[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xen/link: Move .data.rel.ro sections into .rodata for final link



>>> David Woodhouse <dwmw2@xxxxxxxxxxxxx> 07/31/17 1:02 PM >>>
>On Sun, 2017-07-30 at 00:16 -0600, Jan Beulich wrote:
>> > > > David Woodhouse <dwmw2@xxxxxxxxxxxxx> 07/20/17 5:22 PM >>>
>> > This includes stuff lke the hypercall tables which we really want
>> > to be read-only. And they were going into .data.read-mostly.
>> Yes, we'd like them to be read-only, but what if EFI properly assigned r/o
>> permissions to the .rodata section when loading xen.efi? We'd then be
>> unable to apply relocations when switching from 1:1 to virtual mappings
>> (see efi_arch_relocate_image()).
>
>
>FWIW it does look like TianoCore has gained the ability to mark
>sections as read-only, in January of this year:
>https://github.com/tianocore/edk2/commit/d0e92aad46
>
>It doesn't actually seem to be complete — even with subsequent fixes
>since that commit, it doesn't look like it catches the case of data
>sections without EFI_IMAGE_SCN_MEM_WRITE, such as .rodata. 
>
>And even if/when that gets fixed you'll note that the protection is
>deliberately torn down in ExitBootServices(), specifically for the case
>you're concerned about below — because you'll need to do the
>relocations.

As said in an earlier reply, a first pass over relocations is being done
long before the call to ExitBootServices(). A minimal adjustment to
efi_arch_relocate_image() will be needed anyway, afaict.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.