[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 1/4] Align relevant sections to 4KB
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Frediano Ziglio <freddy77@xxxxxxxxx>
- Date: Tue, 16 Jun 2026 15:38:53 +0100
- Arc-authentication-results: i=1; mx.google.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=snKhAOw3RP7MRbxbkR8ObtB/TOYZ+pw+WAKjH/t0hzc=; fh=A72rsFT1N8cd1FI/a4TfKbyiQw9eFOMoec7Qj58Q2a0=; b=KcnUuG33vBvtXSrS7WpuDxGCQzFlxkDG8oEaeLPkTG/K8NpGcDcMxS2VJgBbTImTxN tG/CMDKbFsMtsW9pEVFhY+0sd3mWEzFGif7LOuvzWgz7JzdimGSm82BvCX5NBAJB6KVg BD6P4O6OAGU+90qg5cJEpxOu7D7NcaA/SM5vqoxm9akV8vmWM1y4Xm8V6DKiylC3edll Bk1Qmp0ZJQwkF/Q6FL/cjlajeh49ZmPq4AhbPNAR8fWBAmtdQVPZGyItBqehKQNuDx8P 0vWV7KmWmy7cuZfU+cNzorvemNKz2Hg/syGgi6udfSR+tQRveyfTTaqW7yqDtF5z+EeG yI8Q==; darn=lists.xenproject.org
- Arc-seal: i=1; a=rsa-sha256; t=1781620745; cv=none; d=google.com; s=arc-20240605; b=VHOSRfOU0mRwIUVSobkzkBJAWFkBxF5zNvo+6qn0QvZb8YY877LLl85FMgvxfe6fbi tetxmFwsjPLtMnJcXxaNlimu5Qd6nP1aFTcYSYxoSB9L5Sj57vEYEP1PcaSusBJ7iPbC kGsbYi5eERVHP/Q+zmAwacposH/xYfDWQJUPkQ96O6N4v3yCkMqIdRG4qM6wxW+nChFZ C3zaESVwkMN9jv6Xg1sHdxn36sFgiyUaBb6vaRaqEGyiIV4OiymmkVy5ZRn2O5gLHLvA Myjz5AHhOP2sDPN98neErwz7cNEhOTzuR/sVcjvSx6KGpbXrfnAMlZehd3laI12R/25A 3+nQ==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:MIME-Version"
- Cc: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Frediano Ziglio <frediano.ziglio@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Tue, 16 Jun 2026 14:39:16 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, 16 Jun 2026 at 13:27, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>
> On 16.06.2026 12:13, Frediano Ziglio wrote:
> > From: Frediano Ziglio <frediano.ziglio@xxxxxxxxx>
> >
> > Required by UEFI CA memory mitigation.
> >
> > It is a requirement for NX_COMPAT so the PE can be loaded with W^X perms
> > in the pagetables.
> >
> > NX_COMPAT is a requirement from shim-review,
> > https://github.com/rhboot/shim-review#do-you-have-the-nx-bit-set-in-your-shim-if-so-is-your-entire-boot-stack-nx-compatible-and-what-testing-have-you-done-to-ensure-such-compatibility
> >
> > Sections with different permissions must be in separate pages.
> > In the case of debug sections they are contiguous and have the same
> > permissions so it's not an issue if they are not aligned to the page.
>
> What if .debug_* starts in the middle of a page? Aren't you further
> relying on .debug_* to be r/o (i.e. neither X nor W)? (Right now
> .reloc is what comes immediately ahead of .debug_*, and that's r/o
> as well, so not an issue in practice for now. Yet as indicated, the
> description here wants to be usable as a reference when this later
> needs extending / revisiting.)
>
> Jan
Can you suggest a better wording?
Practically I think before the .debug section you could have the
.reloc or the SBAT, either are permission-compatible. If in the future
we break it for some reason we'll fix it again.
Frediano
|
