hurd-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: port reference leaks (was: Re: new interfaces io_close, io_reidentif


From: Marcus Brinkmann
Subject: Re: port reference leaks (was: Re: new interfaces io_close, io_reidentify, file_record_lock
Date: Wed, 4 Dec 2002 16:33:24 +0100
User-agent: Mutt/1.4i

On Tue, Dec 03, 2002 at 08:28:17PM -0800, Thomas Bushnell, BSG wrote:
> So we need a way other than port death notifications to handle this?
> I don't think so.  I'm not certain there is a problem here.

I didn't answer what we possibly need to fix this properly.  I am not sure
this can be fixed in Mach.  However, in L4, some of these problems can
be fixed by requiring that the reply is always sent to the task that sent
the message.  The L4 kernel allows the recipient to identifies the sending
task, and this makes it easy to ensure this.

Also the rendezvous port of auth must be allocated in the auth server, and
the auth server has to check that really one of its own ports is used.  This
ensures that it has knowledge about the lifetime of the rendezvous port (it
knows about the extinct send rights).

I could go in more depth, but that requires that you make yourself
comfortable with the L4 kernel.  (For real L4 feeling, replace port with
object above).

The trick is that ports in Hurd-L4 are managed by the Hurd servers
themselves, not by the kernel.  This means you have more knowledge about who
provides which object, and who sends you messages, and you can be more
paranoid to avoid circular references.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    address@hidden
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]