NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit215ac4a

committed

Truncate pg_multixact/'s contents during crash recovery

Commit9dc842f of 8.2 era prevented MultiXact truncation during crashrecovery, because there was no guarantee that enough state had beensetup, and because it wasn't deemed to be a good idea to remove dataduring crash recovery anyway. Since then, due to Hot-Standby, streamingreplication and PITR, the amount of time a cluster can spend doing crashrecovery has increased significantly, to the point that a cluster mayeven never come out of it. This has made not truncating the content ofpg_multixact/ not defensible anymore.To fix, take care to setup enough state for multixact truncation beforecrash recovery starts (easy since checkpoints contain the requiredinformation), and move the current end-of-recovery actions to a newTrimMultiXact() function, analogous to TrimCLOG().At some later point, this should probably done similarly to the wayclog.c is doing it, which is to just WAL log truncations, but we can'tdo that for the back branches.Back-patch to 9.0. 8.4 also has the problem, but since there's no hotstandby there, it's much less pressing. In 9.2 and earlier, this patchis simpler than in newer branches, because multixact access duringrecovery isn't required. Add appropriate checks to make sure that's nothappening.Andres Freund

1 parentf5f92bd commit215ac4aCopy full SHA for 215ac4a

File tree

3 files changed

+70

-14

lines changed

src
- backend/access/transam
  - multixact.c
  - xlog.c
- include/access
  - multixact.h

3 files changed

+70

-14

lines changed

`‎src/backend/access/transam/multixact.c`

Lines changed: 42 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -1768,14 +1768,37 @@ MaybeExtendOffsetSlru(void)`
`1768`	`1768`	`*`
`1769`	`1769`	`* StartupXLOG has already established nextMXact/nextOffset by calling`
`1770`	`1770`	`* MultiXactSetNextMXact and/or MultiXactAdvanceNextMXact, and the oldestMulti`
`1771`		`- * info from pg_control and/or MultiXactAdvanceOldest.Note that we may`
`1772`		`- * already have replayed WAL data into the SLRU files.`
`1773`		`- *`
`1774`		`- * We don't need any locks here, really; the SLRU locks are taken`
`1775`		`- * only because slru.c expects to be called with locks held.`
	`1771`	`+ * info from pg_control and/or MultiXactAdvanceOldest, but we haven't yet`
	`1772`	`+ * replayed WAL.`
`1776`	`1773`	`*/`
`1777`	`1774`	`void`
`1778`	`1775`	`StartupMultiXact(void)`
	`1776`	`+{`
	`1777`	`+MultiXactIdmulti=MultiXactState->nextMXact;`
	`1778`	`+MultiXactOffsetoffset=MultiXactState->nextOffset;`
	`1779`	`+intpageno;`
	`1780`	`+`
	`1781`	`+/*`
	`1782`	`+ * Initialize offset's idea of the latest page number.`
	`1783`	`+ */`
	`1784`	`+pageno=MultiXactIdToOffsetPage(multi);`
	`1785`	`+MultiXactOffsetCtl->shared->latest_page_number=pageno;`
	`1786`	`+`
	`1787`	`+/*`
	`1788`	`+ * Initialize member's idea of the latest page number.`
	`1789`	`+ */`
	`1790`	`+pageno=MXOffsetToMemberPage(offset);`
	`1791`	`+MultiXactMemberCtl->shared->latest_page_number=pageno;`
	`1792`	`+}`
	`1793`	`+`
	`1794`	`+/*`
	`1795`	`+ * This must be called ONCE at the end of startup/recovery.`
	`1796`	`+ *`
	`1797`	`+ * We don't need any locks here, really; the SLRU locks are taken only because`
	`1798`	`+ * slru.c expects to be called with locks held.`
	`1799`	`+ */`
	`1800`	`+void`
	`1801`	`+TrimMultiXact(void)`
`1779`	`1802`	`{`
`1780`	`1803`	`MultiXactIdmulti=MultiXactState->nextMXact;`
`1781`	`1804`	`MultiXactOffsetoffset=MultiXactState->nextOffset;`
`@@ -1785,7 +1808,9 @@ StartupMultiXact(void)`
`1785`	`1808`
`1786`	`1809`	`/*`
`1787`	`1810`	`* During a binary upgrade, make sure that the offsets SLRU is large`
`1788`		`- * enough to contain the next value that would be created.`
	`1811`	`+ * enough to contain the next value that would be created. It's fine to do`
	`1812`	`+ * this here and not in StartupMultiXact() since binary upgrades should`
	`1813`	`+ * never need crash recovery.`
`1789`	`1814`	`*/`
`1790`	`1815`	`if (IsBinaryUpgrade)`
`1791`	`1816`	`MaybeExtendOffsetSlru();`
`@@ -1794,7 +1819,7 @@ StartupMultiXact(void)`
`1794`	`1819`	`LWLockAcquire(MultiXactOffsetControlLock,LW_EXCLUSIVE);`
`1795`	`1820`
`1796`	`1821`	`/*`
`1797`		`- * Initialize our idea of the latest page number.`
	`1822`	`+ *(Re-)Initialize our idea of the latest page number.`
`1798`	`1823`	`*/`
`1799`	`1824`	`pageno=MultiXactIdToOffsetPage(multi);`
`1800`	`1825`	`MultiXactOffsetCtl->shared->latest_page_number=pageno;`
`@@ -1824,7 +1849,7 @@ StartupMultiXact(void)`
`1824`	`1849`	`LWLockAcquire(MultiXactMemberControlLock,LW_EXCLUSIVE);`
`1825`	`1850`
`1826`	`1851`	`/*`
`1827`		`- * Initialize our idea of the latest page number.`
	`1852`	`+ *(Re-)Initialize our idea of the latest page number.`
`1828`	`1853`	`*/`
`1829`	`1854`	`pageno=MXOffsetToMemberPage(offset);`
`1830`	`1855`	`MultiXactMemberCtl->shared->latest_page_number=pageno;`
`@@ -2258,9 +2283,15 @@ SlruScanDirCbFindEarliest(SlruCtl ctl, char filename, int segpage, void data)`
`2258`	`2283`	`* Remove all MultiXactOffset and MultiXactMember segments before the oldest`
`2259`	`2284`	`* ones still of interest.`
`2260`	`2285`	`*`
`2261`		`- * This is called by vacuum after it has successfully advanced a database's`
`2262`		`- * datminmxid value; the cutoff value we're passed is the minimum of all`
`2263`		`- * databases' datminmxid values.`
	`2286`	`+ * On a primary, this is called by vacuum after it has successfully advanced a`
	`2287`	`+ * database's datminmxid value; the cutoff value we're passed is the minimum of`
	`2288`	`+ * all databases' datminmxid values.`
	`2289`	`+ *`
	`2290`	`+ * During crash recovery, it's called from CreateRestartPoint() instead. We`
	`2291`	`+ * rely on the fact that xlog_redo() will already have called`
	`2292`	`+ * MultiXactAdvanceOldest(). Our latest_page_number will already have been`
	`2293`	`+ * initialized by StartupMultiXact() and kept up to date as new pages are`
	`2294`	`+ * zeroed.`
`2264`	`2295`	`*/`
`2265`	`2296`	`void`
`2266`	`2297`	`TruncateMultiXact(MultiXactIdoldestMXact)`

`‎src/backend/access/transam/xlog.c`

Lines changed: 27 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -5195,6 +5195,14 @@ StartupXLOG(void)`
`5195`	`5195`	`XLogCtl->ckptXidEpoch=checkPoint.nextXidEpoch;`
`5196`	`5196`	`XLogCtl->ckptXid=checkPoint.nextXid;`
`5197`	`5197`
	`5198`	`+/*`
	`5199`	`+ * Startup MultiXact. We need to do this early for two reasons: one`
	`5200`	`+ * is that we might try to access multixacts when we do tuple freezing,`
	`5201`	`+ * and the other is we need its state initialized because we attempt`
	`5202`	`+ * truncation during restartpoints.`
	`5203`	`+ */`
	`5204`	`+StartupMultiXact();`
	`5205`	`+`
`5198`	`5206`	`/*`
`5199`	`5207`	`* Initialize unlogged LSN. On a clean shutdown, it's restored from the`
`5200`	`5208`	`* control file. On recovery, all unlogged relations are blown away, so`
`@@ -5395,8 +5403,9 @@ StartupXLOG(void)`
`5395`	`5403`	`ProcArrayInitRecovery(ShmemVariableCache->nextXid);`
`5396`	`5404`
`5397`	`5405`	`/*`
`5398`		`- * Startup commit log and subtrans only. Other SLRUs are not`
`5399`		`- * maintained during recovery and need not be started yet.`
	`5406`	`+ * Startup commit log and subtrans only. MultiXact has already`
	`5407`	`+ * been started up and other SLRUs are not maintained during`
	`5408`	`+ * recovery and need not be started yet.`
`5400`	`5409`	`*/`
`5401`	`5410`	`StartupCLOG();`
`5402`	`5411`	`StartupSUBTRANS(oldestActiveXID);`
`@@ -6061,8 +6070,8 @@ StartupXLOG(void)`
`6061`	`6070`	`/*`
`6062`	`6071`	`* Perform end of recovery actions for any SLRUs that need it.`
`6063`	`6072`	`*/`
`6064`		`-StartupMultiXact();`
`6065`	`6073`	`TrimCLOG();`
	`6074`	`+TrimMultiXact();`
`6066`	`6075`
`6067`	`6076`	`/* Reload shared-memory state for prepared transactions */`
`6068`	`6077`	`RecoverPreparedTransactions();`
`@@ -7459,6 +7468,21 @@ CreateRestartPoint(int flags)`
`7459`	`7468`	`}`
`7460`	`7469`	`LWLockRelease(ControlFileLock);`
`7461`	`7470`
	`7471`	`+/*`
	`7472`	`+ * Due to an historical accident multixact truncations are not WAL-logged,`
	`7473`	`+ * but just performed everytime the mxact horizon is increased. So, unless`
	`7474`	`+ * we explicitly execute truncations on a standby it will never clean out`
	`7475`	`+ * /pg_multixact which obviously is bad, both because it uses space and`
	`7476`	`+ * because we can wrap around into pre-existing data...`
	`7477`	`+ *`
	`7478`	`+ * We can only do the truncation here, after the UpdateControlFile()`
	`7479`	`+ * above, because we've now safely established a restart point, that`
	`7480`	`+ * guarantees we will not need need to access those multis.`
	`7481`	`+ *`
	`7482`	`+ * It's probably worth improving this.`
	`7483`	`+ */`
	`7484`	`+TruncateMultiXact(lastCheckPoint.oldestMulti);`
	`7485`	`+`
`7462`	`7486`	`/*`
`7463`	`7487`	`* Delete old log files (those no longer needed even for previous`
`7464`	`7488`	`* checkpoint/restartpoint) to prevent the disk holding the xlog from`

`‎src/include/access/multixact.h`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,7 @@ extern Size MultiXactShmemSize(void);`
`98`	`98`	`externvoidMultiXactShmemInit(void);`
`99`	`99`	`externvoidBootStrapMultiXact(void);`
`100`	`100`	`externvoidStartupMultiXact(void);`
	`101`	`+externvoidTrimMultiXact(void);`
`101`	`102`	`externvoidShutdownMultiXact(void);`
`102`	`103`	`externvoidSetMultiXactIdLimit(MultiXactIdoldest_datminmxid,`
`103`	`104`	`Oidoldest_datoid);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit215ac4a

File tree

3 files changed

3 files changed

`‎src/backend/access/transam/multixact.c`

`‎src/backend/access/transam/xlog.c`

`‎src/include/access/multixact.h`

0 commit comments