Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: "Bossart, Nathan" <bossartn@amazon.com>
Cc: Andres Freund <andres@anarazel.de>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, Robert Haas <robertmhaas@gmail.com>, "Schneider, Jeremy" <schnjere@amazon.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, "Albin, Lloyd P" <lalbin@scharp.org>
Date: 2018-07-27T02:31:23Z
Lists: pgsql-bugs, pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Improve VACUUM and ANALYZE by avoiding early lock queue
- a556549d7e6d 12.0 landed
-
Improve TRUNCATE by avoiding early lock queue
- f841ceb26d70 12.0 landed
-
Restrict access to reindex of shared catalogs for non-privileged users
- 87330e21c327 11.0 landed
- 661dd23950f2 12.0 landed
-
Improve behavior of concurrent CLUSTER.
- cbe24a6dd8fb 9.2.0 cited
Attachments
- 0001-Refactor-TRUNCATE-execution-to-avoid-early-lock-look.patch (text/x-diff) patch 0001
- 0002-Refactor-VACUUM-execution-to-avoid-early-lock-lookup.patch (text/x-diff) patch 0002
- 0003-Restrict-access-to-system-wide-REINDEX-for-non-privi.patch (text/x-diff) patch 0003
On Thu, Jul 26, 2018 at 11:14:31PM +0000, Bossart, Nathan wrote: > On 7/26/18, 3:42 PM, "Michael Paquier" <michael@paquier.xyz> wrote: > Minus a possible documentation update, 0003 seems almost ready, too. The docs mentioned that shared catalogs are processed, so I did not bother, but visibly your comment is that we could be more precise about the ownership in this case? An attempt is attached. > For 0002, would adding vacuum_skip_rel() before and after > try_relation_open() in vacuum_rel() be enough? That way, we could > avoid emitting an ERROR for only the VACUUM FULL case (and skip it > with a WARNING like everything else). Er, we need a lock on it while looking at its data in vacuum_rel(), no? So the call to vacuum_skip_rel() needs to happen after try_relation_open(), once we are sure that the relation is opened. Having two set of checks is actually better as the operation can involve multiple operations. The error messages generated by vacuum_skip_rel are not especially smart when elevel >= ERROR. As we need a proper errcode for that case as well just using a separate error message is less confusing. I have implemented my idea in the updated set attached. Another issue I have found is that when doing for example a system-wide analyze, we would finish with spurious warnings, as toast relations need to be discarded from the first set of relations built. Anyway, I have done more work on the patches, mainly I have fixed the calls to RangeVarGetRelidExtended using booleans. I have added isolation tests for cases which are cheap, aka those not involving a system-wide operation. Running those tests on HEAD, it is easy to see that TRUNCATE or VACUUM complete after a session doing a catalog lookup commits its transaction. VACUUM skips a relation and VACUUM FULL issues an error. Regarding those patches, I am pretty happy how things turn out for TRUNCATE and REINDEX, way less for VACUUM, so getting 0001 and 0003 committed first makes the most sense to me as their logic is rather straight-forward (well way of speaking ;p ). -- Michael