panic may get ignored and code would continue execution

[paulcallen]

If access violation has a handler in an application the panic would go to their handler and could be ignored and be returned to the panic function. This is a real scenario with something like dotnet when it throws exceptions to threads and ignores if it is not stopped in their code. We should make sure the kernel really exits the kernel when panic is called. Maybe panic can set the sighandler to default before it raises the exception. We cannot just call the default handler in all cases where signals was raised from inside the kernel as the dotnet scenario could cause the kernel to shutdown when it should not.

[paulcallen]

the implementation does spin the thread that panicked, but other threads can continue to run which can get the kernel into an even worse state

[paulcallen]

it is possible that even setting the default signal handler is not enough because we really need to shutdown ALL process and ALL threads if possible. However shutting down gracefully may just cause everything to lock up. Killing all threads from the host may be the best option, maybe having a target function that can cause exit() (if linux target), and calling into the host to call exit on SGX