Re: stopgap fix for signal handling during restore_command

Hi,

On 2023-03-01 14:47:51 -0800, Nathan Bossart wrote:
> On Tue, Feb 28, 2023 at 08:36:03PM -0800, Nathan Bossart wrote:
> > On Sun, Feb 26, 2023 at 12:12:27PM -0800, Andres Freund wrote:
> >> Partially I just want something that can easily be searched for, that can have
> >> comments attached to it documenting why what it is doing is safe.
> >>
> >> It'd not be a huge amount of work to have a slow and restricted string
> >> interpolation support, to make it easier to write messages. Converting floats
> >> is probably too hard to do safely, and I'm not sure %m can safely be
> >> supported. But basic things like %d would be pretty simple.
> >>
> >> Basically a loop around the format string that directly writes to stderr using
> >> write(), and only supports a signal safe subset of normal format strings.
> >
> > Got it, thanks. I will try to put something together along these lines,
> > although I don't know if I'll pick up the interpolation support in this
> > thread.
>
> Here is an attempt at adding a signal safe function for writing to STDERR.

Cool.

> I didn't add support for format strings, but looking ahead, I think one
> challenge will be avoiding va_start() and friends. In any case, IMO format
> string support probably deserves its own thread.

Makes sense to split that off.

FWIW, I think we could rely on va_start() et al to be signal safe. The
standardese isn't super clear about this, because they aren't functions, and
posix only talks about functions being async signal safe...

Greetings,

Andres Freund