)]}'
{
  "commit": "4e1599789c3a2e4f181c99748e4499442fbc3f86",
  "tree": "3b642a60289c3ec6e578dc0da45b8a5cf7aec369",
  "parents": [
    "52145a8e2c70423454f4894dcf8c80f47191478b"
  ],
  "author": {
    "name": "Linus Torvalds",
    "email": "torvalds@linux-foundation.org",
    "time": "Fri Apr 24 11:10:58 2020 -0700"
  },
  "committer": {
    "name": "Saied Kazemi",
    "email": "saied@google.com",
    "time": "Thu Jan 14 17:07:11 2021 +0000"
  },
  "message": "mm: check that mm is still valid in madvise()\n\nIORING_OP_MADVISE can end up basically doing mprotect() on the VM of\nanother process, which means that it can race with our crazy core dump\nhandling which accesses the VM state without holding the mmap_sem\n(because it incorrectly thinks that it is the final user).\n\nThis is clearly a core dumping problem, but we\u0027ve never fixed it the\nright way, and instead have the notion of \"check that the mm is still\nok\" using mmget_still_valid() after getting the mmap_sem for writing in\nany situation where we\u0027re not the original VM thread.\n\nSee commit 04f5866e41fb (\"coredump: fix race condition between\nmmget_not_zero()/get_task_mm() and core dumping\") for more background on\nthis whole mmget_still_valid() thing.  You might want to have a barf bag\nhandy when you do.\n\nWe\u0027re discussing just fixing this properly in the only remaining core\ndumping routines.  But even if we do that, let\u0027s make do_madvise() do\nthe right thing, and then when we fix core dumping, we can remove all\nthese mmget_still_valid() checks.\n\nBUG\u003db/174737951\nTEST\u003dpresubmit\n     master               sponge2/3596b1fc-fff5-4278-9641-40a89e0e5db0\n     main-R81-12871.B.    sponge2/c6d1c2f1-4049-49e6-b74e-45cc92e6461a\n     release-R81-12871.B. sponge2/58aaf875-6ee4-40b8-bd41-4453ce420a77\nSOURCE\u003dUPSTREAM(bc0c4d1e176eeb614dc8734fc3ace34292771f11)\nRELEASE_NOTE\u003dFixed CVE-2020-29372 in the Linux kernel.\n\ncos-patch: lts-refresh\nReported-and-tested-by: Jann Horn \u003cjannh@google.com\u003e\nFixes: c1ca757bd6f4 (\"io_uring: add IORING_OP_MADVISE\")\nAcked-by: Jens Axboe \u003caxboe@kernel.dk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n(cherry picked from commit bc0c4d1e176eeb614dc8734fc3ace34292771f11)\nSigned-off-by: Saied Kazemi \u003csaied@google.com\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/10521\nReviewed-by: Robert Kolchmeyer \u003crkolchmeyer@google.com\u003e\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\n(cherry picked from commit 4ba52630fceea53254630ac23798c4f1891041cf)\nSigned-off-by: Saied Kazemi \u003csaied@google.com\u003e\nChange-Id: I87364fbc4b722864676b7c41fe550c6caebabb8a\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/10600\nReviewed-by: Vaibhav Rustagi \u003cvaibhavrustagi@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "899b19e38aeeacf0f4ac908e182887aa1915d324",
      "old_mode": 33188,
      "old_path": "mm/madvise.c",
      "new_id": "08c9280d317871a0f0ce2c4dca75576266e4f834",
      "new_mode": 33188,
      "new_path": "mm/madvise.c"
    }
  ]
}