database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-08 11:42:09 +03:00
Code Activity

Fix dangling smgr_owner pointer when a fake relcache entry is freed.

Browse Source 
A fake relcache entry can "own" a SmgrRelation object, like a regular
relcache entry. But when it was free'd, the owner field in SmgrRelation
was not cleared, so it was left pointing to free'd memory.

Amazingly this apparently hasn't caused crashes in practice, or we would've
heard about it earlier. Andres found this with Valgrind.

Report and fix by Andres Freund, with minor modifications by me. Backpatch
to all supported versions.
This commit is contained in:
Heikki Linnakangas
2014-03-07 13:25:11 +02:00
parent ff9d757c67
commit d411d6eff1
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/backend/access/transam/xlogutils.c
View File

@ -413,6 +413,9 @@ CreateFakeRelcacheEntry(RelFileNode rnode)
void void
FreeFakeRelcacheEntry(Relation fakerel) FreeFakeRelcacheEntry(Relation fakerel)
{ {
/* make sure the fakerel is not referenced by the SmgrRelation anymore */
if (fakerel->rd_smgr != NULL)
smgrclearowner(&fakerel->rd_smgr, fakerel->rd_smgr);
pfree(fakerel); pfree(fakerel);
} }

18
src/backend/storage/smgr/smgr.c
View File

@ -193,6 +193,24 @@ smgrsetowner(SMgrRelation *owner, SMgrRelation reln)
*owner = reln; *owner = reln;
} }
/*
* smgrclearowner() -- Remove long-lived reference to an SMgrRelation object
* if one exists
*/
void
smgrclearowner(SMgrRelation *owner, SMgrRelation reln)
{
/* Do nothing if the SMgrRelation object is not owned by the owner */
if (reln->smgr_owner != owner)
return;
/* unset the owner's reference */
*owner = NULL;
/* unset our reference to the owner */
reln->smgr_owner = NULL;
}
/* /*
* smgrexists() -- Does the underlying file for a fork exist? * smgrexists() -- Does the underlying file for a fork exist?
*/ */

1
src/include/storage/smgr.h
View File

@ -62,6 +62,7 @@ extern void smgrinit(void);
extern SMgrRelation smgropen(RelFileNode rnode); extern SMgrRelation smgropen(RelFileNode rnode);
extern bool smgrexists(SMgrRelation reln, ForkNumber forknum); extern bool smgrexists(SMgrRelation reln, ForkNumber forknum);
extern void smgrsetowner(SMgrRelation *owner, SMgrRelation reln); extern void smgrsetowner(SMgrRelation *owner, SMgrRelation reln);
extern void smgrclearowner(SMgrRelation *owner, SMgrRelation reln);
extern void smgrclose(SMgrRelation reln); extern void smgrclose(SMgrRelation reln);
extern void smgrcloseall(void); extern void smgrcloseall(void);
extern void smgrclosenode(RelFileNode rnode); extern void smgrclosenode(RelFileNode rnode);