Harden columnar public views against cross-session temp relations

.devcontainer/Dockerfile

@@ -108,6 +108,18 @@ RUN mkdir .pgenv-staging/
 RUN cp -r .pgenv/src .pgenv/pgsql-* .pgenv/config .pgenv-staging/
 RUN rm .pgenv-staging/config/default.conf
 
+FROM base AS pg18
+RUN MAKEFLAGS="-j $(nproc)" pgenv build 18.0
+RUN rm .pgenv/src/*.tar*
+RUN make -C .pgenv/src/postgresql-*/ clean
+RUN make -C .pgenv/src/postgresql-*/src/include install
+
+# Stage the pgenv artifacts for PG18
+RUN mkdir .pgenv-staging/
+RUN cp -r .pgenv/src .pgenv/pgsql-* .pgenv/config .pgenv-staging/
+RUN rm .pgenv-staging/config/default.conf
+
+
 FROM base AS uncrustify-builder
 
 RUN sudo apt update && sudo apt install -y cmake tree
@@ -201,6 +213,7 @@ COPY --link --from=uncrustify-builder /uncrustify/usr/ /usr/
 COPY --link --from=pg15 /home/citus/.pgenv-staging/ /home/citus/.pgenv/
 COPY --link --from=pg16 /home/citus/.pgenv-staging/ /home/citus/.pgenv/
 COPY --link --from=pg17 /home/citus/.pgenv-staging/ /home/citus/.pgenv/
+COPY --link --from=pg18 /home/citus/.pgenv-staging/ /home/citus/.pgenv/
 
 COPY --link --from=pipenv /home/citus/.local/share/virtualenvs/ /home/citus/.local/share/virtualenvs/
 
@@ -216,7 +229,7 @@ COPY --chown=citus:citus .psqlrc .
 RUN sudo chown --from=root:root citus:citus -R ~
 
 # sets default pg version
-RUN pgenv switch 17.6
+RUN pgenv switch 18.0
 
 # make connecting to the coordinator easy
 ENV PGPORT=9700

.github/workflows/build_and_test.yml

@@ -32,11 +32,12 @@ jobs:
       style_checker_image_name: "ghcr.io/citusdata/stylechecker"
       style_checker_tools_version: "0.8.18"
       sql_snapshot_pg_version: "17.6"
-      image_suffix: "-va20872f"
+      image_suffix: "-dev-97072ce"
       pg15_version: '{ "major": "15", "full": "15.14" }'
       pg16_version: '{ "major": "16", "full": "16.10" }'
       pg17_version: '{ "major": "17", "full": "17.6" }'
-      upgrade_pg_versions: "15.14-16.10-17.6"
+      pg18_version: '{ "major": "18", "full": "18.0" }'
+      upgrade_pg_versions: "15.14-16.10-17.6-18.0"
     steps:
       # Since GHA jobs need at least one step we use a noop step here.
       - name: Set up parameters
@@ -113,6 +114,7 @@ jobs:
           - ${{ needs.params.outputs.pg15_version }}
           - ${{ needs.params.outputs.pg16_version }}
           - ${{ needs.params.outputs.pg17_version }}
+          - ${{ needs.params.outputs.pg18_version }}
     runs-on: ubuntu-latest
     container:
       image: "${{ matrix.image_name }}:${{ fromJson(matrix.pg_version).full }}${{ matrix.image_suffix }}"
@@ -144,6 +146,7 @@ jobs:
           - ${{ needs.params.outputs.pg15_version }}
           - ${{ needs.params.outputs.pg16_version }}
           - ${{ needs.params.outputs.pg17_version }}
+          - ${{ needs.params.outputs.pg18_version }}
         make:
           - check-split
           - check-multi
@@ -174,6 +177,10 @@ jobs:
             pg_version: ${{ needs.params.outputs.pg17_version }}
             suite: regress
             image_name: ${{ needs.params.outputs.fail_test_image_name }}
+          - make: check-failure
+            pg_version: ${{ needs.params.outputs.pg18_version }}
+            suite: regress
+            image_name: ${{ needs.params.outputs.fail_test_image_name }}
           - make: check-enterprise-failure
             pg_version: ${{ needs.params.outputs.pg15_version }}
             suite: regress
@@ -186,6 +193,10 @@ jobs:
             pg_version: ${{ needs.params.outputs.pg17_version }}
             suite: regress
             image_name: ${{ needs.params.outputs.fail_test_image_name }}
+          - make: check-enterprise-failure
+            pg_version: ${{ needs.params.outputs.pg18_version }}
+            suite: regress
+            image_name: ${{ needs.params.outputs.fail_test_image_name }}
           - make: check-pytest
             pg_version: ${{ needs.params.outputs.pg15_version }}
             suite: regress
@@ -198,6 +209,10 @@ jobs:
             pg_version: ${{ needs.params.outputs.pg17_version }}
             suite: regress
             image_name: ${{ needs.params.outputs.fail_test_image_name }}
+          - make: check-pytest
+            pg_version: ${{ needs.params.outputs.pg18_version }}
+            suite: regress
+            image_name: ${{ needs.params.outputs.fail_test_image_name }}
           - make: installcheck
             suite: cdc
             image_name: ${{ needs.params.outputs.test_image_name }}
@@ -210,6 +225,10 @@ jobs:
             suite: cdc
             image_name: ${{ needs.params.outputs.test_image_name }}
             pg_version: ${{ needs.params.outputs.pg17_version }}
+          - make: installcheck
+            suite: cdc
+            image_name: ${{ needs.params.outputs.test_image_name }}
+            pg_version: ${{ needs.params.outputs.pg18_version }}
           - make: check-query-generator
             pg_version: ${{ needs.params.outputs.pg15_version }}
             suite: regress
@@ -222,6 +241,10 @@ jobs:
             pg_version: ${{ needs.params.outputs.pg17_version }}
             suite: regress
             image_name: ${{ needs.params.outputs.fail_test_image_name }}
+          - make: check-query-generator
+            pg_version: ${{ needs.params.outputs.pg18_version }}
+            suite: regress
+            image_name: ${{ needs.params.outputs.fail_test_image_name }}
     runs-on: ubuntu-latest
     container:
       image: "${{ matrix.image_name }}:${{ fromJson(matrix.pg_version).full }}${{ needs.params.outputs.image_suffix }}"
@@ -265,6 +288,7 @@ jobs:
           - ${{ needs.params.outputs.pg15_version }}
           - ${{ needs.params.outputs.pg16_version }}
           - ${{ needs.params.outputs.pg17_version }}
+          - ${{ needs.params.outputs.pg18_version }}
         parallel: [0,1,2,3,4,5] # workaround for running 6 parallel jobs
     steps:
     - uses: actions/checkout@v4
@@ -315,6 +339,12 @@ jobs:
             new_pg_major: 17
           - old_pg_major: 15
             new_pg_major: 17
+          - old_pg_major: 17
+            new_pg_major: 18
+          - old_pg_major: 16
+            new_pg_major: 18
+          - old_pg_major: 15
+            new_pg_major: 18
     env:
       old_pg_major: ${{ matrix.old_pg_major }}
       new_pg_major: ${{ matrix.new_pg_major }}
@@ -509,7 +539,7 @@ jobs:
     name: Test flakyness
     runs-on: ubuntu-latest
     container:
-      image: ${{ needs.params.outputs.fail_test_image_name }}:${{ fromJson(needs.params.outputs.pg17_version).full }}${{ needs.params.outputs.image_suffix }}
+      image: ${{ needs.params.outputs.fail_test_image_name }}:${{ fromJson(needs.params.outputs.pg18_version).full }}${{ needs.params.outputs.image_suffix }}
       options: --user root
     env:
       runs: 8

.github/workflows/packaging-test-pipelines.yml

@@ -29,7 +29,7 @@ jobs:
           # Postgres versions are stored in .github/workflows/build_and_test.yml
           # file in json strings with major and full keys.
           # Below command extracts the versions and get the unique values.
-          pg_versions=$(cat .github/workflows/build_and_test.yml | grep -oE '"major": "[0-9]+", "full": "[0-9.]+"' | sed -E 's/"major": "([0-9]+)", "full": "([0-9.]+)"/\1/g' | sort | uniq | tr '\n', ',')
+          pg_versions=$(cat .github/workflows/build_and_test.yml | grep -oE '"major": "[0-9]+", "full": "[^"]+"' | sed -E 's/.*"major": "([0-9]+)".*/\1/' | sort -n | uniq | tr '\n' ',')
           pg_versions_array="[ ${pg_versions} ]"
           echo "Supported PG Versions: ${pg_versions_array}"
           # Below line is needed to set the output variable to be used in the next job

configure

@@ -2588,7 +2588,7 @@ fi
 if test "$with_pg_version_check" = no; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: building against PostgreSQL $version_num (skipped compatibility check)" >&5
 $as_echo "$as_me: building against PostgreSQL $version_num (skipped compatibility check)" >&6;}
-elif test "$version_num" != '15' -a  "$version_num" != '16' -a  "$version_num" != '17'; then
+elif test "$version_num" != '15' -a  "$version_num" != '16' -a  "$version_num" != '17' -a "$version_num" != '18'; then
    as_fn_error $? "Citus is not compatible with the detected PostgreSQL version ${version_num}." "$LINENO" 5
 else
    { $as_echo "$as_me:${as_lineno-$LINENO}: building against PostgreSQL $version_num" >&5

configure.ac

@@ -80,7 +80,7 @@ AC_SUBST(with_pg_version_check)
 
 if test "$with_pg_version_check" = no; then
     AC_MSG_NOTICE([building against PostgreSQL $version_num (skipped compatibility check)])
-elif test "$version_num" != '15' -a  "$version_num" != '16' -a  "$version_num" != '17'; then
+elif test "$version_num" != '15' -a  "$version_num" != '16' -a  "$version_num" != '17' -a  "$version_num" != '18'; then
    AC_MSG_ERROR([Citus is not compatible with the detected PostgreSQL version ${version_num}.])
 else
    AC_MSG_NOTICE([building against PostgreSQL $version_num])

src/backend/columnar/columnar_metadata.c

@@ -2024,6 +2024,27 @@ Datum
 columnar_relation_storageid(PG_FUNCTION_ARGS)
 {
 	Oid relationId = PG_GETARG_OID(0);
+
+	/* Keep in sync with columnar.storage view filter (exclude other sessions' temps). */
+#if PG_VERSION_NUM >= PG_VERSION_18
+
+	/* PG18+: avoid relation_open() on other sessions' temp tables. */
+	HeapTuple classtup = SearchSysCache1(RELOID, ObjectIdGetDatum(relationId));
+	if (!HeapTupleIsValid(classtup))
+	{
+		PG_RETURN_NULL(); /* invalid/gone OID */
+	}
+	Form_pg_class cls = (Form_pg_class) GETSTRUCT(classtup);
+	bool reject = (cls->relpersistence == RELPERSISTENCE_TEMP) &&
+				  isOtherTempNamespace(cls->relnamespace);
+	ReleaseSysCache(classtup);
+
+	if (reject)
+	{
+		PG_RETURN_NULL(); /* function is STRICT; callers just skip */
+	}
+#endif
+
 	Relation relation = relation_open(relationId, AccessShareLock);
 
 	if (!object_ownercheck(RelationRelationId, relationId, GetUserId()))

src/backend/columnar/sql/citus_columnar--13.2-1--14.0-1.sql

@@ -1,2 +1,44 @@
 -- citus_columnar--13.2-1--14.0-1
 -- bump version to 14.0-1
+
+CREATE OR REPLACE VIEW columnar.storage WITH (security_barrier) AS
+  SELECT c.oid::regclass AS relation,
+         columnar.get_storage_id(c.oid) AS storage_id
+  FROM pg_catalog.pg_class c
+  JOIN pg_catalog.pg_am am ON c.relam = am.oid
+  WHERE am.amname = 'columnar'
+    -- exclude other sessions' temp rels, but keep *my* temp tables
+    AND (c.relpersistence <> 't'
+         OR c.relnamespace = pg_catalog.pg_my_temp_schema())
+    AND pg_catalog.pg_has_role(c.relowner, 'USAGE');
+COMMENT ON VIEW columnar.storage IS 'Columnar relation ID to storage ID mapping.';
+GRANT SELECT ON columnar.storage TO PUBLIC;
+
+-- re-emit dependent views with OR REPLACE so they stay bound cleanly
+CREATE OR REPLACE VIEW columnar.stripe WITH (security_barrier) AS
+  SELECT relation, storage.storage_id, stripe_num, file_offset, data_length,
+         column_count, chunk_row_count, row_count, chunk_group_count, first_row_number
+    FROM columnar_internal.stripe stripe, columnar.storage storage
+   WHERE stripe.storage_id = storage.storage_id;
+COMMENT ON VIEW columnar.stripe
+  IS 'Columnar stripe information for tables on which the current user has ownership privileges.';
+GRANT SELECT ON columnar.stripe TO PUBLIC;
+
+CREATE OR REPLACE VIEW columnar.chunk_group WITH (security_barrier) AS
+  SELECT relation, storage.storage_id, stripe_num, chunk_group_num, row_count
+    FROM columnar_internal.chunk_group cg, columnar.storage storage
+   WHERE cg.storage_id = storage.storage_id;
+COMMENT ON VIEW columnar.chunk_group
+  IS 'Columnar chunk group information for tables on which the current user has ownership privileges.';
+GRANT SELECT ON columnar.chunk_group TO PUBLIC;
+
+CREATE OR REPLACE VIEW columnar.chunk WITH (security_barrier) AS
+  SELECT relation, storage.storage_id, stripe_num, attr_num, chunk_group_num,
+         minimum_value, maximum_value, value_stream_offset, value_stream_length,
+         exists_stream_offset, exists_stream_length, value_compression_type,
+         value_compression_level, value_decompressed_length, value_count
+    FROM columnar_internal.chunk chunk, columnar.storage storage
+   WHERE chunk.storage_id = storage.storage_id;
+COMMENT ON VIEW columnar.chunk
+  IS 'Columnar chunk information for tables on which the current user has ownership privileges.';
+GRANT SELECT ON columnar.chunk TO PUBLIC;

src/test/regress/citus_tests/common.py

@@ -94,6 +94,7 @@ def get_pg_major_version():
     15: "11.1.5",
     16: "12.1.5",
     17: "13.0.1",
+    18: "13.2.0",
 }
 
 OLDEST_SUPPORTED_CITUS_VERSION = OLDEST_SUPPORTED_CITUS_VERSION_MATRIX[PG_MAJOR_VERSION]