l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EROS/Coyotos address spaces

From: Marcus Brinkmann
Subject: Re: EROS/Coyotos address spaces
Date: Thu, 20 Oct 2005 16:27:40 +0200
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI) 
At Wed, 19 Oct 2005 15:42:12 -0400,
"Jonathan S. Shapiro" <address@hidden> wrote:
> At any point in the node tree, one may insert a wrapper node "in front"
> of an existing subtree. This wrapper node may specify a start (entry)
> capability in the CF slot, and set a control bit. The control bit
> indicates that a "keeper" is defined defined by this wrapper.

Is the following true:

If the pager gives the start capability _only_ to the wrapper object,
then _only_ the kernel can invoke page fault messages on this start
capability.

If this is true, then this could be a significant difference.  In L4,
page fault messages can be emulated (either by unmapping and faulting,
or by direct IPC), and this means that the pager needs to protect
against DoS attacks --- at least somewhere in the hierarchy (the first
pager of a task is usually local, and there is a mutual trust
relationship.

If in EROS you can ensure that only the kernel can generate page
faults, then, because the kernel also controls the page eviction
policy, this seems to protect against DoS attacks.

Thanks,
Marcus
reply via email to
[Prev in Thread] Current Thread [Next in Thread]