Please don't top post.
At Tue, 1 Apr 2008 10:48:02 -0600,
Joshua Stratton wrote:
>
> The problem you described was the client owning the memory object, sending
> it to the server, and the server having the ability to unmap the memory
> because it has ownership, if I understand correctly.
No. The client has the ability to DoS the server because it manages
the memory object.
What exactly is the difference between manages and owns?
> I assumed that a lock
> was built into the system to prevent this, but I was wondering if this
> weren't the case, the client could give the ownership to the server before
> the server does any operations so the client could not unmap the memory
> object. The server would then give the ownership back to the client after
> the operation is complete such that the client couldn't unmap the memory
> while the server is using it, and in the default state the client would have
> the responsibility of the memory block (which would help the denial of
> service inside the network stack).
If the server owns the memory, that means it is account to the
server. In which case, why not just let the server allocate it?
I realize to some extent this would just cause the same problems as the server managing the memory, but my thought was it would reduce the amount of time the server is responsible for the data. Do you think the client-side memory model is worthwhile? And would the server allocating the memory passing it to the client using the Mach semantics allow this client-side memory model while avoiding the ability for clients to unmap the data?
Josh
Neal