Fix possible cache invalidation failure in ReceiveSharedInvalidMessages.

Commit fad153ec45299bd4d4f29dec8d9e04e2f1c08148 modified sinval.c to reduce
the number of calls into sinvaladt.c (which require taking a shared lock)
by keeping a local buffer of collected-but-not-yet-processed messages.
However, if processing of the last message in a batch resulted in a
recursive call to ReceiveSharedInvalidMessages, we could overwrite that
message with a new one while the outer invalidation function was still
working on it.  This would be likely to lead to invalidation of the wrong
cache entry, allowing subsequent processing to use stale cache data.
The fix is just to make a local copy of each message while we're processing
it.

Spotted by Andres Freund.  Back-patch to 8.4 where the bug was introduced.

diff --git a/src/backend/storage/ipc/sinval.c b/src/backend/storage/ipc/sinval.c
index edd0d73a46f2644d66fece08924b4439aecac214..264f700207c3ed5b33f1addd083ad5cdcce2fe60 100644 (file)
--- a/src/backend/storage/ipc/sinval.c
+++ b/src/backend/storage/ipc/sinval.c
@@ -91,10 +91,10 @@ ReceiveSharedInvalidMessages(
    /* Deal with any messages still pending from an outer recursion */
    while (nextmsg < nummsgs)
    {
-       SharedInvalidationMessage *msg = &messages[nextmsg++];
+       SharedInvalidationMessage msg = messages[nextmsg++];
 
        SharedInvalidMessageCounter++;
-       invalFunction(msg);
+       invalFunction(&msg);
    }
 
    do
@@ -121,10 +121,10 @@ ReceiveSharedInvalidMessages(
 
        while (nextmsg < nummsgs)
        {
-           SharedInvalidationMessage *msg = &messages[nextmsg++];
+           SharedInvalidationMessage msg = messages[nextmsg++];
 
            SharedInvalidMessageCounter++;
-           invalFunction(msg);
+           invalFunction(&msg);
        }
 
        /*