mirror of
				https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git
				synced 2025-10-26 17:04:24 +10:00 
			
		
		
		
	Page mappings with full RWX permissions are a security risk. x86
has an option to walk the page tables and dump any bad pages.
(See e1a58320a3 ("x86/mm: Warn on W^X mappings")). Add a similar
implementation for arm64.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Laura Abbott <labbott@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
[catalin.marinas@arm.com: folded fix for KASan out of bounds from Mark Rutland]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
		
	
			
		
			
				
	
	
		
			101 lines
		
	
	
		
			3.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			101 lines
		
	
	
		
			3.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| menu "Kernel hacking"
 | |
| 
 | |
| source "lib/Kconfig.debug"
 | |
| 
 | |
| config ARM64_PTDUMP_CORE
 | |
| 	def_bool n
 | |
| 
 | |
| config ARM64_PTDUMP_DEBUGFS
 | |
| 	bool "Export kernel pagetable layout to userspace via debugfs"
 | |
| 	depends on DEBUG_KERNEL
 | |
| 	select ARM64_PTDUMP_CORE
 | |
| 	select DEBUG_FS
 | |
|         help
 | |
| 	  Say Y here if you want to show the kernel pagetable layout in a
 | |
| 	  debugfs file. This information is only useful for kernel developers
 | |
| 	  who are working in architecture specific areas of the kernel.
 | |
| 	  It is probably not a good idea to enable this feature in a production
 | |
| 	  kernel.
 | |
| 
 | |
| 	  If in doubt, say N.
 | |
| 
 | |
| config PID_IN_CONTEXTIDR
 | |
| 	bool "Write the current PID to the CONTEXTIDR register"
 | |
| 	help
 | |
| 	  Enabling this option causes the kernel to write the current PID to
 | |
| 	  the CONTEXTIDR register, at the expense of some additional
 | |
| 	  instructions during context switch. Say Y here only if you are
 | |
| 	  planning to use hardware trace tools with this kernel.
 | |
| 
 | |
| config ARM64_RANDOMIZE_TEXT_OFFSET
 | |
| 	bool "Randomize TEXT_OFFSET at build time"
 | |
| 	help
 | |
| 	  Say Y here if you want the image load offset (AKA TEXT_OFFSET)
 | |
| 	  of the kernel to be randomized at build-time. When selected,
 | |
| 	  this option will cause TEXT_OFFSET to be randomized upon any
 | |
| 	  build of the kernel, and the offset will be reflected in the
 | |
| 	  text_offset field of the resulting Image. This can be used to
 | |
| 	  fuzz-test bootloaders which respect text_offset.
 | |
| 
 | |
| 	  This option is intended for bootloader and/or kernel testing
 | |
| 	  only. Bootloaders must make no assumptions regarding the value
 | |
| 	  of TEXT_OFFSET and platforms must not require a specific
 | |
| 	  value.
 | |
| 
 | |
| config DEBUG_WX
 | |
| 	bool "Warn on W+X mappings at boot"
 | |
| 	select ARM64_PTDUMP_CORE
 | |
| 	---help---
 | |
| 	  Generate a warning if any W+X mappings are found at boot.
 | |
| 
 | |
| 	  This is useful for discovering cases where the kernel is leaving
 | |
| 	  W+X mappings after applying NX, as such mappings are a security risk.
 | |
| 	  This check also includes UXN, which should be set on all kernel
 | |
| 	  mappings.
 | |
| 
 | |
| 	  Look for a message in dmesg output like this:
 | |
| 
 | |
| 	    arm64/mm: Checked W+X mappings: passed, no W+X pages found.
 | |
| 
 | |
| 	  or like this, if the check failed:
 | |
| 
 | |
| 	    arm64/mm: Checked W+X mappings: FAILED, <N> W+X pages found.
 | |
| 
 | |
| 	  Note that even if the check fails, your kernel is possibly
 | |
| 	  still fine, as W+X mappings are not a security hole in
 | |
| 	  themselves, what they do is that they make the exploitation
 | |
| 	  of other unfixed kernel bugs easier.
 | |
| 
 | |
| 	  There is no runtime or memory usage effect of this option
 | |
| 	  once the kernel has booted up - it's a one time check.
 | |
| 
 | |
| 	  If in doubt, say "Y".
 | |
| 
 | |
| config DEBUG_SET_MODULE_RONX
 | |
| 	bool "Set loadable kernel module data as NX and text as RO"
 | |
| 	depends on MODULES
 | |
| 	default y
 | |
| 	help
 | |
| 	  Is this is set, kernel module text and rodata will be made read-only.
 | |
| 	  This is to help catch accidental or malicious attempts to change the
 | |
| 	  kernel's executable code.
 | |
| 
 | |
| 	  If in doubt, say Y.
 | |
| 
 | |
| config DEBUG_ALIGN_RODATA
 | |
| 	depends on DEBUG_RODATA
 | |
| 	bool "Align linker sections up to SECTION_SIZE"
 | |
| 	help
 | |
| 	  If this option is enabled, sections that may potentially be marked as
 | |
| 	  read only or non-executable will be aligned up to the section size of
 | |
| 	  the kernel. This prevents sections from being split into pages and
 | |
| 	  avoids a potential TLB penalty. The downside is an increase in
 | |
| 	  alignment and potentially wasted space. Turn on this option if
 | |
| 	  performance is more important than memory pressure.
 | |
| 
 | |
| 	  If in doubt, say N.
 | |
| 
 | |
| source "drivers/hwtracing/coresight/Kconfig"
 | |
| 
 | |
| endmenu
 |