diff options
| author | Robert Haas <rhaas@postgresql.org> | 2020-01-16 12:11:31 -0500 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2020-01-16 12:11:31 -0500 |
| commit | 2eb34ac369741c110b593e2dc2195c57d29ab8e8 (patch) | |
| tree | 5ea2cd571637ec3ed9fd357a4990b84c1f75f6c9 /src/backend/executor/functions.c | |
| parent | 0db7c67051806f28a9129d50695efc19372d3af2 (diff) | |
| download | postgresql-2eb34ac369741c110b593e2dc2195c57d29ab8e8.tar.gz postgresql-2eb34ac369741c110b593e2dc2195c57d29ab8e8.zip | |
Fix problems with "read only query" checks, and refactor the code.
Previously, check_xact_readonly() was responsible for determining
which types of queries could not be run in a read-only transaction,
standard_ProcessUtility() was responsibility for prohibiting things
which were allowed in read only transactions but not in recovery, and
utility commands were basically prohibited in bulk in parallel mode by
calls to CommandIsReadOnly() in functions.c and spi.c. This situation
was confusing and error-prone. Accordingly, move all the checks to a
new function ClassifyUtilityCommandAsReadOnly(), which determines the
degree to which a given statement is read only.
In the old code, check_xact_readonly() inadvertently failed to handle
several statement types that actually should have been prohibited,
specifically T_CreatePolicyStmt, T_AlterPolicyStmt, T_CreateAmStmt,
T_CreateStatsStmt, T_AlterStatsStmt, and T_AlterCollationStmt. As a
result, thes statements were erroneously allowed in read only
transactions, parallel queries, and standby operation. Generally, they
would fail anyway due to some lower-level error check, but we
shouldn't rely on that. In the new code structure, future omissions
of this type should cause ClassifyUtilityCommandAsReadOnly() to
complain about an unrecognized node type.
As a fringe benefit, this means we can allow certain types of utility
commands in parallel mode, where it's safe to do so. This allows
ALTER SYSTEM, CALL, DO, CHECKPOINT, COPY FROM, EXPLAIN, and SHOW.
It might be possible to allow additional commands with more work
and thought.
Along the way, document the thinking process behind the current set
of checks, as per discussion especially with Peter Eisentraut. There
is some interest in revising some of these rules, but that seems
like a job for another patch.
Patch by me, reviewed by Tom Lane, Stephen Frost, and Peter
Eisentraut.
Discussion: http://postgr.es/m/CA+TgmoZ_rLqJt5sYkvh+JpQnfX0Y+B2R+qfi820xNih6x-FQOQ@mail.gmail.com
Diffstat (limited to 'src/backend/executor/functions.c')
| -rw-r--r-- | src/backend/executor/functions.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/src/backend/executor/functions.c b/src/backend/executor/functions.c index e8e1957075f..5cff6c43216 100644 --- a/src/backend/executor/functions.c +++ b/src/backend/executor/functions.c @@ -540,9 +540,6 @@ init_execution_state(List *queryTree_list, errmsg("%s is not allowed in a non-volatile function", CreateCommandTag((Node *) stmt)))); - if (IsInParallelMode() && !CommandIsReadOnly(stmt)) - PreventCommandIfParallelMode(CreateCommandTag((Node *) stmt)); - /* OK, build the execution_state for this query */ newes = (execution_state *) palloc(sizeof(execution_state)); if (preves) |