On Thu, Dec 29, 2011 at 03:52:58PM +0200, Avi Kivity wrote: > On 12/29/2011 03:49 PM, Isaku Yamahata wrote: > > > > > > qemu can have an extra thread that wait4()s the daemon, and relaunch > > > it. This extra thread would not be blocked by the page fault. It can > > > keep the fd so it isn't lost. > > > > > > The unkillability of process A is a security issue; it could be done on > > > purpose. Is it possible to change umem to sleep with > > > TASK_INTERRUPTIBLE, so it can be killed? > > > > The issue is how to solve the page fault, not whether TASK_INTERRUPTIBLE or > > TASK_UNINTERRUPTIBLE. > > I can think of several options. > > - When daemon X is dead, all page faults are served by zero pages. > > - When daemon X is dead, all page faults are resovled as VM_FAULT_SIGBUS > > - list/reattach: complications. You don't like it > > - other? > > Don't resolve the page fault. It's up to the user/system to make sure > it happens. qemu can easily do it by watching for the daemon's death > and respawning it. > > When the new daemon is started, it can ask the kernel for a list of > pending requests, and service them.
Great, then we agreed with list/reattach basically. (Maybe identity scheme needs reconsideration.) -- yamahata
