Re: [PATCHv2 1/2] arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 3, 2017 at 9:52 AM, Laura Abbott <labbott@xxxxxxxxxx> wrote:
> There are multiple architectures that support CONFIG_DEBUG_RODATA and
> CONFIG_SET_MODULE_RONX. These options also now have the ability to be
> turned off at runtime. Move these to an architecture independent
> location and make these options def_bool y for almost all of those
> arches.
>
> Signed-off-by: Laura Abbott <labbott@xxxxxxxxxx>
> ---
> v2: This patch is now doing just the refactor of the existing config options.
> ---
>  arch/Kconfig              | 28 ++++++++++++++++++++++++++++
>  arch/arm/Kconfig          |  3 +++
>  arch/arm/Kconfig.debug    | 11 -----------
>  arch/arm/mm/Kconfig       | 12 ------------
>  arch/arm64/Kconfig        |  5 ++---
>  arch/arm64/Kconfig.debug  | 11 -----------
>  arch/parisc/Kconfig       |  1 +
>  arch/parisc/Kconfig.debug | 11 -----------
>  arch/s390/Kconfig         |  5 ++---
>  arch/s390/Kconfig.debug   |  3 ---
>  arch/x86/Kconfig          |  5 ++---
>  arch/x86/Kconfig.debug    | 11 -----------
>  12 files changed, 38 insertions(+), 68 deletions(-)
>
> diff --git a/arch/Kconfig b/arch/Kconfig
> index 99839c2..22ee01e 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -781,4 +781,32 @@ config VMAP_STACK
>           the stack to map directly to the KASAN shadow map using a formula
>           that is incorrect if the stack is in vmalloc space.
>
> +config ARCH_NO_STRICT_RWX_DEFAULTS
> +       def_bool n
> +
> +config ARCH_HAS_STRICT_KERNEL_RWX
> +       def_bool n
> +
> +config DEBUG_RODATA
> +       def_bool y if !ARCH_NO_STRICT_RWX_DEFAULTS
> +       prompt "Make kernel text and rodata read-only" if ARCH_NO_STRICT_RWX_DEFAULTS

Ah! Yes, perfect. I totally forgot about using conditional "prompt" lines. Nice!

Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux