[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Sawmill's dataspaces and the Hurd's physmem
From: |
yuan Darwin-r62832 |
Subject: |
RE: Sawmill's dataspaces and the Hurd's physmem |
Date: |
Wed, 19 Oct 2005 11:33:49 +0800 |
Hi Neal,
Thanks for your detailed information.
> Physical memory management needn't be an all or nothing deal. Certainly, an
> application might wish to completely
> manage the paging policy and its address space layout, however, I tend to
> think that this is the exception. And as
> we will provide a POSIX personality, we need to have some sort of default VM
> manager.
About general VM manager, what I really mean is just the "default VM manager".
However, the question is still there: now that those sort of default VM
managers provide mmap to those applications who don't want to manage their
phsical memory, should they trust these VM managers?
If yes, these applications who use the Sawmill's framework should also trust
DSMs, now that DSMs provide mapping to them, and DSMs will manage their own
physical memory(implement their own replacement policy, they can even just use
the library(LRU) provided by Hurd).
So, we can divide the applications into 2 categories: some of them wanna manage
their physical memory, others won't. For the applications who do intend to do
that, they just apply memory directly from Hurd's physmem server which is
trustworthy; For others, they can just use the Sawmill's framework. Note that
these DSMs also apply memory from Hurd's physmem, instead of Sawmill physmem
DSM. So we can just think these DSMs are just the applications who intend to
manager their own physical memory.
My conclusion is, if Sawmill's framework has security problem on trust model,
so has Hurd. So we have to assume that an application must trust its pager ( or
pagers in Sawmill's model). Base on this assumption, Hurd & Sawmill's approach
can live together.
> I see a number of problems with SawMill's dataspaces. The root of this
> thread is the presentation of a potential security flaw
> in the design of dataspaces. (Whether this is important or not depends on
> the assumed trust model and security goals.)
> Another is that as far as I can tell paging decisions are made towards the
> root of a dataspace hierarchy and not at the applications themselves.
As I said above, for those applications who don't want to manage their own
physical memory, they don't need to make paging decision. For others, they just
apply memory from Hurd's physmem server, and manage the memory by themselves,
which means they can make the paging decision by themselves.
Correct me if I have any misunderstanding.
Thanks.
Darwin