From: Peter Müller <peter.mueller@ipfire.org>
Date: Thu, 21 Apr 2022 19:29:32 +0000 (+0000)
Subject: Revert "linux: Disable LSM for /dev/io port access"
X-Git-Tag: v2.27-core167^2~5
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=5bd8fc1273ebda6bf999da593a23fe1acdb04c6b

Revert "linux: Disable LSM for /dev/io port access"

This reverts commit 5b966f1b0a0f191c7d79b1609c122c16a65d3bfc.
---

diff --git a/lfs/linux b/lfs/linux
index 0deef74f26..91bba123bf 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -143,9 +143,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# https://bugzilla.ipfire.org/show_bug.cgi?id=12760
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch
 
-	# Unfortunately, /dev/io access is needed for firmware flashing; patch out LSM part in ioport.c
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.32-disable_lsm_for_ioport_access.patch
-
 ifeq "$(BUILD_ARCH)" "armv6l"
 	# Apply Arm-multiarch kernel patches.
 	cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
diff --git a/src/patches/linux/linux-5.15.32-disable_lsm_for_ioport_access.patch b/src/patches/linux/linux-5.15.32-disable_lsm_for_ioport_access.patch
deleted file mode 100644
index df7521d3bb..0000000000
--- a/src/patches/linux/linux-5.15.32-disable_lsm_for_ioport_access.patch
+++ /dev/null
@@ -1,30 +0,0 @@
---- linux-5.15.32.orig/arch/x86/kernel/ioport.c	2022-04-19 12:54:46.468477540 +0000
-+++ linux-5.15.32/arch/x86/kernel/ioport.c	2022-04-19 12:56:21.423185714 +0000
-@@ -4,7 +4,6 @@
-  * by Linus. 32/64 bits code unification by Miguel BotÃ³n.
-  */
- #include <linux/capability.h>
--#include <linux/security.h>
- #include <linux/syscalls.h>
- #include <linux/bitmap.h>
- #include <linux/ioport.h>
-@@ -70,8 +69,7 @@
- 
- 	if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
- 		return -EINVAL;
--	if (turn_on && (!capable(CAP_SYS_RAWIO) ||
--			security_locked_down(LOCKDOWN_IOPORT)))
-+	if (turn_on && (!capable(CAP_SYS_RAWIO)))
- 		return -EPERM;
- 
- 	/*
-@@ -186,8 +184,7 @@
- 
- 	/* Trying to gain more privileges? */
- 	if (level > old) {
--		if (!capable(CAP_SYS_RAWIO) ||
--		    security_locked_down(LOCKDOWN_IOPORT))
-+		if (!capable(CAP_SYS_RAWIO))
- 			return -EPERM;
- 	}
-