Dear Michael and hackers,
This is a wrap-up of this thread. I'm planning to close the thread once.
> I am saying that there is little point in having tests for the origin
> functions in single-user mode as these don't do anything really
> fancy with global states (there's a acquired_by of course,
On Wed, Aug 20, 2025 at 07:42:11AM +, Hayato Kuroda (Fujitsu) wrote:
> Let me clarify your point. For now, there are no decisions to prohibit origin
> manipulations. 0002 only restricts to handle slots in the single-user mode.
> Did
> you say that we do not have to do tests to ensure these SQL
Dear Michael,
I found you've pushed 0001. Thanks!
I've considered to create patches for other branches after you said OK, but
you seemed to push all of them directly.
> This has reminded me of 1a9d80282811, where I have used a trick with
> pg_ctl to allow single-user mode executions to bypass the
On Tue, Aug 19, 2025 at 12:52:24PM +, Hayato Kuroda (Fujitsu) wrote:
> I have run the tests on my CI and found that windows cannot accept the test.
> Per attached output, starting the postgres with the single-user mode was
> failed
> because the user had admin permissions [1]. However, pg_ctl
Dear Michael,
> You could also validate that using the CI, assuming that you have a
> cloned repo on github with the CI enabled. See src/tools/ci/README.
> I use that a lot with local branches for pre-commit validations where
> things could break across the board.
I have run the tests on my CI a
On Tue, Aug 19, 2025 at 10:26:22AM +, Hayato Kuroda (Fujitsu) wrote:
> I added a first version of the test. It could work on my env (Linux).
You could also validate that using the CI, assuming that you have a
cloned repo on github with the CI enabled. See src/tools/ci/README.
I use that a lot
> I added a first version of the test. It could work on my env (Linux).
Best regards,
Hayato Kuroda
FUJITSU LIMITED
Dear Michael, Paul, Mutaamba,
> FWIW, I had my doubts at the beginning on the thread about the
> use-case, but after re-reading the whole thing I am going to side with
> Robert's opinion that if a fix to authorize some of the operations is
> simple, then let's just authorize the case(s) and have t
On Mon, Aug 18, 2025 at 08:47:27AM +, Hayato Kuroda (Fujitsu) wrote:
> Here are updated patches. Based on the Robert's suggestion, I separated into
> two parts.
> 0001 fixed the original issue and 0002 prohibited the slot manipulation in
> single-user mode. I want to focus on 0001 first becaus
Dear Robert,
> The use case for single-user mode is quite limited in general, but
> most things work in single-user mode unless they are something that
> intrinsically can't. For example, parallel query cannot be used in
> single-user mode, because there is only one process. Replication
> cannot w
Dear Paul, Mutaamba,
Here are updated patches. Based on the Robert's suggestion, I separated into
two parts.
0001 fixed the original issue and 0002 prohibited the slot manipulation in
single-user mode. I want to focus on 0001 first because on one would argue it.
All comments from you were includ
On Wed, Aug 13, 2025 at 3:21 AM Hayato Kuroda (Fujitsu)
wrote:
> To confirm; your point is that we should firstly fix to allow
> acquiring/releasing
> slots in the mode, then consider additional guards, is it right? Valid point.
Yes.
> I still cannot find enough use-cases to allow manipulating
Dear Robert, Paul, Mutaamba,
Sorry for the late reply. I was in the business trip.
> I don't feel good about the direction from which this patch is
> attacking the problem. The original stack trace looks like this:
>
> postgres(ExceptionalCondition+0xab)[0xb86a2a]
> postgres(ReplicationSlotRelea
On Tue, Aug 5, 2025 at 12:51 PM Paul A Jungwirth
wrote:
> No one has replied yet, but I vote for forbidding these functions. I
> can't articulate a full theory for which functions we restrict in
> single-user mode, and I think we should permit as much as possible.
> But any theory would weigh usef
Mutaamba (cc'd) and I reviewed this patch together.
To summarize the patch and thread so far: The patch adds a new
function, CheckSlotIsInSingleUserMode. If true then we raise an error.
Otherwise we would trip an assert in ReplicationSlotRelease requiring
the slot to have an active_pid, which is n
Dear Amit,
> I understand that we may not have a clear use case for this to work in
> single-user mode. But how will we define the boundary in similar
> cases? I mean, we should have some rule for such exposed functions,
> and it should be followed uniformly. Now, if one needs a bigger or
> comple
On Thu, Feb 27, 2025 at 1:29 PM Hayato Kuroda (Fujitsu)
wrote:
>
> >
> > Which other functions do we see similar restrictions? I checked
> > "sequence manipulation functions" (1), and "Transaction ID and
> > Snapshot Information Functions" (2) but couldn't see similar
> > restrictions.
> >
> > (1)
Dear Amit,
> Shouldn't such a check be present in the CheckSlotPermissions() kind
> of function to perform it in the central place?
OK. I checked whether we can reuse pre-existing functions, but it seems not
appropriate.
CheckSlotPermissions() is called even by pg_drop_replication_slot(), and
Ch
On Thu, Feb 20, 2025 at 6:21 PM Hayato Kuroda (Fujitsu)
wrote:
>
> Dear hackers,
>
> Thanks everyone for giving comments! PSA new version.
> What's new:
>
> - Message format was modified to {"cannot use function %s in single-user
> mode", "function_name"}
> - Reporting funcname was adjusted based
Dear hackers,
Thanks everyone for giving comments! PSA new version.
What's new:
- Message format was modified to {"cannot use function %s in single-user mode",
"function_name"}
- Reporting funcname was adjusted based on the parameters. ternary operator was
used.
- Guard was added for functions
Dear Amit,
> Also, what about pg_replication_origin_* APIs? Do we want to restrict
> those as well if we are restricting slot operations? I don't see any
> solid theory presented in this thread on why we should add new checks
> in multiple APIs restricting those in single-user mode.
As David [1]
On Thu, Feb 20, 2025 at 4:26 PM Zhijie Hou (Fujitsu)
wrote:
>
> On Thursday, February 20, 2025 10:23 AM Hayato Kuroda (Fujitsu)
> wrote:
> >
> > Dear Michael,
> >
> > > I did not check how these call behave individually, just a few
> > > comments while putting my eyes on the patch.
> > >
> > > +
On Thursday, February 20, 2025 10:23 AM Hayato Kuroda (Fujitsu)
wrote:
>
> Dear Michael,
>
> > I did not check how these call behave individually, just a few
> > comments while putting my eyes on the patch.
> >
> > + if (!IsUnderPostmaster)
> > + elog(ERROR,
> > +
Hi,
On Thu, Feb 20, 2025 at 02:22:41AM +, Hayato Kuroda (Fujitsu) wrote:
> Dear Michael,
>
Thanks for the report and the patch!
> > I did not check how these call behave individually, just a few
> > comments while putting my eyes on the patch.
> >
> > + if (!IsUnderPostmaster)
> > +
On Wed, Feb 19, 2025 at 7:23 PM Hayato Kuroda (Fujitsu) <
kuroda.hay...@fujitsu.com> wrote:
> I intentionally used elog() because I thought single user mode is not
> user-facing.
> But it is OK for me to use ereport() instead.
>
Single-user mode is also known as "Oh crap!" mode, something used wh
Dear Michael,
> I did not check how these call behave individually, just a few
> comments while putting my eyes on the patch.
>
> + if (!IsUnderPostmaster)
> + elog(ERROR,
> + "slot operation is prohibited in the single user
> mode");
>
> elog() should not b
On Wed, Feb 19, 2025 at 02:57:34AM +, Hayato Kuroda (Fujitsu) wrote:
> Based on the discussion, I feel it is enough to add quick error out
> for SQL functions. PSA attached.
I did not check how these call behave individually, just a few
comments while putting my eyes on the patch.
+ if
el Paquier'
> Cc: 'pgsql-hackers@lists.postgresql.org'
> Subject: RE: ReplicationSlotRelease() crashes when the instance is in the
> single
> user mode
>
> Dear Michael,
>
> > Ah, good point for the slot drop. So 0ce5cf2ef24f is claiming that
> &g
Dear Michael,
> Ah, good point for the slot drop. So 0ce5cf2ef24f is claiming that
> some of these manipulations are OK. I didn't suspect this one.
Yeah, I think so.
> Slot advancing is a very different beast, unfortunately, that may
> depend on many other subsystems. For example with logical
On Tue, Feb 18, 2025 at 07:29:51AM +, Hayato Kuroda (Fujitsu) wrote:
> According to the original thread [1], there was a wide consensus
> replication-related
> operations can be rejected, except the slot removal. I feel this is
> reasonable.
>
> Currently pg_drop_replication_slot() requires
Dear Michael,
> Perhaps a very naive question, but is there any point in authorizing
> manipulations of MyReplicationSlot in single-user mode, to begin with?
> With this remark, I would mean to apply a rule to
> ReplicationSlotAcquire(), so as all its callers would know about that.
According to t
On Monday, February 17, 2025, Hayato Kuroda (Fujitsu) <
kuroda.hay...@fujitsu.com> wrote:
>
> backend> SELECT pg_create_physical_replication_slot(slot_name :=
> 'physical_slot', immediately_reserve := true);
Since this function releases the slot when it returns, re-acquisition, even
by the same
On Tue, Feb 18, 2025 at 05:33:05AM +, Hayato Kuroda (Fujitsu) wrote:
> I found $SUBJECT when I'm playing with the single user mode.
Perhaps a very naive question, but is there any point in authorizing
manipulations of MyReplicationSlot in single-user mode, to begin with?
With this remark, I wo
Dear hackers,
I found $SUBJECT when I'm playing with the single user mode.
How to reproduce
===
You can reproduce the failure with below steps.
```
# Initialize an instance
$ initdb -D data -U postgres
# Start it as single user mode
$ postgres --single -D data/ postgres
PostgreSQL stan
34 matches
Mail list logo
