1. 11 Jan, 2015 4 commits
    • Tom Lane's avatar
      Remove configure test for nonstandard variants of getpwuid_r(). · 8883bae3
      Tom Lane authored
      We had code that supposed that some platforms might offer a nonstandard
      version of getpwuid_r() with only four arguments.  However, the 5-argument
      definition has been standardized at least since the Single Unix Spec v2,
      which is our normal reference for what's portable across all Unix-oid
      platforms.  (What's more, this wasn't the only pre-standardization version
      of getpwuid_r(); my old HPUX 10.20 box has still another signature.)
      So let's just get rid of the now-useless configure step.
      8883bae3
    • Tom Lane's avatar
      Fix libpq's behavior when /etc/passwd isn't readable. · 080eabe2
      Tom Lane authored
      Some users run their applications in chroot environments that lack an
      /etc/passwd file.  This means that the current UID's user name and home
      directory are not obtainable.  libpq used to be all right with that,
      so long as the database role name to use was specified explicitly.
      But commit a4c8f143 broke such cases by
      causing any failure of pg_fe_getauthname() to be treated as a hard error.
      In any case it did little to advance its nominal goal of causing errors
      in pg_fe_getauthname() to be reported better.  So revert that and instead
      put some real error-reporting code in place.  This requires changes to the
      APIs of pg_fe_getauthname() and pqGetpwuid(), since the latter had
      departed from the POSIX-specified API of getpwuid_r() in a way that made
      it impossible to distinguish actual lookup errors from "no such user".
      
      To allow such failures to be reported, while not failing if the caller
      supplies a role name, add a second call of pg_fe_getauthname() in
      connectOptions2().  This is a tad ugly, and could perhaps be avoided with
      some refactoring of PQsetdbLogin(), but I'll leave that idea for later.
      (Note that the complained-of misbehavior only occurs in PQsetdbLogin,
      not when using the PQconnect functions, because in the latter we will
      never bother to call pg_fe_getauthname() if the user gives a role name.)
      
      In passing also clean up the Windows-side usage of GetUserName(): the
      recommended buffer size is 257 bytes, the passed buffer length should
      be the buffer size not buffer size less 1, and any error is reported
      by GetLastError() not errno.
      
      Per report from Christoph Berg.  Back-patch to 9.4 where the chroot
      failure case was introduced.  The generally poor reporting of errors
      here is of very long standing, of course, but given the lack of field
      complaints about it we won't risk changing these APIs further back
      (even though they're theoretically internal to libpq).
      080eabe2
    • Andres Freund's avatar
      Provide a generic fallback for pg_compiler_barrier using an extern function. · de6429a8
      Andres Freund authored
      If the compiler/arch combination does not provide compiler barriers,
      provide a fallback. That fallback simply consists out of a function
      call into a externally defined function.  That should guarantee
      compiler barrierer semantics except for compilers that do inter
      translation unit/global optimization - those better provide an actual
      compiler barrier.
      
      Hopefully this fixes Tom's report of linker failures due to
      pg_compiler_barrier_impl not being provided.
      
      I'm not backpatching this commit as it builds on the new atomics
      infrastructure. If we decide an equivalent fix needs to be
      backpatched, I'll do so in a separate commit.
      
      Discussion: 27746.1420930690@sss.pgh.pa.us
      
      Per report from Tom Lane.
      de6429a8
    • Andres Freund's avatar
      Fix alignment of pg_atomic_uint64 variables on some 32bit platforms. · db4ec2ff
      Andres Freund authored
      I failed to recognize that pg_atomic_uint64 wasn't guaranteed to be 8
      byte aligned on some 32bit platforms - which it has to be on some
      platforms to guarantee the desired atomicity and which we assert.
      
      As this is all compiler specific code anyway we can just rely on
      compiler specific tricks to enforce alignment.
      
      I've been unable to find concrete documentation about the version that
      introduce the sunpro alignment support, so that might need additional
      guards.
      
      I've verified that this works with gcc x86 32bit, but I don't have
      access to any other 32bit environment.
      
      Discussion: op.xpsjdkil0sbe7t@vld-kuci
      
      Per report from Vladimir Koković.
      db4ec2ff
  2. 10 Jan, 2015 1 commit
  3. 09 Jan, 2015 3 commits
  4. 08 Jan, 2015 8 commits
    • Stephen Frost's avatar
      Move rowsecurity event trigger test · c219cbfe
      Stephen Frost authored
      The event trigger test for rowsecurity can cause problems for other
      tests which are run in parallel with it.  Instead of running that test
      in the rowsecurity set, move it to the event_trigger set, which runs
      isolated from other tests.
      
      Also reverts 7161b082, which moved rowsecurity into its own test group.
      That's no longer necessary, now that the event trigger test is gone from
      the rowsecurity set of tests.
      
      Pointed out by Tom.
      c219cbfe
    • Andres Freund's avatar
      Remove comment that was intended to have been removed before commit. · f454144a
      Andres Freund authored
      Noticed by Amit Kapila
      f454144a
    • Andres Freund's avatar
      Move comment about sun cc's __machine_rw_barrier being a full barrier. · 93be0950
      Andres Freund authored
      I'd accidentally written the comment besides the read barrier, instead
      of the full barrier, implementation.
      
      Noticed by Oskari Saarenmaa
      93be0950
    • Andres Freund's avatar
      Fix logging of pages skipped due to pins during vacuum. · 17eaae98
      Andres Freund authored
      The new logging introduced in 35192f06 made the incorrect assumption
      that scan_all vacuums would always wait for buffer pins; but they only
      do so if the page actually needs to be frozen.
      
      Fix that inaccuracy by removing the difference in log output based on
      scan_all and just always remove the same message.  I chose to keep the
      split log message from the original commit for now, it seems likely
      that it'll be of use in the future.
      
      Also merge the line about buffer pins in autovacuum's log output into
      the existing "pages: ..." line. It seems odd to have a separate line
      about pins, without the "topic: " prefix others have.
      
      Also rename the new 'pinned_pages' variable to 'pinskipped_pages'
      because it actually tracks the number of pages that could *not* be
      pinned.
      
      Discussion: 20150104005324.GC9626@awork2.anarazel.de
      17eaae98
    • Noah Misch's avatar
      On Darwin, refuse postmaster startup when multithreaded. · 2048e5b8
      Noah Misch authored
      The previous commit introduced its report at LOG level to avoid
      surprises at minor release upgrade time.  Compel users deploying the
      next major release to also deploy the reported workaround.
      2048e5b8
    • Noah Misch's avatar
      On Darwin, detect and report a multithreaded postmaster. · 894459e5
      Noah Misch authored
      Darwin --enable-nls builds use a substitute setlocale() that may start a
      thread.  Buildfarm member orangutan experienced BackendList corruption
      on account of different postmaster threads executing signal handlers
      simultaneously.  Furthermore, a multithreaded postmaster risks undefined
      behavior from sigprocmask() and fork().  Emit LOG messages about the
      problem and its workaround.  Back-patch to 9.0 (all supported versions).
      894459e5
    • Noah Misch's avatar
      Always set the six locale category environment variables in main(). · 6fdba8ce
      Noah Misch authored
      Typical server invocations already achieved that.  Invalid locale
      settings in the initial postmaster environment interfered, as could
      malloc() failure.  Setting "LC_MESSAGES=pt_BR.utf8 LC_ALL=invalid" in
      the postmaster environment will now choose C-locale messages, not
      Brazilian Portuguese messages.  Most localized programs, including all
      PostgreSQL frontend executables, do likewise.  Users are unlikely to
      observe changes involving locale categories other than LC_MESSAGES.
      CheckMyDatabase() ensures that we successfully set LC_COLLATE and
      LC_CTYPE; main() sets the remaining three categories to locale "C",
      which almost cannot fail.  Back-patch to 9.0 (all supported versions).
      6fdba8ce
    • Noah Misch's avatar
      Reject ANALYZE commands during VACUUM FULL or another ANALYZE. · e415b469
      Noah Misch authored
      vacuum()'s static variable handling makes it non-reentrant; an ensuing
      null pointer deference crashed the backend.  Back-patch to 9.0 (all
      supported versions).
      e415b469
  5. 07 Jan, 2015 3 commits
    • Robert Haas's avatar
      docs: Reword CREATE POLICY documentation. · 39f2594b
      Robert Haas authored
      39f2594b
    • Heikki Linnakangas's avatar
      Don't open a WAL segment for writing at end of recovery. · 1e78d81e
      Heikki Linnakangas authored
      Since commit ba94518a, we used XLogFileOpen to open the next segment for
      writing, but if the end-of-recovery happens exactly at a segment boundary,
      the new segment might not exist yet. (Before ba94518a, XLogFileOpen was
      correct, because we would open the previous segment if the switch happened
      at the boundary.)
      
      Instead of trying to create it if necessary, it's simpler to not bother
      opening the segment at all. XLogWrite() will open or create it soon anyway,
      after writing the checkpoint or end-of-recovery record.
      
      Reported by Andres Freund.
      1e78d81e
    • Peter Eisentraut's avatar
      Fix namespace handling in xpath function · 79af9a1d
      Peter Eisentraut authored
      Previously, the xml value resulting from an xpath query would not have
      namespace declarations if the namespace declarations were attached to
      an ancestor element in the input xml value.  That means the output value
      was not correct XML.  Fix that by running the result value through
      xmlCopyNode(), which produces the correct namespace declarations.
      
      Author: Ali Akbar <the.apaan@gmail.com>
      79af9a1d
  6. 06 Jan, 2015 8 commits
    • Andres Freund's avatar
      Correctly handle relcache invalidation corner case during logical decoding. · 3fabed07
      Andres Freund authored
      When using a historic snapshot for logical decoding it can validly
      happen that a relation that's in the relcache isn't visible to that
      historic snapshot.  E.g. if a newly created relation is referenced in
      the query that uses the SQL interface for logical decoding and a
      sinval reset occurs.
      
      The earlier commit that fixed the error handling for that corner case
      already improves the situation as a ERROR is better than hitting an
      assertion... But it's obviously not good enough.  So additionally
      allow that case without an error if a historic snapshot is set up -
      that won't allow an invalid entry to stay in the cache because it's a)
      already marked invalid and will thus be rebuilt during the next access
      b) the syscaches will be reset at the end of decoding.
      
      There might be prettier solutions to handle this case, but all that we
      could think of so far end up being much more complex than this quite
      simple fix.
      
      This fixes the assertion failures reported by the buildfarm (markhor,
      tick, leech) after the introduction of new regression tests in
      89fd41b3. The failure there weren't actually directly caused by
      CLOBBER_CACHE_ALWAYS but the extraordinary long runtimes due to it
      lead to sinval resets triggering the behaviour.
      
      Discussion: 22459.1418656530@sss.pgh.pa.us
      
      Backpatch to 9.4 where logical decoding was introduced.
      3fabed07
    • Andres Freund's avatar
      Improve relcache invalidation handling of currently invisible relations. · 31912d01
      Andres Freund authored
      The corner case where a relcache invalidation tried to rebuild the
      entry for a referenced relation but couldn't find it in the catalog
      wasn't correct.
      
      The code tried to RelationCacheDelete/RelationDestroyRelation the
      entry. That didn't work when assertions are enabled because the latter
      contains an assertion ensuring the refcount is zero. It's also more
      generally a bad idea, because by virtue of being referenced somebody
      might actually look at the entry, which is possible if the error is
      trapped and handled via a subtransaction abort.
      
      Instead just error out, without deleting the entry. As the entry is
      marked invalid, the worst that can happen is that the invalid (and at
      some point unused) entry lingers in the relcache.
      
      Discussion: 22459.1418656530@sss.pgh.pa.us
      
      There should be no way to hit this case < 9.4 where logical decoding
      introduced a bug that can hit this. But since the code for handling
      the corner case is there it should do something halfway sane, so
      backpatch all the the way back.  The logical decoding bug will be
      handled in a separate commit.
      31912d01
    • Bruce Momjian's avatar
      Document that Perl's Tie might add a trailing newline · cb075178
      Bruce Momjian authored
      Report by Stefan Kaltenbrunner
      cb075178
    • Alvaro Herrera's avatar
      Fix thinko in plpython error message · 91539c56
      Alvaro Herrera authored
      91539c56
    • Bruce Momjian's avatar
      29c18d91
    • Bruce Momjian's avatar
      338c10b7
    • Bruce Momjian's avatar
      Update copyright for 2015 · 4baaf863
      Bruce Momjian authored
      Backpatch certain files through 9.0
      4baaf863
    • Tom Lane's avatar
      Fix broken pg_dump code for dumping comments on event triggers. · adfc157d
      Tom Lane authored
      This never worked, I think.  Per report from Marc Munro.
      
      In passing, fix funny spacing in the COMMENT ON command as a result of
      excess space in the "label" string.
      adfc157d
  7. 05 Jan, 2015 2 commits
    • Andres Freund's avatar
      Fix oversight in recent pg_basebackup fix causing pg_receivexlog failures. · 3c9e4cdb
      Andres Freund authored
      A oversight in 2c0a4858 causes 'could not create archive status file
      "...": No such file or directory' errors in pg_receivexlog if the
      target directory doesn't happen to contain a archive_status
      directory. That's due to a stupidly left over 'true' constant instead
      of mark_done being passed down to ProcessXLogDataMsg().
      
      The bug is only present in the master branch, and luckily wasn't
      released.
      
      Spotted by Fujii Masao.
      3c9e4cdb
    • Fujii Masao's avatar
      Fix typo in comment. · 9f1d7313
      Fujii Masao authored
      Report by Amit Kapila
      9f1d7313
  8. 04 Jan, 2015 7 commits
    • Alvaro Herrera's avatar
      Fix thinko in lock mode enum · d5e3d1e9
      Alvaro Herrera authored
      Commit 0e5680f4 contained a thinko
      mixing LOCKMODE with LockTupleMode.  This caused misbehavior in the case
      where a tuple is marked with a multixact with at most a FOR SHARE lock,
      and another transaction tries to acquire a FOR NO KEY EXCLUSIVE lock;
      this case should block but doesn't.
      
      Include a new isolation tester spec file to explicitely try all the
      tuple lock combinations; without the fix it shows the problem:
      
          starting permutation: s1_begin s1_lcksvpt s1_tuplock2 s2_tuplock3 s1_commit
          step s1_begin: BEGIN;
          step s1_lcksvpt: SELECT * FROM multixact_conflict FOR KEY SHARE; SAVEPOINT foo;
          a
      
          1
          step s1_tuplock2: SELECT * FROM multixact_conflict FOR SHARE;
          a
      
          1
          step s2_tuplock3: SELECT * FROM multixact_conflict FOR NO KEY UPDATE;
          a
      
          1
          step s1_commit: COMMIT;
      
      With the fixed code, step s2_tuplock3 blocks until session 1 commits,
      which is the correct behavior.
      
      All other cases behave correctly.
      
      Backpatch to 9.3, like the commit that introduced the problem.
      d5e3d1e9
    • Andres Freund's avatar
      Add error handling for failing fstat() calls in copy.c. · 2ea95959
      Andres Freund authored
      These calls are pretty much guaranteed not to fail unless something
      has gone horribly wrong, and even in that case we'd just error out a
      short time later.  But since several code checkers complain about the
      missing check it seems worthwile to fix it nonetheless.
      
      Pointed out by Coverity.
      2ea95959
    • Andres Freund's avatar
      Correctly handle test durations of more than 2147s in pg_test_timing. · 8cadeb79
      Andres Freund authored
      Previously the computation of the total test duration, measured in
      microseconds, accidentally overflowed due to accidentally using signed
      32bit arithmetic.  As the only consequence is that pg_test_timing
      invocations with such, overly large, durations never finished the
      practical consequences of this bug are minor.
      
      Pointed out by Coverity.
      
      Backpatch to 9.2 where pg_test_timing was added.
      8cadeb79
    • Andres Freund's avatar
      Fix off-by-one in pg_xlogdump's fuzzy_open_file(). · d1c57523
      Andres Freund authored
      In the unlikely case of stdin (fd 0) being closed, the off-by-one
      would lead to pg_xlogdump failing to open files.
      
      Spotted by Coverity.
      
      Backpatch to 9.3 where pg_xlogdump was introduced.
      d1c57523
    • Andres Freund's avatar
      Remove superflous variable from xlogreader's XLogFindNextRecord(). · 14570c28
      Andres Freund authored
      Pointed out by Coverity.
      
      Since this is mere, and debatable, cosmetics I'm not backpatching
      this.
      14570c28
    • Andres Freund's avatar
      Add missing va_end() call to a early exit in dmetaphone.c's StringAt(). · 58bc4747
      Andres Freund authored
      Pointed out by Coverity.
      
      Backpatch to all supported branches, the code has been that way for a
      long while.
      58bc4747
    • Andres Freund's avatar
      Fix inconsequential fd leak in the new mark_file_as_archived() function. · 0398ece4
      Andres Freund authored
      As every error in mark_file_as_archived() will lead to a failure of
      pg_basebackup the FD leak couldn't ever lead to a real problem.  It
      seems better to fix the leak anyway though, rather than silence
      Coverity, as the usage of the function might get extended or copied at
      some point in the future.
      
      Pointed out by Coverity.
      
      Backpatch to 9.2, like the relevant part of the previous patch.
      0398ece4
  9. 03 Jan, 2015 4 commits
    • Andres Freund's avatar
      Prevent WAL files created by pg_basebackup -x/X from being archived again. · 2c0a4858
      Andres Freund authored
      WAL (and timeline history) files created by pg_basebackup did not
      maintain the new base backup's archive status. That's currently not a
      problem if the new node is used as a standby - but if that node is
      promoted all still existing files can get archived again.  With a high
      wal_keep_segment settings that can happen a significant time later -
      which is quite confusing.
      
      Change both the backend (for the -x/-X fetch case) and pg_basebackup
      (for -X stream) itself to always mark WAL/timeline files included in
      the base backup as .done. That's in line with walreceiver.c doing so.
      
      The verbosity of the pg_basebackup changes show pretty clearly that it
      needs some refactoring, but that'd result in not be backpatchable
      changes.
      
      Backpatch to 9.1 where pg_basebackup was introduced.
      
      Discussion: 20141205002854.GE21964@awork2.anarazel.de
      2c0a4858
    • Andres Freund's avatar
      Add pg_string_endswith as the start of a string helper library in src/common. · ccb161b6
      Andres Freund authored
      Backpatch to 9.3 where src/common was introduce, because a bugfix that
      needs to be backpatched, requires the function. Earlier branches will
      have to duplicate the code.
      ccb161b6
    • Tom Lane's avatar
      Treat negative values of recovery_min_apply_delay as having no effect. · d6657d2a
      Tom Lane authored
      At one point in the development of this feature, it was claimed that
      allowing negative values would be useful to compensate for timezone
      differences between master and slave servers.  That was based on a mistaken
      assumption that commit timestamps are recorded in local time; but of course
      they're in UTC.  Nor is a negative apply delay likely to be a sane way of
      coping with server clock skew.  However, the committed patch still treated
      negative delays as doing something, and the timezone misapprehension
      survived in the user documentation as well.
      
      If recovery_min_apply_delay were a proper GUC we'd just set the minimum
      allowed value to be zero; but for the moment it seems better to treat
      negative settings as if they were zero.
      
      In passing do some extra wordsmithing on the parameter's documentation,
      including correcting a second misstatement that the parameter affects
      processing of Restore Point records.
      
      Issue noted by Michael Paquier, who also provided the code patch; doc
      changes by me.  Back-patch to 9.4 where the feature was introduced.
      d6657d2a
    • Magnus Hagander's avatar
      Make path to pg_service.conf absolute in documentation · f9769c71
      Magnus Hagander authored
      The system file is always in the absolute path /etc/, not relative.
      
      David Fetter
      f9769c71