File tree Expand file tree Collapse file tree 2 files changed +1
-27
lines changed Expand file tree Collapse file tree 2 files changed +1
-27
lines changed Original file line number Diff line number Diff line change @@ -81,6 +81,7 @@ config X86
81
81
select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
82
82
select ARCH_HAS_SYSCALL_WRAPPER
83
83
select ARCH_HAS_UBSAN_SANITIZE_ALL
84
+ select ARCH_HAS_DEBUG_WX
84
85
select ARCH_HAVE_NMI_SAFE_CMPXCHG
85
86
select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
86
87
select ARCH_MIGHT_HAVE_PC_PARPORT
Original file line number Diff line number Diff line change @@ -72,33 +72,6 @@ config EFI_PGT_DUMP
72
72
issues with the mapping of the EFI runtime regions into that
73
73
table.
74
74
75
- config DEBUG_WX
76
- bool "Warn on W+X mappings at boot"
77
- select PTDUMP_CORE
78
- ---help---
79
- Generate a warning if any W+X mappings are found at boot.
80
-
81
- This is useful for discovering cases where the kernel is leaving
82
- W+X mappings after applying NX, as such mappings are a security risk.
83
-
84
- Look for a message in dmesg output like this:
85
-
86
- x86/mm: Checked W+X mappings: passed, no W+X pages found.
87
-
88
- or like this, if the check failed:
89
-
90
- x86/mm: Checked W+X mappings: FAILED, <N> W+X pages found.
91
-
92
- Note that even if the check fails, your kernel is possibly
93
- still fine, as W+X mappings are not a security hole in
94
- themselves, what they do is that they make the exploitation
95
- of other unfixed kernel bugs easier.
96
-
97
- There is no runtime or memory usage effect of this option
98
- once the kernel has booted up - it's a one time check.
99
-
100
- If in doubt, say "Y".
101
-
102
75
config DEBUG_TLBFLUSH
103
76
bool "Set upper limit of TLB entries to flush one-by-one"
104
77
depends on DEBUG_KERNEL
You can’t perform that action at this time.
0 commit comments