Bug at kernel/cred.c +432
From: rishabhb
Date: Mon Sep 09 2019 - 18:47:29 EST
Hi Miklos
In 4.19 kernel when we write to a file that doesn't exist we see the
following stack:
[ 377.382745] ovl_create_or_link+0xac/0x710
[ 377.382745] ovl_create_object+0xb8/0x110
[ 377.382745] ovl_create+0x34/0x40
[ 377.382745] path_openat+0xd44/0x15a8
[ 377.382745] do_filp_open+0x80/0x128
[ 377.382745] do_sys_open+0x140/0x250
[ 377.382745] __arm64_sys_openat+0x2c/0x38
If the override_cred flag = off, the ovl_override_cred and
ovl_revert_cred just returns NULL.
But there is another override_cred in between these two functions;
put_cred(override_creds(override_cred));
put_cred(override_cred);
This will override the credentials permanently as there is no
corresponding revert_cred associated.
So whenever we do commit_creds for this task, we see a BUG_ON at
kernel/cred.c +443.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/cred.c#n443
Should this override_cred be changed to ovl_override_cred to maintain
consistency and avoid this
BUG_ON?
Thanks,
Rishabh