summaryrefslogtreecommitdiffstats
path: root/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
blob: f02392f108e5a9ef8813ab85bc0dfe0db2eed8ca (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 03 Jun 2016 00:48:39 +0100
Subject: mtd: Disable slram and phram when locked down
Forwarded: no

The slram and phram drivers both allow mapping regions of physical
address space such that they can then be read and written by userland
through the MTD interface.  This is probably usable to manipulate
hardware into overwriting kernel code on many systems.  Prevent that
if locked down.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
Index: linux/drivers/mtd/devices/phram.c
===================================================================
--- linux.orig/drivers/mtd/devices/phram.c
+++ linux/drivers/mtd/devices/phram.c
@@ -219,6 +219,9 @@ static int phram_setup(const char *val)
 	uint64_t len;
 	int i, ret;
 
+	if (kernel_is_locked_down("Command line-specified device addresses"))
+		return -EPERM;
+
 	if (strnlen(val, sizeof(buf)) >= sizeof(buf))
 		parse_err("parameter too long\n");
 
Index: linux/drivers/mtd/devices/slram.c
===================================================================
--- linux.orig/drivers/mtd/devices/slram.c
+++ linux/drivers/mtd/devices/slram.c
@@ -226,6 +226,9 @@ static int parse_cmdline(char *devname,
 	unsigned long devstart;
 	unsigned long devlength;
 
+	if (kernel_is_locked_down("Command line-specified device addresses"))
+		return -EPERM;
+
 	if ((!devname) || (!szstart) || (!szlength)) {
 		unregister_devices();
 		return(-EINVAL);