diff options
author | Kees Cook <keescook@chromium.org> | 2014-04-03 13:29:50 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2014-10-16 14:38:54 -0700 |
commit | 80d6b0c2eed2a504f6740cd1f5ea76dc50abfc4d (patch) | |
tree | 32f6d8a1c5a2250cc3f303df545dfbf52da62d19 /arch/arm/mm/Kconfig | |
parent | 1e6b48116a95046ec51f3d40f83aff8b006674d7 (diff) | |
download | linux-80d6b0c2eed2a504f6740cd1f5ea76dc50abfc4d.tar.gz linux-80d6b0c2eed2a504f6740cd1f5ea76dc50abfc4d.tar.bz2 linux-80d6b0c2eed2a504f6740cd1f5ea76dc50abfc4d.zip |
ARM: mm: allow text and rodata sections to be read-only
This introduces CONFIG_DEBUG_RODATA, making kernel text and rodata
read-only. Additionally, this splits rodata from text so that rodata can
also be NX, which may lead to wasted memory when aligning to SECTION_SIZE.
The read-only areas are made writable during ftrace updates and kexec.
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Laura Abbott <lauraa@codeaurora.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Diffstat (limited to 'arch/arm/mm/Kconfig')
-rw-r--r-- | arch/arm/mm/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index 7a0756df91a2..c9cd9c5bf1e1 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -1017,3 +1017,15 @@ config ARM_KERNMEM_PERMS padded to section-size (1MiB) boundaries (because their permissions are different and splitting the 1M pages into 4K ones causes TLB performance problems), wasting memory. + +config DEBUG_RODATA + bool "Make kernel text and rodata read-only" + depends on ARM_KERNMEM_PERMS + default y + help + If this is set, kernel text and rodata will be made read-only. This + is to help catch accidental or malicious attempts to change the + kernel's executable code. Additionally splits rodata from kernel + text so it can be made explicitly non-executable. This creates + another section-size padded region, so it can waste more memory + space while gaining the read-only protections. |