linux_dsm_epyc7002/arch/arm/kernel
Kees Cook 25362dc496 ARM: 8501/1: mm: flip priority of CONFIG_DEBUG_RODATA
The use of CONFIG_DEBUG_RODATA is generally seen as an essential part of
kernel self-protection:
http://www.openwall.com/lists/kernel-hardening/2015/11/30/13
Additionally, its name has grown to mean things beyond just rodata. To
get ARM closer to this, we ought to rearrange the names of the configs
that control how the kernel protects its memory. What was called
CONFIG_ARM_KERNMEM_PERMS is realy doing the work that other architectures
call CONFIG_DEBUG_RODATA.

This redefines CONFIG_DEBUG_RODATA to actually do the bulk of the
ROing (and NXing). In the place of the old CONFIG_DEBUG_RODATA, use
CONFIG_DEBUG_ALIGN_RODATA, since that's what the option does: adds
section alignment for making rodata explicitly NX, as arm does not split
the page tables like arm64 does without _ALIGN_RODATA.

Also adds human readable names to the sections so I could more easily
debug my typos, and makes CONFIG_DEBUG_RODATA default "y" for CPU_V7.

Results in /sys/kernel/debug/kernel_page_tables for each config state:

 # CONFIG_DEBUG_RODATA is not set
 # CONFIG_DEBUG_ALIGN_RODATA is not set

---[ Kernel Mapping ]---
0x80000000-0x80900000           9M     RW x  SHD
0x80900000-0xa0000000         503M     RW NX SHD

 CONFIG_DEBUG_RODATA=y
 CONFIG_DEBUG_ALIGN_RODATA=y

---[ Kernel Mapping ]---
0x80000000-0x80100000           1M     RW NX SHD
0x80100000-0x80700000           6M     ro x  SHD
0x80700000-0x80a00000           3M     ro NX SHD
0x80a00000-0xa0000000         502M     RW NX SHD

 CONFIG_DEBUG_RODATA=y
 # CONFIG_DEBUG_ALIGN_RODATA is not set

---[ Kernel Mapping ]---
0x80000000-0x80100000           1M     RW NX SHD
0x80100000-0x80a00000           9M     ro x  SHD
0x80a00000-0xa0000000         502M     RW NX SHD

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-02-08 15:56:45 +00:00
..
.gitignore
arch_timer.c arch_timer: Move to generic sched_clock framework 2013-10-09 16:54:10 -07:00
armksyms.c ARM: 8479/2: add implementation for arm-smccc 2016-01-04 16:24:34 +00:00
asm-offsets.c Merge branch 'exec_domain_rip_v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2015-04-15 13:53:55 -07:00
atags_compat.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
atags_parse.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
atags_proc.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
atags.h ARM: 8495/1: ATAGS: move save_atags() to arch/arm/include/asm/setup.h 2016-01-04 11:26:00 +00:00
bios32.c ARM/PCI: Move align_resource function pointer to pci_host_bridge structure 2015-11-25 13:23:38 -06:00
calls.S ARM: wire up mlock2 syscall 2015-11-18 11:20:24 +00:00
cpuidle.c ARM: 8485/1: cpuidle: remove cpu parameter from the cpuidle_ops suspend hook 2015-12-22 12:09:43 +00:00
crash_dump.c ARM: 8012/1: kdump: Avoid overflow when converting pfn to physaddr 2014-04-07 12:10:00 +01:00
debug.S ARM: unify MMU/!MMU addruart calls 2015-05-20 23:09:51 +02:00
devtree.c ARM: make default platform work for NOMMU 2015-12-17 17:45:47 +01:00
dma-isa.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
dma.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
early_printk.c early_printk: consolidate random copies of identical code 2013-04-29 18:28:13 -07:00
efi.c ARM: wire up UEFI init and runtime support 2015-12-13 19:18:30 +01:00
elf.c Disintegrate asm/system.h for ARM 2012-03-28 18:30:01 +01:00
entry-armv.S ARM: remove user cmpxchg syscall 2015-10-03 16:36:45 +01:00
entry-common.S Merge branch 'uaccess' into fixes 2015-09-11 19:18:28 +01:00
entry-ftrace.S ARM: replace BSYM() with badr assembly macro 2015-05-08 17:33:50 +01:00
entry-header.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
entry-v7m.S ARM: 8450/1: v7-M: Use ret_to_user_from_irq in PendSV handler 2015-11-16 18:34:37 +00:00
fiq.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
fiqasm.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
ftrace.c ARM: kprobes: enable OPTPROBES for ARM 32 2015-01-13 16:10:17 +00:00
head-common.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
head-nommu.S ARM: 8383/1: nommu: avoid deprecated source register on mov 2015-06-12 21:18:48 +01:00
head.S Merge branch 'uaccess' into fixes 2015-09-11 19:18:28 +01:00
hibernate.c ARM: use virt_to_idmap() for soft_restart() 2016-02-08 15:48:32 +00:00
hw_breakpoint.c ARM: 8436/1: hw_breakpoint: remove unnecessary header 2015-10-03 16:36:44 +01:00
hyp-stub.S Here are the PPC and ARM changes for KVM, which I separated because 2014-08-07 11:35:30 -07:00
insn.c ARM: fix missing bug.h include in arch/arm/kernel/insn.c 2012-03-30 11:51:46 +01:00
io.c ARM: io.c: clean up EXPORT_SYMBOL()s 2014-11-21 15:25:02 +00:00
irq.c ARM: 8499/1: irq: l2c: do not print error in case of missing l2c from 2016-01-26 23:49:02 +00:00
isa.c arm: convert use of typedef ctl_table to struct ctl_table 2014-06-06 16:08:15 -07:00
iwmmxt.S ARM: 8221/1: PJ4: allow building in Thumb-2 mode 2014-12-03 16:08:00 +00:00
jump_label.c jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} 2015-08-03 11:34:12 +02:00
kgdb.c ARM: 8428/1: kgdb: Fix registers on sleeping tasks 2015-10-03 16:36:45 +01:00
machine_kexec.c ARM: use virt_to_idmap() for soft_restart() 2016-02-08 15:48:32 +00:00
Makefile xen: features and fixes for 4.5-rc0 2016-01-12 13:05:36 -08:00
module-plts.c module: use a structure to encapsulate layout. 2015-12-04 22:46:25 +01:00
module.c ARM: 8220/1: allow modules outside of bl range 2015-05-08 10:42:34 +01:00
module.lds ARM: 8220/1: allow modules outside of bl range 2015-05-08 10:42:34 +01:00
opcodes.c ARM: 7206/1: Add generic ARM instruction set condition code checks. 2011-12-13 08:52:02 +00:00
paravirt.c arm: introduce CONFIG_PARAVIRT, PARAVIRT_TIME_ACCOUNTING and pv_time_ops 2015-12-21 14:40:54 +00:00
patch.c ARM: probes: move all probe code to dedicate directory 2015-01-09 09:36:50 +00:00
perf_callchain.c arm: perf: factor out callchain code 2014-10-30 12:16:58 +00:00
perf_event_v6.c arm: perf: factor arm_pmu core out to drivers 2015-07-31 15:01:14 +01:00
perf_event_v7.c ARM: perf: add format entry to describe event -> config mapping 2015-12-22 14:42:57 +00:00
perf_event_xscale.c arm: perf: factor arm_pmu core out to drivers 2015-07-31 15:01:14 +01:00
perf_regs.c perf: Move task_pt_regs sampling into arch code 2015-01-09 11:12:28 +01:00
pj4-cp0.c ARM: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode 2016-01-04 11:12:10 +00:00
process.c ARM: report proper DACR value in oops dumps 2015-12-04 19:20:48 +00:00
psci_smp.c ARM: use const and __initconst for smp_operations 2015-12-01 22:17:45 +01:00
ptrace.c Merge git://git.infradead.org/users/eparis/audit 2014-10-19 16:25:56 -07:00
reboot.c ARM: make virt_to_idmap() return unsigned long 2016-02-08 15:47:28 +00:00
reboot.h ARM: move reboot code to arch/arm/kernel/reboot.c 2015-04-02 09:50:45 +01:00
relocate_kernel.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
return_address.c ARM: 8328/1: remove empty preprocessor #else branch 2015-03-28 16:54:53 +00:00
setup.c Merge branch 'devel-stable' into for-linus 2016-01-12 13:41:03 +00:00
signal.c Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2015-09-19 21:05:02 -07:00
sigreturn_codes.S ARM: 7895/1: signal: fix armv7-m build issue in sigreturn_codes.S 2013-11-30 22:21:00 +00:00
sleep.S ARM: fix new BSYM() usage introduced via for-arm-soc branch 2015-06-12 21:19:35 +01:00
smccc-call.S ARM: 8479/2: add implementation for arm-smccc 2016-01-04 16:24:34 +00:00
smp_scu.c ARM: 8122/1: smp_scu: enable SCU standby support 2014-08-02 08:51:53 +01:00
smp_tlb.c ARM: 8111/1: Enable erratum 798181 for Broadcom Brahma-B15 2014-07-24 14:40:26 +01:00
smp_twd.c ARM: clean up TWD after previous patch 2015-10-09 16:22:53 +01:00
smp.c ARM: 8488/1: Make IPI_CPU_BACKTRACE a "non-secure" SGI 2015-12-22 12:09:44 +00:00
stacktrace.c ARM: 8172/1: Use current_stack_pointer in save_stack_trace_tsk 2014-11-13 23:58:03 +00:00
suspend.c ARM: 8248/1: pm: remove outdated comment 2015-01-21 15:58:57 +00:00
swp_emulate.c ARM: 8475/1: SWP emulation: Restore original *data when failed 2015-12-15 11:51:42 +00:00
sys_arm.c arm: switch to generic fork/vfork/clone 2012-11-28 22:13:54 -05:00
sys_oabi-compat.c [PATCH] arm: fix handling of F_OFD_... in oabi_fcntl64() 2015-12-29 13:04:21 -05:00
tcm.c ARM: 8388/1: tcm: Don't crash when TCM banks are protected by TrustZone 2015-06-06 10:37:28 +01:00
thumbee.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
time.c clocksource: cosmetic: Drop OF 'dependency' from symbols 2015-10-01 02:18:39 +02:00
topology.c ARM: 8497/1: initialize cpu_scale to its default 2016-01-26 23:49:02 +00:00
traps.c ARM: remove user cmpxchg syscall 2015-10-03 16:36:45 +01:00
unwind.c ARM: 8176/1: Use current_stack_pointer in unwind_backtrace 2014-11-13 23:58:09 +00:00
v7m.c ARM: 7828/1: ARMv7-M: implement restart routine common to all v7-M machines 2013-09-02 13:49:29 +01:00
vdso.c ARM: 8476/1: VDSO: use PTR_ERR_OR_ZERO for vma check 2015-12-17 10:29:01 +00:00
vmlinux.lds.S ARM: 8501/1: mm: flip priority of CONFIG_DEBUG_RODATA 2016-02-08 15:56:45 +00:00
xscale-cp0.c ARM: make xscale iwmmxt code multiplatform aware 2015-12-01 21:44:24 +01:00