projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8de86b5) | patch
x86/boot: Support __ro_after_init
authorAndrew Cooper <andrew.cooper3@citrix.com>
Mon, 29 Nov 2021 20:11:01 +0000 (20:11 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Thu, 2 Dec 2021 20:02:55 +0000 (20:02 +0000)
commit05657c6d1821dfc4e9a618767a942b3555406046
tree0b96df1a9800924b88f9189cf97c693408b4e25btree | snapshot
parent8de86b5cd4353bf2cc415e4563f973f071b4e8a3commit | diff
x86/boot: Support __ro_after_init

For security hardening reasons, it advantageous to make setup-once data
immutable after boot.  Borrow __ro_after_init from Linux.

On x86, place .data.ro_after_init at the start of .rodata, excluding it from
the early permission restrictions.  Re-apply RO restrictions to the whole of
.rodata in init_done(), attempting to reform the superpage if possible.

For architectures which don't implement __ro_after_init explicitly, variables
merges into .data.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/setup.c diff | blob | history
xen/arch/x86/xen.lds.S diff | blob | history
xen/include/asm-x86/setup.h diff | blob | history
xen/include/xen/cache.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.