1. 02 Jul, 2015 7 commits
  2. 01 Jul, 2015 3 commits
    • Tom Lane's avatar
      Don't leave pg_hba and pg_ident data lying around in running backends. · 1e24cf64
      Tom Lane authored
      Free the contexts holding this data after we're done using it, by the
      expedient of attaching them to the PostmasterContext which we were
      already taking care to delete (and where, indeed, this data used to live
      before commits e5e2fc84 and 7c45e3a3).  This saves a
      probably-usually-negligible amount of space per running backend.  It also
      avoids leaving potentially-security-sensitive data lying around in memory
      in processes that don't need it.  You'd have to be unusually paranoid to
      think that that amounts to a live security bug, so I've not gone so far as
      to forcibly zero the memory; but there surely isn't a good reason to keep
      this data around.
      
      Arguably this is a memory management bug in the aforementioned commits,
      but it doesn't seem important enough to back-patch.
      1e24cf64
    • Tom Lane's avatar
      Make sampler_random_fract() actually obey its API contract. · d7c19d68
      Tom Lane authored
      This function is documented to return a value in the range (0,1),
      which is what its predecessor anl_random_fract() did.  However, the
      new version depends on pg_erand48() which returns a value in [0,1).
      The possibility of returning zero creates hazards of division by zero
      or trying to compute log(0) at some call sites, and it might well
      break third-party modules using anl_random_fract() too.  So let's
      change it to never return zero.  Spotted by Coverity.
      
      Michael Paquier, cosmetically adjusted by me
      d7c19d68
    • Fujii Masao's avatar
      Make XLogFileCopy() look the same as in 9.4. · 82173708
      Fujii Masao authored
      XLogFileCopy() was changed heavily in commit de768844. However it was
      partially reverted in commit 7abc6859 and most of those changes to
      XLogFileCopy() were no longer needed. Then commit 7cbee7c0 removed
      those unnecessary code, but XLogFileCopy() looked different in master
      and 9.4 though the contents are almost the same.
      
      This patch makes XLogFileCopy() look the same in master and back-branches,
      which makes back-patching easier, per discussion on pgsql-hackers.
      Back-patch to 9.5.
      
      Discussion: 55760844.7090703@iki.fi
      
      Michael Paquier
      82173708
  3. 30 Jun, 2015 10 commits
  4. 29 Jun, 2015 7 commits
    • Heikki Linnakangas's avatar
      Initialize GIN metapage correctly when replaying metapage-update WAL record. · 47fe4d25
      Heikki Linnakangas authored
      I broke this with my WAL format refactoring patch. Before that, the metapage
      was read from disk, and modified in-place regardless of the LSN. That was
      always a bit silly, as there's no need to read the old page version from
      disk disk when we're overwriting it anyway. So that was changed in 9.5, but
      I failed to add a GinInitPage call to initialize the page-headers correctly.
      Usually you wouldn't notice, because the metapage is already in the page
      cache and is not zeroed.
      
      One way to reproduce this is to perform a VACUUM on an already vacuumed
      table (so that the vacuum has no real work to do), immediately after a
      checkpoint, and then perform an immediate shutdown. After recovery, the
      page headers of the metapage will be incorrectly all-zeroes.
      
      Reported by Jeff Janes
      47fe4d25
    • Tom Lane's avatar
      Stamp 9.5alpha1. · f78329d5
      Tom Lane authored
      f78329d5
    • Tom Lane's avatar
      Desultory review of 9.5 release notes. · 85c25fdb
      Tom Lane authored
      Minor corrections and clarifications.  Notably, for stuff that got moved
      out of contrib, make sure it's documented somewhere other than "Additional
      Modules".
      
      I'm sure these need more work, but that's all I have time for today.
      85c25fdb
    • Tom Lane's avatar
      Code + docs review for escaping of option values (commit 11a020eb). · cbc8d656
      Tom Lane authored
      Avoid memory leak from incorrect choice of how to free a StringInfo
      (resetStringInfo doesn't do it).  Now that pg_split_opts doesn't scribble
      on the optstr, mark that as "const" for clarity.  Attach the commentary in
      protocol.sgml to the right place, and add documentation about the
      user-visible effects of this change on postgres' -o option and libpq's
      PGOPTIONS option.
      cbc8d656
    • Andres Freund's avatar
      Replace ia64 S_UNLOCK compiler barrier with a full memory barrier. · 07cb8b02
      Andres Freund authored
      _Asm_sched_fence() is just a compiler barrier, not a memory barrier. But
      spinlock release on IA64 needs, at the very least, release
      semantics. Use a full barrier instead.
      
      This might be the cause for the occasional failures on buildfarm member
      anole.
      
      Discussion: 20150629101108.GB17640@alap3.anarazel.de
      07cb8b02
    • Peter Eisentraut's avatar
      Translation updates · c5e5d444
      Peter Eisentraut authored
      Source-Git-URL: git://git.postgresql.org/git/pgtranslation/messages.git
      Source-Git-Hash: fb7e72f46cfafa1b5bfe4564d9686d63a1e6383f
      c5e5d444
    • Tom Lane's avatar
      Run the C portions of guc-file.l through pgindent. · 2bdc51a2
      Tom Lane authored
      Yeah, I know, pretty anal-retentive of me.  But we oughta find some
      way to automate this for the .y and .l files.
      2bdc51a2
  5. 28 Jun, 2015 9 commits
    • Tom Lane's avatar
      Improve design and implementation of pg_file_settings view. · 62d16c7f
      Tom Lane authored
      As first committed, this view reported on the file contents as they were
      at the last SIGHUP event.  That's not as useful as reporting on the current
      contents, and what's more, it didn't work right on Windows unless the
      current session had serviced at least one SIGHUP.  Therefore, arrange to
      re-read the files when pg_show_all_settings() is called.  This requires
      only minor refactoring so that we can pass changeVal = false to
      set_config_option() so that it won't actually apply any changes locally.
      
      In addition, add error reporting so that errors that would prevent the
      configuration files from being loaded, or would prevent individual settings
      from being applied, are visible directly in the view.  This makes the view
      usable for pre-testing whether edits made in the config files will have the
      desired effect, before one actually issues a SIGHUP.
      
      I also added an "applied" column so that it's easy to identify entries that
      are superseded by later entries; this was the main use-case for the original
      design, but it seemed unnecessarily hard to use for that.
      
      Also fix a 9.4.1 regression that allowed multiple entries for a
      PGC_POSTMASTER variable to cause bogus complaints in the postmaster log.
      (The issue here was that commit bf007a27 unintentionally reverted
      3e3f6597, which suppressed any duplicate entries within
      ParseConfigFp.  However, since the original coding of the pg_file_settings
      view depended on such suppression *not* happening, we couldn't have fixed
      this issue now without first doing something with pg_file_settings.
      Now we suppress duplicates by marking them "ignored" within
      ProcessConfigFileInternal, which doesn't hide them in the view.)
      
      Lesser changes include:
      
      Drive the view directly off the ConfigVariable list, instead of making a
      basically-equivalent second copy of the data.  There's no longer any need
      to hang onto the data permanently, anyway.
      
      Convert show_all_file_settings() to do its work in one call and return a
      tuplestore; this avoids risks associated with assuming that the GUC state
      will hold still over the course of query execution.  (I think there were
      probably latent bugs here, though you might need something like a cursor
      on the view to expose them.)
      
      Arrange to run SIGHUP processing in a short-lived memory context, to
      forestall process-lifespan memory leaks.  (There is one known leak in this
      code, in ProcessConfigDirectory; it seems minor enough to not be worth
      back-patching a specific fix for.)
      
      Remove mistaken assignment to ConfigFileLineno that caused line counting
      after an include_dir directive to be completely wrong.
      
      Add missed failure check in AlterSystemSetConfigFile().  We don't really
      expect ParseConfigFp() to fail, but that's not an excuse for not checking.
      62d16c7f
    • Heikki Linnakangas's avatar
      Also trigger restartpoints based on max_wal_size on standby. · d661532e
      Heikki Linnakangas authored
      When archive recovery and restartpoints were initially introduced,
      checkpoint_segments was ignored on the grounds that the files restored from
      archive don't consume any space in the recovery server. That was changed in
      later releases, but even then it was arguably a feature rather than a bug,
      as performing restartpoints as often as checkpoints during normal operation
      might be excessive, but you might nevertheless not want to waste a lot of
      space for pre-allocated WAL by setting checkpoint_segments to a high value.
      But now that we have separate min_wal_size and max_wal_size settings, you
      can bound WAL usage with max_wal_size, and still avoid consuming excessive
      space usage by setting min_wal_size to a lower value, so that argument is
      moot.
      
      There are still some issues with actually limiting the space usage to
      max_wal_size: restartpoints in recovery can only start after seeing the
      checkpoint record, while a checkpoint starts flushing buffers as soon as
      the redo-pointer is set. Restartpoint is paced to happen at the same
      leisurily speed, determined by checkpoint_completion_target, as checkpoints,
      but because they are started later, max_wal_size can be exceeded by upto
      one checkpoint cycle's worth of WAL, depending on
      checkpoint_completion_target. But that seems better than not trying at all,
      and max_wal_size is a soft limit anyway.
      
      The documentation already claimed that max_wal_size is obeyed in recovery,
      so this just fixes the behaviour to match the docs. However, add some
      weasel-words there to mention that max_wal_size may well be exceeded by
      some amount in recovery.
      d661532e
    • Heikki Linnakangas's avatar
      Fix markup in docs. · 6ab4d38a
      Heikki Linnakangas authored
      Oops. I could swear I built the docs before pushing, but I guess not..
      6ab4d38a
    • Heikki Linnakangas's avatar
      Promote the assertion that XLogBeginInsert() is not called twice into ERROR. · a32c3ec8
      Heikki Linnakangas authored
      Seems like cheap insurance for WAL bugs. A spurious call to
      XLogBeginInsert() in itself would be fairly harmless, but if there is any
      data registered and the insertion is not completed/cancelled properly, there
      is a risk that the data ends up in a wrong WAL record.
      
      Per Jeff Janes's suggestion.
      a32c3ec8
    • Heikki Linnakangas's avatar
      Fix double-XLogBeginInsert call in GIN page splits. · a45c70ac
      Heikki Linnakangas authored
      If data checksums or wal_log_hints is on, and a GIN page is split, the code
      to find a new, empty, block was called after having already called
      XLogBeginInsert(). That causes an assertion failure or PANIC, if finding the
      new block involves updating a FSM page that had not been modified since last
      checkpoint, because that update is WAL-logged, which calls XLogBeginInsert
      again. Nested XLogBeginInsert calls are not supported.
      
      To fix, rearrange GIN code so that XLogBeginInsert is called later, after
      finding the victim buffers.
      
      Reported by Jeff Janes.
      a45c70ac
    • Heikki Linnakangas's avatar
      Don't choke on files that are removed while pg_rewind runs. · b36805f3
      Heikki Linnakangas authored
      If a file is removed from the source server, while pg_rewind is running, the
      invocation of pg_read_binary_file() will fail. Use the just-added missing_ok
      option to that function, to have it return NULL instead, and handle that
      gracefully. And similarly for pg_ls_dir and pg_stat_file.
      
      Reported by Fujii Masao, fix by Michael Paquier.
      b36805f3
    • Heikki Linnakangas's avatar
      Add missing_ok option to the SQL functions for reading files. · cb2acb10
      Heikki Linnakangas authored
      This makes it possible to use the functions without getting errors, if there
      is a chance that the file might be removed or renamed concurrently.
      pg_rewind needs to do just that, although this could be useful for other
      purposes too. (The changes to pg_rewind to use these functions will come in
      a separate commit.)
      
      The read_binary_file() function isn't very well-suited for extensions.c's
      purposes anymore, if it ever was. So bite the bullet and make a copy of it
      in extension.c, tailored for that use case. This seems better than the
      accidental code reuse, even if it's a some more lines of code.
      
      Michael Paquier, with plenty of kibitzing by me.
      cb2acb10
    • Kevin Grittner's avatar
      Fix comment for GetCurrentIntegerTimestamp(). · cca8ba95
      Kevin Grittner authored
      The unit of measure is microseconds, not milliseconds.
      
      Backpatch to 9.3 where the function and its comment were added.
      cca8ba95
    • Tatsuo Ishii's avatar
  6. 27 Jun, 2015 4 commits
    • Tom Lane's avatar
      Avoid passing NULL to memcmp() in lookups of zero-argument functions. · 0a52d378
      Tom Lane authored
      A few places assumed they could pass NULL for the argtypes array when
      looking up functions known to have zero arguments.  At first glance
      it seems that this should be safe enough, since memcmp() is surely not
      allowed to fetch any bytes if its count argument is zero.  However,
      close reading of the C standard says that such calls have undefined
      behavior, so we'd probably best avoid it.
      
      Since the number of places doing this is quite small, and some other
      places looking up zero-argument functions were already passing dummy
      arrays, let's standardize on the latter solution rather than hacking
      the function lookup code to avoid calling memcmp() in these cases.
      I also added Asserts to catch any future violations of the new rule.
      
      Given the utter lack of any evidence that this actually causes any
      problems in the field, I don't feel a need to back-patch this change.
      
      Per report from Piotr Stefaniak, though this is not his patch.
      0a52d378
    • Andres Freund's avatar
      Fix test_decoding's handling of nonexistant columns in old tuple versions. · d47a1136
      Andres Freund authored
      test_decoding used fastgetattr() to extract column values. That's wrong
      when decoding updates and deletes if a table's replica identity is set
      to FULL and new columns have been added since the old version of the
      tuple was created. Due to the lack of a crosscheck with the datum's
      natts values an invalid value will be output, leading to errors or
      worse.
      
      Bug: #13470
      Reported-By: Krzysztof Kotlarski
      Discussion: 20150626100333.3874.90852@wrigleys.postgresql.org
      
      Backpatch to 9.4, where the feature, including the bug, was added.
      d47a1136
    • Kevin Grittner's avatar
      Add opaque declaration of HTAB to tqual.h. · 604e9939
      Kevin Grittner authored
      Commit b89e1510 added the
      ResolveCminCmaxDuringDecoding declaration to tqual.h, which uses an
      HTAB parameter, without declaring HTAB.  It accidentally fails to
      fail to build with current sources because a declaration happens to
      be included, directly or indirectly, in all source files that
      currently use tqual.h before tqual.h is first included, but we
      shouldn't count on that.  Since an opaque declaration is enough
      here, just use that, as was done in snapmgr.h.
      
      Backpatch to 9.4, where the HTAB reference was added to tqual.h.
      604e9939
    • Heikki Linnakangas's avatar
      Fix typo in comment · 7845db2a
      Heikki Linnakangas authored
      Etsuro Fujita
      7845db2a