From b3c782868ecebd0c1661a6aa2bdc84cd3cbb1ef3 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Thu, 14 Nov 2024 16:44:41 +0100
Subject: [PATCH] mtd: phram: Add the kernel lock down check

The phram MTD driver may map any memory pages no matter whether it's
reserved or whatever used for systems, which basically allows user
bypassing the lock down.

Add the check and abort the probe if the kernel is locked down for
LOCKDOWN_DEV_MEM.

Reported-by: Fabian Vogt <fvogt@suse.com>
Suggested-by: Fabian Vogt <fvogt@suse.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
 drivers/mtd/devices/phram.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
index b8bbc7ecbe95..fd9ec165e61a 100644
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -30,6 +30,7 @@
 #include <linux/platform_device.h>
 #include <linux/of_address.h>
 #include <linux/of.h>
+#include <linux/security.h>
 
 struct phram_mtd_list {
 	struct mtd_info mtd;
@@ -410,6 +411,10 @@ static int __init init_phram(void)
 {
 	int ret;
 
+	ret = security_locked_down(LOCKDOWN_DEV_MEM);
+	if (ret)
+		return ret;
+
 	ret = platform_driver_register(&phram_driver);
 	if (ret)
 		return ret;
-- 
2.50.1