Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitdad55e1

Browse files
committed
Prevent interrupts while reporting non-ERROR elog messages.
This should eliminate the risk of recursive entry to syslog(3), whichappears to be the cause of the hang reported in bug #9551 from JamesMorton.Arguably, the real problem here is auth.c's willingness to turn onImmediateInterruptOK while executing fairly wide swaths of backend code.We may well need to work at narrowing the code ranges in which theauthentication_timeout interrupt is enabled. For the moment, though,this is a cheap and reasonably noninvasive fix for a field-reportedfailure; the other approach would be complex and not necessarilybug-free itself.Back-patch to all supported branches.
1 parent7aea105 commitdad55e1

File tree

1 file changed

+25
-13
lines changed

1 file changed

+25
-13
lines changed

‎src/backend/utils/error/elog.c

Lines changed: 25 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -389,12 +389,25 @@ errfinish(int dummy,...)
389389
{
390390
ErrorData*edata=&errordata[errordata_stack_depth];
391391
intelevel=edata->elevel;
392+
boolsave_ImmediateInterruptOK;
392393
MemoryContextoldcontext;
393394
ErrorContextCallback*econtext;
394395

395396
recursion_depth++;
396397
CHECK_STACK_DEPTH();
397398

399+
/*
400+
* Ensure we can't get interrupted while performing error reporting. This
401+
* is needed to prevent recursive entry to functions like syslog(), which
402+
* may not be re-entrant.
403+
*
404+
* Note: other places that save-and-clear ImmediateInterruptOK also do
405+
* HOLD_INTERRUPTS(), but that should not be necessary here since we
406+
* don't call anything that could turn on ImmediateInterruptOK.
407+
*/
408+
save_ImmediateInterruptOK=ImmediateInterruptOK;
409+
ImmediateInterruptOK= false;
410+
398411
/*
399412
* Do processing in ErrorContext, which we hope has enough reserved space
400413
* to report an error.
@@ -420,17 +433,16 @@ errfinish(int dummy,...)
420433
/*
421434
* We do some minimal cleanup before longjmp'ing so that handlers can
422435
* execute in a reasonably sane state.
423-
*/
424-
425-
/* This is just in case the error came while waiting for input */
426-
ImmediateInterruptOK= false;
427-
428-
/*
436+
*
429437
* Reset InterruptHoldoffCount in case we ereport'd from inside an
430438
* interrupt holdoff section. (We assume here that no handler will
431439
* itself be inside a holdoff section.If necessary, such a handler
432440
* could save and restore InterruptHoldoffCount for itself, but this
433441
* should make life easier for most.)
442+
*
443+
* Note that we intentionally don't restore ImmediateInterruptOK here,
444+
* even if it was set at entry. We definitely don't want that on
445+
* while doing error cleanup.
434446
*/
435447
InterruptHoldoffCount=0;
436448

@@ -487,10 +499,7 @@ errfinish(int dummy,...)
487499
{
488500
/*
489501
* For a FATAL error, we let proc_exit clean up and exit.
490-
*/
491-
ImmediateInterruptOK= false;
492-
493-
/*
502+
*
494503
* If we just reported a startup failure, the client will disconnect
495504
* on receiving it, so don't send any more to the client.
496505
*/
@@ -523,15 +532,18 @@ errfinish(int dummy,...)
523532
* XXX: what if we are *in* the postmaster? abort() won't kill our
524533
* children...
525534
*/
526-
ImmediateInterruptOK= false;
527535
fflush(stdout);
528536
fflush(stderr);
529537
abort();
530538
}
531539

532540
/*
533-
* We reach here if elevel <= WARNING. OK to return to caller.
534-
*
541+
* We reach here if elevel <= WARNING. OK to return to caller, so restore
542+
* caller's setting of ImmediateInterruptOK.
543+
*/
544+
ImmediateInterruptOK=save_ImmediateInterruptOK;
545+
546+
/*
535547
* But check for cancel/die interrupt first --- this is so that the user
536548
* can stop a query emitting tons of notice or warning messages, even if
537549
* it's in a loop that otherwise fails to check for interrupts.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp