Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp17517imd; Wed, 31 Oct 2018 13:54:03 -0700 (PDT) X-Google-Smtp-Source: AJdET5dxkxZ0BMhYoQpGEVNlJgeLvKLhSAAhQ1rt+NuvK1N0HQxaIQpfIeoQKHo/wbbByHD6EBXg X-Received: by 2002:a65:6249:: with SMTP id q9-v6mr4602680pgv.392.1541019242947; Wed, 31 Oct 2018 13:54:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541019242; cv=none; d=google.com; s=arc-20160816; b=PL6C+jLldyXLaLCbLc4Xq85LmHzOzi2u7yGnHpGQT6pDlG1YInqtItiOhvpk9kO/dz S1/2VEh572i0wBcQNpwJC3l10xStaGCezIXpBLx2xbQ4SzXnkkpbJhkfAP5DZZ4nKEne eJiY0tkCy6qdSvERoGawZdX1mZwse1hdnKiW7xNWr8WS+kMhE26ytUCo2EVP3lswDzJU fFI4Nw7biQjzIePwOQrOpuu4Q7fxYr51dFFWwOl1xEehzsRvX8LoKWOfcHo9m09xGuSY twaPTazhUk5M4shgXBVk9zGHjCo+aM7rMpMLwwTFbwy2xVA72cILuSmF/iHpk4V5QyIU Grug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=T43vL0uiUWLMgJnYgtALRl2GDqUTpSZ128iFcN3LwTs=; b=l3aXkOsWko4mnil264TBjVeCUqRgMQ7rF/zcv2O+NV2puk7MtMzPUoq8+w7rR/WhEf hWr/0FR34xGTNFOfZtOqBOY4JTRoPCW8xhLVN7yiLd67p8dNoZbgYcJZdpG11iJxoPz1 BzTXpOCjzFhChOze+HBAlFb9F8Gk/QjqheD2l4/yEYLZ+NDKZVz7RFmuV3kZiHcGO3sN 7Pa3RLc9hYjuEe/Y/hh6ZLOIS+1NyspUBQw6ldIXWsmhwuq5CekEsyrxtUgtjmzj9dcn hvTIUEeKjz1BUC9PYNS2w49FHPNpMCBoTYqXE6n52eJolY+U6N5ND+9gbt2kFdYy9Jr1 /hlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=Z5StMnW+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 4-v6si10746127ple.236.2018.10.31.13.53.46; Wed, 31 Oct 2018 13:54:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=Z5StMnW+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729926AbeKAFw5 (ORCPT + 99 others); Thu, 1 Nov 2018 01:52:57 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:36499 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729921AbeKAFw5 (ORCPT ); Thu, 1 Nov 2018 01:52:57 -0400 Received: by mail-pg1-f195.google.com with SMTP id z17-v6so7948587pgv.3 for ; Wed, 31 Oct 2018 13:53:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=T43vL0uiUWLMgJnYgtALRl2GDqUTpSZ128iFcN3LwTs=; b=Z5StMnW+uJcea8edu3fwrTJ39z9eAu2Wk0XnPj3naZRd/dpQStWTMG2aH3xR2E977+ g3jPQNe8t15BIwnEk6zsenrJAHJ5fVfvGcP8bbAFG26PkqrtMCXeU8mkxNuXopND8mGm nraD9oeGDKCfAk55EeFAyt1Yv2LFza0K+u9C6T70GCYTmEbtHK3Xtxp8VYAlFirFewOF Oaz2TNIuw2vm2KyHQgEliv+Py8fS7jRDvYapkil5b6XOIHBGu+jJx0IAjE9DSiUbYcIh f7OtNQoy+r2G1i3i1cmSBnLvEDSiSdRf0dDLy2+zjSfLGHjSVWRvdF4Py7YEcYLU3sdd UyhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=T43vL0uiUWLMgJnYgtALRl2GDqUTpSZ128iFcN3LwTs=; b=eA7rIuHgGMpvEzlFKqfakMQq3AyN/sofeI5x7/Ggor4Brf6n4DzuTOgreInp0CKFyR Z67i+w6vJXodNG1FDLqzFM4mXjqljY29a3nYIlYC7Z7Z4cGC715Rp+ObIiJVoMg76lHL SVywPdHNa7ayacsriSEjhAZaMJDZ7JgmD+Sa5i1VK/mnyZJtXY8URRJABGlQXyeL7GYV jIP80HhUNkSUtdvRyTjqjXYQlYQG8joM+1LVjSmDLdID19fkeFZ5Wq7rupgADzy7IITX ZGIcsLw3Qc22jUZOAENN2ZNT+UAKVXMqH5WgIRgxk60B+nzQmkDpcCC2RgusBBSISaWQ Jtnw== X-Gm-Message-State: AGRZ1gKwEQTb3YLQs42DkL8sv989j1DQytFPDUljjJcewjzhxRXR2LU5 WAmrSC4W3wjqyd7uT+GmMANhug== X-Received: by 2002:a63:5664:: with SMTP id g36mr4522707pgm.313.1541019194338; Wed, 31 Oct 2018 13:53:14 -0700 (PDT) Received: from ?IPv6:2600:1010:b021:f9e6:a9a5:9545:35ee:19c8? ([2600:1010:b021:f9e6:a9a5:9545:35ee:19c8]) by smtp.gmail.com with ESMTPSA id t26-v6sm37407658pfa.158.2018.10.31.13.53.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 13:53:13 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [PATCH 10/17] prmem: documentation From: Andy Lutomirski X-Mailer: iPhone Mail (16A404) In-Reply-To: <34204E6C-53C2-427D-A3B2-3D2E091D3E4B@amacapital.net> Date: Wed, 31 Oct 2018 13:53:11 -0700 Cc: Igor Stoppa , Matthew Wilcox , Tycho Andersen , Kees Cook , Mimi Zohar , Dave Chinner , James Morris , Michal Hocko , Kernel Hardening , linux-integrity , linux-security-module , Igor Stoppa , Dave Hansen , Jonathan Corbet , Laura Abbott , Randy Dunlap , Mike Rapoport , "open list:DOCUMENTATION" , LKML , Thomas Gleixner Content-Transfer-Encoding: quoted-printable Message-Id: <83ED6142-A370-42FD-BBA4-95E5C3F998B3@amacapital.net> References: <40cd77ce-f234-3213-f3cb-0c3137c5e201@gmail.com> <20181030152641.GE8177@hirez.programming.kicks-ass.net> <0A7AFB50-9ADE-4E12-B541-EC7839223B65@amacapital.net> <20181030175814.GB10491@bombadil.infradead.org> <20181030182841.GE7343@cisco> <20181030192021.GC10491@bombadil.infradead.org> <9edbdf8b-b5fb-5a82-43b4-b639f5ec8484@gmail.com> <2cfb3835-0c18-b3fb-1722-5d693ae0ecd2@gmail.com> <20181031101124.GO744@hirez.programming.kicks-ass.net> <34204E6C-53C2-427D-A3B2-3D2E091D3E4B@amacapital.net> To: Peter Zijlstra Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Oct 31, 2018, at 1:38 PM, Andy Lutomirski wrote: >=20 >=20 >=20 >>> On Oct 31, 2018, at 3:11 AM, Peter Zijlstra wrote= : >>>=20 >>> On Wed, Oct 31, 2018 at 12:15:46AM +0200, Igor Stoppa wrote: >>> On 30/10/2018 23:02, Andy Lutomirski wrote: >>=20 >>>> But I dislike allowing regular writes in the protected region. We >>>> really only need four write primitives: >>>>=20 >>>> 1. Just write one value. Call at any time (except NMI). >>>>=20 >>>> 2. Just copy some bytes. Same as (1) but any number of bytes. >>>>=20 >>>> 3,4: Same as 1 and 2 but must be called inside a special rare write >>>> region. This is purely an optimization. >>>=20 >>> Atomic? RCU? >>=20 >> RCU can be done, that's not really a problem. Atomics otoh are a >> problem. Having pointers makes them just work. >>=20 >> Andy; I understand your reason for not wanting them, but I really don't >> want to duplicate everything. Is there something we can do with static >> analysis to make you more comfortable with the pointer thing? >=20 > I=E2=80=99m sure we could do something with static analysis, but I think s= eeing a real use case where all this fanciness makes sense would be good. >=20 > And I don=E2=80=99t know if s390 *can* have an efficient implementation th= at uses pointers. OTOH they have all kinds of magic stuff, so who knows? Also, if we=E2=80=99re using a hypervisor, then there are a couple ways it c= ould be done: 1. VMFUNC. Pointers work fine. This is stronger than any amount of CR3 tri= ckery because it can=E2=80=99t be defeated by page table attacks. 2. A hypercall to do the write. No pointers. Basically, I think that if we can get away without writable pointers, we get= more flexibility and less need for fancy static analysis. If we do need poi= nters, then so be it.=