[ovs-dev] [PATCH] fatal-signal: Run signal hooks outside of actual signal handlers.

[Ben Pfaff]

Jesse Gross <jesse at nicira.com> writes:

> Ben Pfaff wrote:
>> Jesse Gross <jesse at nicira.com> writes:
>>
>>   
>>> Rather than running signal hooks directly from the actual signal
>>> handler, simply record the fact that the signal occured and run
>>> the hook next time around the poll loop.  This allows significantly
>>> more freedom as to what can actually be done in the signal hooks.
>>>     
>>
>> This idea makes me nervous because it seems entirely possible
>> that we'd have an infinite-loop bug somewhere that meant that
>> this approach would prevent us from ever exiting (short of
>> SIGKILL).
>>   
>
> This is certainly possible.  We could setup a watchdog timer to kill
> things if we don't get control back in a certain amount of time after
> receiving a fatal signal, though I'm not sure that is much better.  I
> guess having to send a SIGKILL in the event of an infinite loop bug
> doesn't really bother me that much.  The result is no worse than a bug
> that causes a segfault for example.

OK.

Give me some time to review this in detail, because anything
signal-related is always tricky.  Often there are race conditions
of one kind or another.

Did you take a look at the existing signals infrastructure in
lib/signals.[hc]?  Can anything there be adapted?