Re: [PATCH 10/17] prmem: documentation

[Andy Lutomirski]

> On Oct 31, 2018, at 1:38 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> 
> 
> 
>>> On Oct 31, 2018, at 3:11 AM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>>> 
>>> On Wed, Oct 31, 2018 at 12:15:46AM +0200, Igor Stoppa wrote:
>>> On 30/10/2018 23:02, Andy Lutomirski wrote:
>> 
>>>> But I dislike allowing regular writes in the protected region. We
>>>> really only need four write primitives:
>>>> 
>>>> 1. Just write one value.  Call at any time (except NMI).
>>>> 
>>>> 2. Just copy some bytes. Same as (1) but any number of bytes.
>>>> 
>>>> 3,4: Same as 1 and 2 but must be called inside a special rare write
>>>> region. This is purely an optimization.
>>> 
>>> Atomic? RCU?
>> 
>> RCU can be done, that's not really a problem. Atomics otoh are a
>> problem. Having pointers makes them just work.
>> 
>> Andy; I understand your reason for not wanting them, but I really don't
>> want to duplicate everything. Is there something we can do with static
>> analysis to make you more comfortable with the pointer thing?
> 
> Iâm sure we could do something with static analysis, but I think seeing a real use case where all this fanciness makes sense would be good.
> 
> And I donât know if s390 *can* have an efficient implementation that uses pointers. OTOH they have all kinds of magic stuff, so who knows?

Also, if weâre using a hypervisor, then there are a couple ways it could be done:

1. VMFUNC.  Pointers work fine.  This is stronger than any amount of CR3 trickery because it canât be defeated by page table attacks.

2. A hypercall to do the write. No pointers.

Basically, I think that if we can get away without writable pointers, we get more flexibility and less need for fancy static analysis. If we do need pointers, then so be it.