Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u0kw1-007Ik7-8R for pgsql-hackers@arkaria.postgresql.org; Fri, 04 Apr 2025 17:34:29 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u0kvz-002x3v-S7 for pgsql-hackers@arkaria.postgresql.org; Fri, 04 Apr 2025 17:34:27 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u0kvz-002x3m-EN for pgsql-hackers@lists.postgresql.org; Fri, 04 Apr 2025 17:34:27 +0000 Received: from meesny.iki.fi ([2001:67c:2b0:1c1::201]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1u0kvw-003OZ5-2h for pgsql-hackers@postgresql.org; Fri, 04 Apr 2025 17:34:27 +0000 Received: from [192.168.1.112] (iptv-hkibng21-58c090-167.dhcp.inet.fi [88.192.144.167]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: hlinnaka) by meesny.iki.fi (Postfix) with ESMTPSA id 4ZTm1n5wxdzyQX; Fri, 4 Apr 2025 20:34:21 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1743788062; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kQjpHwax42UKtbtbNOjazgqw08WVqaNPeqVe6uvs/Tk=; b=KpEkNs7IVSISZ0C+6RqY5i/0eTKKTYl6VQRE9pau2C9sHbPQ+wiydEMOhFXWk/TnlB8F8u h/Bwb3Cpxo8n9DUiqFlBGnpSb8xU3ObcPcESV9gRC0cm3pCxnUY31JFnpdxBseCNQ0Rtch nI60K9/O+RYJdEWONghHfr+4JHYozgA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1743788062; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kQjpHwax42UKtbtbNOjazgqw08WVqaNPeqVe6uvs/Tk=; b=pMvX3ouoq/+XY7/dsTlvWpW4tPEWdOyKHx44my4DlFpjAW0zGkNyV11xrtqefyIiu5fGQp J4Y+YUQUgWPkDwn/mh6ybh0YkF3tIONun1use+spL1Brdx/eEchCOPvEv1nN/lvJuJdrDx ccOnn6Khi4xiuVAJxQxwW2OfQa4Ulvo= ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=hlinnaka smtp.mailfrom=hlinnaka@iki.fi ARC-Seal: i=1; s=meesny; d=iki.fi; t=1743788062; a=rsa-sha256; cv=none; b=KNUa0iSWxeSoMiGW26TFwIDtSDPNIkL8GU+c+GxQTM8xWCGn9UmhC6AkwBh1UdpCJvftoJ zKOjILDQXOJhjGudptOhuJRj83lxhSwPUkB8FgskJCmvRiojF7R+HzmZYOp1N0d9XbBZXO u48b6RLphEzKEvLQhNeJ8YQ2BodiT5w= Message-ID: <9004aa84-4ea3-414f-9268-101510f41a29@iki.fi> Date: Fri, 4 Apr 2025 20:34:21 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Bump soft open file limit (RLIMIT_NOFILE) to hard limit on startup To: Jelte Fennema-Nio , Andres Freund Cc: Tom Lane , Tomas Vondra , PostgreSQL-development References: <3203865.1739301613@sss.pgh.pa.us> <94798ef1-0f13-416a-983a-88447e434a7f@vondra.me> <7u7dbn6s2i6bf3hjzkbqaexj2bpoblqxwbkffbetl4rjv6dcom@s2uickjc5z53> <3216369.1739308717@sss.pgh.pa.us> <4huky7iczrycvq3ptpjkkzrclsabqceu6jyppizotjafqywq5g@g4eynaqxjog5> Content-Language: en-US From: Heikki Linnakangas In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 18/03/2025 01:08, Jelte Fennema-Nio wrote: > On Mon Feb 24, 2025 at 12:01 PM CET, Jelte Fennema-Nio wrote: >> Right after pressing send I realized I could remove two more useless >> lines... > > Rebased patchset attached (trivial conflict against pg_noreturn > changes). v7-0001-Adds-a-helper-for-places-that-shell-out-to-system.patch: > /* > * A custom wrapper around the system() function that calls the necessary > * functions pre/post-fork. > */ > int > System(const char *command, uint32 wait_event_info) > { > int rc; > > fflush(NULL); > pgstat_report_wait_start(wait_event_info); > > if (wait_event_info == WAIT_EVENT_RESTORE_COMMAND) > { > /* > * Set in_restore_command to tell the signal handler that we should > * exit right away on SIGTERM. This is done for the duration of the > * system() call because there isn't a good way to break out while it > * is executing. Since we might call proc_exit() in a signal handler, > * it is best to put any additional logic outside of this section > * where in_restore_command is set to true. > */ > in_restore_command = true; > > /* > * Also check if we had already received the signal, so that we don't > * miss a shutdown request received just before this. > */ > if (shutdown_requested) > proc_exit(1); > } > > rc = system(command); > > if (wait_event_info == WAIT_EVENT_RESTORE_COMMAND) > in_restore_command = false; > > pgstat_report_wait_end(); > return rc; > } Let's move that 'in_restore_command' business to the caller. It's weird modularity for the function to implicitly behave differently for some callers. And 'wait_event_info' should only affect pgstat reporting, not actual behavior. I don't feel good about the function name. How about pg_system() or something? postmaster/startup.c also seems like a weird place for it; not sure where it belongs but probably not there. Maybe next to OpenPipeStream() in fd.c, or move both to a new file. v7-0002-Bump-postmaster-soft-open-file-limit-RLIMIT_NOFIL.patch: > @@ -274,6 +275,7 @@ System(const char *command, uint32 wait_event_info) > { > int rc; > > + RestoreOriginalOpenFileLimit(); > fflush(NULL); > pgstat_report_wait_start(wait_event_info); > > @@ -303,6 +305,7 @@ System(const char *command, uint32 wait_event_info) > in_restore_command = false; > > pgstat_report_wait_end(); > + RestoreCustomOpenFileLimit(); > return rc; > } > Looks a bit funny that both functions are called Restore(). Not sure what to suggest instead though. Maybe RaiseOpenFileLimit() and LowerOpenFileLimit(). > @@ -2724,6 +2873,19 @@ OpenPipeStream(const char *command, const char *mode) > ReleaseLruFiles(); > > TryAgain: > + > + /* > + * It would be great if we could call RestoreOriginalOpenFileLimit here, > + * but since popen() also opens a file in the current process (this side > + * of the pipe) we cannot do so safely. Because we might already have many > + * more files open than the original limit. > + * > + * The only way to address this would be implementing a custom popen() > + * that calls RestoreOriginalOpenFileLimit only around the actual fork > + * call, but that seems too much effort to handle the corner case where > + * this external command uses both select() and tries to open more files > + * than select() allows for. > + */ > fflush(NULL); > pqsignal(SIGPIPE, SIG_DFL); > errno = 0; What would it take to re-implement popen() with fork+exec? Genuine question; I have a feeling it might be complicated to do correctly on all platforms, but I don't know. -- Heikki Linnakangas Neon (https://neon.tech)