From bcf6dddd9746bc5ea3a4af2d9dee6977f3d2d318 Mon Sep 17 00:00:00 2001 From: Tadeusz Struk Date: Tue, 13 Sep 2022 10:56:54 -0700 Subject: [PATCH] ANDROID: incfs: Add check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr Add an explicite check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr. Both of these attributes can not be set at the same time, otherwise notify_change() function will check it and invoke BUG(), crashing the system. Bug: 243394930 Signed-off-by: Tadeusz Struk Change-Id: I91080d68efbd62f1441e20a5c02feef3d1b06e4e --- fs/incfs/vfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/incfs/vfs.c b/fs/incfs/vfs.c index 776640451f6f..342998f24090 100644 --- a/fs/incfs/vfs.c +++ b/fs/incfs/vfs.c @@ -1592,6 +1592,10 @@ static int incfs_setattr(struct dentry *dentry, struct iattr *ia) if (ia->ia_valid & ATTR_SIZE) return -EINVAL; + if ((ia->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) && + (ia->ia_valid & ATTR_MODE)) + return -EINVAL; + if (!di) return -EINVAL; backing_dentry = di->backing_path.dentry;