Tadeusz Struk
unread,Sep 13, 2022, 2:11:33 PM9/13/22Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to syzbot+e9053c...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test:
https://android.googlesource.com/kernel/common android12-5.10-lts
diff --git a/fs/incfs/vfs.c b/fs/incfs/vfs.c
index 776640451f6f..b46e11963c72 100644
--- a/fs/incfs/vfs.c
+++ b/fs/incfs/vfs.c
@@ -1600,6 +1600,10 @@ static int incfs_setattr(struct dentry *dentry, struct iattr *ia)
backing_inode = d_inode(backing_dentry);
+ if ((ia->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) &&
+ (ia->ia_valid & ATTR_MODE))
+ return -EINVAL;
+
/* incfs files are readonly, but the backing files must be writeable */
if (S_ISREG(backing_inode->i_mode)) {
if ((ia->ia_valid & ATTR_MODE) && (ia->ia_mode & 0222))
--
2.37.3