Re: GetBufferDescriptor() being called for local buffers from MarkBufferDirtyHint()

From: Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Ayush Tiwari <ayushtiwari(dot)slg01(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: GetBufferDescriptor() being called for local buffers from MarkBufferDirtyHint()
Date: 2026-07-03 02:47:22
Message-ID: CAExHW5t8VT_ON8FciqsNOq0r9VrkJSCkRo9JPn25gimrG0PnFA@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Jul 3, 2026 at 4:51 AM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>
> On Thu, Jul 02, 2026 at 10:29:47AM +0530, Ashutosh Bapat wrote:
> > We usually do not backport changes to function definitions or new
> > assertions, unless they are critical to the fix. That is not the case
> > here. The functions have been in this state for a couple of releases
> > and we haven't heard any complaints. Overall HEAD-only is fine with
> > me.
> >
> > If required we can always backport, the functions are static so they
> > won't cause an ABI break. The Assertions are applicable in those
> > branches as well.
>
> I've never mentioned a backpatch, FWIW.
>

Since you mentioned "HEAD-only" in your question "Any thoughts or
objections regarding a HEAD-only change?", it felt like you are fine
making this change but are debating whether to accept it only on HEAD
or backbranches as well. Sorry for the misunderstanding.

> Anyway, while putting my eyes into all that in details, I saw one
> problem and one potential gap:
> - The problem. The change for local buffers is actually incorrect,
> where this patch decides to set NLocBuffer earlier. If the hash
> allocation fails on ERROR, we would track an incorrect state in
> memory, most likely crashing later if attempting a local buffer
> lookup.

Every code fragment, except the ones listed below, that uses
NLocBuffer is gated, eventually, by
if (LocalBufHash == NULL)
InitLocalBuffers();

So we will not access NLocBuffer unless LocalBufHash is initialized.
If we are accessing it in a way that leads to a crash, we may have a
subtle bug lurking somewhere.

An actual subtle problem does exist in check_temp_buffers. If we set
NLocBuffer to a non-zero value when LocalBufHash is not initialized,
it's going to prohibit a change in the GUC. If LocalBufHash allocation
fails, probably user would like to try again by reducing NLocBuffer.
The prohibition makes that impossible.

The other such usage in hashbuild() is fine, since it will allocate
more space if at all.

CheckForLocalBufferLeaks() walks the local buffer descriptor array,
but it's already initialized when NLocBuffer is set.

Given that it's better not to move the assignment above just for the
sake of an assertion. However, I am worried if there is a crash which
can result because of that movement.

--
Best Wishes,
Ashutosh Bapat

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Fujii Masao 2026-07-03 02:58:52 Re: WAL compression setting after PostgreSQL LZ4 default change
Previous Message Richard Guo 2026-07-03 02:27:22 Re: pg_plan_advice: FOREIGN_JOIN advice generated for a single-relation foreign scan is not round-trip safe