/*
* Message status
*/
-static bool PqCommBusy;
-static bool DoingCopyOut;
+static bool PqCommBusy; /* busy sending data to the client */
+static bool PqCommReadingMsg; /* in the middle of reading a message */
+static bool DoingCopyOut; /* in old-protocol COPY OUT processing */
/* Internal functions */
PqSendBuffer = MemoryContextAlloc(TopMemoryContext, PqSendBufferSize);
PqSendPointer = PqSendStart = PqRecvPointer = PqRecvLength = 0;
PqCommBusy = false;
+ PqCommReadingMsg = false;
DoingCopyOut = false;
on_proc_exit(pq_close, 0);
}
int
pq_getbyte(void)
{
+ Assert(PqCommReadingMsg);
+
while (PqRecvPointer >= PqRecvLength)
{
if (pq_recvbuf()) /* If nothing in buffer, then recv some */
{
int r;
+ Assert(PqCommReadingMsg);
+
if (PqRecvPointer < PqRecvLength)
{
*c = PqRecvBuffer[PqRecvPointer++];
{
size_t amount;
+ Assert(PqCommReadingMsg);
+
while (len > 0)
{
while (PqRecvPointer >= PqRecvLength)
{
size_t amount;
+ Assert(PqCommReadingMsg);
+
while (len > 0)
{
while (PqRecvPointer >= PqRecvLength)
{
int i;
+ Assert(PqCommReadingMsg);
+
resetStringInfo(s);
/* Read until we get the terminating '\0' */
}
+/* --------------------------------
+ * pq_startmsgread - begin reading a message from the client.
+ *
+ * This must be called before any of the pq_get* functions.
+ * --------------------------------
+ */
+void
+pq_startmsgread(void)
+{
+ /*
+ * There shouldn't be a read active already, but let's check just to be
+ * sure.
+ */
+ if (PqCommReadingMsg)
+ ereport(FATAL,
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
+ errmsg("terminating connection because protocol sync was lost")));
+
+ PqCommReadingMsg = true;
+}
+
+
+/* --------------------------------
+ * pq_endmsgread - finish reading message.
+ *
+ * This must be called after reading a V2 protocol message with
+ * pq_getstring() and friends, to indicate that we have read the whole
+ * message. In V3 protocol, pq_getmessage() does this implicitly.
+ * --------------------------------
+ */
+void
+pq_endmsgread(void)
+{
+ Assert(PqCommReadingMsg);
+
+ PqCommReadingMsg = false;
+}
+
+/* --------------------------------
+ * pq_is_reading_msg - are we currently reading a message?
+ *
+ * This is used in error recovery at the outer idle loop to detect if we have
+ * lost protocol sync, and need to terminate the connection. pq_startmsgread()
+ * will check for that too, but it's nicer to detect it earlier.
+ * --------------------------------
+ */
+bool
+pq_is_reading_msg(void)
+{
+ return PqCommReadingMsg;
+}
+
/* --------------------------------
* pq_getmessage - get a message with length word from connection
*
{
int32 len;
+ Assert(PqCommReadingMsg);
+
resetStringInfo(s);
/* Read message length word */
ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("incomplete message from client")));
+
+ /* we discarded the rest of the message so we're back in sync. */
+ PqCommReadingMsg = false;
PG_RE_THROW();
}
PG_END_TRY();
s->data[len] = '\0';
}
+ /* finished reading the message. */
+ PqCommReadingMsg = false;
+
return 0;
}
/*
* Get message type code from the frontend.
*/
+ HOLD_CANCEL_INTERRUPTS();
+ pq_startmsgread();
qtype = pq_getbyte();
if (qtype == EOF) /* frontend disconnected */
{
/*
* Can't send DEBUG log messages to client at this
- * point.Since we're disconnecting right away, we
+ * point. Since we're disconnecting right away, we
* don't need to restore whereToSendOutput.
*/
whereToSendOutput = DestNone;
break;
case 'F': /* fastpath function call */
- /* we let fastpath.c cope with old-style input of this */
doing_extended_query_message = false;
+ if (PG_PROTOCOL_MAJOR(FrontendProtocol) < 3)
+ {
+ if (GetOldFunctionMessage(inBuf))
+ {
+ if (IsTransactionState())
+ ereport(COMMERROR,
+ (errcode(ERRCODE_CONNECTION_FAILURE),
+ errmsg("unexpected EOF on client connection with an open transaction")));
+ else
+ {
+ /*
+ * Can't send DEBUG log messages to client at this
+ * point. Since we're disconnecting right away, we
+ * don't need to restore whereToSendOutput.
+ */
+ whereToSendOutput = DestNone;
+ ereport(DEBUG1,
+ (errcode(ERRCODE_CONNECTION_DOES_NOT_EXIST),
+ errmsg("unexpected EOF on client connection")));
+ }
+ return EOF;
+ }
+ }
break;
case 'X': /* terminate */
if (pq_getmessage(inBuf, 0))
return EOF; /* suitable message already logged */
}
+ else
+ pq_endmsgread();
+ RESUME_CANCEL_INTERRUPTS();
return qtype;
}
EnableNotifyInterrupt();
EnableCatchupInterrupt();
- /* Allow cancel/die interrupts to be processed while waiting */
+ /* Allow die interrupts to be processed while waiting */
ImmediateInterruptOK = true;
/* And don't forget to detect one that already arrived */
ProcDiePending = true;
/*
- * If it's safe to interrupt, and we're waiting for input or a lock,
- * service the interrupt immediately
+ * If we're waiting for input or a lock so that it's safe to
+ * interrupt, service the interrupt immediately
*/
- if (ImmediateInterruptOK && InterruptHoldoffCount == 0 &&
- CritSectionCount == 0)
- {
- /* bump holdoff count to make ProcessInterrupts() a no-op */
- /* until we are done getting ready for it */
- InterruptHoldoffCount++;
- LockErrorCleanup(); /* prevent CheckDeadLock from running */
- DisableNotifyInterrupt();
- DisableCatchupInterrupt();
- InterruptHoldoffCount--;
+ if (ImmediateInterruptOK)
ProcessInterrupts();
- }
}
/* If we're still here, waken anything waiting on the process latch */
QueryCancelPending = true;
/*
- * If it's safe to interrupt, and we're waiting for input or a lock,
- * service the interrupt immediately
+ * If we're waiting for input or a lock so that it's safe to
+ * interrupt, service the interrupt immediately
*/
- if (ImmediateInterruptOK && InterruptHoldoffCount == 0 &&
- CritSectionCount == 0)
- {
- /* bump holdoff count to make ProcessInterrupts() a no-op */
- /* until we are done getting ready for it */
- InterruptHoldoffCount++;
- LockErrorCleanup(); /* prevent CheckDeadLock from running */
- DisableNotifyInterrupt();
- DisableCatchupInterrupt();
- InterruptHoldoffCount--;
+ if (ImmediateInterruptOK)
ProcessInterrupts();
- }
}
/* If we're still here, waken anything waiting on the process latch */
RecoveryConflictRetryable = false;
/*
- * If it's safe to interrupt, and we're waiting for input or a lock,
- * service the interrupt immediately
+ * If we're waiting for input or a lock so that it's safe to
+ * interrupt, service the interrupt immediately.
*/
- if (ImmediateInterruptOK && InterruptHoldoffCount == 0 &&
- CritSectionCount == 0)
- {
- /* bump holdoff count to make ProcessInterrupts() a no-op */
- /* until we are done getting ready for it */
- InterruptHoldoffCount++;
- LockErrorCleanup(); /* prevent CheckDeadLock from running */
- DisableNotifyInterrupt();
- DisableCatchupInterrupt();
- InterruptHoldoffCount--;
+ if (ImmediateInterruptOK)
ProcessInterrupts();
- }
}
/*
void
ProcessInterrupts(void)
{
- /* OK to accept interrupt now? */
+ /* OK to accept any interrupts now? */
if (InterruptHoldoffCount != 0 || CritSectionCount != 0)
return;
InterruptPending = false;
+
if (ProcDiePending)
{
ProcDiePending = false;
QueryCancelPending = false; /* ProcDie trumps QueryCancel */
ImmediateInterruptOK = false; /* not idle anymore */
+ LockErrorCleanup();
DisableNotifyInterrupt();
DisableCatchupInterrupt();
/* As in quickdie, don't risk sending to client during auth */
{
QueryCancelPending = false; /* lost connection trumps QueryCancel */
ImmediateInterruptOK = false; /* not idle anymore */
+ LockErrorCleanup();
DisableNotifyInterrupt();
DisableCatchupInterrupt();
/* don't send to client, we already know the connection to be dead. */
(errcode(ERRCODE_CONNECTION_FAILURE),
errmsg("connection to client lost")));
}
+
+ /*
+ * If a recovery conflict happens while we are waiting for input from the
+ * client, the client is presumably just sitting idle in a transaction,
+ * preventing recovery from making progress. Terminate the connection to
+ * dislodge it.
+ */
+ if (RecoveryConflictPending && DoingCommandRead)
+ {
+ QueryCancelPending = false; /* this trumps QueryCancel */
+ ImmediateInterruptOK = false; /* not idle anymore */
+ RecoveryConflictPending = false;
+ LockErrorCleanup();
+ DisableNotifyInterrupt();
+ DisableCatchupInterrupt();
+ pgstat_report_recovery_conflict(RecoveryConflictReason);
+ ereport(FATAL,
+ (errcode(ERRCODE_T_R_SERIALIZATION_FAILURE),
+ errmsg("terminating connection due to conflict with recovery"),
+ errdetail_recovery_conflict(),
+ errhint("In a moment you should be able to reconnect to the"
+ " database and repeat your command.")));
+ }
+
if (QueryCancelPending)
{
+ /*
+ * Don't allow query cancel interrupts while reading input from the
+ * client, because we might lose sync in the FE/BE protocol. (Die
+ * interrupts are OK, because we won't read any further messages from
+ * the client in that case.)
+ */
+ if (QueryCancelHoldoffCount != 0)
+ {
+ /*
+ * Re-arm InterruptPending so that we process the cancel request
+ * as soon as we're done reading the message.
+ */
+ InterruptPending = true;
+ return;
+ }
+
QueryCancelPending = false;
if (ClientAuthInProgress)
{
ImmediateInterruptOK = false; /* not idle anymore */
+ LockErrorCleanup();
DisableNotifyInterrupt();
DisableCatchupInterrupt();
/* As in quickdie, don't risk sending to client during auth */
if (cancel_from_timeout)
{
ImmediateInterruptOK = false; /* not idle anymore */
+ LockErrorCleanup();
DisableNotifyInterrupt();
DisableCatchupInterrupt();
ereport(ERROR,
if (IsAutoVacuumWorkerProcess())
{
ImmediateInterruptOK = false; /* not idle anymore */
+ LockErrorCleanup();
DisableNotifyInterrupt();
DisableCatchupInterrupt();
ereport(ERROR,
{
ImmediateInterruptOK = false; /* not idle anymore */
RecoveryConflictPending = false;
+ LockErrorCleanup();
DisableNotifyInterrupt();
DisableCatchupInterrupt();
pgstat_report_recovery_conflict(RecoveryConflictReason);
- if (DoingCommandRead)
- ereport(FATAL,
- (errcode(ERRCODE_T_R_SERIALIZATION_FAILURE),
- errmsg("terminating connection due to conflict with recovery"),
- errdetail_recovery_conflict(),
- errhint("In a moment you should be able to reconnect to the"
- " database and repeat your command.")));
- else
- ereport(ERROR,
- (errcode(ERRCODE_T_R_SERIALIZATION_FAILURE),
+ ereport(ERROR,
+ (errcode(ERRCODE_T_R_SERIALIZATION_FAILURE),
errmsg("canceling statement due to conflict with recovery"),
- errdetail_recovery_conflict()));
+ errdetail_recovery_conflict()));
}
/*
if (!DoingCommandRead)
{
ImmediateInterruptOK = false; /* not idle anymore */
+ LockErrorCleanup();
DisableNotifyInterrupt();
DisableCatchupInterrupt();
ereport(ERROR,
/* We don't have a transaction command open anymore */
xact_started = false;
+ /*
+ * If an error occurred while we were reading a message from the
+ * client, we have potentially lost track of where the previous
+ * message ends and the next one begins. Even though we have
+ * otherwise recovered from the error, we cannot safely read any more
+ * messages from the client, so there isn't much we can do with the
+ * connection anymore.
+ */
+ if (pq_is_reading_msg())
+ ereport(FATAL,
+ (errcode(ERRCODE_PROTOCOL_VIOLATION),
+ errmsg("terminating connection because protocol sync was lost")));
+
/* Now we can allow interrupts again */
RESUME_INTERRUPTS();
}
/*
* (4) disable async signal conditions again.
+ *
+ * Query cancel is supposed to be a no-op when there is no query in
+ * progress, so if a query cancel arrived while we were idle, just
+ * reset QueryCancelPending. ProcessInterrupts() has that effect when
+ * it's called when DoingCommandRead is set, so check for interrupts
+ * before resetting DoingCommandRead.
*/
+ CHECK_FOR_INTERRUPTS();
DoingCommandRead = false;
/*
projects / postgresql / commitdiff