From 66b5aacfcc045ec1485921a5884b637fcfb6fd73 Mon Sep 17 00:00:00 2001 From: Tatsuo Ishii Date: Tue, 2 Apr 2019 12:56:01 +0900 Subject: [PATCH] Abort session if failover/failback is ongoing. If failover/failback is ongoing, there would be a risk that MASTER node macro cannot be used. If used, it could raise a segfault because connection to the master node is NULL or bogus. There are several reports suspected to be caused by this (see bug 481, 482 for example). Now the guts of the MASTER* macro (pool_virtual_master_db_node_id()) is modified to check Req_info->switching which is true while failover/failback is ongoing. If true, emit warning message and exit the process. There's still a small window I know, but this should greatly reduce the chance to access bogus MASTER connection without using any locking. --- src/context/pool_query_context.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/context/pool_query_context.c b/src/context/pool_query_context.c index b237a8ca4..837fb01af 100644 --- a/src/context/pool_query_context.c +++ b/src/context/pool_query_context.c @@ -318,6 +318,20 @@ pool_virtual_master_db_node_id(void) return REAL_MASTER_NODE_ID; } + /* + * Check whether failover is in progress. If so, just abort this session. + */ + if (Req_info->switching) + { + POOL_SETMASK(&BlockSig); + ereport(WARNING, + (errmsg("failover/failback is in progress"), + errdetail("executing failover or failback on backend"), + errhint("In a moment you should be able to reconnect to the database"))); + POOL_SETMASK(&UnBlockSig); + child_exit(POOL_EXIT_AND_RESTART); + } + if (sc->in_progress && sc->query_context) { int node_id = sc->query_context->virtual_master_node_id; -- 2.39.5