From: Hugh Dickins Date: Mon, 17 Apr 2006 21:46:32 +0000 (+0100) Subject: [PATCH] Fix MADV_REMOVE protection checking X-Git-Tag: v2.6.17-rc2~18 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69cf0fac6052c5bd3fb3469a41d4216e926028f8;p=linux-2.6 [PATCH] Fix MADV_REMOVE protection checking madvise_remove needs to respect file and mmap protections. Signed-off-by: Hugh Dickins [ Will the real CVE-2006-1524 stand up, please.. ] Signed-off-by: Linus Torvalds --- diff --git a/mm/madvise.c b/mm/madvise.c index af3d573b01..4e196155a0 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -168,6 +168,9 @@ static long madvise_remove(struct vm_area_struct *vma, return -EINVAL; } + if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE)) + return -EACCES; + mapping = vma->vm_file->f_mapping; offset = (loff_t)(start - vma->vm_start)