Commit b4721f39 authored by Michael Paquier's avatar Michael Paquier

Initialize TransactionState and user ID consistently at transaction start

If a failure happens when a transaction is starting between the moment
the transaction status is changed from TRANS_DEFAULT to TRANS_START and
the moment the current user ID and security context flags are fetched
via GetUserIdAndSecContext(), or before initializing its basic fields,
then those may get reset to incorrect values when the transaction
aborts, leaving the session in an inconsistent state.

One problem reported is that failing a starting transaction at the first
query of a session could cause several kinds of system crashes on the
follow-up queries.

In order to solve that, move the initialization of the transaction state
fields and the call of GetUserIdAndSecContext() in charge of fetching
the current user ID close to the point where the transaction status is
switched to TRANS_START, where there cannot be any error triggered
in-between, per an idea of Tom Lane.  This properly ensures that the
current user ID, the security context flags and that the basic fields of
TransactionState remain consistent even if the transaction fails while
starting.

Reported-by: Richard Guo
Diagnosed-By: Richard Guo
Author: Michael Paquier
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/CAN_9JTxECSb=pEPcb0a8d+6J+bDcOZ4=DgRo_B7Y5gRHJUM=Rw@mail.gmail.com
Backpatch-through: 9.4
parent 3be97b97
...@@ -1809,20 +1809,38 @@ StartTransaction(void) ...@@ -1809,20 +1809,38 @@ StartTransaction(void)
Assert(XactTopTransactionId == InvalidTransactionId); Assert(XactTopTransactionId == InvalidTransactionId);
/* /* check the current transaction state */
* check the current transaction state Assert(s->state == TRANS_DEFAULT);
*/
if (s->state != TRANS_DEFAULT)
elog(WARNING, "StartTransaction while in %s state",
TransStateAsString(s->state));
/* /*
* set the current transaction state information appropriately during * Set the current transaction state information appropriately during
* start processing * start processing. Note that once the transaction status is switched
* this process cannot fail until the user ID and the security context
* flags are fetched below.
*/ */
s->state = TRANS_START; s->state = TRANS_START;
s->transactionId = InvalidTransactionId; /* until assigned */ s->transactionId = InvalidTransactionId; /* until assigned */
/*
* initialize current transaction state fields
*
* note: prevXactReadOnly is not used at the outermost level
*/
s->nestingLevel = 1;
s->gucNestLevel = 1;
s->childXids = NULL;
s->nChildXids = 0;
s->maxChildXids = 0;
/*
* Once the current user ID and the security context flags are fetched,
* both will be properly reset even if transaction startup fails.
*/
GetUserIdAndSecContext(&s->prevUser, &s->prevSecContext);
/* SecurityRestrictionContext should never be set outside a transaction */
Assert(s->prevSecContext == 0);
/* /*
* Make sure we've reset xact state variables * Make sure we've reset xact state variables
* *
...@@ -1909,20 +1927,6 @@ StartTransaction(void) ...@@ -1909,20 +1927,6 @@ StartTransaction(void)
/* Mark xactStopTimestamp as unset. */ /* Mark xactStopTimestamp as unset. */
xactStopTimestamp = 0; xactStopTimestamp = 0;
/*
* initialize current transaction state fields
*
* note: prevXactReadOnly is not used at the outermost level
*/
s->nestingLevel = 1;
s->gucNestLevel = 1;
s->childXids = NULL;
s->nChildXids = 0;
s->maxChildXids = 0;
GetUserIdAndSecContext(&s->prevUser, &s->prevSecContext);
/* SecurityRestrictionContext should never be set outside a transaction */
Assert(s->prevSecContext == 0);
/* /*
* initialize other subsystems for new transaction * initialize other subsystems for new transaction
*/ */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment