred);

		put_cred(override_cred);





		if (!ovl_dentry_is_whiteout(dentry))

		if (!ovl_dentry_is_whiteout(dentry))
@@ -584,7 +584,9 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, 
			err = ovl_create_over_whiteout(dentry, inode, attr);

			err = ovl_create_over_whiteout(dentry, inode, attr);

	}

	}

out_revert_creds:

out_revert_creds:

	ovl_revert_creds(old_cred);

	ovl_revert_creds(old_cred ?: hold_cred);

	if (old_cred && hold_cred)

		put_cred(hold_cred);

	return err;

	return err;

}

}