Use of SIGXFSZ outside of soft limits

[Micah Cowan <micah@cowan.name>]

Hello,

I would like to object to a non-standard and, IMHO, ill-advised 
application of SIGXFSZ to non-rlimit-related filesize limits, and 
request that its use be minimized as much as possible. SUSv3 does not 
sanction its use in any situation other than that of exceeding the "soft 
file size limit for the process". While, of course, we are free to do as 
we like, and ignore the standards when it is advisable to do so, in this 
case, it seems fairly clear that sending an unexpected signal whose 
default action is to dump core, instead of the standard-approved 
behavior of returning an error signal and setting errno to EFBIG, is a 
move in the wrong direction. I'd say it's the wrong thing to do for 
resource-limited file sizes as well, but that at least is 
standard-mandated, and I guess we're pretty much stuck with it.

The problem, currently, is that users are encountering issues when they 
use cp or mv, etc, to transfer large files from one filesystem to 
another (for example, from ext3 to vfat). If the file size is greater 
than 4g, cp will abort with SIGXFSZ. This is annoying to users, 
particularly if there was more than one source file for the command (a 
hierarchical copy, for instance). In such a case, they would normally 
expect failure for the one problem source file, followed by continued 
processing of the remaining source files.

Now, of course, the coreutils guys could block or handle SIGXFSZ, which 
is exactly what I proposed when I was under my initial impression that 
the OS had license to send SIGXFSZ under these circumstances. Also, 
users could wrap the binaries with their own program that first blocks 
the signal, allowing it to get an EFBIG error instead.

The problem is, that in order to avoid abnormal termination, every 
program that ever uses write() would need to trap SIGXFSZ: "fixing" cp, 
mv, dd and install would only help alleviate the problem for the most 
"likely" programs to encounter the issue.

Furthermore, in addition to being (IMO) the wrong thing to do from a 
practical usability standpoint, it is also the wrong thing to do from a 
standards-conformance standpoint. If one looks at what SUSv3 has to say 
about it at 
http://www.opengroup.org/onlinepubs/000095399/functions/write.html :

<<<
If a write() requests that more bytes be written than there is room for 
(for example, [XSI] [Option Start]  the process' file size limit or 
[Option End] the physical end of a medium), only as many bytes as there 
is room for shall be written. For example, suppose there is space for 20 
bytes more in a file before reaching a limit. A write of 512 bytes will 
return 20. The next write of a non-zero number of bytes would give a 
failure return (except as noted below).
 >>>

Among the exceptions "noted below" is:

<<<
[XSI] [Option Start] If the request would cause the file size to exceed 
the soft file size limit for the process and there is no room for any 
bytes to be written, the request shall fail and the implementation shall 
generate the SIGXFSZ signal for the thread. [Option End]
 >>>

but no exception is made for file size limits other than "soft... 
process" limits; thus the requirement that the "next write of a non-zero 
number of bytes would give a failure return" still stands.

I would therefore propose that we eliminate the signalling of SIGXFSZ in 
all cases other than the case of the requested write causing a file's 
size to exceed limits set by setrlimit(RLIMIT_FSIZE, ...). I'd be happy 
to submit a patch to this effect if there is agreement that this is the 
right thing to do.

( Brief discussion with coreutils folks: 
http://lists.gnu.org/archive/html/bug-coreutils/2007-04/msg00070.html )

-- 
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...
http://micah.cowan.name/