On 02/06/2023 9:31 am, Jan Beulich wrote: > On 01.06.2023 19:43, Alejandro Vallejo wrote: >> This allows replacing many instances of runtime checks with folded >> constants. The patch asserts support for the NX bit in PTEs at boot time >> and if so short-circuits cpu_has_nx to 1. This has several knock-on effects >> that improve codegen: >> * _PAGE_NX matches _PAGE_NX_BIT, optimising the macro to a constant. >> * Many PAGE_HYPERVISOR_X are also folded into constants >> * A few if ( cpu_has_nx ) statements are optimised out >> >> We save 2.5KiB off the text section and remove the runtime dependency for >> applying NX, which hardens our security posture. The config option defaults >> to OFF for compatibility with previous behaviour. >> >> Signed-off-by: Alejandro Vallejo <alejandro.vall...@cloud.com> > At a guess this may want a Suggested-by: Andrew?
Well - it was a work item off the backlog, and a one-liner at that. I wouldn't have said an explicit tag was warranted simply because I put the backlog together. ~Andrew
