| From: | Amit Langote <amitlan(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix segfault from releasing locks in detached DSM segments |
| Date: | 2026-01-16 05:46:15 |
| Message-ID: | E1vgcf0-000kah-2O@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix segfault from releasing locks in detached DSM segments
If a FATAL error occurs while holding a lock in a DSM segment (such
as a dshash lock) and the process is not in a transaction, a
segmentation fault can occur during process exit.
The problem sequence is:
1. Process acquires a lock in a DSM segment (e.g., via dshash)
2. FATAL error occurs outside transaction context
3. proc_exit() begins, calling before_shmem_exit callbacks
4. dsm_backend_shutdown() detaches all DSM segments
5. Later, on_shmem_exit callbacks run
6. ProcKill() calls LWLockReleaseAll()
7. Segfault: the lock being released is in unmapped memory
This only manifests outside transaction contexts because
AbortTransaction() calls LWLockReleaseAll() during transaction
abort, releasing locks before DSM cleanup. Background workers and
other non-transactional code paths are vulnerable.
Fix by calling LWLockReleaseAll() unconditionally at the start of
shmem_exit(), before any callbacks run. Releasing locks before
callbacks prevents the segfault - locks must be released before
dsm_backend_shutdown() detaches their memory. This is safe because
after an error, held locks are protecting potentially inconsistent
data anyway, and callbacks can acquire fresh locks if needed.
Also add a comment noting that LWLockReleaseAll() must be safe to
call before LWLock initialization (which it is, since
num_held_lwlocks will be 0), plus an Assert for the post-condition.
This fix aligns with the original design intent from commit
001a573a2, which noted that backends must clean up shared memory
state (including releasing lwlocks) before unmapping dynamic shared
memory segments.
Reported-by: Rahila Syed <rahilasyed90(at)gmail(dot)com>
Author: Rahila Syed <rahilasyed90(at)gmail(dot)com>
Reviewed-by: Amit Langote <amitlangote09(at)gmail(dot)com>
Reviewed-by: Dilip Kumar <dilipbalaut(at)gmail(dot)com>
Reviewed-by: Andres Freund <andres(at)anarazel(dot)de>
Reviewed-by: Álvaro Herrera <alvherre(at)kurilemu(dot)de>
Discussion: https://postgr.es/m/CAH2L28uSvyiosL+kaic9249jRVoQiQF6JOnaCitKFq=xiFzX3g@mail.gmail.com
Backpatch-through: 14
Branch
------
REL_18_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/1943ceb38842ada55f13630f989c78184e82a397
Modified Files
--------------
src/backend/storage/ipc/ipc.c | 11 +++++++++--
src/backend/storage/lmgr/lwlock.c | 6 ++++++
2 files changed, 15 insertions(+), 2 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Langote | 2026-01-16 05:47:19 | Re: pgsql: Fix segfault from releasing locks in detached DSM segments |
| Previous Message | Amit Langote | 2026-01-16 05:46:11 | pgsql: Fix segfault from releasing locks in detached DSM segments |