Hello Espen,
[Jonathan S Shapiro]
I am looking for a sequence in which A maps to B and B ??? to C and the result would look like: A -> B A -> C Also, I forgot to ask: is there some reason why such an operation would be inadvisable?
Another (perhaps minor) problem I see with this scheme is that if/when we introduce management of kernel memory from user-level [1], there might be a problem of accounting. For each mapping there is a "mapping node" in the in kernel mapping database. Upon a map operation, the memory for this mapping node can be accounted to either the mapper or the mappee. If memory is accounted to the mappee there is no problem with your new ??? operation.
If the mapping node is accounted (and exported) entirely to the mappee, then validating it when it is re-imported from user level becomes a very hard problem. This is why I suggested splitting the mapping nodes into two separate parts, which can be validated against each other (in my thesis, Section 4.7.3).
However, there is another solution: Assume the current mapping is A->B, and B wants to pass the object on to C without retaining the ability to revoke it later. Then B can simply request a _second_ mapping from A and grant that one to C. The first step would look like this:
A -> B (at address b1) Accounting: A 0.5 B 0.5 A -> B (at address b2) Accounting: A 0.5 B 0.5
After B has granted the object at address b2 to C, the situation changes as follows:
A -> B (at address b1) Accounting: A 0.5 B 0.5 A -> C (at address c1) Accounting: A 0.5 C 0.5
In this scenario, B and C are charged with half a mapping node for each mapping they own. A is charged with a full mapping node, but since it knows that B requested both mappings, it can ask B for compensation.
- Andreas