| Message ID | 20210330045132.722243-9-jniethe5@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | powerpc: Further Strict RWX support | expand |
| Related | show |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/merge (87d76f542a24ecfa797e9bd3bb56c0f19aabff57) |
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/next (fbda7904302499dd7ffc073a3c84eb7c9275db0a) |
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch linus/master (0d02ec6b3136c73c09e7859f0d0e4e2c4c07b49b) |
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/fixes (cc7a0bb058b85ea03db87169c60c7cfdd5d34678) |
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch linux-next (1df27313f50a57497c1faeb6a6ae4ca939c85a7d) |
| snowpatch_ozlabs/apply_patch | fail | Failed to apply to any branch |
Le 30/03/2021 à 06:51, Jordan Niethe a écrit : > From: Russell Currey <ruscur@russell.cc> > > skiroot_defconfig is the only powerpc defconfig with STRICT_KERNEL_RWX > enabled, and if you want memory protection for kernel text you'd want it > for modules too, so enable STRICT_MODULE_RWX there. Maybe we could now selectt ARCH_OPTIONAL_KERNEL_RWX_DEFAULT in arch/powerpc/Kconfig. Then this change would not be necessary. Would be in line with https://github.com/linuxppc/issues/issues/223 > > Acked-by: Joel Stanley <joel@joel.id.au> > Signed-off-by: Russell Currey <ruscur@russell.cc> > Signed-off-by: Jordan Niethe <jniethe5@gmail.com> > --- > arch/powerpc/configs/skiroot_defconfig | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig > index b806a5d3a695..50fe06cb3a31 100644 > --- a/arch/powerpc/configs/skiroot_defconfig > +++ b/arch/powerpc/configs/skiroot_defconfig > @@ -50,6 +50,7 @@ CONFIG_CMDLINE="console=tty0 console=hvc0 ipr.fast_reboot=1 quiet" > # CONFIG_PPC_MEM_KEYS is not set > CONFIG_JUMP_LABEL=y > CONFIG_STRICT_KERNEL_RWX=y > +CONFIG_STRICT_MODULE_RWX=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_MODULE_SIG_FORCE=y >
On Tue, Mar 30, 2021 at 4:27 PM Christophe Leroy <christophe.leroy@csgroup.eu> wrote: > > > > Le 30/03/2021 à 06:51, Jordan Niethe a écrit : > > From: Russell Currey <ruscur@russell.cc> > > > > skiroot_defconfig is the only powerpc defconfig with STRICT_KERNEL_RWX > > enabled, and if you want memory protection for kernel text you'd want it > > for modules too, so enable STRICT_MODULE_RWX there. > > Maybe we could now selectt ARCH_OPTIONAL_KERNEL_RWX_DEFAULT in arch/powerpc/Kconfig. > > Then this change would not be necessary. > > Would be in line with https://github.com/linuxppc/issues/issues/223 Yes, I think that is the way to go. > > > > > > Acked-by: Joel Stanley <joel@joel.id.au> > > Signed-off-by: Russell Currey <ruscur@russell.cc> > > Signed-off-by: Jordan Niethe <jniethe5@gmail.com> > > --- > > arch/powerpc/configs/skiroot_defconfig | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig > > index b806a5d3a695..50fe06cb3a31 100644 > > --- a/arch/powerpc/configs/skiroot_defconfig > > +++ b/arch/powerpc/configs/skiroot_defconfig > > @@ -50,6 +50,7 @@ CONFIG_CMDLINE="console=tty0 console=hvc0 ipr.fast_reboot=1 quiet" > > # CONFIG_PPC_MEM_KEYS is not set > > CONFIG_JUMP_LABEL=y > > CONFIG_STRICT_KERNEL_RWX=y > > +CONFIG_STRICT_MODULE_RWX=y > > CONFIG_MODULES=y > > CONFIG_MODULE_UNLOAD=y > > CONFIG_MODULE_SIG_FORCE=y > >
diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig index b806a5d3a695..50fe06cb3a31 100644 --- a/arch/powerpc/configs/skiroot_defconfig +++ b/arch/powerpc/configs/skiroot_defconfig @@ -50,6 +50,7 @@ CONFIG_CMDLINE="console=tty0 console=hvc0 ipr.fast_reboot=1 quiet" # CONFIG_PPC_MEM_KEYS is not set CONFIG_JUMP_LABEL=y CONFIG_STRICT_KERNEL_RWX=y +CONFIG_STRICT_MODULE_RWX=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_SIG_FORCE=y