*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/postmaster/bgwriter.c,v 1.29 2006/10/06 17:13:59 petere Exp $
+ * $PostgreSQL: pgsql/src/backend/postmaster/bgwriter.c,v 1.30 2006/11/21 00:49:55 tgl Exp $
*
*-------------------------------------------------------------------------
*/
* corrupted, so we don't want to try to clean up our transaction. Just
* nail the windows shut and get out of town.
*
- * Note we do exit(1) not exit(0). This is to force the postmaster into a
+ * Note we do exit(2) not exit(0). This is to force the postmaster into a
* system reset cycle if some idiot DBA sends a manual SIGQUIT to a random
* backend. This is necessary precisely because we don't clean up our
* shared memory state.
*/
- exit(1);
+ exit(2);
}
/* SIGHUP: set flag to re-read config file at next convenient time */
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.501 2006/11/05 22:42:09 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.502 2006/11/21 00:49:55 tgl Exp $
*
* NOTES
*
#define StartupDataBase() StartChildProcess(BS_XLOG_STARTUP)
#define StartBackgroundWriter() StartChildProcess(BS_XLOG_BGWRITER)
+/* Macros to check exit status of a child process */
+#define EXIT_STATUS_0(st) ((st) == 0)
+#define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
+
/*
* Postmaster main entry point
if (StartupPID != 0 && pid == StartupPID)
{
StartupPID = 0;
- if (exitstatus != 0)
+ /* Note: FATAL exit of startup is treated as catastrophic */
+ if (!EXIT_STATUS_0(exitstatus))
{
LogChildExit(LOG, _("startup process"),
pid, exitstatus);
if (BgWriterPID != 0 && pid == BgWriterPID)
{
BgWriterPID = 0;
- if (exitstatus == 0 && Shutdown > NoShutdown && !FatalError &&
+ if (EXIT_STATUS_0(exitstatus) &&
+ Shutdown > NoShutdown && !FatalError &&
!DLGetHead(BackendList) && AutoVacPID == 0)
{
/*
}
/*
- * Any unexpected exit of the bgwriter is treated as a crash.
+ * Any unexpected exit of the bgwriter (including FATAL exit)
+ * is treated as a crash.
*/
HandleChildCrash(pid, exitstatus,
_("background writer process"));
}
/*
- * Was it the autovacuum process? Normal exit can be ignored; we'll
- * start a new one at the next iteration of the postmaster's main
- * loop, if necessary. An unexpected exit is treated as a crash.
+ * Was it the autovacuum process? Normal or FATAL exit can be
+ * ignored; we'll start a new one at the next iteration of the
+ * postmaster's main loop, if necessary. Any other exit condition
+ * is treated as a crash.
*/
if (AutoVacPID != 0 && pid == AutoVacPID)
{
AutoVacPID = 0;
autovac_stopped();
- if (exitstatus != 0)
+ if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
HandleChildCrash(pid, exitstatus,
_("autovacuum process"));
continue;
if (PgArchPID != 0 && pid == PgArchPID)
{
PgArchPID = 0;
- if (exitstatus != 0)
+ if (!EXIT_STATUS_0(exitstatus))
LogChildExit(LOG, _("archiver process"),
pid, exitstatus);
if (XLogArchivingActive() &&
if (PgStatPID != 0 && pid == PgStatPID)
{
PgStatPID = 0;
- if (exitstatus != 0)
+ if (!EXIT_STATUS_0(exitstatus))
LogChildExit(LOG, _("statistics collector process"),
pid, exitstatus);
if (StartupPID == 0 && !FatalError && Shutdown == NoShutdown)
SysLoggerPID = 0;
/* for safety's sake, launch new logger *first* */
SysLoggerPID = SysLogger_Start();
- if (exitstatus != 0)
+ if (!EXIT_STATUS_0(exitstatus))
LogChildExit(LOG, _("system logger process"),
pid, exitstatus);
continue;
LogChildExit(DEBUG2, _("server process"), pid, exitstatus);
/*
- * If a backend dies in an ugly way (i.e. exit status not 0) then we must
- * signal all other backends to quickdie. If exit status is zero we
- * assume everything is hunky dory and simply remove the backend from the
+ * If a backend dies in an ugly way then we must signal all other backends
+ * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
+ * assume everything is all right and simply remove the backend from the
* active backend list.
*/
- if (exitstatus != 0)
+ if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
{
HandleChildCrash(pid, exitstatus, _("server process"));
return;
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/tcop/postgres.c,v 1.516 2006/10/19 19:52:22 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/tcop/postgres.c,v 1.517 2006/11/21 00:49:55 tgl Exp $
*
* NOTES
* this is the "main" module of the postgres backend and
* corrupted, so we don't want to try to clean up our transaction. Just
* nail the windows shut and get out of town.
*
- * Note we do exit(1) not exit(0). This is to force the postmaster into a
+ * Note we do exit(2) not exit(0). This is to force the postmaster into a
* system reset cycle if some idiot DBA sends a manual SIGQUIT to a random
* backend. This is necessary precisely because we don't clean up our
* shared memory state.
*/
- exit(1);
+ exit(2);
}
/*
/*
* Timeout or shutdown signal from postmaster during client authentication.
- * Simply exit(0).
+ * Simply exit(1).
*
* XXX: possible future improvement: try to send a message indicating
* why we are disconnecting. Problem is to be sure we don't block while
void
authdie(SIGNAL_ARGS)
{
- exit(0);
+ exit(1);
}
/*
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/error/elog.c,v 1.175 2006/10/01 22:08:18 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/error/elog.c,v 1.176 2006/11/21 00:49:55 tgl Exp $
*
*-------------------------------------------------------------------------
*/
* fflush here is just to improve the odds that we get to see the
* error message, in case things are so hosed that proc_exit crashes.
* Any other code you might be tempted to add here should probably be
- * in an on_proc_exit callback instead.
+ * in an on_proc_exit or on_shmem_exit callback instead.
*/
fflush(stdout);
fflush(stderr);
/*
- * If proc_exit is already running, we exit with nonzero exit code to
- * indicate that something's pretty wrong. We also want to exit with
- * nonzero exit code if not running under the postmaster (for example,
- * if we are being run from the initdb script, we'd better return an
- * error status).
+ * Do normal process-exit cleanup, then return exit code 1 to indicate
+ * FATAL termination. The postmaster may or may not consider this
+ * worthy of panic, depending on which subprocess returns it.
*/
- proc_exit(proc_exit_inprogress || !IsUnderPostmaster);
+ proc_exit(1);
}
if (elevel >= PANIC)
{
/*
- * Serious crash time. Postmaster will observe nonzero process exit
+ * Serious crash time. Postmaster will observe SIGABRT process exit
* status and kill the other backends too.
*
* XXX: what if we are *in* the postmaster? abort() won't kill our
projects / postgresql / commitdiff