Commit 7e0cce02 authored by Tom Lane's avatar Tom Lane

Remove unnecessary overhead in backend's large-object operations.

Do read/write permissions checks at most once per large object descriptor,
not once per lo_read or lo_write call as before.  The repeated tests were
quite useless in the read case since the snapshot-based tests were
guaranteed to produce the same answer every time.  In the write case,
the extra tests could in principle detect revocation of write privileges
after a series of writes has started --- but there's a race condition there
anyway, since we'd check privileges before performing and certainly before
committing the write.  So there's no real advantage to checking every
single time, and we might as well redefine it as "only check the first
time".

On the same reasoning, remove the LargeObjectExists checks in inv_write
and inv_truncate.  We already checked existence when the descriptor was
opened, and checking again doesn't provide any real increment of safety
that would justify the cost.
parent 2d8c81ac
...@@ -157,24 +157,32 @@ int ...@@ -157,24 +157,32 @@ int
lo_read(int fd, char *buf, int len) lo_read(int fd, char *buf, int len)
{ {
int status; int status;
LargeObjectDesc *lobj;
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL) if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT), (errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd))); errmsg("invalid large-object descriptor: %d", fd)));
lobj = cookies[fd];
/* We don't bother to check IFS_RDLOCK, since it's always set */
/* Permission checks */ /* Permission checks --- first time through only */
if ((lobj->flags & IFS_RD_PERM_OK) == 0)
{
if (!lo_compat_privileges && if (!lo_compat_privileges &&
pg_largeobject_aclcheck_snapshot(cookies[fd]->id, pg_largeobject_aclcheck_snapshot(lobj->id,
GetUserId(), GetUserId(),
ACL_SELECT, ACL_SELECT,
cookies[fd]->snapshot) != ACLCHECK_OK) lobj->snapshot) != ACLCHECK_OK)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied for large object %u", errmsg("permission denied for large object %u",
cookies[fd]->id))); lobj->id)));
lobj->flags |= IFS_RD_PERM_OK;
}
status = inv_read(cookies[fd], buf, len); status = inv_read(lobj, buf, len);
return status; return status;
} }
...@@ -183,30 +191,36 @@ int ...@@ -183,30 +191,36 @@ int
lo_write(int fd, const char *buf, int len) lo_write(int fd, const char *buf, int len)
{ {
int status; int status;
LargeObjectDesc *lobj;
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL) if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT), (errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd))); errmsg("invalid large-object descriptor: %d", fd)));
lobj = cookies[fd];
if ((cookies[fd]->flags & IFS_WRLOCK) == 0) if ((lobj->flags & IFS_WRLOCK) == 0)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("large object descriptor %d was not opened for writing", errmsg("large object descriptor %d was not opened for writing",
fd))); fd)));
/* Permission checks */ /* Permission checks --- first time through only */
if ((lobj->flags & IFS_WR_PERM_OK) == 0)
{
if (!lo_compat_privileges && if (!lo_compat_privileges &&
pg_largeobject_aclcheck_snapshot(cookies[fd]->id, pg_largeobject_aclcheck_snapshot(lobj->id,
GetUserId(), GetUserId(),
ACL_UPDATE, ACL_UPDATE,
cookies[fd]->snapshot) != ACLCHECK_OK) lobj->snapshot) != ACLCHECK_OK)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied for large object %u", errmsg("permission denied for large object %u",
cookies[fd]->id))); lobj->id)));
lobj->flags |= IFS_WR_PERM_OK;
}
status = inv_write(cookies[fd], buf, len); status = inv_write(lobj, buf, len);
return status; return status;
} }
...@@ -558,30 +572,48 @@ lo_export(PG_FUNCTION_ARGS) ...@@ -558,30 +572,48 @@ lo_export(PG_FUNCTION_ARGS)
* lo_truncate - * lo_truncate -
* truncate a large object to a specified length * truncate a large object to a specified length
*/ */
Datum static void
lo_truncate(PG_FUNCTION_ARGS) lo_truncate_internal(int32 fd, int64 len)
{ {
int32 fd = PG_GETARG_INT32(0); LargeObjectDesc *lobj;
int32 len = PG_GETARG_INT32(1);
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL) if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT), (errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd))); errmsg("invalid large-object descriptor: %d", fd)));
lobj = cookies[fd];
if ((lobj->flags & IFS_WRLOCK) == 0)
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("large object descriptor %d was not opened for writing",
fd)));
/* Permission checks */ /* Permission checks --- first time through only */
if ((lobj->flags & IFS_WR_PERM_OK) == 0)
{
if (!lo_compat_privileges && if (!lo_compat_privileges &&
pg_largeobject_aclcheck_snapshot(cookies[fd]->id, pg_largeobject_aclcheck_snapshot(lobj->id,
GetUserId(), GetUserId(),
ACL_UPDATE, ACL_UPDATE,
cookies[fd]->snapshot) != ACLCHECK_OK) lobj->snapshot) != ACLCHECK_OK)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied for large object %u", errmsg("permission denied for large object %u",
cookies[fd]->id))); lobj->id)));
lobj->flags |= IFS_WR_PERM_OK;
}
inv_truncate(cookies[fd], len); inv_truncate(lobj, len);
}
Datum
lo_truncate(PG_FUNCTION_ARGS)
{
int32 fd = PG_GETARG_INT32(0);
int32 len = PG_GETARG_INT32(1);
lo_truncate_internal(fd, len);
PG_RETURN_INT32(0); PG_RETURN_INT32(0);
} }
...@@ -591,24 +623,7 @@ lo_truncate64(PG_FUNCTION_ARGS) ...@@ -591,24 +623,7 @@ lo_truncate64(PG_FUNCTION_ARGS)
int32 fd = PG_GETARG_INT32(0); int32 fd = PG_GETARG_INT32(0);
int64 len = PG_GETARG_INT64(1); int64 len = PG_GETARG_INT64(1);
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL) lo_truncate_internal(fd, len);
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd)));
/* Permission checks */
if (!lo_compat_privileges &&
pg_largeobject_aclcheck_snapshot(cookies[fd]->id,
GetUserId(),
ACL_UPDATE,
cookies[fd]->snapshot) != ACLCHECK_OK)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied for large object %u",
cookies[fd]->id)));
inv_truncate(cookies[fd], len);
PG_RETURN_INT32(0); PG_RETURN_INT32(0);
} }
......
...@@ -562,18 +562,7 @@ inv_write(LargeObjectDesc *obj_desc, const char *buf, int nbytes) ...@@ -562,18 +562,7 @@ inv_write(LargeObjectDesc *obj_desc, const char *buf, int nbytes)
Assert(buf != NULL); Assert(buf != NULL);
/* enforce writability because snapshot is probably wrong otherwise */ /* enforce writability because snapshot is probably wrong otherwise */
if ((obj_desc->flags & IFS_WRLOCK) == 0) Assert(obj_desc->flags & IFS_WRLOCK);
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("large object %u was not opened for writing",
obj_desc->id)));
/* check existence of the target largeobject */
if (!LargeObjectExists(obj_desc->id))
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("large object %u was already dropped",
obj_desc->id)));
if (nbytes <= 0) if (nbytes <= 0)
return 0; return 0;
...@@ -767,18 +756,7 @@ inv_truncate(LargeObjectDesc *obj_desc, int64 len) ...@@ -767,18 +756,7 @@ inv_truncate(LargeObjectDesc *obj_desc, int64 len)
Assert(PointerIsValid(obj_desc)); Assert(PointerIsValid(obj_desc));
/* enforce writability because snapshot is probably wrong otherwise */ /* enforce writability because snapshot is probably wrong otherwise */
if ((obj_desc->flags & IFS_WRLOCK) == 0) Assert(obj_desc->flags & IFS_WRLOCK);
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("large object %u was not opened for writing",
obj_desc->id)));
/* check existence of the target largeobject */
if (!LargeObjectExists(obj_desc->id))
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("large object %u was already dropped",
obj_desc->id)));
/* /*
* use errmsg_internal here because we don't want to expose INT64_FORMAT * use errmsg_internal here because we don't want to expose INT64_FORMAT
......
...@@ -27,6 +27,10 @@ ...@@ -27,6 +27,10 @@
* offset is the current seek offset within the LO * offset is the current seek offset within the LO
* flags contains some flag bits * flags contains some flag bits
* *
* NOTE: in current usage, flag bit IFS_RDLOCK is *always* set, and we don't
* bother to test for it. Permission checks are made at first read or write
* attempt, not during inv_open(), so we have other bits to remember that.
*
* NOTE: before 7.1, we also had to store references to the separate table * NOTE: before 7.1, we also had to store references to the separate table
* and index of a specific large object. Now they all live in pg_largeobject * and index of a specific large object. Now they all live in pg_largeobject
* and are accessed via a common relation descriptor. * and are accessed via a common relation descriptor.
...@@ -38,11 +42,13 @@ typedef struct LargeObjectDesc ...@@ -38,11 +42,13 @@ typedef struct LargeObjectDesc
Snapshot snapshot; /* snapshot to use */ Snapshot snapshot; /* snapshot to use */
SubTransactionId subid; /* owning subtransaction ID */ SubTransactionId subid; /* owning subtransaction ID */
uint64 offset; /* current seek pointer */ uint64 offset; /* current seek pointer */
int flags; /* locking info, etc */ int flags; /* see flag bits below */
/* flag bits: */ /* bits in flags: */
#define IFS_RDLOCK (1 << 0) #define IFS_RDLOCK (1 << 0) /* LO was opened for reading */
#define IFS_WRLOCK (1 << 1) #define IFS_WRLOCK (1 << 1) /* LO was opened for writing */
#define IFS_RD_PERM_OK (1 << 2) /* read permission has been verified */
#define IFS_WR_PERM_OK (1 << 3) /* write permission has been verified */
} LargeObjectDesc; } LargeObjectDesc;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment