ANDROID: regression introduced override_creds=off
Fixes a regression introduced by the series of commits: commit 17bd9a7f ("ANDROID: overlayfs ovl_create_of_link regression"), commit 272fcd1ca7ceb252b1c3a2961110c7c1722707cf ("ANDROID: overlayfs: override_creds=off option bypass creator_cred"), commit aab9adb4 ("Merge 4.4.179 into android-4.4") that took in an incomplete, backport of commit 54a07fff ("ovl: fix uid/gid when creating over whiteout") (or upstream commit d0e13f5bbe4be7c8f27736fc40503dcec04b7de0 ("ovl: fix uid/gid when creating over whiteout")) where a crash is observed a crash in ovl_create_or_link() when a simple re-direction command in vendor directory. /vendor/bin/<Any test> > /vendor/bin/test_log.txt 2>&1& After further debugging we see that if the output is redirected to a file which doesn’t exist we see this stack: [ 377.382745] ovl_create_or_link+0xac/0x710 [ 377.382745] ovl_create_object+0xb8/0x110 [ 377.382745] ovl_create+0x34/0x40 [ 377.382745] path_openat+0xd44/0x15a8 [ 377.382745] do_filp_open+0x80/0x128 [ 377.382745] do_sys_open+0x140/0x250 [ 377.382745] __arm64_sys_openat+0x2c/0x38 ovl_override_creds returns NULL because the override_cred flag is set to false. This causes ovl_revert_creds also to fail. There is another call to check override_cred in override_cred call which overrides the creds permanently as there no revert_creds associated. So whenever next commit_cred is called we see the crash as the credentials are permanently overridden. Signed-off-by:Mark Salyzyn <salyzyn@google.com> Tested-by:
Loading
Please register or sign in to comment