Hello,
I hope you don't mind me spamming the list with my problems.
I have a question about the association of capabilities with
process-local meta data. As far as I understand, the "badging" of
capabilities is the recommended mechanism for servers to attach a
server-local meaningful value to a capability. After having handed out
the capability to a client, it gets this value reported each time the
client (or any other process to which the capability was delegated to)
invokes the capability or delegates the capability back to the server
(e.g., as RPC argument).
Now, I have the following scenario: There are three processes, a factory
(F), a mediator (M), and a client (C). The factory is responsible for
physically allocating objects (e.g., in Genode's case, one example would
be the core process that hands out dataspaces). The mediator is a
process that sits in-between the client and the factory (in the Genode
world, this could the the init process). It keeps records about the
allocation and may use this information to implement a policy. The
client is the designated user of the object. To create an object, C will
call M, which, in turn, will call F on behalf of C:
alloc create
F <-------- M <--------- C
F will create the actual object and a corresponding badged capability
and returns the badged capability as return value to M. Because M wants
to keep records about the lifetime and parameters of the created
objects, it needs to associate a process-local meta-data structure to
the capability.
badged
cap
F ---------> M C
:
(meta data <-> cap)
M stores the meta data in a process-local data base using the cap as
key. It then hands out the cap to the actual client. Sometime later, the
client decides to destroy the object (or perform another operation at M
that takes the cap as argument):
badged
cap
F M ---------> C
|
| uses object (e.g., invoking the cap)
destroy |
(cap arg) |
? <----------+
When M receives the destroy request with the cap of the to-be-destroyed
object as argument, it wants to look up the corresponding meta data from
its data base. But unfortunately, the cap argument of the destroy
function got assigned a new local name within M (some number within the
receive window of M).
How can M find the meta data associated with the allocated object?
Best regards
Norman
--
Dr.-Ing. Norman Feske
Genode Labs
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
_______________________________________________
Devel mailing list
[email protected]
https://sel4.systems/lists/listinfo/devel
