Andi Kleen wrote:

On Tuesday 22 August 2006 16:25, Adrian Bunk wrote:
  

quoted

On Tue, Aug 22, 2006 at 03:50:57PM +0200, Andi Kleen wrote:
    

quoted

quoted

this would need a "const after boot" section; which is really not hard
to make and probably useful for a lot more things.... todo++
        

except for anything that needs tlb entries in user space. And it only gives you
false sense of security. --todo
      

What's the alternative?
    

The alternative is to not protect it, since protecting it doesn't
offer any significant additional security over not protecting it.
  

Didn't someone point out yet that if you are vulnerable to someone 
loading a kernel module of their choosing, you lose, plain and simple?  
You don't need paravirt-ops to implement a rootkit, and it doesn't make 
it any easier, and write protecting it is totally useless.  How do you 
think VMware runs on Linux?  It takes over the hardware entirely, loads 
a hypervisor, and starts running in a completely different world.  And 
it doesn't even need to use a single _GPL'd export to do that.

Write protection is great as a debug option to find accidental memory 
corruptions.  It is useless as a technique to prevent subversion.  Um 
hello, you're already at CPL-0.  Just rewrite the page tables already.

quoted

Change it from a struct to a compile time choice?
    

One of the design goals of paravirt-ops was to allow single binaries
that run on both native hardware and on hypervisors. So that would
be a non starter.

Strongly agree.

Zach