From 6647248e3708843be93c7ca670cd219fe8e61026 Mon Sep 17 00:00:00 2001 From: Andres Freund Date: Tue, 3 Feb 2015 22:54:48 +0100 Subject: Don't allow immediate interrupts during authentication anymore. We used to handle authentication_timeout by setting ImmediateInterruptOK to true during large parts of the authentication phase of a new connection. While that happens to work acceptably in practice, it's not particularly nice and has ugly corner cases. Previous commits converted the FE/BE communication to use latches and implemented support for interrupt handling during both send/recv. Building on top of that work we can get rid of ImmediateInterruptOK during authentication, by immediately treating timeouts during authentication as a reason to die. As die interrupts are handled immediately during client communication that provides a sensibly quick reaction time to authentication timeout. Additionally add a few CHECK_FOR_INTERRUPTS() to some more complex authentication methods. More could be added, but this already should provides a reasonable coverage. While it this overall increases the maximum time till a timeout is reacted to, it greatly reduces complexity and increases reliability. That seems like a overall win. If the increase proves to be noticeable we can deal with those cases by moving to nonblocking network code and add interrupt checking there. Reviewed-By: Heikki Linnakangas --- src/backend/utils/init/postinit.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'src/backend/utils/init/postinit.c') diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index 983b237d7a1..66aa7ea61b6 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -1099,18 +1099,24 @@ ShutdownPostgres(int code, Datum arg) static void StatementTimeoutHandler(void) { + int sig = SIGINT; + + /* + * During authentication the timeout is used to deal with + * authentication_timeout - we want to quit in response to such timeouts. + */ + if (ClientAuthInProgress) + sig = SIGTERM; + #ifdef HAVE_SETSID /* try to signal whole process group */ - kill(-MyProcPid, SIGINT); + kill(-MyProcPid, sig); #endif - kill(MyProcPid, SIGINT); + kill(MyProcPid, sig); } /* * LOCK_TIMEOUT handler: trigger a query-cancel interrupt. - * - * This is identical to StatementTimeoutHandler, but since it's so short, - * we might as well keep the two functions separate for clarity. */ static void LockTimeoutHandler(void) -- cgit v1.2.3