Fix autovacuum work item error handling

In autovacuum's "work item" processing, a few strings were allocated in
the current transaction's memory context, which goes away during error
handling; if an error happened during execution of the work item, the
pfree() calls to clean up afterwards would try to release already-released
memory, possibly leading to a crash.  In branch master, this was already
fixed by commit 335f3d04e4c8, so backpatch that to REL_10_STABLE to fix
the problem there too.

As a secondary problem, verify that the autovacuum worker is connected
to the right database for each work item; otherwise some items would be
discarded by workers in other databases.

Reported-by: Justin Pryzby
Discussion: https://postgr.es/m/20171014035732.GB31726@telsasoft.com

diff --git a/src/backend/postmaster/autovacuum.c b/src/backend/postmaster/autovacuum.c
index 776b1c0a9d5cfae8cbfa3e0b3fe5e71cc415c40b..58f1714b03f61b63eeacbe6acb874d8a4f846587 100644 (file)
--- a/src/backend/postmaster/autovacuum.c
+++ b/src/backend/postmaster/autovacuum.c
@@ -2444,8 +2444,10 @@ do_autovacuum(void)
                 */
                PG_TRY();
                {
+                       /* Use PortalContext for any per-table allocations */
+                       MemoryContextSwitchTo(PortalContext);
+
                        /* have at it */
-                       MemoryContextSwitchTo(TopTransactionContext);
                        autovacuum_do_vac_analyze(tab, bstrategy);
 
                        /*
@@ -2482,6 +2484,9 @@ do_autovacuum(void)
                }
                PG_END_TRY();
 
+               /* Make sure we're back in AutovacMemCxt */
+               MemoryContextSwitchTo(AutovacMemCxt);
+
                did_vacuum = true;
 
                /* the PGXACT flags are reset at the next end of transaction */
@@ -2525,6 +2530,8 @@ deleted:
                        continue;
                if (workitem->avw_active)
                        continue;
+               if (workitem->avw_database != MyDatabaseId)
+                       continue;
 
                /* claim this one, and release lock while performing it */
                workitem->avw_active = true;
@@ -2533,8 +2540,7 @@ deleted:
                perform_work_item(workitem);
 
                /*
-                * Check for config changes before acquiring lock for further
-                * jobs.
+                * Check for config changes before acquiring lock for further jobs.
                 */
                CHECK_FOR_INTERRUPTS();
                if (got_SIGHUP)
@@ -2601,10 +2607,9 @@ perform_work_item(AutoVacuumWorkItem *workitem)
        /*
         * Save the relation name for a possible error message, to avoid a catalog
         * lookup in case of an error.  If any of these return NULL, then the
-        * relation has been dropped since last we checked; skip it. Note: they
-        * must live in a long-lived memory context because we call vacuum and
-        * analyze in different transactions.
+        * relation has been dropped since last we checked; skip it.
         */
+       Assert(CurrentMemoryContext == AutovacMemCxt);
 
        cur_relname = get_rel_name(workitem->avw_relation);
        cur_nspname = get_namespace_name(get_rel_namespace(workitem->avw_relation));
@@ -2614,6 +2619,9 @@ perform_work_item(AutoVacuumWorkItem *workitem)
 
        autovac_report_workitem(workitem, cur_nspname, cur_datname);
 
+       /* clean up memory before each work item */
+       MemoryContextResetAndDeleteChildren(PortalContext);
+
        /*
         * We will abort the current work item if something errors out, and
         * continue with the next one; in particular, this happens if we are
@@ -2622,9 +2630,10 @@ perform_work_item(AutoVacuumWorkItem *workitem)
         */
        PG_TRY();
        {
-               /* have at it */
-               MemoryContextSwitchTo(TopTransactionContext);
+               /* Use PortalContext for any per-work-item allocations */
+               MemoryContextSwitchTo(PortalContext);
 
+               /* have at it */
                switch (workitem->avw_type)
                {
                        case AVW_BRINSummarizeRange:
@@ -2668,6 +2677,9 @@ perform_work_item(AutoVacuumWorkItem *workitem)
        }
        PG_END_TRY();
 
+       /* Make sure we're back in AutovacMemCxt */
+       MemoryContextSwitchTo(AutovacMemCxt);
+
        /* We intentionally do not set did_vacuum here */
 
        /* be tidy */