projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9acf858)
[RAMEN9610-10347] Subject: [PATCH] ANDROID: sdcardfs: Change current->fs under lock
authorJaeHun Jung <jh0801.jung@samsung.com>
Thu, 3 Jan 2019 05:27:49 +0000 (14:27 +0900)
committerhskang <hs1218.kang@samsung.com>
Fri, 4 Jan 2019 03:57:32 +0000 (12:57 +0900)
bug: 111641492

Change-Id: I79e9894f94880048edaf0f7cfa2d180f65cbcf3b
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
fs/sdcardfs/inode.c patch | blob | blame | history

diff --git a/fs/sdcardfs/inode.c b/fs/sdcardfs/inode.c
index 2de5a4dffa22ce71bf5bd406bb4c3927227fc1da..f28db0afa596a3fbeaef16f8e5a724be1cb7b550 100644 (file)
--- a/fs/sdcardfs/inode.c
+++ b/fs/sdcardfs/inode.c
@@ -21,6 +21,7 @@
 #include "sdcardfs.h"
 #include <linux/fs_struct.h>
 #include <linux/ratelimit.h>
+#include <linux/sched/task.h>
 
 /* Do not directly use this function. Use OVERRIDE_CRED() instead. */
 const struct cred *override_fsids(struct sdcardfs_sb_info *sbi,
@@ -95,8 +96,11 @@ static int sdcardfs_create(struct inode *dir, struct dentry *dentry,
                err = -ENOMEM;
                goto out_unlock;
        }
+       copied_fs->umask = 0;
+       task_lock(current);
        current->fs = copied_fs;
-       current->fs->umask = 0;
+       task_unlock(current);
+
        err = vfs_create2(lower_dentry_mnt, d_inode(lower_parent_dentry), lower_dentry, mode, want_excl);
        if (err)
                goto out;
@@ -110,7 +114,9 @@ static int sdcardfs_create(struct inode *dir, struct dentry *dentry,
        fixup_lower_ownership(dentry, dentry->d_name.name);
 
 out:
+       task_lock(current);
        current->fs = saved_fs;
+       task_unlock(current);
        free_fs_struct(copied_fs);
 out_unlock:
        unlock_dir(lower_parent_dentry);
@@ -316,8 +322,11 @@ static int sdcardfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode
                unlock_dir(lower_parent_dentry);
                goto out_unlock;
        }
+       copied_fs->umask = 0;
+       task_lock(current);
        current->fs = copied_fs;
-       current->fs->umask = 0;
+       task_unlock(current);
+
        err = vfs_mkdir2(lower_mnt, d_inode(lower_parent_dentry), lower_dentry, mode);
 
        if (err) {
@@ -377,7 +386,10 @@ static int sdcardfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode
                }
        }
 out:
+       task_lock(current);
        current->fs = saved_fs;
+       task_unlock(current);
+
        free_fs_struct(copied_fs);
 out_unlock:
        sdcardfs_put_lower_path(dentry, &lower_path);