From e33967b13bbc6e4e1c1b5e9ecd1c45148cffcc53 Mon Sep 17 00:00:00 2001
From: Noah Misch <noah@leadboat.com>
Date: Sat, 25 Mar 2023 13:00:27 -0700
Subject: [PATCH] Comment on expectations for AutoVacuumWorkItem handlers.

This might prevent a repeat of the brin_summarize_range() vulnerability
that commit a117cebd638dd02e5c2e791c25e43745f233111b fixed.
---
 src/backend/postmaster/autovacuum.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/backend/postmaster/autovacuum.c b/src/backend/postmaster/autovacuum.c
index c0e2e00a7e3..585d28148ca 100644
--- a/src/backend/postmaster/autovacuum.c
+++ b/src/backend/postmaster/autovacuum.c
@@ -2655,7 +2655,10 @@ perform_work_item(AutoVacuumWorkItem *workitem)
 		/* Use PortalContext for any per-work-item allocations */
 		MemoryContextSwitchTo(PortalContext);
 
-		/* have at it */
+		/*
+		 * Have at it.  Functions called here are responsible for any required
+		 * user switch and sandbox.
+		 */
 		switch (workitem->avw_type)
 		{
 			case AVW_BRINSummarizeRange:
-- 
2.39.5