|
Message-Id: <1486144343-24998-1-git-send-email-labbott@redhat.com> Date: Fri, 3 Feb 2017 09:52:20 -0800 From: Laura Abbott <labbott@...hat.com> To: Kees Cook <keescook@...omium.org> Cc: Laura Abbott <labbott@...hat.com>, Jason Wessel <jason.wessel@...driver.com>, Jonathan Corbet <corbet@....net>, Russell King <linux@...linux.org.uk>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will.deacon@....com>, "James E.J. Bottomley" <jejb@...isc-linux.org>, Helge Deller <deller@....de>, Martin Schwidefsky <schwidefsky@...ibm.com>, Heiko Carstens <heiko.carstens@...ibm.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org, Rob Herring <robh@...nel.org>, "Rafael J. Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>, Mark Rutland <mark.rutland@....com>, Jessica Yu <jeyu@...hat.com>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-parisc@...r.kernel.org, linux-s390@...r.kernel.org, linux-pm@...r.kernel.org, kernel-hardening@...ts.openwall.com, Robin Murphy <robin.murphy@....com> Subject: [PATCHv2 0/2] Hardening configs refactor/rename Hi, This is a follow up to my proposal to rename/refactor CONFIG_DEBUG_RODATA and CONFIG_DEBUG_SET_MODULE_RONX. Among other objections, there shouldn't be 'debug' in the name since these provide necessary kernel protection. v2 takes a slightly different approach to this per feedback. Patch #1 moves CONFIG_DEBUG_RODATA and CONFIG_DEBUG_SET_MODULE_RONX to a common arch config. These configs are def_bool y for every arch except !CPU_V7 for arm CONFIG_DEBUG_RODATA. I think this also mitigates another concern about changing the name since these are basically internal configs at this point and not end user selectable. Patch #2 does the rename to something more descriptive. Hopefully this should separate discussion more clearly into two parts (refactor and rename) Thanks, Laura Laura Abbott (2): arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX Documentation/DocBook/kgdb.tmpl | 8 ++++---- Documentation/security/self-protection.txt | 4 ++-- arch/Kconfig | 28 ++++++++++++++++++++++++++++ arch/arm/Kconfig | 3 +++ arch/arm/Kconfig.debug | 11 ----------- arch/arm/configs/aspeed_g4_defconfig | 3 +-- arch/arm/configs/aspeed_g5_defconfig | 3 +-- arch/arm/include/asm/cacheflush.h | 2 +- arch/arm/kernel/patch.c | 4 ++-- arch/arm/kernel/vmlinux.lds.S | 8 ++++---- arch/arm/mm/Kconfig | 14 +------------- arch/arm/mm/init.c | 4 ++-- arch/arm64/Kconfig | 5 ++--- arch/arm64/Kconfig.debug | 13 +------------ arch/arm64/kernel/insn.c | 2 +- arch/parisc/Kconfig | 1 + arch/parisc/Kconfig.debug | 11 ----------- arch/parisc/configs/712_defconfig | 1 - arch/parisc/configs/c3000_defconfig | 1 - arch/parisc/mm/init.c | 2 +- arch/s390/Kconfig | 5 ++--- arch/s390/Kconfig.debug | 3 --- arch/x86/Kconfig | 5 ++--- arch/x86/Kconfig.debug | 11 ----------- include/linux/filter.h | 4 ++-- include/linux/init.h | 4 ++-- include/linux/module.h | 2 +- init/main.c | 4 ++-- kernel/configs/android-recommended.config | 2 +- kernel/module.c | 6 +++--- kernel/power/hibernate.c | 2 +- kernel/power/power.h | 4 ++-- kernel/power/snapshot.c | 4 ++-- 33 files changed, 75 insertions(+), 109 deletions(-) -- 2.7.4
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.