Merge branch 'master' into next

Conflicts: security/smack/smack_lsm.c Verified and added fix by Stephen Rothwell <sfr@canb.auug.org.au> Ok'd by Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
author: James Morris <jmorris@namei.org> 2011-01-10 09:46:24 +1100
committer: James Morris <jmorris@namei.org> 2011-01-10 09:46:24 +1100
commit: d2e7ad19229f982fc1eb731827d82ceac90abfb3 (patch)
tree: 98a3741b4d4b27a48b3c7ea9babe331e539416a8 /arch/x86/Kconfig.debug
parent: d03a5d888fb688c832d470b749acc5ed38e0bc1d (diff)
parent: 0c21e3aaf6ae85bee804a325aa29c325209180fd (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index b59ee765414..45143bbcfe5 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -117,6 +117,17 @@ config DEBUG_RODATA_TEST
 	  feature as well as for the change_page_attr() infrastructure.
 	  If in doubt, say "N"
 
+config DEBUG_SET_MODULE_RONX
+	bool "Set loadable kernel module data as NX and text as RO"
+	depends on MODULES
+	---help---
+	  This option helps catch unintended modifications to loadable
+	  kernel module's text and read-only data. It also prevents execution
+	  of module data. Such protection may interfere with run-time code
+	  patching and dynamic kernel tracing - and they might also protect
+	  against certain classes of kernel exploits.
+	  If in doubt, say "N".
+
 config DEBUG_NX_TEST
 	tristate "Testcase for the NX non-executable stack feature"
 	depends on DEBUG_KERNEL && m
author	James Morris <jmorris@namei.org>	2011-01-10 09:46:24 +1100
committer	James Morris <jmorris@namei.org>	2011-01-10 09:46:24 +1100
commit	d2e7ad19229f982fc1eb731827d82ceac90abfb3 (patch)
tree	98a3741b4d4b27a48b3c7ea9babe331e539416a8 /arch/x86/Kconfig.debug
parent	d03a5d888fb688c832d470b749acc5ed38e0bc1d (diff)
parent	0c21e3aaf6ae85bee804a325aa29c325209180fd (diff)