NotificationsYou must be signed in to change notification settings
Fork5
Star27

Commit53c5b86

committed

Tighten up error recovery for fast-path locking.

The previous code could cause a backend crash after BEGIN; SAVEPOINT a;LOCK TABLE foo (interrupted by ^C or statement timeout); ROLLBACK TOSAVEPOINT a; LOCK TABLE foo, and might have leaked strong-lock countsin other situations.Report by Zoltán Böszörményi; patch review by Jeff Davis.

1 parentab77b2d commit53c5b86Copy full SHA for 53c5b86

File tree

7 files changed

+94

-31

lines changed

src
- backend
  - access/transam
    - xact.c
  - storage/lmgr
  - tcop
    - postgres.c
- include/storage
  - lock.h
  - proc.h

7 files changed

+94

-31

lines changed

`‎src/backend/access/transam/xact.c‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -2259,7 +2259,7 @@ AbortTransaction(void)`
`2259`	`2259`	`* Also clean up any open wait for lock, since the lock manager will choke`
`2260`	`2260`	`* if we try to wait for another lock before doing this.`
`2261`	`2261`	`*/`
`2262`		`-LockWaitCancel();`
	`2262`	`+LockErrorCleanup();`
`2263`	`2263`
`2264`	`2264`	`/*`
`2265`	`2265`	`* check the current transaction state`
`@@ -4144,7 +4144,7 @@ AbortSubTransaction(void)`
`4144`	`4144`	`AbortBufferIO();`
`4145`	`4145`	`UnlockBuffers();`
`4146`	`4146`
`4147`		`-LockWaitCancel();`
	`4147`	`+LockErrorCleanup();`
`4148`	`4148`
`4149`	`4149`	`/*`
`4150`	`4150`	`* check the current transaction state`

`‎src/backend/storage/lmgr/README‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -560,7 +560,7 @@ examines every member of the wait queue (this was not true in the 7.0`
`560`	`560`	`implementation, BTW). Therefore, if ProcLockWakeup is always invoked`
`561`	`561`	`after a lock is released or a wait queue is rearranged, there can be no`
`562`	`562`	`failure to wake a wakable process. One should also note that`
`563`		`-LockWaitCancel (abort a waiter due to outside factors) must run`
	`563`	`+LockErrorCleanup (abort a waiter due to outside factors) must run`
`564`	`564`	`ProcLockWakeup, in case the canceled waiter was soft-blocking other`
`565`	`565`	`waiters.`
`566`	`566`

`‎src/backend/storage/lmgr/lock.c‎`

Lines changed: 75 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -250,7 +250,8 @@ static HTAB *LockMethodProcLockHash;`
`250`	`250`	`staticHTAB*LockMethodLocalHash;`
`251`	`251`
`252`	`252`
`253`		`-/* private state for GrantAwaitedLock */`
	`253`	`+/* private state for error cleanup */`
	`254`	`+staticLOCALLOCK*StrongLockInProgress;`
`254`	`255`	`staticLOCALLOCK*awaitedLock;`
`255`	`256`	`staticResourceOwnerawaitedOwner;`
`256`	`257`
`@@ -338,6 +339,8 @@ static void RemoveLocalLock(LOCALLOCK *locallock);`
`338`	`339`	`staticPROCLOCKSetupLockInTable(LockMethodlockMethodTable,PGPROCproc,`
`339`	`340`	`constLOCKTAG*locktag,uint32hashcode,LOCKMODElockmode);`
`340`	`341`	`staticvoidGrantLockLocal(LOCALLOCK*locallock,ResourceOwnerowner);`
	`342`	`+staticvoidBeginStrongLockAcquire(LOCALLOCK*locallock,uint32fasthashcode);`
	`343`	`+staticvoidFinishStrongLockAcquire(void);`
`341`	`344`	`staticvoidWaitOnLock(LOCALLOCK*locallock,ResourceOwnerowner);`
`342`	`345`	`staticvoidReleaseLockForOwner(LOCALLOCK*locallock,ResourceOwnerowner);`
`343`	`346`	`staticboolUnGrantLock(LOCK*lock,LOCKMODElockmode,`
`@@ -738,22 +741,11 @@ LockAcquireExtended(const LOCKTAG *locktag,`
`738`	`741`	`}`
`739`	`742`	`elseif (FastPathStrongMode(lockmode))`
`740`	`743`	`{`
`741`		`-/*`
`742`		`- * Adding to a memory location is not atomic, so we take a`
`743`		`- * spinlock to ensure we don't collide with someone else trying`
`744`		`- * to bump the count at the same time.`
`745`		`- *`
`746`		`- * XXX: It might be worth considering using an atomic fetch-and-add`
`747`		`- * instruction here, on architectures where that is supported.`
`748`		`- */`
`749`		`-Assert(locallock->holdsStrongLockCount== FALSE);`
`750`		`-SpinLockAcquire(&FastPathStrongRelationLocks->mutex);`
`751`		`-FastPathStrongRelationLocks->count[fasthashcode]++;`
`752`		`-locallock->holdsStrongLockCount= TRUE;`
`753`		`-SpinLockRelease(&FastPathStrongRelationLocks->mutex);`
	`744`	`+BeginStrongLockAcquire(locallock,fasthashcode);`
`754`	`745`	`if (!FastPathTransferRelationLocks(lockMethodTable,locktag,`
`755`	`746`	`hashcode))`
`756`	`747`	`{`
	`748`	`+AbortStrongLockAcquire();`
`757`	`749`	`if (reportMemoryError)`
`758`	`750`	`ereport(ERROR,`
`759`	`751`	`(errcode(ERRCODE_OUT_OF_MEMORY),`
`@@ -779,6 +771,7 @@ LockAcquireExtended(const LOCKTAG *locktag,`
`779`	`771`	`hashcode,lockmode);`
`780`	`772`	`if (!proclock)`
`781`	`773`	`{`
	`774`	`+AbortStrongLockAcquire();`
`782`	`775`	`LWLockRelease(partitionLock);`
`783`	`776`	`if (reportMemoryError)`
`784`	`777`	`ereport(ERROR,`
`@@ -820,6 +813,7 @@ LockAcquireExtended(const LOCKTAG *locktag,`
`820`	`813`	`*/`
`821`	`814`	`if (dontWait)`
`822`	`815`	`{`
	`816`	`+AbortStrongLockAcquire();`
`823`	`817`	`if (proclock->holdMask==0)`
`824`	`818`	`{`
`825`	`819`	`uint32proclock_hashcode;`
`@@ -884,6 +878,7 @@ LockAcquireExtended(const LOCKTAG *locktag,`
`884`	`878`	`*/`
`885`	`879`	`if (!(proclock->holdMask&LOCKBIT_ON(lockmode)))`
`886`	`880`	`{`
	`881`	`+AbortStrongLockAcquire();`
`887`	`882`	`PROCLOCK_PRINT("LockAcquire: INCONSISTENT",proclock);`
`888`	`883`	`LOCK_PRINT("LockAcquire: INCONSISTENT",lock,lockmode);`
`889`	`884`	`/* Should we retry ? */`
`@@ -894,6 +889,12 @@ LockAcquireExtended(const LOCKTAG *locktag,`
`894`	`889`	`LOCK_PRINT("LockAcquire: granted",lock,lockmode);`
`895`	`890`	`}`
`896`	`891`
	`892`	`+/*`
	`893`	`+ * Lock state is fully up-to-date now; if we error out after this, no`
	`894`	`+ * special error cleanup is required.`
	`895`	`+ */`
	`896`	`+FinishStrongLockAcquire();`
	`897`	`+`
`897`	`898`	`LWLockRelease(partitionLock);`
`898`	`899`
`899`	`900`	`/*`
`@@ -1349,6 +1350,64 @@ GrantLockLocal(LOCALLOCK *locallock, ResourceOwner owner)`
`1349`	`1350`	`locallock->numLockOwners++;`
`1350`	`1351`	`}`
`1351`	`1352`
	`1353`	`+/*`
	`1354`	`+ * BeginStrongLockAcquire - inhibit use of fastpath for a given LOCALLOCK,`
	`1355`	`+ * and arrange for error cleanup if it fails`
	`1356`	`+ */`
	`1357`	`+staticvoid`
	`1358`	`+BeginStrongLockAcquire(LOCALLOCK*locallock,uint32fasthashcode)`
	`1359`	`+{`
	`1360`	`+Assert(StrongLockInProgress==NULL);`
	`1361`	`+Assert(locallock->holdsStrongLockCount== FALSE);`
	`1362`	`+`
	`1363`	`+/*`
	`1364`	`+ * Adding to a memory location is not atomic, so we take a`
	`1365`	`+ * spinlock to ensure we don't collide with someone else trying`
	`1366`	`+ * to bump the count at the same time.`
	`1367`	`+ *`
	`1368`	`+ * XXX: It might be worth considering using an atomic fetch-and-add`
	`1369`	`+ * instruction here, on architectures where that is supported.`
	`1370`	`+ */`
	`1371`	`+`
	`1372`	`+SpinLockAcquire(&FastPathStrongRelationLocks->mutex);`
	`1373`	`+FastPathStrongRelationLocks->count[fasthashcode]++;`
	`1374`	`+locallock->holdsStrongLockCount= TRUE;`
	`1375`	`+StrongLockInProgress=locallock;`
	`1376`	`+SpinLockRelease(&FastPathStrongRelationLocks->mutex);`
	`1377`	`+}`
	`1378`	`+`
	`1379`	`+/*`
	`1380`	`+ * FinishStrongLockAcquire - cancel pending cleanup for a strong lock`
	`1381`	`+ * acquisition once it's no longer needed`
	`1382`	`+ */`
	`1383`	`+staticvoid`
	`1384`	`+FinishStrongLockAcquire(void)`
	`1385`	`+{`
	`1386`	`+StrongLockInProgress=NULL;`
	`1387`	`+}`
	`1388`	`+`
	`1389`	`+/*`
	`1390`	`+ * AbortStrongLockAcquire - undo strong lock state changes performed by`
	`1391`	`+ * BeginStrongLockAcquire.`
	`1392`	`+ */`
	`1393`	`+void`
	`1394`	`+AbortStrongLockAcquire(void)`
	`1395`	`+{`
	`1396`	`+uint32fasthashcode;`
	`1397`	`+LOCALLOCK*locallock=StrongLockInProgress;`
	`1398`	`+`
	`1399`	`+if (locallock==NULL)`
	`1400`	`+return;`
	`1401`	`+`
	`1402`	`+fasthashcode=FastPathStrongLockHashPartition(locallock->hashcode);`
	`1403`	`+Assert(locallock->holdsStrongLockCount== TRUE);`
	`1404`	`+SpinLockAcquire(&FastPathStrongRelationLocks->mutex);`
	`1405`	`+FastPathStrongRelationLocks->count[fasthashcode]--;`
	`1406`	`+locallock->holdsStrongLockCount= FALSE;`
	`1407`	`+StrongLockInProgress=NULL;`
	`1408`	`+SpinLockRelease(&FastPathStrongRelationLocks->mutex);`
	`1409`	`+}`
	`1410`	`+`
`1352`	`1411`	`/*`
`1353`	`1412`	`* GrantAwaitedLock -- call GrantLockLocal for the lock we are doing`
`1354`	`1413`	`*WaitOnLock on.`
`@@ -1414,7 +1473,7 @@ WaitOnLock(LOCALLOCK *locallock, ResourceOwner owner)`
`1414`	`1473`	`* We can and do use a PG_TRY block to try to clean up after failure, but`
`1415`	`1474`	`* this still has a major limitation: elog(FATAL) can occur while waiting`
`1416`	`1475`	`* (eg, a "die" interrupt), and then control won't come back here. So all`
`1417`		`- * cleanup of essential state should happen inLockWaitCancel, not here.`
	`1476`	`+ * cleanup of essential state should happen inLockErrorCleanup, not here.`
`1418`	`1477`	`* We can use PG_TRY to clear the "waiting" status flags, since doing that`
`1419`	`1478`	`* is unimportant if the process exits.`
`1420`	`1479`	`*/`
`@@ -1441,7 +1500,7 @@ WaitOnLock(LOCALLOCK *locallock, ResourceOwner owner)`
`1441`	`1500`	`}`
`1442`	`1501`	`PG_CATCH();`
`1443`	`1502`	`{`
`1444`		`-/* In this path, awaitedLock remains set untilLockWaitCancel */`
	`1503`	`+/* In this path, awaitedLock remains set untilLockErrorCleanup */`
`1445`	`1504`
`1446`	`1505`	`/* Report change to non-waiting status */`
`1447`	`1506`	`pgstat_report_waiting(false);`

`‎src/backend/storage/lmgr/proc.c‎`

Lines changed: 11 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -635,17 +635,20 @@ IsWaitingForLock(void)`
`635`	`635`	`}`
`636`	`636`
`637`	`637`	`/*`
`638`		`- * Cancel any pending wait for lock, when aborting a transaction.`
	`638`	`+ * Cancel any pending wait for lock, when aborting a transaction, and revert`
	`639`	`+ * any strong lock count acquisition for a lock being acquired.`
`639`	`640`	`*`
`640`	`641`	`* (Normally, this would only happen if we accept a cancel/die`
`641`		`- * interrupt while waiting; but an ereport(ERROR)while waiting is`
`642`		`- * within the realm of possibility, too.)`
	`642`	`+ * interrupt while waiting; but an ereport(ERROR)before or during the lock`
	`643`	`+ *wait iswithin the realm of possibility, too.)`
`643`	`644`	`*/`
`644`	`645`	`void`
`645`		`-LockWaitCancel(void)`
	`646`	`+LockErrorCleanup(void)`
`646`	`647`	`{`
`647`	`648`	`LWLockIdpartitionLock;`
`648`	`649`
	`650`	`+AbortStrongLockAcquire();`
	`651`	`+`
`649`	`652`	`/* Nothing to do if we weren't waiting for a lock */`
`650`	`653`	`if (lockAwaited==NULL)`
`651`	`654`	`return;`
`@@ -709,7 +712,7 @@ ProcReleaseLocks(bool isCommit)`
`709`	`712`	`if (!MyProc)`
`710`	`713`	`return;`
`711`	`714`	`/* If waiting, get off wait queue (should only be needed after error) */`
`712`		`-LockWaitCancel();`
	`715`	`+LockErrorCleanup();`
`713`	`716`	`/* Release locks */`
`714`	`717`	`LockReleaseAll(DEFAULT_LOCKMETHOD, !isCommit);`
`715`	`718`
`@@ -1019,7 +1022,7 @@ ProcSleep(LOCALLOCK *locallock, LockMethod lockMethodTable)`
`1019`	`1022`	`* NOTE: this may also cause us to exit critical-section state, possibly`
`1020`	`1023`	`* allowing a cancel/die interrupt to be accepted. This is OK because we`
`1021`	`1024`	`* have recorded the fact that we are waiting for a lock, and so`
`1022`		`- *LockWaitCancel will clean up if cancel/die happens.`
	`1025`	`+ *LockErrorCleanup will clean up if cancel/die happens.`
`1023`	`1026`	`*/`
`1024`	`1027`	`LWLockRelease(partitionLock);`
`1025`	`1028`
`@@ -1062,7 +1065,7 @@ ProcSleep(LOCALLOCK *locallock, LockMethod lockMethodTable)`
`1062`	`1065`	`* don't, because we have no shared-state-change work to do after being`
`1063`	`1066`	`* granted the lock (the grantor did it all). We do have to worry about`
`1064`	`1067`	`* updating the locallock table, but if we lose control to an error,`
`1065`		`- *LockWaitCancel will fix that up.`
	`1068`	`+ *LockErrorCleanup will fix that up.`
`1066`	`1069`	`*/`
`1067`	`1070`	`do`
`1068`	`1071`	`{`
`@@ -1207,7 +1210,7 @@ ProcSleep(LOCALLOCK *locallock, LockMethod lockMethodTable)`
`1207`	`1210`	`LWLockAcquire(partitionLock,LW_EXCLUSIVE);`
`1208`	`1211`
`1209`	`1212`	`/*`
`1210`		`- * We no longer wantLockWaitCancel to do anything.`
	`1213`	`+ * We no longer wantLockErrorCleanup to do anything.`
`1211`	`1214`	`*/`
`1212`	`1215`	`lockAwaited=NULL;`
`1213`	`1216`

`‎src/backend/tcop/postgres.c‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -2575,7 +2575,7 @@ die(SIGNAL_ARGS)`
`2575`	`2575`	`/* bump holdoff count to make ProcessInterrupts() a no-op */`
`2576`	`2576`	`/* until we are done getting ready for it */`
`2577`	`2577`	`InterruptHoldoffCount++;`
`2578`		`-LockWaitCancel();/* prevent CheckDeadLock from running */`
	`2578`	`+LockErrorCleanup();/* prevent CheckDeadLock from running */`
`2579`	`2579`	`DisableNotifyInterrupt();`
`2580`	`2580`	`DisableCatchupInterrupt();`
`2581`	`2581`	`InterruptHoldoffCount--;`
`@@ -2617,7 +2617,7 @@ StatementCancelHandler(SIGNAL_ARGS)`
`2617`	`2617`	`/* bump holdoff count to make ProcessInterrupts() a no-op */`
`2618`	`2618`	`/* until we are done getting ready for it */`
`2619`	`2619`	`InterruptHoldoffCount++;`
`2620`		`-LockWaitCancel();/* prevent CheckDeadLock from running */`
	`2620`	`+LockErrorCleanup();/* prevent CheckDeadLock from running */`
`2621`	`2621`	`DisableNotifyInterrupt();`
`2622`	`2622`	`DisableCatchupInterrupt();`
`2623`	`2623`	`InterruptHoldoffCount--;`
`@@ -2776,7 +2776,7 @@ RecoveryConflictInterrupt(ProcSignalReason reason)`
`2776`	`2776`	`/* bump holdoff count to make ProcessInterrupts() a no-op */`
`2777`	`2777`	`/* until we are done getting ready for it */`
`2778`	`2778`	`InterruptHoldoffCount++;`
`2779`		`-LockWaitCancel();/* prevent CheckDeadLock from running */`
	`2779`	`+LockErrorCleanup();/* prevent CheckDeadLock from running */`
`2780`	`2780`	`DisableNotifyInterrupt();`
`2781`	`2781`	`DisableCatchupInterrupt();`
`2782`	`2782`	`InterruptHoldoffCount--;`

`‎src/include/storage/lock.h‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -489,6 +489,7 @@ extern LockAcquireResult LockAcquireExtended(const LOCKTAG *locktag,`
`489`	`489`	`boolsessionLock,`
`490`	`490`	`booldontWait,`
`491`	`491`	`boolreport_memory_error);`
	`492`	`+externvoidAbortStrongLockAcquire(void);`
`492`	`493`	`externboolLockRelease(constLOCKTAG*locktag,`
`493`	`494`	`LOCKMODElockmode,boolsessionLock);`
`494`	`495`	`externvoidLockReleaseSession(LOCKMETHODIDlockmethodid);`

`‎src/include/storage/proc.h‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,7 @@ extern intProcSleep(LOCALLOCK *locallock, LockMethod lockMethodTable);`
`244`	`244`	`externPGPROCProcWakeup(PGPROCproc,intwaitStatus);`
`245`	`245`	`externvoidProcLockWakeup(LockMethodlockMethodTable,LOCK*lock);`
`246`	`246`	`externboolIsWaitingForLock(void);`
`247`		`-externvoidLockWaitCancel(void);`
	`247`	`+externvoidLockErrorCleanup(void);`
`248`	`248`
`249`	`249`	`externvoidProcWaitForSignal(void);`
`250`	`250`	`externvoidProcSendSignal(intpid);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit53c5b86

File tree

7 files changed

7 files changed

`‎src/backend/access/transam/xact.c‎`

`‎src/backend/storage/lmgr/README‎`

`‎src/backend/storage/lmgr/lock.c‎`

`‎src/backend/storage/lmgr/proc.c‎`

`‎src/backend/tcop/postgres.c‎`

`‎src/include/storage/lock.h‎`

`‎src/include/storage/proc.h‎`

0 commit comments