NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commit55566c9

committed

Fix dangling smgr_owner pointer when a fake relcache entry is freed.

A fake relcache entry can "own" a SmgrRelation object, like a regularrelcache entry. But when it was free'd, the owner field in SmgrRelationwas not cleared, so it was left pointing to free'd memory.Amazingly this apparently hasn't caused crashes in practice, or we would'veheard about it earlier. Andres found this with Valgrind.Report and fix by Andres Freund, with minor modifications by me. Backpatchto all supported versions.

1 parentad7b48e commit55566c9Copy full SHA for 55566c9

File tree

3 files changed

+42

-4

lines changed

src
- backend
  - access/transam
    - xlogutils.c
  - storage/smgr
    - smgr.c
- include/storage
  - smgr.h

3 files changed

+42

-4

lines changed

`‎src/backend/access/transam/xlogutils.c`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -445,6 +445,9 @@ CreateFakeRelcacheEntry(RelFileNode rnode)`
`445`	`445`	`void`
`446`	`446`	`FreeFakeRelcacheEntry(Relationfakerel)`
`447`	`447`	`{`
	`448`	`+/* make sure the fakerel is not referenced by the SmgrRelation anymore */`
	`449`	`+if (fakerel->rd_smgr!=NULL)`
	`450`	`+smgrclearowner(&fakerel->rd_smgr,fakerel->rd_smgr);`
`448`	`451`	`pfree(fakerel);`
`449`	`452`	`}`
`450`	`453`

`‎src/backend/storage/smgr/smgr.c`

Lines changed: 38 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ static SMgrRelation first_unowned_reln = NULL;`
`84`	`84`
`85`	`85`	`/* local function prototypes */`
`86`	`86`	`staticvoidsmgrshutdown(intcode,Datumarg);`
	`87`	`+staticvoidadd_to_unowned_list(SMgrRelationreln);`
`87`	`88`	`staticvoidremove_from_unowned_list(SMgrRelationreln);`
`88`	`89`
`89`	`90`
`@@ -174,9 +175,8 @@ smgropen(RelFileNode rnode, BackendId backend)`
`174`	`175`	`for (forknum=0;forknum <=MAX_FORKNUM;forknum++)`
`175`	`176`	`reln->md_fd[forknum]=NULL;`
`176`	`177`
`177`		`-/* place it at head of unowned list (to make smgrsetowner cheap) */`
`178`		`-reln->next_unowned_reln=first_unowned_reln;`
`179`		`-first_unowned_reln=reln;`
	`178`	`+/* it has no owner yet */`
	`179`	`+add_to_unowned_list(reln);`
`180`	`180`	`}`
`181`	`181`
`182`	`182`	`returnreln;`
`@@ -191,7 +191,7 @@ smgropen(RelFileNode rnode, BackendId backend)`
`191`	`191`	`void`
`192`	`192`	`smgrsetowner(SMgrRelation*owner,SMgrRelationreln)`
`193`	`193`	`{`
`194`		`-/* We don'tcurrentlysupport "disowning" an SMgrRelation here */`
	`194`	`+/* We don't support "disowning" an SMgrRelation here, use smgrclearowner */`
`195`	`195`	`Assert(owner!=NULL);`
`196`	`196`
`197`	`197`	`/*`
`@@ -213,6 +213,40 @@ smgrsetowner(SMgrRelation *owner, SMgrRelation reln)`
`213`	`213`	`*owner=reln;`
`214`	`214`	`}`
`215`	`215`
	`216`	`+/*`
	`217`	`+ * smgrclearowner() -- Remove long-lived reference to an SMgrRelation object`
	`218`	`+ * if one exists`
	`219`	`+ */`
	`220`	`+void`
	`221`	`+smgrclearowner(SMgrRelation*owner,SMgrRelationreln)`
	`222`	`+{`
	`223`	`+/* Do nothing if the SMgrRelation object is not owned by the owner */`
	`224`	`+if (reln->smgr_owner!=owner)`
	`225`	`+return;`
	`226`	`+`
	`227`	`+/* unset the owner's reference */`
	`228`	`+*owner=NULL;`
	`229`	`+`
	`230`	`+/* unset our reference to the owner */`
	`231`	`+reln->smgr_owner=NULL;`
	`232`	`+`
	`233`	`+add_to_unowned_list(reln);`
	`234`	`+}`
	`235`	`+`
	`236`	`+/*`
	`237`	`+ * add_to_unowned_list -- link an SMgrRelation onto the unowned list`
	`238`	`+ *`
	`239`	`+ * Check remove_from_unowned_list()'s comments for performance`
	`240`	`+ * considerations.`
	`241`	`+ */`
	`242`	`+staticvoid`
	`243`	`+add_to_unowned_list(SMgrRelationreln)`
	`244`	`+{`
	`245`	`+/* place it at head of the list (to make smgrsetowner cheap) */`
	`246`	`+reln->next_unowned_reln=first_unowned_reln;`
	`247`	`+first_unowned_reln=reln;`
	`248`	`+}`
	`249`	`+`
`216`	`250`	`/*`
`217`	`251`	`* remove_from_unowned_list -- unlink an SMgrRelation from the unowned list`
`218`	`252`	`*`

`‎src/include/storage/smgr.h`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,7 @@ extern void smgrinit(void);`
`80`	`80`	`externSMgrRelationsmgropen(RelFileNodernode,BackendIdbackend);`
`81`	`81`	`externboolsmgrexists(SMgrRelationreln,ForkNumberforknum);`
`82`	`82`	`externvoidsmgrsetowner(SMgrRelation*owner,SMgrRelationreln);`
	`83`	`+externvoidsmgrclearowner(SMgrRelation*owner,SMgrRelationreln);`
`83`	`84`	`externvoidsmgrclose(SMgrRelationreln);`
`84`	`85`	`externvoidsmgrcloseall(void);`
`85`	`86`	`externvoidsmgrclosenode(RelFileNodeBackendrnode);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit55566c9

File tree

3 files changed

3 files changed

`‎src/backend/access/transam/xlogutils.c`

`‎src/backend/storage/smgr/smgr.c`

`‎src/include/storage/smgr.h`

0 commit comments