From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Tue, 18 Apr 2006 04:18:15 +0000 (-0700)
Subject: 2.6.16.7
X-Git-Tag: v2.6.16.7^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f055ca823692ec4bf70b7e6a4ef838afa04ff15;p=thirdparty%2Fkernel%2Fstable-queue.git

2.6.16.7
---

diff --git a/2.6.16.7/fix-madv_remove-vulnerability.patch b/2.6.16.7/fix-madv_remove-vulnerability.patch
new file mode 100644
index 00000000000..036f5389d82
--- /dev/null
+++ b/2.6.16.7/fix-madv_remove-vulnerability.patch
@@ -0,0 +1,28 @@
+From hugh_dickins@symantec.com Mon Apr 17 14:46:50 2006
+Date: Mon, 17 Apr 2006 22:46:32 +0100 (BST)
+From: Hugh Dickins <hugh@veritas.com>
+To: Greg KH <gregkh@suse.de>
+Cc: Chris Wright <chrisw@sous-sol.org>,
+	Andrew Morton <akpm@osdl.org>, Linus Torvalds <torvalds@osdl.org>,
+	Badari Pulavarty <pbadari@us.ibm.com>
+Subject: fix MADV_REMOVE vulnerability (CVE-2006-1524 for real this time)
+Message-ID: <Pine.LNX.4.64.0604172231590.17141@blonde.wat.veritas.com>
+
+madvise_remove needs to respect file and mmap protections.
+
+Signed-off-by: Hugh Dickins <hugh@veritas.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- 2.6.17-rc1/mm/madvise.c	2006-03-20 05:53:29.000000000 +0000
++++ linux/mm/madvise.c	2006-04-11 16:11:52.000000000 +0100
+@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_are
+ 			return -EINVAL;
+ 	}
+ 
++	if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
++		return -EACCES;
++
+ 	mapping = vma->vm_file->f_mapping;
+ 
+ 	offset = (loff_t)(start - vma->vm_start)
+