From 8b17ca643047eb8acc09752731f971411820669e Mon Sep 17 00:00:00 2001
From: Ksawlii <ksawery.blaszczak@proton.me>
Date: Sun, 24 Nov 2024 00:23:07 +0100
Subject: [PATCH] Revert "proc: add config & param to block forcing mem writes"

This reverts commit 72291ae00f4025a61cb7146e43fd1d14c86aa0d7.
---
 .../admin-guide/kernel-parameters.txt         | 10 ---
 fs/proc/base.c                                | 61 +------------------
 security/Kconfig                              | 32 ----------
 3 files changed, 1 insertion(+), 102 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 013d7a511..1b24af2e3 100755
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4163,16 +4163,6 @@
 	printk.time=	Show timing data prefixed to each printk message line
 			Format: <bool>  (1/Y/y=enable, 0/N/n=disable)
 
-	proc_mem.force_override= [KNL]
-			Format: {always | ptrace | never}
-			Traditionally /proc/pid/mem allows memory permissions to be
-			overridden without restrictions. This option may be set to
-			restrict that. Can be one of:
-			- 'always': traditional behavior always allows mem overrides.
-			- 'ptrace': only allow mem overrides for active ptracers.
-			- 'never':  never allow mem overrides.
-			If not specified, default is the CONFIG_PROC_MEM_* choice.
-
 	processor.max_cstate=	[HW,ACPI]
 			Limit processor to maximum C-state
 			max_cstate=9 overrides any DMI blacklist limit.
diff --git a/fs/proc/base.c b/fs/proc/base.c
index cb3313e5a..3d6cce105 100755
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -86,7 +86,6 @@
 #include <linux/elf.h>
 #include <linux/pid_namespace.h>
 #include <linux/user_namespace.h>
-#include <linux/fs_parser.h>
 #include <linux/fs_struct.h>
 #include <linux/slab.h>
 #include <linux/sched/autogroup.h>
@@ -124,40 +123,6 @@
 static u8 nlink_tid __ro_after_init;
 static u8 nlink_tgid __ro_after_init;
 
-enum proc_mem_force {
-	PROC_MEM_FORCE_ALWAYS,
-	PROC_MEM_FORCE_PTRACE,
-	PROC_MEM_FORCE_NEVER
-};
-
-static enum proc_mem_force proc_mem_force_override __ro_after_init =
-	IS_ENABLED(CONFIG_PROC_MEM_NO_FORCE) ? PROC_MEM_FORCE_NEVER :
-	IS_ENABLED(CONFIG_PROC_MEM_FORCE_PTRACE) ? PROC_MEM_FORCE_PTRACE :
-	PROC_MEM_FORCE_ALWAYS;
-
-static const struct constant_table proc_mem_force_table[] __initconst = {
-	{ "always", PROC_MEM_FORCE_ALWAYS },
-	{ "ptrace", PROC_MEM_FORCE_PTRACE },
-	{ "never", PROC_MEM_FORCE_NEVER },
-	{ }
-};
-
-static int __init early_proc_mem_force_override(char *buf)
-{
-	if (!buf)
-		return -EINVAL;
-
-	/*
-	 * lookup_constant() defaults to proc_mem_force_override to preseve
-	 * the initial Kconfig choice in case an invalid param gets passed.
-	 */
-	proc_mem_force_override = lookup_constant(proc_mem_force_table,
-						  buf, proc_mem_force_override);
-
-	return 0;
-}
-early_param("proc_mem.force_override", early_proc_mem_force_override);
-
 struct pid_entry {
 	const char *name;
 	unsigned int len;
@@ -926,28 +891,6 @@ static int mem_open(struct inode *inode, struct file *file)
 	return ret;
 }
 
-static bool proc_mem_foll_force(struct file *file, struct mm_struct *mm)
-{
-	struct task_struct *task;
-	bool ptrace_active = false;
-
-	switch (proc_mem_force_override) {
-	case PROC_MEM_FORCE_NEVER:
-		return false;
-	case PROC_MEM_FORCE_PTRACE:
-		task = get_proc_task(file_inode(file));
-		if (task) {
-			ptrace_active =	READ_ONCE(task->ptrace) &&
-					READ_ONCE(task->mm) == mm &&
-					READ_ONCE(task->parent) == current;
-			put_task_struct(task);
-		}
-		return ptrace_active;
-	default:
-		return true;
-	}
-}
-
 static ssize_t mem_rw(struct file *file, char __user *buf,
 			size_t count, loff_t *ppos, int write)
 {
@@ -968,9 +911,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
 	if (!mmget_not_zero(mm))
 		goto free;
 
-	flags = write ? FOLL_WRITE : 0;
-	if (proc_mem_foll_force(file, mm))
-		flags |= FOLL_FORCE;
+	flags = FOLL_FORCE | (write ? FOLL_WRITE : 0);
 
 	while (count > 0) {
 		size_t this_len = min_t(size_t, count, PAGE_SIZE);
diff --git a/security/Kconfig b/security/Kconfig
index 9be37d2a6..354245dc4 100755
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -19,38 +19,6 @@ config SECURITY_DMESG_RESTRICT
 
 	  If you are unsure how to answer this question, answer N.
 
-choice
-	prompt "Allow /proc/pid/mem access override"
-	default PROC_MEM_ALWAYS_FORCE
-	help
-	  Traditionally /proc/pid/mem allows users to override memory
-	  permissions for users like ptrace, assuming they have ptrace
-	  capability.
-
-	  This allows people to limit that - either never override, or
-	  require actual active ptrace attachment.
-
-	  Defaults to the traditional behavior (for now)
-
-config PROC_MEM_ALWAYS_FORCE
-	bool "Traditional /proc/pid/mem behavior"
-	help
-	  This allows /proc/pid/mem accesses to override memory mapping
-	  permissions if you have ptrace access rights.
-
-config PROC_MEM_FORCE_PTRACE
-	bool "Require active ptrace() use for access override"
-	help
-	  This allows /proc/pid/mem accesses to override memory mapping
-	  permissions for active ptracers like gdb.
-
-config PROC_MEM_NO_FORCE
-	bool "Never"
-	help
-	  Never override memory mapping permissions
-
-endchoice
-
 config SECURITY
 	bool "Enable different security models"
 	depends on SYSFS