kernel_ConfigVerify: expect SET_MODULE_RONX on ARM
CONFIG_SET_MODULE_RONX is available on ARM for 3.8 now. Update the
expected configuration logic.
BUG=chromium:342951,chromium:341583
TEST=daisy_spring passes
CQ-DEPEND=Ia6a675fa8ffdbceaef5ebe9eb8c706b4dc9cd7d2
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/185967
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Aviv Keshet <akeshet@chromium.org>
Change-Id: I2a1d2ac0eab486d8ca305ce98696ef57742f88af
(cherry picked from commit 17dfff506c7d7cda134f7c7ba4af88dab451c7c1)
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/188372
Reviewed-by: Will Drewry <wad@chromium.org>
diff --git a/client/site_tests/kernel_ConfigVerify/kernel_ConfigVerify.py b/client/site_tests/kernel_ConfigVerify/kernel_ConfigVerify.py
index 1a8c335..d5e6d9c 100644
--- a/client/site_tests/kernel_ConfigVerify/kernel_ConfigVerify.py
+++ b/client/site_tests/kernel_ConfigVerify/kernel_ConfigVerify.py
@@ -266,6 +266,9 @@
# Locate and load the list of kernel config variables.
self._config = self._load_configs()
+ # Adjust for kernel-version-specific changes
+ kernel_ver = os.uname()[2]
+
# Run the static checks.
map(self.has_builtin, self.IS_BUILTIN)
map(self.has_module, self.IS_MODULE)
@@ -294,11 +297,18 @@
# Security; marks data segments as RO/NX.
if self._arch.startswith('arm'):
- # TODO(kees): ARM kernel needs the module RO/NX logic added.
+ # On ARM RODATA is not a config option, it is hardcoded.
self.is_missing('DEBUG_RODATA')
- self.is_missing('DEBUG_SET_MODULE_RONX')
else:
self.has_builtin('DEBUG_RODATA')
+ # DEBUG_SET_MODULE_RONX exists on all x86 and on ARM in 3.4.
+ if self._arch.startswith('arm'):
+ if utils.compare_versions(kernel_ver, "3.4") >= 0 and \
+ utils.compare_versions(kernel_ver, "3.8") < 0:
+ self.has_builtin('DEBUG_SET_MODULE_RONX')
+ else:
+ self.is_missing('DEBUG_SET_MODULE_RONX')
+ else:
self.has_builtin('DEBUG_SET_MODULE_RONX')
# Kernel: make sure port 0xED is the one used for I/O delay