Naive question about grant/map

[Jonathan S. Shapiro]

On Fri, 2003-12-05 at 09:52, Marcus Völp wrote:
> Jonathan wrote:

> >Note that "B can ask A to map to C" may not be possible -- B may not
> >have any permission to perform an IPC to A. For example, A may be a
> >fault handler that can be accessed by B only for page faults, but not
> >directly via arbitrary IPCs -- the reason for such a restriction would
> >be to prevent B from sending hostile messages to the fault handler.
> >  
> >
> 
> Faults are just messages, so to get the page from A as a result of a 
> page-fault, the fault has to be send to A, either directly by B or by 
> some intermediates such as a region mapper. So this line could as well 
> be used to demand the mapping to be established to C. The only way when 
> this does not work is when B awaits a mapping from anyone and A by 
> chance sends this mapping. This however is a very strange situation, 
> isn't it?
> 
> By the way, we are now discussing offline the mailing list. Jean also 
> told me that your discussion with him went of the list at some point...

My apologies -- the EROS lists munge reply-to, and I'm having to get
used to saying "reply to all" again.

I may have unintentionally tripped over an architecture difference
between EROS and L4. In case it is revealing, let me explain it.

In EROS, a memory region has a designated fault handler. This is not
exactly the same as L4 tasks. Rather, imagine that each entry in the L4
GPT could optionally specify a fault handler (a thread) to handle that
subspace.

Because EROS has this arrangement, it is possible that an address space
will hold a fault handler capability that the client application does
NOT hold. In this case, the only fault messages that will arrive at the
fault handler are those initiated by the kernel in response to load and
store instructions.

I do not understand adequately how memory fault handling is structured
in L4, but if thread descriptors are ever virtualized I suspect that L4
will have the same possibility.

shap