NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitf40022f

committed

Make WaitLatch's WL_POSTMASTER_DEATH result trustworthy; simplify callers.

Per a suggestion from Peter Geoghegan, make WaitLatch responsible forverifying that the WL_POSTMASTER_DEATH bit it returns is truthful (bytesting PostmasterIsAlive). Then simplify its callers, who no longerneed to do that for themselves. Remove weasel wording about falsely-setresult bits from WaitLatch's API contract.

1 parent586d356 commitf40022fCopy full SHA for f40022f

File tree

7 files changed

+47

-37

lines changed

src/backend
- port
  - unix_latch.c
  - win32_latch.c
- postmaster

7 files changed

+47

-37

lines changed

`‎src/backend/port/unix_latch.c`

Lines changed: 24 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,7 @@`
`50`	`50`	`#include"miscadmin.h"`
`51`	`51`	`#include"postmaster/postmaster.h"`
`52`	`52`	`#include"storage/latch.h"`
	`53`	`+#include"storage/pmsignal.h"`
`53`	`54`	`#include"storage/shmem.h"`
`54`	`55`
`55`	`56`	`/* Are we currently in WaitLatch? The signal handler would like to know. */`
`@@ -160,15 +161,7 @@ DisownLatch(volatile Latch *latch)`
`160`	`161`	`*`
`161`	`162`	`* Returns bit mask indicating which condition(s) caused the wake-up. Note`
`162`	`163`	`* that if multiple wake-up conditions are true, there is no guarantee that`
`163`		`- * we return all of them in one call, but we will return at least one. Also,`
`164`		`- * according to the select(2) man page on Linux, select(2) may spuriously`
`165`		`- * return and report a file descriptor as readable, when it's not. We use`
`166`		`- * select(2), so WaitLatch can also spuriously claim that a socket is`
`167`		`- * readable, or postmaster has died, even when none of the wake conditions`
`168`		`- * have been satisfied. That should be rare in practice, but the caller`
`169`		`- * should not use the return value for anything critical, re-checking the`
`170`		`- * situation with PostmasterIsAlive() or read() on a socket as necessary.`
`171`		`- * The latch and timeout flag bits can be trusted, however.`
	`164`	`+ * we return all of them in one call, but we will return at least one.`
`172`	`165`	`*/`
`173`	`166`	`int`
`174`	`167`	`WaitLatch(volatileLatch*latch,intwakeEvents,longtimeout)`
`@@ -318,7 +311,17 @@ WaitLatchOrSocket(volatile Latch *latch, int wakeEvents, pgsocket sock,`
`318`	`311`	`if ((wakeEvents&WL_POSTMASTER_DEATH)&&`
`319`	`312`	`(pfds[nfds-1].revents& (POLLHUP \|POLLIN \|POLLERR \|POLLNVAL)))`
`320`	`313`	`{`
`321`		`-result \|=WL_POSTMASTER_DEATH;`
	`314`	`+/*`
	`315`	`+ * According to the select(2) man page on Linux, select(2) may`
	`316`	`+ * spuriously return and report a file descriptor as readable,`
	`317`	`+ * when it's not; and presumably so can poll(2). It's not clear`
	`318`	`+ * that the relevant cases would ever apply to the postmaster`
	`319`	`+ * pipe, but since the consequences of falsely returning`
	`320`	`+ * WL_POSTMASTER_DEATH could be pretty unpleasant, we take the`
	`321`	`+ * trouble to positively verify EOF with PostmasterIsAlive().`
	`322`	`+ */`
	`323`	`+if (!PostmasterIsAlive())`
	`324`	`+result \|=WL_POSTMASTER_DEATH;`
`322`	`325`	`}`
`323`	`326`
`324`	`327`	`#else/* !HAVE_POLL */`
`@@ -380,7 +383,17 @@ WaitLatchOrSocket(volatile Latch *latch, int wakeEvents, pgsocket sock,`
`380`	`383`	`if ((wakeEvents&WL_POSTMASTER_DEATH)&&`
`381`	`384`	`FD_ISSET(postmaster_alive_fds[POSTMASTER_FD_WATCH],&input_mask))`
`382`	`385`	`{`
`383`		`-result \|=WL_POSTMASTER_DEATH;`
	`386`	`+/*`
	`387`	`+ * According to the select(2) man page on Linux, select(2) may`
	`388`	`+ * spuriously return and report a file descriptor as readable,`
	`389`	`+ * when it's not; and presumably so can poll(2). It's not clear`
	`390`	`+ * that the relevant cases would ever apply to the postmaster`
	`391`	`+ * pipe, but since the consequences of falsely returning`
	`392`	`+ * WL_POSTMASTER_DEATH could be pretty unpleasant, we take the`
	`393`	`+ * trouble to positively verify EOF with PostmasterIsAlive().`
	`394`	`+ */`
	`395`	`+if (!PostmasterIsAlive())`
	`396`	`+result \|=WL_POSTMASTER_DEATH;`
`384`	`397`	`}`
`385`	`398`	`#endif/* HAVE_POLL */`
`386`	`399`	`}while (result==0);`

`‎src/backend/port/win32_latch.c`

Lines changed: 10 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@`
`26`	`26`	`#include"miscadmin.h"`
`27`	`27`	`#include"postmaster/postmaster.h"`
`28`	`28`	`#include"storage/latch.h"`
	`29`	`+#include"storage/pmsignal.h"`
`29`	`30`	`#include"storage/shmem.h"`
`30`	`31`
`31`	`32`
`@@ -217,8 +218,15 @@ WaitLatchOrSocket(volatile Latch *latch, int wakeEvents, pgsocket sock,`
`217`	`218`	`elseif ((wakeEvents&WL_POSTMASTER_DEATH)&&`
`218`	`219`	`rc==WAIT_OBJECT_0+pmdeath_eventno)`
`219`	`220`	`{`
`220`		`-/* Postmaster died */`
`221`		`-result \|=WL_POSTMASTER_DEATH;`
	`221`	`+/*`
	`222`	`+ * Postmaster apparently died. Since the consequences of falsely`
	`223`	`+ * returning WL_POSTMASTER_DEATH could be pretty unpleasant, we`
	`224`	`+ * take the trouble to positively verify this with`
	`225`	`+ * PostmasterIsAlive(), even though there is no known reason to`
	`226`	`+ * think that the event could be falsely set on Windows.`
	`227`	`+ */`
	`228`	`+if (!PostmasterIsAlive())`
	`229`	`+result \|=WL_POSTMASTER_DEATH;`
`222`	`230`	`}`
`223`	`231`	`else`
`224`	`232`	`elog(ERROR,"unexpected return code from WaitForMultipleObjects(): %lu",rc);`

`‎src/backend/postmaster/autovacuum.c`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -574,6 +574,7 @@ AutoVacLauncherMain(int argc, char *argv[])`
`574`	`574`	`TimestampTzcurrent_time=0;`
`575`	`575`	`boolcan_launch;`
`576`	`576`	`Dlelem*elem;`
	`577`	`+intrc;`
`577`	`578`
`578`	`579`	`/*`
`579`	`580`	`* This loop is a bit different from the normal use of WaitLatch,`
`@@ -592,9 +593,9 @@ AutoVacLauncherMain(int argc, char *argv[])`
`592`	`593`	`* Wait until naptime expires or we get some type of signal (all the`
`593`	`594`	`* signal handlers will wake us by calling SetLatch).`
`594`	`595`	`*/`
`595`		`-WaitLatch(&MyProc->procLatch,`
`596`		`-WL_LATCH_SET \|WL_TIMEOUT \|WL_POSTMASTER_DEATH,`
`597`		`- (nap.tv_sec*1000L)+ (nap.tv_usec /1000L));`
	`596`	`+rc=WaitLatch(&MyProc->procLatch,`
	`597`	`+WL_LATCH_SET \|WL_TIMEOUT \|WL_POSTMASTER_DEATH,`
	`598`	`+ (nap.tv_sec*1000L)+ (nap.tv_usec /1000L));`
`598`	`599`
`599`	`600`	`ResetLatch(&MyProc->procLatch);`
`600`	`601`
`@@ -604,7 +605,7 @@ AutoVacLauncherMain(int argc, char *argv[])`
`604`	`605`	`* Emergency bailout if postmaster has died. This is to avoid the`
`605`	`606`	`* necessity for manual cleanup of all postmaster children.`
`606`	`607`	`*/`
`607`		`-if (!PostmasterIsAlive())`
	`608`	`+if (rc&WL_POSTMASTER_DEATH)`
`608`	`609`	`proc_exit(1);`
`609`	`610`
`610`	`611`	`/* the normal shutdown case */`

`‎src/backend/postmaster/bgwriter.c`

Lines changed: 2 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,6 @@`
`48`	`48`	`#include"storage/buf_internals.h"`
`49`	`49`	`#include"storage/ipc.h"`
`50`	`50`	`#include"storage/lwlock.h"`
`51`		`-#include"storage/pmsignal.h"`
`52`	`51`	`#include"storage/proc.h"`
`53`	`52`	`#include"storage/shmem.h"`
`54`	`53`	`#include"storage/smgr.h"`
`@@ -323,11 +322,9 @@ BackgroundWriterMain(void)`
`323`	`322`
`324`	`323`	`/*`
`325`	`324`	`* Emergency bailout if postmaster has died. This is to avoid the`
`326`		`- * necessity for manual cleanup of all postmaster children. Note`
`327`		`- * that we mustn't trust the WL_POSTMASTER_DEATH result flag entirely;`
`328`		`- * if it is set, recheck with PostmasterIsAlive before believing it.`
	`325`	`+ * necessity for manual cleanup of all postmaster children.`
`329`	`326`	`*/`
`330`		`-if ((rc&WL_POSTMASTER_DEATH)&& !PostmasterIsAlive())`
	`327`	`+if (rc&WL_POSTMASTER_DEATH)`
`331`	`328`	`exit(1);`
`332`	`329`
`333`	`330`	`prev_hibernate=can_hibernate;`

`‎src/backend/postmaster/checkpointer.c`

Lines changed: 2 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,6 @@`
`50`	`50`	`#include"storage/bufmgr.h"`
`51`	`51`	`#include"storage/ipc.h"`
`52`	`52`	`#include"storage/lwlock.h"`
`53`		`-#include"storage/pmsignal.h"`
`54`	`53`	`#include"storage/proc.h"`
`55`	`54`	`#include"storage/shmem.h"`
`56`	`55`	`#include"storage/smgr.h"`
`@@ -581,11 +580,9 @@ CheckpointerMain(void)`
`581`	`580`
`582`	`581`	`/*`
`583`	`582`	`* Emergency bailout if postmaster has died. This is to avoid the`
`584`		`- * necessity for manual cleanup of all postmaster children. Note`
`585`		`- * that we mustn't trust the WL_POSTMASTER_DEATH result flag entirely;`
`586`		`- * if it is set, recheck with PostmasterIsAlive before believing it.`
	`583`	`+ * necessity for manual cleanup of all postmaster children.`
`587`	`584`	`*/`
`588`		`-if ((rc&WL_POSTMASTER_DEATH)&& !PostmasterIsAlive())`
	`585`	`+if (rc&WL_POSTMASTER_DEATH)`
`589`	`586`	`exit(1);`
`590`	`587`	`}`
`591`	`588`	`}`

`‎src/backend/postmaster/pgstat.c`

Lines changed: 2 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,6 @@`
`51`	`51`	`#include"storage/ipc.h"`
`52`	`52`	`#include"storage/latch.h"`
`53`	`53`	`#include"storage/pg_shmem.h"`
`54`		`-#include"storage/pmsignal.h"`
`55`	`54`	`#include"storage/procsignal.h"`
`56`	`55`	`#include"utils/ascii.h"`
`57`	`56`	`#include"utils/guc.h"`
`@@ -3227,11 +3226,9 @@ PgstatCollectorMain(int argc, char *argv[])`
`3227`	`3226`
`3228`	`3227`	`/*`
`3229`	`3228`	`* Emergency bailout if postmaster has died. This is to avoid the`
`3230`		`- * necessity for manual cleanup of all postmaster children. Note`
`3231`		`- * that we mustn't trust the WL_POSTMASTER_DEATH result flag entirely;`
`3232`		`- * if it is set, recheck with PostmasterIsAlive before believing it.`
	`3229`	`+ * necessity for manual cleanup of all postmaster children.`
`3233`	`3230`	`*/`
`3234`		`-if ((wr&WL_POSTMASTER_DEATH)&& !PostmasterIsAlive())`
	`3231`	`+if (wr&WL_POSTMASTER_DEATH)`
`3235`	`3232`	`break;`
`3236`	`3233`	`}/* end of outer loop */`
`3237`	`3234`

`‎src/backend/postmaster/walwriter.c`

Lines changed: 2 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,6 @@`
`53`	`53`	`#include"storage/bufmgr.h"`
`54`	`54`	`#include"storage/ipc.h"`
`55`	`55`	`#include"storage/lwlock.h"`
`56`		`-#include"storage/pmsignal.h"`
`57`	`56`	`#include"storage/proc.h"`
`58`	`57`	`#include"storage/smgr.h"`
`59`	`58`	`#include"utils/guc.h"`
`@@ -305,11 +304,9 @@ WalWriterMain(void)`
`305`	`304`
`306`	`305`	`/*`
`307`	`306`	`* Emergency bailout if postmaster has died. This is to avoid the`
`308`		`- * necessity for manual cleanup of all postmaster children. Note`
`309`		`- * that we mustn't trust the WL_POSTMASTER_DEATH result flag entirely;`
`310`		`- * if it is set, recheck with PostmasterIsAlive before believing it.`
	`307`	`+ * necessity for manual cleanup of all postmaster children.`
`311`	`308`	`*/`
`312`		`-if ((rc&WL_POSTMASTER_DEATH)&& !PostmasterIsAlive())`
	`309`	`+if (rc&WL_POSTMASTER_DEATH)`
`313`	`310`	`exit(1);`
`314`	`311`	`}`
`315`	`312`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitf40022f

File tree

7 files changed

7 files changed

`‎src/backend/port/unix_latch.c`

`‎src/backend/port/win32_latch.c`

`‎src/backend/postmaster/autovacuum.c`

`‎src/backend/postmaster/bgwriter.c`

`‎src/backend/postmaster/checkpointer.c`

`‎src/backend/postmaster/pgstat.c`

`‎src/backend/postmaster/walwriter.c`

0 commit comments