Alvaro Herrera wrote:
> One problem with the patch is this (new code):
>
> bn = (Backend *) malloc(sizeof(Backend));
> ! if (bn)
> {
> ! bn->pid = StartAutoVacWorker();
> ! bn->is_autovacuum = true;
> ! /* we don't need a cancel key */
>
> ! if (bn->pid > 0)
> ! {
> ! /* FIXME -- unchecked memory allocation here */
> ! DLAddHead(BackendList, DLNewElem(bn));
>
>
> If the palloc() inside DLNewElem fails, we will fail to report a "fork
> failure" to the launcher. I am not sure how serious this is. One idea
> that came to mind was using a PG_TRY block, sending the signal in the
> CATCH block, and then rethrowing the exception. Is this acceptable?
I noticed another problem: the worker may fail during BaseInit() or
InitProcess(). This is not where most problems will be (that would be
later, in InitPostgres(), which is when the worker connects to a DB) but
still could cause a starvation problem, I think. Maybe the PG_TRY block
is called for in there, as well as the postmaster code.
--
Alvaro Herrera http://www.PlanetPostgreSQL.org/
"The ability to monopolize a planet is insignificant
next to the power of the source"
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
