| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <18c8a563-b160-a1c9-16c8-603b9e7ee273@linaro.org>
Date: Fri, 21 Apr 2017 10:19:22 +0100
From: Daniel Thompson <daniel.thompson@...aro.org>
To: Li Qiang <liq3ea@...il.com>, Jonathan Corbet <corbet@....net>
Cc: jason.wessel@...driver.com, labbott@...hat.com,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
kgdb-bugreport@...ts.sourceforge.net, Li Qiang <liqiang6-s@....cn>
Subject: Re: [PATCH] Documentation: DocBook: kgdb: update
CONFIG_STRICT_KERNEL_RWX info
On 21/04/17 03:26, Li Qiang wrote:
>
> @Daniel
>
> 2017-04-20 23:28 GMT+08:00 Daniel Thompson <daniel.thompson@...aro.org
> <mailto:daniel.thompson@...aro.org>>:
>
> On 19/04/17 02:58, Li Qiang wrote:
>
> CONFIG_STRICT_KERNEL_RWX is no longer selectable on most
> architectures.
> Update this info to thedocumentation.
>
>
> "git grep STRICT_KERNEL_RWX" comes up with nothing.
>
>
> It was introduced in commit 0f5bf6d0afe4be6e1391908ff2d6dc9730e91550.
Oops. I did the grep on the wrong machine :-( and therefore on an older
kernel than I thought...
> It is selectable on any architecture? If not we should remove it
> entirely!
>
> The 'STRICT_KERNEL_RWX' is renamed from 'CONFIG_DEBUG_RODATA
> '. The original option is selectable.
>
> I'm not sure is this selectable on any architecture.
So... having found the right kernel, it looks to me like only arm,
arm64, parisc, s390 and x86 define ARCH_HAS_STRICT_KERNEL_RWX. Of these
five, only arm defines ARCH_OPTIONAL_KERNEL_RWX and makes it user
selectable.
>
> @Jonathan
>
> On Tue, 18 Apr 2017 18:58:45 -0700
> Li Qiang <liq3ea@...il.com <mailto:liq3ea@...il.com>> wrote:
>
> > CONFIG_STRICT_KERNEL_RWX is no longer selectable on most architectures.
> > Update this info to the documentation.
> >
> > Signed-off-by: Li Qiang <liqiang6-s@....cn <mailto:liqiang6-s@....cn>>
> > ---
> > Documentation/DocBook/kgdb.tmpl | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/Documentation/DocBook/kgdb.tmpl b/Documentation/DocBook/kgdb.tmpl
> > index 856ac20..ef0b67b 100644
> > --- a/Documentation/DocBook/kgdb.tmpl
> > +++ b/Documentation/DocBook/kgdb.tmpl
> > @@ -121,7 +121,9 @@
> > If kgdb supports it for the architecture you are using, you can
> > use hardware breakpoints if you desire to run with the
> > CONFIG_STRICT_KERNEL_RWX option turned on, else you need to turn off
> > - this option.
> > + this option. In most architectures, this option is not selectable.
> > + For this situation, it can be turned off by adding a runtime parameter
> > + 'rodata=off'.
>
> So this is an improvement, I guess, though the paragraph remains kind of
> confusing. Is there any chance we could actually just say which
> architectures can use hardware breakpoints, and which should boot with
> rodata=off?
>
>
> I think this is unnecessary as it is not common to change the
> default CONFIG_STRICT_KERNEL_RWX /add rodata=off.
> We here give this hint because CONFIG_STRICT_KERNEL_RWX is renamed
> from CONFIG_DEBUG_RODATA.
> And the latter is selectable, this can help the peoples who
> think CONFIG_STRICT_KERNEL_RWX is also selectable.
Having looked at the earlier part of the paragraph I think the info
about rodata actually needs to be introduced slightly earlier (and
rodata should be presented as the primary way to do it because 4 of the
5 architectures don't make STRICT_KERNEL_RWX optional).
Something like:
If the architecture that you are using supports making the text
section read-only (CONFIG_STRICT_KERNEL_RWX), you should consider
turning it off by adding 'rodata=off' to the kernel commandline or,
if your architecture makes CONFIG_STRICT_KERNEL_RWX optional, by
disabling this config option. Alternatively, if your architecture
supports hardware breakpoints, these can be used to provide limited
breakpoint support if you desire to run with a read-only text section.
Daniel.
Powered by blists - more mailing lists