Re: secure exec

[Marcus Brinkmann]

On Sat, May 24, 2003 at 12:43:00AM +0200, Niels Möller wrote:
> CALLS
> 
> The operation code is put into the L4 tag label. Every call takes a
> task handle (or transaction handle) as the first argument.
> 
> The reply puts a result code into the tag label, where zero means
> success.

The label in the reply should be the label of the request + 1 (where the
request always has the least significant bit 0).

I have not yet allocated labels for the task interface yet because the task
interface is not written.  However, of course you are currently free to use
any labels as the whole system is not written :)  I guess we should also
reserver some space for user defined.  Unfortunately the label space is very
tight, what about 0xe000 - 0xffff ? (some of the 0xff.. space is also used
by L4 protocols).
 
Also, notifications about task death are really just a special case of
notifications about an object being destroyed (in this case it is the task
object).  Object destroyed notifications are important because object IDs
must not be reused as long as there are callers having the object ID stored
somewhere, because object IDs are global like task IDs.  At least that is
the current draft.  Which means that if an object can die (which usually
will be the case because the server can unilaterally destroy the object), it
will have to send out notifications to all its users holding references to
it, and wait for the user to deallocate their references.

This is exactly what should happen for task ID objects and tasks, of course.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    address@hidden
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/