Fix bootstrap.c so that database startup process and bgwriter properly release

LWLocks during a panic exit.  This avoids the possible self-deadlock pointed
out by Qingqing Zhou.  Also, I noted that an error during LoadFreeSpaceMap()
or BuildFlatFiles() would result in exit(0) which would leave the postmaster
thinking all is well.  Added a critical section to ensure such errors don't
allow startup to proceed.

Backpatched to 8.1.  The 8.0 code is a bit different and I'm not sure if the
problem exists there; given we've not seen this reported from the field, I'm
going to be conservative about backpatching any further.

diff --git a/src/backend/bootstrap/bootstrap.c b/src/backend/bootstrap/bootstrap.c
index 5dfda5a427d48de7835286ecb5337299b578543c..bc60d533ae4f1213e3a64a49b1ea3da1bc62efc2 100644 (file)
--- a/src/backend/bootstrap/bootstrap.c
+++ b/src/backend/bootstrap/bootstrap.c
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/bootstrap/bootstrap.c,v 1.215 2006/05/10 23:18:39 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/bootstrap/bootstrap.c,v 1.216 2006/06/08 23:55:48 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -55,6 +55,7 @@ extern char *optarg;
 
 static void usage(void);
 static void bootstrap_signals(void);
+static void ShutdownDummyProcess(int code, Datum arg);
 static hashnode *AddStr(char *str, int strlength, int mderef);
 static Form_pg_attribute AllocateAttribute(void);
 static int     CompHash(char *str, int len);
@@ -395,6 +396,9 @@ BootstrapMain(int argc, char *argv[])
 
                /* finish setting up bufmgr.c */
                InitBufferPoolBackend();
+
+               /* register a shutdown callback for LWLock cleanup */
+               on_shmem_exit(ShutdownDummyProcess, 0);
        }
 
        /*
@@ -417,8 +421,14 @@ BootstrapMain(int argc, char *argv[])
                case BS_XLOG_STARTUP:
                        bootstrap_signals();
                        StartupXLOG();
+                       /*
+                        * These next two functions don't consider themselves critical,
+                        * but we'd best PANIC anyway if they fail.
+                        */
+                       START_CRIT_SECTION();
                        LoadFreeSpaceMap();
                        BuildFlatFiles(false);
+                       END_CRIT_SECTION();
                        proc_exit(0);           /* startup done */
 
                case BS_XLOG_BGWRITER:
@@ -552,6 +562,19 @@ bootstrap_signals(void)
        }
 }
 
+/*
+ * Begin shutdown of a dummy process.  This is approximately the equivalent
+ * of ShutdownPostgres() in postinit.c.  We can't run transactions in a
+ * dummy process, so most of the work of AbortTransaction() is not needed,
+ * but we do need to make sure we've released any LWLocks we are holding.
+ * (This is only critical during an error exit.)
+ */
+static void
+ShutdownDummyProcess(int code, Datum arg)
+{
+       LWLockReleaseAll();
+}
+
 /* ----------------
  *             error handling / abort routines
  * ----------------