From ea61b1cf6470fc267253962dd34fd20d16ead40d Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 26 Dec 2023 17:57:48 -0500 Subject: [PATCH] Fix failure to verify PGC_[SU_]BACKEND GUCs in pg_file_settings view. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit set_config_option() bails out early if it detects that the option to be set is PGC_BACKEND or PGC_SU_BACKEND class and we're reading the config file in a postmaster child; we don't want to apply any new value in such a case. That's fine as far as it goes, but it fails to consider the requirements of the pg_file_settings view: for that, we need to check validity of the value even though we have no intention to apply it. Because we didn't, even very silly values for affected GUCs would be reported as valid by the view. There are only half a dozen such GUCs, which perhaps explains why this got overlooked for so long. Fix by continuing when changeVal is false; this parallels the logic in some other early-exit paths. Also, the check added by commit 924bcf4f1 to prevent GUC changes in parallel workers seems a few bricks shy of a load: it's evidently assuming that ereport(elevel, ...) won't return. Make sure we bail out if it does. The lack of trouble reports suggests that this is only a latent bug, i.e. parallel workers don't actually reach here with elevel < ERROR. (Per the code coverage report, we never reach here at all in the regression suite.) But we clearly don't want to risk proceeding if that does happen. Per report from Rıdvan Korkmaz. These are ancient bugs, so back-patch to all supported branches. Discussion: https://postgr.es/m/2089235.1703617353@sss.pgh.pa.us --- src/backend/utils/misc/guc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 0d9242307d..497fd93199 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -6749,9 +6749,12 @@ set_config_option(const char *name, const char *value, * Other changes might need to affect other workers, so forbid them. */ if (IsInParallelMode() && changeVal && action != GUC_ACTION_SAVE) + { ereport(elevel, (errcode(ERRCODE_INVALID_TRANSACTION_STATE), errmsg("cannot set parameters during a parallel operation"))); + return -1; + } record = find_option(name, true, elevel); if (record == NULL) @@ -6841,6 +6844,10 @@ set_config_option(const char *name, const char *value, * backends. This is a tad klugy, but necessary because we * don't re-read the config file during backend start. * + * However, if changeVal is false then plow ahead anyway since + * we are trying to find out if the value is potentially good, + * not actually use it. + * * In EXEC_BACKEND builds, this works differently: we load all * non-default settings from the CONFIG_EXEC_PARAMS file * during backend start. In that case we must accept @@ -6851,7 +6858,7 @@ set_config_option(const char *name, const char *value, * started it. is_reload will be true when either situation * applies. */ - if (IsUnderPostmaster && !is_reload) + if (IsUnderPostmaster && changeVal && !is_reload) return -1; } else if (context != PGC_POSTMASTER &&