Hacker News new | past | comments | ask | show | jobs | submit login

Virtualization hardware can potentially be accessed from userspace [1]. That might be both more fine grained and more performant than a fully separate address space.

Failing that maybe it is time to bring back segments.

[1]https://github.com/ramonza/dune/blob/master/README




I did a similar thing here, using the a virtualized ring 0 context speed up JITed cross ISA virtualization.

https://github.com/monocasa/remu-playground

Because you have to round trip through the host kernel to do anything that leaves that context, it's a bit slower and doesn't really get you the perf gains overall you might think. : /

But yeah, segments coming back would be really neat.


Nice.

Intel also support memory protection keys. I wonder if they would be enough. Although they might be affected by meltdown like issues.

Does AMD support them?


The MPX extensions? AMD never supported them, and I've heard rumors that Intel might be dropping support since support never really took off for it. In addition to the meltdown like effects that probably exist, I'd be afraid of the cache effect side channels of just everything needed to load the base and bounds registers.


Not MPX, I think it is called MPK[1]; basically a process can tag each page with a 4 bit identifier (via a kernel provided API) and then, by loading the id on a special register can restrict its own accesses to pages with different keys.

[1] https://lwn.net/Articles/689395/


Oh, neat! Thanks! I had somehow missed that there was a tagged memory extension to x86; I'm going to have to check that out.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: