On 2017-03-07 15:32, Claudio Scordino wrote: > Dear all, > > we noticed that if apic-demo does not perform > > comm_region->cell_state = JAILHOUSE_CELL_SHUT_DOWN; > > at the shutdown request, then the jailhouse console hangs the whole system. > > Apparently, if an inmate misbehaves (e.g., by running an infinite > loop), it can hang the whole system when trying to shutdown/destroy the > cell. > > To increase fault tolerance, shouldn't jailhouse have some kind of > timer, after while it forces cell destruction even if the cell has not > set JAILHOUSE_CELL_SHUT_DOWN ?
Yes, a privileged cell that takes part in the communication region protocol can stall the root cell while issuing a reconfiguration request. It cannot bring down the whole system, though: other cells will continue to work. There is a to-do entry for adding a timeout to this protocol, see "Monitoring" section in TODO.md. Jan -- Siemens AG, Corporate Technology, CT RDA ITP SES-DE Corporate Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
