NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitb0779ab

committed

Fix fallback implementation of pg_atomic_write_u32().

I somehow had assumed that in the spinlock (in turn possibly usingsemaphores) based fallback atomics implementation 32 bit writes could bedone without a lock. As far as the write goes that's correct, sincepostgres supports only platforms with single-copy atomicity for aligned32bit writes. But writing without holding the spinlock breaksread-modify-write operations like pg_atomic_compare_exchange_u32(),since they'll potentially "miss" a concurrent write, which can't happenin actual hardware implementations.In 9.6+ when using the fallback atomics implementation this could leadto buffer header locks not being properly marked as released, andpotentially some related state corruption. I don't see a related dangerin 9.5 (earliest release with the API), because pg_atomic_write_u32()wasn't used in a concurrent manner there.The state variable of local buffers, before this change, weremanipulated using pg_atomic_write_u32(), to avoid unnecessarysynchronization overhead. As that'd not be the case anymore, introduceand use pg_atomic_unlocked_write_u32(), which does not correctlyinteract with RMW operations.This bug only caused issues when postgres is compiled on platformswithout atomics support (i.e. no common new platform), or when compiledwith --disable-atomics, which explains why this wasn't noticed intesting.Reported-By: Tom LaneDiscussion: <14947.1475690465@sss.pgh.pa.us>Backpatch: 9.5-, where the atomic operations API was introduced.

1 parent0aec7f9 commitb0779abCopy full SHA for b0779ab

File tree

7 files changed

+61

-14

lines changed

src
- backend
  - port
    - atomics.c
  - storage/buffer
    - bufmgr.c
    - localbuf.c
- include
  - port
    - atomics
      - fallback.h
      - generic.h
    - atomics.h
  - storage
    - buf_internals.h

7 files changed

+61

-14

lines changed

`‎src/backend/port/atomics.c`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,19 @@ pg_atomic_init_u32_impl(volatile pg_atomic_uint32 *ptr, uint32 val_)`
`104`	`104`	`ptr->value=val_;`
`105`	`105`	`}`
`106`	`106`
	`107`	`+void`
	`108`	`+pg_atomic_write_u32_impl(volatilepg_atomic_uint32*ptr,uint32val)`
	`109`	`+{`
	`110`	`+/*`
	`111`	`+ * One might think that an unlocked write doesn't need to acquire the`
	`112`	`+ * spinlock, but one would be wrong. Even an unlocked write has to cause a`
	`113`	`+ * concurrent pg_atomic_compare_exchange_u32() (et al) to fail.`
	`114`	`+ */`
	`115`	`+SpinLockAcquire((slock_t*)&ptr->sema);`
	`116`	`+ptr->value=val;`
	`117`	`+SpinLockRelease((slock_t*)&ptr->sema);`
	`118`	`+}`
	`119`	`+`
`107`	`120`	`bool`
`108`	`121`	`pg_atomic_compare_exchange_u32_impl(volatilepg_atomic_uint32*ptr,`
`109`	`122`	`uint32*expected,uint32newval)`

`‎src/backend/storage/buffer/bufmgr.c`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -821,7 +821,7 @@ ReadBuffer_common(SMgrRelation smgr, char relpersistence, ForkNumber forkNum,`
`821`	`821`
`822`	`822`	`Assert(buf_state&BM_VALID);`
`823`	`823`	`buf_state &= ~BM_VALID;`
`824`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`824`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`825`	`825`	`}`
`826`	`826`	`else`
`827`	`827`	`{`
`@@ -941,7 +941,7 @@ ReadBuffer_common(SMgrRelation smgr, char relpersistence, ForkNumber forkNum,`
`941`	`941`	`uint32buf_state=pg_atomic_read_u32(&bufHdr->state);`
`942`	`942`
`943`	`943`	`buf_state \|=BM_VALID;`
`944`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`944`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`945`	`945`	`}`
`946`	`946`	`else`
`947`	`947`	`{`
`@@ -3167,7 +3167,7 @@ FlushRelationBuffers(Relation rel)`
`3167`	`3167`	`false);`
`3168`	`3168`
`3169`	`3169`	`buf_state &= ~(BM_DIRTY \|BM_JUST_DIRTIED);`
`3170`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`3170`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`3171`	`3171`
`3172`	`3172`	`/* Pop the error context stack */`
`3173`	`3173`	`error_context_stack=errcallback.previous;`

`‎src/backend/storage/buffer/localbuf.c`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ LocalBufferAlloc(SMgrRelation smgr, ForkNumber forkNum, BlockNumber blockNum,`
`138`	`138`	`if (BUF_STATE_GET_USAGECOUNT(buf_state)<BM_MAX_USAGE_COUNT)`
`139`	`139`	`{`
`140`	`140`	`buf_state+=BUF_USAGECOUNT_ONE;`
`141`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`141`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`142`	`142`	`}`
`143`	`143`	`}`
`144`	`144`	`LocalRefCount[b]++;`
`@@ -181,7 +181,7 @@ LocalBufferAlloc(SMgrRelation smgr, ForkNumber forkNum, BlockNumber blockNum,`
`181`	`181`	`if (BUF_STATE_GET_USAGECOUNT(buf_state)>0)`
`182`	`182`	`{`
`183`	`183`	`buf_state-=BUF_USAGECOUNT_ONE;`
`184`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`184`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`185`	`185`	`trycounter=NLocBuffer;`
`186`	`186`	`}`
`187`	`187`	`else`
`@@ -222,7 +222,7 @@ LocalBufferAlloc(SMgrRelation smgr, ForkNumber forkNum, BlockNumber blockNum,`
`222`	`222`
`223`	`223`	`/* Mark not-dirty now in case we error out below */`
`224`	`224`	`buf_state &= ~BM_DIRTY;`
`225`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`225`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`226`	`226`
`227`	`227`	`pgBufferUsage.local_blks_written++;`
`228`	`228`	`}`
`@@ -249,7 +249,7 @@ LocalBufferAlloc(SMgrRelation smgr, ForkNumber forkNum, BlockNumber blockNum,`
`249`	`249`	`/* mark buffer invalid just in case hash insert fails */`
`250`	`250`	`CLEAR_BUFFERTAG(bufHdr->tag);`
`251`	`251`	`buf_state &= ~(BM_VALID \|BM_TAG_VALID);`
`252`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`252`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`253`	`253`	`}`
`254`	`254`
`255`	`255`	`hresult= (LocalBufferLookupEnt*)`
`@@ -266,7 +266,7 @@ LocalBufferAlloc(SMgrRelation smgr, ForkNumber forkNum, BlockNumber blockNum,`
`266`	`266`	`buf_state \|=BM_TAG_VALID;`
`267`	`267`	`buf_state &= ~BUF_USAGECOUNT_MASK;`
`268`	`268`	`buf_state+=BUF_USAGECOUNT_ONE;`
`269`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`269`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`270`	`270`
`271`	`271`	`*foundPtr= FALSE;`
`272`	`272`	`returnbufHdr;`
`@@ -302,7 +302,7 @@ MarkLocalBufferDirty(Buffer buffer)`
`302`	`302`
`303`	`303`	`buf_state \|=BM_DIRTY;`
`304`	`304`
`305`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`305`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`306`	`306`	`}`
`307`	`307`
`308`	`308`	`/*`
`@@ -351,7 +351,7 @@ DropRelFileNodeLocalBuffers(RelFileNode rnode, ForkNumber forkNum,`
`351`	`351`	`CLEAR_BUFFERTAG(bufHdr->tag);`
`352`	`352`	`buf_state &= ~BUF_FLAG_MASK;`
`353`	`353`	`buf_state &= ~BUF_USAGECOUNT_MASK;`
`354`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`354`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`355`	`355`	`}`
`356`	`356`	`}`
`357`	`357`	`}`
`@@ -395,7 +395,7 @@ DropRelFileNodeAllLocalBuffers(RelFileNode rnode)`
`395`	`395`	`CLEAR_BUFFERTAG(bufHdr->tag);`
`396`	`396`	`buf_state &= ~BUF_FLAG_MASK;`
`397`	`397`	`buf_state &= ~BUF_USAGECOUNT_MASK;`
`398`		`-pg_atomic_write_u32(&bufHdr->state,buf_state);`
	`398`	`+pg_atomic_unlocked_write_u32(&bufHdr->state,buf_state);`
`399`	`399`	`}`
`400`	`400`	`}`
`401`	`401`	`}`

`‎src/include/port/atomics.h`

Lines changed: 23 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -255,10 +255,12 @@ pg_atomic_read_u32(volatile pg_atomic_uint32 *ptr)`
`255`	`255`	`}`
`256`	`256`
`257`	`257`	`/*`
`258`		`- * pg_atomic_write_u32 -unlockedwrite to atomic variable.`
	`258`	`+ * pg_atomic_write_u32 - write to atomic variable.`
`259`	`259`	`*`
`260`	`260`	`* The write is guaranteed to succeed as a whole, i.e. it's not possible to`
`261`		`- * observe a partial write for any reader.`
	`261`	`+ * observe a partial write for any reader. Note that this correctly interacts`
	`262`	`+ * with pg_atomic_compare_exchange_u32, in contrast to`
	`263`	`+ * pg_atomic_unlocked_write_u32().`
`262`	`264`	`*`
`263`	`265`	`* No barrier semantics.`
`264`	`266`	`*/`
`@@ -270,6 +272,25 @@ pg_atomic_write_u32(volatile pg_atomic_uint32 *ptr, uint32 val)`
`270`	`272`	`pg_atomic_write_u32_impl(ptr,val);`
`271`	`273`	`}`
`272`	`274`
	`275`	`+/*`
	`276`	`+ * pg_atomic_unlocked_write_u32 - unlocked write to atomic variable.`
	`277`	`+ *`
	`278`	`+ * The write is guaranteed to succeed as a whole, i.e. it's not possible to`
	`279`	`+ * observe a partial write for any reader. But note that writing this way is`
	`280`	`+ * not guaranteed to correctly interact with read-modify-write operations like`
	`281`	`+ * pg_atomic_compare_exchange_u32. This should only be used in cases where`
	`282`	`+ * minor performance regressions due to atomics emulation are unacceptable.`
	`283`	`+ *`
	`284`	`+ * No barrier semantics.`
	`285`	`+ */`
	`286`	`+staticinlinevoid`
	`287`	`+pg_atomic_unlocked_write_u32(volatilepg_atomic_uint32*ptr,uint32val)`
	`288`	`+{`
	`289`	`+AssertPointerAlignment(ptr,4);`
	`290`	`+`
	`291`	`+pg_atomic_unlocked_write_u32_impl(ptr,val);`
	`292`	`+}`
	`293`	`+`
`273`	`294`	`/*`
`274`	`295`	`* pg_atomic_exchange_u32 - exchange newval with current value`
`275`	`296`	`*`

`‎src/include/port/atomics/fallback.h`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -133,6 +133,9 @@ pg_atomic_unlocked_test_flag_impl(volatile pg_atomic_flag *ptr)`
`133`	`133`	`#definePG_HAVE_ATOMIC_INIT_U32`
`134`	`134`	`externvoidpg_atomic_init_u32_impl(volatilepg_atomic_uint32*ptr,uint32val_);`
`135`	`135`
	`136`	`+#definePG_HAVE_ATOMIC_WRITE_U32`
	`137`	`+externvoidpg_atomic_write_u32_impl(volatilepg_atomic_uint32*ptr,uint32val);`
	`138`	`+`
`136`	`139`	`#definePG_HAVE_ATOMIC_COMPARE_EXCHANGE_U32`
`137`	`140`	`externboolpg_atomic_compare_exchange_u32_impl(volatilepg_atomic_uint32*ptr,`
`138`	`141`	`uint32*expected,uint32newval);`

`‎src/include/port/atomics/generic.h`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,15 @@ pg_atomic_write_u32_impl(volatile pg_atomic_uint32 *ptr, uint32 val)`
`58`	`58`	`}`
`59`	`59`	`#endif`
`60`	`60`
	`61`	`+#ifndefPG_HAVE_ATOMIC_UNLOCKED_WRITE_U32`
	`62`	`+#definePG_HAVE_ATOMIC_UNLOCKED_WRITE_U32`
	`63`	`+staticinlinevoid`
	`64`	`+pg_atomic_unlocked_write_u32_impl(volatilepg_atomic_uint32*ptr,uint32val)`
	`65`	`+{`
	`66`	`+ptr->value=val;`
	`67`	`+}`
	`68`	`+#endif`
	`69`	`+`
`61`	`70`	`/*`
`62`	`71`	`* provide fallback for test_and_set using atomic_exchange if available`
`63`	`72`	`*/`

`‎src/include/storage/buf_internals.h`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,8 @@ typedef struct buftag`
`168`	`168`	`* We use this same struct for local buffer headers, but the locks are not`
`169`	`169`	`* used and not all of the flag bits are useful either. To avoid unnecessary`
`170`	`170`	`* overhead, manipulations of the state field should be done without actual`
`171`		`- * atomic operations (i.e. only pg_atomic_read/write).`
	`171`	`+ * atomic operations (i.e. only pg_atomic_read_u32() and`
	`172`	`+ * pg_atomic_unlocked_write_u32()).`
`172`	`173`	`*`
`173`	`174`	`* Be careful to avoid increasing the size of the struct when adding or`
`174`	`175`	`* reordering members. Keeping it below 64 bytes (the most common CPU`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb0779ab

File tree

7 files changed

7 files changed

`‎src/backend/port/atomics.c`

`‎src/backend/storage/buffer/bufmgr.c`

`‎src/backend/storage/buffer/localbuf.c`

`‎src/include/port/atomics.h`

`‎src/include/port/atomics/fallback.h`

`‎src/include/port/atomics/generic.h`

`‎src/include/storage/buf_internals.h`

0 commit comments