Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rh9nY-009uEe-0z for pgsql-bugs@arkaria.postgresql.org; Mon, 04 Mar 2024 15:00:12 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1rh9nW-008YqF-J0 for pgsql-bugs@arkaria.postgresql.org; Mon, 04 Mar 2024 15:00:11 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rh9nW-008Yq7-Aj for pgsql-bugs@lists.postgresql.org; Mon, 04 Mar 2024 15:00:10 +0000 Received: from mail-lj1-x229.google.com ([2a00:1450:4864:20::229]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1rh9nP-002oYg-S0 for pgsql-bugs@lists.postgresql.org; Mon, 04 Mar 2024 15:00:09 +0000 Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2d309a23d76so34095241fa.1 for ; Mon, 04 Mar 2024 07:00:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709564403; x=1710169203; darn=lists.postgresql.org; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=POhnUcQ9p+uI7xT0E5O6Qgs6Zd9t5uNxj8s0idy2FHM=; b=CBrqjEuzy7HOoegndyCDRfzWWji/v1C663DkkS+BOYFmoDvwAB47Y0SQYVQF2FwGp7 P3mL6VadL0fPC357j142qcUXvpcjQ+mDPC+sSw5keToq2dIBAGwSvTiXmD8zrIYKSp9d +FWchssGSsg7AglDdcrIxrpMnG/XvURC5ByurKJulrQk5Vxnff1OXrrWKz6xXi4mSvwW E+kZsb5Cz9j/2xgZmb3y/x4mFYs46eou1UJHi5wx5jcz/Lj9ncGc0Y40noJS9S9ugSyd vo0N7l6uSNjBYqiCDgrlnh1XkUTb8LzrdJx2artLu8rq9949DcRfK+INneFLcvYQY13g 7lmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709564403; x=1710169203; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=POhnUcQ9p+uI7xT0E5O6Qgs6Zd9t5uNxj8s0idy2FHM=; b=uMJ/SnIy+n13km1WLo2rG3VRcGJPdbvIzZUPkAYy+c7vtt64Otcyx0/T+GWsx3R6sT 4FhdpXAsuI4e3/q+Jy6Z6ixZHzGnAZDHIsCgNgSytGG+8WdBw/9TtCmrF6h8/rlvaCke x/mNrzCOjkbbbKY178gwQkh/8YVwchqCBfY3T46s0TF3QQZW0Ow2wDC4uWCKmGbNaDdV 0h/Siain3/qZtfyJxVOU/EJSXnPpSOguusalsDJvoJUnhU2bBhbrE7ThJ/RCkaYQiCxt zD18fEUZ116igsbC4CXYaTInnj/zo0p7L+Up35YQSKonfdT17Mi/+ZI4IEUycu4dsmtm CceA== X-Gm-Message-State: AOJu0Yz4AESECR21GZkLEGyFTRgyocGHeRuVgzvqFVv1XuyonGOGYF7p 65DFwhiYRTjrzCxQYVRU/9lWCZ+6LpnoiFySJQHrCaggEL5vmHbSHjkOMRe0 X-Google-Smtp-Source: AGHT+IHr/MlLrE62wCI6PnKd7+B81IeklU7Zvg9J2gEam5jIrqmsa6tg7rFfEzPKh0YxZJzM8dfFpQ== X-Received: by 2002:ac2:44ca:0:b0:512:cd02:b47 with SMTP id d10-20020ac244ca000000b00512cd020b47mr5034534lfm.15.1709564403136; Mon, 04 Mar 2024 07:00:03 -0800 (PST) Received: from [1.0.0.7] ([178.155.30.186]) by smtp.gmail.com with ESMTPSA id 25-20020ac24859000000b005134b2b45easm259916lfy.232.2024.03.04.07.00.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Mar 2024 07:00:02 -0800 (PST) Content-Type: multipart/mixed; boundary="------------kf13i9NkJIf5k6flk3AvTjgK" Message-ID: <37001bcc-7341-526c-a94d-26169f6f7282@gmail.com> Date: Mon, 4 Mar 2024 18:00:00 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: BUG #18374: Printing memory contexts on OOM condition might lead to segmentation fault Content-Language: en-US To: Tom Lane Cc: pgsql-bugs@lists.postgresql.org References: <18374-ebb8113ce4d02f0d@postgresql.org> <3120721.1709395887@sss.pgh.pa.us> <3140126.1709405398@sss.pgh.pa.us> <3148162.1709409519@sss.pgh.pa.us> <3399097.1709501969@sss.pgh.pa.us> From: Alexander Lakhin In-Reply-To: <3399097.1709501969@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. --------------kf13i9NkJIf5k6flk3AvTjgK Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello Tom, 04.03.2024 00:39, Tom Lane wrote: > I wrote: >> I find this in [1]: >> >> The C language stack growth does an implicit mremap. If you want absolute >> guarantees and run close to the edge you MUST mmap your stack for the >> largest size you think you will need. For typical stack usage this does >> not matter much but it's a corner case if you really really care >> >> Seems like we need to do some more work at startup to enforce that >> we have the amount of stack we think we do, if we're on Linux. > After thinking about that some more, I'm really quite unenthused about > trying to remap the stack for ourselves. It'd be both platform- and > architecture-dependent, and I'm afraid it'd introduce as many failure > modes as it removes. (Notably, I'm not sure we could guarantee > there's a guard page below the stack.) Since we've not seen reports > of this failure from the wild, I doubt it's worth the trouble. I have perhaps a naive idea, but it apparently eliminates the segmentation fault for the given test case. (Please look at a quick draft attached.) Though maybe the issue can really wait for complaints from outside or for a simpler/cheaper solution, integrated with the existing (or future) stack-overflow protection. > I do think it's probably worth reducing MemoryContextDelete's stack > usage to O(1), just to ensure we can't get into stack trouble during > transaction abort. That's not hard at all, as attached. Yeah, Heikki proposed something similar as part of 0003-Avoid-recursion-in-MemoryContext-functions.patch there: https://www.postgresql.org/message-id/6b48c746-9704-46dc-b9be-01fe4137c824%40iki.fi > I tried to make MemoryContextResetChildren work similarly, but that > doesn't work because if we're not removing child contexts then we > need extra state to tell which ones we've done already. For the > same reason my idea for bounding the stack space needed by > MemoryContextStats doesn't seem to work. We could possibly make it > work if we were willing to add a temporary-use pointer field to all > MemoryContext headers, but I'm unconvinced that'd be a good tradeoff. Best regards, Alexander --------------kf13i9NkJIf5k6flk3AvTjgK Content-Type: text/x-patch; charset=UTF-8; name="acquire-memory-for-stack.patch" Content-Disposition: attachment; filename="acquire-memory-for-stack.patch" Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhL3NyYy9iYWNrZW5kL3Rjb3AvcG9zdGdyZXMuYyBiL3NyYy9iYWNrZW5k L3Rjb3AvcG9zdGdyZXMuYwppbmRleCA1OWFiODEyZDJlLi5iYjlkMzA5ZjRlIDEwMDY0NAot LS0gYS9zcmMvYmFja2VuZC90Y29wL3Bvc3RncmVzLmMKKysrIGIvc3JjL2JhY2tlbmQvdGNv cC9wb3N0Z3Jlcy5jCkBAIC0zNDY0LDYgKzM0NjQsMTQgQEAgUHJvY2Vzc0ludGVycnVwdHMo dm9pZCkKIAkJSGFuZGxlUGFyYWxsZWxBcHBseU1lc3NhZ2VzKCk7CiB9CiAKK3ZvaWQgcHJl cGFyZV9zdGFjayhpbnQgbikKK3sKKwljaGFyIGJ1ZmZlclsxMDI0ICogMTAyNF07CisJbWVt c2V0KGJ1ZmZlciwgMCwgc2l6ZW9mKGJ1ZmZlcikpOworCWlmIChuID4gMCkKKwkJcHJlcGFy ZV9zdGFjayhuIC0gMSk7Cit9CisKIC8qCiAgKiBzZXRfc3RhY2tfYmFzZTogc2V0IHVwIHJl ZmVyZW5jZSBwb2ludCBmb3Igc3RhY2sgZGVwdGggY2hlY2tpbmcKICAqCkBAIC0zNDkwLDYg KzM0OTgsNyBAQCBzZXRfc3RhY2tfYmFzZSh2b2lkKQogCXN0YWNrX2Jhc2VfcHRyID0gJnN0 YWNrX2Jhc2U7CiAjZW5kaWYKIAorCXByZXBhcmVfc3RhY2soKG1heF9zdGFja19kZXB0aF9i eXRlcyArIFNUQUNLX0RFUFRIX1NMT1ApIC8gKDEwMjQgKiAxMDI0KSk7CiAJcmV0dXJuIG9s ZDsKIH0KIAo= --------------kf13i9NkJIf5k6flk3AvTjgK--