From b35617de37870756bdb0e00ffc0a42441e56eefa Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 25 Jul 2022 10:27:43 -0400 Subject: Process session_preload_libraries within InitPostgres's transaction. Previously we did this after InitPostgres, at a somewhat randomly chosen place within PostgresMain. However, since commit a0ffa885e doing this outside a transaction can cause a crash, if we need to check permissions while replacing a placeholder GUC. (Besides which, a preloaded library could itself want to do database access within _PG_init.) To avoid needing an additional transaction start/end in every session, move the process_session_preload_libraries call to within InitPostgres's transaction. That requires teaching the code not to call it when InitPostgres is called from somewhere other than PostgresMain, since we don't want session_preload_libraries to affect background workers. The most future-proof solution here seems to be to add an additional flag parameter to InitPostgres; fortunately, we're not yet very worried about API stability for v15. Doing this also exposed the fact that we're currently honoring session_preload_libraries in walsenders, even those not connected to any database. This seems, at minimum, a POLA violation: walsenders are not interactive sessions. Let's stop doing that. (All these comments also apply to local_preload_libraries, of course.) Per report from Gurjeet Singh (thanks also to Nathan Bossart and Kyotaro Horiguchi for review). Backpatch to v15 where a0ffa885e came in. Discussion: https://postgr.es/m/CABwTF4VEpwTHhRQ+q5MiC5ucngN-whN-PdcKeufX7eLSoAfbZA@mail.gmail.com --- src/backend/tcop/postgres.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'src/backend/tcop/postgres.c') diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index bdb11f430fd..d0bbd30d2b5 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -4076,7 +4076,11 @@ PostgresMain(const char *dbname, const char *username) * it inside InitPostgres() instead. In particular, anything that * involves database access should be there, not here. */ - InitPostgres(dbname, InvalidOid, username, InvalidOid, NULL, false); + InitPostgres(dbname, InvalidOid, /* database to connect to */ + username, InvalidOid, /* role to connect as */ + !am_walsender, /* honor session_preload_libraries? */ + false, /* don't ignore datallowconn */ + NULL); /* no out_dbname */ /* * If the PostmasterContext is still around, recycle the space; we don't @@ -4112,12 +4116,6 @@ PostgresMain(const char *dbname, const char *username) if (am_walsender) InitWalSender(); - /* - * process any libraries that should be preloaded at backend start (this - * likewise can't be done until GUC settings are complete) - */ - process_session_preload_libraries(); - /* * Send this backend's cancellation info to the frontend. */ -- cgit v1.2.3