granicus.if.org Git - postgresql/commit

author	Noah Misch <noah@leadboat.com>
	Sat, 13 Apr 2019 05:36:38 +0000 (22:36 -0700)
committer	Noah Misch <noah@leadboat.com>
	Sat, 13 Apr 2019 05:41:42 +0000 (22:41 -0700)
commit	c565de643167745c94ddeb0231c6de59ecf9da94
tree	36a3074c8ffd055fcf8ab501b079394e8f6b7cc1	tree \| snapshot
parent	67f6e645e7acf356abb1b914a1d8536708ec0f67	commit \| diff

Consistently test for in-use shared memory.

postmaster startup scrutinizes any shared memory segment recorded in
postmaster.pid, exiting if that segment matches the current data
directory and has an attached process.  When the postmaster.pid file was
missing, a starting postmaster used weaker checks.  Change to use the
same checks in both scenarios.  This increases the chance of a startup
failure, in lieu of data corruption, if the DBA does "kill -9 `head -n1
postmaster.pid` && rm postmaster.pid && pg_ctl -w start".  A postmaster
will no longer stop if shmat() of an old segment fails with EACCES.  A
postmaster will no longer recycle segments pertaining to other data
directories.  That's good for production, but it's bad for integration
tests that crash a postmaster and immediately delete its data directory.
Such a test now leaks a segment indefinitely.  No "make check-world"
test does that.  win32_shmem.c already avoided all these problems.  In
9.6 and later, enhance PostgresNode to facilitate testing.  Back-patch
to 9.4 (all supported versions).

Reviewed (in earlier versions) by Daniel Gustafsson and Kyotaro HORIGUCHI.

Discussion: https://postgr.es/m/20190408064141.GA2016666@rfd.leadboat.com

src/backend/port/sysv_shmem.c		diff \| blob \| history
src/backend/port/win32_shmem.c		diff \| blob \| history
src/backend/postmaster/postmaster.c		diff \| blob \| history
src/backend/storage/ipc/ipci.c		diff \| blob \| history
src/backend/utils/init/postinit.c		diff \| blob \| history
src/include/storage/ipc.h		diff \| blob \| history
src/include/storage/pg_shmem.h		diff \| blob \| history