Consider adding something to the platform for separate user-space pointers, which are allowed to be transparent for user-space platforms, but kernel-space platforms would ensure that copy-to-kernel/copy-to-user is happening at the right points.
Things like the POSIX shim would use only user-space pointers in their interface (thus they need to be repr(C) pointers in the first place), but this would transparently support our kernel and user space variants of litebox safely.
Consider adding something to the platform for separate user-space pointers, which are allowed to be transparent for user-space platforms, but kernel-space platforms would ensure that copy-to-kernel/copy-to-user is happening at the right points.
Things like the POSIX shim would use only user-space pointers in their interface (thus they need to be
repr(C)pointers in the first place), but this would transparently support our kernel and user space variants of litebox safely.