Rights Amplification
Bernhard Kauer
kauer at os.inf.tu-dresden.de
Fri Jun 10 15:38:27 CEST 2005
On Fri, Jun 10, 2005 at 02:23:50PM +0100, Neal H. Walfield wrote:
> > > Usage scenario 2: Reference counting.
> >
> > the main problem with reference counting is that the clients have to
> > explicitly release the reference. Thus cooperation is needed, since L4
> > do not send a notification if an object e.g. a task is destroyed...
>
> Clients can voluntarily release a reference, however, they are not
> required to do so. The task server, which is part of the TCB, knows
> when every task terminates. It can provide this information to the
> reference monitor.
There is a grant problem. If a client X grant an object to Y and X dies,
this does not mean, that the reference to the object is released...
> > > Situation: S -> C -> (1 reference) A -> B
> > >
> > >
> > > Goal: /-> (1 reference) A
> > > S-> C
> > > \-> (1 reference) B
> > >
> >
> > In your scenario both clients A and B have to cooperate with C
>
> C needn't trust either A or B.
If client A asks the server C to map something it already has, from C to a
client B, only the clients have to trust C to provide this service.
The server C needn't trust its clients for this operation...
Bernhard
More information about the l4-hackers
mailing list