At Tue, 18 Oct 2005 01:26:10 +0200, olafBuddenhagen@gmx.net wrote:
Hi,
If you look at my protocols, this imposes an additional IPCs and system calls in the RPC path for every capability that should be copied from one process to another. As capability copy is expected to be ubiquituous, this is a discouraging result.
Is it really? My Guess would be that in typical use, capability passing of any kind should happen seldom enough not to make a few more IPCs/syscalls critical... But well, I guess I'm overlooking something :-)
Well, it depends. You may be right. By careful optimization, we can probably use revocable copies (ie, simple mappings) in L4 for many operations. Especially when sending capabilities from a client to a server, which would include the important I/O path and container use.
This is with the Hurd server design that we had in mind so far. But in this design so far we haven't even tried to leverage the capability system to its full extent. In fact, we are making pretty poor use of it. If you opt for a different system architecture, it may be different. For example, process instantiaton (spawn or fork) requires many capability copies even in our current plans. Creating new processes is an important operation in the EROS operating system to enforce confinement policies.
Thanks, Marcus