NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commitd73d14c

committed

Fix incorrect order of lock file removal and failure to close() sockets.

Commitc9b0cbe accidentally broke theorder of operations during postmaster shutdown: it resulted in removingthe per-socket lockfiles after, not before, postmaster.pid. This createsa race-condition hazard for a new postmaster that's started immediatelyafter observing that postmaster.pid has disappeared; if it sees thesocket lockfile still present, it will quite properly refuse to start.This error appears to be the explanation for at least some of theintermittent buildfarm failures we've seen in the pg_upgrade test.Another problem, which has been there all along, is that the postmasterhas never bothered to close() its listen sockets, but has just allowed themto close at process death. This creates a different race condition for anincoming postmaster: it might be unable to bind to the desired listenaddress because the old postmaster is still incumbent. This might explainsome odd failures we've seen in the past, too. (Note: this is not relatedto the fact that individual backends don't close their client communicationsockets. That behavior is intentional and is not changed by this patch.)Fix by adding an on_proc_exit function that closes the postmaster's portsexplicitly, and (in 9.3 and up) reshuffling the responsibility for whereto unlink the Unix socket files. Lock file unlinking can stay where itis, but teach it to unlink the lock files in reverse order of creation.

1 parent358cde3 commitd73d14cCopy full SHA for d73d14c

File tree

4 files changed

+78

-30

lines changed

src
- backend
  - libpq
    - pqcomm.c
  - postmaster
    - postmaster.c
  - utils/init
    - miscinit.c
- include/libpq
  - libpq.h

4 files changed

+78

-30

lines changed

`‎src/backend/libpq/pqcomm.c`

Lines changed: 25 additions & 29 deletions

Original file line number	Diff line number	Diff line change
`@@ -174,12 +174,15 @@ PQcommMethods *PqCommMethods = &PqCommSocketMethods;`
`174`	`174`	`void`
`175`	`175`	`pq_init(void)`
`176`	`176`	`{`
	`177`	`+/* initialize state variables */`
`177`	`178`	`PqSendBufferSize=PQ_SEND_BUFFER_SIZE;`
`178`	`179`	`PqSendBuffer=MemoryContextAlloc(TopMemoryContext,PqSendBufferSize);`
`179`	`180`	`PqSendPointer=PqSendStart=PqRecvPointer=PqRecvLength=0;`
`180`	`181`	`PqCommBusy= false;`
`181`	`182`	`PqCommReadingMsg= false;`
`182`	`183`	`DoingCopyOut= false;`
	`184`	`+`
	`185`	`+/* set up process-exit hook to close the socket */`
`183`	`186`	`on_proc_exit(socket_close,0);`
`184`	`187`
`185`	`188`	`/*`
`@@ -285,28 +288,6 @@ socket_close(int code, Datum arg)`
`285`	`288`	`*/`
`286`	`289`
`287`	`290`
`288`		`-/* StreamDoUnlink()`
`289`		`- * Shutdown routine for backend connection`
`290`		`- * If any Unix sockets are used for communication, explicitly close them.`
`291`		`- */`
`292`		`-#ifdefHAVE_UNIX_SOCKETS`
`293`		`-staticvoid`
`294`		`-StreamDoUnlink(intcode,Datumarg)`
`295`		`-{`
`296`		`-ListCell*l;`
`297`		`-`
`298`		`-/* Loop through all created sockets... */`
`299`		`-foreach(l,sock_paths)`
`300`		`-{`
`301`		`-charsock_path= (char)lfirst(l);`
`302`		`-`
`303`		`-unlink(sock_path);`
`304`		`-}`
`305`		`-/* Since we're about to exit, no need to reclaim storage */`
`306`		`-sock_paths=NIL;`
`307`		`-}`
`308`		`-#endif/* HAVE_UNIX_SOCKETS */`
`309`		`-`
`310`	`291`	`/*`
`311`	`292`	`* StreamServerPort -- open a "listening" port to accept connections.`
`312`	`293`	`*`
`@@ -588,16 +569,11 @@ Lock_AF_UNIX(char unixSocketDir, char unixSocketPath)`
`588`	`569`	`* Once we have the interlock, we can safely delete any pre-existing`
`589`	`570`	`* socket file to avoid failure at bind() time.`
`590`	`571`	`*/`
`591`		`-unlink(unixSocketPath);`
	`572`	`+(void)unlink(unixSocketPath);`
`592`	`573`
`593`	`574`	`/*`
`594`		`- * Arrange to unlink the socket file(s) at proc_exit. If this is the`
`595`		`- * first one, set up the on_proc_exit function to do it; then add this`
`596`		`- * socket file to the list of files to unlink.`
	`575`	`+ * Remember socket file pathnames for later maintenance.`
`597`	`576`	`*/`
`598`		`-if (sock_paths==NIL)`
`599`		`-on_proc_exit(StreamDoUnlink,0);`
`600`		`-`
`601`	`577`	`sock_paths=lappend(sock_paths,pstrdup(unixSocketPath));`
`602`	`578`
`603`	`579`	`returnSTATUS_OK;`
`@@ -858,6 +834,26 @@ TouchSocketFiles(void)`
`858`	`834`	`}`
`859`	`835`	`}`
`860`	`836`
	`837`	`+/*`
	`838`	`+ * RemoveSocketFiles -- unlink socket files at postmaster shutdown`
	`839`	`+ */`
	`840`	`+void`
	`841`	`+RemoveSocketFiles(void)`
	`842`	`+{`
	`843`	`+ListCell*l;`
	`844`	`+`
	`845`	`+/* Loop through all created sockets... */`
	`846`	`+foreach(l,sock_paths)`
	`847`	`+{`
	`848`	`+charsock_path= (char)lfirst(l);`
	`849`	`+`
	`850`	`+/* Ignore any error. */`
	`851`	`+(void)unlink(sock_path);`
	`852`	`+}`
	`853`	`+/* Since we're about to exit, no need to reclaim storage */`
	`854`	`+sock_paths=NIL;`
	`855`	`+}`
	`856`	`+`
`861`	`857`
`862`	`858`	`/* --------------------------------`
`863`	`859`	`* Low-level I/O routines begin here.`

`‎src/backend/postmaster/postmaster.c`

Lines changed: 47 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -370,6 +370,7 @@ static DNSServiceRef bonjour_sdref = NULL;`
`370`	`370`	`/*`
`371`	`371`	`* postmaster.c - function prototypes`
`372`	`372`	`*/`
	`373`	`+staticvoidCloseServerPorts(intstatus,Datumarg);`
`373`	`374`	`staticvoidunlink_external_pid_file(intstatus,Datumarg);`
`374`	`375`	`staticvoidgetInstallationPaths(constchar*argv0);`
`375`	`376`	`staticvoidcheckDataDir(void);`
`@@ -900,6 +901,11 @@ PostmasterMain(int argc, char *argv[])`
`900`	`901`	`* interlock (thanks to whoever decided to put socket files in /tmp :-().`
`901`	`902`	`* For the same reason, it's best to grab the TCP socket(s) before the`
`902`	`903`	`* Unix socket(s).`
	`904`	`+ *`
	`905`	`+ * Also note that this internally sets up the on_proc_exit function that`
	`906`	`+ * is responsible for removing both data directory and socket lockfiles;`
	`907`	`+ * so it must happen before opening sockets so that at exit, the socket`
	`908`	`+ * lockfiles go away after CloseServerPorts runs.`
`903`	`909`	`*/`
`904`	`910`	`CreateDataDirLockFile(true);`
`905`	`911`
`@@ -924,10 +930,15 @@ PostmasterMain(int argc, char *argv[])`
`924`	`930`
`925`	`931`	`/*`
`926`	`932`	`* Establish input sockets.`
	`933`	`+ *`
	`934`	`+ * First, mark them all closed, and set up an on_proc_exit function that's`
	`935`	`+ * charged with closing the sockets again at postmaster shutdown.`
`927`	`936`	`*/`
`928`	`937`	`for (i=0;i<MAXLISTEN;i++)`
`929`	`938`	`ListenSocket[i]=PGINVALID_SOCKET;`
`930`	`939`
	`940`	`+on_proc_exit(CloseServerPorts,0);`
	`941`	`+`
`931`	`942`	`if (ListenAddresses)`
`932`	`943`	`{`
`933`	`944`	`char*rawstring;`
`@@ -1271,6 +1282,42 @@ PostmasterMain(int argc, char *argv[])`
`1271`	`1282`	`}`
`1272`	`1283`
`1273`	`1284`
	`1285`	`+/*`
	`1286`	`+ * on_proc_exit callback to close server's listen sockets`
	`1287`	`+ */`
	`1288`	`+staticvoid`
	`1289`	`+CloseServerPorts(intstatus,Datumarg)`
	`1290`	`+{`
	`1291`	`+inti;`
	`1292`	`+`
	`1293`	`+/*`
	`1294`	`+ * First, explicitly close all the socket FDs. We used to just let this`
	`1295`	`+ * happen implicitly at postmaster exit, but it's better to close them`
	`1296`	`+ * before we remove the postmaster.pid lockfile; otherwise there's a race`
	`1297`	`+ * condition if a new postmaster wants to re-use the TCP port number.`
	`1298`	`+ */`
	`1299`	`+for (i=0;i<MAXLISTEN;i++)`
	`1300`	`+{`
	`1301`	`+if (ListenSocket[i]!=PGINVALID_SOCKET)`
	`1302`	`+{`
	`1303`	`+StreamClose(ListenSocket[i]);`
	`1304`	`+ListenSocket[i]=PGINVALID_SOCKET;`
	`1305`	`+}`
	`1306`	`+}`
	`1307`	`+`
	`1308`	`+/*`
	`1309`	`+ * Next, remove any filesystem entries for Unix sockets. To avoid race`
	`1310`	`+ * conditions against incoming postmasters, this must happen after closing`
	`1311`	`+ * the sockets and before removing lock files.`
	`1312`	`+ */`
	`1313`	`+RemoveSocketFiles();`
	`1314`	`+`
	`1315`	`+/*`
	`1316`	`+ * We don't do anything about socket lock files here; those will be`
	`1317`	`+ * removed in a later on_proc_exit callback.`
	`1318`	`+ */`
	`1319`	`+}`
	`1320`	`+`
`1274`	`1321`	`/*`
`1275`	`1322`	`* on_proc_exit callback to delete external_pid_file`
`1276`	`1323`	`*/`

`‎src/backend/utils/init/miscinit.c`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1018,7 +1018,11 @@ CreateLockFile(const char *filename, bool amPostmaster,`
`1018`	`1018`	`if (lock_files==NIL)`
`1019`	`1019`	`on_proc_exit(UnlinkLockFiles,0);`
`1020`	`1020`
`1021`		`-lock_files=lappend(lock_files,pstrdup(filename));`
	`1021`	`+/*`
	`1022`	`+ * Use lcons so that the lock files are unlinked in reverse order of`
	`1023`	`+ * creation; this is critical!`
	`1024`	`+ */`
	`1025`	`+lock_files=lcons(pstrdup(filename),lock_files);`
`1022`	`1026`	`}`
`1023`	`1027`
`1024`	`1028`	`/*`

`‎src/include/libpq/libpq.h`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,7 @@ extern int StreamServerPort(int family, char *hostName,`
`59`	`59`	`externintStreamConnection(pgsocketserver_fd,Port*port);`
`60`	`60`	`externvoidStreamClose(pgsocketsock);`
`61`	`61`	`externvoidTouchSocketFiles(void);`
	`62`	`+externvoidRemoveSocketFiles(void);`
`62`	`63`	`externvoidpq_init(void);`
`63`	`64`	`externintpq_getbytes(char*s,size_tlen);`
`64`	`65`	`externintpq_getstring(StringInfos);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitd73d14c

File tree

4 files changed

4 files changed

`‎src/backend/libpq/pqcomm.c`

`‎src/backend/postmaster/postmaster.c`

`‎src/backend/utils/init/miscinit.c`

`‎src/include/libpq/libpq.h`

0 commit comments