On Tue, Apr 21, 2020 at 04:17:12PM +0800, Zong Li wrote: > Some architectures support DEBUG_WX function, it's verbatim from each > others. Extract to mm/Kconfig.debug for shared use. > > Signed-off-by: Zong Li <zong.li@xxxxxxxxxx> > Suggested-by: Palmer Dabbelt <palmer@xxxxxxxxxxx> > --- > mm/Kconfig.debug | 33 +++++++++++++++++++++++++++++++++ > 1 file changed, 33 insertions(+) > > diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug > index 0271b22e063f..077458ad968d 100644 > --- a/mm/Kconfig.debug > +++ b/mm/Kconfig.debug > @@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST > ---help--- > This option enables a testcase for the setting rodata read-only. > > +config ARCH_HAS_DEBUG_WX > + bool > + > +config DEBUG_WX > + bool "Warn on W+X mappings at boot" > + depends on ARCH_HAS_DEBUG_WX > + select PTDUMP_CORE > + help > + Generate a warning if any W+X mappings are found at boot. > + > + This is useful for discovering cases where the kernel is leaving > + W+X mappings after applying NX, as such mappings are a security risk. > + This check also includes UXN, which should be set on all kernel > + mappings. "UXN" is the name of a bit in the arm64 page-table descriptors, so this should be reworded now that it's in generic help text. Will
