Commit 09587a09 authored by Zong Li's avatar Zong Li Committed by Linus Torvalds
Browse files

arm64: mm: use ARCH_HAS_DEBUG_WX instead of arch defined 



Extract DEBUG_WX to mm/Kconfig.debug for shared use.  Change to use
ARCH_HAS_DEBUG_WX instead of DEBUG_WX defined by arch port.

Signed-off-by: default avatarZong Li <zong.li@sifive.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Link: http://lkml.kernel.org/r/e19709e7576f65e303245fe520cad5f7bae72763.1587455584.git.zong.li@sifive.com


Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 7e01ccb4

arch/arm64/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -9,6 +9,7 @@ config ARM64 
	select ACPI_MCFG if (ACPI && PCI)

	select ACPI_SPCR_TABLE if ACPI

	select ACPI_PPTT if ACPI

	select ARCH_HAS_DEBUG_WX

	select ARCH_BINFMT_ELF_STATE

	select ARCH_HAS_DEBUG_VIRTUAL

	select ARCH_HAS_DEVMEM_IS_ALLOWED

arch/arm64/Kconfig.debug

+0 −29
Original line number Diff line number Diff line
@@ -23,35 +23,6 @@ config ARM64_RANDOMIZE_TEXT_OFFSET 
	  of TEXT_OFFSET and platforms must not require a specific

	  value.



config DEBUG_WX

	bool "Warn on W+X mappings at boot"

	select PTDUMP_CORE

	---help---

	  Generate a warning if any W+X mappings are found at boot.



	  This is useful for discovering cases where the kernel is leaving

	  W+X mappings after applying NX, as such mappings are a security risk.

	  This check also includes UXN, which should be set on all kernel

	  mappings.



	  Look for a message in dmesg output like this:



	    arm64/mm: Checked W+X mappings: passed, no W+X pages found.



	  or like this, if the check failed:



	    arm64/mm: Checked W+X mappings: FAILED, <N> W+X pages found.



	  Note that even if the check fails, your kernel is possibly

	  still fine, as W+X mappings are not a security hole in

	  themselves, what they do is that they make the exploitation

	  of other unfixed kernel bugs easier.



	  There is no runtime or memory usage effect of this option

	  once the kernel has booted up - it's a one time check.



	  If in doubt, say "Y".



config DEBUG_EFI

	depends on EFI && DEBUG_INFO

	bool "UEFI debugging"

CRA Git | Maintained and supported by SUSTech CRA and CCSE