diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2022-07-25 10:27:43 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2022-07-25 10:27:43 -0400 |
| commit | b35617de37870756bdb0e00ffc0a42441e56eefa (patch) | |
| tree | 233502f11802b820a28b57a3144d9a66e98dc3f8 /src/backend/tcop/postgres.c | |
| parent | 7a08f78aea95a7046816fe6a711e83615ccdb737 (diff) | |
| download | postgresql-b35617de37870756bdb0e00ffc0a42441e56eefa.tar.gz postgresql-b35617de37870756bdb0e00ffc0a42441e56eefa.zip | |
Process session_preload_libraries within InitPostgres's transaction.
Previously we did this after InitPostgres, at a somewhat randomly chosen
place within PostgresMain. However, since commit a0ffa885e doing this
outside a transaction can cause a crash, if we need to check permissions
while replacing a placeholder GUC. (Besides which, a preloaded library
could itself want to do database access within _PG_init.)
To avoid needing an additional transaction start/end in every session,
move the process_session_preload_libraries call to within InitPostgres's
transaction. That requires teaching the code not to call it when
InitPostgres is called from somewhere other than PostgresMain, since
we don't want session_preload_libraries to affect background workers.
The most future-proof solution here seems to be to add an additional
flag parameter to InitPostgres; fortunately, we're not yet very worried
about API stability for v15.
Doing this also exposed the fact that we're currently honoring
session_preload_libraries in walsenders, even those not connected to
any database. This seems, at minimum, a POLA violation: walsenders
are not interactive sessions. Let's stop doing that.
(All these comments also apply to local_preload_libraries, of course.)
Per report from Gurjeet Singh (thanks also to Nathan Bossart and Kyotaro
Horiguchi for review). Backpatch to v15 where a0ffa885e came in.
Discussion: https://postgr.es/m/CABwTF4VEpwTHhRQ+q5MiC5ucngN-whN-PdcKeufX7eLSoAfbZA@mail.gmail.com
Diffstat (limited to 'src/backend/tcop/postgres.c')
| -rw-r--r-- | src/backend/tcop/postgres.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index bdb11f430fd..d0bbd30d2b5 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -4076,7 +4076,11 @@ PostgresMain(const char *dbname, const char *username) * it inside InitPostgres() instead. In particular, anything that * involves database access should be there, not here. */ - InitPostgres(dbname, InvalidOid, username, InvalidOid, NULL, false); + InitPostgres(dbname, InvalidOid, /* database to connect to */ + username, InvalidOid, /* role to connect as */ + !am_walsender, /* honor session_preload_libraries? */ + false, /* don't ignore datallowconn */ + NULL); /* no out_dbname */ /* * If the PostmasterContext is still around, recycle the space; we don't @@ -4113,12 +4117,6 @@ PostgresMain(const char *dbname, const char *username) InitWalSender(); /* - * process any libraries that should be preloaded at backend start (this - * likewise can't be done until GUC settings are complete) - */ - process_session_preload_libraries(); - - /* * Send this backend's cancellation info to the frontend. */ if (whereToSendOutput == DestRemote) |