Re: [HACKERS] possible self-deadlock window after badProcessStartupPacket
| От | Andres Freund |
|---|---|
| Тема | Re: [HACKERS] possible self-deadlock window after badProcessStartupPacket |
| Дата | |
| Msg-id | 20180719203645.vzj4yoi5kqmp3hdp@alap3.anarazel.de обсуждение исходный текст |
| Ответ на | Re: [HACKERS] possible self-deadlock window after bad ProcessStartupPacket (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Hi, On 2018-07-19 16:16:31 -0400, Tom Lane wrote: > Nico Williams <nico@cryptonector.com> writes: > > I dunno if it is or isn't helpful. But I do know that this must be done > > in an async-signal-safe way. > > I haven't actually heard a convincing reason why that's true. As per > the previous discussion, if we happen to service the SIGQUIT at an > unfortunate moment, we might get a deadlock or crash in the backend > process, and thereby fail to send the message. That crash could very well be exploitable. Corrupting internal management state is far from guaranteed to only deadlock or crash cleanly. > But we're no worse off in such cases than if we'd not tried to send it > at all. The only likely penalty is that, in the deadlock case, a few > seconds will elapse before the postmaster runs out of patience and > sends SIGKILL. Which for deterministic failover *IS* a problem. Greetings, Andres Freund
В списке pgsql-hackers по дате отправления: