evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs
History
Mark Salyzyn 72c5343cdb ANDROID: regression introduced override_creds=off 
Fixes a regression introduced by the series of commits:
commit 272fcd1ca7ceb252b1c3a2961110c7c1722707cf
("ANDROID: overlayfs: override_creds=off option bypass creator_cred"),
commit aab9adb4b8
("Merge 4.4.179 into android-4.4") that took in an incomplete,
backport of commit 54a07fff4b
("ovl: fix uid/gid when creating over whiteout") (or upstream
commit d0e13f5bbe4be7c8f27736fc40503dcec04b7de0
("ovl: fix uid/gid when creating over whiteout"))
where a crash is observed in ovl_create_or_link() when a
simple re-direction command in vendor directory.

/vendor/bin/<Any test> > /vendor/bin/test_log.txt 2>&1&

After further debugging we see that if the output is redirected to a
file which doesn’t exist we see this stack:

[  377.382745]  ovl_create_or_link+0xac/0x710
[  377.382745]  ovl_create_object+0xb8/0x110
[  377.382745]  ovl_create+0x34/0x40
[  377.382745]  path_openat+0xd44/0x15a8
[  377.382745]  do_filp_open+0x80/0x128
[  377.382745]  do_sys_open+0x140/0x250
[  377.382745]  __arm64_sys_openat+0x2c/0x38

ovl_override_creds returns NULL because the override_cred flag is set
to false.  This causes ovl_revert_creds also to fail.

There is another call to check override_cred in override_cred call
which overrides the creds permanently as there no revert_creds
associated.  So whenever next commit_cred is called we see the crash
as the credentials are permanently overridden.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Tested-by: Rishabh/Jeevan <jshriram@qualcomm.corp-partner.google.com>
Bug: 140816499
Bug: 109821005
Bug: 112955896
Bug: 127298877
Bug: 137541192
Change-Id: Icd0d9be82fc57af5ead1eeab99f79adf3adf62ef
2019-09-13 09:31:12 -07:00
..
9p 9p: pass the correct prototype to read_cache_page 2019-08-04 09:34:59 +02:00
adfs fs/adfs: super: fix use-after-free bug 2019-08-06 18:28:26 +02:00
affs affs_lookup(): close a race with affs_remove_link() 2018-05-30 07:48:51 +02:00
afs afs: Fix afs_kill_pages() 2017-12-20 10:04:56 +01:00
autofs4 autofs: fix error return in autofs_fill_super() 2019-03-23 08:44:27 +01:00
befs
bfs bfs: add sanity check at bfs_fill_super() 2018-12-01 09:46:33 +01:00
btrfs This is the 4.4.188 stable release 2019-08-06 18:36:03 +02:00
cachefiles fscache, cachefiles: remove redundant variable 'cache' 2018-12-17 21:55:12 +01:00
ceph ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() 2019-09-10 10:29:48 +01:00
cifs smb3: send CAP_DFS capability during session setup 2019-08-25 10:52:54 +02:00
coda coda: add error handling for fget 2019-08-06 18:28:27 +02:00
configfs configfs: Fix use-after-free when accessing sd->s_dentry 2019-06-22 08:18:26 +02:00
cramfs Cramfs: fix abad comparison when wrap-arounds occur 2018-11-21 09:27:37 +01:00
crypto BACKPORT, FROMLIST: fscrypt: add Speck128/256 support 2018-05-25 15:41:18 +00:00
debugfs debugfs: fix use-after-free on symlink traversal 2019-05-16 19:45:01 +02:00
devpts devpts: clean up interface to pty drivers 2016-08-16 09:30:49 +02:00
dlm dlm: Don't swamp the CPU with callbacks queued during recovery 2019-02-20 10:13:04 +01:00
ecryptfs eCryptfs: fix a couple type promotion bugs 2019-08-04 09:34:53 +02:00
efivarfs efi: Make efivarfs entries immutable by default 2016-03-03 15:07:09 -08:00
efs
exofs fs/exofs: fix potential memory leak in mount option parsing 2018-11-27 16:08:00 +01:00
exportfs exportfs: do not read dentry after free 2018-12-17 21:55:10 +01:00
ext2 This is the 4.4.177 stable release 2019-03-23 09:28:32 +01:00
ext4 This is the 4.4.186 stable release 2019-07-22 15:54:20 +02:00
f2fs ANDROID: Revert "f2fs: avoid out-of-range memory access" 2019-08-04 08:27:10 +00:00
fat fs/fat/file.c: issue flush after the writeback of FAT 2019-06-22 08:18:17 +02:00
freevxfs
fscache fscache: fix race between enablement and dropping of object 2018-12-17 21:55:11 +01:00
fuse This is the 4.4.183 stable release 2019-06-22 09:45:38 +02:00
gfs2 GFS2: don't set rgrp gl_object until it's inserted into rgrp tree 2019-09-06 10:18:11 +02:00
hfs hfs: do not free node before using 2018-12-17 21:55:12 +01:00
hfsplus hfsplus: do not free node before using 2018-12-17 21:55:12 +01:00
hostfs hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common() 2016-09-30 10:18:39 +02:00
hpfs hpfs: implement the show_options method 2016-06-01 12:15:54 -07:00
hugetlbfs hugetlb: use same fault hash key for shared and private mappings 2019-06-11 12:23:52 +02:00
isofs isofs: fix timestamps beyond 2027 2017-11-30 08:37:20 +00:00
jbd2 jbd2: fix compile warning when using JBUFFER_TRACE 2019-03-23 08:44:37 +01:00
jffs2 jffs2: fix use-after-free on symlink traversal 2019-05-16 19:45:01 +02:00
jfs jfs: Fix inconsistency between memory allocation and ea_buf->max_size 2018-08-09 12:19:28 +02:00
kernfs kernfs: Replace strncpy with memcpy 2018-12-13 09:21:29 +01:00
lockd lockd: fix access beyond unterminated strings in prints 2018-11-21 09:27:36 +01:00
logfs mm, fs: introduce mapping_gfp_constraint() 2015-11-06 17:50:42 -08:00
minix
ncpfs ncpfs: fix build warning of strncpy 2019-03-23 08:44:21 +01:00
nfs NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() 2019-09-06 10:18:07 +02:00
nfs_common lockd: fix "list_add double add" caused by legacy signal interface 2018-02-03 17:04:28 +01:00
nfsd nfsd: Fix overflow causing non-working mounts on 1 TB machines 2019-08-04 09:34:55 +02:00
nilfs2 do d_instantiate/unlock_new_inode combinations safely 2018-05-30 07:48:52 +02:00
nls
notify This is the 4.4.129 stable release 2018-04-24 10:42:34 +02:00
ntfs mm, fs: introduce mapping_gfp_constraint() 2015-11-06 17:50:42 -08:00
ocfs2 ocfs2: remove set but not used variable 'last_hash' 2019-08-25 10:53:01 +02:00
omfs
openpromfs
overlayfs ANDROID: regression introduced override_creds=off 2019-09-13 09:31:12 -07:00
proc This is the 4.4.183 stable release 2019-06-22 09:45:38 +02:00
pstore This is the 4.4.172 stable release 2019-01-28 20:42:21 +01:00
qnx4
qnx6
quota fs/quota: Fix spectre gadget in do_quotactl 2018-09-09 20:04:36 +02:00
ramfs mm, fs: obey gfp_mapping for add_to_page_cache() 2015-10-16 11:42:28 -07:00
reiserfs reiserfs: propagate errors from fill_with_dentries() properly 2018-11-27 16:08:00 +01:00
romfs romfs: use different way to generate fsid for BLOCK or MTD 2017-06-17 06:39:38 +02:00
sdcardfs ANDROID: sdcardfs: Change current->fs under lock 2018-10-04 08:53:32 -07:00
squashfs This is the 4.4.146 stable release 2018-08-06 21:08:50 +02:00
sysfs scsi: sysfs: Introduce sysfs_{un,}break_active_protection() 2018-09-05 09:18:40 +02:00
sysv sysv: return 'err' instead of 0 in __sysv_write_inode 2018-12-17 21:55:09 +01:00
tracefs tracefs: Fix refcount imbalance in start_creating() 2015-11-04 22:13:45 -05:00
ubifs ubifs: Check for name being NULL while mounting 2018-10-13 09:11:34 +02:00
udf udf: Fix incorrect final NOT_ALLOCATED (hole) extent length 2019-07-21 09:07:08 +02:00
ufs ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour 2019-06-11 12:23:49 +02:00
xfs xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE 2019-01-26 09:42:52 +01:00
aio.c aio: fix spectre gadget in lookup_ioctx 2018-12-21 14:09:50 +01:00
anon_inodes.c
attr.c ANDROID: vfs: user permission2 in notify_change2 2017-03-14 15:54:59 -07:00
bad_inode.c
binfmt_aout.c
binfmt_elf.c This is the 4.4.179 stable release 2019-04-30 13:25:38 +02:00
binfmt_elf_fdpic.c libnvdimm for 4.4: 2015-11-10 12:07:22 -08:00
binfmt_em86.c
binfmt_flat.c fs/binfmt_flat.c: make load_flat_shared_library() work 2019-07-10 09:56:30 +02:00
binfmt_misc.c fs/binfmt_misc.c: do not allow offset overflow 2018-07-03 11:21:26 +02:00
binfmt_script.c Revert "exec: load_script: don't blindly truncate shebang string" 2019-02-20 10:13:20 +01:00
block_dev.c fs/block_dev: always invalidate cleancache in invalidate_bdev() 2017-05-20 14:27:01 +02:00
buffer.c fs: fix guard_bio_eod to check for real EOD errors 2019-04-27 09:33:49 +02:00
char_dev.c chardev: add additional check for minor range overlap 2019-06-11 12:24:03 +02:00
compat.c
compat_binfmt_elf.c binfmt_elf: compat: avoid unused function warning 2018-02-25 11:03:51 +01:00
compat_ioctl.c compat_ioctl: pppoe: fix PPPOEIOCSFWD handling 2019-08-11 12:20:46 +02:00
coredump.c This is the 4.4.76 stable release 2017-07-05 16:16:58 +02:00
dax.c dax: disable pmd mappings 2015-11-16 23:54:45 -08:00
dcache.c This is the 4.4.178 stable release 2019-04-03 10:21:44 +02:00
dcookies.c
direct-io.c direct-io: Prevent NULL pointer access in submit_page_section 2017-10-18 09:20:42 +02:00
drop_caches.c fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() 2019-03-23 08:44:26 +01:00
eventfd.c
eventpoll.c This is the 4.4.175 stable release 2019-02-20 10:44:26 +01:00
exec.c This is the 4.4.187 stable release 2019-08-04 09:53:45 +02:00
fcntl.c fs/fcntl: f_setown, avoid undefined behaviour 2018-01-31 12:06:11 +01:00
fhandle.c fs/coredump: prevent fsuid=0 dumps into user-controlled directories 2016-04-12 09:08:58 -07:00
file.c fs/file.c: initialize init_files.resize_wait 2019-04-27 09:33:49 +02:00
file_table.c
filesystems.c
fs-writeback.c This is the 4.4.181 stable release 2019-06-11 14:23:58 +02:00
fs_pin.c
fs_struct.c ANDROID: fs: Export free_fs_struct and set_fs_pwd 2017-01-30 17:59:59 -08:00
inode.c This is the 4.4.183 stable release 2019-06-22 09:45:38 +02:00
internal.h ANDROID: vfs: Allow filesystems to access their private mount data 2017-01-26 15:53:30 -08:00
ioctl.c
Kconfig f2fs: backport from (4c1fad64 - Merge tag 'for-f2fs-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs) 2017-09-25 14:27:55 -07:00
Kconfig.binfmt
libfs.c
locks.c locks: don't check for race with close when setting OFD lock 2018-01-17 09:35:27 +01:00
Makefile f2fs: backport from (4c1fad64 - Merge tag 'for-f2fs-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs) 2017-09-25 14:27:55 -07:00
mbcache.c
mbcache2.c BACKPORT: [UPSTREAM] mbcache2: reimplement mbcache 2017-04-18 18:24:00 -07:00
mount.h mnt: In propgate_umount handle visiting mounts in any order 2017-07-21 07:44:57 +02:00
mpage.c This is the 4.4.72 stable release 2017-06-14 16:33:25 +02:00
namei.c This is the 4.4.166 stable release 2018-12-01 10:09:35 +01:00
namespace.c This is the 4.4.164 stable release 2018-11-21 11:40:16 +01:00
no-block.c
nsfs.c nsfs: mark dentry with DCACHE_RCUACCESS 2018-02-16 20:09:43 +01:00
open.c This is the 4.4.187 stable release 2019-08-04 09:53:45 +02:00
pipe.c pipe: cap initial pipe capacity according to pipe-max-size limit 2018-05-26 08:48:51 +02:00
pnode.c This is the 4.4.78 stable release 2017-07-21 09:14:57 +02:00
pnode.h This is the 4.4.65 stable release 2017-04-30 07:30:52 +02:00
posix_acl.c BACKPORT: posix_acl: Clear SGID bit when setting file permissions 2017-02-07 15:21:07 +00:00
proc_namespace.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
read_write.c fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 2019-06-11 12:24:13 +02:00
readdir.c
select.c This is the 4.4.114 stable release 2018-01-31 14:08:55 +01:00
seq_file.c Make file credentials available to the seqfile interfaces 2017-08-06 19:19:42 -07:00
signalfd.c
splice.c vfs: fix uninitialized flags in splice_to_pipe() 2017-02-23 17:43:09 +01:00
stack.c
stat.c ufs: restore maintaining ->i_blocks 2017-06-14 13:16:24 +02:00
statfs.c
super.c This is the 4.4.173 stable release 2019-02-07 09:39:13 +01:00
sync.c ANDROID: sched: add a counter to track fsync 2017-03-14 13:07:19 -07:00
timerfd.c timerfd: Protect the might cancel mechanism proper 2017-05-08 07:46:01 +02:00
userfaultfd.c This is the 4.4.191 stable release 2019-09-06 12:39:12 +02:00
utimes.c Merge remote-tracking branch 'common/android-4.4' into android-4.4.y 2017-02-15 18:02:55 -08:00
xattr.c This is the 4.4.155 stable release 2018-09-10 09:24:37 +02:00