[cap-talk] kernel object knowledge
Bill Frantz
frantz at pwpconsult.com
Wed May 30 22:49:00 EDT 2007
markm at cs.jhu.edu (Mark S. Miller) on Wednesday, May 30, 2007 wrote:
>Jonathan S. Shapiro wrote:
>> On Wed, 2007-05-30 at 10:09 -0700, Charles Landau wrote:
>>> Don't these difficulties apply also to non-oblivious membranes,
>>> though to a lesser degree? A non-oblivious membrane may know that
>>> some capabilities do not need to be wrapped, but there may still be
>>> some that do need to be wrapped. At best, a non-oblivious membrane
>>> simply lowers the bound of storage required (possibly lowering it
>>> from infinite to finite).
>>
>> I seem to recall that MarkM had an implementation in E at one point that
>> was able to evade this issue by re-using the proxy object in some clever
>> way that I no longer recall. I may be mistaken.
>
>You may be thinking of Bill Frantz's proposal to pre-allocate bit positions in
>the capability representation for all the membranes that a capability
>virtually passes through (link needed).
<http://www.eros-os.org/pipermail/cap-talk/2007-January/007381.html>
>This is a clever approach that shifts
>the costs around in a thought provoking way. But it's only practical if one
>can practically treat such system-supported membranes as a globally
>super-scarce resource, say 32 altogether. I expect this issue disqualifies the
>proposal for general purpose use.
I had some additional ideas that involved garbage collecting sparse bit
masks (or some other equivalent representation), but didn't carry them
to the level of a straw man proposal.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
More information about the cap-talk
mailing list