)]}'
{
  "commit": "27178190dd7ca99d3b64ee6d46e33bea5f80e4cb",
  "tree": "2c3e21c4000939ad117be103f1c16226461ba161",
  "parents": [
    "cafc2613f8a65b5fe464e0fc70f41985b589e087"
  ],
  "author": {
    "name": "Barret Rhoden",
    "email": "brho@cs.berkeley.edu",
    "time": "Fri Mar 01 19:43:19 2019 -0500"
  },
  "committer": {
    "name": "Barret Rhoden",
    "email": "brho@cs.berkeley.edu",
    "time": "Fri Mar 01 19:50:19 2019 -0500"
  },
  "message": "Check safety of user pointer syscall arguments\n\nMost arguments, such as a path name, are copied into the kernel.\nBuffers used in read() and write() are passed deeper into the kernel\nas-is.  Later on, the devices are supposed to check the pointers, often\ndoing a safe operation such as copy_from_user().\n\nfs_file_write() was doing that, however the assertion at the end of the\nloop was failing.  If buf + count wrapped around, we\u0027d skip the loop\nentirely and trigger a panic.\n\nFor safety\u0027s sake, we ought to just check the range early on.  The\nis_user_r{,w}addr() checks can handle wraparound as well as making sure\nthe region is safe.\n\nThere were a few other syscalls that didn\u0027t have checks or didn\u0027t have\nerrstrs for the message.  This commit fixes them all.\n\nReported-by: syzbot+7a8e2903ce1233ffcd3d@syzkaller.appspotmail.com\nSigned-off-by: Barret Rhoden \u003cbrho@cs.berkeley.edu\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "394dbf7c5cf1d9822d18a4d7cdcc908cb746bb0b",
      "old_mode": 33188,
      "old_path": "kern/src/ns/fs_file.c",
      "new_id": "2605055b84d67de1ec6eb75ac75a7150360527db",
      "new_mode": 33188,
      "new_path": "kern/src/ns/fs_file.c"
    },
    {
      "type": "modify",
      "old_id": "b75dc660bb8e7838773c39b71b965fc992d2b802",
      "old_mode": 33188,
      "old_path": "kern/src/syscall.c",
      "new_id": "1b9161a3bf7de39b2925559f0125cdabbddf7155",
      "new_mode": 33188,
      "new_path": "kern/src/syscall.c"
    }
  ]
}