On 12 February 2011 18:05, Edward Jaffe <[email protected]> wrote: > On 2/12/2011 2:37 PM, [email protected] wrote: >> >> Address Space "A" runs in problem state - key 8. >> Address Space "A" Issues a Program Call instruction which inturn invokes a >> Cross Memory Space Switching Routine (in the Vendors Server Space "B"). The >> PC-ss routine executes in supervisor state, >> and its only responsibility is to schedule an SRB into the requesting >> Address Space "A". >> >> Now Address Space "A" has an SRB Routing executing in its address space in >> Supervisor State. >> >> Has anyone seen the above Architecture/Technique used ? >> >> Is this a commonly used technique ? > > I would think it's very common.
I agree, and there's nothing inherently wrong with it. But I wonder if the implied question is about authorization and protection... How does the PC routine know that caller A should be doing this, and who decides what the SRB does once it is scheduled into address space A? You don't want just any code in A fabricating an SRB and calling B to schedule it. And all the usual nastiness arises if other code in A is able to influence the code (or its data) that runs under the SRB. In the worst, i.e. most incompetently implemented case this would be no better than the magic SVC of (hopefully) bygone days that "does some checking" and then returns control in supervisor state. It's certainly not unreasonable to ask the vendor how their authorization works. Presumably you already know from the product context whether A is going to potentially be any old user, or is always another address space running only the vendor's code. Tony H.
