From ad21fc4faa2a1f919bac1073b885df9310dbc581 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 6 Feb 2017 16:31:57 -0800 Subject: arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common There are multiple architectures that support CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX. These options also now have the ability to be turned off at runtime. Move these to an architecture independent location and make these options def_bool y for almost all of those arches. Signed-off-by: Laura Abbott Acked-by: Ingo Molnar Acked-by: Heiko Carstens Signed-off-by: Kees Cook --- arch/parisc/Kconfig | 1 + arch/parisc/Kconfig.debug | 11 ----------- 2 files changed, 1 insertion(+), 11 deletions(-) (limited to 'arch/parisc') diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index 3a71f38cdc05..ad294b3fb90b 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -8,6 +8,7 @@ config PARISC select HAVE_SYSCALL_TRACEPOINTS select ARCH_WANT_FRAME_POINTERS select ARCH_HAS_ELF_RANDOMIZE + select ARCH_HAS_STRICT_KERNEL_RWX select RTC_CLASS select RTC_DRV_GENERIC select INIT_ALL_POSSIBLE diff --git a/arch/parisc/Kconfig.debug b/arch/parisc/Kconfig.debug index 68b7cbd0810a..0d856b94c9b1 100644 --- a/arch/parisc/Kconfig.debug +++ b/arch/parisc/Kconfig.debug @@ -5,15 +5,4 @@ source "lib/Kconfig.debug" config TRACE_IRQFLAGS_SUPPORT def_bool y -config DEBUG_RODATA - bool "Write protect kernel read-only data structures" - depends on DEBUG_KERNEL - default y - help - Mark the kernel read-only data as write-protected in the pagetables, - in order to catch accidental (and incorrect) writes to such const - data. This option may have a slight performance impact because a - portion of the kernel code won't be covered by a TLB anymore. - If in doubt, say "N". - endmenu -- cgit v1.2.3 From 0f5bf6d0afe4be6e1391908ff2d6dc9730e91550 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 6 Feb 2017 16:31:58 -0800 Subject: arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX Both of these options are poorly named. The features they provide are necessary for system security and should not be considered debug only. Change the names to CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX to better describe what these options do. Signed-off-by: Laura Abbott Acked-by: Jessica Yu Signed-off-by: Kees Cook --- arch/parisc/configs/712_defconfig | 1 - arch/parisc/configs/c3000_defconfig | 1 - arch/parisc/mm/init.c | 2 +- 3 files changed, 1 insertion(+), 3 deletions(-) (limited to 'arch/parisc') diff --git a/arch/parisc/configs/712_defconfig b/arch/parisc/configs/712_defconfig index db8f56bf3883..143d02652792 100644 --- a/arch/parisc/configs/712_defconfig +++ b/arch/parisc/configs/712_defconfig @@ -182,7 +182,6 @@ CONFIG_DEBUG_FS=y CONFIG_DEBUG_KERNEL=y CONFIG_DEBUG_MUTEXES=y # CONFIG_RCU_CPU_STALL_DETECTOR is not set -CONFIG_DEBUG_RODATA=y CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_TEST=m CONFIG_CRYPTO_HMAC=y diff --git a/arch/parisc/configs/c3000_defconfig b/arch/parisc/configs/c3000_defconfig index fb92b8920785..8e8f0e34f817 100644 --- a/arch/parisc/configs/c3000_defconfig +++ b/arch/parisc/configs/c3000_defconfig @@ -166,7 +166,6 @@ CONFIG_DEBUG_KERNEL=y CONFIG_DEBUG_MUTEXES=y # CONFIG_DEBUG_BUGVERBOSE is not set # CONFIG_RCU_CPU_STALL_DETECTOR is not set -CONFIG_DEBUG_RODATA=y CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_TEST=m CONFIG_CRYPTO_MD5=m diff --git a/arch/parisc/mm/init.c b/arch/parisc/mm/init.c index e02ada312be8..a055e5b6b380 100644 --- a/arch/parisc/mm/init.c +++ b/arch/parisc/mm/init.c @@ -545,7 +545,7 @@ void free_initmem(void) } -#ifdef CONFIG_DEBUG_RODATA +#ifdef CONFIG_STRICT_KERNEL_RWX void mark_rodata_ro(void) { /* rodata memory was already mapped with KERNEL_RO access rights by -- cgit v1.2.3