[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cap exchange race with map/unmap

From: Neal H. Walfield
Subject: cap exchange race with map/unmap
Date: Tue, 18 Oct 2005 13:04:40 +0100
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI)

At Sun, 09 Oct 2005 14:50:00 -0400,
Jonathan S. Shapiro wrote:
> I send you a capability. During the window of time when you are trying
> to exchange it, I revoke it. If I do this fast enough in the MAP/UNMAP
> design, your attempt to invoke the CapServer will take a memory fault.
> Note that this memory fault can occur at any place where your
> application receives a capability, which includes EVERY RPC!!! Now what?

This illustration is not yet clear to me.  Could you elaborate where
the fault occurs?

Here is the protocol that I envision: when doing a cap exchange, the
receiver does not invoke the capability that it is trying to exchange
but a capability to its trusted cap server and passes the capability
it is trying to exchange as an argument.  If the sender revokes the
capability before the exchange completes, the cap server will see an
invalid capability and fail.  Where is the memory fault?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]