diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:02:38 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:02:38 +0000 |
commit | 08b74a000942a380fe028845f92cd3a0dee827d5 (patch) | |
tree | aa78b4e12607c3e1fcce8d5cc42df4330792f118 /debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch | |
parent | Adding upstream version 4.19.249. (diff) | |
download | linux-debian.tar.xz linux-debian.zip |
Adding debian version 4.19.249-2.debian/4.19.249-2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch')
-rw-r--r-- | debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch new file mode 100644 index 000000000..f02392f10 --- /dev/null +++ b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch @@ -0,0 +1,41 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Fri, 03 Jun 2016 00:48:39 +0100 +Subject: mtd: Disable slram and phram when locked down +Forwarded: no + +The slram and phram drivers both allow mapping regions of physical +address space such that they can then be read and written by userland +through the MTD interface. This is probably usable to manipulate +hardware into overwriting kernel code on many systems. Prevent that +if locked down. + +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- +Index: linux/drivers/mtd/devices/phram.c +=================================================================== +--- linux.orig/drivers/mtd/devices/phram.c ++++ linux/drivers/mtd/devices/phram.c +@@ -219,6 +219,9 @@ static int phram_setup(const char *val) + uint64_t len; + int i, ret; + ++ if (kernel_is_locked_down("Command line-specified device addresses")) ++ return -EPERM; ++ + if (strnlen(val, sizeof(buf)) >= sizeof(buf)) + parse_err("parameter too long\n"); + +Index: linux/drivers/mtd/devices/slram.c +=================================================================== +--- linux.orig/drivers/mtd/devices/slram.c ++++ linux/drivers/mtd/devices/slram.c +@@ -226,6 +226,9 @@ static int parse_cmdline(char *devname, + unsigned long devstart; + unsigned long devlength; + ++ if (kernel_is_locked_down("Command line-specified device addresses")) ++ return -EPERM; ++ + if ((!devname) || (!szstart) || (!szlength)) { + unregister_devices(); + return(-EINVAL); |