summaryrefslogtreecommitdiffstats
path: root/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch41
1 files changed, 41 insertions, 0 deletions
diff --git a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
new file mode 100644
index 000000000..f02392f10
--- /dev/null
+++ b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
@@ -0,0 +1,41 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Fri, 03 Jun 2016 00:48:39 +0100
+Subject: mtd: Disable slram and phram when locked down
+Forwarded: no
+
+The slram and phram drivers both allow mapping regions of physical
+address space such that they can then be read and written by userland
+through the MTD interface. This is probably usable to manipulate
+hardware into overwriting kernel code on many systems. Prevent that
+if locked down.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+Index: linux/drivers/mtd/devices/phram.c
+===================================================================
+--- linux.orig/drivers/mtd/devices/phram.c
++++ linux/drivers/mtd/devices/phram.c
+@@ -219,6 +219,9 @@ static int phram_setup(const char *val)
+ uint64_t len;
+ int i, ret;
+
++ if (kernel_is_locked_down("Command line-specified device addresses"))
++ return -EPERM;
++
+ if (strnlen(val, sizeof(buf)) >= sizeof(buf))
+ parse_err("parameter too long\n");
+
+Index: linux/drivers/mtd/devices/slram.c
+===================================================================
+--- linux.orig/drivers/mtd/devices/slram.c
++++ linux/drivers/mtd/devices/slram.c
+@@ -226,6 +226,9 @@ static int parse_cmdline(char *devname,
+ unsigned long devstart;
+ unsigned long devlength;
+
++ if (kernel_is_locked_down("Command line-specified device addresses"))
++ return -EPERM;
++
+ if ((!devname) || (!szstart) || (!szlength)) {
+ unregister_devices();
+ return(-EINVAL);