Plug race in dsa_attach.

robertmhaas · robertmhaas · commit fddf45b38097 · 2017-03-29T09:48:39.000-04:00
With sufficiently bad luck, it was possible for a parallel worker to attempt attach to a DSA area after all other backends have detached from it, which is not legal. If the worker had waited a little longer to get started, the DSM itself would have been destroyed, which is why this wasn't noticed before. Thomas Munro, per a report from Andreas Seltenreich Discussion: http://postgr.es/m/87h92g83t3.fsf@credativ.de
diff --git a/src/backend/utils/mmgr/dsa.c b/src/backend/utils/mmgr/dsa.c
@@ -1314,6 +1314,13 @@ attach_internal(void *place, dsm_segment *segment, dsa_handle handle)
 
 	/* Bump the reference count. */
 	LWLockAcquire(DSA_AREA_LOCK(area), LW_EXCLUSIVE);
+	if (control->refcnt == 0)
+	{
+		/* We can't attach to a DSA area that has already been destroyed. */
+		ereport(ERROR,
+				(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
+				 errmsg("could not attach to dsa_area")));
+	}
 	++control->refcnt;
 	LWLockRelease(DSA_AREA_LOCK(area));
 
