)]}'
{
  "commit": "ef933e87785f42868980f0e3af91fec313612868",
  "tree": "193281e22bb24b7cde3dbfcbb5172570968b9340",
  "parents": [
    "79bcf325e6b32b3c776582fd7aa31ad2a4cb1fed"
  ],
  "author": {
    "name": "Stephen Smalley",
    "email": "sds@tycho.nsa.gov",
    "time": "Tue Feb 28 09:35:08 2017 -0500"
  },
  "committer": {
    "name": "James Morris",
    "email": "james.l.morris@oracle.com",
    "time": "Wed Mar 01 13:11:17 2017 +1100"
  },
  "message": "selinux: fix kernel BUG on prlimit(..., NULL, NULL)\n\ncommit 79bcf325e6b32b3c (\"prlimit,security,selinux: add a security hook\nfor prlimit\") introduced a security hook for prlimit() and implemented it\nfor SELinux.  However, if prlimit() is called with NULL arguments for both\nthe new limit and the old limit, then the hook is called with 0 for the\nread/write flags, since the prlimit() will neither read nor write the\nprocess\u0027 limits.  This would in turn lead to calling avc_has_perm() with 0\nfor the requested permissions, which triggers a BUG_ON() in\navc_has_perm_noaudit() since the kernel should never be invoking\navc_has_perm() with no permissions.  Fix this in the SELinux hook by\nreturning immediately if the flags are 0.  Arguably prlimit64() itself\nought to return immediately if both old_rlim and new_rlim are NULL since\nit is effectively a no-op in that case.\n\nReported by the lkp-robot based on trinity testing.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "4a80bd885f1a7ba336466cd1ce62ec6c2f615d01",
      "old_mode": 33188,
      "old_path": "security/selinux/hooks.c",
      "new_id": "af1ff15b3725f0acdb34dc439c292282fb442dc1",
      "new_mode": 33188,
      "new_path": "security/selinux/hooks.c"
    }
  ]
}