From 0f928a85ecd509b165bfb9acd71b18c40063a7a0 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 5 May 2014 14:43:39 -0400
Subject: [PATCH] Fix possible cache invalidation failure in
 ReceiveSharedInvalidMessages.

Commit fad153ec45299bd4d4f29dec8d9e04e2f1c08148 modified sinval.c to reduce
the number of calls into sinvaladt.c (which require taking a shared lock)
by keeping a local buffer of collected-but-not-yet-processed messages.
However, if processing of the last message in a batch resulted in a
recursive call to ReceiveSharedInvalidMessages, we could overwrite that
message with a new one while the outer invalidation function was still
working on it.  This would be likely to lead to invalidation of the wrong
cache entry, allowing subsequent processing to use stale cache data.
The fix is just to make a local copy of each message while we're processing
it.

Spotted by Andres Freund.  Back-patch to 8.4 where the bug was introduced.
---
 src/backend/storage/ipc/sinval.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/backend/storage/ipc/sinval.c b/src/backend/storage/ipc/sinval.c
index edd0d73a46f..264f700207c 100644
--- a/src/backend/storage/ipc/sinval.c
+++ b/src/backend/storage/ipc/sinval.c
@@ -91,10 +91,10 @@ ReceiveSharedInvalidMessages(
 	/* Deal with any messages still pending from an outer recursion */
 	while (nextmsg < nummsgs)
 	{
-		SharedInvalidationMessage *msg = &messages[nextmsg++];
+		SharedInvalidationMessage msg = messages[nextmsg++];
 
 		SharedInvalidMessageCounter++;
-		invalFunction(msg);
+		invalFunction(&msg);
 	}
 
 	do
@@ -121,10 +121,10 @@ ReceiveSharedInvalidMessages(
 
 		while (nextmsg < nummsgs)
 		{
-			SharedInvalidationMessage *msg = &messages[nextmsg++];
+			SharedInvalidationMessage msg = messages[nextmsg++];
 
 			SharedInvalidMessageCounter++;
-			invalFunction(msg);
+			invalFunction(&msg);
 		}
 
 		/*
-- 
GitLab