From: Egor Ignatov <egori@altlinux.org>
To: devel-kernel@lists.altlinux.org
Subject: [d-kernel] [PATCH v2 1/6] mtd: slram: Add the kernel lock down check
Date: Wed, 27 May 2026 11:25:34 +0300
Message-ID: <20260527082539.2000966-2-egori@altlinux.org> (raw)
In-Reply-To: <20260527082539.2000966-1-egori@altlinux.org>
The slram MTD driver may map any memory pages no matter whether it's
reserved or whatever used for systems, which basically allows user
bypassing the lock down.
Add the check and abort the probe if the kernel is locked down for
LOCKDOWN_DEV_MEM.
Based on commit b3c782868ece ("mtd: phram: Add the kernel lock down check")
Suggested-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Egor Ignatov <egori@altlinux.org>
---
drivers/mtd/devices/slram.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c
index 69cb63d99f..2928d12343 100644
--- a/drivers/mtd/devices/slram.c
+++ b/drivers/mtd/devices/slram.c
@@ -43,6 +43,7 @@
#include <linux/ioctl.h>
#include <linux/init.h>
#include <linux/io.h>
+#include <linux/security.h>
#include <linux/mtd/mtd.h>
@@ -277,6 +278,11 @@ __setup("slram=", mtd_slram_setup);
static int __init init_slram(void)
{
char *devname;
+ int ret;
+
+ ret = security_locked_down(LOCKDOWN_DEV_MEM);
+ if (ret)
+ return ret;
#ifndef MODULE
char *devstart;
--
2.50.1
next prev parent reply other threads:[~2026-05-27 8:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-27 8:25 [d-kernel] [PATCH v2 0/6] Lock down the kernel if booted in Secure Boot mode Egor Ignatov
2026-05-27 8:25 ` Egor Ignatov [this message]
2026-05-27 8:25 ` [d-kernel] [PATCH v2 2/6] security: lockdown: expose security_lock_kernel_down function Egor Ignatov
2026-05-27 8:25 ` [d-kernel] [PATCH v2 3/6] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode Egor Ignatov
2026-05-27 8:25 ` [d-kernel] [PATCH v2 4/6] efi: Lock down the kernel if booted in " Egor Ignatov
2026-05-27 8:25 ` [d-kernel] [PATCH v2 5/6] efi: determine and pass Secure Boot state via FDT Egor Ignatov
2026-05-27 8:25 ` [d-kernel] [PATCH v2 6/6] config: Enable LOCK_DOWN_IN_EFI_SECURE_BOOT Egor Ignatov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260527082539.2000966-2-egori@altlinux.org \
--to=egori@altlinux.org \
--cc=devel-kernel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux kernel packages development
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel-kernel/0 devel-kernel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel-kernel devel-kernel/ http://lore.altlinux.org/devel-kernel \
devel-kernel@altlinux.org devel-kernel@altlinux.ru devel-kernel@altlinux.com
public-inbox-index devel-kernel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git