From a57d56284db385410208dc9f73f22582fb5af0f8 Mon Sep 17 00:00:00 2001
From: Ketan Patil <ketanp@nvidia.com>
Date: Mon, 3 Feb 2025 07:23:03 +0000
Subject: [PATCH] video: tegra: nvmap: Don't allow executable memory

Don't allow executable memory in alloc from VA code path to avoid any
security risks.

JIRA TMM-5962

Change-Id: Id32684a09f4a9a64d8e8774e993d6c1be8aaeaf0
Signed-off-by: Ketan Patil <ketanp@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3295143
Reviewed-by: Sachin Nikam <snikam@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: Pritesh Raithatha <praithatha@nvidia.com>
---
 drivers/video/tegra/nvmap/nvmap_handle.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/video/tegra/nvmap/nvmap_handle.c b/drivers/video/tegra/nvmap/nvmap_handle.c
index a5891c39..f5010ae9 100644
--- a/drivers/video/tegra/nvmap/nvmap_handle.c
+++ b/drivers/video/tegra/nvmap/nvmap_handle.c
@@ -371,6 +371,12 @@ struct nvmap_handle_ref *nvmap_create_handle_from_va(struct nvmap_client *client
 	}
 
 	vm_flags = vma->vm_flags;
+	if ((vm_flags & VM_EXEC) != 0) {
+		pr_err("Executable memory is not allowed\n");
+		nvmap_release_mmap_read_lock(mm);
+		return ERR_PTR(-EINVAL);
+	}
+
 	nvmap_release_mmap_read_lock(mm);
 
 	/*