arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common
There are multiple architectures that support CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX. These options also now have the ability to be turned off at runtime. Move these to an architecture independent location and make these options def_bool y for almost all of those arches. Signed-off-by: Laura Abbott <labbott@redhat.com> Acked-by: Ingo Molnar <mingo@kernel.org> Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Kees Cook <keescook@chromium.org>
Cette révision appartient à :
Laura Abbott
@@ -1051,18 +1051,6 @@ config ARCH_SUPPORTS_BIG_ENDIAN
|
||||
This option specifies the architecture can support big endian
|
||||
operation.
|
||||
|
||||
config DEBUG_RODATA
|
||||
bool "Make kernel text and rodata read-only"
|
||||
depends on MMU && !XIP_KERNEL
|
||||
default y if CPU_V7
|
||||
help
|
||||
If this is set, kernel text and rodata memory will be made
|
||||
read-only, and non-text kernel memory will be made non-executable.
|
||||
The tradeoff is that each region is padded to section-size (1MiB)
|
||||
boundaries (because their permissions are different and splitting
|
||||
the 1M pages into 4K ones causes TLB performance problems), which
|
||||
can waste memory.
|
||||
|
||||
config DEBUG_ALIGN_RODATA
|
||||
bool "Make rodata strictly non-executable"
|
||||
depends on DEBUG_RODATA
|
||||
|
||||
Référencer dans un nouveau ticket
Bloquer un utilisateur