Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitccfbd92

Browse files
committed
Replace existing durable_rename_excl() calls with durable_rename()
durable_rename_excl() attempts to avoid overwriting any existing filesby using link() and unlink(), falling back to rename() on some platforms(e.g., Windows where link() followed by unlink() is not concurrent-safe,see909b449). Most callers of durable_rename_excl() use it just in casethere is an existing file, but it happens that for all of them we neverexpect a target file to exist (WAL segment recycling, creation oftimeline history file and basic_archive).basic_archive used durable_rename_excl() to avoid overwriting an archiveconcurrently created by another server. Now, there is a stat() call toavoid overwriting an existing archive a couple of lines above, so notethat this change opens a small TOCTOU window in this module between thestat() call and durable_rename().Furthermore, as mentioned in the top comment of durable_rename_excl(),this routine can result in multiple hard links to the same file and datacorruption, with two or more links to the same file in pg_wal/ if acrash happens before the unlink() call during WAL recycling.Specifically, this would produce links to the same file for the currentWAL file and the next one because the half-recycled WAL file wasre-recycled during crash recovery of a follow-up cluster restart.This change replaces all calls to durable_rename_excl() withdurable_rename(). This removes the protection against accidentallyoverwriting an existing file, but some platforms are already livingwithout it, and all those code paths never expect an existing file (acouple of assertions are added to check after that, in case).This is a bug fix, but knowing the unlikeliness of the problem involvingone of more crashes at an exceptionally bad moment, no backpatch isdone. This could be revisited in the future.Author: Nathan BossartReviewed-by: Robert Haas, Kyotaro Horiguchi, Michael PaquierDiscussion:https://postgr.es/m/20220407182954.GA1231544@nathanxps13
1 parent755df30 commitccfbd92

File tree

3 files changed

+13
-20
lines changed

3 files changed

+13
-20
lines changed

‎contrib/basic_archive/basic_archive.c

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -281,9 +281,10 @@ basic_archive_file_internal(const char *file, const char *path)
281281

282282
/*
283283
* Sync the temporary file to disk and move it to its final destination.
284-
* This will fail if destination already exists.
284+
* Note that this will overwrite any existing file, but this is only
285+
* possible if someone else created the file since the stat() above.
285286
*/
286-
(void)durable_rename_excl(temp,destination,ERROR);
287+
(void)durable_rename(temp,destination,ERROR);
287288

288289
ereport(DEBUG1,
289290
(errmsg("archived \"%s\" via basic_archive",file)));

‎src/backend/access/transam/timeline.c

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -439,14 +439,11 @@ writeTimeLineHistory(TimeLineID newTLI, TimeLineID parentTLI,
439439

440440
/*
441441
* Now move the completed history file into place with its final name.
442+
* The target file should not exist.
442443
*/
443444
TLHistoryFilePath(path,newTLI);
444-
445-
/*
446-
* Perform the rename using link if available, paranoidly trying to avoid
447-
* overwriting an existing file (there shouldn't be one).
448-
*/
449-
durable_rename_excl(tmppath,path,ERROR);
445+
Assert(access(path,F_OK)!=0&&errno==ENOENT);
446+
durable_rename(tmppath,path,ERROR);
450447

451448
/* The history file can be archived immediately. */
452449
if (XLogArchivingActive())
@@ -517,14 +514,11 @@ writeTimeLineHistoryFile(TimeLineID tli, char *content, int size)
517514

518515
/*
519516
* Now move the completed history file into place with its final name.
517+
* The target file should not exist.
520518
*/
521519
TLHistoryFilePath(path,tli);
522-
523-
/*
524-
* Perform the rename using link if available, paranoidly trying to avoid
525-
* overwriting an existing file (there shouldn't be one).
526-
*/
527-
durable_rename_excl(tmppath,path,ERROR);
520+
Assert(access(path,F_OK)!=0&&errno==ENOENT);
521+
durable_rename(tmppath,path,ERROR);
528522
}
529523

530524
/*

‎src/backend/access/transam/xlog.c

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3323,14 +3323,12 @@ InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
33233323
}
33243324
}
33253325

3326-
/*
3327-
* Perform the rename using link if available, paranoidly trying to avoid
3328-
* overwriting an existing file (there shouldn't be one).
3329-
*/
3330-
if (durable_rename_excl(tmppath,path,LOG)!=0)
3326+
/* The target file should not exist */
3327+
Assert(access(path,F_OK)!=0&&errno==ENOENT);
3328+
if (durable_rename(tmppath,path,LOG)!=0)
33313329
{
33323330
LWLockRelease(ControlFileLock);
3333-
/*durable_rename_excl already emitted log message */
3331+
/*durable_rename already emitted log message */
33343332
return false;
33353333
}
33363334

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp