From 41b63ceaab9cdd0a86fefa6858175c2afad5b457 Mon Sep 17 00:00:00 2001 From: Alexander Korotkov Date: Tue, 30 Jun 2026 23:21:55 +0300 Subject: [PATCH v4] Prevent access to other sessions' empty temp tables Commit ce146621 ensures that ERROR is raised if a session tries to read pages of another session's temp table. But there is a corner case where the other session's temp table is empty -- in this case the INSERT command bypasses our checks and executes without any errors. Such behavior is inconsistent and erroneous: it leaves an invalid buffer in the temp buffers pool. Since the buffer was created for another session's temp table, we get an error "no such file or directory" when trying to flush it. This commit fixes it by adding a RELATION_IS_OTHER_TEMP check in the relation-extension path. Discussion: https://postgr.es/m/CAJDiXgiX2XZBHDNo%2BzBbvku%2BtchrUurvPRaN1_40mEQ1_sG90g%40mail.gmail.com Author: Daniil Davydov <3danissimo@gmail.com> Reviewed-by: Jim Jones Reviewed-by: Imran Zaheer Reviewed-by: ZizhuanLiu X-MAN <44973863@qq.com> Backpatch-through: 16 --- src/backend/storage/buffer/bufmgr.c | 14 ++++++++++++++ src/include/utils/rel.h | 8 ++++---- .../test_misc/t/013_temp_obj_multisession.pl | 16 ++++++++++++++++ 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/src/backend/storage/buffer/bufmgr.c b/src/backend/storage/buffer/bufmgr.c index f79a8fa5da2..9ab282a76d1 100644 --- a/src/backend/storage/buffer/bufmgr.c +++ b/src/backend/storage/buffer/bufmgr.c @@ -2767,9 +2767,23 @@ ExtendBufferedRelCommon(BufferManagerRelation bmr, extend_by); if (bmr.relpersistence == RELPERSISTENCE_TEMP) + { + /* + * Reject attempts to extend non-local temporary relations; we have no + * ability to transfer about-to-be-created local buffers into the + * owning session's local buffers. This is the canonical place for + * the check, covering any attempt to extend a non-local temporary + * relation. + */ + if (bmr.rel && RELATION_IS_OTHER_TEMP(bmr.rel)) + ereport(ERROR, + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("cannot access temporary tables of other sessions"))); + first_block = ExtendBufferedRelLocal(bmr, fork, flags, extend_by, extend_upto, buffers, &extend_by); + } else first_block = ExtendBufferedRelShared(bmr, fork, strategy, flags, extend_by, extend_upto, diff --git a/src/include/utils/rel.h b/src/include/utils/rel.h index fa07ebf8ff7..89c159b133f 100644 --- a/src/include/utils/rel.h +++ b/src/include/utils/rel.h @@ -668,10 +668,10 @@ RelationCloseSmgr(Relation relation) * the owning session keeps the data in its private local buffer pool, * which we cannot access. Existing buffer-manager entry points * (ReadBuffer_common(), StartReadBuffersImpl(), read_stream_begin_impl(), - * and PrefetchBuffer()) already enforce this; any new buffer-access entry - * points must do the same. Command-level code (TRUNCATE, ALTER TABLE, - * VACUUM, CLUSTER, REINDEX, ...) additionally uses this macro for - * command-specific error messages. + * PrefetchBuffer() and ExtendBufferedRelCommon()) already enforce this; any + * new buffer-access entry points must do the same. Command-level code + * (TRUNCATE, ALTER TABLE, VACUUM, CLUSTER, REINDEX, ...) additionally uses + * this macro for command-specific error messages. * * Beware of multiple eval of argument */ diff --git a/src/test/modules/test_misc/t/013_temp_obj_multisession.pl b/src/test/modules/test_misc/t/013_temp_obj_multisession.pl index 5f3cc7d2fc5..ff6f23ef3b1 100644 --- a/src/test/modules/test_misc/t/013_temp_obj_multisession.pl +++ b/src/test/modules/test_misc/t/013_temp_obj_multisession.pl @@ -36,6 +36,10 @@ my $psql1 = $node->background_psql('postgres'); # masked by an index scan that would hit ReadBuffer_common from nbtree. $psql1->query_safe(q(CREATE TEMP TABLE foo AS SELECT 42 AS val;)); +# Also create an empty table, so read path go straight through the +# extend-relation entry point. +$psql1->query_safe(q(CREATE TEMP TABLE empty_foo (val INT);)); + # Resolve the owner's temp schema so the probing session can refer to # the table by a fully-qualified name. my $tempschema = $node->safe_psql( @@ -66,6 +70,18 @@ like( qr/cannot access temporary tables of other sessions/, 'SELECT (seqscan via read_stream)'); +# INSERT into empty table goes through hio.c which calls RelationAddBlocks() to +# extend the table; that hits the check before new pages are created for the +# table. +$node->psql( + 'postgres', + "INSERT INTO $tempschema.empty_foo VALUES (42);", + stderr => \$stderr); +like( + $stderr, + qr/cannot access temporary tables of other sessions/, + 'INSERT (caught via hio.c)'); + # INSERT goes through hio.c which calls ReadBufferExtended() to find a # page with free space; that hits the existing check before any data # is written. -- 2.39.3 (Apple Git-145)