Capability Revocation and Indirection
Capability Revocation and Indirection
Posted Oct 2, 2025 13:03 UTC (Thu) by Vorpal (guest, #136011)In reply to: Capability Revocation and Indirection by wahern
Parent article: CHERI with a Linux on top
Oof, that seems like a complete deal breaker to me. My main interests are in low latency hard realtime code, and that would completely kill any RT guarantees.
I don't see it scaling well to large workloads either. Imagine a database server with hundreds of GB of memory mapped into the process, no way that you want to sweep through all the pointers in that either. And even if you do it in the background concurrently, you will eat a lot of memory bandwidth, and you risk falling behind.
Which means we are left with a small niche: small systems with no RT guarantees.
> during the pendency of a concurrent background sweep, a CoW-like scheme temporarily traps all reads to sweep specific pages on demand, permitting forward progress before the concurrent sweep completes.
Isn't there a race condition in that: if you copy the capability around you may be able to copy it from a yet-to-be-swept page to an already swept page while the sweep is somewhere in between those pages? Or maybe I'm misunderstanding you.
Posted Oct 2, 2025 17:19 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (1 responses)
Then you're using the wrong database server :-)
Cheers,
Posted Oct 2, 2025 17:25 UTC (Thu)
by jake (editor, #205)
[Link]
Please do not continue down this path, Wol. You have been asked before. Your favorite hobby horse is off-topic on this article (and many, many others).
thanks,
jake
Capability Revocation and Indirection
Wol
Capability Revocation and Indirection