commit 56f0dbc94bc2bec4691600346f9dfd98bf89d820
author Saied Kazemi <saied@google.com> Fri Jan 15 03:25:50 2021 +0000
committer Saied Kazemi <saied@google.com> Fri Jan 15 17:57:32 2021 +0000
tree b27b4b3bd5b43342e2fea1eceb2272e7ac1824eb
parent 4e1599789c3a2e4f181c99748e4499442fbc3f86

Revert "mm: check that mm is still valid in madvise()"

This reverts commit 4e1599789c3a2e4f181c99748e4499442fbc3f86.

Reason for revert: <CVE-2020-29372 does not affect kernel 4.19>

Change-Id: Ia81cebd0d6358af6e6dba9b1587ec6a3f9b0e7a3
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/10661
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Tested-by: Saied Kazemi <saied@google.com>
Main-Branch-Verified: Saied Kazemi <saied@google.com>

mm/madvise.c

diff --git a/mm/madvise.c b/mm/madvise.c
index 08c9280..899b19e 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -24,7 +24,6 @@
 #include <linux/swapops.h>
 #include <linux/shmem_fs.h>
 #include <linux/mmu_notifier.h>
-#include <linux/sched/mm.h>
 
 #include <asm/tlb.h>
 
@@ -837,23 +836,6 @@
 	if (write) {
 		if (down_write_killable(&current->mm->mmap_sem))
 			return -EINTR;
-
-		/*
-		 * We may have stolen the mm from another process
-		 * that is undergoing core dumping.
-		 *
-		 * Right now that's io_ring, in the future it may
-		 * be remote process management and not "current"
-		 * at all.
-		 *
-		 * We need to fix core dumping to not do this,
-		 * but for now we have the mmget_still_valid()
-		 * model.
-		 */
-		if (!mmget_still_valid(current->mm)) {
-			up_write(&current->mm->mmap_sem);
-			return -EINTR;
-		}
 	} else {
 		down_read(&current->mm->mmap_sem);
 	}