Plug race in dsa_attach.

With sufficiently bad luck, it was possible for a parallel worker to attempt attach to a DSA area after all other backends have detached from it, which is not legal. If the worker had waited a little longer to get started, the DSM itself would have been destroyed, which is why this wasn't noticed before. Thomas Munro, per a report from Andreas Seltenreich Discussion: http://postgr.es/m/87h92g83t3.fsf@credativ.de

Plug race in dsa_attach.
With sufficiently bad luck, it was possible for a parallel worker to attempt attach to a DSA area after all other backends have detached from it, which is not legal. If the worker had waited a little longer to get started, the DSM itself would have been destroyed, which is why this wasn't noticed before. Thomas Munro, per a report from Andreas Seltenreich Discussion: http://postgr.es/m/87h92g83t3.fsf@credativ.de
fddf45b3 · Robert Haas · 3582b223 · fddf45b3
Commit fddf45b3 authored Mar 29, 2017 by Robert Haas
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

src/backend/utils/mmgr/dsa.c src/backend/utils/mmgr/dsa.c +7 -0

No files found.
--- a/src/backend/utils/mmgr/dsa.c
+++ b/src/backend/utils/mmgr/dsa.c
@@ -1314,6 +1314,13 @@ attach_internal(void *place, dsm_segment *segment, dsa_handle handle)

 	/* Bump the reference count. */
 	LWLockAcquire(DSA_AREA_LOCK(area), LW_EXCLUSIVE);
+	if (control->refcnt == 0)
+	{
+		/* We can't attach to a DSA area that has already been destroyed. */
+		ereport(ERROR,
+				(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
+				 errmsg("could not attach to dsa_area")));
+	}
 	++control->refcnt;
 	LWLockRelease(DSA_AREA_LOCK(area));