Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w4I69-0023Qq-03
	for pgsql-hackers@arkaria.postgresql.org;
	Sun, 22 Mar 2026 12:40:05 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w4I67-00D9uB-0l
	for pgsql-hackers@arkaria.postgresql.org;
	Sun, 22 Mar 2026 12:40:03 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <hlinnaka@iki.fi>)
	id 1w4I66-00D9u2-33
	for pgsql-hackers@lists.postgresql.org;
	Sun, 22 Mar 2026 12:40:03 +0000
Received: from lahtoruutu.iki.fi ([185.185.170.37])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <hlinnaka@iki.fi>)
	id 1w4I65-00000000T52-1oIW
	for pgsql-hackers@lists.postgresql.org;
	Sun, 22 Mar 2026 12:40:02 +0000
Received: from [10.0.2.15] (unknown [130.41.208.1])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	(Authenticated sender: hlinnaka)
	by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4fdwqf6Rjfz49Q55;
	Sun, 22 Mar 2026 14:39:58 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu;
	t=1774183199;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=enZiHScDJlEEGNb2XvegTcv0jN7rbDbS41gsUGbZRrU=;
	b=sXltfgCXHq0Aq97VvX7v31ZhzkcRrq7P9nDc3jo8Zevl8nAw0qn9yEFqhpD8g1wFUxmY0O
	qnd1B7+bAEw32NpwIVEpYBI6oqLWPSet3P7PIFMI/NLtRN+mbPCqxGxzttJepPvRwbZyr+
	OIIJUB6Dozf25scErdCTWn37qQd+Zh2G2zViEVCc5PsriV9wvc6AHyo3tCCYxNDW9kaws3
	P5CsPqhffs0lJynMjXipfgoKGssK2qkoATa8Udde7kQfctfbqP3K8o9MyRQGPlsKmNhppG
	x13/4ZnZGPbPecx5grCcHyuZr4+5Vw7X8CPV5X506I8sxBA9USs+EVVk3mmKaQ==
ARC-Seal: i=1; a=rsa-sha256; d=iki.fi; s=lahtoruutu; cv=none; t=1774183199;
	b=qeo/roBrU00KLIuirukpqfeAdhb21C+y2U5BUr3Re2Z4SQmnN1JRvG3GZgW/YP2qGqMCsX
	mtnRg7clfHTnU44dFqPs8b0vfK9mk1QI0HRKlu6/2TgzHVttj0sr9MAf76f+loPnFEQWyo
	z/8UxqNtQ/ASBYwoHQ+ufDc1JNT/B3uwT6lRCMtyu785l6agG1MFRWaXAEo2AsTNbHC1+j
	fwP9us1GFPMuYX7IZ13EEFMJCwnc4wqjNUUi0o2190fJQDtKqRxZi2mTvbiODpBg0Mobxu
	PpnjaUwCVUmewNoQdFQohi3QRWdwSXLWQdIMzB7egWhJDCSyxOBJVooT5Uwo4Q==
ARC-Authentication-Results: i=1;
	ORIGINATING;
	auth=pass smtp.auth=hlinnaka smtp.mailfrom=hlinnaka@iki.fi
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi;
	s=lahtoruutu; t=1774183199;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=enZiHScDJlEEGNb2XvegTcv0jN7rbDbS41gsUGbZRrU=;
	b=rQyw5Cn4vs1B9FU5NF/ZYKgX96XsQnqO/opuPQ7rAT1lMojNi2eRuOLqB3j5puw1NYpB53
	MM1yLWd9YUcH1mRgZRWrbdSr+2Q3joVs2vOydqeH7Jug0Qj1L+YN0IJb/G71Rz0w8+64zx
	d1JYGIMdWC3BH1ZMdJwyQBZKefjwWZhr5mSGIV7WzusR/RfIB9jSfugPwPLyAJkkX3g7Mw
	dV48esUHNNr3NC5ZQwLcht4uwisGayCfnFYs9/1AxZve9X3Vcq90JjekANN7d5KzKT8uwE
	VacKjevEApink2L4bUA17qEQ1X3OpB8LyzIu0EVySop0MHBO4P1ilb2Na1Rswg==
Message-ID: <a3197b31-f40d-4164-872d-906d8e9b374a@iki.fi>
Date: Sun, 22 Mar 2026 14:39:58 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Avoid use of TopMemoryContext for resource owner cleanup in
 portals
To: Lukas Fittl <lukas@fittl.com>,
 PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Cc: Andres Freund <andres@anarazel.de>,
 Zsolt Parragi <zsolt.parragi@percona.com>
References: 
 <CAP53PkxfZu+WgeAC+1BybrS6asH+S_D1Nk5onq7Js5YDFZraJQ@mail.gmail.com>
Content-Language: en-US
From: Heikki Linnakangas <hlinnaka@iki.fi>
In-Reply-To: 
 <CAP53PkxfZu+WgeAC+1BybrS6asH+S_D1Nk5onq7Js5YDFZraJQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/a3197b31-f40d-4164-872d-906d8e9b374a%40iki.fi>
Precedence: bulk

On 21/03/2026 22:18, Lukas Fittl wrote:
> Hi,
> 
> Whilst working on the stack-based instrumentation patch [0] which adds
> a new resource owner that gets set up during a query's execution, I
> encountered the following challenge:
> 
> When allocating memory related to a resource, that is intended to be
> accessed during resource owner cleanup on abort, one cannot use a
> memory context that's below the active portal (e.g. the executor
> context), but must instead chose a longer-lived context, often
> TopMemoryContext.

Yeah, resources managed by resource owners have their own lifecycle 
that's independent of memory contexts.

> This is caused by the fact that At(Sub)Abort_Portals currently frees
> all "subsidiary" memory of failed portals (i.e. failed portal memory
> child contexts), and will be called in Abort(Sub)Transaction before
> the ResourceOwnerRelease calls.
> 
> There appears to be no clear reason why the freeing of subsidiary
> portal memory is being done before resource owner release - one could
> argue that freeing memory earlier allows a later allocation to re-use
> it, but the only relevant case I could find was
> RecordTransactionAbort, and that is already handled with the
> pre-allocated TransactionAbortContext to make sure we don't fail
> allocations in out-of-memory aborts.
> 
> Other non-portal users of the ResOwner infrastructure don't suffer
> from this problem, as they typically have a memory context set up that
> survives the abort.
> 
> If we separate out the freeing of this subsidiary portal memory to run
> separately, after resource owner cleanup is done (0001 patch), we can
> remove a handful of uses of TopMemoryContext from the tree in LLVM
> JIT, WaitEventSet and OpenSSL (0002 patch, passes CI), and make it
> much less likely that new resource owner code accidentally leaks
> because it uses the top memory context and missed a pfree.

It also makes it much more likely that you crash if you release the 
resource owner only after deleting the memory context. I don't think 
this is a good idea. I think it's a good rule that anything that's 
needed for resource owner cleanup must be allocated in TopMemoryContext, 
so that there's no hidden dependency between resource owners and memory 
contexts and you can release them in any order. (I'm not 100% sure we 
follow that rule everywhere today, but still)

> It also happens to make things significantly easier for the
> stack-based instrumentation patch, since we could rely on the executor
> context to free memory allocations that need to be accessed during
> abort (to propagate instrumentation data up the stack).

Hmm, I'm not sure I follow. Do you plan to rely on resource owner 
cleanup to propagate the instrumentation data? That doesn't feel right 
to me.

- Heikki