Hello,
I am currently conducting research using the L4Re system, and I am working on implementing a mechanism to reboot a Guest OS managed by UVMM.
In my setup, I run two Linux instances under UVMM. My goal is to reboot one of them without affecting the other.
To achieve this, I terminate the target instance by sending a signal using L4Re::Parent::signal, and then I restart it using a Ned script to launch a new instance of the same program. When restarting, I reuse the capability that was created during the first launch of the UVMM instance.
However, during execution, the restarted program encounters an "invalid capability invoke" error.
Upon investigation, I suspect this happens because l4_task_unmap was called during the restart process, which likely removed kernel objects associated with the original capability. As a result, the reused cap_index no longer refers to a valid object.
Based on this, I would appreciate your insights on the following questions:
Under what conditions are kernel objects deleted in L4Re?
In this rebooting workflow, how can we ensure that capabilities remain valid or that their associated kernel objects are not prematurely unmapped or deleted?
If UVMM crashes during operation, how can we design a mechanism to ensure system-wide stability and security?
Thank you in advance for your valuable feedback!
Best regards, stephen.yang
