From 1a6fcc935b99d55ceee53c7ee950d971463479f6 Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Thu, 10 Dec 2020 20:44:05 +0000
Subject: [PATCH] MFC 366494: Don't permit DRM buffer mappings to be upgraded
 to executable.

---
 sys/dev/drm2/drm_bufs.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/sys/dev/drm2/drm_bufs.c b/sys/dev/drm2/drm_bufs.c
index 483ee55e06d..9648acebea4 100644
--- a/sys/dev/drm2/drm_bufs.c
+++ b/sys/dev/drm2/drm_bufs.c
@@ -1635,14 +1635,12 @@ int drm_mapbufs(struct drm_device *dev, void *data,
 				goto done;
 			}
 			retcode = vm_mmap(&vms->vm_map, &virtual, map->size,
-			    VM_PROT_READ | VM_PROT_WRITE, VM_PROT_ALL,
-			    MAP_SHARED | MAP_NOSYNC, OBJT_DEVICE,
-			    file_priv->minor->device, token);
+			    VM_PROT_RW, VM_PROT_RW, MAP_SHARED | MAP_NOSYNC,
+			    OBJT_DEVICE, file_priv->minor->device, token);
 		} else {
 			retcode = vm_mmap(&vms->vm_map, &virtual, dma->byte_count,
-			    VM_PROT_READ | VM_PROT_WRITE, VM_PROT_ALL,
-			    MAP_SHARED | MAP_NOSYNC, OBJT_DEVICE,
-			    file_priv->minor->device, 0);
+			    VM_PROT_RW, VM_PROT_RW, MAP_SHARED | MAP_NOSYNC,
+			    OBJT_DEVICE, file_priv->minor->device, 0);
 		}
 		if (retcode) {
 			/* Real error */
-- 
2.45.0