Re: Fix races conditions in DropRole() and GrantRole()

From: Bertrand Drouvot <bertranddrouvot(dot)pg(at)gmail(dot)com>
To: surya poondla <suryapoondla4(at)gmail(dot)com>
Cc: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Fix races conditions in DropRole() and GrantRole()
Date: 2026-07-15 03:37:47
Message-ID: alcAi0scidMqjO4y@bdtpg
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi Surya,

On Fri, Jul 10, 2026 at 02:42:26PM -0700, surya poondla wrote:
> Instead we can report the OID and it avoids the re-lookup entirely, e.g.
>
> if (!SearchSysCacheExists1(AUTHOID, ObjectIdGetDatum(roleid)))
> ereport(ERROR,
> (errcode(ERRCODE_UNDEFINED_OBJECT),
> errmsg("role with OID %u does not exist", roleid)));

Agreed and done in the attached.

> 2. The new s2_check_orphans permutations all use named roles, which go
> through the RoleNameGetOid() (CSTRING) path. None exercise the
> CURRENT_USER/SESSION_USER else-branch that the recheck was added for.
> A permutation like "GRANT g TO CURRENT_USER" with a concurrent drop of the
> session's login
> role would cover that else branch and this would also exercise the path in
> point #1

Test added.

Regards,

--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com

Attachment Content-Type Size
v4-0001-Add-RoleNameGetOid-with-invalidation-based-retry-.patch text/x-diff 13.0 KB
v4-0002-Protect-role-resolution-in-roleSpecsToIds-against.patch text/x-diff 9.6 KB

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message wenhui qiu 2026-07-15 03:47:21 Re: Report oldest xmin source when autovacuum cannot remove tuples
Previous Message solai v 2026-07-15 03:37:24 Re: [PATCH] Cover get_json_table_plan() with tests