Re: [PATCHv3 2/2] arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX

2017-02-19 Thread Ingo Molnar
* Kees Cook wrote: > On Thu, Feb 16, 2017 at 2:25 PM, Pavel Machek wrote: > > Hi! > > > >> > >> -config DEBUG_RODATA > >> +config STRICT_KERNEL_RWX > >> bool "Make kernel text and rodata read-only" if > >> ARCH_OPTIONAL_KERNEL_RWX > >> depends on ARCH_HAS_STRICT_KERNEL_RWX > >>

Re: [PATCHv3 2/2] arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX

2017-02-17 Thread Mark Rutland
On Thu, Feb 16, 2017 at 05:08:20PM -0800, Kees Cook wrote: > On Thu, Feb 16, 2017 at 2:25 PM, Pavel Machek wrote: > > Hi! > > > >> > >> -config DEBUG_RODATA > >> +config STRICT_KERNEL_RWX > >> bool "Make kernel text and rodata read-only" if > >> ARCH_OPTIONAL_KERNEL_RWX > >> depends o

Re: [PATCHv3 2/2] arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX

2017-02-17 Thread Helge Deller
On 17.02.2017 02:08, Kees Cook wrote: > On Thu, Feb 16, 2017 at 2:25 PM, Pavel Machek wrote: >> Hi! >> >>> >>> -config DEBUG_RODATA >>> +config STRICT_KERNEL_RWX >>> bool "Make kernel text and rodata read-only" if >>> ARCH_OPTIONAL_KERNEL_RWX >>> depends on ARCH_HAS_STRICT_KERNEL_RWX

Re: [PATCHv3 2/2] arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX

2017-02-16 Thread Kees Cook
On Thu, Feb 16, 2017 at 2:25 PM, Pavel Machek wrote: > Hi! > >> >> -config DEBUG_RODATA >> +config STRICT_KERNEL_RWX >> bool "Make kernel text and rodata read-only" if >> ARCH_OPTIONAL_KERNEL_RWX >> depends on ARCH_HAS_STRICT_KERNEL_RWX >> default !ARCH_OPTIONAL_KERNEL_RWX || >

Re: [PATCHv3 2/2] arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX

2017-02-16 Thread Pavel Machek
Hi! > > -config DEBUG_RODATA > +config STRICT_KERNEL_RWX > bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX > depends on ARCH_HAS_STRICT_KERNEL_RWX > default !ARCH_OPTIONAL_KERNEL_RWX || Debug features are expected to have runtime cost, so kconfig help

[PATCHv3 2/2] arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX

2017-02-06 Thread Laura Abbott
Both of these options are poorly named. The features they provide are necessary for system security and should not be considered debug only. Change the names to CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX to better describe what these options do. Signed-off-by: Laura Abbott --- v3: Mino