diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2006-11-21 00:49:55 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2006-11-21 00:49:55 +0000 |
| commit | e82d9e6283d6ca19d1ea7547e7e9ae8399471e1a (patch) | |
| tree | b6f413821ac86b98dad1dacc461dd6a70a570696 /src/backend/tcop/postgres.c | |
| parent | 778bb7b60d8b36029f9e874a1b38428115bef0d1 (diff) | |
| download | postgresql-e82d9e6283d6ca19d1ea7547e7e9ae8399471e1a.tar.gz postgresql-e82d9e6283d6ca19d1ea7547e7e9ae8399471e1a.zip | |
Adjust elog.c so that elog(FATAL) exits (including cases where ERROR is
promoted to FATAL) end in exit(1) not exit(0). Then change the postmaster to
allow exit(1) without a system-wide panic, but not for the startup subprocess
or the bgwriter. There were a couple of places that were using exit(1) to
deliberately force a system-wide panic; adjust these to be exit(2) instead.
This fixes the problem noted back in July that if the startup process exits
with elog(ERROR), the postmaster would think everything is hunky-dory and
proceed to start up. Alternative solutions such as trying to run the entire
startup process as a critical section seem less clean, primarily because of
the fact that a fair amount of startup code is shared by all postmaster
children in the EXEC_BACKEND case. We'd need an ugly special case somewhere
near the head of main.c to make it work if it's the child process's
responsibility to determine what happens; and what's the point when the
postmaster already treats different children differently?
Diffstat (limited to 'src/backend/tcop/postgres.c')
| -rw-r--r-- | src/backend/tcop/postgres.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index d019864fea4..8b014c887f5 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/tcop/postgres.c,v 1.516 2006/10/19 19:52:22 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/tcop/postgres.c,v 1.517 2006/11/21 00:49:55 tgl Exp $ * * NOTES * this is the "main" module of the postgres backend and @@ -2327,12 +2327,12 @@ quickdie(SIGNAL_ARGS) * corrupted, so we don't want to try to clean up our transaction. Just * nail the windows shut and get out of town. * - * Note we do exit(1) not exit(0). This is to force the postmaster into a + * Note we do exit(2) not exit(0). This is to force the postmaster into a * system reset cycle if some idiot DBA sends a manual SIGQUIT to a random * backend. This is necessary precisely because we don't clean up our * shared memory state. */ - exit(1); + exit(2); } /* @@ -2374,7 +2374,7 @@ die(SIGNAL_ARGS) /* * Timeout or shutdown signal from postmaster during client authentication. - * Simply exit(0). + * Simply exit(1). * * XXX: possible future improvement: try to send a message indicating * why we are disconnecting. Problem is to be sure we don't block while @@ -2383,7 +2383,7 @@ die(SIGNAL_ARGS) void authdie(SIGNAL_ARGS) { - exit(0); + exit(1); } /* |