[ovs-dev] [PATCH] fatal-signal: Run signal hooks outside of actual signal handlers.

Jesse Gross jesse at nicira.com
Tue Dec 8 23:37:24 UTC 2009



Ben Pfaff wrote:
> Jesse Gross <jesse at nicira.com> writes:
>
>   
>> Ben Pfaff wrote:
>>     
>>> Jesse Gross <jesse at nicira.com> writes:
>>>
>>>   
>>>       
>>>> Rather than running signal hooks directly from the actual signal
>>>> handler, simply record the fact that the signal occured and run
>>>> the hook next time around the poll loop.  This allows significantly
>>>> more freedom as to what can actually be done in the signal hooks.
>>>>     
>>>>         
>>> This idea makes me nervous because it seems entirely possible
>>> that we'd have an infinite-loop bug somewhere that meant that
>>> this approach would prevent us from ever exiting (short of
>>> SIGKILL).
>>>   
>>>       
>> This is certainly possible.  We could setup a watchdog timer to kill
>> things if we don't get control back in a certain amount of time after
>> receiving a fatal signal, though I'm not sure that is much better.  I
>> guess having to send a SIGKILL in the event of an infinite loop bug
>> doesn't really bother me that much.  The result is no worse than a bug
>> that causes a segfault for example.
>>     
>
> OK.
>
> Give me some time to review this in detail, because anything
> signal-related is always tricky.  Often there are race conditions
> of one kind or another.
>
>   

I appreciate it, nasty corner cases are definitely possible.

> Did you take a look at the existing signals infrastructure in
> lib/signals.[hc]?  Can anything there be adapted?
>   

Yeah, I looked into that before going down this path.  I concluded that 
the solution using the signals infrastructure would look much the same 
as what I have here but wouldn't have integrated as well with existing code.




More information about the dev mailing list