From: Ben Hutchings Date: Thu, 2 Jun 2016 23:48:39 +0000 (+0100) Subject: mtd: Disable slram and phram when locked down X-Git-Tag: archive/raspbian/4.15.11-1+rpi1^2~17 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=12b8b91200c6640821e93c002bb5dbab5c462b1f;p=linux.git mtd: Disable slram and phram when locked down The slram and phram drivers both allow mapping regions of physical address space such that they can then be read and written by userland through the MTD interface. This is probably usable to manipulate hardware into overwriting kernel code on many systems. Prevent that if locked down. Signed-off-by: Ben Hutchings Gbp-Pq: Topic features/all/lockdown Gbp-Pq: Name mtd-disable-slram-and-phram-when-locked-down.patch --- diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c index 7287696a21f..c0b4f4eae82 100644 --- a/drivers/mtd/devices/phram.c +++ b/drivers/mtd/devices/phram.c @@ -226,6 +226,9 @@ static int phram_setup(const char *val) uint64_t len; int i, ret; + if (kernel_is_locked_down("Command line-specified device addresses")) + return -EPERM; + if (strnlen(val, sizeof(buf)) >= sizeof(buf)) parse_err("parameter too long\n"); diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c index 0ec85f316d2..b1a2b82ff81 100644 --- a/drivers/mtd/devices/slram.c +++ b/drivers/mtd/devices/slram.c @@ -231,6 +231,9 @@ static int parse_cmdline(char *devname, char *szstart, char *szlength) unsigned long devstart; unsigned long devlength; + if (kernel_is_locked_down("Command line-specified device addresses")) + return -EPERM; + if ((!devname) || (!szstart) || (!szlength)) { unregister_devices(); return(-EINVAL);