Allow DSM allocation to be interrupted.

Chris Travers reported that the startup process can repeatedly try to
cancel a backend that is in a posix_fallocate()/EINTR loop and cause it
to loop forever.  Teach the retry loop to give up if an interrupt is
pending.  Don't actually check for interrupts in that loop though,
because a non-local exit would skip some clean-up code in the caller.

Back-patch to 9.4 where DSM was added (and posix_fallocate() was later
back-patched).

Author: Chris Travers
Reviewed-by: Ildar Musin, Murat Kabilov, Oleksii Kliukin
Tested-by: Oleksii Kliukin
Discussion: https://postgr.es/m/CAN-RpxB-oeZve_J3SM_6%3DHXPmvEG%3DHX%2B9V9pi8g2YR7YW0rBBg%40mail.gmail.com

diff --git a/src/backend/storage/ipc/dsm_impl.c b/src/backend/storage/ipc/dsm_impl.c
index 77e1bab54bef1723f3c11fe0f55fe8ff4a76926b..70f899e7658b34887745d8c8038e6d2b434ffd9a 100644 (file)
--- a/src/backend/storage/ipc/dsm_impl.c
+++ b/src/backend/storage/ipc/dsm_impl.c
@@ -47,6 +47,7 @@
  */
 
 #include "postgres.h"
+#include "miscadmin.h"
 
 #include <fcntl.h>
 #include <unistd.h>
@@ -330,6 +331,14 @@ dsm_impl_posix(dsm_op op, dsm_handle handle, Size request_size,
                        shm_unlink(name);
                errno = save_errno;
 
+               /*
+                * If we received a query cancel or termination signal, we will have
+                * EINTR set here.  If the caller said that errors are OK here, check
+                * for interrupts immediately.
+                */
+               if (errno == EINTR && elevel >= ERROR)
+                       CHECK_FOR_INTERRUPTS();
+
                ereport(elevel,
                                (errcode_for_dynamic_shared_memory(),
                                 errmsg("could not resize shared memory segment \"%s\" to %zu bytes: %m",
@@ -419,11 +428,15 @@ dsm_impl_posix_resize(int fd, off_t size)
 #if defined(HAVE_POSIX_FALLOCATE) && defined(__linux__)
        if (rc == 0)
        {
-               /* We may get interrupted, if so just retry. */
+               /*
+                * We may get interrupted.  If so, just retry unless there is an
+                * interrupt pending.  This avoids the possibility of looping forever
+                * if another backend is repeatedly trying to interrupt us.
+                */
                do
                {
                        rc = posix_fallocate(fd, 0, size);
-               } while (rc == EINTR);
+               } while (rc == EINTR && !(ProcDiePending || QueryCancelPending));
 
                /*
                 * The caller expects errno to be set, but posix_fallocate() doesn't