[people/pmueller/ipfire-2.x.git] / src / patches / linux / linux-5.15.32-disable_lsm_for_ioport_access.patch

--- linux-5.15.32.orig/arch/x86/kernel/ioport.c	2022-04-19 12:54:46.468477540 +0000
+++ linux-5.15.32/arch/x86/kernel/ioport.c	2022-04-19 12:56:21.423185714 +0000
@@ -4,7 +4,6 @@
  * by Linus. 32/64 bits code unification by Miguel Botón.
  */
 #include <linux/capability.h>
-#include <linux/security.h>
 #include <linux/syscalls.h>
 #include <linux/bitmap.h>
 #include <linux/ioport.h>
@@ -70,8 +69,7 @@
 
 	if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
 		return -EINVAL;
-	if (turn_on && (!capable(CAP_SYS_RAWIO) ||
-			security_locked_down(LOCKDOWN_IOPORT)))
+	if (turn_on && (!capable(CAP_SYS_RAWIO)))
 		return -EPERM;
 
 	/*
@@ -186,8 +184,7 @@
 
 	/* Trying to gain more privileges? */
 	if (level > old) {
-		if (!capable(CAP_SYS_RAWIO) ||
-		    security_locked_down(LOCKDOWN_IOPORT))
+		if (!capable(CAP_SYS_RAWIO))
 			return -EPERM;
 	}
Commit	Line	Data
5b966f1b PM	1	--- linux-5.15.32.orig/arch/x86/kernel/ioport.c 2022-04-19 12:54:46.468477540 +0000
	2	+++ linux-5.15.32/arch/x86/kernel/ioport.c 2022-04-19 12:56:21.423185714 +0000
	3	@@ -4,7 +4,6 @@
	4	* by Linus. 32/64 bits code unification by Miguel Botón.
	5	*/
	6	#include <linux/capability.h>
	7	-#include <linux/security.h>
	8	#include <linux/syscalls.h>
	9	#include <linux/bitmap.h>
	10	#include <linux/ioport.h>
	11	@@ -70,8 +69,7 @@
	12
	13	if ((from + num <= from) \|\| (from + num > IO_BITMAP_BITS))
	14	return -EINVAL;
	15	- if (turn_on && (!capable(CAP_SYS_RAWIO) \|\|
	16	- security_locked_down(LOCKDOWN_IOPORT)))
	17	+ if (turn_on && (!capable(CAP_SYS_RAWIO)))
	18	return -EPERM;
	19
	20	/*
	21	@@ -186,8 +184,7 @@
	22
	23	/* Trying to gain more privileges? */
	24	if (level > old) {
	25	- if (!capable(CAP_SYS_RAWIO) \|\|
	26	- security_locked_down(LOCKDOWN_IOPORT))
	27	+ if (!capable(CAP_SYS_RAWIO))
	28	return -EPERM;
	29	}
	30