)]}'
{
  "commit": "3c5fd9c77d609b51c0bab682c9d40cbb496ec6f1",
  "tree": "72f8be799a5629458aca1da877d7616d928fa00d",
  "parents": [
    "8fc543c8f004fc9dfe0a262dc452dfe2eca4589b"
  ],
  "author": {
    "name": "David Miller",
    "email": "davem@davemloft.net",
    "time": "Tue Nov 06 21:13:56 2007 -0800"
  },
  "committer": {
    "name": "Linus Torvalds",
    "email": "torvalds@woody.linux-foundation.org",
    "time": "Fri Nov 09 16:13:08 2007 -0800"
  },
  "message": "[FUTEX] Fix address computation in compat code.\n\ncompat_exit_robust_list() computes a pointer to the\nfutex entry in userspace as follows:\n\n\t(void __user *)entry + futex_offset\n\n\u0027entry\u0027 is a \u0027struct robust_list __user *\u0027, and\n\u0027futex_offset\u0027 is a \u0027compat_long_t\u0027 (typically a \u0027s32\u0027).\n\nThings explode if the 32-bit sign bit is set in futex_offset.\n\nType promotion sign extends futex_offset to a 64-bit value before\nadding it to \u0027entry\u0027.\n\nThis triggered a problem on sparc64 running 32-bit applications which\nwould lock up a cpu looping forever in the fault handling for the\nuserspace load in handle_futex_death().\n\nCompat userspace runs with address masking (wherein the cpu zeros out\nthe top 32-bits of every effective address given to a memory operation\ninstruction) so the sparc64 fault handler accounts for this by\nzero\u0027ing out the top 32-bits of the fault address too.\n\nSince the kernel properly uses the compat_uptr interfaces, kernel side\naccesses to compat userspace work too since they will only use\naddresses with the top 32-bit clear.\n\nBecause of this compat futex layer bug we get into the following loop\nwhen executing the get_user() load near the top of handle_futex_death():\n\n1) load from address \u00270xfffffffff7f16bd8\u0027, FAULT\n2) fault handler clears upper 32-bits, processes fault\n   for address \u00270xf7f16bd8\u0027 which succeeds\n3) goto #1\n\nI want to thank Bernd Zeimetz, Josip Rodin, and Fabio Massimo Di Nitto\nfor their tireless efforts helping me track down this bug.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "00b572666cc76178d81979f512dc9e3078b08fda",
      "old_mode": 33188,
      "old_path": "kernel/futex_compat.c",
      "new_id": "0a43def6fee7de877f43bdd0d7276efc05b8a48e",
      "new_mode": 33188,
      "new_path": "kernel/futex_compat.c"
    }
  ]
}