Xen project Mailing List

Re: [PATCH v3 1/4] Align relevant sections to 4KB

To: Frediano Ziglio <freddy77@xxxxxxxxx>

From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Date: Tue, 16 Jun 2026 12:44:58 +0200

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=fm1 header.d=invisiblethingslab.com header.i="@invisiblethingslab.com" header.h="Cc:Content-Type:Date:From:In-Reply-To:Message-ID:MIME-Version:References:Subject:To"; dkim=pass header.s=fm1 header.d=messagingengine.com header.i="@messagingengine.com" header.h="Cc:Content-Type:Date:Feedback-ID:From:In-Reply-To:Message-ID:MIME-Version:References:Subject:To:X-ME-Proxy:X-ME-Sender"

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Frediano Ziglio <frediano.ziglio@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Frediano Ziglio <frediano.ziglio@xxxxxxxxxx>

Delivery-date: Tue, 16 Jun 2026 10:45:12 +0000

Feedback-id: i1568416f:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Jun 16, 2026 at 11:13:33AM +0100, Frediano Ziglio wrote: > From: Frediano Ziglio <frediano.ziglio@xxxxxxxxx> > > Required by UEFI CA memory mitigation. > > It is a requirement for NX_COMPAT so the PE can be loaded with W^X perms > in the pagetables. > > NX_COMPAT is a requirement from shim-review, > https://github.com/rhboot/shim-review#do-you-have-the-nx-bit-set-in-your-shim-if-so-is-your-entire-boot-stack-nx-compatible-and-what-testing-have-you-done-to-ensure-such-compatibility > > Sections with different permissions must be in separate pages. > In the case of debug sections they are contiguous and have the same > permissions so it's not an issue if they are not aligned to the page. > > Signed-off-by: Frediano Ziglio <frediano.ziglio@xxxxxxxxxx> Acked-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> > -- > Changes since v1: > - Change subject. > > Changes since v2: > - Improved commit message and subject. > --- > xen/arch/x86/xen.lds.S | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S > index b9e888e596..f758940674 100644 > --- a/xen/arch/x86/xen.lds.S > +++ b/xen/arch/x86/xen.lds.S > @@ -162,8 +162,8 @@ SECTIONS > __note_gnu_build_id_end = .; > } PHDR(note) PHDR(text) > #elif defined(BUILD_ID_EFI) > - /* Workaround bug in binutils < 2.36 */ > - . = ALIGN(32); > + /* Align to satisfy UEFI CA memory mitigation. */ > + . = ALIGN(PAGE_SIZE); > DECL_SECTION(.buildid) { > __note_gnu_build_id_start = .; > *(.buildid) > @@ -330,6 +330,7 @@ SECTIONS > __2M_rwdata_end = ALIGN(SECTION_ALIGN); > > #ifdef EFI > + . = ALIGN(PAGE_SIZE); > .reloc ALIGN(4) : { > __base_relocs_start = .; > *(.reloc) > -- > 2.43.0 > -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.