From aaddf6ba09e25878e792f0d15f725370e19396df Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 29 Jun 2021 11:31:08 -0400 Subject: [PATCH] Remove libpq's use of abort(3) to handle mutex failure cases. Doing an abort() seems all right in development builds, but not in production builds of general-purpose libraries. However, the functions that were doing this lack any way to report a failure back up to their callers. It seems like we can just get away with ignoring failures in production builds, since (a) no such failures have been reported in the dozen years that the code's been like this, and (b) failure to enforce mutual exclusion during fe-auth.c operations would likely not cause any problems anyway in most cases. (The OpenSSL callbacks that use this macro are obsolete, so even less likely to cause interesting problems.) Possibly a better answer would be to break compatibility of the pgthreadlock_t callback API, but in the absence of field problem reports, it doesn't really seem worth the trouble. Discussion: https://postgr.es/m/3131385.1624746109@sss.pgh.pa.us --- src/interfaces/libpq/fe-connect.c | 11 ++++++++--- src/interfaces/libpq/fe-secure-openssl.c | 9 +++++++-- src/interfaces/libpq/libpq-int.h | 7 ------- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 3faf05a7e7..fc65e490ef 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -7254,6 +7254,11 @@ pqGetHomeDirectory(char *buf, int bufsize) /* * To keep the API consistent, the locking stubs are always provided, even * if they are not required. + * + * Since we neglected to provide any error-return convention in the + * pgthreadlock_t API, we can't do much except Assert upon failure of any + * mutex primitive. Fortunately, such failures appear to be nonexistent in + * the field. */ static void @@ -7273,7 +7278,7 @@ default_threadlock(int acquire) if (singlethread_lock == NULL) { if (pthread_mutex_init(&singlethread_lock, NULL)) - PGTHREAD_ERROR("failed to initialize mutex"); + Assert(false); } InterlockedExchange(&mutex_initlock, 0); } @@ -7281,12 +7286,12 @@ default_threadlock(int acquire) if (acquire) { if (pthread_mutex_lock(&singlethread_lock)) - PGTHREAD_ERROR("failed to lock mutex"); + Assert(false); } else { if (pthread_mutex_unlock(&singlethread_lock)) - PGTHREAD_ERROR("failed to unlock mutex"); + Assert(false); } #endif } diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 67feaedc4e..2ee5a0a40a 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -611,15 +611,20 @@ static pthread_mutex_t *pq_lockarray; static void pq_lockingcallback(int mode, int n, const char *file, int line) { + /* + * There's no way to report a mutex-primitive failure, so we just Assert + * in development builds, and ignore any errors otherwise. Fortunately + * this is all obsolete in modern OpenSSL. + */ if (mode & CRYPTO_LOCK) { if (pthread_mutex_lock(&pq_lockarray[n])) - PGTHREAD_ERROR("failed to lock mutex"); + Assert(false); } else { if (pthread_mutex_unlock(&pq_lockarray[n])) - PGTHREAD_ERROR("failed to unlock mutex"); + Assert(false); } } #endif /* ENABLE_THREAD_SAFETY && HAVE_CRYPTO_LOCK */ diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index e81dc37906..6b7fd2c267 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -626,13 +626,6 @@ extern bool pqGetHomeDirectory(char *buf, int bufsize); #ifdef ENABLE_THREAD_SAFETY extern pgthreadlock_t pg_g_threadlock; -#define PGTHREAD_ERROR(msg) \ - do { \ - fprintf(stderr, "%s\n", msg); \ - abort(); \ - } while (0) - - #define pglock_thread() pg_g_threadlock(true) #define pgunlock_thread() pg_g_threadlock(false) #else