[pgpool-hackers: 3214] Segfault in a race condition

Tatsuo Ishii ishii at sraoss.co.jp
Tue Jan 8 17:04:00 JST 2019

I found a segfault could happen in a race condition:

1) frontend tries to connect to Pgpool-II

2) there's no existing connection cache

3) try to create new backend connections by calling connect_backend()

4) inside connect_backend(), pool_create_cp() gets called

5) pool_create_cp() calls new_connection()

6) failover occurs and the global backend status is set to down, but
   the pgpool main does not send kill signal to the child process yet

7) inside new_connection() after checking VALID_BACKEND, it checks the
   global backend status and finds it is set to down status, so that
   it returns without creating new connection slot

8) connect_backend() continues and accesses the downed connection slot
   because local status says it's alive, which results in a segfault.

Since there's already checking for the global status in
new_connection(), I think a fix could be syncing the local status with
the global status there. Patch attached.

Best regards,
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pool_connection_pool.diff
Type: text/x-patch
Size: 1393 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20190108/89a23797/attachment.bin>

More information about the pgpool-hackers mailing list