"Qingqing Zhou" <zhouqq(at)cs(dot)toronto(dot)edu> writes: > Maybe I missed the point here: If we really run out of kernel resources, I > don't think we can do much even with named semaphores - because the resource > leaked may not belong to any Postgres processes and we can't clean them up.
It's certainly not our business to defend the kernel against misbehavior of other applications. But IMHO it *is* our business to defend against our own misbehavior. Postgres should not be the weakest link.
Note I am not saying there's anything wrong with the code you posted; based on discussion to date it seems to be solid. What I am taking issue with is the attitude you seem to have that it's not our problem if we leak resources. It is our problem.