Skip to content

Commit edb4d95

Browse files
anarazelanarazel
committed
jit: Do not try to shut down LLVM state in case of LLVM triggered errors.
If an allocation failed within LLVM it is not safe to call back into LLVM as LLVM is not generally safe against exceptions / stack-unwinding. Thus errors while in LLVM code are promoted to FATAL. However llvm_shutdown() did call back into LLVM even in such cases, while llvm_release_context() was careful not to do so. We cannot generally skip shutting down LLVM, as that can break profiling. But it's OK to do so if there was an error from within LLVM. Reported-By: Jelte Fennema <Jelte.Fennema@microsoft.com> Author: Andres Freund <andres@anarazel.de> Author: Justin Pryzby <pryzby@telsasoft.com> Discussion: https://postgr.es/m/AM5PR83MB0178C52CCA0A8DEA0207DC14F7FF9@AM5PR83MB0178.EURPRD83.prod.outlook.com Backpatch: 11-, where jit was introduced
1 parent 026ed8e commit edb4d95

File tree

3 files changed

+27
-2
lines changed

3 files changed

+27
-2
lines changed

src/backend/jit/llvm/llvmjit.c

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -172,8 +172,6 @@ llvm_release_context(JitContext *context)
172172
{
173173
LLVMJitContext *llvm_context = (LLVMJitContext *) context;
174174

175-
llvm_enter_fatal_on_oom();
176-
177175
/*
178176
* When this backend is exiting, don't clean up LLVM. As an error might
179177
* have occurred from within LLVM, we do not want to risk reentering. All
@@ -182,6 +180,8 @@ llvm_release_context(JitContext *context)
182180
if (proc_exit_inprogress)
183181
return;
184182

183+
llvm_enter_fatal_on_oom();
184+
185185
if (llvm_context->module)
186186
{
187187
LLVMDisposeModule(llvm_context->module);
@@ -885,6 +885,20 @@ llvm_session_initialize(void)
885885
static void
886886
llvm_shutdown(int code, Datum arg)
887887
{
888+
/*
889+
* If llvm_shutdown() is reached while in a fatal-on-oom section an error
890+
* has occurred in the middle of LLVM code. It is not safe to call back
891+
* into LLVM (which is why a FATAL error was thrown).
892+
*
893+
* We do need to shutdown LLVM in other shutdown cases, otherwise
894+
* e.g. profiling data won't be written out.
895+
*/
896+
if (llvm_in_fatal_on_oom())
897+
{
898+
Assert(proc_exit_inprogress);
899+
return;
900+
}
901+
888902
#if LLVM_VERSION_MAJOR > 11
889903
{
890904
if (llvm_opt3_orc)

src/backend/jit/llvm/llvmjit_error.cpp

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,16 @@ llvm_leave_fatal_on_oom(void)
8383
}
8484
}
8585

86+
/*
87+
* Are we currently in an fatal-on-oom section? Useful to skip cleanup in case
88+
* of errors.
89+
*/
90+
bool
91+
llvm_in_fatal_on_oom(void)
92+
{
93+
return fatal_new_handler_depth > 0;
94+
}
95+
8696
/*
8797
* Reset fatal error handling. This should only be called in error recovery
8898
* loops like PostgresMain()'s.

src/include/jit/llvmjit.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@ extern LLVMValueRef AttributeTemplate;
8484

8585
extern void llvm_enter_fatal_on_oom(void);
8686
extern void llvm_leave_fatal_on_oom(void);
87+
extern bool llvm_in_fatal_on_oom(void);
8788
extern void llvm_reset_after_error(void);
8889
extern void llvm_assert_in_fatal_section(void);
8990

0 commit comments

Comments
 (0)