Ensure pooler process follows consistent model for SIGQUIT handling

We'd occassionally seen that the pooler process fails to respond to SIGQUIT and
gets stuck in a non recoverable state. Code inspection reveals that we're not
following the model followed by rest of the background worker processes in
handling SIGQUIT. So get that fixed, with the hope that this will fix the
problem case.

diff --git a/src/backend/pgxc/pool/poolmgr.c b/src/backend/pgxc/pool/poolmgr.c
index e3fe8ea906b746c3c57f782d4f9acefc55561b68..3e29663eb89af266b3f26e63f58011afcaa66fa3 100644 (file)
--- a/src/backend/pgxc/pool/poolmgr.c
+++ b/src/backend/pgxc/pool/poolmgr.c
@@ -64,6 +64,7 @@
 #include <sys/socket.h>
 #include <poll.h>
 #include "pgxc/pause.h"
+#include "storage/ipc.h"
 #include "storage/procarray.h"
 
 /* Configuration options */
@@ -2873,7 +2874,27 @@ pooler_die(SIGNAL_ARGS)
 static void
 pooler_quickdie(SIGNAL_ARGS)
 {
+       sigaddset(&BlockSig, SIGQUIT);          /* prevent nested calls */
        PG_SETMASK(&BlockSig);
+
+       /*
+        * We DO NOT want to run proc_exit() callbacks -- we're here because
+        * shared memory may be corrupted, so we don't want to try to clean up our
+        * transaction.  Just nail the windows shut and get out of town.  Now that
+        * there's an atexit callback to prevent third-party code from breaking
+        * things by calling exit() directly, we have to reset the callbacks
+        * explicitly to make this work as intended.
+        */
+       on_exit_reset();
+
+       /*
+        * Note we do exit(2) not exit(0).  This is to force the postmaster into a
+        * system reset cycle if some idiot DBA sends a manual SIGQUIT to a random
+        * backend.  This is necessary precisely because we don't clean up our
+        * shared memory state.  (The "dead man switch" mechanism in pmsignal.c
+        * should ensure the postmaster sees this as a crash, too, but no harm in
+        * being doubly sure.)
+        */
        exit(2);
 }