Fix possible cache invalidation failure in ReceiveSharedInvalidMessages.

Commit fad153ec45299bd4d4f29dec8d9e04e2f1c08148 modified sinval.c to reduce
the number of calls into sinvaladt.c (which require taking a shared lock)
by keeping a local buffer of collected-but-not-yet-processed messages.
However, if processing of the last message in a batch resulted in a
recursive call to ReceiveSharedInvalidMessages, we could overwrite that
message with a new one while the outer invalidation function was still
working on it.  This would be likely to lead to invalidation of the wrong
cache entry, allowing subsequent processing to use stale cache data.
The fix is just to make a local copy of each message while we're processing
it.

Spotted by Andres Freund.  Back-patch to 8.4 where the bug was introduced.

diff --git a/src/backend/storage/ipc/sinval.c b/src/backend/storage/ipc/sinval.c
index 2b3bc31a0e842da31a303ec2fc07f0386c2ff8dd..06b72c2bc0ff1dc11024a4d8060adf00adb7d19a 100644 (file)
--- a/src/backend/storage/ipc/sinval.c
+++ b/src/backend/storage/ipc/sinval.c
@@ -91,10 +91,10 @@ ReceiveSharedInvalidMessages(
        /* Deal with any messages still pending from an outer recursion */
        while (nextmsg < nummsgs)
        {
-               SharedInvalidationMessage *msg = &messages[nextmsg++];
+               SharedInvalidationMessage msg = messages[nextmsg++];
 
                SharedInvalidMessageCounter++;
-               invalFunction(msg);
+               invalFunction(&msg);
        }
 
        do
@@ -121,10 +121,10 @@ ReceiveSharedInvalidMessages(
 
                while (nextmsg < nummsgs)
                {
-                       SharedInvalidationMessage *msg = &messages[nextmsg++];
+                       SharedInvalidationMessage msg = messages[nextmsg++];
 
                        SharedInvalidMessageCounter++;
-                       invalFunction(msg);
+                       invalFunction(&msg);
                }
 
                /*