diff options
Diffstat (limited to 'arch/arm/mm/Kconfig')
| -rw-r--r-- | arch/arm/mm/Kconfig | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index 549f6d3aec5b..55347662e5ed 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig | |||
| @@ -1037,24 +1037,26 @@ config ARCH_SUPPORTS_BIG_ENDIAN | |||
| 1037 | This option specifies the architecture can support big endian | 1037 | This option specifies the architecture can support big endian |
| 1038 | operation. | 1038 | operation. |
| 1039 | 1039 | ||
| 1040 | config ARM_KERNMEM_PERMS | ||
| 1041 | bool "Restrict kernel memory permissions" | ||
| 1042 | depends on MMU | ||
| 1043 | help | ||
| 1044 | If this is set, kernel memory other than kernel text (and rodata) | ||
| 1045 | will be made non-executable. The tradeoff is that each region is | ||
| 1046 | padded to section-size (1MiB) boundaries (because their permissions | ||
| 1047 | are different and splitting the 1M pages into 4K ones causes TLB | ||
| 1048 | performance problems), wasting memory. | ||
| 1049 | |||
| 1050 | config DEBUG_RODATA | 1040 | config DEBUG_RODATA |
| 1051 | bool "Make kernel text and rodata read-only" | 1041 | bool "Make kernel text and rodata read-only" |
| 1052 | depends on ARM_KERNMEM_PERMS | 1042 | depends on MMU && !XIP_KERNEL |
| 1043 | default y if CPU_V7 | ||
| 1044 | help | ||
| 1045 | If this is set, kernel text and rodata memory will be made | ||
| 1046 | read-only, and non-text kernel memory will be made non-executable. | ||
| 1047 | The tradeoff is that each region is padded to section-size (1MiB) | ||
| 1048 | boundaries (because their permissions are different and splitting | ||
| 1049 | the 1M pages into 4K ones causes TLB performance problems), which | ||
| 1050 | can waste memory. | ||
| 1051 | |||
| 1052 | config DEBUG_ALIGN_RODATA | ||
| 1053 | bool "Make rodata strictly non-executable" | ||
| 1054 | depends on DEBUG_RODATA | ||
| 1053 | default y | 1055 | default y |
| 1054 | help | 1056 | help |
| 1055 | If this is set, kernel text and rodata will be made read-only. This | 1057 | If this is set, rodata will be made explicitly non-executable. This |
| 1056 | is to help catch accidental or malicious attempts to change the | 1058 | provides protection on the rare chance that attackers might find and |
| 1057 | kernel's executable code. Additionally splits rodata from kernel | 1059 | use ROP gadgets that exist in the rodata section. This adds an |
| 1058 | text so it can be made explicitly non-executable. This creates | 1060 | additional section-aligned split of rodata from kernel text so it |
| 1059 | another section-size padded region, so it can waste more memory | 1061 | can be made explicitly non-executable. This padding may waste memory |
| 1060 | space while gaining the read-only protections. | 1062 | space to gain the additional protection. |