Disconnect if socket cannot be put into non-blocking mode

Commit 387da18874 moved the code to put socket into non-blocking mode
from socket_set_nonblocking() into the one-time initialization
function, pq_init(). In socket_set_nonblocking(), there indeed was a
risk of recursion on failure like the comment said, but in pq_init(),
ERROR or FATAL is fine. There's even another elog(FATAL) just after
this, if setting FD_CLOEXEC fails.

Note that COMMERROR merely logged the error, it did not close the
connection, so if putting the socket to non-blocking mode failed we
would use the connection anyway. You might not immediately notice,
because most socket operations in a regular backend wait for the
socket to become readable/writable anyway. But e.g. replication will
be quite broken.

Backpatch to all supported versions.

Discussion: https://www.postgresql.org/message-id/d40a5cd0-2722-40c5-8755-12e9e811fa3c@iki.fi

diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
index c606bf34473e3e86c7e21a5a33a8feb22c97bf39..d9e49ca7028bf22d43e5a84fecfaeee34b14aa5d 100644 (file)
--- a/src/backend/libpq/pqcomm.c
+++ b/src/backend/libpq/pqcomm.c
@@ -189,14 +189,10 @@ pq_init(void)
     * nonblocking mode and use latches to implement blocking semantics if
     * needed. That allows us to provide safely interruptible reads and
     * writes.
-    *
-    * Use COMMERROR on failure, because ERROR would try to send the error to
-    * the client, which might require changing the mode again, leading to
-    * infinite recursion.
     */
 #ifndef WIN32
    if (!pg_set_noblock(MyProcPort->sock))
-       ereport(COMMERROR,
+       ereport(FATAL,
                (errmsg("could not set socket to nonblocking mode: %m")));
 #endif