Kees Cook <keescook@xxxxxxxxxxxx> writes: > On Tue, Mar 08, 2022 at 01:35:03PM -0600, Eric W. Biederman wrote: >> >> Kees, >> >> Please pull the coredump-vma-snapshot-fix branch from the git tree: >> >> git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix >> >> HEAD: 390031c942116d4733310f0684beb8db19885fe6 coredump: Use the vma snapshot in fill_files_note >> >> Matthew Wilcox has reported that a missing mmap_lock in file_files_note, >> which could cause trouble. >> >> Refactor the code and clean it up so that the vma snapshot makes >> it to fill_files_note, and then use the vma snapshot in fill_files_note. >> >> Eric W. Biederman (5): >> coredump: Move definition of struct coredump_params into coredump.h >> coredump: Snapshot the vmas in do_coredump >> coredump: Remove the WARN_ON in dump_vma_snapshot >> coredump/elf: Pass coredump_params into fill_note_info >> coredump: Use the vma snapshot in fill_files_note >> >> fs/binfmt_elf.c | 66 ++++++++++++++++++++++-------------------------- >> fs/binfmt_elf_fdpic.c | 18 +++++-------- >> fs/binfmt_flat.c | 1 + >> fs/coredump.c | 59 ++++++++++++++++++++++++++++--------------- >> include/linux/binfmts.h | 13 +--------- >> include/linux/coredump.h | 20 ++++++++++++--- >> 6 files changed, 93 insertions(+), 84 deletions(-) >> >> --- >> >> Kees I realized I needed to rebase this on Jann Horn's commit >> 84158b7f6a06 ("coredump: Also dump first pages of non-executable ELF >> libraries"). Unfortunately before I got that done I got distracted and >> these changes have been sitting in limbo for most of the development >> cycle. Since you are running a tree that is including changes like this >> including Jann's can you please pull these changes into your tree. > > Sure! Can you make a signed tag for this pull? Not yet. Hopefully I will get the time to set that up soon, but I am not at all setup to do signed tags at this point. > If it helps, my workflow look like this, though I assume there might be > better ways. (tl;dr: "git tag -s TAG BRANCH") > > > PULL_BRANCH=name-of-branch > BASE=sha-of-base > FOR=someone > TOPIC=topic-name > > TAG="for-$FOR/$TOPIC" > SIGNED=~/.pull-request-signed-"$TAG" > echo "$TOPIC update" > "$SIGNED" > git request-pull "$BASE" git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git "$PULL_BRANCH" | awk '{print "# " $0}' >> "$SIGNED" > vi "$SIGNED" > > git tag -sF "$SIGNED" "$TAG" "$PULL_BRANCH" > git push origin "$PULL_BRANCH" > git push origin +"$TAG" Thanks. That looks like a good place to start. Eric