[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emulating no-senders notifications in L4?

From: Espen Skoglund
Subject: Re: emulating no-senders notifications in L4?
Date: Sat, 22 Dec 2001 00:59:12 +0100

[Thomas Bushnell]
> Espen Skoglund <address@hidden> writes:
>> [Thomas Bushnell]
>>> Ondrej Hurt <address@hidden> writes:
>>>>> And a task can not die violently since if it raises an exception
>>>>> this exception is delivered to an exception handler thread which
>>>>> can handle this situation.
>>>> The exception handler can get stuck itself somewhere and can
>>>> ignore exception IPC forever.
>>> Not a problem; we would just require that this exception handler
>>> be a trusted entity.
>>> For this to work, it must be impossible for an unprivileged task
>>> to change its exception handler.  In Mach, anyone can change their
>>> own exception handler; in the proposed L4 scheme, will that still
>>> be so?
>> Yes.

> In that case, there is a serious bug.  If a thread changes its
> exception handler to an uncooperative program, and then dies with
> the aid of that program, what will clean up its port rights?

A program can not simply die all by itself.  It can go into an ifinite
loop, yes, but it can not free up all its own resources.  A
task_delete() syscall is needed for doing that, and the program is
generally not allowed to perform the syscall itself.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]