NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit3d8068e

committed

Fix race condition between shutdown and unstarted background workers.

If a database shutdown (smart or fast) is commanded between the timesome process decides to request a new background worker and the timethat the postmaster can launch that worker, then nothing happensbecause the postmaster won't launch any bgworkers once it's exitedPM_RUN state. This is fine ... unless the requesting process iswaiting for that worker to finish (or even for it to start); in thatcase the requestor is stuck, and only manual intervention will get usto the point of being able to shut down.To fix, cancel pending requests for workers when the postmaster sendsshutdown (SIGTERM) signals, and similarly cancel any new requests thatarrive after that point. (We can optimize things slightly by onlydoing the cancellation for workers that have waiters.) To fit withinthe existing bgworker APIs, the "cancel" is made to look like theworker was started and immediately stopped, causing deregistration ofthe bgworker entry. Waiting processes would have to deal withpremature worker exit anyway, so this should introduce no bugs thatweren't there before. We do have a side effect that registrationrecords for restartable bgworkers might disappear when theoreticallythey should have remained in place; but since we're shutting down,that shouldn't matter.Back-patch to v10. There might be value in putting this into 9.6as well, but the management of bgworkers is a bit different there(notably see8ff5186) and I'm not convinced it's worth the effortto validate the patch for that branch.Discussion:https://postgr.es/m/661570.1608673226@sss.pgh.pa.us

1 parent8985e02 commit3d8068eCopy full SHA for 3d8068e

File tree

4 files changed

+90

-20

lines changed

contrib/pg_prewarm
- autoprewarm.c
src
- backend/postmaster
  - bgworker.c
  - postmaster.c
- include/postmaster
  - bgworker_internals.h

4 files changed

+90

-20

lines changed

`‎contrib/pg_prewarm/autoprewarm.c`

Lines changed: 1 addition & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -400,12 +400,7 @@ apw_load_buffers(void)`
`400`	`400`
`401`	`401`	`/*`
`402`	`402`	`* Likewise, don't launch if we've already been told to shut down.`
`403`		`- *`
`404`		`- * There is a race condition here: if the postmaster has received a`
`405`		`- * fast-shutdown signal, but we've not heard about it yet, then the`
`406`		`- * postmaster will ignore our worker start request and we'll wait`
`407`		`- * forever. However, that's a bug in the general background-worker`
`408`		`- * logic, not the fault of this module.`
	`403`	`+ * (The launch would fail anyway, but we might as well skip it.)`
`409`	`404`	`*/`
`410`	`405`	`if (got_sigterm)`
`411`	`406`	`break;`

`‎src/backend/postmaster/bgworker.c`

Lines changed: 71 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -232,13 +232,15 @@ FindRegisteredWorkerBySlotNumber(int slotno)`
`232`	`232`	`}`
`233`	`233`
`234`	`234`	`/*`
`235`		`- * Notice changes to shared memory made by other backends. This code`
`236`		`- * runs in the postmaster, so we must be very careful not to assume that`
`237`		`- * shared memory contents are sane. Otherwise, a rogue backend could take`
`238`		`- * out the postmaster.`
	`235`	`+ * Notice changes to shared memory made by other backends.`
	`236`	`+ * Accept new worker requests only if allow_new_workers is true.`
	`237`	`+ *`
	`238`	`+ * This code runs in the postmaster, so we must be very careful not to assume`
	`239`	`+ * that shared memory contents are sane. Otherwise, a rogue backend could`
	`240`	`+ * take out the postmaster.`
`239`	`241`	`*/`
`240`	`242`	`void`
`241`		`-BackgroundWorkerStateChange(void)`
	`243`	`+BackgroundWorkerStateChange(boolallow_new_workers)`
`242`	`244`	`{`
`243`	`245`	`intslotno;`
`244`	`246`
`@@ -298,6 +300,15 @@ BackgroundWorkerStateChange(void)`
`298`	`300`	`continue;`
`299`	`301`	`}`
`300`	`302`
	`303`	`+/*`
	`304`	`+ * If we aren't allowing new workers, then immediately mark it for`
	`305`	`+ * termination; the next stanza will take care of cleaning it up.`
	`306`	`+ * Doing this ensures that any process waiting for the worker will get`
	`307`	`+ * awoken, even though the worker will never be allowed to run.`
	`308`	`+ */`
	`309`	`+if (!allow_new_workers)`
	`310`	`+slot->terminate= true;`
	`311`	`+`
`301`	`312`	`/*`
`302`	`313`	`* If the worker is marked for termination, we don't need to add it to`
`303`	`314`	`* the registered workers list; we can just free the slot. However, if`
`@@ -504,12 +515,55 @@ BackgroundWorkerStopNotifications(pid_t pid)`
`504`	`515`	`}`
`505`	`516`	`}`
`506`	`517`
	`518`	`+/*`
	`519`	`+ * Cancel any not-yet-started worker requests that have waiting processes.`
	`520`	`+ *`
	`521`	`+ * This is called during a normal ("smart" or "fast") database shutdown.`
	`522`	`+ * After this point, no new background workers will be started, so anything`
	`523`	`+ * that might be waiting for them needs to be kicked off its wait. We do`
	`524`	`+ * that by cancelling the bgworker registration entirely, which is perhaps`
	`525`	`+ * overkill, but since we're shutting down it does not matter whether the`
	`526`	`+ * registration record sticks around.`
	`527`	`+ *`
	`528`	`+ * This function should only be called from the postmaster.`
	`529`	`+ */`
	`530`	`+void`
	`531`	`+ForgetUnstartedBackgroundWorkers(void)`
	`532`	`+{`
	`533`	`+slist_mutable_iteriter;`
	`534`	`+`
	`535`	`+slist_foreach_modify(iter,&BackgroundWorkerList)`
	`536`	`+{`
	`537`	`+RegisteredBgWorker*rw;`
	`538`	`+BackgroundWorkerSlot*slot;`
	`539`	`+`
	`540`	`+rw=slist_container(RegisteredBgWorker,rw_lnode,iter.cur);`
	`541`	`+Assert(rw->rw_shmem_slot<max_worker_processes);`
	`542`	`+slot=&BackgroundWorkerData->slot[rw->rw_shmem_slot];`
	`543`	`+`
	`544`	`+/* If it's not yet started, and there's someone waiting ... */`
	`545`	`+if (slot->pid==InvalidPid&&`
	`546`	`+rw->rw_worker.bgw_notify_pid!=0)`
	`547`	`+{`
	`548`	`+/* ... then zap it, and notify the waiter */`
	`549`	`+intnotify_pid=rw->rw_worker.bgw_notify_pid;`
	`550`	`+`
	`551`	`+ForgetBackgroundWorker(&iter);`
	`552`	`+if (notify_pid!=0)`
	`553`	`+kill(notify_pid,SIGUSR1);`
	`554`	`+}`
	`555`	`+}`
	`556`	`+}`
	`557`	`+`
`507`	`558`	`/*`
`508`	`559`	`* Reset background worker crash state.`
`509`	`560`	`*`
`510`	`561`	`* We assume that, after a crash-and-restart cycle, background workers without`
`511`	`562`	`* the never-restart flag should be restarted immediately, instead of waiting`
`512`		`- * for bgw_restart_time to elapse.`
	`563`	`+ * for bgw_restart_time to elapse. On the other hand, workers with that flag`
	`564`	`+ * should be forgotten immediately, since we won't ever restart them.`
	`565`	`+ *`
	`566`	`+ * This function should only be called from the postmaster.`
`513`	`567`	`*/`
`514`	`568`	`void`
`515`	`569`	`ResetBackgroundWorkerCrashTimes(void)`
`@@ -549,6 +603,11 @@ ResetBackgroundWorkerCrashTimes(void)`
`549`	`603`	`* resetting.`
`550`	`604`	`*/`
`551`	`605`	`rw->rw_crashed_at=0;`
	`606`	`+`
	`607`	`+/*`
	`608`	`+ * If there was anyone waiting for it, they're history.`
	`609`	`+ */`
	`610`	`+rw->rw_worker.bgw_notify_pid=0;`
`552`	`611`	`}`
`553`	`612`	`}`
`554`	`613`	`}`
`@@ -1098,6 +1157,9 @@ GetBackgroundWorkerPid(BackgroundWorkerHandle handle, pid_t pidp)`
`1098`	`1157`	`* returned. However, if the postmaster has died, we give up and return`
`1099`	`1158`	`* BGWH_POSTMASTER_DIED, since it that case we know that startup will not`
`1100`	`1159`	`* take place.`
	`1160`	`+ *`
	`1161`	`+ * The caller must have set our PID as the worker's bgw_notify_pid,`
	`1162`	`+ * else we will not be awoken promptly when the worker's state changes.`
`1101`	`1163`	`*/`
`1102`	`1164`	`BgwHandleStatus`
`1103`	`1165`	`WaitForBackgroundWorkerStartup(BackgroundWorkerHandlehandle,pid_tpidp)`
`@@ -1140,6 +1202,9 @@ WaitForBackgroundWorkerStartup(BackgroundWorkerHandle handle, pid_t pidp)`
`1140`	`1202`	`* and then return BGWH_STOPPED. However, if the postmaster has died, we give`
`1141`	`1203`	`* up and return BGWH_POSTMASTER_DIED, because it's the postmaster that`
`1142`	`1204`	`* notifies us when a worker's state changes.`
	`1205`	`+ *`
	`1206`	`+ * The caller must have set our PID as the worker's bgw_notify_pid,`
	`1207`	`+ * else we will not be awoken promptly when the worker's state changes.`
`1143`	`1208`	`*/`
`1144`	`1209`	`BgwHandleStatus`
`1145`	`1210`	`WaitForBackgroundWorkerShutdown(BackgroundWorkerHandle*handle)`

`‎src/backend/postmaster/postmaster.c`

Lines changed: 16 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -3761,6 +3761,13 @@ PostmasterStateMachine(void)`
`3761`	`3761`	`*/`
`3762`	`3762`	`if (pmState==PM_STOP_BACKENDS)`
`3763`	`3763`	`{`
	`3764`	`+/*`
	`3765`	`+ * Forget any pending requests for background workers, since we're no`
	`3766`	`+ * longer willing to launch any new workers. (If additional requests`
	`3767`	`+ * arrive, BackgroundWorkerStateChange will reject them.)`
	`3768`	`+ */`
	`3769`	`+ForgetUnstartedBackgroundWorkers();`
	`3770`	`+`
`3764`	`3771`	`/* Signal all backend children except walsenders */`
`3765`	`3772`	`SignalSomeChildren(SIGTERM,`
`3766`	`3773`	`BACKEND_TYPE_ALL-BACKEND_TYPE_WALSND);`
`@@ -5151,13 +5158,6 @@ sigusr1_handler(SIGNAL_ARGS)`
`5151`	`5158`	`PG_SETMASK(&BlockSig);`
`5152`	`5159`	`#endif`
`5153`	`5160`
`5154`		`-/* Process background worker state change. */`
`5155`		`-if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))`
`5156`		`-{`
`5157`		`-BackgroundWorkerStateChange();`
`5158`		`-StartWorkerNeeded= true;`
`5159`		`-}`
`5160`		`-`
`5161`	`5161`	`/*`
`5162`	`5162`	`* RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in`
`5163`	`5163`	`* unexpected states. If the startup process quickly starts up, completes`
`@@ -5203,6 +5203,7 @@ sigusr1_handler(SIGNAL_ARGS)`
`5203`	`5203`
`5204`	`5204`	`pmState=PM_RECOVERY;`
`5205`	`5205`	`}`
	`5206`	`+`
`5206`	`5207`	`if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY)&&`
`5207`	`5208`	`pmState==PM_RECOVERY&&Shutdown==NoShutdown)`
`5208`	`5209`	`{`
`@@ -5228,6 +5229,14 @@ sigusr1_handler(SIGNAL_ARGS)`
`5228`	`5229`	`StartWorkerNeeded= true;`
`5229`	`5230`	`}`
`5230`	`5231`
	`5232`	`+/* Process background worker state changes. */`
	`5233`	`+if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))`
	`5234`	`+{`
	`5235`	`+/* Accept new worker requests only if not stopping. */`
	`5236`	`+BackgroundWorkerStateChange(pmState<PM_STOP_BACKENDS);`
	`5237`	`+StartWorkerNeeded= true;`
	`5238`	`+}`
	`5239`	`+`
`5231`	`5240`	`if (StartWorkerNeeded\|\|HaveCrashedWorker)`
`5232`	`5241`	`maybe_start_bgworkers();`
`5233`	`5242`

`‎src/include/postmaster/bgworker_internals.h`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -46,11 +46,12 @@ extern slist_head BackgroundWorkerList;`
`46`	`46`
`47`	`47`	`externSizeBackgroundWorkerShmemSize(void);`
`48`	`48`	`externvoidBackgroundWorkerShmemInit(void);`
`49`		`-externvoidBackgroundWorkerStateChange(void);`
	`49`	`+externvoidBackgroundWorkerStateChange(boolallow_new_workers);`
`50`	`50`	`externvoidForgetBackgroundWorker(slist_mutable_iter*cur);`
`51`	`51`	`externvoidReportBackgroundWorkerPID(RegisteredBgWorker*);`
`52`	`52`	`externvoidReportBackgroundWorkerExit(slist_mutable_iter*cur);`
`53`	`53`	`externvoidBackgroundWorkerStopNotifications(pid_tpid);`
	`54`	`+externvoidForgetUnstartedBackgroundWorkers(void);`
`54`	`55`	`externvoidResetBackgroundWorkerCrashTimes(void);`
`55`	`56`
`56`	`57`	`/* Function to start a background worker, called from postmaster.c */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3d8068e

File tree

4 files changed

4 files changed

`‎contrib/pg_prewarm/autoprewarm.c`

`‎src/backend/postmaster/bgworker.c`

`‎src/backend/postmaster/postmaster.c`

`‎src/include/postmaster/bgworker_internals.h`

0 commit comments