|
50 | 50 | #include "miscadmin.h" |
51 | 51 | #include "postmaster/postmaster.h" |
52 | 52 | #include "storage/latch.h" |
| 53 | +#include "storage/pmsignal.h" |
53 | 54 | #include "storage/shmem.h" |
54 | 55 |
|
55 | 56 | /* Are we currently in WaitLatch? The signal handler would like to know. */ |
@@ -160,15 +161,7 @@ DisownLatch(volatile Latch *latch) |
160 | 161 | * |
161 | 162 | * Returns bit mask indicating which condition(s) caused the wake-up. Note |
162 | 163 | * that if multiple wake-up conditions are true, there is no guarantee that |
163 | | - * we return all of them in one call, but we will return at least one. Also, |
164 | | - * according to the select(2) man page on Linux, select(2) may spuriously |
165 | | - * return and report a file descriptor as readable, when it's not. We use |
166 | | - * select(2), so WaitLatch can also spuriously claim that a socket is |
167 | | - * readable, or postmaster has died, even when none of the wake conditions |
168 | | - * have been satisfied. That should be rare in practice, but the caller |
169 | | - * should not use the return value for anything critical, re-checking the |
170 | | - * situation with PostmasterIsAlive() or read() on a socket as necessary. |
171 | | - * The latch and timeout flag bits can be trusted, however. |
| 164 | + * we return all of them in one call, but we will return at least one. |
172 | 165 | */ |
173 | 166 | int |
174 | 167 | WaitLatch(volatile Latch *latch, int wakeEvents, long timeout) |
@@ -318,7 +311,17 @@ WaitLatchOrSocket(volatile Latch *latch, int wakeEvents, pgsocket sock, |
318 | 311 | if ((wakeEvents & WL_POSTMASTER_DEATH) && |
319 | 312 | (pfds[nfds - 1].revents & (POLLHUP | POLLIN | POLLERR | POLLNVAL))) |
320 | 313 | { |
321 | | - result |= WL_POSTMASTER_DEATH; |
| 314 | + /* |
| 315 | + * According to the select(2) man page on Linux, select(2) may |
| 316 | + * spuriously return and report a file descriptor as readable, |
| 317 | + * when it's not; and presumably so can poll(2). It's not clear |
| 318 | + * that the relevant cases would ever apply to the postmaster |
| 319 | + * pipe, but since the consequences of falsely returning |
| 320 | + * WL_POSTMASTER_DEATH could be pretty unpleasant, we take the |
| 321 | + * trouble to positively verify EOF with PostmasterIsAlive(). |
| 322 | + */ |
| 323 | + if (!PostmasterIsAlive()) |
| 324 | + result |= WL_POSTMASTER_DEATH; |
322 | 325 | } |
323 | 326 |
|
324 | 327 | #else /* !HAVE_POLL */ |
@@ -380,7 +383,17 @@ WaitLatchOrSocket(volatile Latch *latch, int wakeEvents, pgsocket sock, |
380 | 383 | if ((wakeEvents & WL_POSTMASTER_DEATH) && |
381 | 384 | FD_ISSET(postmaster_alive_fds[POSTMASTER_FD_WATCH], &input_mask)) |
382 | 385 | { |
383 | | - result |= WL_POSTMASTER_DEATH; |
| 386 | + /* |
| 387 | + * According to the select(2) man page on Linux, select(2) may |
| 388 | + * spuriously return and report a file descriptor as readable, |
| 389 | + * when it's not; and presumably so can poll(2). It's not clear |
| 390 | + * that the relevant cases would ever apply to the postmaster |
| 391 | + * pipe, but since the consequences of falsely returning |
| 392 | + * WL_POSTMASTER_DEATH could be pretty unpleasant, we take the |
| 393 | + * trouble to positively verify EOF with PostmasterIsAlive(). |
| 394 | + */ |
| 395 | + if (!PostmasterIsAlive()) |
| 396 | + result |= WL_POSTMASTER_DEATH; |
384 | 397 | } |
385 | 398 | #endif /* HAVE_POLL */ |
386 | 399 | } while (result == 0); |
|
0 commit comments