diff options
author | Hugh Dickins <hugh@veritas.com> | 2006-04-17 22:46:32 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-04-17 18:22:18 -0700 |
commit | 69cf0fac6052c5bd3fb3469a41d4216e926028f8 (patch) | |
tree | f403d0731549835fbf406fa4cd0910d9aec1d953 | |
parent | e14d95f773b7365b6ba2d2105522c92b007c6db1 (diff) | |
download | op-kernel-dev-69cf0fac6052c5bd3fb3469a41d4216e926028f8.zip op-kernel-dev-69cf0fac6052c5bd3fb3469a41d4216e926028f8.tar.gz |
[PATCH] Fix MADV_REMOVE protection checking
madvise_remove needs to respect file and mmap protections.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
[ Will the real CVE-2006-1524 stand up, please.. ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | mm/madvise.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/mm/madvise.c b/mm/madvise.c index af3d573..4e19615 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -168,6 +168,9 @@ static long madvise_remove(struct vm_area_struct *vma, return -EINVAL; } + if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE)) + return -EACCES; + mapping = vma->vm_file->f_mapping; offset = (loff_t)(start - vma->vm_start) |