Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit97550c0

Browse files
Avoid calling proc_exit() in processes forked by system().
The SIGTERM handler for the startup process immediately callsproc_exit() for the duration of the restore_command, i.e., a callto system(). This system() call forks a new process to execute theshell command, and this child process inherits the parent's signalhandlers. If both the parent and child processes receive SIGTERM,both will attempt to call proc_exit(). This can end badly. Forexample, both processes will try to remove themselves from thePGPROC shared array.To fix this problem, this commit adds a check inStartupProcShutdownHandler() to see whether MyProcPid == getpid().If they match, this is the parent process, and we can proc_exit()like before. If they do not match, this is a child process, and wejust emit a message to STDERR (in a signal safe manner) and_exit(), thereby skipping any problematic exit callbacks.This commit also adds checks in proc_exit(), ProcKill(), andAuxiliaryProcKill() that verify they are not being called withinsuch child processes.Suggested-by: Andres FreundReviewed-by: Thomas Munro, Andres FreundDiscussion:https://postgr.es/m/Y9nGDSgIm83FHcad%40paquier.xyzDiscussion:https://postgr.es/m/20230223231503.GA743455%40nathanxps13Backpatch-through: 11
1 parent2406c4e commit97550c0

File tree

5 files changed

+62
-1
lines changed

5 files changed

+62
-1
lines changed

‎src/backend/postmaster/startup.c

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@
1919
*/
2020
#include"postgres.h"
2121

22+
#include<unistd.h>
23+
2224
#include"access/xlog.h"
2325
#include"access/xlogrecovery.h"
2426
#include"access/xlogutils.h"
@@ -121,7 +123,20 @@ StartupProcShutdownHandler(SIGNAL_ARGS)
121123
intsave_errno=errno;
122124

123125
if (in_restore_command)
124-
proc_exit(1);
126+
{
127+
/*
128+
* If we are in a child process (e.g., forked by system() in
129+
* RestoreArchivedFile()), we don't want to call any exit callbacks.
130+
* The parent will take care of that.
131+
*/
132+
if (MyProcPid== (int)getpid())
133+
proc_exit(1);
134+
else
135+
{
136+
write_stderr_signal_safe("StartupProcShutdownHandler() called in child process\n");
137+
_exit(1);
138+
}
139+
}
125140
else
126141
shutdown_requested= true;
127142
WakeupRecovery();

‎src/backend/storage/ipc/ipc.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,10 @@ static inton_proc_exit_index,
103103
void
104104
proc_exit(intcode)
105105
{
106+
/* not safe if forked by system(), etc. */
107+
if (MyProcPid!= (int)getpid())
108+
elog(PANIC,"proc_exit() called in child process");
109+
106110
/* Clean up everything that must be cleaned up */
107111
proc_exit_prepare(code);
108112

‎src/backend/storage/lmgr/proc.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -806,6 +806,10 @@ ProcKill(int code, Datum arg)
806806

807807
Assert(MyProc!=NULL);
808808

809+
/* not safe if forked by system(), etc. */
810+
if (MyProc->pid!= (int)getpid())
811+
elog(PANIC,"ProcKill() called in child process");
812+
809813
/* Make sure we're out of the sync rep lists */
810814
SyncRepCleanupAtProcExit();
811815

@@ -926,6 +930,10 @@ AuxiliaryProcKill(int code, Datum arg)
926930

927931
Assert(proctype >=0&&proctype<NUM_AUXILIARY_PROCS);
928932

933+
/* not safe if forked by system(), etc. */
934+
if (MyProc->pid!= (int)getpid())
935+
elog(PANIC,"AuxiliaryProcKill() called in child process");
936+
929937
auxproc=&AuxiliaryProcs[proctype];
930938

931939
Assert(MyProc==auxproc);

‎src/backend/utils/error/elog.c

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3733,6 +3733,34 @@ write_stderr(const char *fmt,...)
37333733
}
37343734

37353735

3736+
/*
3737+
* Write a message to STDERR using only async-signal-safe functions. This can
3738+
* be used to safely emit a message from a signal handler.
3739+
*
3740+
* TODO: It is likely possible to safely do a limited amount of string
3741+
* interpolation (e.g., %s and %d), but that is not presently supported.
3742+
*/
3743+
void
3744+
write_stderr_signal_safe(constchar*str)
3745+
{
3746+
intnwritten=0;
3747+
intntotal=strlen(str);
3748+
3749+
while (nwritten<ntotal)
3750+
{
3751+
intrc;
3752+
3753+
rc=write(STDERR_FILENO,str+nwritten,ntotal-nwritten);
3754+
3755+
/* Just give up on error. There isn't much else we can do. */
3756+
if (rc==-1)
3757+
return;
3758+
3759+
nwritten+=rc;
3760+
}
3761+
}
3762+
3763+
37363764
/*
37373765
* Adjust the level of a recovery-related message per trace_recovery_messages.
37383766
*

‎src/include/utils/elog.h

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -536,4 +536,10 @@ extern void write_jsonlog(ErrorData *edata);
536536
*/
537537
externvoidwrite_stderr(constchar*fmt,...)pg_attribute_printf(1,2);
538538

539+
/*
540+
* Write a message to STDERR using only async-signal-safe functions. This can
541+
* be used to safely emit a message from a signal handler.
542+
*/
543+
externvoidwrite_stderr_signal_safe(constchar*fmt);
544+
539545
#endif/* ELOG_H */

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp