On Tue, 30 May 2017, Linus Torvalds wrote: > On Tue, May 30, 2017 at 6:21 AM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote: > > > > Linus, any recollection? > > > > IMO, it's perfectly reasonable to discard ignored signals even when the > > signal is in the blocked mask. When its unblocked and SIG_IGN is replaced > > then the next signal will be delivered. But hell knows, how much user space > > depends on this weird behaviour by now. > > Is there any real reason you care? Because clearly we're doing what > POSIX allows, and I'd be nervous about changing existing behavior. > > There are various races wrt signals that happen particularly around > fork/exec, and the way that programs handle those races is to block > signals. I don't know that anybody cares about the exact semantics of > this, but I could *imagine* that they do. > > Our current behavior is actually very nice: blocking a signal > basically guarantees that you're now "atomic" wrt that signal. You > won't lose signaling events after the blocking, unless you explicitly > throw them away. Right, blocking signals which are not set to SIG_IGN makes perfectly sense. The SIG_IGN case is what bothers me. If you do ignore(sig); <- Signal discarded sigpending() -> empty block(sig); <- Signal queued sigpending() -> queued signal marked pending unblock(sig); <- Queued signal dequeued and discarded due to SIG_IGN sigpending() -> empty > So I would suggest *not* changing the semantics unless you have a > major real reason for wanting to do that. The reason why I'm looking into that is the silly case with posix interval timers dealing with ignored signals. We have to keep these timers self rearming because nothing rearms them when SIG_IGN is lifted. That means it's a nice way to keep the system busy and the process which armed the timer is never waking up. We have a crude 'rate limit' of the interval to one jiffie in place which prevents a unpriviledged DOS attack by arming the timer with a very small interval. But that turns that mechanism into a battery drain which is not obvious to figure out. When I was working on a mitigation for that, which of course involves fiddling with the signal code, I noticed that issue with sigpending() which returns the blocked _and_ ignored signal as pending despite the man page claiming otherwise. That made me look deeper and wonder about the rather strange and inconsistent semantics of all of this. Thanks, tglx -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html