--- zzzz-none-000/linux-2.4.17/mm/shmem.c	2001-12-21 17:42:05.000000000 +0000
+++ sangam-fb-322/linux-2.4.17/mm/shmem.c	2004-11-24 13:22:33.000000000 +0000
@@ -657,6 +657,7 @@
 		return -EACCES;
 	UPDATE_ATIME(inode);
 	vma->vm_ops = ops;
+	vma->vm_flags &= ~VM_IO;
 	return 0;
 }
 
@@ -752,6 +753,11 @@
 	long		status;
 	int		err;
 
+	if ((ssize_t) count < 0)
+		return -EINVAL;
+
+	if (!access_ok(VERIFY_READ, buf, count))
+		return -EFAULT;
 
 	down(&inode->i_sem);