On 12/29/2011 05:53 PM, Isaku Yamahata wrote: > On Thu, Dec 29, 2011 at 04:55:11PM +0200, Avi Kivity wrote: > > On 12/29/2011 04:49 PM, Isaku Yamahata wrote: > > > > > Great, then we agreed with list/reattach basically. > > > > > (Maybe identity scheme needs reconsideration.) > > > > > > > > I guess we miscommunicated. Why is reattach needed? If you have the > > > > fd, nothing else is needed. > > > > > > What if malicious process close the fd and does page fault intentionally? > > > Unkillable process issue remains. > > > I think we are talking not only qemu case but also general case. > > > > It's not unkillable. If you sleep with TASK_INTERRUPTIBLE then you can > > process signals. This includes SIGKILL. > > Hmm, you said that the fault handler doesn't resolve the page fault. > > > > Don't resolve the page fault. It's up to the user/system to make sure > > > it happens. qemu can easily do it by watching for the daemon's death > > > and respawning it. > > To kill the process, the fault handler must return resolving the fault. > It must return something. What do you expect? VM_FAULT_SIGBUS? zero page? if (signal_pending(current)) return VM_FAULT_RETRY; for SIGKILL, the process dies immediately. For other unblocked signals, the process starts executing the signal handler, which isn't dependent on the faulting page (of course the signal handler may itself fault). The NFS client has exactly the same issue, if you mount it with the intr option. In fact you could use the NFS client as a trivial umem/cuse prototype. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html