Re: Rethinking placement of latch self-pipe initialization

On 7 October 2012 18:27, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Sean Chittenden recently reported that 9.2 can crash after logging
> "FATAL: pipe() failed" if the kernel is short of file descriptors:
> http://archives.postgresql.org/pgsql-general/2012-10/msg00202.php
>
> The only match to that error text is in initSelfPipe(). What I believe
> is happening is that InitProcess is calling OwnLatch which calls
> initSelfPipe, and the latter fails, and then the postmaster thinks that
> was a backend crash because we have armed the dead-man switch but not
> set up on_shmem_exit(ProcKill) which would disarm it.
>
> It's possible we could fix this by changing the order of operations
> in InitProcess and OwnLatch, but it'd be tricky, not least because
> ProcKill calls DisownLatch which asserts that OwnLatch was done.
>
> What I think would be a better idea is to fix things so that OwnLatch
> cannot fail except as a result of internal logic errors, by splitting
> out the acquisition of the self-pipe into a separate function named say
> InitializeLatchSupport. The question then becomes where to put the
> InitializeLatchSupport calls. My first thought is to put them near the
> signal-setup stanzas for the various processes (ie, the pqsignal calls)
> similarly to what we did recently for initialization of timeout support.
> However there might be a better idea.
>
> Comments?

We still have to consider how Postgres would operate without the
latches. I don't see that it can, so a shutdown seems appropriate. Is
the purpose of this just to allow a cleaner and more informative
shutdown? Or do you think we can avoid?

If we did move the init calls, would that alter things for code that
creates new used defined latches?

--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services