Fix bootstrap.c so that database startup process and bgwriter properly release

LWLocks during a panic exit.  This avoids the possible self-deadlock pointed
out by Qingqing Zhou.  Also, I noted that an error during LoadFreeSpaceMap()
or BuildFlatFiles() would result in exit(0) which would leave the postmaster
thinking all is well.  Added a critical section to ensure such errors don't
allow startup to proceed.

Backpatched to 8.1.  The 8.0 code is a bit different and I'm not sure if the
problem exists there; given we've not seen this reported from the field, I'm
going to be conservative about backpatching any further.

diff --git a/src/backend/bootstrap/bootstrap.c b/src/backend/bootstrap/bootstrap.c
index ed63b019b3e3ccc525692e2d600309ddb3197f83..f16736df7e2ae35740d3e5a27557442f35cfb36c 100644 (file)
--- a/src/backend/bootstrap/bootstrap.c
+++ b/src/backend/bootstrap/bootstrap.c
@@ -57,6 +57,7 @@ extern int    Int_yyparse(void);
 
 static void usage(void);
 static void bootstrap_signals(void);
+static void ShutdownDummyProcess(int code, Datum arg);
 static hashnode *AddStr(char *str, int strlength, int mderef);
 static Form_pg_attribute AllocateAttribute(void);
 static int     CompHash(char *str, int len);
@@ -400,6 +401,9 @@ BootstrapMain(int argc, char *argv[])
 
                /* finish setting up bufmgr.c */
                InitBufferPoolBackend();
+
+               /* register a shutdown callback for LWLock cleanup */
+               on_shmem_exit(ShutdownDummyProcess, 0);
        }
 
        /*
@@ -422,8 +426,14 @@ BootstrapMain(int argc, char *argv[])
                case BS_XLOG_STARTUP:
                        bootstrap_signals();
                        StartupXLOG();
+                       /*
+                        * These next two functions don't consider themselves critical,
+                        * but we'd best PANIC anyway if they fail.
+                        */
+                       START_CRIT_SECTION();
                        LoadFreeSpaceMap();
                        BuildFlatFiles(false);
+                       END_CRIT_SECTION();
                        proc_exit(0);           /* startup done */
 
                case BS_XLOG_BGWRITER:
@@ -552,6 +562,19 @@ bootstrap_signals(void)
        }
 }
 
+/*
+ * Begin shutdown of a dummy process.  This is approximately the equivalent
+ * of ShutdownPostgres() in postinit.c.  We can't run transactions in a
+ * dummy process, so most of the work of AbortTransaction() is not needed,
+ * but we do need to make sure we've released any LWLocks we are holding.
+ * (This is only critical during an error exit.)
+ */
+static void
+ShutdownDummyProcess(int code, Datum arg)
+{
+       LWLockReleaseAll();
+}
+
 /* ----------------
  *             error handling / abort routines
  * ----------------