[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] Changelog: Add __ro_after_init and CET

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 28 Mar 2022 10:01:19 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l9mEmxrl8ffP3GS7lGrHnftNEJDZMAYobYpyn3MjpVs=; b=V15F/0fKd5lH2ArfgYT48CFR62gmat1gxYUdJ/I3iQhsPpotzpM5WM4Jhyoq+x09l7rXaM/SeCxmKYJ80siTmWqyPbEoOcfFSQTzn5/M74ISljkUXRMIY3EixZkDL/ZBOeSN6HX1t/wA+tDt5ay/5bYCgI7XpvT1BYIcyCwK/JCLTwyYq6jeWlTfzN4YE5P+ICbF7xo8Gc7atmNG3zKALNSTrhA3Qdfsrz1SZAScfvA8UUHIkvVRSWRAeNV2HULSGjPpwElvb4fD0UyxHnYlReUNABvNss5mzSPSFmhYyXtdky2a7TX12rM4GOO+xs40SHEYAgZEER2hbp5WVAxQPw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k3NMNXdtcIQbSUD6S0KFQOZQ51HltVxTp1nrgydQBX0kDkotu5PInkMq8j30aXF/ha8OKD11tWp7W8QgCAjdwe9dcj3weaNPMijt6VcMMNQu6o5SFkTnlaJvEbqSsaSmU+Aw89BhgqHd96R+ulmEgma5aB6nvv82fcqAOHkRxXKlVmNKuaIWu9ZaAjWefFSEIqYylabXHGKogdl0skCvbtKMkGDLUXSiSeuIPhfQcy3c6qKKN2Hq8CqO1rlkOIaW0kC1toIWCp14t9fN/gw/zFcqkggMUFoO6KTJmG28ySR4WBF8SgB1Q+4RLNsakZcu+fnBitmgpsYzlsQo++AqhQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 28 Mar 2022 08:01:31 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 25.03.2022 17:39, Andrew Cooper wrote:
> On 09/03/2022 13:03, Jan Beulich wrote:
>> On 09.03.2022 13:39, Andrew Cooper wrote:
>>> --- a/CHANGELOG.md
>>> +++ b/CHANGELOG.md
>>> @@ -6,6 +6,12 @@ The format is based on [Keep a 
>>> Changelog](https://keepachangelog.com/en/1.0.0/)
>>>  
>>>  ## [unstable 
>>> UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) 
>>> - TBD
>>>  
>>> +### Added
>>> + - __ro_after_init support on x86, for marking data as immutable after 
>>> boot.
>> I'm not sure something like this (being an implementation detail) belongs
>> here.
> 
> Having things immutable after boot is not an implementation detail.  It
> is an important security hardening property, and deserves to be here.

Well. Are you suggesting that we repeat this statement for every release
where at least one variable was converted to use __ro_after_init? The
mere introduction of the new section has no hardening effect at all;
every use of it is a single small step.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.