On Tuesday 22 August 2006 16:25, Adrian Bunk wrote: > On Tue, Aug 22, 2006 at 03:50:57PM +0200, Andi Kleen wrote: > > > > > this would need a "const after boot" section; which is really not hard > > > to make and probably useful for a lot more things.... todo++ > > > > except for anything that needs tlb entries in user space. And it only gives you > > false sense of security. --todo > > What's the alternative? The alternative is to not protect it, since protecting it doesn't offer any significant additional security over not protecting it. > > Change it from a struct to a compile time choice? One of the design goals of paravirt-ops was to allow single binaries that run on both native hardware and on hypervisors. So that would be a non starter. -Andi
