- Notifications
You must be signed in to change notification settings - Fork4.9k
Commitdac1ff3
committed
Replace durable_rename_excl() by durable_rename(), take two
durable_rename_excl() attempts to avoid overwriting any existing filesby using link() and unlink(), and it falls back to rename() on someplatforms (aka WIN32), which offers no such overwrite protection. Mostcallers use durable_rename_excl() just in case there is an existingfile, but in practice there shouldn't be one (see below for moredetails).Furthermore, failures during durable_rename_excl() can result inmultiple hard links to the same file. As per Nathan's tests, it ispossible to end up with two links to the same file in pg_wal after acrash just before unlink() during WAL recycling. Specifically, the testproduced links to the same file for the current WAL file and the nextone because the half-recycled WAL file was re-recycled upon restarting,leading to WAL corruption.This change replaces all the calls of durable_rename_excl() todurable_rename(). This removes the protection against accidentallyoverwriting an existing file, but some platforms are already livingwithout it and ordinarily there shouldn't be one. The function itselfis left around in case any extensions are using it. It will be removedon HEAD via a follow-up commit.Here is a summary of the existing callers of durable_rename_excl() (seesecond discussion link at the bottom), replaced by this commit. First,basic_archive used it to avoid overwriting an archive concurrentlycreated by another server, but as mentioned above, it will stilloverwrite files on some platforms. Second, xlog.c uses it to recyclepast WAL segments, where an overwrite should not happen (origin of thechange atf0e37a8) because there are protections about the WAL segmentto select when recycling an entry. The third and last area is relatedto the write of timeline history files. writeTimeLineHistory() willwrite a new timeline history file at the end of recovery on promotion,so there should be no such files for the same timeline.What remains is writeTimeLineHistoryFile(), that can be used in parallelby a WAL receiver and the startup process, and some digging of thebuildfarm shows that EEXIST from a WAL receiver can happen with an errorof "could not link file \"pg_wal/xlogtemp.NN\" to \"pg_wal/MM.history\",which would cause an automatic restart of the WAL receiver as it ispromoted to FATAL, hence this should improve the stability of the WALreceiver as rename() would overwrite an existing TLI history filealready fetched by the startup process at recovery.This is a bug fix, but knowing the unlikeliness of the problem involvingone or more crashes at an exceptionally bad moment, no backpatch isdone. Also, I want to be careful with such changes (aaa3aed did theopposite of this change by removing HAVE_WORKING_LINK so as Windowswould do a link() rather than a rename() but this was notconcurrent-safe). A backpatch could be revisited in the future. Thisis the second time this change is attempted,ccfbd92 being the firstone, but this time no assertions are added for the case of a TLI historyfile written concurrently by the WAL receiver or the startup processbecause we can expect one to exist (some of the TAP tests are able totrigger with a proper timing).Author: Nathan BossartReviewed-by: Robert Haas, Kyotaro Horiguchi, Michael PaquierDiscussion:https://postgr.es/m/20220407182954.GA1231544@nathanxps13Discussion:https://postgr.es/m/Ym6GZbqQdlalSKSG@paquier.xyz1 parent2ce648f commitdac1ff3
File tree
3 files changed
+11
-21
lines changed- contrib/basic_archive
- src/backend/access/transam
3 files changed
+11
-21
lines changedLines changed: 3 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
282 | 282 | | |
283 | 283 | | |
284 | 284 | | |
285 | | - | |
| 285 | + | |
| 286 | + | |
286 | 287 | | |
287 | | - | |
| 288 | + | |
288 | 289 | | |
289 | 290 | | |
290 | 291 | | |
| |||
Lines changed: 5 additions & 13 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
441 | 441 | | |
442 | 442 | | |
443 | 443 | | |
444 | | - | |
445 | | - | |
446 | | - | |
447 | | - | |
448 | | - | |
449 | | - | |
| 444 | + | |
| 445 | + | |
450 | 446 | | |
451 | 447 | | |
452 | 448 | | |
| |||
516 | 512 | | |
517 | 513 | | |
518 | 514 | | |
519 | | - | |
| 515 | + | |
| 516 | + | |
520 | 517 | | |
521 | 518 | | |
522 | | - | |
523 | | - | |
524 | | - | |
525 | | - | |
526 | | - | |
527 | | - | |
| 519 | + | |
528 | 520 | | |
529 | 521 | | |
530 | 522 | | |
| |||
Lines changed: 3 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3323 | 3323 | | |
3324 | 3324 | | |
3325 | 3325 | | |
3326 | | - | |
3327 | | - | |
3328 | | - | |
3329 | | - | |
3330 | | - | |
| 3326 | + | |
| 3327 | + | |
3331 | 3328 | | |
3332 | 3329 | | |
3333 | | - | |
| 3330 | + | |
3334 | 3331 | | |
3335 | 3332 | | |
3336 | 3333 | | |
| |||
0 commit comments
Comments
(0)