On Fri, Feb 3, 2017 at 9:52 AM, Laura Abbott <labbott@xxxxxxxxxx> wrote: > There are multiple architectures that support CONFIG_DEBUG_RODATA and > CONFIG_SET_MODULE_RONX. These options also now have the ability to be > turned off at runtime. Move these to an architecture independent > location and make these options def_bool y for almost all of those > arches. > > Signed-off-by: Laura Abbott <labbott@xxxxxxxxxx> > --- > v2: This patch is now doing just the refactor of the existing config options. > --- > arch/Kconfig | 28 ++++++++++++++++++++++++++++ > arch/arm/Kconfig | 3 +++ > arch/arm/Kconfig.debug | 11 ----------- > arch/arm/mm/Kconfig | 12 ------------ > arch/arm64/Kconfig | 5 ++--- > arch/arm64/Kconfig.debug | 11 ----------- > arch/parisc/Kconfig | 1 + > arch/parisc/Kconfig.debug | 11 ----------- > arch/s390/Kconfig | 5 ++--- > arch/s390/Kconfig.debug | 3 --- > arch/x86/Kconfig | 5 ++--- > arch/x86/Kconfig.debug | 11 ----------- > 12 files changed, 38 insertions(+), 68 deletions(-) > > diff --git a/arch/Kconfig b/arch/Kconfig > index 99839c2..22ee01e 100644 > --- a/arch/Kconfig > +++ b/arch/Kconfig > @@ -781,4 +781,32 @@ config VMAP_STACK > the stack to map directly to the KASAN shadow map using a formula > that is incorrect if the stack is in vmalloc space. > > +config ARCH_NO_STRICT_RWX_DEFAULTS > + def_bool n > + > +config ARCH_HAS_STRICT_KERNEL_RWX > + def_bool n > + > +config DEBUG_RODATA > + def_bool y if !ARCH_NO_STRICT_RWX_DEFAULTS > + prompt "Make kernel text and rodata read-only" if ARCH_NO_STRICT_RWX_DEFAULTS Ah! Yes, perfect. I totally forgot about using conditional "prompt" lines. Nice! Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html