arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX

Both of these options are poorly named. The features they provide are necessary for system security and should not be considered debug only. Change the names to CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX to better describe what these options do. Signed-off-by: Laura Abbott <labbott@redhat.com> Acked-by: Jessica Yu <jeyu@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org>
author: Laura Abbott <labbott@redhat.com> 2017-02-06 19:31:58 -0500
committer: Kees Cook <keescook@chromium.org> 2017-02-07 15:32:52 -0500
commit: 0f5bf6d0afe4be6e1391908ff2d6dc9730e91550 (patch)
tree: 12c10057175483fe3f3720b37b7ffb5b73241b2a /include
parent: ad21fc4faa2a1f919bac1073b885df9310dbc581 (diff)
3 files changed, 5 insertions, 5 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h
index a0934e6c9bab..c6dd53e88711 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -543,7 +543,7 @@ static inline bool bpf_prog_was_classic(const struct bpf_prog *prog)
 #define bpf_classic_proglen(fprog) (fprog->len * sizeof(fprog->filter[0]))
-#ifdef CONFIG_DEBUG_SET_MODULE_RONX
+#ifdef CONFIG_STRICT_MODULE_RWX
 static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
 {
        set_memory_ro((unsigned long)fp, fp->pages);
@@ -561,7 +561,7 @@ static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
 static inline void bpf_prog_unlock_ro(struct bpf_prog *fp)
 {
 }
-#endif /* CONFIG_DEBUG_SET_MODULE_RONX */
+#endif /* CONFIG_STRICT_MODULE_RWX */
 int sk_filter_trim_cap(struct sock *sk, struct sk_buff *skb, unsigned int cap);
 static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
diff --git a/include/linux/init.h b/include/linux/init.h
index 885c3e6d0f9d..79af0962fd52 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -126,10 +126,10 @@ void prepare_namespace(void);
 void __init load_default_modules(void);
 int __init init_rootfs(void);
-#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_DEBUG_SET_MODULE_RONX)
+#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
 extern bool rodata_enabled;
 #endif
-#ifdef CONFIG_DEBUG_RODATA
+#ifdef CONFIG_STRICT_KERNEL_RWX
 void mark_rodata_ro(void);
 #endif
diff --git a/include/linux/module.h b/include/linux/module.h
index 7c84273d60b9..d5afd142818f 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -764,7 +764,7 @@ extern int module_sysfs_initialized;
 #define __MODULE_STRING(x) __stringify(x)
-#ifdef CONFIG_DEBUG_SET_MODULE_RONX
+#ifdef CONFIG_STRICT_MODULE_RWX
 extern void set_all_modules_text_rw(void);
 extern void set_all_modules_text_ro(void);
 extern void module_enable_ro(const struct module *mod, bool after_init);
author	Laura Abbott <labbott@redhat.com>	2017-02-06 19:31:58 -0500
committer	Kees Cook <keescook@chromium.org>	2017-02-07 15:32:52 -0500
commit	0f5bf6d0afe4be6e1391908ff2d6dc9730e91550 (patch)
tree	12c10057175483fe3f3720b37b7ffb5b73241b2a /include
parent	ad21fc4faa2a1f919bac1073b885df9310dbc581 (diff)

diff --git a/include/linux/filter.h b/include/linux/filter.h index a0934e6c9bab..c6dd53e88711 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h
@@ -543,7 +543,7 @@ static inline bool bpf_prog_was_classic(const struct bpf_prog *prog)
543		543
544	#define bpf_classic_proglen(fprog) (fprog->len * sizeof(fprog->filter[0]))	544	#define bpf_classic_proglen(fprog) (fprog->len * sizeof(fprog->filter[0]))
545		545
546	#ifdef CONFIG_DEBUG_SET_MODULE_RONX	546	#ifdef CONFIG_STRICT_MODULE_RWX
547	static inline void bpf_prog_lock_ro(struct bpf_prog *fp)	547	static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
548	{	548	{
549	set_memory_ro((unsigned long)fp, fp->pages);	549	set_memory_ro((unsigned long)fp, fp->pages);
@@ -561,7 +561,7 @@ static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
561	static inline void bpf_prog_unlock_ro(struct bpf_prog *fp)	561	static inline void bpf_prog_unlock_ro(struct bpf_prog *fp)
562	{	562	{
563	}	563	}
564	#endif /* CONFIG_DEBUG_SET_MODULE_RONX */	564	#endif /* CONFIG_STRICT_MODULE_RWX */
565		565
566	int sk_filter_trim_cap(struct sock sk, struct sk_buff skb, unsigned int cap);	566	int sk_filter_trim_cap(struct sock sk, struct sk_buff skb, unsigned int cap);
567	static inline int sk_filter(struct sock sk, struct sk_buff skb)	567	static inline int sk_filter(struct sock sk, struct sk_buff skb)


diff --git a/include/linux/init.h b/include/linux/init.h index 885c3e6d0f9d..79af0962fd52 100644 --- a/include/linux/init.h +++ b/include/linux/init.h
@@ -126,10 +126,10 @@ void prepare_namespace(void);
126	void __init load_default_modules(void);	126	void __init load_default_modules(void);
127	int __init init_rootfs(void);	127	int __init init_rootfs(void);
128		128
129	#if defined(CONFIG_DEBUG_RODATA) \|\| defined(CONFIG_DEBUG_SET_MODULE_RONX)	129	#if defined(CONFIG_STRICT_KERNEL_RWX) \|\| defined(CONFIG_STRICT_MODULE_RWX)
130	extern bool rodata_enabled;	130	extern bool rodata_enabled;
131	#endif	131	#endif
132	#ifdef CONFIG_DEBUG_RODATA	132	#ifdef CONFIG_STRICT_KERNEL_RWX
133	void mark_rodata_ro(void);	133	void mark_rodata_ro(void);
134	#endif	134	#endif
135		135


diff --git a/include/linux/module.h b/include/linux/module.h index 7c84273d60b9..d5afd142818f 100644 --- a/include/linux/module.h +++ b/include/linux/module.h
@@ -764,7 +764,7 @@ extern int module_sysfs_initialized;
764		764
765	#define __MODULE_STRING(x) __stringify(x)	765	#define __MODULE_STRING(x) __stringify(x)
766		766
767	#ifdef CONFIG_DEBUG_SET_MODULE_RONX	767	#ifdef CONFIG_STRICT_MODULE_RWX
768	extern void set_all_modules_text_rw(void);	768	extern void set_all_modules_text_rw(void);
769	extern void set_all_modules_text_ro(void);	769	extern void set_all_modules_text_ro(void);
770	extern void module_enable_ro(const struct module *mod, bool after_init);	770	extern void module_enable_ro(const struct module *mod, bool after_init);