10 Jul
2018
10 Jul
'18
11:41 a.m.
On Sun, 08 Jul 2018 22:51:00 -0400 Dan Cross <crossd(a)gmail.com> wrote:
I was using mmap as a generic term. See my previous message
for an example -- read/write(fd, buffer, count). Here buffer
is a cap that can be used to map remote data into local addr
space.
On Fri, Jul 6, 2018 at 1:43 AM Bakul Shah <bakul(a)bitblocks.com> wrote:
There is that!
Mill made me realize per process virtual address space can be
thrown out *without* compromising on security. This can be a
win if you are building an N-core processor (for some large
N). Extant processor architectures are not going to make
efficient use of available gates for large N-core. And
mulitcore efforts such as Tilera don't seem to do anything re
security. This just seems like something worth experimenting
with.
[snip some very interesting and insightful
comments]
Mill ideas are very much worth exploring. It will be possible
to build highly secure systems with it -- if it ever gets
sufficiently funded and built! IMHO layers of mapping as with
virtualization/containerization are not really needed for
better security or isolation.
Sure, with emphasis on that "if it ever gets sufficiently funded and
built!" part. :-) It sounds cool, but what to do on extant hardware?
Similarly with CHERI: they change nearly everything (including the
hardware). 2. Is mmap()
*really* the best we can do for mapping arbitrary resources
Sure, but is it the *best* we can do? Subjectively, the interface is pretty
ugly, and we're forced into a multi-level store. Maybe that's OK; it sure
seems like we haven't come up with anything better. But I wonder whether
that's because we've found some local maxima in our pursuit of
functionality vs cost, or because we're so stuck in the model of
multi-level stores and mapping objects into address spaces that we can't
see beyond it. And it sure would be nice if the ergonomics of the
programming interface were better. into an address space?
I think this is fine. Even remote objects mmapping should
work!