From 7b0ce2d0132a254dfdefd14ad25e21ddaff5aef7 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 3 Jun 2016 00:48:39 +0100
Subject: [PATCH] mtd: Disable slram and phram when locked down

The slram and phram drivers both allow mapping regions of physical
address space such that they can then be read and written by userland
through the MTD interface.  This is probably usable to manipulate
hardware into overwriting kernel code on many systems.  Prevent that
if locked down.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name mtd-disable-slram-and-phram-when-locked-down.patch
---
 drivers/mtd/devices/phram.c | 3 +++
 drivers/mtd/devices/slram.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
index 8b66e52ca3c..a116a45ceb2 100644
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -226,6 +226,9 @@ static int phram_setup(const char *val)
 	uint64_t len;
 	int i, ret;
 
+	if (kernel_is_locked_down())
+		return -EPERM;
+
 	if (strnlen(val, sizeof(buf)) >= sizeof(buf))
 		parse_err("parameter too long\n");
 
diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c
index 8087c36dc69..823b229870d 100644
--- a/drivers/mtd/devices/slram.c
+++ b/drivers/mtd/devices/slram.c
@@ -230,6 +230,9 @@ static int parse_cmdline(char *devname, char *szstart, char *szlength)
 	unsigned long devstart;
 	unsigned long devlength;
 
+	if (kernel_is_locked_down())
+		return -EPERM;
+
 	if ((!devname) || (!szstart) || (!szlength)) {
 		unregister_devices();
 		return(-EINVAL);
-- 
2.30.2