[PATCH] ARM: ARM_KERNMEM_PERMS only works with MMU enabled
keescook at chromium.org
Tue Jan 13 06:41:18 PST 2015
On Tue, Jan 13, 2015 at 6:14 AM, Arnd Bergmann <arnd at arndb.de> wrote:
> The recently added ARM_KERNMEM_PERMS feature works by manipulating
> the kernel page tables, which obviously requires an MMU. Trying
> to enable this feature when the MMU is disabled results in a lot
> of compile errors in mm/init.c, so let's add a Kconfig dependency
> to avoid that case.
> Signed-off-by: Arnd Bergmann <arnd at arndb.de>
Yeah, good call.
Acked-by: Kees Cook <keescook at chromium.org>
> diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
> index eaaf196fe4e1..0051cd924fb1 100644
> --- a/arch/arm/mm/Kconfig
> +++ b/arch/arm/mm/Kconfig
> @@ -1010,6 +1010,7 @@ config ARCH_SUPPORTS_BIG_ENDIAN
> config ARM_KERNMEM_PERMS
> bool "Restrict kernel memory permissions"
> + depends on MMU
> If this is set, kernel memory other than kernel text (and rodata)
> will be made non-executable. The tradeoff is that each region is
Chrome OS Security
More information about the linux-arm-kernel