diff options
| author | Laura Abbott <labbott@redhat.com> | 2017-02-06 16:31:57 -0800 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2017-02-07 12:32:52 -0800 |
| commit | ad21fc4faa2a1f919bac1073b885df9310dbc581 (patch) | |
| tree | 0e72a0b209f7e84daf6a131bdbc673cd60715037 /Documentation/security | |
| parent | 0c744ea4f77d72b3dcebb7a8f2684633ec79be88 (diff) | |
arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common
There are multiple architectures that support CONFIG_DEBUG_RODATA and
CONFIG_SET_MODULE_RONX. These options also now have the ability to be
turned off at runtime. Move these to an architecture independent
location and make these options def_bool y for almost all of those
arches.
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'Documentation/security')
| -rw-r--r-- | Documentation/security/self-protection.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/security/self-protection.txt b/Documentation/security/self-protection.txt index 3010576c9fca..f41dd00e8b98 100644 --- a/Documentation/security/self-protection.txt +++ b/Documentation/security/self-protection.txt @@ -56,6 +56,12 @@ CONFIG_DEBUG_SET_MODULE_RONX, which seek to make sure that code is not writable, data is not executable, and read-only data is neither writable nor executable. +Most architectures have these options on by default and not user selectable. +For some architectures like arm that wish to have these be selectable, +the architecture Kconfig can select ARCH_OPTIONAL_KERNEL_RWX to enable +a Kconfig prompt. CONFIG_ARCH_OPTIONAL_KERNEL_RWX_DEFAULT determines +the default setting when ARCH_OPTIONAL_KERNEL_RWX is enabled. + #### Function pointers and sensitive variables must not be writable Vast areas of kernel memory contain function pointers that are looked |