[coyotos-dev] Removing wrappers
Jonathan S. Shapiro
shap at eros-os.com
Sun Mar 4 21:04:27 CST 2007
We are removing wrappers from the architecture.
The purpose of wrappers was to support selective revocation. After a
long discussion on Friday, Jonathan Adams and I came to the following
conclusions:
1. There is no use-case in which Wrappers are the right answer.
If you are wrapping an endpoint, the server needs to understand
that it is wrapped. In this case, the right thing to do is to
obtain a new endpoint. This also has the side effect of advising
the server what the new object behavior must be.
Example: without server participation, even simple capability
downgrade operations have the effect of escaping the wrapping.
Because of this, wrappers cannot serve their intended purpose
when wrapping an endpoint.
2. In all scenarios where you might wrap a memory capability,
using a GPT will work just as well.
3. There is no scenario in which wrapping a kernel capability with
a wrapper makes sense.
Since this enumeration covers all possible capabilities that might be
wrapped, we must conclude that wrappers serve no function in the
architecture and should be removed.
This is actually a good thing, because it removes one of the arbitrary
constant bounds imposed by the kernel.
shap
More information about the coyotos-dev
mailing list