Further second thoughts about idle_session_timeout patch.

On reflection, the order of operations in PostgresMain() is wrong.
These timeouts ought to be shut down before, not after, we do the
post-command-read CHECK_FOR_INTERRUPTS, to guarantee that any
timeout error will be detected there rather than at some ill-defined
later point (possibly after having wasted a lot of work).

This is really an error in the original idle_in_transaction_timeout
patch, so back-patch to 9.6 where that was introduced.

diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index 2b53ebf97dc48d5210eae7021f2687a489b158f5..28055680aad73486f612226cb3eb6122b45e2aca 100644 (file)
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -4323,22 +4323,11 @@ PostgresMain(int argc, char *argv[],
        firstchar = ReadCommand(&input_message);
 
        /*
-        * (4) disable async signal conditions again.
+        * (4) turn off the idle-in-transaction and idle-session timeouts, if
+        * active.  We do this before step (5) so that any last-moment timeout
+        * is certain to be detected in step (5).
         *
-        * Query cancel is supposed to be a no-op when there is no query in
-        * progress, so if a query cancel arrived while we were idle, just
-        * reset QueryCancelPending. ProcessInterrupts() has that effect when
-        * it's called when DoingCommandRead is set, so check for interrupts
-        * before resetting DoingCommandRead.
-        */
-       CHECK_FOR_INTERRUPTS();
-       DoingCommandRead = false;
-
-       /*
-        * (5) turn off the idle-in-transaction and idle-session timeouts, if
-        * active.
-        *
-        * At most one of these two will be active, so there's no need to
+        * At most one of these timeouts will be active, so there's no need to
         * worry about combining the timeout.c calls into one.
         */
        if (idle_in_transaction_timeout_enabled)
@@ -4352,6 +4341,18 @@ PostgresMain(int argc, char *argv[],
            idle_session_timeout_enabled = false;
        }
 
+       /*
+        * (5) disable async signal conditions again.
+        *
+        * Query cancel is supposed to be a no-op when there is no query in
+        * progress, so if a query cancel arrived while we were idle, just
+        * reset QueryCancelPending. ProcessInterrupts() has that effect when
+        * it's called when DoingCommandRead is set, so check for interrupts
+        * before resetting DoingCommandRead.
+        */
+       CHECK_FOR_INTERRUPTS();
+       DoingCommandRead = false;
+
        /*
         * (6) check for any other interesting events that happened while we
         * slept.