Hi Justin,
On Tue, Jan 1, 2019 at 11:17 AM Justin Pryzby <pryzby@telsasoft.com> wrote:
> dsa_area could not attach to segment
/*
* If we are reached by dsa_free or dsa_get_address,
there must be at
* least one object allocated in the referenced
segment. Otherwise,
* their caller has a double-free or access-after-free
bug, which we
* have no hope of detecting. So we know it's safe to
access this
* array slot without holding a lock; it won't change
underneath us.
* Furthermore, we know that we can see the latest
contents of the
* slot, as explained in check_for_freed_segments, which those
* functions call before arriving here.
*/
handle = area->control->segment_handles[index];
/* It's an error to try to access an unused slot. */
if (handle == DSM_HANDLE_INVALID)
elog(ERROR,
"dsa_area could not attach to a
segment that has been freed");
segment = dsm_attach(handle);
if (segment == NULL)
elog(ERROR, "dsa_area could not attach to segment");
Hmm. We observed a valid handle, but then couldn't attach to it,
which could indicate that the value we saw was stale (and the theory
stated above has a hole?), or the segment was in the process of being
freed and we have a use-after-free problem leading to this race, or
something else along those lines. If you can reproduce this on a dev
system, it'd be good to see the backtrace and know which of several
call paths led here, perhaps by changing that error to PANIC. I'll
try that too.
--
Thomas Munro
http://www.enterprisedb.com
