On 01.04.2025 15:08, Roger Pau Monne wrote: > Hello, > > The following series aim to remove the presence of any write and execute > section in the PE Xen image. This is required to support the NX > compatible flag in the PE header. By the end of the series the > resulting PE image has no relocations that apply to text sections, as > text sections are strictly mapped read-execute only. Xen itself > attempting to apply relocations to text would result in page-faults. > > A smoke test is added to Gitlab to ensure the PE NX support doesn't > regress. > > Only patches 5 and 10 are carried over from v1, the rest are new. > > Thanks, Roger. > > Roger Pau Monne (11): > automation/dockers: add to README how to rebuild all containers > x86/mkreloc: fix obtaining PE image base address > x86/mkreloc: use the string table to get names > x86/mkreloc: print the linear address of relocations to read-only > sections > xen: remove -N from the linker command line > x86/efi: discard .text.header for PE binary > x86/efi: discard multiboot related entry code for PE binary > x86/boot: place trampoline code in a non-execute section > x86/efi: avoid a relocation in efi_arch_post_exit_boot() > x86/efi: do not merge all .init sections > automation/x86: add a xen.efi test with a strict NX OVMF build > > automation/build/README.md | 7 ++ > automation/build/fedora/41-x86_64.dockerfile | 5 ++ > automation/gitlab-ci/test.yaml | 9 +++ > automation/scripts/qemu-smoke-x86-64-efi.sh | 22 +++++- > xen/arch/arm/Makefile | 6 +- > xen/arch/ppc/Makefile | 6 +- > xen/arch/riscv/Makefile | 6 +- > xen/arch/x86/Makefile | 12 +-- > xen/arch/x86/boot/head.S | 3 +- > xen/arch/x86/efi/efi-boot.h | 7 +- > xen/arch/x86/efi/mkreloc.c | 77 +++++++++++++++++--- > xen/arch/x86/xen.lds.S | 20 +++-- > 12 files changed, 138 insertions(+), 42 deletions(-)
>From titles and diffstat (all Makefile changes being covered by patch 05) it looks like you still don't add passing --nxcompat to the linker. Is that intentionally left out here? Jan
