Re: Reliability of RPC services

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliability of RPC services

From:	Jonathan S. Shapiro
Subject:	Re: Reliability of RPC services
Date:	Tue, 25 Apr 2006 10:03:56 -0400

On Tue, 2006-04-25 at 13:06 +0200, Marcus Brinkmann wrote:
> However, I am _much_ more interested in discussing what the actual
> problem is we are trying to solve.  It has to do with recovery...

I agree. Also, there is something else that we all agree on: if one
mechanism can handle two problems with acceptable efficiency, it is a
mistake to introduce a second mechanism for the second problem.

So I pose the following test case:

Suppose C calls S, and S enters an infinite loop. How should the client
defend itself from this error? Notice that none of the "capability death
notice" ideas are helpful.

The only mechanism that I know about that can guard against this is some
form of watchdog (which is why I am backing away somewhat from my
earlier position about watchdogs).

If we conclude that we need watchdogs for this (or for something else),
then I suggest that kernel-supported capability death notice (any kind)
is unnecessary and should not be implemented.

shap

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Child killing UI (was Re: Reliability of RPC services), (continued)

Prev by Date: Re: Strange wording about io_t->io_map method
Next by Date: Re: Reliability of RPC services
Previous by thread: Re: Reliability of RPC services
Next by thread: Re: Reliability of RPC services
Index(es):
- Date
- Thread