Initialize TransactionState and user ID consistently at transaction start

If a failure happens when a transaction is starting between the moment
the transaction status is changed from TRANS_DEFAULT to TRANS_START and
the moment the current user ID and security context flags are fetched
via GetUserIdAndSecContext(), or before initializing its basic fields,
then those may get reset to incorrect values when the transaction
aborts, leaving the session in an inconsistent state.

One problem reported is that failing a starting transaction at the first
query of a session could cause several kinds of system crashes on the
follow-up queries.

In order to solve that, move the initialization of the transaction state
fields and the call of GetUserIdAndSecContext() in charge of fetching
the current user ID close to the point where the transaction status is
switched to TRANS_START, where there cannot be any error triggered
in-between, per an idea of Tom Lane.  This properly ensures that the
current user ID, the security context flags and that the basic fields of
TransactionState remain consistent even if the transaction fails while
starting.

Reported-by: Richard Guo
Diagnosed-By: Richard Guo
Author: Michael Paquier
Reviewed-by: Tom Lane
Discussion: https://postgr.es/m/CAN_9JTxECSb=pEPcb0a8d+6J+bDcOZ4=DgRo_B7Y5gRHJUM=Rw@mail.gmail.com
Backpatch-through: 9.4

diff --git a/src/backend/access/transam/xact.c b/src/backend/access/transam/xact.c
index a979d7e07b937f6f70967c27ba2d643feab58934..d967400384bfb96363fe5a22c5f9979dcdbba37a 100644 (file)
--- a/src/backend/access/transam/xact.c
+++ b/src/backend/access/transam/xact.c
@@ -1809,20 +1809,38 @@ StartTransaction(void)
 
    Assert(XactTopTransactionId == InvalidTransactionId);
 
-   /*
-    * check the current transaction state
-    */
-   if (s->state != TRANS_DEFAULT)
-       elog(WARNING, "StartTransaction while in %s state",
-            TransStateAsString(s->state));
+   /* check the current transaction state */
+   Assert(s->state == TRANS_DEFAULT);
 
    /*
-    * set the current transaction state information appropriately during
-    * start processing
+    * Set the current transaction state information appropriately during
+    * start processing.  Note that once the transaction status is switched
+    * this process cannot fail until the user ID and the security context
+    * flags are fetched below.
     */
    s->state = TRANS_START;
    s->transactionId = InvalidTransactionId;    /* until assigned */
 
+   /*
+    * initialize current transaction state fields
+    *
+    * note: prevXactReadOnly is not used at the outermost level
+    */
+   s->nestingLevel = 1;
+   s->gucNestLevel = 1;
+   s->childXids = NULL;
+   s->nChildXids = 0;
+   s->maxChildXids = 0;
+
+   /*
+    * Once the current user ID and the security context flags are fetched,
+    * both will be properly reset even if transaction startup fails.
+    */
+   GetUserIdAndSecContext(&s->prevUser, &s->prevSecContext);
+
+   /* SecurityRestrictionContext should never be set outside a transaction */
+   Assert(s->prevSecContext == 0);
+
    /*
     * Make sure we've reset xact state variables
     *
@@ -1909,20 +1927,6 @@ StartTransaction(void)
    /* Mark xactStopTimestamp as unset. */
    xactStopTimestamp = 0;
 
-   /*
-    * initialize current transaction state fields
-    *
-    * note: prevXactReadOnly is not used at the outermost level
-    */
-   s->nestingLevel = 1;
-   s->gucNestLevel = 1;
-   s->childXids = NULL;
-   s->nChildXids = 0;
-   s->maxChildXids = 0;
-   GetUserIdAndSecContext(&s->prevUser, &s->prevSecContext);
-   /* SecurityRestrictionContext should never be set outside a transaction */
-   Assert(s->prevSecContext == 0);
-
    /*
     * initialize other subsystems for new transaction
     */