Re: Hot Standby conflict resolution handling
Andres Freund <andres@2ndquadrant.com>
From: Andres Freund <andres@2ndquadrant.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Abhijit Menon-Sen <ams@2ndQuadrant.com>, Stephen Frost <sfrost@snowman.net>, Pavan Deolasee <pavan.deolasee@gmail.com>, pgsql-hackers@postgresql.org
Date: 2013-01-17T10:47:44Z
Lists: pgsql-hackers
On 2013-01-17 01:38:31 -0500, Tom Lane wrote: > But having said that ... are we sure this code is not actually broken? > ISTM that if we dare not interrupt for fear of confusing OpenSSL, we > cannot safely attempt to send an error message to the client either; > but ereport(FATAL) will try exactly that. You're absolutely right. ISTM, to fix it we would have to either provide a COMERROR like facility for FATAL errors or just remove the requirement of raising an error exactly there. If I remember what I tried before correctly the latter seems to involve setting openssl into nonblocking mode and check for the saved error in the EINTR loop in be-secure and re-raise the error from there. Do we want to backport either - there hasn't been any report that I could link to it right now, but on the other hand it could possibly cause rather ugly problems (data leakage, segfaults, code execution aren't all that improbable)? Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services