> On Oct 31, 2018, at 1:38 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > > > >>> On Oct 31, 2018, at 3:11 AM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: >>> >>> On Wed, Oct 31, 2018 at 12:15:46AM +0200, Igor Stoppa wrote: >>> On 30/10/2018 23:02, Andy Lutomirski wrote: >> >>>> But I dislike allowing regular writes in the protected region. We >>>> really only need four write primitives: >>>> >>>> 1. Just write one value. Call at any time (except NMI). >>>> >>>> 2. Just copy some bytes. Same as (1) but any number of bytes. >>>> >>>> 3,4: Same as 1 and 2 but must be called inside a special rare write >>>> region. This is purely an optimization. >>> >>> Atomic? RCU? >> >> RCU can be done, that's not really a problem. Atomics otoh are a >> problem. Having pointers makes them just work. >> >> Andy; I understand your reason for not wanting them, but I really don't >> want to duplicate everything. Is there something we can do with static >> analysis to make you more comfortable with the pointer thing? > > I’m sure we could do something with static analysis, but I think seeing a real use case where all this fanciness makes sense would be good. > > And I don’t know if s390 *can* have an efficient implementation that uses pointers. OTOH they have all kinds of magic stuff, so who knows? Also, if we’re using a hypervisor, then there are a couple ways it could be done: 1. VMFUNC. Pointers work fine. This is stronger than any amount of CR3 trickery because it can’t be defeated by page table attacks. 2. A hypercall to do the write. No pointers. Basically, I think that if we can get away without writable pointers, we get more flexibility and less need for fancy static analysis. If we do need pointers, then so be it.
