From f34702b76ec5c872d9cc0c628e3b60a93e799e1a Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Tue, 6 Oct 2020 18:13:15 +0000
Subject: [PATCH] Don't permit DRM buffer mappings to be upgraded to
 executable.

Reviewed by:	kib
MFC after:	1 month
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D26697
---
 sys/dev/drm2/drm_bufs.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/sys/dev/drm2/drm_bufs.c b/sys/dev/drm2/drm_bufs.c
index 483ee55e06d..9648acebea4 100644
--- a/sys/dev/drm2/drm_bufs.c
+++ b/sys/dev/drm2/drm_bufs.c
@@ -1635,14 +1635,12 @@ int drm_mapbufs(struct drm_device *dev, void *data,
 				goto done;
 			}
 			retcode = vm_mmap(&vms->vm_map, &virtual, map->size,
-			    VM_PROT_READ | VM_PROT_WRITE, VM_PROT_ALL,
-			    MAP_SHARED | MAP_NOSYNC, OBJT_DEVICE,
-			    file_priv->minor->device, token);
+			    VM_PROT_RW, VM_PROT_RW, MAP_SHARED | MAP_NOSYNC,
+			    OBJT_DEVICE, file_priv->minor->device, token);
 		} else {
 			retcode = vm_mmap(&vms->vm_map, &virtual, dma->byte_count,
-			    VM_PROT_READ | VM_PROT_WRITE, VM_PROT_ALL,
-			    MAP_SHARED | MAP_NOSYNC, OBJT_DEVICE,
-			    file_priv->minor->device, 0);
+			    VM_PROT_RW, VM_PROT_RW, MAP_SHARED | MAP_NOSYNC,
+			    OBJT_DEVICE, file_priv->minor->device, 0);
 		}
 		if (retcode) {
 			/* Real error */