Thread
Commits
-
Remove auth-options support from initdb
- 83ae824c87a5 17.0 landed
-
Make two-phase tests of ECPG and main suite more concurrent-proof
- 7e61e4cc7cfc 17.0 landed
-
initdb: Add options --auth-local and --auth-host
- 8a02339e9ba3 9.2.0 cited
-
A failure in prepared_xacts test
Richard Guo <guofenglinux@gmail.com> — 2024-04-29T01:12:48Z
Yesterday I noticed a failure on cirrus-ci for the 'Right Semi Join' patch. The failure can be found at [1], and it looks like: --- /tmp/cirrus-ci-build/src/test/regress/expected/prepared_xacts.out 2024-04-27 00:41:25.831297000 +0000 +++ /tmp/cirrus-ci-build/build/testrun/regress-running/regress/results/prepared_xacts.out 2024-04-27 00:45:50.261369000 +0000 @@ -83,8 +83,9 @@ SELECT gid FROM pg_prepared_xacts; gid ------ + gxid foo3 -(1 row) +(2 rows) Upon closer look, it seems that this issue is not caused by the patch about 'Right Semi Join', because this query, which initially included two left joins, can actually be reduced to a function scan after removing these two useless left joins. It seems that no semi-joins would be involved. EXPLAIN SELECT gid FROM pg_prepared_xacts; QUERY PLAN ---------------------------------------------------------------------------- Function Scan on pg_prepared_xact p (cost=0.00..10.00 rows=1000 width=32) (1 row) Does anyone have any clue to this failure? FWIW, after another run of this test, the failure just disappears. Does it suggest that the test case is flaky? [1] https://api.cirrus-ci.com/v1/artifact/task/6220592364388352/testrun/build/testrun/regress-running/regress/regression.diffs Thanks Richard -
Re: A failure in prepared_xacts test
Michael Paquier <michael@paquier.xyz> — 2024-04-29T04:58:51Z
On Mon, Apr 29, 2024 at 09:12:48AM +0800, Richard Guo wrote: > Does anyone have any clue to this failure? > > FWIW, after another run of this test, the failure just disappears. Does > it suggest that the test case is flaky? If you grep the source tree, you'd notice that a prepared transaction named gxid only exists in the 2PC tests of ECPG, in src/interfaces/ecpg/test/sql/twophase.pgc. So the origin of the failure comes from a race condition due to test parallelization, because the scan of pg_prepared_xacts affects all databases with installcheck, and in your case it means that the scan of pg_prepared_xacts was running in parallel of the ECPG tests with an installcheck. The only location in the whole tree where we want to do predictible scans of pg_prepared_xacts is prepared_xacts.sql, so rather than playing with 2PC transactions across a bunch of tests, I think that we should do two things, both touching prepared_xacts.sql: - The 2PC transactions run in the main regression test suite should use names that would be unlikely used elsewhere. - Limit the scans of pg_prepared_xacts on these name patterns to avoid interferences. See for example the attached with both expected outputs updated depending on the value set for max_prepared_transactions in the backend. There may be an argument in back-patching that, but I don't recall seeing this failure in the CI, so perhaps that's not worth bothering with. What do you think? -- Michael
-
Re: A failure in prepared_xacts test
Alexander Law <exclusion@gmail.com> — 2024-04-29T05:00:00Z
Hello Richard, 29.04.2024 04:12, Richard Guo wrote: > Does anyone have any clue to this failure? > > FWIW, after another run of this test, the failure just disappears. Does > it suggest that the test case is flaky? > I think this could be caused by the ecpg test twophase executed simultaneously with the test prepared_xacts thanks to meson's jobs parallelization. Best regards, Alexander
-
Re: A failure in prepared_xacts test
Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-29T05:11:00Z
Michael Paquier <michael@paquier.xyz> writes: > If you grep the source tree, you'd notice that a prepared transaction > named gxid only exists in the 2PC tests of ECPG, in > src/interfaces/ecpg/test/sql/twophase.pgc. So the origin of the > failure comes from a race condition due to test parallelization, > because the scan of pg_prepared_xacts affects all databases with > installcheck, and in your case it means that the scan of > pg_prepared_xacts was running in parallel of the ECPG tests with an > installcheck. Up to now, we've only worried about whether tests running in parallel within a single test suite can interact. It's quite scary to think that the meson setup has expanded the possibility of interactions to our entire source tree. Maybe that was a bad idea and we should fix the meson infrastructure to not do that. I fear that otherwise, we'll get bit regularly by very-low-probability bugs of this kind. regards, tom lane
-
Re: A failure in prepared_xacts test
Michael Paquier <michael@paquier.xyz> — 2024-04-29T05:25:10Z
On Mon, Apr 29, 2024 at 01:11:00AM -0400, Tom Lane wrote: > Up to now, we've only worried about whether tests running in parallel > within a single test suite can interact. It's quite scary to think > that the meson setup has expanded the possibility of interactions > to our entire source tree. Maybe that was a bad idea and we should > fix the meson infrastructure to not do that. I fear that otherwise, > we'll get bit regularly by very-low-probability bugs of this kind. I don't disagree with your point, still I'm not sure that this can be made entirely bullet-proof. Anyway, I think that we should still improve this test and make it more robust for parallel operations: installcheck fails equally on HEAD if there is a prepared transaction on the backend where the tests run, and that seems like a bad idea to me to rely on cluster-wide scans for what should be a "local" test. -- Michael
-
Re: A failure in prepared_xacts test
Alexander Law <exclusion@gmail.com> — 2024-04-29T05:30:00Z
Hello Tom and Michael, 29.04.2024 08:11, Tom Lane wrote: > Michael Paquier <michael@paquier.xyz> writes: >> If you grep the source tree, you'd notice that a prepared transaction >> named gxid only exists in the 2PC tests of ECPG, in >> src/interfaces/ecpg/test/sql/twophase.pgc. So the origin of the >> failure comes from a race condition due to test parallelization, >> because the scan of pg_prepared_xacts affects all databases with >> installcheck, and in your case it means that the scan of >> pg_prepared_xacts was running in parallel of the ECPG tests with an >> installcheck. > Up to now, we've only worried about whether tests running in parallel > within a single test suite can interact. It's quite scary to think > that the meson setup has expanded the possibility of interactions > to our entire source tree. Maybe that was a bad idea and we should > fix the meson infrastructure to not do that. I fear that otherwise, > we'll get bit regularly by very-low-probability bugs of this kind. Yes, I'm afraid of the same. For example, the test failure [1] is of that ilk, I guess. [1] https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=rorqual&dt=2024-04-17%2016%3A33%3A23 Best regards, Alexander
-
Re: A failure in prepared_xacts test
Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-29T05:32:40Z
Michael Paquier <michael@paquier.xyz> writes: > I don't disagree with your point, still I'm not sure that this can be > made entirely bullet-proof. Anyway, I think that we should still > improve this test and make it more robust for parallel operations: > installcheck fails equally on HEAD if there is a prepared transaction > on the backend where the tests run, and that seems like a bad idea to > me to rely on cluster-wide scans for what should be a "local" test. True, it's antithetical to the point of an "installcheck" test if unrelated actions in another database can break it. So I'm fine with tightening up prepared_xacts's query. I just wonder how far we want to try to carry this. (BTW, on the same logic, should ecpg's twophase.pgc be using a prepared-transaction name that's less generic than "gxid"?) regards, tom lane
-
Re: A failure in prepared_xacts test
Michael Paquier <michael@paquier.xyz> — 2024-04-29T06:57:58Z
On Mon, Apr 29, 2024 at 01:32:40AM -0400, Tom Lane wrote: > (BTW, on the same logic, should ecpg's twophase.pgc be using a > prepared-transaction name that's less generic than "gxid"?) I've hesitated a few seconds about that before sending my patch, but refrained because this stuff does not care about the contents of pg_prepared_xacts. I'd be OK to use something like an "ecpg_regress" or something similar there. -- Michael
-
Re: A failure in prepared_xacts test
Richard Guo <guofenglinux@gmail.com> — 2024-04-29T08:49:28Z
On Mon, Apr 29, 2024 at 1:11 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Up to now, we've only worried about whether tests running in parallel > within a single test suite can interact. It's quite scary to think > that the meson setup has expanded the possibility of interactions > to our entire source tree. Maybe that was a bad idea and we should > fix the meson infrastructure to not do that. I fear that otherwise, > we'll get bit regularly by very-low-probability bugs of this kind. I have the same concern. I suspect that the scan of pg_prepared_xacts is not the only test that could cause problems when running in parallel to other tests from the entire source tree. Thanks Richard
-
Re: A failure in prepared_xacts test
Richard Guo <guofenglinux@gmail.com> — 2024-04-29T09:11:19Z
On Mon, Apr 29, 2024 at 2:58 PM Michael Paquier <michael@paquier.xyz> wrote: > On Mon, Apr 29, 2024 at 01:32:40AM -0400, Tom Lane wrote: > > (BTW, on the same logic, should ecpg's twophase.pgc be using a > > prepared-transaction name that's less generic than "gxid"?) > > I've hesitated a few seconds about that before sending my patch, but > refrained because this stuff does not care about the contents of > pg_prepared_xacts. I'd be OK to use something like an "ecpg_regress" > or something similar there. I noticed that some TAP tests from recovery and subscription would select the count from pg_prepared_xacts. I wonder if these tests would be affected if there are any prepared transactions on the backend. Thanks Richard
-
Re: A failure in prepared_xacts test
Michael Paquier <michael@paquier.xyz> — 2024-04-29T09:19:48Z
On Mon, Apr 29, 2024 at 05:11:19PM +0800, Richard Guo wrote: > I noticed that some TAP tests from recovery and subscription would > select the count from pg_prepared_xacts. I wonder if these tests would > be affected if there are any prepared transactions on the backend. TAP tests run in isolation of the rest with their own clusters initialized from a copy initdb'd (rather than initdb because that's much cheaper), so these scans are OK left alone. -- Michael
-
Re: A failure in prepared_xacts test
Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-29T13:45:16Z
Richard Guo <guofenglinux@gmail.com> writes: > I noticed that some TAP tests from recovery and subscription would > select the count from pg_prepared_xacts. I wonder if these tests would > be affected if there are any prepared transactions on the backend. TAP tests shouldn't be at risk, because there is no "make installcheck" equivalent for them. Each TAP test creates its own database instance (or maybe several), so that instance won't have anything else going on. regards, tom lane
-
Re: A failure in prepared_xacts test
Michael Paquier <michael@paquier.xyz> — 2024-04-29T22:42:52Z
On Mon, Apr 29, 2024 at 09:45:16AM -0400, Tom Lane wrote: > TAP tests shouldn't be at risk, because there is no "make > installcheck" equivalent for them. Each TAP test creates its own > database instance (or maybe several), so that instance won't have > anything else going on. There are a few more 2PC transactions in test_decoding (no installcheck), temp.sql, test_extensions.sql and pg_stat_statements's utility.sql (no installcheck) but their GIDs are not that bad. twophase_stream.sql has a GID "test1", which is kind of generic, but it won't run in parallel. At the end, only addressing the prepared_xacts.sql and the ECPG bits looked enough to me, so I've tweaked these with 7e61e4cc7cfc and called it a day. I'd be curious about any discussion involving the structure of the meson tests. -- Michael
-
Re: A failure in prepared_xacts test
Richard Guo <guofenglinux@gmail.com> — 2024-04-30T00:43:32Z
On Mon, Apr 29, 2024 at 9:45 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Richard Guo <guofenglinux@gmail.com> writes: > > I noticed that some TAP tests from recovery and subscription would > > select the count from pg_prepared_xacts. I wonder if these tests would > > be affected if there are any prepared transactions on the backend. > > TAP tests shouldn't be at risk, because there is no "make > installcheck" equivalent for them. Each TAP test creates its own > database instance (or maybe several), so that instance won't have > anything else going on. Thank you for the explanation. I wasn't aware of this before. Thanks Richard
-
Re: A failure in prepared_xacts test
Richard Guo <guofenglinux@gmail.com> — 2024-04-30T00:54:47Z
On Tue, Apr 30, 2024 at 6:43 AM Michael Paquier <michael@paquier.xyz> wrote: > I'd be curious about any discussion involving the structure of the > meson tests. +1. I'm kind of worried that the expansion of parallelization could lead to more instances of instability. Alexander mentioned one such case at [1]. I haven't looked into it though. [1] https://www.postgresql.org/message-id/cbf0156f-5aa1-91db-5802-82435dda03e6%40gmail.com Thanks Richard
-
Re: A failure in prepared_xacts test
Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-30T01:48:13Z
Richard Guo <guofenglinux@gmail.com> writes: > +1. I'm kind of worried that the expansion of parallelization could > lead to more instances of instability. Alexander mentioned one such > case at [1]. I haven't looked into it though. > [1] https://www.postgresql.org/message-id/cbf0156f-5aa1-91db-5802-82435dda03e6%40gmail.com The mechanism there is pretty obvious: a plancache flush happened at just the wrong (right?) time and caused the output to change, as indeed the comment acknowledges: -- currently, this fails due to cached plan for "r.f1 + 1" expression -- (but if debug_discard_caches is on, it will succeed) I wonder if we shouldn't just remove that test case as being too unstable -- especially since it's not proving much anyway. regards, tom lane
-
[PATCH] Fix bug when calling strncmp in check_authmethod_valid
Jingxian Li <aqktjcm@qq.com> — 2024-04-30T02:41:39Z
Hi all, Attached is a patch that fixes bug when calling strncmp function, in which case the third argument (authmethod - strchr(authmethod, ' ')) may be negative, which is not as expected.. With Regards, Jingxian Li.
-
Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid
Richard Guo <guofenglinux@gmail.com> — 2024-04-30T04:16:23Z
On Tue, Apr 30, 2024 at 10:41 AM Jingxian Li <aqktjcm@qq.com> wrote: > Attached is a patch that fixes bug when calling strncmp function, in > which case the third argument (authmethod - strchr(authmethod, ' ')) > may be negative, which is not as expected.. Nice catch. I think you're right from a quick glance. Thanks Richard
-
Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid
Daniel Gustafsson <daniel@yesql.se> — 2024-04-30T09:14:37Z
> On 30 Apr 2024, at 04:41, Jingxian Li <aqktjcm@qq.com> wrote: > Attached is a patch that fixes bug when calling strncmp function, in > which case the third argument (authmethod - strchr(authmethod, ' ')) > may be negative, which is not as expected.. The calculation is indeed incorrect, but the lack of complaints of it being broken made me wonder why this exist in the first place. This dates back to e7029b212755, just shy of 2 decades old, which added --auth with support for strings with auth-options to ident and pam like --auth 'pam <servicename>' and 'ident sameuser'. Support for options to ident was removed in 01c1a12a5bb4 but options to pam is still supported (although not documented), but was AFAICT broken in commit 8a02339e9ba3 some 12 years ago with this strncmp(). - if (strncmp(authmethod, *p, (authmethod - strchr(authmethod, ' '))) == 0) + if (strncmp(authmethod, *p, (strchr(authmethod, ' ') - authmethod)) == 0) This with compare "pam postgresql" with "pam" and not "pam " so the length should be "(strchr(authmethod, ' ') - authmethod + 1)" since "pam " is a method separate from "pam" in auth_methods_{host|local}. We don't want to allow "md5 " as that's not a method in the array of valid methods. But, since it's been broken in all supported versions of postgres and has AFAICT never been documented to exist, should we fix it or just remove it? We don't support auth-options for any other methods, like clientcert to cert for example. If we fix it we should also document that it works IMHO. -- Daniel Gustafsson -
Re: A failure in prepared_xacts test
Peter Eisentraut <peter@eisentraut.org> — 2024-05-03T12:27:40Z
On 29.04.24 07:11, Tom Lane wrote: > Up to now, we've only worried about whether tests running in parallel > within a single test suite can interact. It's quite scary to think > that the meson setup has expanded the possibility of interactions > to our entire source tree. Maybe that was a bad idea and we should > fix the meson infrastructure to not do that. I fear that otherwise, > we'll get bit regularly by very-low-probability bugs of this kind. I don't think there is anything fundamentally different in the parallelism setups of the make-based and the meson-based tests. There are just different implementation details that might affect the likely orderings and groupings.
-
Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid
Jingxian Li <aqktjcm@qq.com> — 2024-05-07T04:46:27Z
Hi Daniel, Thank you for explaining the ins and outs of this problem. On 2024/4/30 17:14, Daniel Gustafsson wrote: >> On 30 Apr 2024, at 04:41, Jingxian Li <aqktjcm@qq.com> wrote: > >> Attached is a patch that fixes bug when calling strncmp function, in >> which case the third argument (authmethod - strchr(authmethod, ' ')) >> may be negative, which is not as expected.. > > The calculation is indeed incorrect, but the lack of complaints of it being > broken made me wonder why this exist in the first place. This dates back to > e7029b212755, just shy of 2 decades old, which added --auth with support for > strings with auth-options to ident and pam like --auth 'pam <servicename>' and > 'ident sameuser'. Support for options to ident was removed in 01c1a12a5bb4 but > options to pam is still supported (although not documented), but was AFAICT > broken in commit 8a02339e9ba3 some 12 years ago with this strncmp(). > > - if (strncmp(authmethod, *p, (authmethod - strchr(authmethod, ' '))) == 0) > + if (strncmp(authmethod, *p, (strchr(authmethod, ' ') - authmethod)) == 0) > > This with compare "pam postgresql" with "pam" and not "pam " so the length > should be "(strchr(authmethod, ' ') - authmethod + 1)" since "pam " is a method > separate from "pam" in auth_methods_{host|local}. We don't want to allow "md5 > " as that's not a method in the array of valid methods. > > But, since it's been broken in all supported versions of postgres and has > AFAICT never been documented to exist, should we fix it or just remove it? We > don't support auth-options for any other methods, like clientcert to cert for > example. If we fix it we should also document that it works IMHO. You mentioned that auth-options are not supported for auth methods except pam, but I found that some methods (such as ldap and radius etc.) also requires aut-options, and there are no corresponding auth methods ending with space (such as "ldap " and radius ") present in auth_methods_host and auth_methods_local arrays. -- Jingxian Li -
Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid
Daniel Gustafsson <daniel@yesql.se> — 2024-05-13T08:34:48Z
> On 7 May 2024, at 06:46, Jingxian Li <aqktjcm@qq.com> wrote: >> But, since it's been broken in all supported versions of postgres and has >> AFAICT never been documented to exist, should we fix it or just remove it? We >> don't support auth-options for any other methods, like clientcert to cert for >> example. If we fix it we should also document that it works IMHO. > > You mentioned that auth-options are not supported for auth methods except pam, > but I found that some methods (such as ldap and radius etc.) also requires aut-options, > and there are no corresponding auth methods ending with space (such as "ldap " and > radius ") present in auth_methods_host and auth_methods_local arrays. Correct, only pam and ident were ever supported (yet not documented) and ident was removed a long time ago. Searching the archives I was unable to find any complaints, and this has been broken for the entire window of supported releases, so I propose we remove it as per the attached patch. If anyone is keen on making this work again for all the types where it makes sense, it can be resurrected (probably with a better implementation). Any objections to fixing this in 17 by removing it? (cc:ing Michael from the RMT) -- Daniel Gustafsson
-
Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid
Aleksander Alekseev <aleksander@timescale.com> — 2024-05-13T10:01:21Z
Hi, > Searching the archives I was unable to find any complaints, and this has been > broken for the entire window of supported releases, so I propose we remove it > as per the attached patch. If anyone is keen on making this work again for all > the types where it makes sense, it can be resurrected (probably with a better > implementation). > > Any objections to fixing this in 17 by removing it? (cc:ing Michael from the RMT) +1 Something that is not documented or used by anyone (apparently) and is broken should just be removed. -- Best regards, Aleksander Alekseev
-
Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid
Michael Paquier <michael@paquier.xyz> — 2024-05-14T05:12:38Z
On Mon, May 13, 2024 at 01:01:21PM +0300, Aleksander Alekseev wrote: >> Any objections to fixing this in 17 by removing it? (cc:ing Michael from the RMT) > > +1 Something that is not documented or used by anyone (apparently) and > is broken should just be removed. 8a02339e9ba3 sounds like an argument good enough to prove there is no demand in the field for being able to support options through initdb --auth, and this does not concern only pam. If somebody is interested in that, that could always be done later. My take is that this would be simpler if implemented through a separate option, leaving the checks between the options and the auth method up to the postmaster when loading pg_hba.conf at startup. Hence, no objections to clean up that now. Thanks for asking. -- Michael
-
Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid
Daniel Gustafsson <daniel@yesql.se> — 2024-05-14T09:45:28Z
> On 14 May 2024, at 07:12, Michael Paquier <michael@paquier.xyz> wrote: > Hence, no objections to clean up that now. Thanks for asking. Thanks for verifying, I've pushed this now. -- Daniel Gustafsson