On 25.03.2022 17:39, Andrew Cooper wrote: > On 09/03/2022 13:03, Jan Beulich wrote: >> On 09.03.2022 13:39, Andrew Cooper wrote: >>> --- a/CHANGELOG.md >>> +++ b/CHANGELOG.md >>> @@ -6,6 +6,12 @@ The format is based on [Keep a >>> Changelog](https://keepachangelog.com/en/1.0.0/) >>> >>> ## [unstable >>> UNRELEASED](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=staging) >>> - TBD >>> >>> +### Added >>> + - __ro_after_init support on x86, for marking data as immutable after >>> boot. >> I'm not sure something like this (being an implementation detail) belongs >> here. > > Having things immutable after boot is not an implementation detail. It > is an important security hardening property, and deserves to be here.
Well. Are you suggesting that we repeat this statement for every release where at least one variable was converted to use __ro_after_init? The mere introduction of the new section has no hardening effect at all; every use of it is a single small step. Jan
