Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wDdua-003CL6-0t for pgsql-hackers@arkaria.postgresql.org; Fri, 17 Apr 2026 07:46:48 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wDduZ-008zV0-14 for pgsql-hackers@arkaria.postgresql.org; Fri, 17 Apr 2026 07:46:47 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wDduY-008zUs-2u for pgsql-hackers@lists.postgresql.org; Fri, 17 Apr 2026 07:46:47 +0000 Received: from mail-yx1-xb130.google.com ([2607:f8b0:4864:20::b130]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wDduW-00000001RKd-2YG0 for pgsql-hackers@lists.postgresql.org; Fri, 17 Apr 2026 07:46:46 +0000 Received: by mail-yx1-xb130.google.com with SMTP id 956f58d0204a3-65318dafbcbso121566d50.2 for ; Fri, 17 Apr 2026 00:46:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776412004; cv=none; d=google.com; s=arc-20240605; b=NifzzT/ebU60v0ttrNZOSO8FDOLPym9yByAvv3In5nLqvvyqbPNHVm/qP3r441XSY3 Dgh4GSBfAR7U9Z3ACqdHxFjqX/hiOiBS/FyOE9k3jE1PbrbN0qFcG0FDH9ekZGBODJ36 Irwn/3u0tCrhqKj+8dUQbnmxlfUCxD+qNQPjyI1CHwE92tdXV6UntRIujlUYe/kY/NZ5 oRdUBC4zt41E/B+7XURgUj1tsJeFummsZySExhhRQsIW9g3NlBwT9mRgaBC2B7hBqtIO 6+31N7qK5WSw3e4hktRQJBnh0Rm3tWlYo8QpGADUuNPgQ6Sxx7g4JAf79sBYJgUBKBWL qg3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=8tf6+0XLXB3gobKvyXY4pPDTNMw6H+/2X3sQT0KRs9Q=; fh=aYT1DN0kfcOC8sGTMcYZgqTN5gwFyjqV3ykwz4CvxA8=; b=gCRTgoxPzY4Z+j7xJd5dgAk78JVr8s8eGNpg03AX90Arf7tQWvuZ49Q2ec7auRjEgf Wds05P4aRoUkFGVLRSp55Frwbwk/4wQWdn0nnnzoe9M8TL2jsyWo3nnGWcSPfpOTkdxy WB+FYefN7k6bM5OKqNtWIdTFhmWzDuZeuacuHvMdm1708nK8nR7mmqZI4AjKgPvNbjeY zzmJmg4zKoi7g4sW+PLUzO/TTWXJrO7A9FkeZwmkGC8qgGercavh3TbwRiNHNnWNJtUb f3231gj1Tm+7kU32g9PGX4OJoVDWMq86mCts6Aixc1SM3R5ht+ecS48GuH0EBST5e59h Ap8Q==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776412004; x=1777016804; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8tf6+0XLXB3gobKvyXY4pPDTNMw6H+/2X3sQT0KRs9Q=; b=MqyRsMinqLcQ08KTu/jZ2w1G4X2lZK/Wz0umxQN9KHTpI3YcIoQf7Inu955csZ/8DA ZDJ9OJ+6wAHjAoDJpWWO/ywD5Upr6s3RaalCfJ/B1svQbv+vC8Z9ZTXfwCMbBGWI901w QbuAtn9WnMliYJhE9CWpm4PIBUYiXvC3mNLqpkCdw4LbkOj/7Zg1cC9ItiwoqU26bwiX DvIGvyXrvQ8OoGtnj3YfsXsONznxayiPWLs1o7aFex8dFdxQXxBYVxwFBbDp4g/Pc3gA nxRSkdb7KSt6v31rADdKosKy7+Wio45y1704L8sTEQPuM4TC3xKfmHnUMh7lip7Odkuq 93Uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776412004; x=1777016804; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=8tf6+0XLXB3gobKvyXY4pPDTNMw6H+/2X3sQT0KRs9Q=; b=ee4myA/7JLdq5HTkRIcvx3JdUFZ1P/8acal44GdaUoySfX50F6Kuj01G/iWKuHh/Is Si4uT8RDgsX0oSXvNKx10VbuW3pdVKVHyykDhTUFKgYtP0WiFeFMA7vecACOa8nspOoe 9VLvoRithUNROBvHiQNDMoGk2jiR7JZ/fWpBABTgTKUiup8jiXAmXK6GBN5B/tySECVs 8b+rioqPefY5ABaMcPAyOPjtAp3UbXxjSAbg8SxIyZmpiJOqDVgZkTLd4R4n6StZAros IIQTrmh8Ify7mj3Ov4FgXh+kLCqL1lSkwiuP0jicHT9ZPI7XI0FyPUt7N1GQFwEuTG/Y b4gw== X-Gm-Message-State: AOJu0Yzd7LUeoe11e5IH2s34x/4AlrJIAxzxtiwYne0fZe/WrCLKuEVb MDQDMo4rNv7XlEf24yNgJwFMc5myA9VveMdpB3ugBEkH8BwC1I5/6TE/BpRwmTqKWCADlRl9qEP FjHgHnc68yIiQ1zKmfDRtNJgQ9H04d3KBk5UN X-Gm-Gg: AeBDieuXr2qHxh76ruuBNDVNozF2bdGBu3B2qIg5a0nX0vR44oInUE2mvn2qJJ0txgX J1hzxrKXcJmxg9dLz5HKKs8O+anUv7rdD3BLrB11oSEYpPqOKS44tlC4wcGyqe0R+Ty0Ma/hlZX TYRtA/30v8wDCRKLJtRp9KUK4smfZPG6tzvwZXnI/ZfRGStLXw9H+PEeW4exxVCFvynzcugOJ7e fKMm/BB8qfGtaSgaqh3pJuy4b/Jr2DTvkR5OoqQdtZkvoqqaOSfGrJR87BM6/Y1Y0RoWRUFiCeJ A6asO8OclIq81PyR0wgtiAQ1rAa60jE5/jRwx7pk980lNDVMwdahsQ8nxEUSqQ== X-Received: by 2002:a05:690e:dcd:b0:651:a464:c142 with SMTP id 956f58d0204a3-653109e2ad0mr1682042d50.37.1776412004230; Fri, 17 Apr 2026 00:46:44 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: JoongHyuk Shin Date: Fri, 17 Apr 2026 16:46:31 +0900 X-Gm-Features: AQROBzD400mgc5Klvnh-6RDYwaQjbWttT6VSR-81RLLeATs1CI49PAfLdrua8lE Message-ID: Subject: Re: [PATCH] Fix TOCTOU race in ReplicationSlotsComputeRequiredLSN() To: "Zhijie Hou (Fujitsu)" Cc: "pgsql-hackers@lists.postgresql.org" Content-Type: multipart/alternative; boundary="0000000000007caa89064fa3269c" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000007caa89064fa3269c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Zhijie, Thanks for pointing this out. You're right that my patch only covers the read side and misses the write side in ReplicationSlotReserveWal(). I should have checked for existing work before submitting. I'll withdraw this patch. Best Regards, JoongHyuk Shin On Fri, Apr 17, 2026 at 3:59=E2=80=AFPM Zhijie Hou (Fujitsu) wrote: > On Friday, April 17, 2026 2:50 PM JoongHyuk Shin > wrote: > > Commit 2a5225b99d7 fixed a race in ReplicationSlotsComputeRequiredXmin(= ) > > where ReplicationSlotControlLock was released before the global xmin > > update, allowing a concurrent backend to overwrite a correct value with > > a stale one. > > > > ReplicationSlotsComputeRequiredLSN() has the same problem, > > it releases the lock before calling XLogSetReplicationSlotMinimumLSN(), > > so a stale minimum LSN can overwrite a correct (lower) one, > > potentially leading to premature WAL removal. > > > > The attached patch moves LWLockRelease() to after the LSN update, > > matching the xmin fix. > > Since 2a5225b99d7 was backpatched to all supported versions, > > I believe this should be as well. > > Thanks for noticing this. There is an existing thread [1] that I started > following 2a5225b99d7 to address the same issue. The patch you posted > only increases the lock scope in ReplicationSlotsComputeRequiredLSN() but > does > not increase the lock level when reserving WALs, so I think it would not > fix the issue. > > Please feel free to review the patch in that thread if you find it helpfu= l. > > [1] https://commitfest.postgresql.org/patch/6451/ > > Best Regards, > Hou zj > --0000000000007caa89064fa3269c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Zhijie,

Thanks for pointing this out.
You'= ;re right that my patch only covers the read side
and misses the write s= ide in ReplicationSlotReserveWal().
I should have checked for existing w= ork before submitting.

I'll withdraw this patch.

Best Reg= ards,
JoongHyuk Shin

On Fri, Apr 17, 2026 at 3:59= =E2=80=AFPM Zhijie Hou (Fujitsu) <houzj.fnst@fujitsu.com> wrote:
On Friday, April 17, 2026 2:50 PM JoongHyuk Shin = <sjh910805@gmai= l.com>=C2=A0 wrote:
> Commit 2a5225b99d7 fixed a race in ReplicationSlotsComputeRequiredXmin= ()
> where ReplicationSlotControlLock was released before the global xmin > update, allowing a concurrent backend to overwrite a correct value wit= h
> a stale one.
>
> ReplicationSlotsComputeRequiredLSN() has the same problem,
> it releases the lock before calling XLogSetReplicationSlotMinimumLSN()= ,
> so a stale minimum LSN can overwrite a correct (lower) one,
> potentially leading to premature WAL removal.
>
> The attached patch moves LWLockRelease() to after the LSN update,
> matching the xmin fix.
> Since 2a5225b99d7 was backpatched to all supported versions,
> I believe this should be as well.

Thanks for noticing this. There is an existing thread [1] that I started following 2a5225b99d7 to address the same issue. The patch you posted
only increases the lock scope in ReplicationSlotsComputeRequiredLSN() but d= oes
not increase the lock level when reserving WALs, so I think it would not fix the issue.

Please feel free to review the patch in that thread if you find it helpful.=

[1] https://commitfest.postgresql.org/patch/6451/
Best Regards,
Hou zj
--0000000000007caa89064fa3269c--