| Catalin Marinas | 8c2c3df | 2012-04-20 14:45:54 +0100 | [diff] [blame] | 1 | menu "Kernel hacking" |
| 2 | |
| 3 | source "lib/Kconfig.debug" |
| 4 | |
| Laura Abbott | 4ddb9bf | 2016-10-27 09:27:31 -0700 | [diff] [blame] | 5 | config ARM64_PTDUMP_CORE |
| 6 | def_bool n |
| 7 | |
| 8 | config ARM64_PTDUMP_DEBUGFS |
| Laura Abbott | c9465b4 | 2014-11-26 00:28:39 +0000 | [diff] [blame] | 9 | bool "Export kernel pagetable layout to userspace via debugfs" |
| 10 | depends on DEBUG_KERNEL |
| Laura Abbott | 4ddb9bf | 2016-10-27 09:27:31 -0700 | [diff] [blame] | 11 | select ARM64_PTDUMP_CORE |
| Laura Abbott | c9465b4 | 2014-11-26 00:28:39 +0000 | [diff] [blame] | 12 | select DEBUG_FS |
| 13 | help |
| 14 | Say Y here if you want to show the kernel pagetable layout in a |
| 15 | debugfs file. This information is only useful for kernel developers |
| 16 | who are working in architecture specific areas of the kernel. |
| 17 | It is probably not a good idea to enable this feature in a production |
| 18 | kernel. |
| Mark Rutland | 604c8e6 | 2016-05-13 12:20:36 +0100 | [diff] [blame] | 19 | |
| 20 | If in doubt, say N. |
| Laura Abbott | c9465b4 | 2014-11-26 00:28:39 +0000 | [diff] [blame] | 21 | |
| Will Deacon | ec45d1c | 2013-01-17 12:31:45 +0000 | [diff] [blame] | 22 | config PID_IN_CONTEXTIDR |
| 23 | bool "Write the current PID to the CONTEXTIDR register" |
| 24 | help |
| 25 | Enabling this option causes the kernel to write the current PID to |
| 26 | the CONTEXTIDR register, at the expense of some additional |
| 27 | instructions during context switch. Say Y here only if you are |
| 28 | planning to use hardware trace tools with this kernel. |
| 29 | |
| Mark Rutland | da57a36 | 2014-06-24 16:51:37 +0100 | [diff] [blame] | 30 | config ARM64_RANDOMIZE_TEXT_OFFSET |
| 31 | bool "Randomize TEXT_OFFSET at build time" |
| 32 | help |
| 33 | Say Y here if you want the image load offset (AKA TEXT_OFFSET) |
| 34 | of the kernel to be randomized at build-time. When selected, |
| 35 | this option will cause TEXT_OFFSET to be randomized upon any |
| 36 | build of the kernel, and the offset will be reflected in the |
| 37 | text_offset field of the resulting Image. This can be used to |
| 38 | fuzz-test bootloaders which respect text_offset. |
| 39 | |
| 40 | This option is intended for bootloader and/or kernel testing |
| 41 | only. Bootloaders must make no assumptions regarding the value |
| 42 | of TEXT_OFFSET and platforms must not require a specific |
| 43 | value. |
| 44 | |
| Laura Abbott | 1404d6f | 2016-10-27 09:27:34 -0700 | [diff] [blame] | 45 | config DEBUG_WX |
| 46 | bool "Warn on W+X mappings at boot" |
| 47 | select ARM64_PTDUMP_CORE |
| 48 | ---help--- |
| 49 | Generate a warning if any W+X mappings are found at boot. |
| 50 | |
| 51 | This is useful for discovering cases where the kernel is leaving |
| 52 | W+X mappings after applying NX, as such mappings are a security risk. |
| 53 | This check also includes UXN, which should be set on all kernel |
| 54 | mappings. |
| 55 | |
| 56 | Look for a message in dmesg output like this: |
| 57 | |
| 58 | arm64/mm: Checked W+X mappings: passed, no W+X pages found. |
| 59 | |
| 60 | or like this, if the check failed: |
| 61 | |
| 62 | arm64/mm: Checked W+X mappings: FAILED, <N> W+X pages found. |
| 63 | |
| 64 | Note that even if the check fails, your kernel is possibly |
| 65 | still fine, as W+X mappings are not a security hole in |
| 66 | themselves, what they do is that they make the exploitation |
| 67 | of other unfixed kernel bugs easier. |
| 68 | |
| 69 | There is no runtime or memory usage effect of this option |
| 70 | once the kernel has booted up - it's a one time check. |
| 71 | |
| 72 | If in doubt, say "Y". |
| 73 | |
| Laura Abbott | 11d91a7 | 2014-08-19 20:41:43 +0100 | [diff] [blame] | 74 | config DEBUG_SET_MODULE_RONX |
| Mark Rutland | 604c8e6 | 2016-05-13 12:20:36 +0100 | [diff] [blame] | 75 | bool "Set loadable kernel module data as NX and text as RO" |
| 76 | depends on MODULES |
| 77 | default y |
| 78 | help |
| 79 | Is this is set, kernel module text and rodata will be made read-only. |
| 80 | This is to help catch accidental or malicious attempts to change the |
| 81 | kernel's executable code. |
| 82 | |
| 83 | If in doubt, say Y. |
| Laura Abbott | 11d91a7 | 2014-08-19 20:41:43 +0100 | [diff] [blame] | 84 | |
| Laura Abbott | da14170 | 2015-01-21 17:36:06 -0800 | [diff] [blame] | 85 | config DEBUG_ALIGN_RODATA |
| Ard Biesheuvel | 9774005 | 2016-03-30 17:43:09 +0200 | [diff] [blame] | 86 | depends on DEBUG_RODATA |
| Laura Abbott | da14170 | 2015-01-21 17:36:06 -0800 | [diff] [blame] | 87 | bool "Align linker sections up to SECTION_SIZE" |
| 88 | help |
| 89 | If this option is enabled, sections that may potentially be marked as |
| 90 | read only or non-executable will be aligned up to the section size of |
| 91 | the kernel. This prevents sections from being split into pages and |
| 92 | avoids a potential TLB penalty. The downside is an increase in |
| 93 | alignment and potentially wasted space. Turn on this option if |
| 94 | performance is more important than memory pressure. |
| 95 | |
| Mark Rutland | 604c8e6 | 2016-05-13 12:20:36 +0100 | [diff] [blame] | 96 | If in doubt, say N. |
| Laura Abbott | da14170 | 2015-01-21 17:36:06 -0800 | [diff] [blame] | 97 | |
| Mathieu Poirier | 01081f5 | 2015-03-30 14:13:41 -0600 | [diff] [blame] | 98 | source "drivers/hwtracing/coresight/Kconfig" |
| Mathieu Poirier | 3288731 | 2015-03-30 14:13:36 -0600 | [diff] [blame] | 99 | |
| Catalin Marinas | 8c2c3df | 2012-04-20 14:45:54 +0100 | [diff] [blame] | 100 | endmenu |