BZ 19489
enable : CONFIG_DEBUG_SET_MODULE_RONX
disable : CONFIG_DEVMEM
set : CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
CONFIG_DEBUG_SET_MODULE_RONX=y
Enabling this will cause the kernel modules to also get NX/RO protection, not just the core kernel;
no perf impact (few hundred cycles on loading a module, but no runtime impact)
CONFIG_DEVMEM=n
Nothing SHOULD be using it in a non-legacy-linux environment.
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
64Kb is a better/safer default without negative impact to userspace in practice.
Change-Id: Ic5cc04f678688eb9c08c2fa68898eaf0385d5499
Reviewed-on: http://android.intel.com:8080/31582
Reviewed-by: Yang, Fei <fei.yang@intel.com>
Tested-by: Yang, Fei <fei.yang@intel.com>
Reviewed-by: Gross, Mark <mark.gross@intel.com>
Reviewed-by: Koskinen, Ilkka <ilkka.koskinen@intel.com>
Reviewed-by: Tardy, Pierre <pierre.tardy@intel.com>
Reviewed-by: buildbot <buildbot@intel.com>
Tested-by: buildbot <buildbot@intel.com>
CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
# CONFIG_KSM is not set
-CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
# CONFIG_MEMORY_FAILURE is not set
# CONFIG_TRANSPARENT_HUGEPAGE is not set
CONFIG_N_GSM=y
CONFIG_TRACE_ROUTER=y
CONFIG_TRACE_SINK=y
-CONFIG_DEVMEM=y
+# CONFIG_DEVMEM is not set
# CONFIG_DEVKMEM is not set
# CONFIG_STALDRV is not set
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_RODATA=y
# CONFIG_DEBUG_RODATA_TEST is not set
-# CONFIG_DEBUG_SET_MODULE_RONX is not set
+CONFIG_DEBUG_SET_MODULE_RONX=y
# CONFIG_DEBUG_NX_TEST is not set
CONFIG_DOUBLEFAULT=y
# CONFIG_IOMMU_STRESS is not set