diff options
| author | Andres Freund <andres@anarazel.de> | 2015-02-03 22:54:48 +0100 |
|---|---|---|
| committer | Andres Freund <andres@anarazel.de> | 2015-02-03 22:54:48 +0100 |
| commit | 6647248e3708843be93c7ca670cd219fe8e61026 (patch) | |
| tree | 8e68a84f89a741147de96f1dfbb0e80f4d40c62d /src/backend/tcop/postgres.c | |
| parent | cec916f35be5531efdaf721a46313feb36e0cd76 (diff) | |
| download | postgresql-6647248e3708843be93c7ca670cd219fe8e61026.tar.gz postgresql-6647248e3708843be93c7ca670cd219fe8e61026.zip | |
Don't allow immediate interrupts during authentication anymore.
We used to handle authentication_timeout by setting
ImmediateInterruptOK to true during large parts of the authentication
phase of a new connection. While that happens to work acceptably in
practice, it's not particularly nice and has ugly corner cases.
Previous commits converted the FE/BE communication to use latches and
implemented support for interrupt handling during both
send/recv. Building on top of that work we can get rid of
ImmediateInterruptOK during authentication, by immediately treating
timeouts during authentication as a reason to die. As die interrupts
are handled immediately during client communication that provides a
sensibly quick reaction time to authentication timeout.
Additionally add a few CHECK_FOR_INTERRUPTS() to some more complex
authentication methods. More could be added, but this already should
provides a reasonable coverage.
While it this overall increases the maximum time till a timeout is
reacted to, it greatly reduces complexity and increases
reliability. That seems like a overall win. If the increase proves to
be noticeable we can deal with those cases by moving to nonblocking
network code and add interrupt checking there.
Reviewed-By: Heikki Linnakangas
Diffstat (limited to 'src/backend/tcop/postgres.c')
| -rw-r--r-- | src/backend/tcop/postgres.c | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index 7e9408e61d9..63573046a9e 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -2880,7 +2880,11 @@ ProcessInterrupts(void) /* As in quickdie, don't risk sending to client during auth */ if (ClientAuthInProgress && whereToSendOutput == DestRemote) whereToSendOutput = DestNone; - if (IsAutoVacuumWorkerProcess()) + if (ClientAuthInProgress) + ereport(FATAL, + (errcode(ERRCODE_QUERY_CANCELED), + errmsg("canceling authentication due to timeout"))); + else if (IsAutoVacuumWorkerProcess()) ereport(FATAL, (errcode(ERRCODE_ADMIN_SHUTDOWN), errmsg("terminating autovacuum process due to administrator command"))); @@ -2959,17 +2963,6 @@ ProcessInterrupts(void) } QueryCancelPending = false; - if (ClientAuthInProgress) - { - ImmediateInterruptOK = false; /* not idle anymore */ - LockErrorCleanup(); - /* As in quickdie, don't risk sending to client during auth */ - if (whereToSendOutput == DestRemote) - whereToSendOutput = DestNone; - ereport(ERROR, - (errcode(ERRCODE_QUERY_CANCELED), - errmsg("canceling authentication due to timeout"))); - } /* * If LOCK_TIMEOUT and STATEMENT_TIMEOUT indicators are both set, we |