As of right now a global handle is simply the offset of the executive object from the start of the executive pool. This would pose a problem if an object is deleted and later the same executive pool space is reused for another object. The client needs to be notified of object deletion. Otherwise the wrong object would be accessed. We will probably need per-process handles for driver processes, and never delete these handles but only mark them as "deleted" so we catch the case where client tries to access a deleted handle (they will be notified, but in case of a buggy/malicious client driver we want to make sure server is not compromised).
cl91
commented
4 months ago
As of right now a global handle is simply the offset of the executive object from the start of the executive pool. This would pose a problem if an object is deleted and later the same executive pool space is reused for another object. The client needs to be notified of object deletion. Otherwise the wrong object would be accessed. We will probably need per-process handles for driver processes, and never delete these handles but only mark them as "deleted" so we catch the case where client tries to access a deleted handle (they will be notified, but in case of a buggy/malicious client driver we want to make sure server is not compromised).