aboutsummaryrefslogtreecommitdiff
path: root/src/backend/postmaster/postmaster.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/postmaster/postmaster.c')
-rw-r--r--src/backend/postmaster/postmaster.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 6e2ba08a93d..87f543031ac 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -3960,7 +3960,16 @@ BackendInitialize(Port *port)
* We arrange for a simple exit(1) if we receive SIGTERM or SIGQUIT or
* timeout while trying to collect the startup packet. Otherwise the
* postmaster cannot shutdown the database FAST or IMMED cleanly if a
- * buggy client fails to send the packet promptly.
+ * buggy client fails to send the packet promptly. XXX it follows that
+ * the remainder of this function must tolerate losing control at any
+ * instant. Likewise, any pg_on_exit_callback registered before or during
+ * this function must be prepared to execute at any instant between here
+ * and the end of this function. Furthermore, affected callbacks execute
+ * partially or not at all when a second exit-inducing signal arrives
+ * after proc_exit_prepare() decrements on_proc_exit_index. (Thanks to
+ * that mechanic, callbacks need not anticipate more than one call.) This
+ * is fragile; it ought to instead follow the norm of handling interrupts
+ * at selected, safe opportunities.
*/
pqsignal(SIGTERM, startup_die);
pqsignal(SIGQUIT, startup_die);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 05:29:56 +0000