diff options
| author | Michael Paquier <michael@paquier.xyz> | 2024-06-06 08:47:40 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2024-06-06 08:47:40 +0900 |
| commit | cd312adc561a0de056bbc0b0087d275bd3e9f282 (patch) | |
| tree | 6cae986dfe08f5465c1cc2ae9d09ed735571cd8a | |
| parent | 8111e80c5d39451c0cbff91d5a6b69fd87c3928c (diff) | |
| download | postgresql-cd312adc561a0de056bbc0b0087d275bd3e9f282.tar.gz postgresql-cd312adc561a0de056bbc0b0087d275bd3e9f282.zip | |
Prevent inconsistent use of stats entry for replication slots
Concurrent activity around replication slot creation and drop could
cause a replication slot to use a stats entry it should not have used
when created, triggering an assertion failure when retrieving an
inconsistent entry from the dshash table used by the stats facility.
The issue is that pgstat_drop_replslot() calls pgstat_drop_entry()
without checking the result. If pgstat_drop_entry() cannot free the
entry related to the object dropped, pgstat_request_entry_refs_gc()
should be called. AtEOXact_PgStat_DroppedStats() and surrounding
routines dropping stats entries already do that.
This is documented in pgstat_internal.h, but let's add a comment at the
top of pgstat_drop_entry() as that can be easy to miss.
Reported-by: Alexander Lakhin
Author: Floris Van Nee
Analyzed-by: Andres Freund
Discussion: https://postgr.es/m/17947-b9554521ad963c9c@postgresql.org
Backpatch-through: 15
| -rw-r--r-- | src/backend/utils/activity/pgstat_replslot.c | 5 | ||||
| -rw-r--r-- | src/backend/utils/activity/pgstat_shmem.c | 11 |
2 files changed, 14 insertions, 2 deletions
diff --git a/src/backend/utils/activity/pgstat_replslot.c b/src/backend/utils/activity/pgstat_replslot.c index 889e86ac5ac..da11b867445 100644 --- a/src/backend/utils/activity/pgstat_replslot.c +++ b/src/backend/utils/activity/pgstat_replslot.c @@ -157,8 +157,9 @@ pgstat_drop_replslot(ReplicationSlot *slot) { Assert(LWLockHeldByMeInMode(ReplicationSlotAllocationLock, LW_EXCLUSIVE)); - pgstat_drop_entry(PGSTAT_KIND_REPLSLOT, InvalidOid, - ReplicationSlotIndex(slot)); + if (!pgstat_drop_entry(PGSTAT_KIND_REPLSLOT, InvalidOid, + ReplicationSlotIndex(slot))) + pgstat_request_entry_refs_gc(); } /* diff --git a/src/backend/utils/activity/pgstat_shmem.c b/src/backend/utils/activity/pgstat_shmem.c index 91591da3958..4a4b69891d3 100644 --- a/src/backend/utils/activity/pgstat_shmem.c +++ b/src/backend/utils/activity/pgstat_shmem.c @@ -855,6 +855,17 @@ pgstat_drop_database_and_contents(Oid dboid) pgstat_request_entry_refs_gc(); } +/* + * Drop a single stats entry. + * + * This routine returns false if the stats entry of the dropped object could + * not be freed, true otherwise. + * + * The callers of this function should call pgstat_request_entry_refs_gc() + * if the stats entry could not be freed, to ensure that this entry's memory + * can be reclaimed later by a different backend calling + * pgstat_gc_entry_refs(). + */ bool pgstat_drop_entry(PgStat_Kind kind, Oid dboid, Oid objoid) { |