← Back to context

Comment by bieganski

4 hours ago

have you considered forking existing OS and implementing changes that you needed instead?

it's hard for me to justify the tremendous effort of implementing the OS from scratch, instead of adding the functionality that you need to for example linux or xv6.

> (it) exposes primitives that let a single experiment switch privilege levels at runtime while executing the same instructions in the same address space.

i think that it can be achieved by following linux modifications:

- make all executable pages executable both in user and kernel mode

- define a new syscall number, let's call it 'fractal'

- upon 'svc' trap (syscall), if it's a fractal syscall, just branch to instruction after the 'svc' (still in kernel mode! no 'eret', as opposed to no-fractal syscalls)

and.. that's it?

2 comments

bieganski

Reply
kstrauser  2 hours ago

From the article:

> [...] they usually run their experiments on top of an operating system that was never built for the job. They open up macOS or Linux, patch the kernel by hand, and hope the modifications hold. The approach is unstable, hard to reproduce, and on Apple’s platforms, slated for deprecation.

I'd also like to hear more about why that's a problem, not because I disagree, but because I don't know jack about this and it's fascinating. However, I could imagine at least a couple of advantages to this approach.

* It's not a general purpose OS. It doesn't have to support 10,000,000 different accessories, just enough to get the kernel booted so researchers can interact with the hardware.

* You don't have to deal with general purpose constraints here. Who needs something like a fair scheduler when the goal is to give researchers direct access to the hardware for minutes at a time?

* If broad hardware support and universal use case support aren't goals, you can write something vastly simpler that basically loads a program and turns it loose on the underlying bare metal. I imagine that'd make repeatability vastly easier, with no "oops, an Ethernet packet came in so I need to service that mid-test" interrupt{,ion}s.

Those would seem like good reasons to make a minimal kernel that doesn't get between the researchers and their work.

saagarjha  2 hours ago

It’s not actually possible to have the kernel execute user pages like this on most modern systems