On Thu, Oct 18, 2018 at 11:08 AM Thomas Munro <thomas.mu...@enterprisedb.com> wrote: > On Thu, Oct 18, 2018 at 9:43 AM Thomas Munro > <thomas.mu...@enterprisedb.com> wrote: > > On Thu, Oct 18, 2018 at 9:00 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > > > I would argue that both dsm_postmaster_shutdown and dsm_postmaster_startup > > > are broken here; the former because it makes no attempt to unmap > > > the old control segment (which it oughta be able to do no matter how badly > > > broken the contents are), and the latter because it should not let > > > garbage old state prevent it from establishing a valid new segment. > > > > Looking. > > (CCing Amit Kapila) > > To reproduce this, I attached lldb to a backend and did "mem write > &dsm_control->magic 42", and then delivered SIGKILL to the backend. > Here's one way to fix it. I think we have no choice but to leak the > referenced segments, but we can free the control segment. See > comments in the attached patch for rationale.
I realised that the nearly identical code in dsm_postmaster_shutdown() might as well destroy a corrupted control segment too. New version attached. -- Thomas Munro http://www.enterprisedb.com
0001-Fix-thinko-in-handling-of-corrupted-DSM-control-area.patch
Description: Binary data
