Push/Pull
Jonathan Shapiro
shap@viper.cis.upenn.edu
Tue, 6 Dec 94 14:47:25 -0500
[please note the redirection to the dimsum list]
I think I may be unclear on what exactly you mean by "permissions".
In your definition, does "permissions" mean the parts of a memory
object that can be read or written, given a particular memory object
capability? Or is it something to do with how a memory object is
mapped in virtual memory, e.g. the access rights given to mapped
pages?
If it's the former, then I guess I've been pretty much assuming all along
that permissions generally apply at the memory object granularity.
I'm reacting to the KeyKOS segment model. It is possible, in KeyKOS,
to construct a two-page segment as follows (I hope emacs doesn't turn
my spaces into tabs...):
RW Seg Key
----------->+----------------+ +---------------------+
| RW page key --+------>| Page 0 of segment |
+----------------+ +---------------------+
| RO page key --+--\
+----------------+ \ +---------------------+
-->| Page 1 of segment |
+---------------------+
Ahh the magic of graphics!
In this configuration, the user will have RW access to page 0, but
only RO access to page 1. The model is that the access is the logical
AND of the authorities available on the path from the seg key to the
page key.
Note that if you fail to implement some such crap, then consistency
arguments raise some interesting questions about what permissions
should be in a composed memory object.
A common case in UNIX is the permissions applied to the last code
page if code and data abut.
Note that KeyKOS ties the disk page size to the memory page size, so
this makes sense.
However, if page size isn't universal....
Jonathan