summaryrefslogtreecommitdiffstats
path: root/arch/arm
diff options
context:
space:
mode:
authorLaura Abbott <labbott@redhat.com>2017-02-06 16:31:57 -0800
committerKees Cook <keescook@chromium.org>2017-02-07 12:32:52 -0800
commitad21fc4faa2a1f919bac1073b885df9310dbc581 (patch)
tree0e72a0b209f7e84daf6a131bdbc673cd60715037 /arch/arm
parent0c744ea4f77d72b3dcebb7a8f2684633ec79be88 (diff)
downloadlinux-ad21fc4faa2a1f919bac1073b885df9310dbc581.tar.bz2
arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common
There are multiple architectures that support CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX. These options also now have the ability to be turned off at runtime. Move these to an architecture independent location and make these options def_bool y for almost all of those arches. Signed-off-by: Laura Abbott <labbott@redhat.com> Acked-by: Ingo Molnar <mingo@kernel.org> Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch/arm')
-rw-r--r--arch/arm/Kconfig4
-rw-r--r--arch/arm/Kconfig.debug11
-rw-r--r--arch/arm/mm/Kconfig12
3 files changed, 4 insertions, 23 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 5fab553fd03a..8c88c8ad064b 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -4,10 +4,14 @@ config ARM
select ARCH_CLOCKSOURCE_DATA
select ARCH_HAS_DEVMEM_IS_ALLOWED
select ARCH_HAS_ELF_RANDOMIZE
+ select ARCH_HAS_STRICT_KERNEL_RWX if MMU && !XIP_KERNEL
+ select ARCH_HAS_STRICT_MODULE_RWX if MMU
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
select ARCH_HAVE_CUSTOM_GPIO_H
select ARCH_HAS_GCOV_PROFILE_ALL
select ARCH_MIGHT_HAVE_PC_PARPORT
+ select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
+ select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7
select ARCH_SUPPORTS_ATOMIC_RMW
select ARCH_USE_BUILTIN_BSWAP
select ARCH_USE_CMPXCHG_LOCKREF
diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
index d83f7c369e51..426d2716f55d 100644
--- a/arch/arm/Kconfig.debug
+++ b/arch/arm/Kconfig.debug
@@ -1738,17 +1738,6 @@ config PID_IN_CONTEXTIDR
additional instructions during context switch. Say Y here only if you
are planning to use hardware trace tools with this kernel.
-config DEBUG_SET_MODULE_RONX
- bool "Set loadable kernel module data as NX and text as RO"
- depends on MODULES && MMU
- ---help---
- This option helps catch unintended modifications to loadable
- kernel module's text and read-only data. It also prevents execution
- of module data. Such protection may interfere with run-time code
- patching and dynamic kernel tracing - and they might also protect
- against certain classes of kernel exploits.
- If in doubt, say "N".
-
source "drivers/hwtracing/coresight/Kconfig"
endmenu
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
index f68e8ec29447..419a0355d4e4 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -1051,18 +1051,6 @@ config ARCH_SUPPORTS_BIG_ENDIAN
This option specifies the architecture can support big endian
operation.
-config DEBUG_RODATA
- bool "Make kernel text and rodata read-only"
- depends on MMU && !XIP_KERNEL
- default y if CPU_V7
- help
- If this is set, kernel text and rodata memory will be made
- read-only, and non-text kernel memory will be made non-executable.
- The tradeoff is that each region is padded to section-size (1MiB)
- boundaries (because their permissions are different and splitting
- the 1M pages into 4K ones causes TLB performance problems), which
- can waste memory.
-
config DEBUG_ALIGN_RODATA
bool "Make rodata strictly non-executable"
depends on DEBUG_RODATA