Fix race in dsm_unpin_segment() when handles are reused.

Teach dsm_unpin_segment() to skip segments that are in the process
of being destroyed by another backend, when searching for a handle.
Such a segment cannot possibly be the one we are looking for, even
if its handle matches.  Another slot might hold a recently created
segment that has the same handle value by coincidence, and we need
to keep searching for that one.

The bug caused rare "cannot unpin a segment that is not pinned"
errors on 10 and 11.  Similar to commit 6c0fb941 for dsm_attach().

Back-patch to 10, where dsm_unpin_segment() landed.

Author: Thomas Munro
Reported-by: Justin Pryzby
Tested-by: Justin Pryzby (along with other recent DSA/DSM fixes)
Discussion: https://postgr.es/m/20190216023854.GF30291@telsasoft.com

diff --git a/src/backend/storage/ipc/dsm.c b/src/backend/storage/ipc/dsm.c
index cfbebeb31d5e8f62808ed511766e32877c7297f9..23ccc59f134e745e65ea30e828e5816602c5d726 100644 (file)
--- a/src/backend/storage/ipc/dsm.c
+++ b/src/backend/storage/ipc/dsm.c
@@ -844,8 +844,8 @@ dsm_unpin_segment(dsm_handle handle)
    LWLockAcquire(DynamicSharedMemoryControlLock, LW_EXCLUSIVE);
    for (i = 0; i < dsm_control->nitems; ++i)
    {
-       /* Skip unused slots. */
-       if (dsm_control->item[i].refcnt == 0)
+       /* Skip unused slots and segments that are concurrently going away. */
+       if (dsm_control->item[i].refcnt <= 1)
            continue;
 
        /* If we've found our handle, we can stop searching. */