mbox series

[0/7] x86: generate xen.efi image with no write-execute sections

Message ID 20250318173547.59475-1-roger.pau@citrix.com (mailing list archive)
Headers show
Series x86: generate xen.efi image with no write-execute sections | expand

Message

Roger Pau Monné March 18, 2025, 5:35 p.m. UTC 
Hello,

The aim of the series is to generate a Xen image with no write and
execute sections, so that the PE binary can be NX_COMPAT.

The main change for achieving this is changing the order in which the
trampoline relocation are applied.  To avoid having write-execute
sections apply the trampoline relocations after having moved the
trampoline to it's final destination.

Thanks, Roger.

Roger Pau Monne (7):
  x86/boot: clarify comment about trampoline_setup usage
  x86/mkelf32: account for offset when detecting note segment placement
  xen: remove -N from the linker command line
  x86/boot: apply trampoline relocations at destination position
  x86/mkreloc: remove warning about relocations to RO section
  x86/efi: do not merge all .init sections
  xen/build: warn about RWX load segments

 xen/Makefile                         |  2 --
 xen/arch/arm/Makefile                |  6 +++---
 xen/arch/ppc/Makefile                |  6 +++---
 xen/arch/riscv/Makefile              |  6 +++---
 xen/arch/x86/Makefile                | 12 ++++++------
 xen/arch/x86/boot/build32.lds.S      |  1 +
 xen/arch/x86/boot/head.S             |  9 +++++----
 xen/arch/x86/boot/mkelf32.c          |  3 ++-
 xen/arch/x86/boot/reloc-trampoline.c | 16 ++++++++--------
 xen/arch/x86/efi/efi-boot.h          | 15 ++++++---------
 xen/arch/x86/efi/mkreloc.c           |  5 -----
 xen/arch/x86/xen.lds.S               |  8 --------
 12 files changed, 37 insertions(+), 52 deletions(-)