diff options
author | Laura Abbott <labbott@redhat.com> | 2017-02-06 16:31:57 -0800 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2017-02-07 12:32:52 -0800 |
commit | ad21fc4faa2a1f919bac1073b885df9310dbc581 (patch) | |
tree | 0e72a0b209f7e84daf6a131bdbc673cd60715037 /arch/arm64 | |
parent | 0c744ea4f77d72b3dcebb7a8f2684633ec79be88 (diff) | |
download | linux-ad21fc4faa2a1f919bac1073b885df9310dbc581.tar.bz2 |
arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common
There are multiple architectures that support CONFIG_DEBUG_RODATA and
CONFIG_SET_MODULE_RONX. These options also now have the ability to be
turned off at runtime. Move these to an architecture independent
location and make these options def_bool y for almost all of those
arches.
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch/arm64')
-rw-r--r-- | arch/arm64/Kconfig | 5 | ||||
-rw-r--r-- | arch/arm64/Kconfig.debug | 11 |
2 files changed, 2 insertions, 14 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 111742126897..e1efbcc9de32 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -13,6 +13,8 @@ config ARM64 select ARCH_HAS_GIGANTIC_PAGE select ARCH_HAS_KCOV select ARCH_HAS_SG_CHAIN + select ARCH_HAS_STRICT_KERNEL_RWX + select ARCH_HAS_STRICT_MODULE_RWX select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_USE_CMPXCHG_LOCKREF select ARCH_SUPPORTS_ATOMIC_RMW @@ -123,9 +125,6 @@ config ARCH_PHYS_ADDR_T_64BIT config MMU def_bool y -config DEBUG_RODATA - def_bool y - config ARM64_PAGE_SHIFT int default 16 if ARM64_64K_PAGES diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug index d1ebd46872fd..939815e8d695 100644 --- a/arch/arm64/Kconfig.debug +++ b/arch/arm64/Kconfig.debug @@ -71,17 +71,6 @@ config DEBUG_WX If in doubt, say "Y". -config DEBUG_SET_MODULE_RONX - bool "Set loadable kernel module data as NX and text as RO" - depends on MODULES - default y - help - Is this is set, kernel module text and rodata will be made read-only. - This is to help catch accidental or malicious attempts to change the - kernel's executable code. - - If in doubt, say Y. - config DEBUG_ALIGN_RODATA depends on DEBUG_RODATA bool "Align linker sections up to SECTION_SIZE" |