From: Laura Abbott <labbott@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: Laura Abbott <labbott@redhat.com>,
Jason Wessel <jason.wessel@windriver.com>,
Jonathan Corbet <corbet@lwn.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
Helge Deller <deller@gmx.de>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Rob Herring <robh@kernel.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
Mark Rutland <mark.rutland@arm.com>, Jessica Yu <jeyu@redhat.com>,
linux-doc@vger.kernel.org, linux-ker
Subject: [PATCHv2 0/2] Hardening configs refactor/rename
Date: Fri, 3 Feb 2017 09:52:20 -0800 [thread overview]
Message-ID: <1486144343-24998-1-git-send-email-labbott@redhat.com> (raw)
Hi,
This is a follow up to my proposal to rename/refactor CONFIG_DEBUG_RODATA
and CONFIG_DEBUG_SET_MODULE_RONX. Among other objections, there shouldn't
be 'debug' in the name since these provide necessary kernel protection.
v2 takes a slightly different approach to this per feedback. Patch #1 moves
CONFIG_DEBUG_RODATA and CONFIG_DEBUG_SET_MODULE_RONX to a common arch config.
These configs are def_bool y for every arch except !CPU_V7 for arm
CONFIG_DEBUG_RODATA. I think this also mitigates another concern about changing
the name since these are basically internal configs at this point and not end
user selectable. Patch #2 does the rename to something more descriptive.
Hopefully this should separate discussion more clearly into two parts (refactor
and rename)
Thanks,
Laura
Laura Abbott (2):
arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common
arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX
Documentation/DocBook/kgdb.tmpl | 8 ++++----
Documentation/security/self-protection.txt | 4 ++--
arch/Kconfig | 28 ++++++++++++++++++++++++++++
arch/arm/Kconfig | 3 +++
arch/arm/Kconfig.debug | 11 -----------
arch/arm/configs/aspeed_g4_defconfig | 3 +--
arch/arm/configs/aspeed_g5_defconfig | 3 +--
arch/arm/include/asm/cacheflush.h | 2 +-
arch/arm/kernel/patch.c | 4 ++--
arch/arm/kernel/vmlinux.lds.S | 8 ++++----
arch/arm/mm/Kconfig | 14 +-------------
arch/arm/mm/init.c | 4 ++--
arch/arm64/Kconfig | 5 ++---
arch/arm64/Kconfig.debug | 13 +------------
arch/arm64/kernel/insn.c | 2 +-
arch/parisc/Kconfig | 1 +
arch/parisc/Kconfig.debug | 11 -----------
arch/parisc/configs/712_defconfig | 1 -
arch/parisc/configs/c3000_defconfig | 1 -
arch/parisc/mm/init.c | 2 +-
arch/s390/Kconfig | 5 ++---
arch/s390/Kconfig.debug | 3 ---
arch/x86/Kconfig | 5 ++---
arch/x86/Kconfig.debug | 11 -----------
include/linux/filter.h | 4 ++--
include/linux/init.h | 4 ++--
include/linux/module.h | 2 +-
init/main.c | 4 ++--
kernel/configs/android-recommended.config | 2 +-
kernel/module.c | 6 +++---
kernel/power/hibernate.c | 2 +-
kernel/power/power.h | 4 ++--
kernel/power/snapshot.c | 4 ++--
33 files changed, 75 insertions(+), 109 deletions(-)
--
2.7.4
next reply other threads:[~2017-02-03 17:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-03 17:52 Laura Abbott [this message]
2017-02-03 17:52 ` [PATCHv2 1/2] arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common Laura Abbott
2017-02-03 18:16 ` Mark Rutland
2017-02-03 19:45 ` Kees Cook
2017-02-03 20:29 ` Russell King - ARM Linux
2017-02-03 21:08 ` Kees Cook
2017-02-03 22:28 ` Russell King - ARM Linux
2017-02-03 23:07 ` Kees Cook
2017-02-06 18:47 ` Laura Abbott
2017-02-07 7:36 ` Pavel Machek
2017-02-03 17:52 ` [PATCHv2 2/2] arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX Laura Abbott
2017-02-03 18:26 ` Mark Rutland
2017-02-03 20:03 ` Kees Cook
2017-02-06 18:49 ` Laura Abbott
2017-02-06 20:13 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1486144343-24998-1-git-send-email-labbott@redhat.com \
--to=labbott@redhat.com \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=deller@gmx.de \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=jason.wessel@windriver.com \
--cc=jejb@parisc-linux.org \
--cc=jeyu@redhat.com \
--cc=keescook@chromium.org \
--cc=len.brown@intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=pavel@ucw.cz \
--cc=rjw@rjwysocki.net \
--cc=robh@kernel.org \
--cc=schwidefsky@de.ibm.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).