On Sun, 2017-07-30 at 13:50 +0100, Andrew Cooper wrote: > On 30/07/17 07:16, Jan Beulich wrote: > > > > > > > > > > > > > > > > > > > David Woodhouse <dw...@infradead.org> 07/20/17 5:22 PM >>> > > > This includes stuff lke the hypercall tables which we really want > > > to be read-only. And they were going into .data.read-mostly. > > Yes, we'd like them to be read-only, but what if EFI properly assigned r/o > > permissions to the .rodata section when loading xen.efi? We'd then be > > unable to apply relocations when switching from 1:1 to virtual mappings > > (see efi_arch_relocate_image()). > Ah yes. I'd overlooked that point when considering the ramifications of > this change. > > efi_arch_relocate_image() should probably do the same as what we do with > livepatching, and temporarily clear CR0.WP for the duration of the patching.
Hm, efi/mkreloc.c was already emitting relocations in the .rodata section before this change. Are you saying that was already broken?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
