Fix possible cache invalidation failure in ReceiveSharedInvalidMessages.

Commit fad153ec45299bd4d4f29dec8d9e04e2f1c08148 modified sinval.c to reduce
the number of calls into sinvaladt.c (which require taking a shared lock)
by keeping a local buffer of collected-but-not-yet-processed messages.
However, if processing of the last message in a batch resulted in a
recursive call to ReceiveSharedInvalidMessages, we could overwrite that
message with a new one while the outer invalidation function was still
working on it.  This would be likely to lead to invalidation of the wrong
cache entry, allowing subsequent processing to use stale cache data.
The fix is just to make a local copy of each message while we're processing
it.

Spotted by Andres Freund.  Back-patch to 8.4 where the bug was introduced.

diff --git a/src/backend/storage/ipc/sinval.c b/src/backend/storage/ipc/sinval.c
index ff45c03b47343992b983c1e0ab6d50e74d3cf56e..b0cfc8be696f45b042db563443d4062c9776893b 100644 (file)
--- a/src/backend/storage/ipc/sinval.c
+++ b/src/backend/storage/ipc/sinval.c
@@ -88,9 +88,9 @@ ReceiveSharedInvalidMessages(
        /* Deal with any messages still pending from an outer recursion */
        while (nextmsg < nummsgs)
        {
-               SharedInvalidationMessage *msg = &messages[nextmsg++];
+               SharedInvalidationMessage msg = messages[nextmsg++];
 
-               invalFunction(msg);
+               invalFunction(&msg);
        }
 
        do
@@ -116,9 +116,9 @@ ReceiveSharedInvalidMessages(
 
                while (nextmsg < nummsgs)
                {
-                       SharedInvalidationMessage *msg = &messages[nextmsg++];
+                       SharedInvalidationMessage msg = messages[nextmsg++];
 
-                       invalFunction(msg);
+                       invalFunction(&msg);
                }
 
                /*