[PATCH] fix MADV_REMOVE vulnerability (CVE-2006-1524 for real this time)

madvise_remove needs to respect file and mmap protections. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

[PATCH] fix MADV_REMOVE vulnerability (CVE-2006-1524 for real this time)
madvise_remove needs to respect file and mmap protections. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
00ec474c · Hugh Dickins · Greg Kroah-Hartman · 37863c8a · 00ec474c
Commit 00ec474c authored Apr 17, 2006 by Hugh Dickins Committed by Greg Kroah-Hartman Apr 17, 2006
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

mm/madvise.c mm/madvise.c +3 -0

No files found.
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_area_struct *vma,
 			return -EINVAL;
 	}

+	if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
+		return -EACCES;
+
 	mapping = vma->vm_file->f_mapping;

 	offset = (loff_t)(start - vma->vm_start)