mtd: require write permissions for locking and badblock ioctls

[ Upstream commit 1e97743fd180981bef5f01402342bb54bf1c6366 ]

MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require
write permission. Depending on the hardware MEMLOCK might even be
write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK
is always write-once.

MEMSETBADBLOCK modifies the bad block table.

Fixes: f7e6b19bc764 ("mtd: properly check all write ioctls for permissions")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20210303155735.25887-1-michael@walle.cc
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index b40f46a43fc66e26718d194888e9cfc5802e56fc..69fb5dafa9ad61382ec7c06da28a2851ab88efee 100644 (file)
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -651,16 +651,12 @@ static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg)
        case MEMGETINFO:
        case MEMREADOOB:
        case MEMREADOOB64:
-       case MEMLOCK:
-       case MEMUNLOCK:
        case MEMISLOCKED:
        case MEMGETOOBSEL:
        case MEMGETBADBLOCK:
-       case MEMSETBADBLOCK:
        case OTPSELECT:
        case OTPGETREGIONCOUNT:
        case OTPGETREGIONINFO:
-       case OTPLOCK:
        case ECCGETLAYOUT:
        case ECCGETSTATS:
        case MTDFILEMODE:
@@ -671,9 +667,13 @@ static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg)
        /* "dangerous" commands */
        case MEMERASE:
        case MEMERASE64:
+       case MEMLOCK:
+       case MEMUNLOCK:
+       case MEMSETBADBLOCK:
        case MEMWRITEOOB:
        case MEMWRITEOOB64:
        case MEMWRITE:
+       case OTPLOCK:
                if (!(file->f_mode & FMODE_WRITE))
                        return -EPERM;
                break;