commit 06a6bcccd8aa5feb3e59333df9a2e00d9e469029
author Saied Kazemi <saied@google.com> Fri Jan 15 03:43:28 2021 +0000
committer Saied Kazemi <saied@google.com> Fri Jan 15 17:57:19 2021 +0000
tree d0fe64349bc4008c354279415cd923476e11f4af
parent 0b7bc28891ead509bf5c8b6909b39cb8b7422db2

Revert "mm: check that mm is still valid in madvise()"

This reverts commit 4ba52630fceea53254630ac23798c4f1891041cf.

Reason for revert: <CVE-2020-29372 doest not affect kernel 5.4>

Change-Id: I82161fafcdec4363503a9dc016ae9a7c0ada947f
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/10663
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Tested-by: Saied Kazemi <saied@google.com>

mm/madvise.c

diff --git a/mm/madvise.c b/mm/madvise.c
index 23ab41d..1107e99 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -27,7 +27,6 @@
 #include <linux/swapops.h>
 #include <linux/shmem_fs.h>
 #include <linux/mmu_notifier.h>
-#include <linux/sched/mm.h>
 
 #include <asm/tlb.h>
 
@@ -1091,23 +1090,6 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
 	if (write) {
 		if (down_write_killable(&current->mm->mmap_sem))
 			return -EINTR;
-
-		/*
-		 * We may have stolen the mm from another process
-		 * that is undergoing core dumping.
-		 *
-		 * Right now that's io_ring, in the future it may
-		 * be remote process management and not "current"
-		 * at all.
-		 *
-		 * We need to fix core dumping to not do this,
-		 * but for now we have the mmget_still_valid()
-		 * model.
-		 */
-		if (!mmget_still_valid(current->mm)) {
-			up_write(&current->mm->mmap_sem);
-			return -EINTR;
-		}
 	} else {
 		down_read(&current->mm->mmap_sem);
 	}