Request a Demo
Home   >   mailing lists

Re: WIP patch (v2) for updatable security barrier views - Mailing list pgsql-hackers

From Craig Ringer
Subject Re: WIP patch (v2) for updatable security barrier views
Date
Msg-id 531D3355.6010403@2ndquadrant.com
Whole thread Raw
In response to WIP patch for updatable security barrier views  (Craig Ringer <craig@2ndquadrant.com>)
Responses Re: WIP patch (v2) for updatable security barrier views
List pgsql-hackers
Tree view 
I've found an issue with updatable security barrier views. Locking is
being pushed down into the subquery. Locking is thus applied before
user-supplied quals are, so we potentially lock too many rows.

I'm looking into the code now, but in the mean time, here's a demo of
the problem:



regress=> CREATE TABLE t1(x integer, y integer);
CREATE TABLE
regress=> INSERT INTO t1(x,y) VALUES (1,1), (2,2), (3,3), (4,4);
INSERT 0 4
regress=> CREATE VIEW v1 WITH (security_barrier) AS SELECT x, y FROM t1
WHERE x % 2 = 0;
CREATE VIEW
regress=> EXPLAIN SELECT * FROM v1 FOR UPDATE;                             QUERY PLAN
-----------------------------------------------------------------------LockRows  (cost=0.00..42.43 rows=11 width=40)
-> Subquery Scan on v1  (cost=0.00..42.32 rows=11 width=40)        ->  LockRows  (cost=0.00..42.21 rows=11 width=14)
         ->  Seq Scan on t1  (cost=0.00..42.10 rows=11 width=14)                    Filter: ((x % 2) = 0)Planning time:
0.140ms
 
(6 rows)


or, preventing pushdown with a wrapper function to demonstrate the problem:

regress=> CREATE FUNCTION is_one(integer) RETURNS boolean AS $$ DECLARE
result integer; BEGIN SELECT $1 = 1

regress=> EXPLAIN SELECT * FROM v1 WHERE is_one(x) FOR UPDATE;                             QUERY PLAN
-----------------------------------------------------------------------LockRows  (cost=0.00..45.11 rows=4 width=40)  ->
Subquery Scan on v1  (cost=0.00..45.07 rows=4 width=40)        Filter: is_one(v1.x)        ->  LockRows
(cost=0.00..42.21rows=11 width=14)              ->  Seq Scan on t1  (cost=0.00..42.10 rows=11 width=14)
  Filter: ((x % 2) = 0)Planning time: 0.147 ms
 
(7 rows)






OK, so it looks like the code:


           /*            * Now deal with any PlanRowMark on this RTE by requesting a
lock            * of the same strength on the RTE copied down to the subquery.            */           rc =
get_plan_rowmark(root->rowMarks,rt_index);           if (rc != NULL)           {               switch (rc->markType)
          {                   /* .... */               }               root->rowMarks = list_delete(root->rowMarks,
rc);          }
 


isn't actually appropriate. We should _not_ be pushing locking down into
the subquery.

Instead, we should be retargeting the rowmark so it points to the new
subquery RTE, marking rows _after_filtering. We want a plan like:



regress=> EXPLAIN SELECT * FROM v1 WHERE is_one(x) FOR UPDATE;                             QUERY PLAN
-----------------------------------------------------------------------LockRows  (cost=0.00..45.11 rows=4 width=40)  ->
Subquery Scan on v1  (cost=0.00..45.07 rows=4 width=40)        Filter: is_one(v1.x)           ->  Seq Scan on t1
(cost=0.00..42.10rows=11 width=14)                  Filter: ((x % 2) = 0)Planning time: 0.147 ms
 
(7 rows)


I'm not too sure what the best way to do that is. Time permitting I'll
see if I can work out the RowMark code and set something up.


-- Craig Ringer                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services

pgsql-hackers by date:

Previous
From: Vik Fearing
Date:
Subject: Re: ALTER TABLE lock strength reduction patch is unsafe
Next
From: Rajeev rastogi
Date:
Subject: Re: review: psql command copy count tag