On Mon, Apr 27, 2020 at 3:49 PM Will Deacon <will@xxxxxxxxxx> wrote: > > On Tue, Apr 21, 2020 at 04:17:12PM +0800, Zong Li wrote: > > Some architectures support DEBUG_WX function, it's verbatim from each > > others. Extract to mm/Kconfig.debug for shared use. > > > > Signed-off-by: Zong Li <zong.li@xxxxxxxxxx> > > Suggested-by: Palmer Dabbelt <palmer@xxxxxxxxxxx> > > --- > > mm/Kconfig.debug | 33 +++++++++++++++++++++++++++++++++ > > 1 file changed, 33 insertions(+) > > > > diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug > > index 0271b22e063f..077458ad968d 100644 > > --- a/mm/Kconfig.debug > > +++ b/mm/Kconfig.debug > > @@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST > > ---help--- > > This option enables a testcase for the setting rodata read-only. > > > > +config ARCH_HAS_DEBUG_WX > > + bool > > + > > +config DEBUG_WX > > + bool "Warn on W+X mappings at boot" > > + depends on ARCH_HAS_DEBUG_WX > > + select PTDUMP_CORE > > + help > > + Generate a warning if any W+X mappings are found at boot. > > + > > + This is useful for discovering cases where the kernel is leaving > > + W+X mappings after applying NX, as such mappings are a security risk. > > + This check also includes UXN, which should be set on all kernel > > + mappings. > > "UXN" is the name of a bit in the arm64 page-table descriptors, so this > should be reworded now that it's in generic help text. > It's exactly. Sorry for missing the statement. Hi Andrew, Shall I send a next version patch to fix it? It should be "This is useful for discovering cases where the kernel is leaving W+X mappings after applying NX, as such mappings are a security risk." here. > Will
