[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cap exchange race with map/unmap
From: |
Neal H. Walfield |
Subject: |
Re: cap exchange race with map/unmap |
Date: |
Tue, 18 Oct 2005 14:55:17 +0100 |
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI) |
At Tue, 18 Oct 2005 08:42:55 -0400,
Jonathan S. Shapiro wrote:
> In order to implement the protocol that you describe, the cap server
> requires:
>
> a) sufficient authority to inspect the content of every capability
I am not sure that this much authority is required depending on the
design of the server. (See below.)
> b) sufficient authority to fabricate any capability (because it
> must be able to exchange any capability).
I take issue with the any "qualifier" here. The cap server needs to
be able to exchange any capability that is *manages*.
Marcus designed a protocol to do this based on the addition of the
so-called map_lookup function:
[I]f there was a system call which allowed the caller to check if a
mapping was derived from another mapping in the same address space,
then we can use that to "unroll" mapping loops like the one in the
first scenario, i.e. Server -> Client -> Server, or in the second,
i.e. Server -> Reference Counter -> Client A -> Client B ->
Reference Counter.[1]
The requirement is that capabilities which can be exchanged must be
registered with a mutually trusted capability server.
Thanks,
Neal
[1] http://os.inf.tu-dresden.de/pipermail/l4-hackers/2005/002140.html
- Re: Comparing "copy" and "map/unmap", (continued)
- Re: Comparing "copy" and "map/unmap", Jonathan S. Shapiro, 2005/10/09
- Re: Comparing "copy" and "map/unmap", Matthieu Lemerre, 2005/10/14
- Re: Comparing "copy" and "map/unmap", Jonathan S. Shapiro, 2005/10/15
- Re: Comparing "copy" and "map/unmap", Matthieu Lemerre, 2005/10/17
- Re: Comparing "copy" and "map/unmap", Jonathan S. Shapiro, 2005/10/18
- Local IPC (was Re: Comparing "copy" and "map/unmap"), Espen Skoglund, 2005/10/18
- Re: Local IPC (was Re: Comparing "copy" and "map/unmap"), Jonathan S. Shapiro, 2005/10/18
- Re: Comparing "copy" and "map/unmap", Matthieu Lemerre, 2005/10/21
- cap exchange race with map/unmap, Neal H. Walfield, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap,
Neal H. Walfield <=
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Marcus Brinkmann, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Espen Skoglund, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/19
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/19
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/19