NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit04e298b

committed

Avoid palloc in critical section in GiST WAL-logging.

Memory allocation can fail if you run out of memory, and inside a criticalsection that will lead to a PANIC. Use conservatively-sized arrays in stackinstead.There was previously no explicit limit on the number of pages a GiST splitcan produce, it was only limited by the number of LWLocks that can be heldsimultaneously (100 at the moment). This patch adds an explicit limit of 75pages. That should be plenty, a typical split shouldn't produce more than2-3 page halves.The bug has been there forever, but only backpatch down to 9.1. The codewas changed significantly in 9.1, and it doesn't seem worth the risk ortrouble to adapt this for 9.0 and 8.4.

1 parentfc75250 commit04e298bCopy full SHA for 04e298b

File tree

4 files changed

+38

-9

lines changed

src
- backend/access/gist
- include/access
  - gist_private.h

4 files changed

+38

-9

lines changed

`‎src/backend/access/gist/README`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@ that didn't need to be split.`
`135`	`135`
`136`	`136`	`This differs from the insertion algorithm in the original paper. In the`
`137`	`137`	`original paper, you first walk down the tree until you reach a leaf page, and`
`138`		`-then you adjust the downlink in the parent, andpropagating the adjustment up,`
	`138`	`+then you adjust the downlink in the parent, andpropagate the adjustment up,`
`139`	`139`	`all the way up to the root in the worst case. But we adjust the downlinks to`
`140`	`140`	`cover the new key already when we walk down, so that when we reach the leaf`
`141`	`141`	`page, we don't need to update the parents anymore, except to insert the`

`‎src/backend/access/gist/gist.c`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -220,6 +220,7 @@ gistplacetopage(Relation rel, Size freespace, GISTSTATE *giststate,`
`220`	`220`	`GistNSNoldnsn=0;`
`221`	`221`	`SplitedPageLayoutrootpg;`
`222`	`222`	`boolis_rootsplit;`
	`223`	`+intnpage;`
`223`	`224`
`224`	`225`	`is_rootsplit= (blkno==GIST_ROOT_BLKNO);`
`225`	`226`
`@@ -240,6 +241,19 @@ gistplacetopage(Relation rel, Size freespace, GISTSTATE *giststate,`
`240`	`241`	`itvec=gistjoinvector(itvec,&tlen,itup,ntup);`
`241`	`242`	`dist=gistSplit(rel,page,itvec,tlen,giststate);`
`242`	`243`
	`244`	`+/*`
	`245`	`+ * Check that split didn't produce too many pages.`
	`246`	`+ */`
	`247`	`+npage=0;`
	`248`	`+for (ptr=dist;ptr;ptr=ptr->next)`
	`249`	`+npage++;`
	`250`	`+/* in a root split, we'll add one more page to the list below */`
	`251`	`+if (is_rootsplit)`
	`252`	`+npage++;`
	`253`	`+if (npage>GIST_MAX_SPLIT_PAGES)`
	`254`	`+elog(ERROR,"GiST page split into too many halves (%d, maximum %d)",`
	`255`	`+npage,GIST_MAX_SPLIT_PAGES);`
	`256`	`+`
`243`	`257`	`/*`
`244`	`258`	`* Set up pages to work with. Allocate new buffers for all but the`
`245`	`259`	`* leftmost page. The original page becomes the new leftmost page, and`

`‎src/backend/access/gist/gistxlog.c`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -379,7 +379,7 @@ gistXLogSplit(RelFileNode node, BlockNumber blkno, bool page_is_leaf,`
`379`	`379`	`BlockNumberorigrlink,GistNSNorignsn,`
`380`	`380`	`Bufferleftchildbuf,boolmarkfollowright)`
`381`	`381`	`{`
`382`		`-XLogRecData*rdata;`
	`382`	`+XLogRecDatardata[GIST_MAX_SPLIT_PAGES*2+2];`
`383`	`383`	`gistxlogPageSplitxlrec;`
`384`	`384`	`SplitedPageLayout*ptr;`
`385`	`385`	`intnpage=0,`
`@@ -388,8 +388,12 @@ gistXLogSplit(RelFileNode node, BlockNumber blkno, bool page_is_leaf,`
`388`	`388`
`389`	`389`	`for (ptr=dist;ptr;ptr=ptr->next)`
`390`	`390`	`npage++;`
`391`		`-`
`392`		`-rdata= (XLogRecData)palloc(sizeof(XLogRecData) (npage*2+2));`
	`391`	`+/*`
	`392`	`+ * the caller should've checked this already, but doesn't hurt to check`
	`393`	`+ * again.`
	`394`	`+ */`
	`395`	`+if (npage>GIST_MAX_SPLIT_PAGES)`
	`396`	`+elog(ERROR,"GiST page split into too many halves");`
`393`	`397`
`394`	`398`	`xlrec.node=node;`
`395`	`399`	`xlrec.origblkno=blkno;`
`@@ -439,7 +443,6 @@ gistXLogSplit(RelFileNode node, BlockNumber blkno, bool page_is_leaf,`
`439`	`443`
`440`	`444`	`recptr=XLogInsert(RM_GIST_ID,XLOG_GIST_PAGE_SPLIT,rdata);`
`441`	`445`
`442`		`-pfree(rdata);`
`443`	`446`	`returnrecptr;`
`444`	`447`	`}`
`445`	`448`
`@@ -462,14 +465,12 @@ gistXLogUpdate(RelFileNode node, Buffer buffer,`
`462`	`465`	`IndexTuple*itup,intituplen,`
`463`	`466`	`Bufferleftchildbuf)`
`464`	`467`	`{`
`465`		`-XLogRecData*rdata;`
	`468`	`+XLogRecDatardata[MaxIndexTuplesPerPage+3];`
`466`	`469`	`gistxlogPageUpdatexlrec;`
`467`	`470`	`intcur,`
`468`	`471`	`i;`
`469`	`472`	`XLogRecPtrrecptr;`
`470`	`473`
`471`		`-rdata= (XLogRecData)palloc(sizeof(XLogRecData) (3+ituplen));`
`472`		`-`
`473`	`474`	`xlrec.node=node;`
`474`	`475`	`xlrec.blkno=BufferGetBlockNumber(buffer);`
`475`	`476`	`xlrec.ntodelete=ntodelete;`
`@@ -516,6 +517,5 @@ gistXLogUpdate(RelFileNode node, Buffer buffer,`
`516`	`517`
`517`	`518`	`recptr=XLogInsert(RM_GIST_ID,XLOG_GIST_PAGE_UPDATE,rdata);`
`518`	`519`
`519`		`-pfree(rdata);`
`520`	`520`	`returnrecptr;`
`521`	`521`	`}`

`‎src/include/access/gist_private.h`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,21 @@`
`22`	`22`	`#include"utils/rbtree.h"`
`23`	`23`	`#include"utils/hsearch.h"`
`24`	`24`
	`25`	`+/*`
	`26`	`+ * Maximum number of "halves" a page can be split into in one operation.`
	`27`	`+ * Typically a split produces 2 halves, but can be more if keys have very`
	`28`	`+ * different lengths, or when inserting multiple keys in one operation (as`
	`29`	`+ * when inserting downlinks to an internal node). There is no theoretical`
	`30`	`+ * limit on this, but in practice if you get more than a handful page halves`
	`31`	`+ * in one split, there's something wrong with the opclass implementation.`
	`32`	`+ * GIST_MAX_SPLIT_PAGES is an arbitrary limit on that, used to size some`
	`33`	`+ * local arrays used during split. Note that there is also a limit on the`
	`34`	`+ * number of buffers that can be held locked at a time, MAX_SIMUL_LWLOCKS,`
	`35`	`+ * so if you raise this higher than that limit, you'll just get a different`
	`36`	`+ * error.`
	`37`	`+ */`
	`38`	`+#defineGIST_MAX_SPLIT_PAGES75`
	`39`	`+`
`25`	`40`	`/* Buffer lock modes */`
`26`	`41`	`#defineGIST_SHAREBUFFER_LOCK_SHARE`
`27`	`42`	`#defineGIST_EXCLUSIVEBUFFER_LOCK_EXCLUSIVE`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit04e298b

File tree

4 files changed

4 files changed

`‎src/backend/access/gist/README`

`‎src/backend/access/gist/gist.c`

`‎src/backend/access/gist/gistxlog.c`

`‎src/include/access/gist_private.h`

0 commit comments