git.baikalelectronics.ru Git - kernel.git/commit

author	Ard Biesheuvel <ard.biesheuvel@linaro.org>
	Thu, 3 Mar 2016 14:10:59 +0000 (15:10 +0100)
committer	Catalin Marinas <catalin.marinas@arm.com>
	Thu, 3 Mar 2016 18:14:17 +0000 (18:14 +0000)
commit	64015c0714b3c0089f1dcccb2fa56890605aa923
tree	f9337179cce2b0d9b37bb06eb698f67b6f4bec3a	tree \| snapshot
parent	d85db3413ca87ae4181554e25d4430403dc6d4bf	commit \| diff

arm64: enable CONFIG_DEBUG_RODATA by default

In spite of its name, CONFIG_DEBUG_RODATA is an important hardening feature
for production kernels, and distros all enable it by default in their
kernel configs. However, since enabling it used to result in more granular,
and thus less efficient kernel mappings, it is not enabled by default for
performance reasons.

However, since commit f0610814f4f3 ("arm64: mm: Mark .rodata as RO"), the
various kernel segments (.text, .rodata, .init and .data) are already
mapped individually, and the only effect of setting CONFIG_DEBUG_RODATA is
that the existing .text and .rodata mappings are updated late in the boot
sequence to have their read-only attributes set, which means that any
performance concerns related to enabling CONFIG_DEBUG_RODATA are no longer
valid.

So from now on, make CONFIG_DEBUG_RODATA default to 'y'

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>