From 7b378237aa805711353075de142021b1d40ff3b0 Mon Sep 17 00:00:00 2001 From: Andrew Dunstan Date: Wed, 23 Nov 2022 14:41:30 -0500 Subject: [PATCH] Expand AclMode to 64 bits We're running out of bits for new permissions. This change doubles the number of permissions we can accomodate from 16 to 32, so the forthcoming new ones for vacuum/analyze don't exhaust the pool. Nathan Bossart Reviewed by: Bharath Rupireddy, Kyotaro Horiguchi, Stephen Frost, Robert Haas, Mark Dilger, Tom Lane, Corey Huinker, David G. Johnston, Michael Paquier. Discussion: https://postgr.es/m/20220722203735.GB3996698@nathanxps13 --- src/backend/nodes/outfuncs.c | 2 +- src/bin/pg_upgrade/check.c | 35 ++++++++++++++++++++++++++++++++ src/include/catalog/catversion.h | 2 +- src/include/catalog/pg_type.dat | 4 ++-- src/include/nodes/parsenodes.h | 6 +++--- src/include/utils/acl.h | 28 ++++++++++++------------- 6 files changed, 56 insertions(+), 21 deletions(-) diff --git a/src/backend/nodes/outfuncs.c b/src/backend/nodes/outfuncs.c index f05e72f0dc3..8f150e9a2e8 100644 --- a/src/backend/nodes/outfuncs.c +++ b/src/backend/nodes/outfuncs.c @@ -560,7 +560,7 @@ _outRangeTblEntry(StringInfo str, const RangeTblEntry *node) WRITE_BOOL_FIELD(lateral); WRITE_BOOL_FIELD(inh); WRITE_BOOL_FIELD(inFromCl); - WRITE_UINT_FIELD(requiredPerms); + WRITE_UINT64_FIELD(requiredPerms); WRITE_OID_FIELD(checkAsUser); WRITE_BITMAPSET_FIELD(selectedCols); WRITE_BITMAPSET_FIELD(insertedCols); diff --git a/src/bin/pg_upgrade/check.c b/src/bin/pg_upgrade/check.c index f1bc1e68868..615a53a8648 100644 --- a/src/bin/pg_upgrade/check.c +++ b/src/bin/pg_upgrade/check.c @@ -28,6 +28,7 @@ static void check_for_incompatible_polymorphics(ClusterInfo *cluster); static void check_for_tables_with_oids(ClusterInfo *cluster); static void check_for_composite_data_type_usage(ClusterInfo *cluster); static void check_for_reg_data_type_usage(ClusterInfo *cluster); +static void check_for_aclitem_data_type_usage(ClusterInfo *cluster); static void check_for_jsonb_9_4_usage(ClusterInfo *cluster); static void check_for_pg_role_prefix(ClusterInfo *cluster); static void check_for_new_tablespace_dir(ClusterInfo *new_cluster); @@ -107,6 +108,13 @@ check_and_dump_old_cluster(bool live_check) check_for_reg_data_type_usage(&old_cluster); check_for_isn_and_int8_passing_mismatch(&old_cluster); + /* + * PG 16 increased the size of the 'aclitem' type, which breaks the on-disk + * format for existing data. + */ + if (GET_MAJOR_VERSION(old_cluster.major_version) <= 1500) + check_for_aclitem_data_type_usage(&old_cluster); + /* * PG 14 changed the function signature of encoding conversion functions. * Conversions from older versions cannot be upgraded automatically @@ -1319,6 +1327,33 @@ check_for_reg_data_type_usage(ClusterInfo *cluster) check_ok(); } +/* + * check_for_aclitem_data_type_usage + * + * aclitem changed its storage format in 16, so check for it. + */ +static void +check_for_aclitem_data_type_usage(ClusterInfo *cluster) +{ + char output_path[MAXPGPATH]; + + prep_status("Checking for incompatible aclitem data type in user tables"); + + snprintf(output_path, sizeof(output_path), "tables_using_aclitem.txt"); + + if (check_for_data_type_usage(cluster, "pg_catalog.aclitem", output_path)) + { + pg_log(PG_REPORT, "fatal"); + pg_fatal("Your installation contains the \"aclitem\" data type in user tables.\n" + "The internal format of \"aclitem\" changed in PostgreSQL version 16\n" + "so this cluster cannot currently be upgraded. You can drop the\n" + "problem columns and restart the upgrade. A list of the problem\n" + "columns is in the file:\n" + " %s", output_path); + } + else + check_ok(); +} /* * check_for_jsonb_9_4_usage() diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index 49e9dc4a94b..94da0ee1d74 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -57,6 +57,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 202211211 +#define CATALOG_VERSION_NO 202211221 #endif diff --git a/src/include/catalog/pg_type.dat b/src/include/catalog/pg_type.dat index df458794635..0763dfde394 100644 --- a/src/include/catalog/pg_type.dat +++ b/src/include/catalog/pg_type.dat @@ -267,9 +267,9 @@ # OIDS 1000 - 1099 { oid => '1033', array_type_oid => '1034', descr => 'access control list', - typname => 'aclitem', typlen => '12', typbyval => 'f', typcategory => 'U', + typname => 'aclitem', typlen => '16', typbyval => 'f', typcategory => 'U', typinput => 'aclitemin', typoutput => 'aclitemout', typreceive => '-', - typsend => '-', typalign => 'i' }, + typsend => '-', typalign => 'd' }, { oid => '1042', array_type_oid => '1014', descr => 'char(length), blank-padded string, fixed storage length', typname => 'bpchar', typlen => '-1', typbyval => 'f', typcategory => 'S', diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index 7caff62af7f..f4ed9bbff91 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -73,12 +73,12 @@ typedef enum SetQuantifier /* * Grantable rights are encoded so that we can OR them together in a bitmask. - * The present representation of AclItem limits us to 16 distinct rights, - * even though AclMode is defined as uint32. See utils/acl.h. + * The present representation of AclItem limits us to 32 distinct rights, + * even though AclMode is defined as uint64. See utils/acl.h. * * Caution: changing these codes breaks stored ACLs, hence forces initdb. */ -typedef uint32 AclMode; /* a bitmask of privilege bits */ +typedef uint64 AclMode; /* a bitmask of privilege bits */ #define ACL_INSERT (1<<0) /* for relations */ #define ACL_SELECT (1<<1) diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h index afbfdccf53c..406071037e2 100644 --- a/src/include/utils/acl.h +++ b/src/include/utils/acl.h @@ -59,33 +59,33 @@ typedef struct AclItem } AclItem; /* - * The upper 16 bits of the ai_privs field of an AclItem are the grant option - * bits, and the lower 16 bits are the actual privileges. We use "rights" + * The upper 32 bits of the ai_privs field of an AclItem are the grant option + * bits, and the lower 32 bits are the actual privileges. We use "rights" * to mean the combined grant option and privilege bits fields. */ -#define ACLITEM_GET_PRIVS(item) ((item).ai_privs & 0xFFFF) -#define ACLITEM_GET_GOPTIONS(item) (((item).ai_privs >> 16) & 0xFFFF) +#define ACLITEM_GET_PRIVS(item) ((item).ai_privs & 0xFFFFFFFF) +#define ACLITEM_GET_GOPTIONS(item) (((item).ai_privs >> 32) & 0xFFFFFFFF) #define ACLITEM_GET_RIGHTS(item) ((item).ai_privs) -#define ACL_GRANT_OPTION_FOR(privs) (((AclMode) (privs) & 0xFFFF) << 16) -#define ACL_OPTION_TO_PRIVS(privs) (((AclMode) (privs) >> 16) & 0xFFFF) +#define ACL_GRANT_OPTION_FOR(privs) (((AclMode) (privs) & 0xFFFFFFFF) << 32) +#define ACL_OPTION_TO_PRIVS(privs) (((AclMode) (privs) >> 32) & 0xFFFFFFFF) #define ACLITEM_SET_PRIVS(item,privs) \ - ((item).ai_privs = ((item).ai_privs & ~((AclMode) 0xFFFF)) | \ - ((AclMode) (privs) & 0xFFFF)) + ((item).ai_privs = ((item).ai_privs & ~((AclMode) 0xFFFFFFFF)) | \ + ((AclMode) (privs) & 0xFFFFFFFF)) #define ACLITEM_SET_GOPTIONS(item,goptions) \ - ((item).ai_privs = ((item).ai_privs & ~(((AclMode) 0xFFFF) << 16)) | \ - (((AclMode) (goptions) & 0xFFFF) << 16)) + ((item).ai_privs = ((item).ai_privs & ~(((AclMode) 0xFFFFFFFF) << 32)) | \ + (((AclMode) (goptions) & 0xFFFFFFFF) << 32)) #define ACLITEM_SET_RIGHTS(item,rights) \ ((item).ai_privs = (AclMode) (rights)) #define ACLITEM_SET_PRIVS_GOPTIONS(item,privs,goptions) \ - ((item).ai_privs = ((AclMode) (privs) & 0xFFFF) | \ - (((AclMode) (goptions) & 0xFFFF) << 16)) + ((item).ai_privs = ((AclMode) (privs) & 0xFFFFFFFF) | \ + (((AclMode) (goptions) & 0xFFFFFFFF) << 32)) -#define ACLITEM_ALL_PRIV_BITS ((AclMode) 0xFFFF) -#define ACLITEM_ALL_GOPTION_BITS ((AclMode) 0xFFFF << 16) +#define ACLITEM_ALL_PRIV_BITS ((AclMode) 0xFFFFFFFF) +#define ACLITEM_ALL_GOPTION_BITS ((AclMode) 0xFFFFFFFF << 32) /* * Definitions for convenient access to Acl (array of AclItem). -- 2.30.2