Kees Cook <keescook@xxxxxxxxxxxx> writes:
> On Tue, Mar 08, 2022 at 01:35:03PM -0600, Eric W. Biederman wrote:
>>
>> Kees,
>>
>> Please pull the coredump-vma-snapshot-fix branch from the git tree:
>>
>> git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix
>>
>> HEAD: 390031c942116d4733310f0684beb8db19885fe6 coredump: Use the vma snapshot in fill_files_note
>>
>> Matthew Wilcox has reported that a missing mmap_lock in file_files_note,
>> which could cause trouble.
>>
>> Refactor the code and clean it up so that the vma snapshot makes
>> it to fill_files_note, and then use the vma snapshot in fill_files_note.
>>
>> Eric W. Biederman (5):
>> coredump: Move definition of struct coredump_params into coredump.h
>> coredump: Snapshot the vmas in do_coredump
>> coredump: Remove the WARN_ON in dump_vma_snapshot
>> coredump/elf: Pass coredump_params into fill_note_info
>> coredump: Use the vma snapshot in fill_files_note
>>
>> fs/binfmt_elf.c | 66 ++++++++++++++++++++++--------------------------
>> fs/binfmt_elf_fdpic.c | 18 +++++--------
>> fs/binfmt_flat.c | 1 +
>> fs/coredump.c | 59 ++++++++++++++++++++++++++++---------------
>> include/linux/binfmts.h | 13 +---------
>> include/linux/coredump.h | 20 ++++++++++++---
>> 6 files changed, 93 insertions(+), 84 deletions(-)
>>
>> ---
>>
>> Kees I realized I needed to rebase this on Jann Horn's commit
>> 84158b7f6a06 ("coredump: Also dump first pages of non-executable ELF
>> libraries"). Unfortunately before I got that done I got distracted and
>> these changes have been sitting in limbo for most of the development
>> cycle. Since you are running a tree that is including changes like this
>> including Jann's can you please pull these changes into your tree.
>
> Sure! Can you make a signed tag for this pull?
Not yet.
Hopefully I will get the time to set that up soon, but I am not at all
setup to do signed tags at this point.
> If it helps, my workflow look like this, though I assume there might be
> better ways. (tl;dr: "git tag -s TAG BRANCH")
>
>
> PULL_BRANCH=name-of-branch
> BASE=sha-of-base
> FOR=someone
> TOPIC=topic-name
>
> TAG="for-$FOR/$TOPIC"
> SIGNED=~/.pull-request-signed-"$TAG"
> echo "$TOPIC update" > "$SIGNED"
> git request-pull "$BASE" git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git "$PULL_BRANCH" | awk '{print "# " $0}' >> "$SIGNED"
> vi "$SIGNED"
>
> git tag -sF "$SIGNED" "$TAG" "$PULL_BRANCH"
> git push origin "$PULL_BRANCH"
> git push origin +"$TAG"
Thanks. That looks like a good place to start.
Eric
