Posted: Mon Jun 18, 2007 10:26 am
If the queue data are in a kernel page, then a transition to ring 0 would be required in order to modify the values.How about having the handle structure stored in the relevant process'es memory, which is written to by the kernel?
Why should a receiver know the identity of the sender? even if a dialog between sender and receiver is required, the dialog could be achieved using return values instead of exchanging messages.There are two things you have to ensure:
1) Each process knows for certain the identity of the process sending messages to it (and the sender must not be able to fake their identity!)
Process A will not be able to read from a non-existent page. Upon B's resizing, the page will be marked non-existent for A.2) No process can write to another's shared memory OR to where the recieving process 'thinks' the sending process is writing to.
The second of these could have some interesting problems - for instance:
- Process A is about to read the last page of some memory shared with Process B, and is then subjected to a context switch
- Process B then resizes its shared memory, decreasing its size and loosing the last page, that Process A was about to read.
- Process E (E for evil >Smile ) then increases its buffer size, and the new page is placed where B's old one was.
- Process A will then read information written by E, that it thinks comes from B
The simplest solution I see is that the O/S allocates a shared memory buffer between two processes. The treatment of the shared buffer should be left entirely to the processes themselves.
The buffers should be allocated in such a way that buffer overrun or underrun is minimized, if possibly caught. This can be achieved by inserting guard pages between the buffers.
I think the only realistic solution for a modularized O/S is user-defined security: CPUs should have allowed the execution of a user-defined function upon access of another page. The function would be cached on the CPU, allowing for efficient and superfast access control. The kernel would be responsible for loading the security check code.