SIGPWR signal in system v

Frank Hecker hecker at federal.uucp
Tue May 7 08:44:07 AEST 1991 

In article <1991May6.112253.5344 at cs.tcd.ie> ohurley at cs.tcd.ie (Oisin
Hurley) writes:

>Does anybody out there have information on the SYS V SIGPWR signal? The man
>says that this signal occurs if there's a power failure. I have a couple of
>questioned which I haven't been able to answer myself:

I have no idea how widely this signal is implemented, but it's
available on the Tandem Integrity S2 fault-tolerant system, which has
built-in batteries sufficient to keep the system up for several
minutes.  The S2 implementation provides a good example of how SIGPWR
could be used in any system with an well-integrated uninterruptible
power system.

>1. When power goes, is this signal sent to every process currently running?

On the S2, it depends on how you've configured your system.  If you've
configured it to do a shutdown, then the standard shutdown procedure
is followed and SIGPWR is not used; processes are sent SIGTERM instead.

On the other hand, if you've configured it to do a powerfail auto
restart then (almost) all processes get sent SIGPWR.  They then get
suspended and the contents of system memory written to disk, after
which the system turns itself off.  When power resumes the contents of
memory are reloaded from disk, the processes are resumed, and they're
sent SIGPWR again.

The reason for the "almost" above is that you can set selected
processes to not resume across a power failure (e.g., to avoid
security problems with open sessions).  On power failure these
processes get sent SIGTERM instead, followed by SIGKILL.

Also, since processes get sent SIGPWR twice (once before going down
and once after coming back up), additional information must be
included with the signal to indicate what's happening.  This is done
using an integer code passed as the second argument to the signal
handler.

>2. How far does the power have to drop before the signal is activated?

On the S2, below the lower voltage limits of the system, at which
point the batteries start supplying power to the system and the kernel
is notified.

>3. How long does the power have to stay at that level to ensure activation?
>	(how about transients, etc.)

On the S2 this is configurable.  The standard figure is 15 seconds,
but 30 seconds or even a minute are also reasonable values.  If power
is restored during that period then the kernel takes no action and
applications are not affected.

>4. Is the signal generated on the mboard or is there a line from the psu?

The kernel is interrupted by the S2's I/O processor, which samples
environmental info like power and temperature.  (For example, the
system can survive the failure of one fan, but the failure of two fans
is treated like a power failure.)  I'm not familar with the exact
hardware details.  The kernel then starts checking every five seconds
to see if power is still off, until either power is restored or the
allotted time period elapses.

>5. Has anybody used it - is it useful? Is there enough time to sync disks
>   upon receipt of SIGPWR (I presume there's hardly time for anything)?

I've written demo programs to catch SIGPWR on the S2, but haven't used
it in an actual application, nor have I modified any freeware programs
to support it.  I leave it to others to propose applications for which
it would be most useful.

By default S2 processes get 30 seconds to do SIGPWR handling before
they're suspended.  This can be decreased or increased by the system
administrator.  (Disks get synced in any case, whether the system
administrator has configured for a shutdown or for a restart.)

Handling SIGPWR correctly in the general case is quite tricky, since
you have to account for interrupted system calls, date/time changes
across the power failure, and the like.  There's a whole section on it
in the Integrity S2 Programmer's Guide, with an example I still
haven't been able to puzzle out fully.

There are also some problematic issues from the system point of view.
For example, if the kernel starts a power fail shutdown it has to
finish it even if power comes back on during the shutdown.  (In this
case the system reloads memory after it finishes dumping it.)

>6. Why is it there?

It's a very useful signal to have if your system is supported by a UPS
that can keep it up for a long enough period of time for appropriate
actions to be taken.  It's even more useful if your system can resume
applications across a power failure, like the S2, as opposed to just
initiating a standard shutdown.

I'm interested in hearing about any comparable implementations of
SIGPWR on other systems.
-- 
Frank Hecker
...!uunet!tdmfed!hecker

More information about the Comp.unix.wizards mailing list