From 45f658dacb9c2d333893fcf0d6b5a5e4f8ee5752 Mon Sep 17 00:00:00 2001 From: Andres Freund Date: Mon, 12 Jan 2026 11:32:17 -0500 Subject: [PATCH] freespace: Don't modify page without any lock Before this commit fsm_vacuum_page() modified the page without any lock on the page. Historically that was kind of ok, as we didn't rely on the freespace to really stay consistent and we did not have checksums. But these days pages are checksummed and there are ways for FSM pages to be included in WAL records, even if the FSM itself is still not WAL logged. If a FSM page ever were modified while a WAL record referenced that page, we'd be in trouble, as the WAL CRC could end up getting corrupted. The reason to address this right now is a series of patches with the goal to only allow modifications of pages with an appropriate lock level. Obviously not having any lock is not appropriate :) Reviewed-by: Kirill Reshke Discussion: https://postgr.es/m/4wggb7purufpto6x35fd2kwhasehnzfdy3zdcu47qryubs2hdz@fa5kannykekr Discussion: https://postgr.es/m/e6a8f734-2198-4958-a028-aba863d4a204@iki.fi --- src/backend/storage/freespace/freespace.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/backend/storage/freespace/freespace.c b/src/backend/storage/freespace/freespace.c index 19cf4155263..ad337c00871 100644 --- a/src/backend/storage/freespace/freespace.c +++ b/src/backend/storage/freespace/freespace.c @@ -906,10 +906,12 @@ fsm_vacuum_page(Relation rel, FSMAddress addr, /* * Reset the next slot pointer. This encourages the use of low-numbered * pages, increasing the chances that a later vacuum can truncate the - * relation. We don't bother with a lock here, nor with marking the page - * dirty if it wasn't already, since this is just a hint. + * relation. We don't bother with marking the page dirty if it wasn't + * already, since this is just a hint. */ + LockBuffer(buf, BUFFER_LOCK_SHARE); ((FSMPage) PageGetContents(page))->fp_next_slot = 0; + LockBuffer(buf, BUFFER_LOCK_UNLOCK); ReleaseBuffer(buf);