From mboxrd@z Thu Jan 1 00:00:00 1970 From: bakul at bitblocks.com (Bakul Shah) Date: Mon, 09 Jul 2018 22:41:08 -0700 Subject: [COFF] Other OSes? In-Reply-To: Your message of "Sun, 08 Jul 2018 22:51:00 -0400." References: <20180705055650.GA2170@minnie.tuhs.org> <20180706054302.72718156E400@mail.bitblocks.com> Message-ID: <20180710054115.6F4AF156E400@mail.bitblocks.com> On Sun, 08 Jul 2018 22:51:00 -0400 Dan Cross wrote: > > On Fri, Jul 6, 2018 at 1:43 AM Bakul Shah wrote: > > > [snip some very interesting and insightful comments] > > Mill ideas are very much worth exploring. It will be possible > > to build highly secure systems with it -- if it ever gets > > sufficiently funded and built! IMHO layers of mapping as with > > virtualization/containerization are not really needed for > > better security or isolation. > > Sure, with emphasis on that "if it ever gets sufficiently funded and > built!" part. :-) It sounds cool, but what to do on extant hardware? > Similarly with CHERI: they change nearly everything (including the > hardware). There is that! Mill made me realize per process virtual address space can be thrown out *without* compromising on security. This can be a win if you are building an N-core processor (for some large N). Extant processor architectures are not going to make efficient use of available gates for large N-core. And mulitcore efforts such as Tilera don't seem to do anything re security. This just seems like something worth experimenting with. > > 2. Is mmap() *really* the best we can do for mapping arbitrary resources > > > into an address space? > > > > I think this is fine. Even remote objects mmapping should > > work! > > > > Sure, but is it the *best* we can do? Subjectively, the interface is pretty > ugly, and we're forced into a multi-level store. Maybe that's OK; it sure > seems like we haven't come up with anything better. But I wonder whether > that's because we've found some local maxima in our pursuit of > functionality vs cost, or because we're so stuck in the model of > multi-level stores and mapping objects into address spaces that we can't > see beyond it. And it sure would be nice if the ergonomics of the > programming interface were better. I was using mmap as a generic term. See my previous message for an example -- read/write(fd, buffer, count). Here buffer is a cap that can be used to map remote data into local addr space.