Fix mprotect() to do proper PROT_xxx -> VM_xxx translation.

This also fixes the bug with MAP_SEM being potentially interpreted as VM_SHARED.

Fix mprotect() to do proper PROT_xxx -> VM_xxx translation.
This also fixes the bug with MAP_SEM being potentially interpreted as VM_SHARED.
3377ea43 · Linus Torvalds · d04668a7 · 3377ea43
Commit 3377ea43 authored Sep 04, 2003 by Linus Torvalds
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

mm/mprotect.c mm/mprotect.c +5 -2

No files found.
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -224,7 +224,7 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
 asmlinkage long
 sys_mprotect(unsigned long start, size_t len, unsigned long prot)
 {
-	unsigned long nstart, end, tmp;
+	unsigned long vm_flags, nstart, end, tmp;
 	struct vm_area_struct * vma, * next, * prev;
 	int error = -EINVAL;

@@ -239,6 +239,8 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot)
 	if (end == start)
 		return 0;

+	vm_flags = calc_vm_prot_bits(prot);
+
 	down_write(&current->mm->mmap_sem);

 	vma = find_vma_prev(current->mm, start, &prev);
@@ -257,7 +259,8 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot)
 			goto out;
 		}

-		newflags = prot | (vma->vm_flags & ~(PROT_READ | PROT_WRITE | PROT_EXEC));
+		newflags = vm_flags | (vma->vm_flags & ~(VM_READ | VM_WRITE | VM_EXEC));
+
 		if ((newflags & ~(newflags >> 4)) & 0xf) {
 			error = -EACCES;
 			goto out;