[SRU][Xenial][PATCH] Revert "mm: check that mm is still valid in madvise()"

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Mon Feb 1 21:45:18 UTC 2021 

On Mon, Feb 01, 2021 at 03:17:43PM -0600, Ian May wrote:
> BugLink: https://bugs.launchpad.net/bugs/1913853
> 

>From the CVE perspective, we were rather being cautious by applying this fix.
As io_uring is not present in 4.4 kernels, this can be safely reverted.

Note that this should be UBUNTU: SAUCE:, as an indication that this was not
reverted upstream.

Acked-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>

> This reverts commit d8f6fb767b2fed2e0ca85d85acfa9a0669e34f48.
> 
> Several users have reported system hangs.
> 
> A deadlock was also confirmed with autotest ubuntu_stress_smoke_test.
> 
> Call Trace:
>   schedule
>   rwsem_down_read_failed
>   call_rwsem_down_read_failed
>   down_read
>   SyS_madvise
>   __do_page_fault
>   trace_do_page_fault
>   entry_SYSCALL_64_fastpath
> 
> Removing this patch resolves autotest deadlock
> 
> Signed-off-by: Ian May <ian.may at canonical.com>
> ---
>  mm/madvise.c | 18 ------------------
>  1 file changed, 18 deletions(-)
> 
> diff --git a/mm/madvise.c b/mm/madvise.c
> index cf2b217a647a..f548c66154ee 100644
> --- a/mm/madvise.c
> +++ b/mm/madvise.c
> @@ -20,7 +20,6 @@
>  #include <linux/backing-dev.h>
>  #include <linux/swap.h>
>  #include <linux/swapops.h>
> -#include <linux/sched.h>
>  
>  /*
>   * Any behaviour which results in changes to the vma->vm_flags needs to
> @@ -492,23 +491,6 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
>  	write = madvise_need_mmap_write(behavior);
>  	if (write)
>  		down_write(&current->mm->mmap_sem);
> -
> -		/*
> -		 * We may have stolen the mm from another process
> -		 * that is undergoing core dumping.
> -		 *
> -		 * Right now that's io_ring, in the future it may
> -		 * be remote process management and not "current"
> -		 * at all.
> -		 *
> -		 * We need to fix core dumping to not do this,
> -		 * but for now we have the mmget_still_valid()
> -		 * model.
> -		 */
> -		if (!mmget_still_valid(current->mm)) {
> -			up_write(&current->mm->mmap_sem);
> -			return -EINTR;
> -		}
>  	else
>  		down_read(&current->mm->mmap_sem);
>  
> -- 
> 2.25.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list