[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auth handshake and rendevouz objects
From: |
Marcus Brinkmann |
Subject: |
Re: auth handshake and rendevouz objects |
Date: |
Mon, 4 Nov 2002 16:57:01 +0100 |
User-agent: |
Mutt/1.4i |
On Mon, Nov 04, 2002 at 03:59:28PM +0100, Bram Meersman wrote:
> Can I find an explanation about handle passing in Hurd/L4 somewhere on
> the web ?
Here is what I recollect:
Server S provides object, client A wants to copy or move a handle to this
object to client B.
For this, A sends a message to S that says "insert a handle (send right) for B".
The server makes a note of that, but it doesn't actually create a real
reference. Then A sends a message to B that says "I just gave you the
handle for the object". Then B sends a message to the server S that says:
"I accept reception of the handle from A" [1].
Now, in the case of moving a handle from A to B, A can safely remove its
reference. However, it must be careful not to do this too early on, before
B has acknowledge receiving the handle from A to the server S. Because
otherwise there is a race that could lead to the object being destroyed
before B acknowledges its reception. This means some synchronization
between B and A is necessary: B could send a message back to A that says: "I
got the handle and acknowledged it." This could be implied by the reply
message to the RPC that sent the handle, or it could be a separate RPC...
There was another variation: In this case, the default operation in the
server would be to move a reference from A to B, and for a copy operation A
would first have to allocate an additional reference. Both approaches were
mostly identical, but one had fewer problematic details (races and such),
and I don't remember the details which one it was for what reason.
I know I am vague. Maybe Neal can fill in the details, or we can certainly
recover them by a bit of thinking. It took us a couple of minutes to work
it out in full detail, so it's not too hard.
Thanks,
Marcus
[1] This is very important, to avoid leaking references: Otherwise a malicious
task could donate send rights to random long lived privileged tasks in the
system
and thus prevent object destruction beyond its lifespan.
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org address@hidden
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/03
- Re: auth handshake and rendevouz objects, Bram Meersman, 2002/11/04
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/04
- Re: auth handshake and rendevouz objects,
Marcus Brinkmann <=
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects, Tom Hart, 2002/11/05
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects, Neal H. Walfield, 2002/11/05