The slram and phram drivers both allow mapping regions of physical address space such that they can then be read and written by userland through the MTD interface. This is probably usable to manipulate hardware into overwriting kernel code on many systems. Prevent that if securelevel is set. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- Are there other lists that securelevel patches should go to? Ben. --- a/drivers/mtd/devices/phram.c +++ b/drivers/mtd/devices/phram.c @@ -25,6 +25,7 @@ #include <linux/moduleparam.h> #include <linux/slab.h> #include <linux/mtd/mtd.h> +#include <linux/security.h> struct phram_mtd_list { struct mtd_info mtd; @@ -226,6 +227,9 @@ static int phram_setup(const char *val) uint64_t len; int i, ret; + if (get_securelevel() > 0) + return -EPERM; + if (strnlen(val, sizeof(buf)) >= sizeof(buf)) parse_err("parameter too long\n"); --- a/drivers/mtd/devices/slram.c +++ b/drivers/mtd/devices/slram.c @@ -42,6 +42,7 @@ #include <linux/ioctl.h> #include <linux/init.h> #include <linux/io.h> +#include <linux/security.h> #include <linux/mtd/mtd.h> @@ -230,6 +231,9 @@ static int parse_cmdline(char *devname, unsigned long devstart; unsigned long devlength; + if (get_securelevel() > 0) + return -EPERM; + if ((!devname) || (!szstart) || (!szlength)) { unregister_devices(); return(-EINVAL);
Attachment:
signature.asc
Description: Digital signature