Google Git
Sign in
gem5/arm/linux/69cf0fac6052c5bd3fb3469a41d4216e926028f8^!/.
commit
69cf0fac6052c5bd3fb3469a41d4216e926028f8
[log]
author
Hugh Dickins <hugh@veritas.com>
Mon Apr 17 22:46:32 2006 +0100
committer
Linus Torvalds <torvalds@g5.osdl.org>
Mon Apr 17 18:22:18 2006 -0700
tree
f403d0731549835fbf406fa4cd0910d9aec1d953
parent
e14d95f773b7365b6ba2d2105522c92b007c6db1 [diff]
[PATCH] Fix MADV_REMOVE protection checking

madvise_remove needs to respect file and mmap protections.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
[ Will the real CVE-2006-1524 stand up, please.. ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/mm/madvise.c b/mm/madvise.c
index af3d573..4e19615 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c

@@ -168,6 +168,9 @@
 			return -EINVAL;
 	}
 
+	if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
+		return -EACCES;
+
 	mapping = vma->vm_file->f_mapping;
 
 	offset = (loff_t)(start - vma->vm_start)