File tree Expand file tree Collapse file tree 2 files changed +1
-27
lines changed Expand file tree Collapse file tree 2 files changed +1
-27
lines changed Original file line number Diff line number Diff line change @@ -81,6 +81,7 @@ config X86
8181 select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
8282 select ARCH_HAS_SYSCALL_WRAPPER
8383 select ARCH_HAS_UBSAN_SANITIZE_ALL
84+ select ARCH_HAS_DEBUG_WX
8485 select ARCH_HAVE_NMI_SAFE_CMPXCHG
8586 select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
8687 select ARCH_MIGHT_HAVE_PC_PARPORT
Original file line number Diff line number Diff line change @@ -72,33 +72,6 @@ config EFI_PGT_DUMP
7272 issues with the mapping of the EFI runtime regions into that
7373 table.
7474
75- config DEBUG_WX
76- bool "Warn on W+X mappings at boot"
77- select PTDUMP_CORE
78- ---help---
79- Generate a warning if any W+X mappings are found at boot.
80-
81- This is useful for discovering cases where the kernel is leaving
82- W+X mappings after applying NX, as such mappings are a security risk.
83-
84- Look for a message in dmesg output like this:
85-
86- x86/mm: Checked W+X mappings: passed, no W+X pages found.
87-
88- or like this, if the check failed:
89-
90- x86/mm: Checked W+X mappings: FAILED, <N> W+X pages found.
91-
92- Note that even if the check fails, your kernel is possibly
93- still fine, as W+X mappings are not a security hole in
94- themselves, what they do is that they make the exploitation
95- of other unfixed kernel bugs easier.
96-
97- There is no runtime or memory usage effect of this option
98- once the kernel has booted up - it's a one time check.
99-
100- If in doubt, say "Y".
101-
10275config DEBUG_TLBFLUSH
10376 bool "Set upper limit of TLB entries to flush one-by-one"
10477 depends on DEBUG_KERNEL
You can’t perform that action at this time.
0 commit comments