[Way off-topic] Re: What is a type error?
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Thu Jul 13 12:08:16 EDT 2006
Joachim Durchholz wrote:
> A concrete example: the
> first thing that Windows does when accepting userland data structures
> is... to copy them; this were unnecessary if the structures were immutable.
It is necessary also because the userland structures are in a different
privilege domain, and the memory backing them is potentially mapped by
other processes, or accessible by other threads of this process, that can
be running in parallel while the current thread is in the kernel.
Also, it tends to be easier and more secure to treat userland structures
as if they were in a different address space (even if for a particular OS,
the kernel would be able to access user mode addresses directly). The
kernel cannot trust that pointers in userland structures are valid, for
instance.
So, in order to avoid a copy when accepting a userland structure:
- when servicing a kernel call for a given process, the OS must use
kernel-mode page table mappings that are a superset of the user-mode
mappings for that process at the point of the call.
- the memory backing the structure must be immutable in all processes
that could map it, and the kernel must trust the means by which it is
made immutable.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the Python-list
mailing list