Re: Why COPY != SIMULATED COPY

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why COPY != SIMULATED COPY

From:	Espen Skoglund
Subject:	Re: Why COPY != SIMULATED COPY
Date:	Wed, 19 Oct 2005 20:41:52 +0200

[Espen Skoglund]
> [Espen Skoglund]
>>> Given such a CapServer, the initial part of the protocol remains
>>> similar:

>>> STEP                         EFFECT ON SYSTEM STATE
>>> [Initially]                  CapServer has Cap.1
>>> A has Cap.1..x.1

>>> RevCopy(Cap.1..x.1)
>>> A --------------> CapServer   CapServer has Cap.1..x.1.1

>>> [Intention: A is saying: I authorize CapServer to create
>>> capabilities that are co-equal to mine]

>>> CapServer ------> A           [none: CapServer is returning]

>>> RevCopy(Cap.1..x.1)
>>> A --------------> B           B has Cap.1..x.1.2

>>> RevCopy(Cap.1..x.1.2)
>>> B --------------> CapServer   CapServer has Cap.1...1.2.1

>>> ??MagicOp??(Cap.1...x)
>>> CapServer ------> B           [B has Cap.1..x.2]

>> Since CapServer knows that Cap.1..x.1.1 is identical to Cap.1, it can
>> perform the following last step:

>> RevCopy(Cap.1)
>> CapServer ------> B           B has Cap.1.y

> Sorry.  You actually want to make sure that

>      "B has Cap.1..x.1" 

> righy.  My fault.  Too quick to answer.  Will have to get back to
> this one after a little thinking.

Just did a LITTLE thinking, and I have a question about what we REALLY
want here: Do we really want what I just stated?  Or in other words:
Does B really want to trust the hierarchy between "Cap.1" and
"Cap.1..x" to not perform any revocation?

If the answer is NO then it seems to me that what we actually want is:

     "B has Cap.1.y"

Comments?

        eSk

[Prev in Thread]

Current Thread

[Next in Thread]

Re: cap exchange race with map/unmap, (continued)

Prev by Date: Re: Why COPY != SIMULATED COPY
Next by Date: Re: Why COPY != SIMULATED COPY
Previous by thread: Re: Why COPY != SIMULATED COPY
Next by thread: Re: Why COPY != SIMULATED COPY
Index(es):
- Date
- Thread