On 12/08/2017 10:33 PM, Tobin C. Harding wrote:
[Adding Laura]
On Fri, Dec 08, 2017 at 06:18:45PM -0800, Joe Perches wrote:
On Sat, 2017-12-09 at 12:27 +1100, Tobin C. Harding wrote:
On Fri, Dec 08, 2017 at 01:22:37PM -0800, Joe Perches wrote:
Outside of the documentation, what could be
Both of these options are poorly named. The features they provide are
necessary for system security and should not be considered debug only.
Change the names to CONFIG_STRICT_KERNEL_RWX and
CONFIG_STRICT_MODULE_RWX to better describe what these options do.
Signed-off-by: Laura Abbott <l
Rutland's ack from before since
there's been a bit of refactoring.
Thanks,
Laura
Laura Abbott (2):
arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common
arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX
Documentation/DocBook/kgdb.tmpl| 8
-by: Laura Abbott <labb...@redhat.com>
---
v3: Make these configs selectable for arm. Include some documentation about
how the setup of the optional Kconfigs work as well. Stop spelling 'kenrel'
in prompt text.
---
Documentation/security/self-protection.txt | 6 ++
arch/K
On 02/03/2017 12:03 PM, Kees Cook wrote:
> On Fri, Feb 3, 2017 at 9:52 AM, Laura Abbott <labb...@redhat.com> wrote:
>>
>> Both of these options are poorly named. The features they provide are
>> necessary for system security and should not be considered debug only.
>
On 02/03/2017 01:08 PM, Kees Cook wrote:
> On Fri, Feb 3, 2017 at 12:29 PM, Russell King - ARM Linux
> <li...@armlinux.org.uk> wrote:
>> On Fri, Feb 03, 2017 at 11:45:56AM -0800, Kees Cook wrote:
>>> On Fri, Feb 3, 2017 at 9:52 AM, Laura Abbott <labb...@redhat.com&
and not end
user selectable. Patch #2 does the rename to something more descriptive.
Hopefully this should separate discussion more clearly into two parts (refactor
and rename)
Thanks,
Laura
Laura Abbott (2):
arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common
arch: Rename
Both of these options are poorly named. The features they provide are
necessary for system security and should not be considered debug only.
Change the name to something that accurately describes what these
options do.
Signed-off-by: Laura Abbott <labb...@redhat.com>
---
v2: This patch
-by: Laura Abbott <labb...@redhat.com>
---
v2: This patch is now doing just the refactor of the existing config options.
---
arch/Kconfig | 28
arch/arm/Kconfig | 3 +++
arch/arm/Kconfig.debug| 11 ---
arch/arm/mm/Kconfig
On 01/19/2017 12:43 PM, Robin Murphy wrote:
Hi Laura,
On 19/01/17 01:29, Laura Abbott wrote:
Despite the word 'debug' in CONFIG_DEBUG_SET_MODULE_RONX, this kernel
option provides key security features that are to be expected on a
modern system. Change the name
On 01/19/2017 12:33 PM, Heiko Carstens wrote:
On Thu, Jan 19, 2017 at 10:56:46AM +, Mark Rutland wrote:
+config HARDENED_PAGE_MAPPINGS
+ bool "Mark kernel mappings with stricter permissions (RO/W^X)"
+ default y
+ depends on ARCH_HAS_HARDENED_MAPPINGS
+ help
+
On 01/19/2017 11:56 AM, Mark Rutland wrote:
Hi Laura,
On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote:
Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option
provides key security features that are to be expected on a modern
system. Change the name
On 01/19/2017 08:53 AM, Pavel Machek wrote:
On Wed 2017-01-18 17:29:05, Laura Abbott wrote:
Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option
provides key security features that are to be expected on a modern
system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more
Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option
provides key security features that are to be expected on a modern
system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more
accurately describes what this option is intended to do.
Signed-off-by: Laura Abbott <l
Despite the word 'debug' in CONFIG_DEBUG_SET_MODULE_RONX, this kernel
option provides key security features that are to be expected on a
modern system. Change the name to CONFIG_HARDENED_MODULE_MAPPINGS which
more accurately describes what this option is intended to do.
Signed-off-by: Laura
?
Or maybe it's fine.
Quickly tested on arm/arm64/x86.
Thanks,
Laura
Laura Abbott (2):
security: Change name of CONFIG_DEBUG_RODATA
security: Change name of CONFIG_DEBUG_SET_MODULE_RONX
Documentation/DocBook/kgdb.tmpl| 8
Documentation/security/self-protection.txt | 4
Hi,
Some of the files in documentation are binary (pdfs/jpg/png etc.)
and do not play nicely with patches
$ curl -s https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/patch-4.9-rc1.xz | xzcat |
grep "Binary files"
Binary files a/Documentation/media/media_api_files/typical_media_device.pdf
* may generate a warning on 32-bit systems about a cast
from an integer to a pointer of different size. There is a macro to
deal with this which hides an ugly double cast. Add a reference to
this macro.
Signed-off-by: Laura Abbott <labb...@redhat.com>
---
I can split these into two se
KASAN has been supported on arm64 since 39d114ddc682 ("arm64: add KASAN
support"). Update the docs to indicate this.
Signed-off-by: Laura Abbott <labb...@redhat.com>
---
Documentation/kasan.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documenta
19 matches
Mail list logo
