On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar <mingo@xxxxxxxxxx> wrote: > * Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> +#ifdef CONFIG_DEBUG_RODATA > > Btw., could you please remove the Kconfig option altogether in an additional patch > and make read-only sections an always-on feature? It has been default-y for years > and all distros have it enabled. Yeah, this is something I've wanted to do for a while, but I would point out that only a few architectures have actually implemented it, and for arm and arm64 it was very recent: $ git grep 'config DEBUG_RODATA' arch/arm/mm/Kconfig:config DEBUG_RODATA arch/arm64/Kconfig.debug:config DEBUG_RODATA arch/parisc/Kconfig.debug:config DEBUG_RODATA arch/x86/Kconfig.debug:config DEBUG_RODATA I think s390 already has strict kernel memory permissions, but they set it up ahead of time. And now, I see in reading the parisc tree, they do too, and mark_rodata_ro() is effectively a no-op. How does powerpc handle permissions for kernel rodata? For parisc (and maybe powerpc and s390) we'll need additional changes to support __ro_after_init, since they may be making the ro section ro _before_ init runs. But, that's okay since this series only uses __ro_after_init on x86 for the moment. ;) > The 'debug rodata' naming is purely historic: this started out as a simple > debugging feature, but meanwhile it has spread and has become an essential kernel > robustness feature. I agree completely. I suspect I would turn this into ARCH_HAS_STRICT_KERNMEM or something. -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
