mtd: Disable slram and phram when locked down

The slram and phram drivers both allow mapping regions of physical
address space such that they can then be read and written by userland
through the MTD interface.  This is probably usable to manipulate
hardware into overwriting kernel code on many systems.  Prevent that
if locked down.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name mtd-disable-slram-and-phram-when-locked-down.patch

diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
index 8b66e52ca3ccb811e818dce496ca6e0fcc7c9ecb..a116a45ceb2187e98d185274bdb42233865b1149 100644 (file)
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -226,6 +226,9 @@ static int phram_setup(const char *val)
        uint64_t len;
        int i, ret;
 
+       if (kernel_is_locked_down())
+               return -EPERM;
+
        if (strnlen(val, sizeof(buf)) >= sizeof(buf))
                parse_err("parameter too long\n");
 

diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c
index 8087c36dc6935a8d6caf6d4b770be4fba60e1319..823b229870de24d78aa266e0e6c9fe9cd7086642 100644 (file)
--- a/drivers/mtd/devices/slram.c
+++ b/drivers/mtd/devices/slram.c
@@ -230,6 +230,9 @@ static int parse_cmdline(char *devname, char *szstart, char *szlength)
        unsigned long devstart;
        unsigned long devlength;
 
+       if (kernel_is_locked_down())
+               return -EPERM;
+
        if ((!devname) || (!szstart) || (!szlength)) {
                unregister_devices();
                return(-EINVAL);