Welcome, Guest. Please login or register.
Forums
« previous next »
Pages: [1]   Go Down

Author Topic: AmigaOS Memory protection, preemptive?  (Read 2857 times)

Description:

0 Members and 1 Guest are viewing this topic.

Offline Karlos

  • Sockologist
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Nov 2002
  • Posts: 16879
  • Country: gb
  • Thanked: 5 times
    • Show all replies
Re: AmigaOS Memory protection, preemptive?
« on: May 10, 2009, 11:27:09 AM »
AmigaOS wasn't designed with memory protection in mind. All of the processes see the same memory map and the ability to access memory owned by another process is critical to the  messaging system: Process A allocates memory, puts data into it and passes a pointer to Process B which can modify it directly and pass it back.

The only model I could envisage working is one in which public and private memory are implemented. Public memory would be used to allocate storage for any structures that are to be passed between processes and private memory used everywhere else. However, even assuming you could rewrite the entire OS to use this model, protection of private memory could only be implemented on a page basis. Furthermore, given the existing design of the OS, you'd not really be no safer due to the extent to which it depends on messaging etc. You simply can't prevent a broken Process B crapping all over the public memory Process A allocated for the message.
Logged
int p; // A
 

Offline Karlos

  • Sockologist
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Nov 2002
  • Posts: 16879
  • Country: gb
  • Thanked: 5 times
    • Show all replies
Re: AmigaOS Memory protection, preemptive?
« Reply #1 on: May 10, 2009, 01:36:09 PM »
Quote

freqmax wrote:
You send the message to the kernel which then takes ownership of that memory range. Then the program can trash all around without any effect ;)


Unfortunately, that is completely at odds with the amigaos messaging system. Messages are sent by reference, directly between message ports created by userland processes.

Even if you did managed to rework it so that they were sent by the "kernel" - which is a strange concept given that only the task scheduler and exception traps run in supervisor mode - you'd lose the principal advantage of the AmigaOS IPC mechanism, which is it's speed. If you copy the message, you introduce significant overhead.

So, you decide to opt for a zero copy but then only discrete pages can be protected. Unless you make all discrete allocations at least one page in size (which will waste memory like anything), you wouldn't want to do that. If you did, you might end up write protecting other bits of data in the same page that are in use by other processes.

Finally, assuming you overcome all this, if Process B craps all over the message and dies, it has still suceeded in hanging process A which is probably waiting for a ReplyMsg(). Anything waiting for Process A will now lock up too, and so on.
Logged
int p; // A
 
Pages: [1]   Go Up
« previous next »