Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp648328ybl;
        Fri, 31 Jan 2020 05:36:17 -0800 (PST)
X-Google-Smtp-Source: APXvYqxA65HEbQ/iVc3nzUJG2CO0Wt0cVKxgcc0Jo+kT5+CxV5x0vvMhfMyvc12J4dQDdS8p31Ws
X-Received: by 2002:aca:c08b:: with SMTP id q133mr6126873oif.46.1580477777460;
        Fri, 31 Jan 2020 05:36:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1580477777; cv=none;
        d=google.com; s=arc-20160816;
        b=KZrlv+/0IrjyORZgYeHiFo2U1UmlBag47zs5jhmzuH7fsnMK86peGf3sScB7SFcPYq
         gWyPaWgYRQq+/y/Db4RcjAXPxsIE02jNOqQsGmQDElI8cabzLCeJYj7x+TumlkLiATCQ
         fTXwkKpwdWTD3QT9xy0j17bbFLWQR6jNjcq02rlW+JKbPy6kG7B2vH3BzKvyXBX/1UyE
         nP9/gY8SvN1+EamIGX39Ayeg2mJhpXkx7wXpggqZm3HYfaP/1NiXMlKVbE/tb+qegfnB
         fj5o4RjeTqZTCu8FS/VSh+GpT6PcXvQRoz41wrUntCgmOQCXDM+gw6iBzKHc87yXK1ZQ
         w4Yw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:cc:to:subject:from:references
         :in-reply-to:message-id:dkim-signature;
        bh=0l2wRiL4sdEUEZL2xTCj/x/2ramxgdDth5ZF4fBx1mE=;
        b=f87ljBnDrxclkqsJTxAES7fEkiHTNVuRzy0JWGCbbsEqErL/L0akC55RW4dvE+8p52
         qE5owa0pQhURhOLkp2etIEwEePT4gv/njvJ6ZedyjCTKfdmBVvuJA1fsiJloxFOlyTmg
         jEjXXE2V1+SskvKl/7mDVxF6VX8z45ejUyKXh3akQDRm0EFAnVRuMoGIp50gilV8vqTL
         esjdfMJK5v6mssOZGV0fuAkjOXbc5IFVtwcwm5U2C7uaaTes+md3C1Xhyn9vuN4bH4h/
         x4OYvF6RtpLct3OpvKEWXLAVQavOPuiPuAvtQ+ZtVIUafXWUmCKTjxg/SoXDRDHoClp/
         7WDA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b=OK2wK8zd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r21si4823680ota.204.2020.01.31.05.36.05;
        Fri, 31 Jan 2020 05:36:17 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b=OK2wK8zd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728768AbgAaNey (ORCPT <rfc822;chenc2371@gmail.com> + 99 others);
        Fri, 31 Jan 2020 08:34:54 -0500
Received: from pegase1.c-s.fr ([93.17.236.30]:37896 "EHLO pegase1.c-s.fr"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728743AbgAaNex (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 31 Jan 2020 08:34:53 -0500
Received: from localhost (mailhub1-int [192.168.12.234])
        by localhost (Postfix) with ESMTP id 488J9l2j6gz9vCRn;
        Fri, 31 Jan 2020 14:34:51 +0100 (CET)
Authentication-Results: localhost; dkim=pass
        reason="1024-bit key; insecure key"
        header.d=c-s.fr header.i=@c-s.fr header.b=OK2wK8zd; dkim-adsp=pass;
        dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at c-s.fr
Received: from pegase1.c-s.fr ([192.168.12.234])
        by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024)
        with ESMTP id HEn9-rbKM-hj; Fri, 31 Jan 2020 14:34:51 +0100 (CET)
Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192])
        by pegase1.c-s.fr (Postfix) with ESMTP id 488J9l1MrZz9vCRQ;
        Fri, 31 Jan 2020 14:34:51 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail;
        t=1580477691; bh=0l2wRiL4sdEUEZL2xTCj/x/2ramxgdDth5ZF4fBx1mE=;
        h=In-Reply-To:References:From:Subject:To:Cc:Date:From;
        b=OK2wK8zdtAH3scK/XHxGoU6yHDLhJXUmnsrcqf6PMiOxp0TwsAEE9rg+7jV80AL7R
         honUfTzh6cGaqoe+aY4Gap+6cbaZmvg1qyglXQ2vKkZnl4lbNVbWI07bwL6Z0qLuSe
         dVkBBgxk3m9ZpKmNnM2sRzavanl79MvWnZh72XzM=
Received: from localhost (localhost [127.0.0.1])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 809A58B8AA;
        Fri, 31 Jan 2020 14:34:52 +0100 (CET)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
        by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
        with ESMTP id g-iwkmFCTPiP; Fri, 31 Jan 2020 14:34:52 +0100 (CET)
Received: from po14934vm.idsi0.si.c-s.fr (po15451.idsi0.si.c-s.fr [172.25.230.105])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 5F47C8B8A2;
        Fri, 31 Jan 2020 14:34:52 +0100 (CET)
Received: by po14934vm.idsi0.si.c-s.fr (Postfix, from userid 0)
        id 5830565288; Fri, 31 Jan 2020 13:34:52 +0000 (UTC)
Message-Id: <b581983daf222221412016858e1fc0de6265a69e.1580477672.git.christophe.leroy@c-s.fr>
In-Reply-To: <84be5ad6a996adf5693260749dcb4d8c69182073.1580477672.git.christophe.leroy@c-s.fr>
References: <84be5ad6a996adf5693260749dcb4d8c69182073.1580477672.git.christophe.leroy@c-s.fr>
From:   Christophe Leroy <christophe.leroy@c-s.fr>
Subject: [PATCH v2 4/7] powerpc: Set ARCH_HAS_STRICT_MODULE_RWX
To:     Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>,
        Michael Ellerman <mpe@ellerman.id.au>, ruscur@russell.cc
Cc:     linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Date:   Fri, 31 Jan 2020 13:34:52 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Russell Currey <ruscur@russell.cc>

To enable strict module RWX on powerpc, set:

    CONFIG_STRICT_MODULE_RWX=y

You should also have CONFIG_STRICT_KERNEL_RWX=y set to have any real
security benefit.

ARCH_HAS_STRICT_MODULE_RWX is set to require ARCH_HAS_STRICT_KERNEL_RWX.
This is due to a quirk in arch/Kconfig and arch/powerpc/Kconfig that
makes STRICT_MODULE_RWX *on by default* in configurations where
STRICT_KERNEL_RWX is *unavailable*.

Since this doesn't make much sense, and module RWX without kernel RWX
doesn't make much sense, having the same dependencies as kernel RWX
works around this problem.

Signed-off-by: Russell Currey <ruscur@russell.cc>
---
v2: no change
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
---
 arch/powerpc/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index ae6a27d07406..371e3bef5c32 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -131,6 +131,7 @@ config PPC
 	select ARCH_HAS_SCALED_CPUTIME		if VIRT_CPU_ACCOUNTING_NATIVE && PPC_BOOK3S_64
 	select ARCH_HAS_SET_MEMORY
 	select ARCH_HAS_STRICT_KERNEL_RWX	if ((PPC_BOOK3S_64 || PPC32) && !HIBERNATION)
+	select ARCH_HAS_STRICT_MODULE_RWX	if ARCH_HAS_STRICT_KERNEL_RWX
 	select ARCH_HAS_TICK_BROADCAST		if GENERIC_CLOCKEVENTS_BROADCAST
 	select ARCH_HAS_UACCESS_FLUSHCACHE
 	select ARCH_HAS_UACCESS_MCSAFE		if PPC64
-- 
2.25.0