[PATCH] mtd: phram: Add the kernel lock down check

[PATCH] mtd: phram: Add the kernel lock down check

[Takashi Iwai]

The phram MTD driver may map any memory pages no matter whether it's
reserved or whatever used for systems, which basically allows user
bypassing the lock down.

Add the check and abort the probe if the kernel is locked down for
LOCKDOWN_DEV_MEM.

Reported-by: Fabian Vogt <fvogt@suse.com>
Suggested-by: Fabian Vogt <fvogt@suse.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 drivers/mtd/devices/phram.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
index 1bf192f229d7..48abfb81ef66 100644
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -30,6 +30,7 @@
 #include <linux/platform_device.h>
 #include <linux/of_address.h>
 #include <linux/of.h>
+#include <linux/security.h>
 
 struct phram_mtd_list {
 	struct mtd_info mtd;
@@ -410,6 +411,10 @@ static int __init init_phram(void)
 {
 	int ret;
 
+	ret = security_locked_down(LOCKDOWN_DEV_MEM);
+	if (ret)
+		return ret;
+
 	ret = platform_driver_register(&phram_driver);
 	if (ret)
 		return ret;
-- 
2.43.0


______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

Re: [PATCH] mtd: phram: Add the kernel lock down check

[Richard Weinberger]

----- Ursprüngliche Mail -----
> Von: "Takashi Iwai" <tiwai@suse.de>
> An: "linux-mtd" <linux-mtd@lists.infradead.org>
> CC: "joern" <joern@lazybastard.org>, "Miquel Raynal" <miquel.raynal@bootlin.com>, "richard" <richard@nod.at>, "Vignesh
> Raghavendra" <vigneshr@ti.com>, "linux-kernel" <linux-kernel@vger.kernel.org>, "Fabian Vogt" <fvogt@suse.com>
> Gesendet: Donnerstag, 14. November 2024 16:44:41
> Betreff: [PATCH] mtd: phram: Add the kernel lock down check

> The phram MTD driver may map any memory pages no matter whether it's
> reserved or whatever used for systems, which basically allows user
> bypassing the lock down.
> 
> Add the check and abort the probe if the kernel is locked down for
> LOCKDOWN_DEV_MEM.
> 
> Reported-by: Fabian Vogt <fvogt@suse.com>
> Suggested-by: Fabian Vogt <fvogt@suse.com>
> Signed-off-by: Takashi Iwai <tiwai@suse.de>

Good catch!

Acked-by: Richard Weinberger <richard@nod.at>

Thanks,
//richard

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

Re: [PATCH] mtd: phram: Add the kernel lock down check

[Miquel Raynal]

On 14/11/2024 at 16:44:41 +01, Takashi Iwai <tiwai@suse.de> wrote:

> The phram MTD driver may map any memory pages no matter whether it's
> reserved or whatever used for systems, which basically allows user
> bypassing the lock down.
>
> Add the check and abort the probe if the kernel is locked down for
> LOCKDOWN_DEV_MEM.
>
> Reported-by: Fabian Vogt <fvogt@suse.com>
> Suggested-by: Fabian Vogt <fvogt@suse.com>
> Signed-off-by: Takashi Iwai <tiwai@suse.de>

Applied to mtd/next.

Thanks,
Miquèl

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/