diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2008-04-17 00:00:01 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2008-04-17 00:00:01 +0000 |
| commit | ce646d719246f03930da97bddf0065d868e1a02b (patch) | |
| tree | ad1c444958bcb183f1f01e3ef24ee345bcc3233e /src/include/utils/elog.h | |
| parent | 5132e34005b6db2fab7d1b777592d0fe38520f46 (diff) | |
Repair two places where SIGTERM exit could leave shared memory state
corrupted. (Neither is very important if SIGTERM is used to shut down the
whole database cluster together, but there's a problem if someone tries to
SIGTERM individual backends.) To do this, introduce new infrastructure
macros PG_ENSURE_ERROR_CLEANUP/PG_END_ENSURE_ERROR_CLEANUP that take care
of transiently pushing an on_shmem_exit cleanup hook. Also use this method
for createdb cleanup --- that wasn't a shared-memory-corruption problem,
but SIGTERM abort of createdb could leave orphaned files lying around.
Backpatch as far as 8.2. The shmem corruption cases don't exist in 8.1,
and the createdb usage doesn't seem important enough to risk backpatching
further.
Diffstat (limited to 'src/include/utils/elog.h')
| -rw-r--r-- | src/include/utils/elog.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/include/utils/elog.h b/src/include/utils/elog.h index 1cbc734d271..707bc5b2fda 100644 --- a/src/include/utils/elog.h +++ b/src/include/utils/elog.h @@ -7,7 +7,7 @@ * Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/utils/elog.h,v 1.82 2006/03/05 15:59:07 momjian Exp $ + * $PostgreSQL: pgsql/src/include/utils/elog.h,v 1.82.2.1 2008/04/17 00:00:01 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -196,6 +196,13 @@ extern DLLIMPORT ErrorContextCallback *error_context_stack; * of levels this will work for. It's best to keep the error recovery * section simple enough that it can't generate any new errors, at least * not before popping the error stack. + * + * Note: an ereport(FATAL) will not be caught by this construct; control will + * exit straight through proc_exit(). Therefore, do NOT put any cleanup + * of non-process-local resources into the error recovery section, at least + * not without taking thought for what will happen during ereport(FATAL). + * The PG_ENSURE_ERROR_CLEANUP macros provided by storage/ipc.h may be + * helpful in such cases. *---------- */ #define PG_TRY() \ |