RE: Sawmill's dataspaces and the Hurd's physmem

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Sawmill's dataspaces and the Hurd's physmem

From:	yuan Darwin-r62832
Subject:	RE: Sawmill's dataspaces and the Hurd's physmem
Date:	Wed, 19 Oct 2005 11:33:49 +0800

Hi Neal,

        Thanks for your detailed information.

> Physical memory management needn't be an all or nothing deal. Certainly, an 
> application might wish to completely 
> manage the paging policy and its address space layout, however, I tend to 
> think that this is the exception.  And as 
> we will provide a POSIX personality, we need to have some sort of default VM 
> manager.

About general VM manager, what I really mean is just the "default VM manager".  
However, the question is still there: now that those sort of default VM 
managers provide mmap to those applications who don't want to manage their 
phsical memory, should they trust these VM managers?

If yes, these applications who use the Sawmill's framework should also trust 
DSMs, now that DSMs provide mapping to them, and DSMs will manage their own 
physical memory(implement their own replacement policy, they can even just use 
the library(LRU) provided by Hurd).

So, we can divide the applications into 2 categories: some of them wanna manage 
their physical memory, others won't. For the applications who do intend to do 
that, they just apply memory directly from Hurd's physmem server which is 
trustworthy; For others, they can  just use the Sawmill's framework. Note that 
these DSMs also apply memory from Hurd's physmem, instead of Sawmill physmem 
DSM. So we can just think these DSMs are just the applications who intend to 
manager their own physical memory.

My conclusion is, if Sawmill's framework has security problem on trust model, 
so has Hurd. So we have to assume that an application must trust its pager ( or 
pagers in Sawmill's model). Base on this assumption, Hurd & Sawmill's approach 
can live together.

> I see a number of problems with SawMill's dataspaces.  The root of this 
> thread is the presentation of a potential security flaw 
> in the design of dataspaces.  (Whether this is important or not depends on 
> the assumed trust model and security goals.)  
> Another is that as far as I can tell paging decisions are made towards the 
> root of a dataspace hierarchy and not at the applications themselves.

As I said above, for those applications who don't want to manage their own 
physical memory, they don't need to make paging decision. For others, they just 
apply memory from Hurd's physmem server, and manage the memory by themselves, 
which means they can make the paging decision by themselves.

Correct me if I have any misunderstanding.

Thanks.
Darwin

[Prev in Thread]

Current Thread

[Next in Thread]

RE: Sawmill's dataspaces and the Hurd's physmem, yuan Darwin-r62832, 2005/10/18
- Re: Sawmill's dataspaces and the Hurd's physmem, Neal H. Walfield, 2005/10/18
- RE: Sawmill's dataspaces and the Hurd's physmem, yuan Darwin-r62832 <=
  - Re: Sawmill's dataspaces and the Hurd's physmem, Neal H. Walfield, 2005/10/19
- RE: Sawmill's dataspaces and the Hurd's physmem, yuan Darwin-r62832, 2005/10/19

Prev by Date: Re: cap exchange race with map/unmap
Next by Date: Re: Sawmill's dataspaces and the Hurd's physmem
Previous by thread: Re: Sawmill's dataspaces and the Hurd's physmem
Next by thread: Re: Sawmill's dataspaces and the Hurd's physmem
Index(es):
- Date
- Thread