[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: port reference leaks (was: Re: new interfaces io_close, io_reidentif
From: |
Marcus Brinkmann |
Subject: |
Re: port reference leaks (was: Re: new interfaces io_close, io_reidentify, file_record_lock |
Date: |
Wed, 4 Dec 2002 16:33:24 +0100 |
User-agent: |
Mutt/1.4i |
On Tue, Dec 03, 2002 at 08:28:17PM -0800, Thomas Bushnell, BSG wrote:
> So we need a way other than port death notifications to handle this?
> I don't think so. I'm not certain there is a problem here.
I didn't answer what we possibly need to fix this properly. I am not sure
this can be fixed in Mach. However, in L4, some of these problems can
be fixed by requiring that the reply is always sent to the task that sent
the message. The L4 kernel allows the recipient to identifies the sending
task, and this makes it easy to ensure this.
Also the rendezvous port of auth must be allocated in the auth server, and
the auth server has to check that really one of its own ports is used. This
ensures that it has knowledge about the lifetime of the rendezvous port (it
knows about the extinct send rights).
I could go in more depth, but that requires that you make yourself
comfortable with the L4 kernel. (For real L4 feeling, replace port with
object above).
The trick is that ports in Hurd-L4 are managed by the Hurd servers
themselves, not by the kernel. This means you have more knowledge about who
provides which object, and who sends you messages, and you can be more
paranoid to avoid circular references.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org address@hidden
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/