mtd: Disable slram and phram when locked down

The slram and phram drivers both allow mapping regions of physical
address space such that they can then be read and written by userland
through the MTD interface.  This is probably usable to manipulate
hardware into overwriting kernel code on many systems.  Prevent that
if locked down.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name mtd-disable-slram-and-phram-when-locked-down.patch

diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
index 7287696a21f91df6a875dc32a112e6206c855de1..c0b4f4eae82c50c7a7e9f19884aa81eabb0bb0fe 100644 (file)
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -226,6 +226,9 @@ static int phram_setup(const char *val)
        uint64_t len;
        int i, ret;
 
+       if (kernel_is_locked_down("Command line-specified device addresses"))
+               return -EPERM;
+
        if (strnlen(val, sizeof(buf)) >= sizeof(buf))
                parse_err("parameter too long\n");
 

diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c
index 0ec85f316d24c04e8503c8ca7625a3c16399a97b..b1a2b82ff81afd3945791b2c85457a1ad6b3e5dc 100644 (file)
--- a/drivers/mtd/devices/slram.c
+++ b/drivers/mtd/devices/slram.c
@@ -231,6 +231,9 @@ static int parse_cmdline(char *devname, char *szstart, char *szlength)
        unsigned long devstart;
        unsigned long devlength;
 
+       if (kernel_is_locked_down("Command line-specified device addresses"))
+               return -EPERM;
+
        if ((!devname) || (!szstart) || (!szlength)) {
                unregister_devices();
                return(-EINVAL);