NOVA: remote revoke

Norman Feske norman.feske at ...1...
Tue Jul 24 21:44:10 CEST 2012

Hash: SHA1

Hi Udo,

> There are some subtle corner cases possible if revoke gets
> preempted. One is that if you do a revoke (range, PD-cap), the
> range obviously cannot go away, but the PD-cap can. This means if
> you do a directed revoke by specifying a PD-cap, and the PD-cap (or
> the PD) goes away in the middle of a preempted revoke, the
> remainder of the revoke would fail to look up the PD and do a full
> revoke of the range instead.

what do you mean by "full revoke of the range"?

If a PD cap goes away, won't this implicitly revoke everything from
the PD anyway? (including the not-yet-finished range of the preempted
revoke operation) If so, this looks like a non-issue to me. Or does
the preempted revoke happen to yield to leaking resources in any way?

> Alternatively you'd have to hold onto the PD-cap while a revoke
> with that PD-cap is ongoing, which is hardly any better.

I am not sure I fully comprehended your first paragraph. But either
way, holding the PD cap until no partial revoke referring to the PD is
in progress would be feasible as well. Core needs to deal with such
life-time management problems already.


- -- 
Dr.-Ing. Norman Feske
Genode Labs ·

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the users mailing list