NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitac1d794

committed

Make idle backends exit if the postmaster dies.

Letting backends continue to run if the postmaster has exited preventsPostgreSQL from being restarted, which in many environments iscatastrophic. Worse, if some other backend crashes, we no longer haveany protection against shared memory corruption. So, arrange for themto exit instead. We don't want to expend many cycles on this, butincluding postmaster death in the set of things that we wait for whena backend is idle seems cheap enough.Rajeev Rastogi and Robert Haas

1 parenta05dc4d commitac1d794Copy full SHA for ac1d794

File tree

1 file changed

+31

-2

lines changed

src/backend/libpq
- be-secure.c

1 file changed

+31

-2

lines changed

`‎src/backend/libpq/be-secure.c`

Lines changed: 31 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@`
`35`	`35`	`#include"miscadmin.h"`
`36`	`36`	`#include"tcop/tcopprot.h"`
`37`	`37`	`#include"utils/memutils.h"`
	`38`	`+#include"storage/ipc.h"`
`38`	`39`	`#include"storage/proc.h"`
`39`	`40`
`40`	`41`
`@@ -144,9 +145,31 @@ secure_read(Port port, void ptr, size_t len)`
`144`	`145`	`Assert(waitfor);`
`145`	`146`
`146`	`147`	`w=WaitLatchOrSocket(MyLatch,`
`147`		`-WL_LATCH_SET \|waitfor,`
	`148`	`+WL_LATCH_SET \|WL_POSTMASTER_DEATH \|waitfor,`
`148`	`149`	`port->sock,0);`
`149`	`150`
	`151`	`+/*`
	`152`	`+ * If the postmaster has died, it's not safe to continue running,`
	`153`	`+ * because it is the postmaster's job to kill us if some other backend`
	`154`	`+ * exists uncleanly. Moreover, we won't run very well in this state;`
	`155`	`+ * helper processes like walwriter and the bgwriter will exit, so`
	`156`	`+ * performance may be poor. Finally, if we don't exit, pg_ctl will`
	`157`	`+ * be unable to restart the postmaster without manual intervention,`
	`158`	`+ * so no new connections can be accepted. Exiting clears the deck`
	`159`	`+ * for a postmaster restart.`
	`160`	`+ *`
	`161`	`+ * (Note that we only make this check when we would otherwise sleep`
	`162`	`+ * on our latch. We might still continue running for a while if the`
	`163`	`+ * postmaster is killed in mid-query, or even through multiple queries`
	`164`	`+ * if we never have to wait for read. We don't want to burn too many`
	`165`	`+ * cycles checking for this very rare condition, and this should cause`
	`166`	`+ * us to exit quickly in most cases.)`
	`167`	`+ */`
	`168`	`+if (w&WL_POSTMASTER_DEATH)`
	`169`	`+ereport(FATAL,`
	`170`	`+(errcode(ERRCODE_ADMIN_SHUTDOWN),`
	`171`	`+errmsg("terminating connection due to unexpected postmaster exit")));`
	`172`	`+`
`150`	`173`	`/* Handle interrupt. */`
`151`	`174`	`if (w&WL_LATCH_SET)`
`152`	`175`	`{`
`@@ -223,9 +246,15 @@ secure_write(Port port, void ptr, size_t len)`
`223`	`246`	`Assert(waitfor);`
`224`	`247`
`225`	`248`	`w=WaitLatchOrSocket(MyLatch,`
`226`		`-WL_LATCH_SET \|waitfor,`
	`249`	`+WL_LATCH_SET \|WL_POSTMASTER_DEATH \|waitfor,`
`227`	`250`	`port->sock,0);`
`228`	`251`
	`252`	`+/* See comments in secure_read. */`
	`253`	`+if (w&WL_POSTMASTER_DEATH)`
	`254`	`+ereport(FATAL,`
	`255`	`+(errcode(ERRCODE_ADMIN_SHUTDOWN),`
	`256`	`+errmsg("terminating connection due to unexpected postmaster exit")));`
	`257`	`+`
`229`	`258`	`/* Handle interrupt. */`
`230`	`259`	`if (w&WL_LATCH_SET)`
`231`	`260`	`{`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitac1d794

File tree

1 file changed

1 file changed

`‎src/backend/libpq/be-secure.c`

0 commit comments