Jacob Champion <jchamp...@timescale.com> writes: > This is looking very good. One bigger comment:
>> + myextra = (int *) guc_malloc(ERROR, sizeof(int)); >> + *myextra = newlogconnect; > If I've understood Tom correctly in [1], both of these guc_mallocs > should be using a loglevel less than ERROR, to avoid forcing a > postmaster exit when out of memory. (I used WARNING in that thread > instead, which seemed to be acceptable.) Actually, preferred practice is as seen in e.g. check_datestyle: myextra = (int *) guc_malloc(LOG, 2 * sizeof(int)); if (!myextra) return false; myextra[0] = newDateStyle; myextra[1] = newDateOrder; *extra = (void *) myextra; which gives the guc.c functions an opportunity to manage the failure. A quick grep shows that there are existing check functions that did not get that memo, e.g. check_recovery_target_lsn. We ought to clean them up. This is, of course, not super important unless you're allocating something quite large; the odds of going OOM in the postmaster should be pretty small. regards, tom lane