On 30/07/17 07:16, Jan Beulich wrote: >>>> David Woodhouse <dw...@infradead.org> 07/20/17 5:22 PM >>> >> This includes stuff lke the hypercall tables which we really want >> to be read-only. And they were going into .data.read-mostly. > Yes, we'd like them to be read-only, but what if EFI properly assigned r/o > permissions to the .rodata section when loading xen.efi? We'd then be > unable to apply relocations when switching from 1:1 to virtual mappings > (see efi_arch_relocate_image()).
Ah yes. I'd overlooked that point when considering the ramifications of this change. efi_arch_relocate_image() should probably do the same as what we do with livepatching, and temporarily clear CR0.WP for the duration of the patching. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
