|
|
Subscribe / Log in / New account

VSTATUS, with or without SIGINFO

By Jonathan Corbet
January 6, 2022
The Unix signal interface is complex and hard to work with; some developers have argued that its design is "unfixable". So when Walt Drummond proposed increasing the number of signals that Linux systems could manage, eyebrows could be observed at increased altitude across the Internet. The proposed increase seems unlikely to happen, but the underlying goal — to support a decades-old feature from other operating systems — may yet become a reality.

The kernel is able to support up to 64 different signal types, which seems like a fair number, but all 64 are taken, on some architectures at least. That makes it impossible to add new signal types to Linux. Drummond sought to address that problem by raising the limit to 1024, which would surely be enough for all time. Raising the limit requires making some subtle changes to the user-space API (putting a larger signal mask into the information passed to realtime signal handlers, for example) that have the possibility of breaking applications, which means that extra scrutiny would be required. But that, it seems, is what would be needed to be able to add more signals.

Developers immediately wanted to know why there was a need to add signals, and urged Drummond to find an alternative if possible. As Eric Biederman put it:

Please let's not expand the number of signals supported if there is any alternative. Signals only really make sense for supporting existing interfaces. For new applications there is almost always something better.

So why is there a need to add new signals? The answer has roots in ancient history, well before the creation of Linux. The TOPS-10 operating system was developed by Digital Equipment Corporation in the 1970s; one feature it offered was to print a line of status information (what was running, CPU time consumed, etc.) when the user typed control-T. It was a quick way for users to verify that the system was still alive and making progress on whatever task they were running. This feature found its way into VMS later on, and it still exists today in a number of BSD variants. Linux, however, does not have this feature — in that form, anyway.

Within the kernel, there are two aspects to supporting this feature, which goes by the name VSTATUS. The first is to recognize the status request in the terminal driver; this is done using the same logic that recognizes other control characters, such as control-C to send a SIGINT signal to the running process. The kernel would then respond to the keystroke in two ways:

  • The kernel will print a status line directly to the terminal with generic information about the running process and the state of the system.
  • A SIGINFO signal is sent to the process running on the terminal at the time. Applications can catch this signal to print some status information of their own; a copy application could tell the user how far the copy has progressed, for example.

The Linux kernel doesn't implement VSTATUS, so it won't do either of the above things. Adding the ability to print a status line to the terminal driver is not that hard; neither is sending a signal in response to an event. The problem is that Linux does not implement SIGINFO, so that signal would need to be added and, as noted above, there is no room to add new signals. Thus Drummond's patch set.

This is not the first time that VSTATUS support has been requested; the issue also came up in 2014 and again in 2019 — and undoubtedly other times as well. In 2019, Arseny Maslennikov tried to get around the signal limitation by defining SIGINFO as a synonym for SIGPWR, which was meant to (depending on who is reminiscing at the time) indicate that either a power failure was impending or power had been restored. Either way, the signal is delivered only to the init process, and it tends to be little used on current systems. Repurposing it for VSTATUS requires changing the default action for SIGPWR to "ignore" but otherwise shouldn't prove disruptive to user space.

Or so the developers would hope. Real-world uses of SIGPWR are rare, but they do exist; as Ted Ts'o pointed out, systemd can be made to respond to it, for example. Changing the default handling of SIGPWR would probably not break any user-space applications, but it is hard to know that for sure. If something does break, it could show up years later when the change makes it into an enterprise kernel; at that point, the problem would be nearly impossible to fix to everybody's satisfaction. So it is unsurprising that kernel developers are reluctant to make a change like this.

Over the years, there have also been questions about whether the feature is really needed or not. As Greg Kroah-Hartman pointed out in 2019, the kernel's "magic SysRq" feature does everything VSTATUS does (and a lot more). But magic SysRq only works on the system console; as Biederman noted in the above-linked message, a "persuasive case" could be made for the utility of this feature for users interacting with systems over SSH, for example. So a use case for VSTATUS does appear to exist.

Given that, what is to be done? Ts'o's message above included a suggestion: implement VSTATUS as far as printing the status line from the kernel, but don't bother sending the SIGINFO signal to user space. That eliminates the need to add a new signal (or repurpose an old one), which is where all the problems arise. This implementation would deprive user space of the ability to add its own status information, but the number of programs that have ever implemented SIGINFO handling is quite small; Drummond said that only sleep, dd, and ping have such support, "so it's not like there's a vast hole in the tooling or something, nor is there a large legacy software base just waiting for SIGINFO to appear". He readily agreed to leave out the SIGINFO part.

The followup patch set without SIGINFO has not been posted as of this writing. Once it arrives, there should not be a great deal of opposition to its merging into the mainline; at that point, Linux will have most of the VSTATUS functionality that is offered by the BSDs. If it turns out later on that somebody really needs the SIGINFO part, that whole problem can be reconsidered. Meanwhile, though, the kernel community is happy to kick that can further down the road.

Index entries for this article
KernelSignal handling


to post comments

VSTATUS, with or without SIGINFO

Posted Jan 6, 2022 19:48 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (13 responses)

IIRC there are some tools (including GNU dd) that respond to SIGUSR1 by printing a line of status information. But the default disposition of that signal is terminate, so obviously the kernel should not send it by default. Perhaps the kernel could grow some sort of process-wide "send SIGUSR1 when the user presses ^T" flag. Or maybe that's too much extra complexity for not enough user value.

VSTATUS, with or without SIGINFO

Posted Jan 6, 2022 20:16 UTC (Thu) by pdewacht (subscriber, #47633) [Link] (12 responses)

As long as we're over-engineering, what about letting applications opt-in with something like this? :p
prctl(PR_VSTATUS_SIGNAL, SIGUSR1)

VSTATUS, with or without SIGINFO

Posted Jan 6, 2022 20:44 UTC (Thu) by josh (subscriber, #17465) [Link]

That doesn't seem like over-engineering; that seems like the obvious solution, rather than adding a new signal.

VSTATUS, with or without SIGINFO

Posted Jan 6, 2022 23:03 UTC (Thu) by walters (subscriber, #7396) [Link] (8 responses)

Yeah, since applications need adaption anyways, this seems quite sane to me.

VSTATUS, with or without SIGINFO

Posted Jan 6, 2022 23:40 UTC (Thu) by neilbrown (subscriber, #359) [Link] (7 responses)

It would be sane if the use of signals was sane, but that is not universally accepted.
Setting up a pollable fd to get status request notifications might be better.
Maybe a way to request POLLPRI notifications on the tty fd, and an ioctl to request timestamp of most recent status request.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 1:20 UTC (Fri) by NYKevin (subscriber, #129325) [Link] (6 responses)

IMHO there are two options:

1. What is described above, where applications opt into receiving SIGUSR1, or possibly another signal. Pros: Some apps already have signal handlers for SIGUSR1, so this is a one-line change for them. Cons: Signals suck.
2. What you describe, where applications have to hook this into their main event loops somehow, which for some applications would entail *writing* a main event loop in the first place. Pros: The design is clearly superior to signals. Cons: What if you build it and nobody comes? More prosaically, this is not a one-line change for existing apps, and I'm sure that at least one will say "To hell with it, that's too much work for a minor status-reporting feature. Just manually run kill -SIGUSR1 if you really want us to output a status line."

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 5:26 UTC (Fri) by neilbrown (subscriber, #359) [Link]

Why not have both.
Arrange that fcntl(F_SETSIG) on the tty fd can cause the requested signal to be sent for the status request.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 5:39 UTC (Fri) by alison (subscriber, #63752) [Link] (4 responses)

What about extending sysrq? It's already well-known and seems to be easier to extend than signals.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 5:52 UTC (Fri) by alison (subscriber, #63752) [Link] (3 responses)

Documentation/admin-guide/sysrq.rst already shows

``t`` Will dump a list of current tasks and their information to your
console.

which seems inspired by Ctrl-T signals. It is a bit hard to see why another signal is needed.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 8:24 UTC (Fri) by taladar (subscriber, #68407) [Link] (2 responses)

That also would not work over SSH or in other non-system-console contexts.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 14:34 UTC (Fri) by abatters (✭ supporter ✭, #6932) [Link] (1 responses)

FYI, sysrq isn't limited to the system console:

echo t > /proc/sysrq-trigger
dmesg

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 17:54 UTC (Fri) by flussence (guest, #85566) [Link]

The downside to this is the high possibility of fat-fingering the status key. There's at least six sysrq letters that'll instantly kill a running system.

VSTATUS, with or without SIGINFO

Posted Jan 8, 2022 11:50 UTC (Sat) by fw (subscriber, #26023) [Link]

And for that, you don't even need support in the kernel, it's sufficient to register the process with some monitor daemon. The kernel can then use some appropriate form of IPC to request status information.

VSTATUS, with or without SIGINFO

Posted Jan 9, 2022 16:57 UTC (Sun) by mm7323 (subscriber, #87386) [Link]

Neat. It also allows SIGUSR2 to be chosen instead (which I commonly use for various reasons).

VSTATUS, with or without SIGINFO

Posted Jan 6, 2022 21:00 UTC (Thu) by neilbrown (subscriber, #359) [Link] (4 responses)

> A SIGINFO signal is sent to the process running on the terminal

Because of course there is only one process running on a terminal at a time. Pipelines don't exist...

I wonder what happens if multiple processes in a pipeline respond to the signal. Do their status messages get intermingled?

If I recall correctly, RSTS/E responded to ctrl-T as well.
I don't remember it supporting pipelines though.

VSTATUS, with or without SIGINFO

Posted Jan 6, 2022 21:28 UTC (Thu) by mpr22 (subscriber, #60784) [Link]

> I wonder what happens if multiple processes in a pipeline respond to the signal. Do their status messages get intermingled?

One approach (and I'm not necessarily advocating it) would be:

Which process has the terminal on fd 0 and would NOT get SIGTTIN if it tried to read from fd 0?

That's the one that should get the signal.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 2:29 UTC (Fri) by kschendel (subscriber, #20465) [Link]

> Because of course there is only one process running on a terminal at a time. Pipelines don't exist..

Well, of course they don't. It was TOPS-10. A process either belonged to a terminal, or was a daemon. In fact, the word "process" wasn't used much, outside of register W being the PDB (process data block). A more commonly used term was "job".

This brings back (mostly) fond memories of hammering on control-T to find out whether the internal dev KL10 had crashed again or not. Realistically, control-T was usually about as useful as an elevator Close Door button, but much more rewarding.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 3:05 UTC (Fri) by wahern (subscriber, #37304) [Link] (1 responses)

> > A SIGINFO signal is sent to the process running on the terminal
>
> Because of course there is only one process running on a terminal at a time.

Technically SIGINFO is sent to the foreground process group: https://github.com/openbsd/src/blob/5a74f40/sys/kern/tty..... But for the kernel-generated message, it seems the kernel picks just one foreground process to report on. On OpenBSD the relevant code (https://github.com/openbsd/src/blob/5a74f40/sys/kern/tty....) in ttyinfo is commented thusly,

/*
* Find the most active thread:
* - prefer runnable
* - prefer higher pctcpu
* - prefer living
* Otherwise take the newest thread
*/

The termios(4) manual page STATUS description on FreeBSD and macOS comport with that behavior.

> I wonder what happens if multiple processes in a pipeline respond to the signal. Do their status messages get intermingled?

AFAICT, yes, but that's not really any different than other situations where multiple processes share stderr. Normally message formatting and write atomicity (up to PIPE_BUF, maybe more if writes to a TTY have better guarantees?) will preserve line boundaries if only by accident, and in interactive sessions usually that's good enough. That said, the OpenBSD code sends SIGINFO *before* printing the kernel message, and it doesn't look like there's any buffering involved. ttyprintf calls kprintf without the optional output buffer, which results in kprintf printing the formatted message byte-by-byte straight to the tty (kprintf -> kputchar -> tputchar -> ttyoutput). See subr_prf.c and tty.c. But maybe there's some buffering lower down in the tty layer or higher up with a lock on the TTY? (I've expended my curiosity.) If not it would seem better to print the kernel diagnostic before invoking SIGINFO.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 3:28 UTC (Fri) by wahern (subscriber, #37304) [Link]

Oops. I pasted the wrong comment, but link is to the intended comment. Basically, it picks one thread within one foreground process to report on.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 1:13 UTC (Fri) by judas_iscariote (guest, #47386) [Link]

that actually a very nice compromise. Adding more signals is a big red flag, yet vstatus is kinda useful.

Replace signals!

Posted Jan 7, 2022 6:17 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (20 responses)

Perhaps it would be a good time to start _replacing_ signals instead? With a centralized way to allocate signal numbers, and a better way to raise them.

One simple proposal:
1. Use file descriptors for signal numbers.
2. Signals are raised by writing a special "struct signal_info_t" into that descriptor.
3. Third-party processes can either receive the descriptor through usual descriptor sending means or use "/proc/pid/<fd>" files.
4. Signals are delivered asynchronously, with the usual semantics. With a way to get the copy of signal_info_t associated with the signal.

This would make signals so much more usable.

Replace signals!

Posted Jan 7, 2022 12:10 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (19 responses)

Is this not what signalfd(2) is for?

Replace signals!

Posted Jan 7, 2022 17:49 UTC (Fri) by flussence (guest, #85566) [Link]

Sounds a bit like the systemd/s6 daemon status protocols to me...

Replace signals!

Posted Jan 7, 2022 19:17 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

Signalfd allows to monitor for signals using file descriptors, not to raise them.

Replace signals!

Posted Jan 8, 2022 9:18 UTC (Sat) by roc (subscriber, #30627) [Link] (16 responses)

signalfd is fundamentally broken. If you call signalfd in process A and send it to process B, you would expect process B to be able to observe signals to process A. In fact the fd will observe signals to process *B*. I don't know who decided that was a good idea, but it cripples the feature.

Replace signals!

Posted Jan 9, 2022 22:33 UTC (Sun) by NYKevin (subscriber, #129325) [Link] (15 responses)

I would be very surprised if it were possible to do that in a completely safe, race-free, and performant way without forcing process A to mask all signals (which signalfd does not actually require). Because if process B dequeues a signal sent to A, then A should not receive that signal, right? But then, what would you do if process A receives e.g. a SIGILL or SIGBUS? Process A can't mask those signals, because it would just get stuck. So now you have to carve out an exception for signals which would block a process's forward progress if not handled the traditional way. I'm not sure exactly what that would end up looking like, but it would probably be a damned mess on the userspace side at least.

Anyway, the purpose of signalfd is not to share signals with other processes, it's to make signals less painful for people who are already in the business of writing an epoll/select loop, and don't want to faff about with pselect, signal handlers, etc. For this purpose, it works just fine.

Replace signals!

Posted Jan 10, 2022 2:16 UTC (Mon) by ibukanov (subscriber, #3942) [Link] (4 responses)

There are some nasty interactions with signal blocking that made signalfd much less useful to the point that writing to a pipe in a signal handler and listening on that in the event loop is still preferable.

Replace signals!

Posted Jan 10, 2022 3:06 UTC (Mon) by NYKevin (subscriber, #129325) [Link] (3 responses)

Could you please elaborate? I'm looking through the man page but I don't see any obvious gotchas there...

Replace signals!

Posted Jan 10, 2022 9:22 UTC (Mon) by ibukanov (subscriber, #3942) [Link] (2 responses)

From the man page:

As described above, in normal usage one blocks the signals that will be accepted via signalfd(). If spawning a child process to execute a helper program (that does not need the signalfd file descriptor), then, after the call to fork(2), you will normally want to unblock those signals before calling execve(2), so that the helper program can see any signals that it expects to see. Be aware, however, that this won't be possible in the case of a helper program spawned behind the scenes by any library function that the program may call. In such cases, one must fall back to using a traditional signal handler that writes to a file descriptor monitored by select(2), poll(2), or epoll(7).

Surely if one controls the code and does not use libraries that executes processes it is fine. But it easy to forget about that. So in one code I just used a signal handler and pipe. As a bonus the code stays compatible with BSD. What is puzzling is that in all those years since signalfd were added no flag were added to reset blocked signals on exec.

Replace signals!

Posted Jan 10, 2022 19:25 UTC (Mon) by NYKevin (subscriber, #129325) [Link] (1 responses)

To be fair, that exact same problem applies to pselect, which is POSIX-standardized and supposedly the Right Way to do this.

I'm not really a fan of libraries randomly forking off temporary processes without the application code's knowledge or consent, to be honest. Sure, if a library is specifically designed to do something like implement a process pool, I suppose it's unavoidable, but if you're just forking off a process because you can, then maybe don't do that.

Replace signals!

Posted Jan 11, 2022 11:23 UTC (Tue) by ibukanov (subscriber, #3942) [Link]

With various sandboxing forking an extrenal process or even just executing another copy of the application becomes a common practice.

As for pselect if one writes to a pipe in the signal handler, then one does not need that. I wish that somebody would come up with a flag or something not to keep signals blocked across exec similarly to noexec flags to file descriptors, but I guess that writing to a pipe from a signal handler is so common knowledge that nobody bothered.

Replace signals!

Posted Jan 10, 2022 3:37 UTC (Mon) by nybble41 (subscriber, #55106) [Link] (5 responses)

How safe is the current behavior? Can you mess up signal handling in another process—perhaps a system service or SUID binary—by sending it an unexpected signalfd file descriptor via Unix-domain sockets, or as an inherited FD?

From a security point of view, the process calling signalfd() does not have the capability to block signals in arbitrary other processes, or to access data about those signals, so it should not be possible for it to send a file descriptor with those effects to another process. Even if the receiving process is blocking and getting data about its *own* signals, it's still a security risk since those signal handlers shouldn't be blocked and data about the process state, including code addresses otherwise protected by ASLR, might be leaked. (The receiving process would reasonably assume that any data read from the FD would also have been available to the sender—which is not true for signalfd file descriptors.)

Replace signals!

Posted Jan 10, 2022 7:23 UTC (Mon) by NYKevin (subscriber, #129325) [Link] (4 responses)

> How safe is the current behavior? Can you mess up signal handling in another process—perhaps a system service or SUID binary—by sending it an unexpected signalfd file descriptor via Unix-domain sockets, or as an inherited FD?

Current behavior where signalfd always gives your own signals: signalfd does not mask or ignore signals just by existing. If you completely ignore it, then it doesn't do anything, so unexpectedly sending someone a signalfd accomplishes nothing from a security perspective, at least as far as I understand its semantics.

Proposed behavior where signalfd operates cross-thread or cross-process: 🤷‍♂️. I'm having a hard time believing you can maintain the "doesn't block signals automatically" invariant and *also* maintain the "every signal is delivered exactly once" invariant, but I don't know enough about the implementation to say that for sure.

Replace signals!

Posted Jan 10, 2022 7:34 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

A signalfd() replacement would just allow an alternative way to call signal(), nothing more. The signal will be delivered through the usual mechanisms (either signalfd or through asynchronous interruption).

That's because a way to asynchronously interrupt a thread is extremely useful for many practical purposes. For example, Golang uses signals to force GC in tight loops without having to poll for it. But you have to jump through lots of hoops to be able to use signals. They are completely useless for libraries or anything that shares address space, like plugins (Flash plugin signal bug comes to mind).

Windows has a similar mechanism: APC (Asynchronous Procedure Calls) - https://docs.microsoft.com/en-us/windows/win32/sync/async... and it's extremely useful for some low-level functionality.

Replace signals!

Posted Jan 10, 2022 15:46 UTC (Mon) by nybble41 (subscriber, #55106) [Link] (2 responses)

> If you completely ignore it, then it doesn't do anything, so unexpectedly sending someone a signalfd accomplishes nothing from a security perspective, at least as far as I understand its semantics.

Sure, if you completely ignore the received file descriptor it doesn't do anything. The same would apply for the proposed alternative version—just holding a signalfd from another process would have no effect on either process. But generally one would expect the receiving process to *read* from the file descriptor, which for signalfd is the part that affects signal delivery.

Replace signals!

Posted Jan 10, 2022 19:18 UTC (Mon) by NYKevin (subscriber, #129325) [Link] (1 responses)

IMHO an appropriately-designed setuid binary generally should not be in the business of accepting and reading from random file descriptors that it did not open itself. This still leaves the door open to /proc/self/fd shenanigans with inherited file descriptors, but I should hope that the binary calls fstat to confirm that it is interacting with a normal file after opening it.

The basic principle remains, however, that writing setuid binaries is an extremely fragile process and you need to be highly paranoid about absolutely everything. signalfd does not materially change that fact (especially since it's been in Linux "since kernel 2.6.22" according to signalfd(2), so the people who make these binaries really should be aware of it by now...).

Replace signals!

Posted Jan 12, 2022 2:46 UTC (Wed) by nybble41 (subscriber, #55106) [Link]

> IMHO an appropriately-designed setuid binary generally should not be in the business of accepting and reading from random file descriptors that it did not open itself.

Do you have any examples of situations where this would be an issue, apart from signalfd()? Passing file descriptors has been a standard part of various protocols for a long time now, including between processes of different privilege levels. The expectation is that reading from a file descriptor has the same effect in both the sending and receiving processes, which would imply that there is no security issue. The signalfd API breaks that expectation.

The problem isn't limited to SUID binaries. The destination could be any process running as a different user. The Wayland clipboard protocol[0], to pick one example, involves sending a file descriptor from the data source to the client obtaining the data, which is expected to read the content from the provided file descriptor after negotiating the format. These processes need not belong to the same user.

Also, /dev/stdin is a potential risk as an inherited FD which the target process does not open itself. Do SUID binaries routinely check FD 0 with fstat() before reading input to verify that it isn't a signalfd file descriptor, as opposed to a file, socket, pipe, tty, etc.—basically anything other than signalfd—which could be a reasonable and safe input source?

The behavior and permissions of a file descriptor should be determined by who opens or creates the descriptor, not who reads from it.

[0] https://wayland.freedesktop.org/docs/html/ch04.html#sect-...

Replace signals!

Posted Jan 10, 2022 9:57 UTC (Mon) by roc (subscriber, #30627) [Link] (3 responses)

Synchronous SIGILL/SIGSEGV/SIGBUS already have "automatically unmask and proceed" behavior.

I think my preferred behavior for signalfd would be that the signal is available through the fd if and only if it is blocked in the process that is the source of the signalfd, i.e. if the signal is unblocked (by the user or in the synchronous case) then signalfd doesn't get it.

> Anyway, the purpose of signalfd is not to share signals with other processes

Maybe that's not the original purpose, but the whole point of orthogonal API design and "everything is a file" is that you can compose features to address new use cases not anticipated by the designers of the individual APIs.

In rr and Pernosco we have a couple of instances of a non-uncommon case: the user runs a process A that in some cases forwards its work to another process B in an unrelated part of the process tree. We want signals like SIGINT, SIGTERM etc sent to A to be handled in B. signalfd looks like it should work for this, but it doesn't, because it has this very strange behavior that what you read from the file descriptor depends on which process is reading from it. Instead we pretend it's the 1980s and install signal handlers that write data to a pipe.

Replace signals!

Posted Jan 10, 2022 19:40 UTC (Mon) by NYKevin (subscriber, #129325) [Link] (2 responses)

> Synchronous SIGILL/SIGSEGV/SIGBUS already have "automatically unmask and proceed" behavior.

I see. That makes a great deal of sense to me, but I would still be concerned about all of the following:

* What data structure holds the list of pending signals for a given process or thread? How thread-safe is this structure?
* Is it possible to atomically dequeue a signal from the list, without taking a mutex?
* If the above is not currently possible, what would be the performance overhead of modifying the data structure so that it is amenable to atomic operations?
* What does the existing "inject a signal handler" code path look like? Can the dequeue be cleanly separated from the injection, or are they tightly coupled? Presumably, you have to preempt the thread before the dequeue (to prevent the thread from exiting or blocking the signal before you can inject the handler), so I imagine there must be some amount of coupling there...

> I think my preferred behavior for signalfd would be that the signal is available through the fd if and only if it is blocked in the process that is the source of the signalfd, i.e. if the signal is unblocked (by the user or in the synchronous case) then signalfd doesn't get it.

* Does this cause thread-safety issues with pselect, which has to atomically (modify the signal mask) and (wait for FD events)? What if you use pselect to unmask a signal which is associated with a signalfd that you are pselecting against? I should expect that to Just Work (i.e. it always executes the signal handler and never returns a ready-to-read event for the signalfd), regardless of when the signal arrives. Is the current implementation prepared to do that?

Replace signals!

Posted Jan 10, 2022 20:29 UTC (Mon) by roc (subscriber, #30627) [Link] (1 responses)

I'm not really qualified to comment on the kernel-side implementation details.

> What if you use pselect to unmask a signal which is associated with a signalfd that you are pselecting against?

The signal will be delivered normally and not be received by the signalfd. That seems to be the only reasonable behavior.

Replace signals!

Posted Jan 10, 2022 20:32 UTC (Mon) by roc (subscriber, #30627) [Link]

I guess the interesting case is when a signal is pending but masked and the process uses pselect to unmask it. In that case it probably makes sense to just deliver the signal normally instead of making signalfd readable.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 7:32 UTC (Fri) by bof (subscriber, #110741) [Link] (2 responses)

I don't understand how this can be considered at all, and not for the signal part of it:

tty/pty suddenly reacting to Ctrl-T, will be a regression for anything now sending ctrl-T through e.g. an ssh session to some remote process and not requesting no-pty, whatever the use of that might be - and use cases doing that, would then break.

Right?

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 9:34 UTC (Fri) by neilbrown (subscriber, #359) [Link] (1 responses)

Presumably there would be a new termios setting to choose the control character, and it could default to NONE.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 18:52 UTC (Fri) by bof (subscriber, #110741) [Link]

Ah yes, making it opt-in per session. Got it.

VSTATUS, with or without SIGINFO

Posted Jan 7, 2022 10:41 UTC (Fri) by dveeden (subscriber, #120424) [Link]

VSTATUS, with or without SIGINFO

Posted Jan 8, 2022 17:21 UTC (Sat) by jrtc27 (subscriber, #107748) [Link] (2 responses)

On FreeBSD it's not just dd, ping and sleep. The full list is:

* bin/chflags
* bin/chmod
* bin/cp
* bin/dd
* bin/rm
* bin/sleep
* sbin/devd (like udev)
* sbin/dump (creates a full dump from a UFS filesystem that can be later restored)
* sbin/fsck_ffs
* sbin/newfs_msdos
* sbin/ping
* sbin/savecore (kernel core dumps)
* usr.bin/du
* usr.bin/fetch (lightweight curl/wget equivalent)
* usr.bin/gzip
* usr.bin/sort
* usr.bin/time
* usr.bin/wc
* usr.sbin/camdd (like dd but can use pass(4) for issuing asynchronous reads/writes directly to the CAM storage layer in the kernel)
* usr.sbin/chown

So it turns out people tend to add support for features if they exist and not when they don't.

VSTATUS, with or without SIGINFO

Posted Jan 20, 2022 5:42 UTC (Thu) by Shabbyx (guest, #104730) [Link] (1 responses)

I would totally use ctrl-t on cc, the lack of progress info on cc, rm etc is horrendous.

VSTATUS, with or without SIGINFO

Posted Jan 20, 2022 5:43 UTC (Thu) by Shabbyx (guest, #104730) [Link]

s/cc/cp obviously

VSTATUS, with or without SIvGINFO

Posted Jan 10, 2022 3:10 UTC (Mon) by NightMonkey (subscriber, #23051) [Link]

Just a comment on another use of Ctrl-T from when terminals were heavy and CPU registers had blinking lights:

If one were to come upon terminal either powered off or with a lonely blinking cursor or teletype with no text, what is a quick, non-intrusive way to see if a process is running, or not? Our friend "Ctrl-T". :)

This approach has a practical benefit, too. If the previous user was not really very responsible, or was late for their class/party/wedding/funeral, they could have left their TTY at the input prompt of any program. The next person to not use Ctrl-T, but instead hit space or return or enter could set off whatever was on the other side of that input statement or request... which could be a reboot, a disk erase, a terminal lock, etc.

You see where I'm going with this... ;) Cheers.


Copyright © 2022, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds