[ovs-dev] [PATCH] fatal-signal: Run signal hooks outside of actual signal handlers.
Jesse Gross
jesse at nicira.com
Tue Dec 8 23:37:24 UTC 2009
Ben Pfaff wrote:
> Jesse Gross <jesse at nicira.com> writes:
>
>
>> Ben Pfaff wrote:
>>
>>> Jesse Gross <jesse at nicira.com> writes:
>>>
>>>
>>>
>>>> Rather than running signal hooks directly from the actual signal
>>>> handler, simply record the fact that the signal occured and run
>>>> the hook next time around the poll loop. This allows significantly
>>>> more freedom as to what can actually be done in the signal hooks.
>>>>
>>>>
>>> This idea makes me nervous because it seems entirely possible
>>> that we'd have an infinite-loop bug somewhere that meant that
>>> this approach would prevent us from ever exiting (short of
>>> SIGKILL).
>>>
>>>
>> This is certainly possible. We could setup a watchdog timer to kill
>> things if we don't get control back in a certain amount of time after
>> receiving a fatal signal, though I'm not sure that is much better. I
>> guess having to send a SIGKILL in the event of an infinite loop bug
>> doesn't really bother me that much. The result is no worse than a bug
>> that causes a segfault for example.
>>
>
> OK.
>
> Give me some time to review this in detail, because anything
> signal-related is always tricky. Often there are race conditions
> of one kind or another.
>
>
I appreciate it, nasty corner cases are definitely possible.
> Did you take a look at the existing signals infrastructure in
> lib/signals.[hc]? Can anything there be adapted?
>
Yeah, I looked into that before going down this path. I concluded that
the solution using the signals infrastructure would look much the same
as what I have here but wouldn't have integrated as well with existing code.
More information about the dev
mailing list