From 7eaac3e1c5d84fcd792a4ea0cb7acbdeb3cb319e Mon Sep 17 00:00:00 2001 From: Tadeusz Struk Date: Tue, 13 Sep 2022 10:56:54 -0700 Subject: [PATCH] ANDROID: incfs: Add check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr Add an explicite check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr. Both of these attributes can not be set at the same time, otherwise notify_change() function will check it and invoke BUG(), crashing the system. Bug: 243394930 Signed-off-by: Tadeusz Struk Change-Id: I91080d68efbd62f1441e20a5c02feef3d1b06e4e --- fs/incfs/vfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/incfs/vfs.c b/fs/incfs/vfs.c index 50b465c10ba9..8f784e0d51d0 100644 --- a/fs/incfs/vfs.c +++ b/fs/incfs/vfs.c @@ -1609,6 +1609,10 @@ static int incfs_setattr(struct user_namespace *ns, struct dentry *dentry, if (ia->ia_valid & ATTR_SIZE) return -EINVAL; + if ((ia->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) && + (ia->ia_valid & ATTR_MODE)) + return -EINVAL; + if (!di) return -EINVAL; backing_dentry = di->backing_path.dentry;