Ok, let me tests this again here. Here’s my original post:
I found myself thinking that what you’re saying is mostly what I was thinking about when I was comprehending Genode OS Framework. I understood that you cannot do those ways efficiently and securely on x86. What’s missing is small and fast portals that you have! Are you going to build your OS for Mill with Genode or something like it?
I also have some questions that bothered me throughout the talk.
* How do you create a turf? Who can create it? Can it be abused?
* Can you create a VMM that doesn’t have right to read/write/execute all the memory but can grant access to it? Can you decouple VMM from the rest of OS?
* Some services might require passing a list of callbacks. Application will have to essentially build a number of portals in its data space. Can any application grant portal permissions to some address space that it can write? If it does, how is that region verified? Should turf ids be the same as turf that running thread is in currently? Can application abuse this by saying “All TBs of my memory are portals. Go, verify”?
* How does that need for portals map to existing C APIs?
Thank you very much for what you do in both creating a really good architecture and teaching it.