l4-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch to Pistachio's comportement on Xfer timeouts


From: Matthieu Lemerre
Subject: Patch to Pistachio's comportement on Xfer timeouts
Date: Thu, 20 Jan 2005 22:35:17 +0100
User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)


Here is the Pistachio patch Marcus asked me to work on.

For mailing list information:

This page modifies L4's comportement regarding xfer
timeouts. Presently, when a pagefault occur during a string transfer,
Pistachio takes the minimum of the sender's send timeout and the
receiver's receive timeout.

This is for security reasons, because a malicious pager could starve
the partner.

With this patch, Pistachio makes the decision to timeout depending on
where the pagefault occur: if it's in the sender's AS, it will look at
the receivers' reveice timeout, if it's in the receiver's AS, it will
look at the sender send timeout.

As Marcus said: "the server doesn't care about page faults in its own
      address space, but the server does care about page faults on the
      client side ". 

So with this patch makes better use of xfer timeouts while preserving security.


--- pistachio/pistachio-0.4//kernel/src/api/v4/space.cc 2004-06-03 
16:03:53.000000000 +0200
+++ pistachio-0.4/kernel/src/api/v4/space.cc    2005-01-20 22:13:22.000000000 
+0100
@@ -150,7 +150,7 @@ void tunnel_pagefault (word_t addr)
  *
  * @param sender               sender thread
  */
-static void handle_xfer_timeouts (tcb_t * sender)
+static void handle_xfer_timeouts (tcb_t * sender, bool fault_in_sender_as)
 {
 #warning Handle priority inversion for xfer timeouts
     
@@ -164,23 +164,31 @@ static void handle_xfer_timeouts (tcb_t 
     ASSERT (sender->get_state() == thread_state_t::locked_running);
     ASSERT (partner->get_state() == thread_state_t::locked_waiting);
  
-    time_t snd_to = sender->get_xfer_timeout_snd ();
-    time_t rcv_to = partner->get_xfer_timeout_rcv ();
+    time_t nonfaulter_to;
 
-    if (snd_to.is_zero () || rcv_to.is_zero ())
+    if (fault_in_sender_as)
+    {
+       nonfaulter_to = partner->get_xfer_timeout_rcv ();
+    }
+    else
+    {
+       nonfaulter_to = sender->get_xfer_timeout_snd ();
+    }
+    
+    if(nonfaulter_to.is_zero ())
     {
        // Timeout immediately.
        handle_ipc_timeout (thread_state_t::locked_running);
     }
-    else if (snd_to.is_never () && rcv_to.is_never ())
+    else if (nonfaulter_to.is_never ())
     {
        // No timeouts.
        return;
     }
 
+    
     // Set timeout on the sender side.
-    get_current_scheduler ()->set_timeout (sender,
-                                          snd_to < rcv_to ? snd_to : rcv_to);
+    get_current_scheduler ()->set_timeout (sender, nonfaulter_to);
     sender->flags += tcb_t::has_xfer_timeout;
 }
 
@@ -225,7 +233,7 @@ void space_t::handle_pagefault(addr_t ad
                // Pagefault during IPC copy.  Initiate xfer timeout
                // counters before handling pagefault.
                current->misc.ipc_copy.copy_fault = addr;
-               handle_xfer_timeouts (current);
+               handle_xfer_timeouts (current, true);
            }
 
            // if we have a user fault we may have a stale partner
@@ -279,7 +287,7 @@ void space_t::handle_pagefault(addr_t ad
        {
            // Fault in copy area.  Tunnel pagefault through partner.
            current->misc.ipc_copy.copy_fault = addr;
-           handle_xfer_timeouts (current);
+           handle_xfer_timeouts (current, false);
 
            // On PF tunneling we temporarily set the current thread
            // into waiting for partner.
I didn't made extensive tests to this patch, also it seems to work perfectly.


Thanks,
Matthieu Lemerre


PS: Marcus: sorry for the long patch to produce this tiny patch, I
have been quite busy (but I'm free to work again now! :))

reply via email to

[Prev in Thread] Current Thread [Next in Thread]