Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wDd1u-003BQU-0k for pgsql-hackers@arkaria.postgresql.org; Fri, 17 Apr 2026 06:50:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wDd1t-008Y3z-0V for pgsql-hackers@arkaria.postgresql.org; Fri, 17 Apr 2026 06:50:17 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wDd1s-008Y3r-2N for pgsql-hackers@lists.postgresql.org; Fri, 17 Apr 2026 06:50:16 +0000 Received: from mail-yx1-xb12a.google.com ([2607:f8b0:4864:20::b12a]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wDd1q-00000001QuV-2uW6 for pgsql-hackers@lists.postgresql.org; Fri, 17 Apr 2026 06:50:15 +0000 Received: by mail-yx1-xb12a.google.com with SMTP id 956f58d0204a3-64d5a7926cfso354926d50.2 for ; Thu, 16 Apr 2026 23:50:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776408614; cv=none; d=google.com; s=arc-20240605; b=IqMBl9O9ReNQ8jO6ZFPDAt2wtHYJYKX6PRuZhPv9cLypmBCROcRlGE9llqMo8nXtRZ b9fmmiFZWWY1jmdPC42qcWMoxD7RPkUA105IH7nPNqfMYsbojcsp527Abs3zqC+9VGkJ 7EsFNpU6a7oeAqjlTsnuT9+8rtVYyEGZUzLX9aCAEq8z8cRenzrLBlUkPe6t7uMfV19T k8uwqBNcNR04xpnm5tdys5jugWaPw93U8RV++EnuROITfMUiQC1rfHIyoldPrPqPOPtX 8Lsrq/Kch087AI1I+g3B2Nx5NH5ERqz+o7DAPJymF5yUl+efSAebZsc6jx5MTeJnAEdT +zNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=m2jP+z4am8QB5kdXwOYlMZf0F4TTKD7FcAivf/FSscc=; fh=nwNxTtLLPTU0ewfLM7SSbrjMajMl+wwnFkCY/fi90vE=; b=HCp8rPk1o9GChf0BX1OH6vo1HcWJ3ZoeIocjkiZbNTEl2S4FQUccRD5HfF/zIMCzx9 Nuu5Wgrk/5aolhLkhg0BEtusd+SaL5NgNnTc8hWmNSp4klng6wh8n8pXiIxEuGgvexED BMO31QZojJR4fOCtw4KbHXyJ8cOn+pcY3P0IfkYIdWaIYL+o8ZICc3p6YgfeQEcI/z7S IxWM7nAEpA6SSuRbOfGY57zApqSI5AduP7diYOqv1bzSS531dCZ5cyYkrtiHfJ35KxLj 43+ByxjsRp1VN3CqQXh9BRWlyviAgq5ewBk90Z8kZ39ArqOredP2CdI17mqb/Yuyxhdi yGKw==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776408614; x=1777013414; darn=lists.postgresql.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=m2jP+z4am8QB5kdXwOYlMZf0F4TTKD7FcAivf/FSscc=; b=Ms6W523JIXQKI8JJB8f9sarADbF3mqDWh0JLRH8jj+t7sJU8U4jbWvLloQtDlqsiQ5 JloTFKi4XXEeGoI7jh/ivoDXbYDq9IeYYEvWugauXUtlxnapLKLW0I1xtWN/acOOXV3l S9Ep7yZfXGuw8PCMG/gUi4uqqEC/pqMyAYtlrHZSJjD5pvcOHpRmYRGCPbCf60KcUHsM nuflR3hNdeuOZkzd9UeaLffsaGAV/9WqbXOdDJ9Z+1Z7NLpMW0+ETJzvB0o+eaZrsN32 0ckPU73pDEiSQZtqCtUxd3ydqwkC7YM1/65yUbmOB7pSEabo776rMUwlmEtqxNfiX2A6 4Q6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776408614; x=1777013414; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=m2jP+z4am8QB5kdXwOYlMZf0F4TTKD7FcAivf/FSscc=; b=ixlNMsf3HW1ESrQGK64a/rFeNWqtpRT990jJSn6vT5e9twKo91yneI9i/p6K++MQCu vvfVtj72Y817FmMjX73I9D6VSpe887VVHh1dnZByC0Ti3ntvzbf3yqwUWFDpD1KpyxQa d1hdPfxszoyu7kPfoLSDskR33gCBP7CWGPesZjNIzavWkjDsvLl5u0wELO8d7ZYOCO51 4u+YjOSZiwltuFOKqH2Cw31gg/zYbrnWmlMBayTcZHJJO1fzXDiPUMYY1wwhyZOFhHPM zJPGDBE+ogFm+M/x80K1wgDvZUNJJ8qUY8UEhjBE/gGFNaqwqVnl/jOKNd3Dn9B31GPb zxRA== X-Gm-Message-State: AOJu0Yzeg23KFmyFTR7utfaEiZ/ixAE4Kx54K8kGRXeNZnQhXY8lox6C /F2chcUmsgzqDJJyze9CuX0N40vSH2EvCMcoEJ6IX/3dSp5Z2GtFd7LQ/YkoCCTOW9eipzoK+64 QRbGvgQ9HlM12gwlk23nAQZvpseiqP28g8ecN X-Gm-Gg: AeBDiet6kdeSiG+3j8VSwCvvXDdx2RdnVJ/v5l8+9OJtzANH6JpNg0LIF7Jr++fpO0/ ZK5UNt2bMgHTyS5tuHJLKdNjAKTtqPTexbFGSLdK037C8AOgy3WyRFzfAH6lWKRoLreKwG+XdL2 vpTT78GJ0Xe3ngXHlPD4h0EecaKnhfxMpu1lEa89jaK6NWBlZ/nxrzrszSx7LUPRnWnbGkRGK/a VAOJlz5mZYJA27bdHdHbZQ0DCoPOhenHR5CnEvqCbtol/zX9m8KyFNmelbnn2gldWe9z+uq+ysp aZGeigvd1QPcZvOQtHQ9E6CzzjwdnP5e5grQq1+SbMONDVN/lcNd0uufKWhtgA== X-Received: by 2002:a53:d20c:0:b0:651:b2e4:63c1 with SMTP id 956f58d0204a3-6531082ede4mr1179836d50.22.1776408614138; Thu, 16 Apr 2026 23:50:14 -0700 (PDT) MIME-Version: 1.0 From: JoongHyuk Shin Date: Fri, 17 Apr 2026 15:50:01 +0900 X-Gm-Features: AQROBzCsF98qnxb2T-zqxZLn7_3h33azN5UHsjWfzNMYekJZSJKh4vC8AgdU314 Message-ID: Subject: [PATCH] Fix TOCTOU race in ReplicationSlotsComputeRequiredLSN() To: pgsql-hackers@lists.postgresql.org Content-Type: multipart/mixed; boundary="0000000000006c31a0064fa25cbc" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000006c31a0064fa25cbc Content-Type: multipart/alternative; boundary="0000000000006c319e064fa25cba" --0000000000006c319e064fa25cba Content-Type: text/plain; charset="UTF-8" Hi, Commit 2a5225b99d7 fixed a race in ReplicationSlotsComputeRequiredXmin() where ReplicationSlotControlLock was released before the global xmin update, allowing a concurrent backend to overwrite a correct value with a stale one. ReplicationSlotsComputeRequiredLSN() has the same problem, it releases the lock before calling XLogSetReplicationSlotMinimumLSN(), so a stale minimum LSN can overwrite a correct (lower) one, potentially leading to premature WAL removal. The attached patch moves LWLockRelease() to after the LSN update, matching the xmin fix. Since 2a5225b99d7 was backpatched to all supported versions, I believe this should be as well. --0000000000006c319e064fa25cba Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

Commit 2a5225b99d7 fixed a race in ReplicationS= lotsComputeRequiredXmin()
where ReplicationSlotControlLock was re= leased before the global xmin
update, allowing a concurrent backe= nd to overwrite a correct value with
a stale one.

R= eplicationSlotsComputeRequiredLSN() has the same problem,=20 it releases the lock before calling XLogSetReplicationSlotMinimumLSN(),=20 so a stale minimum LSN can overwrite a correct (lower) one,=20 potentially leading to premature WAL removal.

The attached pa= tch moves LWLockRelease() to after the LSN update,
matching the x= min fix. Since 2a5225b99d7 was backpatched to all supported versions,=20 I believe this should be as well.
--0000000000006c319e064fa25cba-- --0000000000006c31a0064fa25cbc Content-Type: application/octet-stream; name="0001-Fix-TOCTOU-race-in-ReplicationSlotsComputeRequiredLS.patch" Content-Disposition: attachment; filename="0001-Fix-TOCTOU-race-in-ReplicationSlotsComputeRequiredLS.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mo2jsagr0 RnJvbSA2M2MzYjQ2OWQ4ZTNhZGRiZTA5Mjg2MWIwNmZiMjUxYWZhNGFjMzJhIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKb29uZ0h5dWsgU2hpbiA8c2poOTEwODA1QGdtYWlsLmNvbT4K RGF0ZTogRnJpLCAxNyBBcHIgMjAyNiAxNTowNzoxMSArMDkwMApTdWJqZWN0OiBbUEFUQ0hdIEZp eCBUT0NUT1UgcmFjZSBpbiBSZXBsaWNhdGlvblNsb3RzQ29tcHV0ZVJlcXVpcmVkTFNOKCkKClJl cGxpY2F0aW9uU2xvdHNDb21wdXRlUmVxdWlyZWRMU04oKSByZWxlYXNlZCBSZXBsaWNhdGlvblNs b3RDb250cm9sTG9jawpiZWZvcmUgY2FsbGluZyBYTG9nU2V0UmVwbGljYXRpb25TbG90TWluaW11 bUxTTigpLCBjcmVhdGluZyBhIHdpbmRvdwp3aGVyZSBhIGNvbmN1cnJlbnQgYmFja2VuZCBjb3Vs ZCBjb21wdXRlIGEgY29ycmVjdCAobG93ZXIpIG1pbmltdW0gTFNOLApvbmx5IGZvciB0aGUgZmly c3QgYmFja2VuZCB0byBvdmVyd3JpdGUgaXQgd2l0aCBhIHN0YWxlIChoaWdoZXIpIHZhbHVlLgpU aGlzIGNvdWxkIGxlYWQgdG8gcHJlbWF0dXJlIFdBTCByZW1vdmFsLgoKVGhlIGV4YWN0IHNhbWUg cGF0dGVybiB3YXMgYWxyZWFkeSBmaXhlZCBmb3IgdGhlIHhtaW4gdmFyaWFudCBpbiBjb21taXQK MmE1MjI1Yjk5ZDcsIHdoaWNoIG1vdmVkIHRoZSBsb2NrIHJlbGVhc2UgaW4KUmVwbGljYXRpb25T bG90c0NvbXB1dGVSZXF1aXJlZFhtaW4oKSB0byBhZnRlciB0aGUgZ2xvYmFsIHhtaW4gdXBkYXRl LgpUaGUgTFNOIGZ1bmN0aW9uIHdhcyBtaXNzZWQgaW4gdGhhdCBmaXguCgpNb3ZlIExXTG9ja1Jl bGVhc2UoKSB0byBhZnRlciBYTG9nU2V0UmVwbGljYXRpb25TbG90TWluaW11bUxTTigpIHNvIHRo ZQpsb2NrIGlzIGhlbGQgZm9yIHRoZSBlbnRpcmUgY29tcHV0ZS1hbmQtdXBkYXRlIHNlcXVlbmNl LCBtYXRjaGluZyB0aGUKeG1pbiBmdW5jdGlvbidzIGJlaGF2aW9yLgoKQXV0aG9yOiBKb29uZ0h5 dWsgU2hpbiA8c2poOTEwODA1QGdtYWlsLmNvbT4KLS0tCiBzcmMvYmFja2VuZC9yZXBsaWNhdGlv bi9zbG90LmMgfCA3ICsrKysrKy0KIDEgZmlsZSBjaGFuZ2VkLCA2IGluc2VydGlvbnMoKyksIDEg ZGVsZXRpb24oLSkKCmRpZmYgLS1naXQgYS9zcmMvYmFja2VuZC9yZXBsaWNhdGlvbi9zbG90LmMg Yi9zcmMvYmFja2VuZC9yZXBsaWNhdGlvbi9zbG90LmMKaW5kZXggODNmY2RlNzQ3MTguLjBkODdm MGZkMzlkIDEwMDY0NAotLS0gYS9zcmMvYmFja2VuZC9yZXBsaWNhdGlvbi9zbG90LmMKKysrIGIv c3JjL2JhY2tlbmQvcmVwbGljYXRpb24vc2xvdC5jCkBAIC0xMzEyLDYgKzEzMTIsMTEgQEAgUmVw bGljYXRpb25TbG90c0NvbXB1dGVSZXF1aXJlZExTTih2b2lkKQogCiAJQXNzZXJ0KFJlcGxpY2F0 aW9uU2xvdEN0bCAhPSBOVUxMKTsKIAorCS8qCisJICogSG9sZCBSZXBsaWNhdGlvblNsb3RDb250 cm9sTG9jayB1bnRpbCBhZnRlciB1cGRhdGluZyB0aGUgbWluaW11bSBMU04uCisJICogV2l0aG91 dCB0aGlzLCBhIGNvbmN1cnJlbnQgYmFja2VuZCBjb3VsZCBjb21wdXRlIGEgY29ycmVjdCAobG93 ZXIpCisJICogbWluaW11bSBhbmQgdGhlbiBoYXZlIGl0IG92ZXJ3cml0dGVuIGJ5IG91ciBzdGFs ZSAoaGlnaGVyKSB2YWx1ZS4KKwkgKi8KIAlMV0xvY2tBY3F1aXJlKFJlcGxpY2F0aW9uU2xvdENv bnRyb2xMb2NrLCBMV19TSEFSRUQpOwogCWZvciAoaSA9IDA7IGkgPCBtYXhfcmVwbGljYXRpb25f c2xvdHMgKyBtYXhfcmVwYWNrX3JlcGxpY2F0aW9uX3Nsb3RzOyBpKyspCiAJewpAQCAtMTM1Nyw5 ICsxMzYyLDkgQEAgUmVwbGljYXRpb25TbG90c0NvbXB1dGVSZXF1aXJlZExTTih2b2lkKQogCQkJ IHJlc3RhcnRfbHNuIDwgbWluX3JlcXVpcmVkKSkKIAkJCW1pbl9yZXF1aXJlZCA9IHJlc3RhcnRf bHNuOwogCX0KLQlMV0xvY2tSZWxlYXNlKFJlcGxpY2F0aW9uU2xvdENvbnRyb2xMb2NrKTsKIAog CVhMb2dTZXRSZXBsaWNhdGlvblNsb3RNaW5pbXVtTFNOKG1pbl9yZXF1aXJlZCk7CisJTFdMb2Nr UmVsZWFzZShSZXBsaWNhdGlvblNsb3RDb250cm9sTG9jayk7CiB9CiAKIC8qCi0tIAoyLjUyLjAK Cg== --0000000000006c31a0064fa25cbc--