From 180ce0af338f56a6e204666b56ffedba31e60dac Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 24 Aug 2012 13:09:17 -0400 Subject: Fix issues with checks for unsupported transaction states in Hot Standby. The GUC check hooks for transaction_read_only and transaction_isolation tried to check RecoveryInProgress(), so as to disallow setting read/write mode or serializable isolation level (respectively) in hot standby sessions. However, GUC check hooks can be called in many situations where we're not connected to shared memory at all, resulting in a crash in RecoveryInProgress(). Among other cases, this results in EXEC_BACKEND builds crashing during child process start if default_transaction_isolation is serializable, as reported by Heikki Linnakangas. Protect those calls by silently allowing any setting when not inside a transaction; which is okay anyway since these GUCs are always reset at start of transaction. Also, add a check to GetSerializableTransactionSnapshot() to complain if we are in hot standby. We need that check despite the one in check_XactIsoLevel() because default_transaction_isolation could be serializable. We don't want to complain any sooner than this in such cases, since that would prevent running transactions at all in such a state; but a transaction can be run, if SET TRANSACTION ISOLATION is done before setting a snapshot. Per report some months ago from Robert Haas. Back-patch to 9.1, since these problems were introduced by the SSI patch. Kevin Grittner and Tom Lane, with ideas from Heikki Linnakangas --- src/backend/commands/variable.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'src/backend/commands/variable.c') diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index 8550869db3d..3eb911c5cc5 100644 --- a/src/backend/commands/variable.c +++ b/src/backend/commands/variable.c @@ -569,11 +569,16 @@ show_log_timezone(void) * read-only may be changed to read-write only when in a top-level transaction * that has not yet taken an initial snapshot. Can't do it in a hot standby * slave, either. + * + * If we are not in a transaction at all, just allow the change; it means + * nothing since XactReadOnly will be reset by the next StartTransaction(). + * The IsTransactionState() test protects us against trying to check + * RecoveryInProgress() in contexts where shared memory is not accessible. */ bool check_transaction_read_only(bool *newval, void **extra, GucSource source) { - if (*newval == false && XactReadOnly) + if (*newval == false && XactReadOnly && IsTransactionState()) { /* Can't go to r/w mode inside a r/o transaction */ if (IsSubTransaction()) @@ -592,6 +597,7 @@ check_transaction_read_only(bool *newval, void **extra, GucSource source) /* Can't go to r/w mode while recovery is still active */ if (RecoveryInProgress()) { + GUC_check_errcode(ERRCODE_FEATURE_NOT_SUPPORTED); GUC_check_errmsg("cannot set transaction read-write mode during recovery"); return false; } @@ -605,6 +611,8 @@ check_transaction_read_only(bool *newval, void **extra, GucSource source) * * We allow idempotent changes at any time, but otherwise this can only be * changed in a toplevel transaction that has not yet taken a snapshot. + * + * As in check_transaction_read_only, allow it if not inside a transaction. */ bool check_XactIsoLevel(char **newval, void **extra, GucSource source) @@ -634,7 +642,7 @@ check_XactIsoLevel(char **newval, void **extra, GucSource source) else return false; - if (newXactIsoLevel != XactIsoLevel) + if (newXactIsoLevel != XactIsoLevel && IsTransactionState()) { if (FirstSnapshotSet) { @@ -652,6 +660,7 @@ check_XactIsoLevel(char **newval, void **extra, GucSource source) /* Can't go to serializable mode while recovery is still active */ if (newXactIsoLevel == XACT_SERIALIZABLE && RecoveryInProgress()) { + GUC_check_errcode(ERRCODE_FEATURE_NOT_SUPPORTED); GUC_check_errmsg("cannot use serializable mode in a hot standby"); GUC_check_errhint("You can use REPEATABLE READ instead."); return false; -- cgit v1.2.3