video: tegra: nvmap: Don't allow executable mapping

Don't allow executable mapping during mmap on the fd corresponding to memory buffer to prevent security risks of code injection and execution in kernel space. JIRA TMM-5962 Change-Id: I3d756afdd1b51c8d651230f1a634ef0909d17cc7 Signed-off-by: Ketan Patil <ketanp@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3298639 Reviewed-by: Ajay Nandakumar Mannargudi <anandakumarm@nvidia.com> GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com> Reviewed-by: Pritesh Raithatha <praithatha@nvidia.com> Reviewed-by: Sachin Nikam <snikam@nvidia.com>
2025-12-22 17:25:35 +03:00 · 2025-02-07 13:31:33 +00:00
parent 63a1d3e6e0
commit afd5300c2b
1 changed files with 9 additions and 0 deletions
--- a/drivers/video/tegra/nvmap/nvmap_dmabuf.c
+++ b/drivers/video/tegra/nvmap/nvmap_dmabuf.c
@@ -376,6 +376,15 @@ static int __nvmap_map(struct nvmap_handle *h, struct vm_area_struct *vma)
 		return -EPERM;
 	}

+	/*
+	 * Don't allow executable mappings.
+	 */
+	if (vma->vm_flags & VM_EXEC) {
+		pr_err("executable mappings not allowed\n");
+		nvmap_handle_put(h);
+		return -EPERM;
+	}
+
 	/*
 	 * If the handle is RO and RW mapping is requested, then
 	 * return error.