Обсуждение: Fix incorrect assignment for nodeid in TransactionIdGetCommitTsData()
Hi hackers, This is my first patch There is an incorrect assignment of nodeid = 0 in TransactionIdGetCommitTsData() (commit_ts.c). Elsewhere in the file, the code consistently uses InvalidReplOriginId. Even though InvalidReplOriginId also evaluates to 0, it should be used here for clarity and consistency. Best regards, Wang Peng
Вложения
On Thu, Feb 5, 2026 at 9:09 AM wangpeng <215722532@qq.com> wrote: > > Hi hackers, > > This is my first patch Welcome to the community. > There is an incorrect assignment of nodeid = 0 in > TransactionIdGetCommitTsData() (commit_ts.c). > Elsewhere in the file, the code consistently uses InvalidReplOriginId. > Even though InvalidReplOriginId also evaluates to 0, it should be used > here for clarity and consistency. Few lines below we have a similar assignment which uses InvalidReplOriginId. I agree with your suggestion. Patch LGTM. It's an old and small commit so maybe Alvaro, who committed the change (4aaddf2f009821e29aea3735e44332ad9ca47aaa), may not remember it. Still including him in case. -- Best Wishes, Ashutosh Bapat
> On Feb 5, 2026, at 23:00, Ashutosh Bapat <ashutosh.bapat.oss@gmail.com> wrote: > > On Thu, Feb 5, 2026 at 9:09 AM wangpeng <215722532@qq.com> wrote: >> >> Hi hackers, >> >> This is my first patch > > Welcome to the community. > >> There is an incorrect assignment of nodeid = 0 in >> TransactionIdGetCommitTsData() (commit_ts.c). >> Elsewhere in the file, the code consistently uses InvalidReplOriginId. >> Even though InvalidReplOriginId also evaluates to 0, it should be used >> here for clarity and consistency. > > Few lines below we have a similar assignment which uses > InvalidReplOriginId. I agree with your suggestion. Patch LGTM. It's an > old and small commit so maybe Alvaro, who committed the change > (4aaddf2f009821e29aea3735e44332ad9ca47aaa), may not remember it. Still > including him in case. > > -- > Best Wishes, > Ashutosh Bapat > > +1. I saw a recent commit, ec317440716487753bafa4c0f8adae53e2c32446, which replaces 0 with InvalidXLogRecPtr, so this patchis similar. The main difference is that ec3174407 does a broad sweep replacing 0 wherever possible, while this patchjust fixes one remaining omission. So if this patch is considered too trivial, I think it’s still worth a place in Michael’s stack for later. Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/
Hi, On Tue, Feb 10, 2026 at 09:35:26AM +0800, Chao Li wrote: > > > > On Feb 5, 2026, at 23:00, Ashutosh Bapat <ashutosh.bapat.oss@gmail.com> wrote: > > > > On Thu, Feb 5, 2026 at 9:09 AM wangpeng <215722532@qq.com> wrote: > >> > >> Hi hackers, > >> > >> This is my first patch > > > > Welcome to the community. > > > >> There is an incorrect assignment of nodeid = 0 in > >> TransactionIdGetCommitTsData() (commit_ts.c). > >> Elsewhere in the file, the code consistently uses InvalidReplOriginId. > >> Even though InvalidReplOriginId also evaluates to 0, it should be used > >> here for clarity and consistency. > > > > Few lines below we have a similar assignment which uses > > InvalidReplOriginId. I agree with your suggestion. Patch LGTM. It's an > > old and small commit so maybe Alvaro, who committed the change > > (4aaddf2f009821e29aea3735e44332ad9ca47aaa), may not remember it. Still > > including him in case. > > > > -- > > Best Wishes, > > Ashutosh Bapat > > > > > > while this patch just fixes one remaining omission. I did check with the same kind of Coccinelle script used for ec317440716 and it looks like the proposed change here for InvalidReplOriginId is the only one to fix for the ReplOriginId type. FWIW, I extended the exercise for other Invalid* values in [1]. [1]: https://postgr.es/m/aY2oKlSpikgO9m%2BX%40ip-10-97-1-34.eu-west-3.compute.internal Regards, -- Bertrand Drouvot PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
On Tue, Feb 10, 2026 at 09:35:26AM +0800, Chao Li wrote: > So if this patch is considered too trivial, I think it’s still worth > a place in Michael’s stack for later. Aye. I did not notice this one first, but Alvaro has poked me about it, so grabbed now for later. -- Michael
Вложения
Hi hackers,
We've identified a bug in the DSA (Dynamic Shared Memory Area) allocator that causes memory corruption and crashes during parallel hash joins with large data sets. The bug has been present since the DSA implementation was introduced and affects all supported branches.
Attached is a minimal fix (5 lines added, 0 changed).
== Bug Summary ==
In make_new_segment() (src/backend/utils/mmgr/dsa.c), there are two paths for computing segment layout:
Path 1 (geometric): knows total_size upfront, computes
total_pages = total_size / FPM_PAGE_SIZE
pagemap entries = total_pages <-- correct
Path 2 (odd-sized, when requested > geometric): works forward from
usable_pages = requested_pages
pagemap entries = usable_pages <-- BUG
The pagemap is indexed by absolute page number. The FreePageManager hands out pages with indices from metadata_pages to (metadata_pages + usable_pages - 1). Since metadata_pages >= 1, page indices at the high end of the range exceed usable_pages, making the pagemap accesses out-of-bounds.
== How It Was Found on Postgres 15 ==
Multiple parallel worker backends crashed simultaneously with SIGSEGV in dsa_get_address(), called from dsa_free() in ExecHashTableDetachBatch() during parallel hash join batch cleanup.
Stack trace:
#0 dsa_get_address (area, dp) at dsa.c:955
#1 dsa_free (area, dp) at dsa.c:839
#2 ExecHashTableDetachBatch (hashtable) at nodeHash.c:3189
#3 ExecParallelHashJoinNewBatch (hjstate) at nodeHashjoin.c:1157
All crashing workers computed the same pageno (196993), which was the last valid FPM page but beyond the pagemap array (usable_pages = 196609).
== Root Cause (from core dump analysis) ==
The crashing segment had:
usable_pages = 196,609 (pagemap has this many entries)
metadata_pages = 385
total_pages = 196,994 (= metadata_pages + usable_pages)
last FPM page = 196,993 (= metadata_pages + usable_pages - 1)
pagemap valid indices: 0 .. 196,608
FPM page indices: 385 .. 196,993
Pages 196,609 through 196,993 (385 pages) have no valid pagemap entry.
The pagemap array ends 3,072 bytes before the data area starts (padding zone). Most out-of-bounds entries fall in this padding and cause silent corruption. The last 17 entries fall in the data area itself, causing bidirectional corruption: pagemap writes destroy allocated object data, and subsequent pagemap reads return garbage, crashing dsa_free().
== The Fix ==
After computing metadata_bytes with usable_pages pagemap entries, add entries for the metadata pages themselves:
metadata_bytes +=
((metadata_bytes / (FPM_PAGE_SIZE - sizeof(dsa_pointer))) + 1) *
sizeof(dsa_pointer);
The divisor (FPM_PAGE_SIZE - sizeof(dsa_pointer)) = 4088 accounts for the circular dependency: each metadata page costs one pagemap entry (8 bytes), so only 4088 of each 4096-byte metadata page is net-free for other pagemap entries. The +1 absorbs the ceiling.
--
Hopefully I've followed the correct format for creating a patch -- this is my first post here.
Thanks,
Paul
Вложения
Re: [BUG + PATCH] DSA pagemap out-of-bounds in make_new_segment odd-sized path
От
Michael Paquier
Дата:
On Wed, Mar 04, 2026 at 12:36:09AM +0000, Paul Bunn wrote: > The +1 absorbs the ceiling. -- Hopefully I've > followed the correct format for creating a patch -- this is my first > post here. The email you have sent with the patch attached is a bit weird. First it renders incorrectly on the website, same way as my email client: https://www.postgresql.org/message-id/ba161ba1-9d5f-409d-9826-40d076d4ca2b%40me.com Then, this is attached to an existing thread. You should not do that for clarity. Anyway, about the patch, could you provide a self-contained SQL sequence that proves your point? That would be helpful in terms of analyzing what you think is a problem and what you think could be a potential solution. -- Michael