diff options
| author | Andres Freund <andres@anarazel.de> | 2015-02-03 22:45:45 +0100 |
|---|---|---|
| committer | Andres Freund <andres@anarazel.de> | 2015-02-03 22:45:45 +0100 |
| commit | 4fe384bd858671d40d311ca68cc9b80f4c683a3e (patch) | |
| tree | 443a91fee00e1515fb97e1829205fa07a5e807ac /src/backend/libpq/be-secure-openssl.c | |
| parent | 4f85fde8eb860f263384fffdca660e16e77c7f76 (diff) | |
| download | postgresql-4fe384bd858671d40d311ca68cc9b80f4c683a3e.tar.gz postgresql-4fe384bd858671d40d311ca68cc9b80f4c683a3e.zip | |
Process 'die' interrupts while reading/writing from the client socket.
Up to now it was impossible to terminate a backend that was trying to
send/recv data to/from the client when the socket's buffer was already
full/empty. While the send/recv calls itself might have gotten
interrupted by signals on some platforms, we just immediately retried.
That could lead to situations where a backend couldn't be terminated ,
after a client died without the connection being closed, because it
was blocked in send/recv.
The problem was far more likely to be hit when sending data than when
reading. That's because while reading a command from the client, and
during authentication, we processed interrupts immediately . That
primarily left COPY FROM STDIN as being problematic for recv.
Change things so that that we process 'die' events immediately when
the appropriate signal arrives. We can't sensibly react to query
cancels at that point, because we might loose sync with the client as
we could be in the middle of writing a message.
We don't interrupt writes if the write buffer isn't full, as indicated
by write() returning EWOULDBLOCK, as that would lead to fewer error
messages reaching clients.
Per discussion with Kyotaro HORIGUCHI and Heikki Linnakangas
Discussion: 20140927191243.GD5423@alap3.anarazel.de
Diffstat (limited to 'src/backend/libpq/be-secure-openssl.c')
| -rw-r--r-- | src/backend/libpq/be-secure-openssl.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index 3db358e402f..25ee070f5df 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -553,7 +553,7 @@ rloop: if (latchret & WL_LATCH_SET) { ResetLatch(MyLatch); - ProcessClientReadInterrupt(); /* preserves errno */ + ProcessClientReadInterrupt(true); /* preserves errno */ } goto rloop; case SSL_ERROR_SYSCALL: @@ -595,6 +595,7 @@ be_tls_write(Port *port, void *ptr, size_t len) ssize_t n; int err; int waitfor; + int latchret; /* * If SSL renegotiations are enabled and we're getting close to the @@ -659,16 +660,27 @@ wloop: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: + waitfor = WL_LATCH_SET; + if (err == SSL_ERROR_WANT_READ) - waitfor = WL_SOCKET_READABLE; + waitfor |= WL_SOCKET_READABLE; else - waitfor = WL_SOCKET_WRITEABLE; + waitfor |= WL_SOCKET_WRITEABLE; + + latchret = WaitLatchOrSocket(MyLatch, waitfor, port->sock, 0); - WaitLatchOrSocket(MyLatch, waitfor, port->sock, 0); /* - * XXX: We'll, at some later point, likely want to add interrupt - * processing here. + * Check for interrupts here, in addition to secure_write(), + * because an interrupted write in secure_raw_write() will return + * here, and we cannot return to secure_write() until we've + * written something. */ + if (latchret & WL_LATCH_SET) + { + ResetLatch(MyLatch); + ProcessClientWriteInterrupt(true); /* preserves errno */ + } + goto wloop; case SSL_ERROR_SYSCALL: /* leave it to caller to ereport the value of errno */ |