mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-25 13:43:55 +08:00
11d91a770f
In a similar fashion to other architecture, add the infrastructure and Kconfig to enable DEBUG_SET_MODULE_RONX support. When enabled, module ranges will be marked read-only/no-execute as appropriate. Signed-off-by: Laura Abbott <lauraa@codeaurora.org> [will: fixed off-by-one in module end check] Signed-off-by: Will Deacon <will.deacon@arm.com>
58 lines
2.0 KiB
Plaintext
58 lines
2.0 KiB
Plaintext
menu "Kernel hacking"
|
|
|
|
source "lib/Kconfig.debug"
|
|
|
|
config FRAME_POINTER
|
|
bool
|
|
default y
|
|
|
|
config STRICT_DEVMEM
|
|
bool "Filter access to /dev/mem"
|
|
depends on MMU
|
|
help
|
|
If this option is disabled, you allow userspace (root) access to all
|
|
of memory, including kernel and userspace memory. Accidental
|
|
access to this is obviously disastrous, but specific access can
|
|
be used by people debugging the kernel.
|
|
|
|
If this option is switched on, the /dev/mem file only allows
|
|
userspace access to memory mapped peripherals.
|
|
|
|
If in doubt, say Y.
|
|
|
|
config PID_IN_CONTEXTIDR
|
|
bool "Write the current PID to the CONTEXTIDR register"
|
|
help
|
|
Enabling this option causes the kernel to write the current PID to
|
|
the CONTEXTIDR register, at the expense of some additional
|
|
instructions during context switch. Say Y here only if you are
|
|
planning to use hardware trace tools with this kernel.
|
|
|
|
config ARM64_RANDOMIZE_TEXT_OFFSET
|
|
bool "Randomize TEXT_OFFSET at build time"
|
|
help
|
|
Say Y here if you want the image load offset (AKA TEXT_OFFSET)
|
|
of the kernel to be randomized at build-time. When selected,
|
|
this option will cause TEXT_OFFSET to be randomized upon any
|
|
build of the kernel, and the offset will be reflected in the
|
|
text_offset field of the resulting Image. This can be used to
|
|
fuzz-test bootloaders which respect text_offset.
|
|
|
|
This option is intended for bootloader and/or kernel testing
|
|
only. Bootloaders must make no assumptions regarding the value
|
|
of TEXT_OFFSET and platforms must not require a specific
|
|
value.
|
|
|
|
config DEBUG_SET_MODULE_RONX
|
|
bool "Set loadable kernel module data as NX and text as RO"
|
|
depends on MODULES
|
|
help
|
|
This option helps catch unintended modifications to loadable
|
|
kernel module's text and read-only data. It also prevents execution
|
|
of module data. Such protection may interfere with run-time code
|
|
patching and dynamic kernel tracing - and they might also protect
|
|
against certain classes of kernel exploits.
|
|
If in doubt, say "N".
|
|
|
|
endmenu
|