Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w9lP4-001iym-2m
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 06 Apr 2026 14:58:15 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w9lP3-009aud-16
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 06 Apr 2026 14:58:13 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <schmiddy@gmail.com>)
	id 1w9lP2-009auU-2z
	for pgsql-hackers@lists.postgresql.org;
	Mon, 06 Apr 2026 14:58:13 +0000
Received: from mail-ed1-x534.google.com ([2a00:1450:4864:20::534])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <schmiddy@gmail.com>)
	id 1w9lP1-00000000rxj-0pHk
	for pgsql-hackers@postgresql.org;
	Mon, 06 Apr 2026 14:58:12 +0000
Received: by mail-ed1-x534.google.com with SMTP id
 4fb4d7f45d1cf-66bb4d4fcb4so229333a12.2
        for <pgsql-hackers@postgresql.org>;
 Mon, 06 Apr 2026 07:58:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1775487489; cv=none;
        d=google.com; s=arc-20240605;
        b=QXmePQyvZBnErC2X2Oq6ZnUkFVaOPHdkzl0ikHCNegO7cl/feC54t39PccVqxUg1s7
         FLuBDpXY112ljao2vECPI2SvW3iNFl7DVN0i/cw7y/ts69D01zF1cEAa2b7UTWlN35Qk
         0zge8NzkREhDsTxfPKbGrCm/leMF1CKSW+yP62DqbkNZr5IchsOqxObgr1MPH7im+4fq
         hgO68yksO539EtxEHHJWWTsT39Ki3KZNhQROhwgi8g771jUmOdj1MWKHta9grfKSej5P
         Q3gjzOjj2XNT0T9RkzRwZntOGLJCq9HfxKFvBpmcphHajw6l0JqIDgudjMDtvT42m7o9
         ETvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=to:subject:message-id:date:from:mime-version:dkim-signature;
        bh=klrcRu4UK1VHOavSDb9aO68pxdcOB6LjO47Ym80eRbY=;
        fh=RfrkJab44jNT7RraF/sJO97r9/nkUL0AAgzmC7PBS2w=;
        b=SkmaXPSoay1W7eFzZRgpDp4JAQ9HS8/0FuAGkiYbMmTiDbS8mZmTN4MJW9swTwUihP
         4UrBwBNeUr1//ifhb43Y7mr840QYMshFlDcg39XEZl5o1eS/0T0p5UtgV7Gy2oXvCn7R
         cjhx0kNn/lPfhAPRWWiycTp5yn3dtzi2J3w5V3xdj5O46GU8UNhXC4D5YCDl8O61FaRE
         e8Lj6I30jxJWdchb8SVTvRI8Tn7jKuzFL92e922wsQ8QJfrTTMM9Rjq7Tw6nJ/4cUIHD
         G7WiGckFjKwXBRFkO6WJjk/rsTJ91hNPrT/KtnnWdIvnZ9vOVrZwsAYiq74hJUNLtwXW
         GTGg==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1775487489; x=1776092289;
 darn=postgresql.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=klrcRu4UK1VHOavSDb9aO68pxdcOB6LjO47Ym80eRbY=;
        b=ZxToI+zMXJZ6Y/ikekOB6FFcAiwHgPMTp0vXld0L6ak1c3HOxctPxnVeZCVue7oQ/+
         Lav/txv1o4K6K/6eTgF7DQ0ZKSp7MJJlVEcDkFjFQE/8Eh9BUXaZ8trtCoOWYXfwBks9
         lw3whLh8BF8Ik8yuVjMRvjBA7nMVlKQvy18iuG4pgIP+q+7j1Ygov+Wil3T1UWVIR9p/
         3LXB8pTIEByo5hb3PSdjY5SdpZzDX5dRBBcy0+qWiPNv4xHXyFdwNhPZSkwqCSrjWbmK
         iZmot1jn+jAumC60rCfbd1WyZwuuWicQZ+sYFalDyaFMMoEYWqbmX9FSKB5Lo3EwEBTr
         5wtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1775487489; x=1776092289;
        h=to:subject:message-id:date:from:mime-version:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=klrcRu4UK1VHOavSDb9aO68pxdcOB6LjO47Ym80eRbY=;
        b=hzOS7/0Tg665OCZT5GdIMi5SeHk7QBP/0kPCvQEIDvMpyYHvY42o5kRtPEIPB3ALTg
         6Oci/lLTbDbXFdTx6y1APUxn3V5xsGDpoicWWTNNiV3fPtWEl5tGRqEKUokbqQHybOg1
         HqhkrjWns3WFE5MKJC3+1h9A3a+4fXNZ+QUgS8WsHP2ovAP4yf3u2f9CmbcIghyezl/g
         s50FVlKXyor0LsWRMqo1NOp8hyA3nVJ+mV50qqGsJTIEKRonyBdAUBWllZ/0pVT5TAYI
         oMUgpTaP/5xgat/aghrABqaFIdbqOJwqG62uMFbRX2pVxCgWNg7WNyyYWhyuFpVxBbOF
         BuSg==
X-Gm-Message-State: AOJu0YyBzjI+lMzjG6XppJQN4Zh1xK1m3XOFXmH8JQvfyXPOTorQLrBe
	eid9IoY8U9yDztNPj47x4nXL4R/KGljC+9WmWm7hSSA6EUuQoGjb59T3zaFRVhmUkcgM63BaZnP
	uUGJMVKVn7baKo9IFa2slxVSC3v2PhGrp9qUX
X-Gm-Gg: AeBDieuKxBpIRRDm5zv1N1jAFdrRT44lnrCGEOJJrWA2BtiRm8RVKxt5yPjyCrYoZAM
	cVWdIO0l5PPpRGkhzypxzQDo9gPEGfJFj3jeIpNn8HjfYI3pgvfb7nE4c+K60KRE+4dnGpEpEnP
	njG5u/SGpmSPdaNFauWrmJridt3K2locG6SXU2LTgSrfSRbLuIBIvtrZW5OsKKq3pQPyhPH/vs+
	jmoP3s7R+cyJYblM35s/bu701ITopjz5FcQi9sZqB1sggFh0Jw8wds0xUeEf+mjwjD2lBGaDKCM
	RDF5
X-Received: by 2002:a17:907:e106:b0:b83:95c8:15d0 with SMTP id
 a640c23a62f3a-b9c67b52acbmr426582766b.52.1775487488977; Mon, 06 Apr 2026
 07:58:08 -0700 (PDT)
MIME-Version: 1.0
From: Josh Kupershmidt <schmiddy@gmail.com>
Date: Mon, 6 Apr 2026 10:57:56 -0400
X-Gm-Features: AQROBzCanJ5sPeXjdp4uKOkSMolNbTKZUyFzJWFGNRVFwA-yRV6FrIXDrqK5TEM
Message-ID: 
 <CAK3UJREEiWR4W_8j=5oGn8d6yvu-2xBKSSPcEHg2giWUHrnSeQ@mail.gmail.com>
Subject: Adding event mask validation for ModifyWaitEvent
To: pgsql-hackers <pgsql-hackers@postgresql.org>
Content-Type: multipart/mixed; boundary="00000000000015d19e064ecbe58f"
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAK3UJREEiWR4W_8j%3D5oGn8d6yvu-2xBKSSPcEHg2giWUHrnSeQ%40mail.gmail.com>
Precedence: bulk

--00000000000015d19e064ecbe58f
Content-Type: multipart/alternative; boundary="00000000000015d19d064ecbe58d"

--00000000000015d19d064ecbe58d
Content-Type: text/plain; charset="UTF-8"

Hi,

Please find attached a patch implementing an old FIXME comment [1]
about validating the event mask in ModifyWaitEvent(). To prevent callers
of ModifyWaitEvent() from passing invalid flags that can be silently
accepted, I propose adding two checks:

 1. Prevent setting socket wait flags on an event that has no socket,
mirroring line 600 of AddWaitEventToSet() [2].

 2. Prevent promoting a non-latch event to a latch event
through ModifyWaitEvent(). The setup for latch events is handled in
AddWaitEventToSet(), but not supported in ModifyWaitEvent(). For example,
AddWaitEventToSet() enforces "cannot wait on more than one latch" [3] per
set, registering the latch pointer [4], and handles platform-specific latch
behavior [5]. We do still allow the behavior documented in the comment for
ModifyWaitEvent() [6] about setting a latch to NULL to disable it, and
enabling again as a latch later.

[1] The commit adding this code dates back to 2016, added in
https://github.com/postgres/postgres/commit/98a64d0bd71#diff-6e542ba2eb1d83ef90e65cdc0912b51a295184701c7e3bd236937c43c4cac4b9R704
[2]
https://github.com/postgres/postgres/blob/master/src/backend/storage/ipc/waiteventset.c#L600
[3]
https://github.com/postgres/postgres/blob/master/src/backend/storage/ipc/waiteventset.c#L588-L589
[4]
https://github.com/postgres/postgres/blob/master/src/backend/storage/ipc/waiteventset.c#L614-L615
[5]
https://github.com/postgres/postgres/blob/master/src/backend/storage/ipc/waiteventset.c#L616-L619
[6]
https://github.com/postgres/postgres/blob/master/src/backend/storage/ipc/waiteventset.c#L650-L651

--00000000000015d19d064ecbe58d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">Hi,<div><br></div><div>Please find attach=
ed a patch implementing an old FIXME comment [1] about=C2=A0validating the =
event mask in=C2=A0ModifyWaitEvent(). To prevent callers of=C2=A0ModifyWait=
Event() from passing invalid flags that can be silently accepted, I propose=
 adding two checks:</div><div><br></div><div>=C2=A01. Prevent setting socke=
t wait flags on an event that has no socket, mirroring line 600 of=C2=A0Add=
WaitEventToSet() [2].</div><div><br></div><div>=C2=A02. Prevent promoting a=
 non-latch event to a latch event through=C2=A0ModifyWaitEvent(). The setup=
 for latch events is handled in AddWaitEventToSet(), but not supported in=
=C2=A0ModifyWaitEvent(). For example, AddWaitEventToSet() enforces &quot;ca=
nnot wait on more than one latch&quot; [3] per set, registering the latch p=
ointer [4], and handles platform-specific latch behavior [5]. We do still a=
llow the behavior documented in the comment for ModifyWaitEvent() [6] about=
 setting a latch to NULL to disable it, and enabling again as a latch later=
.</div><div><br></div><div>[1] The commit adding this code dates back to 20=
16, added in <a href=3D"https://github.com/postgres/postgres/commit/98a64d0=
bd71#diff-6e542ba2eb1d83ef90e65cdc0912b51a295184701c7e3bd236937c43c4cac4b9R=
704" target=3D"_blank">https://github.com/postgres/postgres/commit/98a64d0b=
d71#diff-6e542ba2eb1d83ef90e65cdc0912b51a295184701c7e3bd236937c43c4cac4b9R7=
04</a></div><div>[2]=C2=A0 <a href=3D"https://github.com/postgres/postgres/=
blob/master/src/backend/storage/ipc/waiteventset.c#L600" target=3D"_blank">=
https://github.com/postgres/postgres/blob/master/src/backend/storage/ipc/wa=
iteventset.c#L600</a></div><div>[3]=C2=A0<a href=3D"https://github.com/post=
gres/postgres/blob/master/src/backend/storage/ipc/waiteventset.c#L588-L589"=
 target=3D"_blank">https://github.com/postgres/postgres/blob/master/src/bac=
kend/storage/ipc/waiteventset.c#L588-L589</a></div><div>[4]=C2=A0<a href=3D=
"https://github.com/postgres/postgres/blob/master/src/backend/storage/ipc/w=
aiteventset.c#L614-L615" target=3D"_blank">https://github.com/postgres/post=
gres/blob/master/src/backend/storage/ipc/waiteventset.c#L614-L615</a></div>=
<div>[5]=C2=A0<a href=3D"https://github.com/postgres/postgres/blob/master/s=
rc/backend/storage/ipc/waiteventset.c#L616-L619" target=3D"_blank">https://=
github.com/postgres/postgres/blob/master/src/backend/storage/ipc/waitevents=
et.c#L616-L619</a></div><div>[6]=C2=A0<a href=3D"https://github.com/postgre=
s/postgres/blob/master/src/backend/storage/ipc/waiteventset.c#L650-L651" ta=
rget=3D"_blank">https://github.com/postgres/postgres/blob/master/src/backen=
d/storage/ipc/waiteventset.c#L650-L651</a></div><div><br></div></div>
</div>

--00000000000015d19d064ecbe58d--

--00000000000015d19e064ecbe58f
Content-Type: application/x-patch;
	name="event-mask-validation-for-ModifyWaitEvent.patch"
Content-Disposition: attachment;
	filename="event-mask-validation-for-ModifyWaitEvent.patch"
Content-Transfer-Encoding: base64
Content-ID: <f_mnmkf6le0>
X-Attachment-Id: f_mnmkf6le0

ZGlmZiAtLWdpdCBhL3NyYy9iYWNrZW5kL3N0b3JhZ2UvaXBjL3dhaXRldmVudHNldC5jIGIvc3Jj
L2JhY2tlbmQvc3RvcmFnZS9pcGMvd2FpdGV2ZW50c2V0LmMKaW5kZXggMGYyMjhlMWU3YjguLjA5
OGNmZjA2YTVkIDEwMDY0NAotLS0gYS9zcmMvYmFja2VuZC9zdG9yYWdlL2lwYy93YWl0ZXZlbnRz
ZXQuYworKysgYi9zcmMvYmFja2VuZC9zdG9yYWdlL2lwYy93YWl0ZXZlbnRzZXQuYwpAQCAtNjk1
LDcgKzY5NSwxMiBAQCBNb2RpZnlXYWl0RXZlbnQoV2FpdEV2ZW50U2V0ICpzZXQsIGludCBwb3Ms
IHVpbnQzMiBldmVudHMsIExhdGNoICpsYXRjaCkKIAlpZiAoZXZlbnQtPmV2ZW50cyAmIFdMX0xB
VENIX1NFVCAmJiBldmVudHMgIT0gZXZlbnQtPmV2ZW50cykKIAkJZWxvZyhFUlJPUiwgImNhbm5v
dCBtb2RpZnkgbGF0Y2ggZXZlbnQiKTsKIAotCS8qIEZJWE1FOiB2YWxpZGF0ZSBldmVudCBtYXNr
ICovCisJLyogVmFsaWRhdGUgZXZlbnQgbWFzayAqLworCWlmICgoZXZlbnRzICYgV0xfU09DS0VU
X01BU0spICYmIGV2ZW50LT5mZCA9PSBQR0lOVkFMSURfU09DS0VUKQorCQllbG9nKEVSUk9SLCAi
Y2Fubm90IHdhaXQgb24gc29ja2V0IGV2ZW50IHdpdGhvdXQgYSBzb2NrZXQiKTsKKwlpZiAoKGV2
ZW50cyAmIFdMX0xBVENIX1NFVCkgJiYgIShldmVudC0+ZXZlbnRzICYgV0xfTEFUQ0hfU0VUKSkK
KwkJZWxvZyhFUlJPUiwgImNhbm5vdCBtb2RpZnkgbm9uLWxhdGNoIGV2ZW50IHRvIHdhaXQgb24g
bGF0Y2giKTsKKwogCWV2ZW50LT5ldmVudHMgPSBldmVudHM7CiAKIAlpZiAoZXZlbnRzID09IFdM
X0xBVENIX1NFVCkK
--00000000000015d19e064ecbe58f--