At Sun, 09 Oct 2005 14:50:00 -0400, Jonathan S. Shapiro wrote: > I send you a capability. During the window of time when you are trying > to exchange it, I revoke it. If I do this fast enough in the MAP/UNMAP > design, your attempt to invoke the CapServer will take a memory fault. > Note that this memory fault can occur at any place where your > application receives a capability, which includes EVERY RPC!!! Now what?
This illustration is not yet clear to me. Could you elaborate where the fault occurs? Here is the protocol that I envision: when doing a cap exchange, the receiver does not invoke the capability that it is trying to exchange but a capability to its trusted cap server and passes the capability it is trying to exchange as an argument. If the sender revokes the capability before the exchange completes, the cap server will see an invalid capability and fail. Where is the memory fault? Thanks, Neal _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
