Re: [PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-30 Thread Ingo Molnar
* Russell King - ARM Linux wrote: > On Mon, Nov 30, 2015 at 01:52:10PM -0800, Kees Cook wrote: > > On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar wrote: > > > * Kees Cook wrote: > > >> +#ifdef CONFIG_DEBUG_RODATA > > > > > > Btw., could you please remove the Kconfig option altogether in an > >

Re: [PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-30 Thread Heiko Carstens
On Mon, Nov 30, 2015 at 01:52:10PM -0800, Kees Cook wrote: > On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar wrote: > > * Kees Cook wrote: > >> +#ifdef CONFIG_DEBUG_RODATA > > > > Btw., could you please remove the Kconfig option altogether in an > > additional patch > > and make read-only sections

Re: [PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-30 Thread Kees Cook
On Mon, Nov 30, 2015 at 2:24 PM, Russell King - ARM Linux wrote: > On Mon, Nov 30, 2015 at 01:52:10PM -0800, Kees Cook wrote: >> On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar wrote: >> > * Kees Cook wrote: >> >> +#ifdef CONFIG_DEBUG_RODATA >> > >> > Btw., could you please remove the Kconfig opti

Re: [PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-30 Thread Russell King - ARM Linux
On Mon, Nov 30, 2015 at 01:52:10PM -0800, Kees Cook wrote: > On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar wrote: > > * Kees Cook wrote: > >> +#ifdef CONFIG_DEBUG_RODATA > > > > Btw., could you please remove the Kconfig option altogether in an > > additional patch > > and make read-only sections

Re: [PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-30 Thread Kees Cook
On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar wrote: > * Kees Cook wrote: >> +#ifdef CONFIG_DEBUG_RODATA > > Btw., could you please remove the Kconfig option altogether in an additional > patch > and make read-only sections an always-on feature? It has been default-y for > years > and all distr

Re: [PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-25 Thread Ingo Molnar
* Kees Cook wrote: > It may be useful to debug writes to the readonly sections of memory, > so provide a cmdline "rodata=off" to allow for this. > > Suggested-by: H. Peter Anvin > Signed-off-by: Kees Cook > --- > Documentation/kernel-parameters.txt | 4 > init/main.c

Re: [kernel-hardening] [PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-25 Thread Greg KH
On Wed, Nov 25, 2015 at 03:31:23PM -0800, Kees Cook wrote: > It may be useful to debug writes to the readonly sections of memory, > so provide a cmdline "rodata=off" to allow for this. > > Suggested-by: H. Peter Anvin > Signed-off-by: Kees Cook > --- > Documentation/kernel-parameters.txt | 4 +

Re: [PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-25 Thread PaX Team
On 25 Nov 2015 at 15:31, Kees Cook wrote: > + rodata= [KNL] > + on Mark read-only kernel memory as read-only (default). > + off Leave read-only kernel memory writable for debugging. > + > +#ifdef CONFIG_DEBUG_RODATA > +bool disable_mark_readonly; __in

[PATCH v2 1/4] init: create cmdline param to disable readonly

2015-11-25 Thread Kees Cook
It may be useful to debug writes to the readonly sections of memory, so provide a cmdline "rodata=off" to allow for this. Suggested-by: H. Peter Anvin Signed-off-by: Kees Cook --- Documentation/kernel-parameters.txt | 4 init/main.c | 31 +++