Andi Kleen wrote: > I don't see why paravirt ops is that much more sensitive > than most other kernel code. > > >> It would be a lot safer if we could have the struct paravirt_ops in >> protected read-only const memory space, set it up in the core kernel >> early on in boot when we play "guess todays hypervisor" and then make >> sure it stays in read only (even to kernel) space. >> > > By default we don't make anything read only because that would > mess up the 2MB kernel mapping. > > In general i don't think making select code in the kernel > read only is a good idea, because as long as you don't > protect everything including stacks etc. there will be always > attack points where supposedly protected code relies > on unprotected state. If someone can write to kernel > memory you already lost. > > And it adds TLB pressure. > And it doesn't work for VMI or lhype, both of which might modify paravirt_ops way later in the boot process, when loaded as a module. Where did this conversation come from? I don't see it on any list I'm subscribed to. Zach
