summaryrefslogtreecommitdiff
path: root/arch/arm64/Kconfig.debug
blob: a1efa246c9ed3a9416effa415335130ecedf9c2d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# SPDX-License-Identifier: GPL-2.0-only

config PID_IN_CONTEXTIDR
	bool "Write the current PID to the CONTEXTIDR register"
	help
	  Enabling this option causes the kernel to write the current PID to
	  the CONTEXTIDR register, at the expense of some additional
	  instructions during context switch. Say Y here only if you are
	  planning to use hardware trace tools with this kernel.

config ARM64_RANDOMIZE_TEXT_OFFSET
	bool "Randomize TEXT_OFFSET at build time"
	help
	  Say Y here if you want the image load offset (AKA TEXT_OFFSET)
	  of the kernel to be randomized at build-time. When selected,
	  this option will cause TEXT_OFFSET to be randomized upon any
	  build of the kernel, and the offset will be reflected in the
	  text_offset field of the resulting Image. This can be used to
	  fuzz-test bootloaders which respect text_offset.

	  This option is intended for bootloader and/or kernel testing
	  only. Bootloaders must make no assumptions regarding the value
	  of TEXT_OFFSET and platforms must not require a specific
	  value.

config DEBUG_WX
	bool "Warn on W+X mappings at boot"
	select PTDUMP_CORE
	---help---
	  Generate a warning if any W+X mappings are found at boot.

	  This is useful for discovering cases where the kernel is leaving
	  W+X mappings after applying NX, as such mappings are a security risk.
	  This check also includes UXN, which should be set on all kernel
	  mappings.

	  Look for a message in dmesg output like this:

	    arm64/mm: Checked W+X mappings: passed, no W+X pages found.

	  or like this, if the check failed:

	    arm64/mm: Checked W+X mappings: FAILED, <N> W+X pages found.

	  Note that even if the check fails, your kernel is possibly
	  still fine, as W+X mappings are not a security hole in
	  themselves, what they do is that they make the exploitation
	  of other unfixed kernel bugs easier.

	  There is no runtime or memory usage effect of this option
	  once the kernel has booted up - it's a one time check.

	  If in doubt, say "Y".

config DEBUG_EFI
	depends on EFI && DEBUG_INFO
	bool "UEFI debugging"
	help
	  Enable this option to include EFI specific debugging features into
	  the kernel that are only useful when using a debug build of the
	  UEFI firmware

config ARM64_RELOC_TEST
	depends on m
	tristate "Relocation testing module"

source "drivers/hwtracing/coresight/Kconfig"