Re: [PATCHES] fork/exec patch: CreateProcess calls for Win32
Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches I will try to apply it within the next 48 hours. --- Claudio Natoli wrote: For application to HEAD, pending community review. Drops in the CreateProcess calls for Win32 (essentially wrapping up the fork/exec portion of the port), and fixes a handful of whitespace issues (that no doubt I'm to blame for; my apologies) in the source base. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane wrote:
Jan Wieck [EMAIL PROTECTED] writes:
Something after 2003/11/20 enhanced the query cancel handling. Namely,
CVS tip now responds to a query cancel with a postmaster restart
canceling all queries. Could the fork/exec stuff be responsible for this?
Whoever changed this:
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
return 0;/* cancel request processed, or error */
to this:
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
{
ereport(LOG,
(errmsg(connection startup failed)));
proc_exit(status);
}
is responsible. May we have an explanation of the thought process,
if any?
Claudio specified the attached fix, which I have applied.
--
Bruce Momjian| http://candle.pha.pa.us
[EMAIL PROTECTED] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup.| Newtown Square, Pennsylvania 19073
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane wrote:
Jan Wieck [EMAIL PROTECTED] writes:
Something after 2003/11/20 enhanced the query cancel handling. Namely,
CVS tip now responds to a query cancel with a postmaster restart
canceling all queries. Could the fork/exec stuff be responsible for this?
Whoever changed this:
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
return 0;/* cancel request processed, or error */
to this:
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
{
ereport(LOG,
(errmsg(connection startup failed)));
proc_exit(status);
}
is responsible. May we have an explanation of the thought process,
if any?
Claudio specified the attached fix, which I have applied (this time).
--
Bruce Momjian| http://candle.pha.pa.us
[EMAIL PROTECTED] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup.| Newtown Square, Pennsylvania 19073
Index: src/backend/postmaster/postmaster.c
===
RCS file: /cvsroot/pgsql-server/src/backend/postmaster/postmaster.c,v
retrieving revision 1.355
diff -c -c -r1.355 postmaster.c
*** src/backend/postmaster/postmaster.c 7 Jan 2004 18:56:27 - 1.355
--- src/backend/postmaster/postmaster.c 9 Jan 2004 23:08:01 -
***
*** 2450,2456
{
ereport(LOG,
(errmsg(connection startup failed)));
! proc_exit(status);
}
/*
--- 2450,2456
{
ereport(LOG,
(errmsg(connection startup failed)));
! proc_exit(0);
}
/*
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Done and attached.
---
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
Claudio specified the attached fix, which I have applied (this time).
The ereport must vanish back into its black hole, also.
ProcessStartupPacket has already issued any appropriate log message.
*** 2450,2456
{
ereport(LOG,
(errmsg(connection startup failed)));
! proc_exit(status);
}
/*
--- 2450,2456
{
ereport(LOG,
(errmsg(connection startup failed)));
! proc_exit(0);
}
/*
regards, tom lane
--
Bruce Momjian| http://candle.pha.pa.us
[EMAIL PROTECTED] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup.| Newtown Square, Pennsylvania 19073
Index: src/backend/postmaster/postmaster.c
===
RCS file: /cvsroot/pgsql-server/src/backend/postmaster/postmaster.c,v
retrieving revision 1.356
diff -c -c -r1.356 postmaster.c
*** src/backend/postmaster/postmaster.c 9 Jan 2004 23:11:39 - 1.356
--- src/backend/postmaster/postmaster.c 9 Jan 2004 23:25:36 -
***
*** 2447,2457
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
- {
- ereport(LOG,
- (errmsg(connection startup failed)));
proc_exit(0);
- }
/*
* Now that we have the user and database name, we can set the process
--- 2447,2453
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli wrote: Something after 2003/11/20 enhanced the query cancel handling. Namely, CVS tip now responds to a query cancel with a postmaster restart canceling all queries. Could the fork/exec stuff be responsible for this? Jan Hi Bruce, Claudio, where are we on this patch? I see an even newer version in the archives: http://archives.postgresql.org/pgsql-patches/2003-12/msg00361.php [Weird you and Google groups missed it!] Anyway, Tom has looked at your newest patch and it looks good to him. I'm happy with the patch from the link above being committed if Tom has no more comments. Was only waiting for a final nod from him. Once it is in the source tree, give me a couple days and I'll fire off a patch with the actual CreateProcess calls... and then we are off into Win32 signal land [shudder]. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org -- #==# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #== [EMAIL PROTECTED] # ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Jan Wieck [EMAIL PROTECTED] writes:
Something after 2003/11/20 enhanced the query cancel handling. Namely,
CVS tip now responds to a query cancel with a postmaster restart
canceling all queries. Could the fork/exec stuff be responsible for this?
Whoever changed this:
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
return 0;/* cancel request processed, or error */
to this:
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
{
ereport(LOG,
(errmsg(connection startup failed)));
proc_exit(status);
}
is responsible. May we have an explanation of the thought process,
if any?
regards, tom lane
---(end of broadcast)---
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane wrote:
Jan Wieck [EMAIL PROTECTED] writes:
Something after 2003/11/20 enhanced the query cancel handling. Namely,
CVS tip now responds to a query cancel with a postmaster restart
canceling all queries. Could the fork/exec stuff be responsible for this?
Whoever changed this:
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
return 0;/* cancel request processed, or error */
to this:
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
{
ereport(LOG,
(errmsg(connection startup failed)));
proc_exit(status);
}
is responsible. May we have an explanation of the thought process,
if any?
My guess is that this used to proc_exit the postgres backend, but now
proc_exits the postmaster, but that is only a guess.
--
Bruce Momjian| http://candle.pha.pa.us
[EMAIL PROTECTED] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup.| Newtown Square, Pennsylvania 19073
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: My guess is that this used to proc_exit the postgres backend, but now proc_exits the postmaster, but that is only a guess. No. This is post-fork (and had better remain so). The change causes the sub-postmaster that has just finished handling a cancel request to exit with nonzero status, which the postmaster then interprets (correctly) as a child process crash. BTW, how are we going to do cancels in Windows-land? The sub-postmaster isn't gonna have access to the postmaster's list of child PIDs and cancel keys ... I think the postmaster will have access to the cancel key and pid. It should work similar to Unix. However, I do have a win32 TODO item on test cancel key, so we will not forget about it. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: My guess is that this used to proc_exit the postgres backend, but now proc_exits the postmaster, but that is only a guess. No. This is post-fork (and had better remain so). The change causes the sub-postmaster that has just finished handling a cancel request to exit with nonzero status, which the postmaster then interprets (correctly) as a child process crash. BTW, how are we going to do cancels in Windows-land? The sub-postmaster isn't gonna have access to the postmaster's list of child PIDs and cancel keys ... When you say sub-postmaster, you mean we fork, then process the cancel request? Seems we might need special handling in there, yea. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Whoever changed this: My fault. Thanks for the catch Jan. proc_exit(status); Should be proc_exit(0). My apologies, Claudio PS. I take it there is no regression test for this. Would this be a difficult one to knock up? --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Bruce Momjian [EMAIL PROTECTED] writes: When you say sub-postmaster, you mean we fork, then process the cancel request? Seems we might need special handling in there, yea. We fork before we even read the request. Otherwise an attacker can trivially lock up the postmaster by sending a partial startup packet. I've just noticed another serious bit of breakage in CVS tip (though this might be fixed by Claudio's pending patch that reverts a lot of the code rearrangements). There is a reason why the 7.4 code does on_exit_reset *immediately* after fork(), and it's not acceptable to rearrange the code so that that happens at some random later time. Otherwise, any problem in between leads to the child process executing the postmaster's on_exit routines, with such pleasant side effects as destroying the shmem segment. For similar reasons, you don't get to postpone setting IsUnderPostmaster true --- elog pays attention to the value of that flag, and will do the wrong thing if called in a child process that doesn't yet have it set. regards, tom lane ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane wrote: I've just noticed another serious bit of breakage in CVS tip (though this might be fixed by Claudio's pending patch that reverts a lot of the code rearrangements). It's already been applied. Your push in the SubPostmaster direction was really useful; a lot cleaner, and fixed things that I wasn't even familiar enough with the code to know were broken. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli wrote: The only things I've thought of so far are: a) sticking the PID/cancel key list in shared mem [yeech] b) rearranging the entire cancel handling to occur in the postmaster [double yeech] (a) seems like the lesser of the available evils (unless someone has a bright idea for a plan C). Bruce Momjian [EMAIL PROTECTED] writes: I think we need to move in the direction of a separate fork/exec-only shared memory segment that holds the pids and cancel keys for all the backends. That doesn't seem worth the trouble. I'd be inclined to just stick the cancel keys in the PGPROC structures (I believe the PIDs are already in there). The original motivation for keeping them only in postmaster local memory was to keep backend A's cancel key away from the prying eyes of backend B, but is there really any security added? Anyone who can inspect PGPROC hardly needs to know the cancel key --- he can just issue a SIGINT (or worse) directly to the target backend. regards, tom lane ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane wrote: Claudio Natoli wrote: The only things I've thought of so far are: a) sticking the PID/cancel key list in shared mem [yeech] b) rearranging the entire cancel handling to occur in the postmaster [double yeech] (a) seems like the lesser of the available evils (unless someone has a bright idea for a plan C). Bruce Momjian [EMAIL PROTECTED] writes: I think we need to move in the direction of a separate fork/exec-only shared memory segment that holds the pids and cancel keys for all the backends. That doesn't seem worth the trouble. I'd be inclined to just stick the cancel keys in the PGPROC structures (I believe the PIDs are already in there). The original motivation for keeping them only in postmaster local memory was to keep backend A's cancel key away from the prying eyes of backend B, but is there really any security added? Anyone who can inspect PGPROC hardly needs to know the cancel key --- he can just issue a SIGINT (or worse) directly to the target backend. Agreed. I was going for a separate one just to be paranoid. This will only be done for exec(), so I don't see a problem for normal Unix use anyway. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Bruce Momjian wrote: Tom Lane wrote: Claudio Natoli wrote: The only things I've thought of so far are: a) sticking the PID/cancel key list in shared mem [yeech] b) rearranging the entire cancel handling to occur in the postmaster [double yeech] (a) seems like the lesser of the available evils (unless someone has a bright idea for a plan C). Bruce Momjian [EMAIL PROTECTED] writes: I think we need to move in the direction of a separate fork/exec-only shared memory segment that holds the pids and cancel keys for all the backends. That doesn't seem worth the trouble. I'd be inclined to just stick the cancel keys in the PGPROC structures (I believe the PIDs are already in there). The original motivation for keeping them only in postmaster local memory was to keep backend A's cancel key away from the prying eyes of backend B, but is there really any security added? Anyone who can inspect PGPROC hardly needs to know the cancel key --- he can just issue a SIGINT (or worse) directly to the target backend. Agreed. I was going for a separate one just to be paranoid. This will only be done for exec(), so I don't see a problem for normal Unix use anyway. It doesn't hurt to keep the locations and code as much in sync as possible. I think Tom's idea to move the information into the PGPROC entry is the winner and does not need any OS specific handling. Jan -- #==# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #== [EMAIL PROTECTED] # ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Jan Wieck [EMAIL PROTECTED] writes: It doesn't hurt to keep the locations and code as much in sync as possible. I think Tom's idea to move the information into the PGPROC entry is the winner and does not need any OS specific handling. Actually, on further reflection a separate array to store PIDs and cancel keys is probably a better idea. If we put this stuff in PGPROC then the postmaster will need to be able to obtain the ProcStructLock (or whatever it's called this week) in order to examine/modify that data structure. That gets us into the usual concerns about backend bugs locking up the postmaster, etc. But if it's a separate array then we can just have the rule that no one but the postmaster gets to write in it. I still think it's unnecessary to make a separate shmem segment for it, though. regards, tom lane ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane writes: Actually, on further reflection a separate array to store PIDs and cancel keys is probably a better idea. [snip] I still think it's unnecessary to make a separate shmem segment for it, though. Why is that? Don't we need the backends to have access to it to do a cancel request? I think I've missed something here... Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli wrote: Tom Lane writes: Actually, on further reflection a separate array to store PIDs and cancel keys is probably a better idea. [snip] I still think it's unnecessary to make a separate shmem segment for it, though. Why is that? Don't we need the backends to have access to it to do a cancel request? I think I've missed something here... I think they are saying put the cancel key inside the existing shared memory segment. I don't know when we actually attach to the main shared memory sigment in the child, but it would have to be sooner than when we need the cancel key. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
I think they are saying put the cancel key inside the existing shared memory segment. Ok. Thanks. I don't know when we actually attach to the main shared memory sigment in the child, but it would have to be sooner than when we need the cancel key. Yes. Currently, it happens too late. I'll put my hand up to have a go at this fixing this (and getting processCancelRequest to work under Win32/EXEC_BACKEND at the same time), if no one else particularly cares to. Just to be clear, this would involve turning the BackendList dlllist into an array in shared memory, right? If so, a couple of questions: - what is a suitably large size for this array (2 * MaxBackends, ala canAcceptConnections?) - the postmaster makes all calls referencing this list, with the exception of processCancelRequest, correct? So, as Tom was alluding to, no locking is required (or desired!), and we'll just need to be careful not to introduce a race condition into processCancelRequest. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Bruce Momjian wrote: Claudio Natoli wrote: Tom Lane writes: Actually, on further reflection a separate array to store PIDs and cancel keys is probably a better idea. [snip] I still think it's unnecessary to make a separate shmem segment for it, though. Why is that? Don't we need the backends to have access to it to do a cancel request? I think I've missed something here... I think they are saying put the cancel key inside the existing shared memory segment. I don't know when we actually attach to the main shared memory sigment in the child, but it would have to be sooner than when we need the cancel key. I said move it into the PGPROC structure. And keep the pid in both, the PGPROC structure and postmaster local memory. The backend attaches to the shared memory during AttachSharedMemoryAndSemaphores() ... where else? Jan -- #==# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #== [EMAIL PROTECTED] # ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli wrote:
I think they are saying put the cancel key inside the existing shared
memory segment.
Ok. Thanks.
I don't know when we actually attach to the main shared
memory sigment in the child, but it would have to be sooner than when we
need the cancel key.
Yes. Currently, it happens too late.
I'll put my hand up to have a go at this fixing this (and getting
processCancelRequest to work under Win32/EXEC_BACKEND at the same time), if
no one else particularly cares to.
Just to be clear, this would involve turning the BackendList dlllist into an
array in shared memory, right? If so, a couple of questions:
- what is a suitably large size for this array (2 * MaxBackends, ala
canAcceptConnections?)
- the postmaster makes all calls referencing this list, with the exception
of processCancelRequest, correct? So, as Tom was alluding to, no locking is
required (or desired!), and we'll just need to be careful not to introduce a
race condition into processCancelRequest.
I assumed a much simpler solution. I thought we would just have:
struct {
pid_t pid;
int cancel_key;
} PidCancel[maxbackend];
in shared memory and we would just sequentially scan looking for a pid
match? Is that wrong?
--
Bruce Momjian| http://candle.pha.pa.us
[EMAIL PROTECTED] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup.| Newtown Square, Pennsylvania 19073
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli [EMAIL PROTECTED] writes: Just to be clear, this would involve turning the BackendList dlllist into an array in shared memory, right? If so, a couple of questions: Per Jan's comment, there is no need to mess with the existing datastructure. I'd think more of *copying* the dllist into some array in shared memory. This is code that would only need to exist in the Windows port. - the postmaster makes all calls referencing this list, with the exception of processCancelRequest, correct? The postmaster writes the array (and really would have no need to read it). Sub-postmasters would need to read the array, either to check an incoming cancel request or to get the current-session key value to pass back to the client. I don't think that PostgresMain or any subsidiary routine would ever need to touch it. regards, tom lane ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Bruce Momjian [EMAIL PROTECTED] writes: Uh, why would you need more than maxbackends? Can't it be indexed by slot number --- each backend has a slot? Maybe I am missing something. The postmaster has no way to know what slot number each backend will get. For that matter, a sub-postmaster doesn't know yet either. I think the simplest way to make this work is to use an array that's 2*MaxBackend items long (corresponding to the max number of children the postmaster will fork). Establish the convention that unused entries are zero. Then: 1. On forking a child, the postmaster scans the array for a free (zero) slot, and stashes the cancel key and PID there (in that order). 2. On receiving a child-termination report, the postmaster scans the array for the corresponding entry, and zeroes it out (PID first). (Obviously these algorithms could be improved if they turn out to be bottlenecks, but for the first cut KISS is applicable.) 3. To find or check a cencel key, a sub-postmaster scans the array looking for the desired PID (either its own, or the one it got from an incoming cancel request message). There is a potential race condition if a sub-postmaster scans the array before the postmaster has been able to store its PID there. I think it is sufficient for the sub-postmaster to sleep a few milliseconds and try again if it can't find its own PID in the array. There is no race condition possible for the ProcessCancelRequest case --- the sub-postmaster that spawned an active backend must have found its entry before it could have sent the cancel key to the client, so any valid cancel request from a client must reference an already-existing entry in the array. regards, tom lane ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane: Per Jan's comment, there is no need to mess with the existing datastructure. I'd think more of *copying* the dllist into some array in shared memory. This is code that would only need to exist in the Windows port. (I thought Jan was referring to the PGPROC struct) This just seems a little odd to me. I mean, they are going to be basically identical (they'll even use the same struct!). Also, let's get back to why we want this: to handle processCancelRequest in the Win32 case. If this array is in Windows only, then we'll obviously need two implementations of the processCancelRequest logic. Or I'm missing something... Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Tom Lane wrote: I think the simplest way to make this work is to use an array that's 2*MaxBackend items long (corresponding to the max number of children the postmaster will fork). Actually, now that I think about it, is even that big enough. There is a reason BackendList is a list. In pathological situations, the postmaster could be made to fork a much larger number than 2*MaxBackend simultaneous children, although only this many will be allowed to become backends. (I guess we could check the port-canAcceptConnections value, and not add the backend to the array when == CAC_TOOMANY). There is no race condition possible for the ProcessCancelRequest case --- the sub-postmaster that spawned an active backend must have found its entry before it could have sent the cancel key to the client, so any valid cancel request from a client must reference an already-existing entry in the array. Make sense. Great. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli wrote: Tom Lane: Per Jan's comment, there is no need to mess with the existing datastructure. I'd think more of *copying* the dllist into some array in shared memory. This is code that would only need to exist in the Windows port. (I thought Jan was referring to the PGPROC struct) This just seems a little odd to me. I mean, they are going to be basically identical (they'll even use the same struct!). Seems you should use an array of struct bkend or Backend as storage in shared memory. I think the problem with Dllist is that it is dynamically allocated and I don't see how that could be done cleanly in shared memory. I think that's why the array idea seems best. Also, let's get back to why we want this: to handle processCancelRequest in the Win32 case. If this array is in Windows only, then we'll obviously need two implementations of the processCancelRequest logic. Or I'm missing something... Looking up they key would have to be different for fork and fork/exec. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli [EMAIL PROTECTED] writes: Tom Lane wrote: I think the simplest way to make this work is to use an array that's 2*MaxBackend items long (corresponding to the max number of children the postmaster will fork). Actually, now that I think about it, is even that big enough. There is a reason BackendList is a list. In pathological situations, the postmaster could be made to fork a much larger number than 2*MaxBackend simultaneous children, although only this many will be allowed to become backends. (I guess we could check the port-canAcceptConnections value, and not add the backend to the array when == CAC_TOOMANY). Probably we could rearrange the logic to test for too-many-children before we even do the fork. It'd be a little uglier that way, but not out of the question. regards, tom lane ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio, where are we on this patch? I see an even newer version in the archives: http://archives.postgresql.org/pgsql-patches/2003-12/msg00361.php However, I have never seen that version, and Google doesn't show it either: http://groups.google.com/groups?hl=enlr=ie=UTF-8c2coff=1group=comp.databases.postgresql.patches Anyway, Tom has looked at your newest patch and it looks good to him. These are all marked not for application so we will just wait for you to finalize it. --- Claudio Natoli wrote: [patch edited + resubmitted for review; not for committing] Hi Tom, figuring that, on balance, you are in fact going to prefer to take a potential future hit in duplicated work (in passing context in the fork/exec case) over moving the client auth code to PostgresMain, I've just gone ahead and made a patch that implements your BackendFork ideas... Please let me know: * if the changes to the BackendFork / SubPostmasterMain logic are more or less what you envisaged, and if you are content with them [Note: we can also roll BackendInit back into BackendFork, making BackendFork (now BackendRun?) pretty much exactly as it was before the fork/exec changes began] * if you are content with the above, whether or not you think I ought to do the same for the SSDataBase logic. I'm hoping for a negative, as the #ifdef logic is not as convoluted as that originally presented in BackendFork (ie. to me, it looks like overkill in this case), but anticipating otherwise :-) Also: * are you ok with the pgstat changes (I'm guessing yes, as you haven't mentioned them, and since these changes are pretty similar to what you suggested for BackendFork) Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli wrote: Hi Bruce, Claudio, where are we on this patch? I see an even newer version in the archives: http://archives.postgresql.org/pgsql-patches/2003-12/msg00361.php [Weird you and Google groups missed it!] No, seems only _I_ missed it. The google display for groups: http://groups.google.com/groups?hl=enlr=ie=UTF-8group=comp.databases.postgresql.patches Doesn't show individual messages but lists threads, _and_ it shows the date of the last message in the thread, rather than the first. That's how I missed it. How I missed it my mailbox, I have no idea. Sorry. Anyway, Tom has looked at your newest patch and it looks good to him. I'm happy with the patch from the link above being committed if Tom has no more comments. Was only waiting for a final nod from him. Thanks. Applied. Once it is in the source tree, give me a couple days and I'll fire off a patch with the actual CreateProcess calls... and then we are off into Win32 signal land [shudder]. Great. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches I will try to apply it within the next 48 hours. --- Claudio Natoli wrote: [patch edited + resubmitted for review; not for committing] Hi Tom, figuring that, on balance, you are in fact going to prefer to take a potential future hit in duplicated work (in passing context in the fork/exec case) over moving the client auth code to PostgresMain, I've just gone ahead and made a patch that implements your BackendFork ideas... Please let me know: * if the changes to the BackendFork / SubPostmasterMain logic are more or less what you envisaged, and if you are content with them [Note: we can also roll BackendInit back into BackendFork, making BackendFork (now BackendRun?) pretty much exactly as it was before the fork/exec changes began] * if you are content with the above, whether or not you think I ought to do the same for the SSDataBase logic. I'm hoping for a negative, as the #ifdef logic is not as convoluted as that originally presented in BackendFork (ie. to me, it looks like overkill in this case), but anticipating otherwise :-) Also: * are you ok with the pgstat changes (I'm guessing yes, as you haven't mentioned them, and since these changes are pretty similar to what you suggested for BackendFork) Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
[minor corrections (some duplication in arg passing); still under discussion/review] Cheers, Claudio -Original Message- From: Claudio Natoli [mailto:[EMAIL PROTECTED] Sent: Saturday, 27 December 2003 9:27 PM To: 'Tom Lane' Cc: '[EMAIL PROTECTED]' Subject: Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization [patch edited + resubmitted for review; not for committing] Hi Tom, figuring that, on balance, you are in fact going to prefer to take a potential future hit in duplicated work (in passing context in the fork/exec case) over moving the client auth code to PostgresMain, I've just gone ahead and made a patch that implements your BackendFork ideas... Please let me know: * if the changes to the BackendFork / SubPostmasterMain logic are more or less what you envisaged, and if you are content with them [Note: we can also roll BackendInit back into BackendFork, making BackendFork (now BackendRun?) pretty much exactly as it was before the fork/exec changes began] * if you are content with the above, whether or not you think I ought to do the same for the SSDataBase logic. I'm hoping for a negative, as the #ifdef logic is not as convoluted as that originally presented in BackendFork (ie. to me, it looks like overkill in this case), but anticipating otherwise :-) Also: * are you ok with the pgstat changes (I'm guessing yes, as you haven't mentioned them, and since these changes are pretty similar to what you suggested for BackendFork) Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.me metrics.com/em ailpolicy.html/a --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a diff5c3.out Description: Binary data ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli [EMAIL PROTECTED] writes: I don't follow your thinking here. The information that has to be reloaded *must* be passed across the fork/exec boundary in either case. Yes. But not all of it. I'll throw that same argument back at you: some of the information needed for PostgresMain's command line is available to the postmaster. But not all of it. Therefore we have to change things around. I'm proposing solving this by introducing a new layer of code that's essentially separate from the non-fork-exec case. Your solution seems much messier, and it doesn't have any redeeming social value (that I can see) to justify the mess. How about things like, for instance, canAcceptConnections(). To make this call successfully in a fork/exec'd child would take a bit of work. And your point is what? As long as you grant that the fork must occur before we begin talking to the client, this information will have to be passed down somehow (offhand, a command-line argument for the result of canAcceptConnections() seems fairly reasonable). Obscuring the division between sub-postmaster code and PostgresMain isn't going to save you from that. What I was suggesting with b) was to format up the command line for the items prefixed by * in the postmaster, do the fork (or fork/exec), and then run the authentication in, say PostgresMain. (Note: this is essentially what the fork/exec case currently does). Yeah, I noticed. If I'd been paying more attention, the already-applied patch wouldn't have gotten in either, because it already has created what I consider an unacceptable amount of coupling between PostgresMain and the sub-postmaster code. If it's still like that when the dust settles then I will go in and change it myself. PostgresMain has no business doing *any* of the stuff that is currently #ifdef EXEC_BACKEND in postgres.c. It should certainly not be running authentication, and I see no reason for it to be messing with restoring state that should have been inherited from the postmaster. That just creates fragility and order-of-operations dependency. As an example, it doesn't seem like a good idea to me that reloading postmaster GUC variables happens after scanning of PostgresMain command line options, because the option processing both uses and sets GUC values. It is not hard to point out three or four bugs associated with that alone, including security violations (since we don't know at this point whether the user is a superuser and thus don't know what he's allowed to set). In general, PostgresMain assumes it is started with the inherited environment already set up, and I don't see a good argument for changing that. Now, what I think you are suggesting (correct me if I'm wrong), is that we should pass along whatever we need to in order to be able to setup the fork/exec'd process to run BackendFork more or less unchanged. I don't mind making localized changes like passing in the result of canAcceptConnections, but by and large, yes: I want to run BackendFork pretty much as-is. I see no strong reason to do differently, and I am convinced that we will spend the next six months ferreting out startup bugs if we make wholesale revisions in the order in which things are done. regards, tom lane ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli [EMAIL PROTECTED] writes: This has required some reworking of the existing code base, particularly to BackendFork (which now actually does the fork()). As such, I've been anticipating that this will be the most controversial of the fork/exec patches, so critique away :-) You haven't explained why that's necessary. Given the fact that this patch seems to hugely complicate the postmaster logic --- not so much either path individually, but the messy #ifdef interleaving of two radically different programs --- I am inclined to reject it on style grounds alone. We should either find a way to make the fork/exec path more like the existing code, or bite the bullet and change them both. Doing it the way you have here will create an unmaintainable mess. I'm not prepared to work on a postmaster in which a step as basic as fork() happens in two different places depending on an #ifdef. If you want to change them both, let's first see the reason why it's necessary. regards, tom lane ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
I said: We should either find a way to make the fork/exec path more like the existing code, or bite the bullet and change them both. It occurs to me that you probably need some concrete suggestions about what to do. Here's one. There are really three separate sections in this code: the postmaster (which no longer does much except fork off a subprocess on receipt of a new connection), the sub-postmaster which does client authentication, and the backend. Historical note: formerly the sub-postmaster actions were done in the parent postmaster process, with a sort of poor man's threading logic to allow the postmaster to interleave multiple client authentication operations. We had to change that because various libraries like SSL, PAM, and Kerberos weren't amenable to pseudo-threading. It is worth maintaining a clean distinction between sub-postmaster and backend because when we launch a standalone backend, we don't want the sub-postmaster part of the code. The command line syntax accepted by PostgresMain() is largely designed for the convenience of the standalone backend case, with a couple of simple hacks for the under-postmaster case. Now it seems to me that a lot of the mess in your latest patch comes from trying to set up the backend command string before you've forked, and therefore before you've done any of the sub-postmaster actions. That's not gonna work. What I'd suggest is adding a new entry point from main.c, say SubPostmasterMain(), with its own command line syntax. Perhaps postmaster -fork ... additional args ... (where -fork is what cues main.c where to dispatch to, and the additional args are just those that need to be passed from the postmaster to the sub-postmaster, without any of the additional information that will be learned by the sub-postmaster during client authentication.) In the Windows case the postmaster would fork/exec to this routine, which would re-load as much of the postmaster context as was needed and then call BackendFork (which we really oughta rename to something else). BackendFork would execute the client auth process and then simply call PostgresMain with a correctly constructed argument list. In the Unix case we don't bother compiling SubPostmasterMain, we just fork and go straight to BackendFork as the code does now. In essence, this design makes SubPostmasterMain responsible for emulating Unix-style fork(), ie, fork without loss of static variable contents. It would need to reload as many variables as we needed. I think this is a cleaner approach since it creates a layer of code which is simply there in one case and not there in the other, rather than making arbitrary changes in the layers above and below depending on #ifdefs. regards, tom lane ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Thanks for your comments Tom. Tom Lane writes: Claudio Natoli [EMAIL PROTECTED] writes: This has required some reworking of the existing code base, particularly to BackendFork (which now actually does the fork()). As such, I've been anticipating that this will be the most controversial of the fork/exec patches, so critique away :-) You haven't explained why that's necessary. Given the fact that this patch seems to hugely complicate the postmaster logic --- not so much either path individually, but the messy #ifdef interleaving of two radically different programs --- I am inclined to reject it on style grounds alone. I have to agree, as I wasn't particularly happy with the BackendFork section of this patch. You didn't really seem to comment on the pgstat changes, which were much cleaner, so perhaps (like me) you were happier with these changes. So, could you give me an indication as to whether or not making changes to the BackendFork logic as done for the pgstat logic (specifically, replacing fork() call with a new, argument marshalling routine to do fork/exec) would be more acceptable? The reason I avoided this in the BackendFork case was, predominantly, code duplication. Creating a new BackendForkExec would, I think, result in a lot of similarity between the two routines. [yes, BackendFork is poorly named, although I'd still think of moving the fork() call into BackendFork anyway, thereby justifying its name. But, much more importantly, for symmetry with the code format that will inevitably arise in the fork/exec case; see below] We should either find a way to make the fork/exec path more like the existing code, or bite the bullet and change them both. Doing it the way you have here will create an unmaintainable mess. I'm not prepared to work on a postmaster in which a step as basic as fork() happens in two different places depending on an #ifdef. [unmaintainable mess: yeah, I had the exact same thought when I'd finished. No one's ever going to be able to rework this properly.] I'm afraid that, short of removing all SubPostmaster actions from BackendFork, the need to do fork in two different places (at least, physically, if not logically different) will remain. After fork/exec'ing, the child process can't recover the context needed to create the argument list which it'll need to build up the PostgresMain arg list. So, in summary, I see two solutions: a) do something similar to BackendFork as done for pgstat, specifically: - move the fork call into BackendFork - create a fork/exec equivalent to BackendFork - #ifdef the call to the appropriate function in BackendStartup PRO: child is forked in the same logical place CON: possible duplication in code between BackendFork + BackendForkExec b) delay the fork() call to the end of BackendFork in both fork/exec and normal cases, turning it into solely an argument formatter for PostgresMain - move BackendInit, port-cmdline_options parsing + MemoryContext calls into PostgresMain PRO: forking in same (physical) location in code; no duplication CON: additional complexity at the start of PostgresMain to avoid these calls in stand-alone backend case Which is the lesser of two evils? FWIW, I prefer the latter, as it makes the normal + fork/exec cases effectively identical, for a little added complexity to PostgresMain. There's also the alternative you outlined, but I think it is less workable than the above options: Now it seems to me that a lot of the mess in your latest patch comes from trying to set up the backend command string before you've forked, and therefore before you've done any of the sub-postmaster actions. That's not gonna work. I agree that this is where the mess comes from, but I think this (setting up backend command string before fork) is *exactly* what needs to occur in the fork/exec case (leading into the Win32 CreateProcess calls). If we want this code to work in the Win32 case, we basically can't do any processing between the fork + exec calls, and I think recovering all the context to do the command string marshalling post fork/exec is untenable. What I'd suggest is adding a new entry point from main.c, say SubPostmasterMain(), with its own command line syntax. Perhaps postmaster -fork ... additional args ... (where -fork is what cues main.c where to dispatch to, and the additional args are just those that need to be passed from the postmaster to the sub-postmaster, without any of the additional information that will be learned by the sub-postmaster during client authentication.) In the Windows case the postmaster would fork/exec to this routine, which would re-load as much of the postmaster context as was needed and then call BackendFork (which we really oughta rename to something else). BackendFork would execute the client auth process and then simply call PostgresMain with a correctly constructed argument list. Here's the critical
Re: [PATCHES] fork/exec patch: pre-CreateProcess finalization
Claudio Natoli [EMAIL PROTECTED] writes: Ok. So, in conclusion we are in agreement on at least one thing: the current patch sucks. Good, I'm glad we see eye to eye on that ;-) Here's the critical difference in our thinking: ISTM that we'll have to go to a lot of work to get the fork/exec case to re-load the context required to format up the argument list to PostgresMain. Certainly, it is a lot more work than allowing the postmaster itself (not the forked child) to create the argument list, albeit moving auth to PostgresMain. I don't follow your thinking here. The information that has to be reloaded *must* be passed across the fork/exec boundary in either case. For example, there is no alternative to telling the backend process where PGDATA is: it's got to be passed down some way or another. The Unix implementation assumes it can just inherit the value of a static variable, while the Windows version will have to do something else. I take no position here on whether we pass it as a command line item, or through a temporary file, or whatever: it has to be passed down. The reason your patch is messy is that the PostgresMain command line string involves both information passed down from the postmaster and information acquired from the client's connection-request packet. We could consider redesigning that command line behavior, but we don't really want to since it would impact the standalone-backend case. So I'm proposing substituting two levels of command-line processing within the exec'd backend process. The first level is responsible for transferring information inherited from the postmaster (which we are going to have to do *anyway*, somewhere, and this provides a nice localized place to do it) and then the second level is fully compatible with the standalone-backend case and the Unix-fork case. I'm afraid that, short of removing all SubPostmaster actions from BackendFork, the need to do fork in two different places (at least, physically, if not logically different) will remain. I am not by any means saying that the fork() call has to stay exactly where it is in the existing code. We clearly want to refactor things so that fork() is close to the invocation of FooMain() (or equivalently exec() in the Windows case). I think it's a historical artifact that these steps got separated in the existing code base. After fork/exec'ing, the child process can't recover the context needed to create the argument list which it'll need to build up the PostgresMain arg list. If that's literally true, then we are screwed because things cannot work. Pardon me for doubting this statement. All that information *must* be available in the child, once it has analyzed the information it must be able to collect from the postmaster and performed the client authentication handshake. So, in summary, I see two solutions: I still think there's a third answer: create an intermediate layer that's responsible for recovering the information that has to be inherited from the parent process. I don't say this requires zero rearrangement of existing code, I just say it's a more maintainable design than either of the alternatives you suggest. In particular, this alternative is quite unworkable: b) delay the fork() call to the end of BackendFork in both fork/exec and normal cases, turning it into solely an argument formatter for PostgresMain We can *not* postpone the fork() until after client authentication. That loses all of the work that's been done since circa 7.1 to eliminate cases where the postmaster gets blocked waiting for a single client to respond. SSL, PAM, and I think Kerberos all create denial-of-service risks if we do that. I believe most of what you are presently struggling with revolves around the fact that the fork() got pushed up to happen before client authentication, while the interface to PostgresMain didn't change. I do not want to alter either of those decisions, however. What we need is to provide an alternative exec-able interface that encapsulates the processing that now occurs between these steps. regards, tom lane ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch: pgstat + BootstrapMain
Patch applied. Thanks. --- Claudio Natoli wrote: For application to HEAD, pending community review. Continued rearrangement to permit pgstat + BootstrapMain processes to be fork/exec'd, in the same mode as the previous patch for backends. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [PATCHES] fork/exec patch
Patch applied. Thanks. I had a little trouble patching shmem.c but got it fixed. --- Claudio Natoli wrote: Resubmission, incorporating Neil Conway's comments and some minor corrections. -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED] Sent: Wednesday, 17 December 2003 11:12 AM To: Claudio Natoli Cc: '[EMAIL PROTECTED]' Subject: Re: [PATCHES] fork/exec patch Patch withdrawn. Author will resubmit new version. -- - Claudio Natoli wrote: This patch is the next step towards (re)allowing fork/exec. Bruce, I've cleaned up the parts we discussed, and, pending objections from anyone else, it is ready for application to HEAD. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.me metrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED] -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] fork/exec patch
Claudio Natoli wrote: [Thought I replied to this already] I am now thinking we have to remove pgsql/data/pgsql_tmp unconditionally: [snip] The reason is that if they stop a postmaster that is fork/exec, install a non-exec postmaster, and restart, we should still clear out that directory. I guess what i am saying is that I don't want to tie the directory format to the exec() case of the binary. Could do. On the other hand, it is a directory for a small number (usually zero) of tmp files. More pertitently, is *anyone* even going to use fork/exec? Whilst there is no reason (yet) why someone couldn't, other than for development, why would anyone want to? I've only really been seeing it as a stepping stone to pushing the Win32 port out... Agreed. Forget my idea. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [PATCHES] fork/exec patch
Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches I will try to apply it within the next 48 hours. --- Claudio Natoli wrote: Resubmission, incorporating Neil Conway's comments and some minor corrections. -Original Message- From: Bruce Momjian [mailto:[EMAIL PROTECTED] Sent: Wednesday, 17 December 2003 11:12 AM To: Claudio Natoli Cc: '[EMAIL PROTECTED]' Subject: Re: [PATCHES] fork/exec patch Patch withdrawn. Author will resubmit new version. -- - Claudio Natoli wrote: This patch is the next step towards (re)allowing fork/exec. Bruce, I've cleaned up the parts we discussed, and, pending objections from anyone else, it is ready for application to HEAD. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.me metrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED] -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch
[Thanks to Tom + Bruce]
For the remaining comments...
The number of FIXME or This is ugly comments doesn't ease my mind
about this patch :-) How many of these issues do you plan to resolve?
All of them, as we go along. Treat this as a first step.
- break;
case 'd': /* debug level
*/
{
Why was this change made? If you actually intend to fall through the
case here, please make it clear via a comment.
I can't believe that got through! It is an editing mistake, pure and simple.
Thank you for catching it. [bashes head against wall]
+ #define get_tmp_backend_var_file_name(buf,id) \
+ Assert(DataDir);\
+ sprintf((buf), \
+ %s/%s/%s.backend_var.%d, \
+ DataDir,\
+ PG_TEMP_FILES_DIR, \
+ PG_TEMP_FILE_PREFIX,\
+ (id))
This macro needs to be enclosed in a do {} while (0) block. Also,
what does the var in the name of this macro refer to?
var refers to variable. Will add a do while block in a following patch.
+ #define get_tmp_backend_var_dir(buf)\
+ sprintf((buf),%s/%s,DataDir,PG_TEMP_FILES_DIR)
This seems a little pointless, IMHO.
True.
+ static void
[snip]
ereport(FATAL) seems too strong, doesn't it?
Possibly.
+ read_var(LWLockArray,fp);
+ read_var(ProcStructLock,fp);
+ read_var(pgStatSock,fp);
+
+ /* Release file */
+ FreeFile(fp);
+ unlink(filename);
You should probably check the return value of unlink().
No. This isn't necessary (and what action would it take in any case?). If it
doesn't unlink the file, tough. A backend crash could also leave these files
on the disk. Like the other pgtmp files they'll get cleaned up on postmaster
restart.
(circa line 335 of ipc/shmem.c:)
[snip]
Doesn't this function still acquire ShmemIndexLock? (i.e. why was this
comment changed?)
AFAICS this is just whitespace differences.
With the exception of that missing break (Bruce, I guess it goes without
saying, but could you please remove that line from the patch before
applying... and again Thank you Neil), these are stylistic/cosmetic and
effect the EXEC_BACKEND code only.
Would a follow-up patch to correct these, along with the next step of the
fork/exec changes, be acceptable?
Cheers,
Claudio
---
Certain disclaimers and policies apply to all email sent from Memetrics.
For the full text of these disclaimers and policies see
a
href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em
ailpolicy.html/a
---(end of broadcast)---
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
Re: [PATCHES] fork/exec patch
Tom Lane [EMAIL PROTECTED] writes: That one I can answer --- it's a bootstrapping issue: we can't use LWLocks until we have a PGProc (*MyProc), and we can't set that up without looking in the ShmemIndex for the related data structures. So ShmemIndex needs to use a more primitive lock type. Fair enough. My next question would have been to ask whether switching to a spinlock here will be a performance problem. In looking at the code, it seems we only hold the ShmemIndexLock for a long time (hundreds of instructions multiple system calls) while bootstrapping the shmem index hash table itself. Otherwise, the lock is acquired and released quickly, and even then it is only done during backend initialization, so there shouldn't be much contention for it. Is this analysis correct? I don't want to make these things public, because we don't really want any other modules accessing them. I agree, both ways are non-optimal for different reasons. Can anyone else see a better way to do this? -Neil ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] fork/exec patch
Hi Neil, No. This isn't necessary (and what action would it take in any case?). It should write a log message. I'm not sure why this /shouldn't/ be done: if an operation fails, we should log that failure. This is standard practise. Fair enough. Will do (although, I'd point out that there are more than a few places in the existing code where unlink is called without error checking, but that isn't justification for not doing it here). Doesn't this function still acquire ShmemIndexLock? (i.e. why was this comment changed?) AFAICS this is just whitespace differences. Read it again. Here's the whole diff hunk: [snip] The code acquires ShmemIndexLock, performs some computations, and then notes that ShmemLock is held in a comment before returning. ISTM that is plainly wrong. [I did, again. Twice just now. And still didn't see what you were trying to point out. And then...] Ah. Yep. Typo. Will fix (I was experimenting with using the ShmemLock, instead of creating a new ShmemIndexLock, and forgot to change the comment back). [ the only other suggested changes are ] stylistic/cosmetic and effect the EXEC_BACKEND code only. Yeah, my apologies for nitpicking... Not at all. I want this done well. Thank you for any input. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [PATCHES] fork/exec patch
Neil Conway [EMAIL PROTECTED] writes: My next question would have been to ask whether switching to a spinlock here will be a performance problem. In looking at the code, it seems we only hold the ShmemIndexLock for a long time (hundreds of instructions multiple system calls) while bootstrapping the shmem index hash table itself. Otherwise, the lock is acquired and released quickly, and even then it is only done during backend initialization, so there shouldn't be much contention for it. Is this analysis correct? Yes, at least that was the theory I was working from when I suggested Claudio do it this way ... regards, tom lane ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [PATCHES] fork/exec patch
Claudio Natoli wrote: (circa line 335 of ipc/shmem.c:) [snip] Doesn't this function still acquire ShmemIndexLock? (i.e. why was this comment changed?) AFAICS this is just whitespace differences. With the exception of that missing break (Bruce, I guess it goes without saying, but could you please remove that line from the patch before applying... and again Thank you Neil), these are stylistic/cosmetic and effect the EXEC_BACKEND code only. Would a follow-up patch to correct these, along with the next step of the fork/exec changes, be acceptable? Claudio, let's go for a new version of the patch so everyone can see that is being applied. Thanks. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [PATCHES] fork/exec patch
Patch withdrawn. Author will resubmit new version. --- Claudio Natoli wrote: This patch is the next step towards (re)allowing fork/exec. Bruce, I've cleaned up the parts we discussed, and, pending objections from anyone else, it is ready for application to HEAD. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch
Claudio Natoli wrote:
Resubmission, incorporating Neil Conway's comments and some minor
corrections.
I am now thinking we have to remove pgsql/data/pgsql_tmp
unconditionally:
***
*** 1217,1224
{
while ((db_de = readdir(db_dir)) != NULL)
{
! if (strcmp(db_de-d_name, .) == 0 ||
! strcmp(db_de-d_name, ..) == 0)
continue;
snprintf(temp_path, sizeof(temp_path),
--- 1212,1223
{
while ((db_de = readdir(db_dir)) != NULL)
{
! if (strcmp(db_de-d_name, .) == 0
! #ifndef EXEC_BACKEND
! /* no PG_TEMP_FILES_DIR in DataDir in non EXEC_BACKEND
case */
! || strcmp(db_de-d_name, ..) == 0
! #endif
! )
continue;
The reason is that if they stop a postmaster that is fork/exec, install
a non-exec postmaster, and restart, we should still clear out that
directory. I guess what i am saying is that I don't want to tie the
directory format to the exec() case of the binary.
--
Bruce Momjian| http://candle.pha.pa.us
[EMAIL PROTECTED] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup.| Newtown Square, Pennsylvania 19073
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch
Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches I will try to apply it within the next 48 hours. --- Claudio Natoli wrote: This patch is the next step towards (re)allowing fork/exec. Bruce, I've cleaned up the parts we discussed, and, pending objections from anyone else, it is ready for application to HEAD. Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a [ Attachment, skipping... ] ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [PATCHES] fork/exec patch
Claudio Natoli [EMAIL PROTECTED] writes:
This patch is the next step towards (re)allowing fork/exec.
I've included a few comments on the patch below. Unfortunately I only
had time to briefly look over the code...
Why did you change ShmemIndexLock from an LWLock to a spinlock?
The number of FIXME or This is ugly comments doesn't ease my mind
about this patch :-) How many of these issues do you plan to resolve?
Index: src/backend/tcop/postgres.c
===
RCS file: /projects/cvsroot/pgsql-server/src/backend/tcop/postgres.c,v
retrieving revision 1.379
diff -c -w -r1.379 postgres.c
*** src/backend/tcop/postgres.c 1 Dec 2003 22:15:37 - 1.379
--- src/backend/tcop/postgres.c 13 Dec 2003 06:18:44 -
***
*** 2133,2139
case 'D': /* PGDATA directory */
if (secure)
potential_DataDir = optarg;
- break;
case 'd': /* debug level */
{
Why was this change made? If you actually intend to fall through the
case here, please make it clear via a comment.
+ /*
+ * The following need to be available to the read/write_backend_variables
+ * functions
+ */
+ extern XLogRecPtr RedoRecPtr;
+ extern XLogwrtResult LogwrtResult;
+ extern slock_t *ShmemLock;
+ extern slock_t *ShmemIndexLock;
+ extern void *ShmemIndexAlloc;
+ typedef struct LWLock LWLock;
+ extern LWLock *LWLockArray;
+ extern slock_t *ProcStructLock;
+ extern intpgStatSock;
I wonder whether it is cleaner to make these properly public, rather
than using the NON_EXEC_STATIC #ifdef... (I'm not necessarily saying
it is, I'm just tossing it out there).
+ #define get_tmp_backend_var_file_name(buf,id) \
+ Assert(DataDir);\
+ sprintf((buf), \
+ %s/%s/%s.backend_var.%d, \
+ DataDir,\
+ PG_TEMP_FILES_DIR, \
+ PG_TEMP_FILE_PREFIX,\
+ (id))
This macro needs to be enclosed in a do {} while (0) block. Also,
what does the var in the name of this macro refer to?
+ #define get_tmp_backend_var_dir(buf) \
+ sprintf((buf),%s/%s,DataDir,PG_TEMP_FILES_DIR)
This seems a little pointless, IMHO.
+ static void
+ write_backend_variables(pid_t pid, Port *port)
+ {
+ charfilename[MAXPGPATH];
+ FILE*fp;
+ get_tmp_backend_var_file_name(filename,pid);
+
+ /* Open file */
+ fp = AllocateFile(filename, PG_BINARY_W);
+ if (!fp)
+ {
+ /* As per OpenTemporaryFile... */
+ char dirname[MAXPGPATH];
+ get_tmp_backend_var_dir(dirname);
+ mkdir(dirname, S_IRWXU);
+
+ fp = AllocateFile(filename, PG_BINARY_W);
+ if (!fp)
+ {
+ ereport(FATAL,
+ (errcode_for_file_access(),
+ errmsg(could not write to file \%s\: %m,
filename)));
+ return;
+ }
+ }
ereport(FATAL) seems too strong, doesn't it?
+ read_var(LWLockArray,fp);
+ read_var(ProcStructLock,fp);
+ read_var(pgStatSock,fp);
+
+ /* Release file */
+ FreeFile(fp);
+ unlink(filename);
You should probably check the return value of unlink().
(circa line 335 of ipc/shmem.c:)
/*
* If the shmem index doesn't exist, we are bootstrapping: we
must
* be trying to init the shmem index itself.
*
!* Notice that the ShmemLock is held until the shmem index has
* been completely initialized.
*/
Doesn't this function still acquire ShmemIndexLock? (i.e. why was this
comment changed?)
-Neil
---(end of broadcast)---
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
Re: [PATCHES] fork/exec patch
Neil Conway wrote: + /* + * The following need to be available to the read/write_backend_variables + * functions + */ + extern XLogRecPtr RedoRecPtr; + extern XLogwrtResult LogwrtResult; + extern slock_t *ShmemLock; + extern slock_t *ShmemIndexLock; + extern void *ShmemIndexAlloc; + typedef struct LWLock LWLock; + extern LWLock *LWLockArray; + extern slock_t *ProcStructLock; + extern int pgStatSock; I wonder whether it is cleaner to make these properly public, rather than using the NON_EXEC_STATIC #ifdef... (I'm not necessarily saying it is, I'm just tossing it out there). This was my idea. Rather than making statics as globals, they are global only for exec() builds. This seemed safest. They need to be extern for exec() because we need to reference them in a function that writes all the postmaster globals to a file. We could have had a write function in every C file that needed it and call the write function from postmaster.c, but that seems like too much bloat. If we make them extern in all builds we lose the safety of a static. Your other comments are good and I will wait for Claudio to respond. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [PATCHES] fork/exec patch
Bruce Momjian [EMAIL PROTECTED] writes: Let me add that Claudio is doing a fantastic job on this. The changes are minimal and clean. I think the writing of a per-backend temp file has allowed this patch to be smaller than it might have been. Did we REALLY conclude that the best way to work around the lack of fork() on Win32 is by writing variables out to disk and reading them back in? Frankly, that seems like an enormous kludge. For example, couldn't we write this data into a particular location in shared memory, and then pass that location to the child? That is still ugly, slow, and prone to failure (shmem being statically sized), but ISTM that the proposed implementation already possesses those attributes :-) (/me goes off to re-read the archives on this issue...) -Neil ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] fork/exec patch
Bruce Momjian [EMAIL PROTECTED] writes: I don't think we ever discussed it, but it seemed logical and a minimal change to the code. We already have a GUC write of non-default values for exec and no one had issues with that. For the record, I think that is ugly as well :-) Anyway, I'm not necessarily arguing that using shmem is the right way to go here -- that was merely an off-the-cuff suggestion. I'm just saying that whatever solution we end up with, ISTM we can do better than writing out + reading in a file for /every/ new connection. -Neil ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [PATCHES] fork/exec patch
On Sun, 14 Dec 2003, Bruce Momjian wrote: change to the code. We already have a GUC write of non-default values for exec and no one had issues with that. Of course, this one is per-backend. Yea, we could use shared memory for this too, but I don't see a problem with using the file system. Why not use an anonymous pipe to send data from the parent to the child process? That is a common way to handle this problem in win32 (and in unix by the way). The parent sets up the pipe and the child process inherits the handle, and after that the child and parent can excange information in private. -- /Dennis ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [PATCHES] fork/exec patch
Dennis Bjorklund wrote: On Sun, 14 Dec 2003, Bruce Momjian wrote: change to the code. We already have a GUC write of non-default values for exec and no one had issues with that. Of course, this one is per-backend. Yea, we could use shared memory for this too, but I don't see a problem with using the file system. Why not use an anonymous pipe to send data from the parent to the child process? That is a common way to handle this problem in win32 (and in unix by the way). The parent sets up the pipe and the child process inherits the handle, and after that the child and parent can excange information in private. Doesn't that require the postmaster to stay around to feed that information into the pipe or can the postmaster just shove the data and continue on, and how do the old pipes get cleaned up? Seems messy. Also has to work on Unix too for testing. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] fork/exec patch
On Sun, 14 Dec 2003, Bruce Momjian wrote: Why not use an anonymous pipe to send data from the parent to the child process? Doesn't that require the postmaster to stay around to feed that information into the pipe or can the postmaster just shove the data and continue on, and how do the old pipes get cleaned up? I think that one can just output the data and close that end of the pipe. But i've not looked at win32 the last 5 years or so, I could be wrong. Seems messy. Maybe, but to me the solution where you write to files are much more ugly. If one does not like pipes, there are other ipc mechanisms that does not involve creating, reading and deleting a file on each connect. Does windows have a temp filesystem where the temp files are not actually written out on disk? It's still ugly but better then hitting a disk all the time. Also has to work on Unix too for testing. Everything can not work in unix, CreateProcess() and fork() are different. However, the pipe solution can be mimiced in unix, but it will not be the same code since the api's are different. So that does not give much. -- /Dennis ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster
Re: [PATCHES] fork/exec patch
Hi all, Dennis Bjorklund wrote: Also has to work on Unix too for testing. Everything can not work in unix, CreateProcess() and fork() are different. True (but CreateProcess and fork followed by exec are pretty close). I think what Bruce is implying is that, ideally, we'd like to keep things as close as possible between Unix fork/exec and Windows code bases, so that: * it remains possible to advance the Windows port under a *nix dev environment and * should (when!) issues arise in the Windows implementation, it will be easier to identify and debug Neil Conway wrote: For example, couldn't we write this data into a particular location in shared memory, and then pass that location to the child? That is still ugly, slow, and prone to failure (shmem being statically sized), but ISTM that the proposed implementation already possesses those attributes :-) I agree that this is a better implementation. Bruce, do we implement this now, or just hold it as something to revisit down the track? I'm all for leaving it as is. Moreover, in general, how do we handle things like this? IMHO, I'd rather live with a few kludges (that don't impact the *nix code) until the Windows port is actually a reality, and then reiterate (having the discussions as we go along, however, is necessary). Perhaps adding a TO_REVISIT section to your Win32 Status Report page? Or do people have strong leanings towards fix as you go along? Just feels like that way could see us getting bogged down making things perfect instead of advancing the port... Comments? Cheers, Claudio --- Certain disclaimers and policies apply to all email sent from Memetrics. For the full text of these disclaimers and policies see a href=http://www.memetrics.com/emailpolicy.html;http://www.memetrics.com/em ailpolicy.html/a ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [PATCHES] fork/exec patch
On Mon, 15 Dec 2003, Claudio Natoli wrote: Moreover, in general, how do we handle things like this? IMHO, I'd rather live with a few kludges (that don't impact the *nix code) until the Windows port is actually a reality As long as it does not hurt the unix code it's not a big problem as I see it. The usual open source solution is that since no one else writes the code, you can do it the way you think works the best. To change this in the future does not mean that everything else has to be rewritten which is good. It does also not mean that one can not discuss the implementation. A fair amount of discussion is always good. -- /Dennis ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [PATCHES] fork/exec patch
Bruce Momjian [EMAIL PROTECTED] writes: I don't think we ever discussed it, but it seemed logical and a minimal change to the code. We already have a GUC write of non-default values for exec and no one had issues with that. You can hardly claim that no one had issues with that. I complained about it and I think other people did too. It's a messy, ugly approach; moreover we have no field experience that says it's reliable. It may be the least messy, ugly approach available, but I concur with Neil's wish to at least look for other answers. regards, tom lane ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch
Alvaro Herrera [EMAIL PROTECTED] writes: On Sun, Dec 14, 2003 at 06:53:22PM -0500, Tom Lane wrote: You can hardly claim that no one had issues with that. Don't the FSM and the system catalog cache use a similar mechanism? FSM uses a backing file to hold information over a database shutdown (write once during shutdown, read once during startup). That's a little different from once per backend fork. Also, there are no race conditions to worry about, and finally the system does not *require* the backing file to be either present or correct. The catalog cache uses a file that typically gets updated once per VACUUM. Again, the file does not have to be present, nor correct. There are mechanisms in place to deal with the cases (including race conditions) where it's broken or obsolete. I have not looked at the proposed fork/exec code in any detail, but IIUC it will be *necessary* that the intermediate file be present, and correct. I think a minimum requirement for accepting this solution is a sketch of how race conditions will be dealt with (ie, postmaster changes its own value of some variable immediately after making the temp file). I don't necessarily say that the first-cut patch has to get it right, but we'd better understand how we will get to where it is right. regards, tom lane ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] fork/exec patch
Claudio Natoli wrote: For example, couldn't we write this data into a particular location in shared memory, and then pass that location to the child? That is still ugly, slow, and prone to failure (shmem being statically sized), but ISTM that the proposed implementation already possesses those attributes :-) I agree that this is a better implementation. Bruce, do we implement this now, or just hold it as something to revisit down the track? I'm all for leaving it as is. Moreover, in general, how do we handle things like this? IMHO, I'd rather live with a few kludges (that don't impact the *nix code) until the Windows port is actually a reality, and then reiterate (having the discussions as we go along, however, is necessary). Perhaps adding a TO_REVISIT section to your Win32 Status Report page? Or do people have strong leanings towards fix as you go along? Just feels like that way could see us getting bogged down making things perfect instead of advancing the port... Let's get it working first. I have added an item to the Win32 status page so we will not forget it. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [PATCHES] fork/exec patch
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: I don't think we ever discussed it, but it seemed logical and a minimal change to the code. We already have a GUC write of non-default values for exec and no one had issues with that. You can hardly claim that no one had issues with that. I complained about it and I think other people did too. It's a messy, ugly approach; moreover we have no field experience that says it's reliable. It may be the least messy, ugly approach available, but I concur with Neil's wish to at least look for other answers. Absolutely. I am not happy with the GUC file either, but can't see a better way right now. I have already documented your concern about the GUC race condition issue on the Win32 status page so we will not forget about it. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] fork/exec patch
Bruce Momjian [EMAIL PROTECTED] writes: Agreed, added to the Win32 status page: * remove per-backend parameter file and move into shared memory [itch] I'm not sure that's an answer either; see my comments about how the postmaster shouldn't depend on the contents of shared memory being valid. We could get away with the postmaster having a write-only relationship to shared memory (put value of variable X into predetermined location Y), but I don't think that helps. It doesn't work for variable-size values --- we certainly don't want the postmaster dependent on memory allocation structures being valid within shared memory --- and what about locks? Do you want the postmaster writing shared values without taking a lock, or relying on shared-memory lock structures to be valid enough to not lock it up or crash it? My answer to either of those is no way, Jose ... Writing temp files may actually be a cleaner solution than writing shared memory, once we take these considerations into account. My gripe about race conditions was I want to see how you solve this, and wasn't intended to mean I don't think that is soluble. regards, tom lane ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] fork/exec patch
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: Agreed, added to the Win32 status page: * remove per-backend parameter file and move into shared memory [itch] I'm not sure that's an answer either; see my comments about how the postmaster shouldn't depend on the contents of shared memory being valid. We could get away with the postmaster having a write-only relationship to shared memory (put value of variable X into predetermined location Y), but I don't think that helps. It doesn't work for variable-size values --- we certainly don't want the postmaster dependent on memory allocation structures being valid within shared memory --- and what about locks? Do you want the postmaster writing shared values without taking a lock, or relying on shared-memory lock structures to be valid enough to not lock it up or crash it? My answer to either of those is no way, Jose ... Writing temp files may actually be a cleaner solution than writing shared memory, once we take these considerations into account. My gripe about race conditions was I want to see how you solve this, and wasn't intended to mean I don't think that is soluble. Read my idea that shared memory for signals might be required, and a separate shared memory segment might be used for parameter passing too. I added a question mark to the win32 TODO item, so we can keep as an open item. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
