I don't see why paravirt ops is that much more sensitive than most other kernel code. > It would be a lot safer if we could have the struct paravirt_ops in > protected read-only const memory space, set it up in the core kernel > early on in boot when we play "guess todays hypervisor" and then make > sure it stays in read only (even to kernel) space. By default we don't make anything read only because that would mess up the 2MB kernel mapping. In general i don't think making select code in the kernel read only is a good idea, because as long as you don't protect everything including stacks etc. there will be always attack points where supposedly protected code relies on unprotected state. If someone can write to kernel memory you already lost. And it adds TLB pressure. -Andi
