summaryrefslogtreecommitdiffstats
path: root/arch/arm/mm/Kconfig
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2014-04-03 13:29:50 -0700
committerKees Cook <keescook@chromium.org>2014-10-16 14:38:54 -0700
commit80d6b0c2eed2a504f6740cd1f5ea76dc50abfc4d (patch)
tree32f6d8a1c5a2250cc3f303df545dfbf52da62d19 /arch/arm/mm/Kconfig
parent1e6b48116a95046ec51f3d40f83aff8b006674d7 (diff)
downloadlinux-80d6b0c2eed2a504f6740cd1f5ea76dc50abfc4d.tar.gz
linux-80d6b0c2eed2a504f6740cd1f5ea76dc50abfc4d.tar.bz2
linux-80d6b0c2eed2a504f6740cd1f5ea76dc50abfc4d.zip
ARM: mm: allow text and rodata sections to be read-only
This introduces CONFIG_DEBUG_RODATA, making kernel text and rodata read-only. Additionally, this splits rodata from text so that rodata can also be NX, which may lead to wasted memory when aligning to SECTION_SIZE. The read-only areas are made writable during ftrace updates and kexec. Signed-off-by: Kees Cook <keescook@chromium.org> Tested-by: Laura Abbott <lauraa@codeaurora.org> Acked-by: Nicolas Pitre <nico@linaro.org>
Diffstat (limited to 'arch/arm/mm/Kconfig')
-rw-r--r--arch/arm/mm/Kconfig12
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
index 7a0756df91a2..c9cd9c5bf1e1 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -1017,3 +1017,15 @@ config ARM_KERNMEM_PERMS
padded to section-size (1MiB) boundaries (because their permissions
are different and splitting the 1M pages into 4K ones causes TLB
performance problems), wasting memory.
+
+config DEBUG_RODATA
+ bool "Make kernel text and rodata read-only"
+ depends on ARM_KERNMEM_PERMS
+ default y
+ help
+ If this is set, kernel text and rodata will be made read-only. This
+ is to help catch accidental or malicious attempts to change the
+ kernel's executable code. Additionally splits rodata from kernel
+ text so it can be made explicitly non-executable. This creates
+ another section-size padded region, so it can waste more memory
+ space while gaining the read-only protections.