[ovs-dev] [PATCH] fatal-signal: Run signal hooks outside of actual signal handlers.
Jesse Gross
jesse at nicira.com
Tue Dec 8 23:12:11 UTC 2009
Ben Pfaff wrote:
> Jesse Gross <jesse at nicira.com> writes:
>
>
>> Rather than running signal hooks directly from the actual signal
>> handler, simply record the fact that the signal occured and run
>> the hook next time around the poll loop. This allows significantly
>> more freedom as to what can actually be done in the signal hooks.
>>
>
> This idea makes me nervous because it seems entirely possible
> that we'd have an infinite-loop bug somewhere that meant that
> this approach would prevent us from ever exiting (short of
> SIGKILL).
>
This is certainly possible. We could setup a watchdog timer to kill
things if we don't get control back in a certain amount of time after
receiving a fatal signal, though I'm not sure that is much better. I
guess having to send a SIGKILL in the event of an infinite loop bug
doesn't really bother me that much. The result is no worse than a bug
that causes a segfault for example.
> What additional cleanup actions do you want to take that cannot
> be conveniently done from signal handlers?
>
The specific cleanup here is destroying GRE devices, which requires
sending Netlink messages, which requires malloc'ing memory. There have
been other things that have come up previously that would also benefit
from this.
More information about the dev
mailing list