Re: Fix race condition in SSI when reading PredXact->SxactGlobalXmin

Here's a spec test with a reproduction if run against master.

I personally wouldn't merge the test into master. The logic is a bit
brittle and the test scope is quite narrow

On Tue, Oct 21, 2025 at 8:07 PM Josh Curtis <jcurtis825(at)gmail(dot)com> wrote:

> Thanks for taking a look.
>
> I tried adding a reproduction with injection points, but had some trouble
> with them. I'll give it another go this weekend.
>
> I guess one of the commitfest entries should be deleted? I had already
> made one already. I don't see a way to do that though.
> https://commitfest.postgresql.org/patch/6037/
>
> Josh
>
> On Mon, Oct 20, 2025 at 5:55 PM Mihail Nikalayeu <
> mihailnikalayeu(at)gmail(dot)com> wrote:
>
>> Hello!
>>
>> Josh Curtis <jcurtis825(at)gmail(dot)com>:
>> > This is definitely a bit more complex. It requires that
>> SetNewSxactGlobalXmin is never called when SxactGlobalXmin is invalid to
>> prevent readers from seeing an invalid transaction ID when they should see
>> a valid one -- I think this is the case now since before
>> SetNewSxactGlobalXmin is called postgres checks that
>> PredXact->SxactGlobalXminCount > 0. I assume this entails that
>> SxactGlobalXmin is valid, but I have not checked every place the two
>> variables are modified.
>>
>> Such logic feels fragile to me. Maybe add a special flag like
>> 'PredXact->SxactGlobalSkipAllowed' which will be updated to 'true' by
>> SetNewSxactGlobalXmin, and dropped to 'false' by functions affecting
>> PredXact->activeList?
>> But I prefer the first solution anyway.
>>
>> Best regards,
>> Mikhail.
>>
>