msm: kgsl: Remove VM_MAYWRITE flag to restrict mprotect

When VM_MAYWRITE flag is used during mmap(), mprotect() can be used later to change the protection of memstore to allow write. Make sure this does not happen by removing VM_MAYWRITE from the vm_flags of vma. Change-Id: I6f69f05858ea40611d512cfa796caabeaa88cdb5 Signed-off-by: Indira Biruduraju <[email protected]> CVE-2020-11282 Signed-off-by: Kevin F. Haggerty <[email protected]>
ubports · Mar 5, 2021 · 97a0389 · 97a0389
1 parent c4b1697
commit 97a0389
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/drivers/gpu/msm/kgsl.c b/drivers/gpu/msm/kgsl.c
@@ -3897,6 +3897,8 @@ kgsl_mmap_memstore(struct kgsl_device *device, struct vm_area_struct *vma)
 	if (vma->vm_flags & VM_WRITE)
 		return -EPERM;
 
+	vma->vm_flags &= ~VM_MAYWRITE;
+
 	if (memdesc->size  !=  vma_size) {
 		KGSL_MEM_ERR(device, "memstore bad size: %d should be %d\n",
 			     vma_size, memdesc->size);