l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Questions about copy-on-write

From: Bas Wijnen
Subject: Re: Questions about copy-on-write
Date: Wed, 27 Oct 2004 21:15:22 +0200
User-agent: Mozilla Thunderbird 0.8 (X11/20040926) 
Sam Mason wrote:

It seemed to be suggesting that tasks could revoke the *mappings*
it had made with other tasks.  Basically I was a very confused
little boy!
Mapping memory into an L4 address space can only be done using IPC, as Marcus said (he said RPC, which isn't the right term, I think). So in order to get new memory (granted or mapped), a task must be ready to receive IPCs. The task is automatically set in this state when a page fault occurs, and an IPC is made to its pager, which should respond with some memory (mapped or granted in an IPC message).
If a task (physmem) mapped memory to some other task, it can unmap it at any time it likes, and the other task isn't notified. It will receive a page fault when it tries to access the memory again, and should probably do something to get it back. Alternatively, the pager could for example use ThreadSwitch to change the IP of the faulting task to its signal handler, or something.
This is how L4 handles things: mapping by IPC, unmapping without notification.
At a higher level, we have physmem. It holds a database of mappings which it is prepared to give out. In case of a page fault in a region which a task is allowed to touch (according to the database), the pager will just do an RPC to physmem telling it to map the page in. In some cases, the page might need to be retrieved from swap, which will probably block the thread for some time.
Containers are just a special physmem-construct, which can be shared. A container is just a box which holds some memory. Anyone who holds a capability for the container can add pages to it, remove them from it, and map them in its memory. When a task drops the capability it can no longer do those things (and physmem unmaps the pages if they were mapped, I guess). There is no difference between two capabilities, so when a capability is copied, there is no difference between the two tasks anymore, as you said.
In many cases, this will not be what you want. Instead, you want the other task to be able to read, but not write the container. Or you want it to be able to read and write, but not the add or remove pages. For such situations you can make a proxy capability object. You don't copy the container capability to the other task, but instead give it a capability from yourself. Any request made with it is checked, and if it's ok, passed on to the container.
If there's something wrong in the story above, I'm sure someone will correct me. :-) 

Thanks,
Bas

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]