NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit566372b

committed

Prevent concurrent SimpleLruTruncate() for any given SLRU.

The SimpleLruTruncate() header comment states the new coding rule. Toachieve this, add locktype "frozenid" and two LWLocks. This closes arare opportunity for data loss, which manifested as "apparentwraparound" or "could not access status of transaction" errors. Dataloss is more likely in pg_multixact, due to released branches' thinmargin between multiStopLimit and multiWrapLimit. If a user's physicalreplication primary logged ": apparent wraparound" messages, the usershould rebuild standbys of that primary regardless of symptoms. At lessrisk is a cluster having emitted "not accepting commands" errors or"must be vacuumed" warnings at some point. One can test a cluster forthis data loss by running VACUUM FREEZE in every database. Back-patchto 9.5 (all supported versions).Discussion:https://postgr.es/m/20190218073103.GA1434723@rfd.leadboat.com

1 parentd4d443b commit566372bCopy full SHA for 566372b

File tree

11 files changed

+117

-13

lines changed

doc/src/sgml
- catalogs.sgml
- monitoring.sgml
src
- backend
  - access/transam
    - slru.c
    - subtrans.c
  - commands
    - async.c
    - vacuum.c
  - storage/lmgr
    - lmgr.c
    - lwlocknames.txt
  - utils/adt
    - lockfuncs.c
- include/storage
  - lmgr.h
  - lock.h

11 files changed

+117

-13

lines changed

`‎doc/src/sgml/catalogs.sgml`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -10226,7 +10226,8 @@ SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable>&l`
`10226`	`10226`	`and general database objects (identified by class OID and object OID,`
`10227`	`10227`	`in the same way as in <structname>pg_description</structname> or`
`10228`	`10228`	`<structname>pg_depend</structname>). Also, the right to extend a`
`10229`		`- relation is represented as a separate lockable object.`
	`10229`	`+ relation is represented as a separate lockable object, as is the right to`
	`10230`	`+ update <structname>pg_database</structname>.<structfield>datfrozenxid</structfield>.`
`10230`	`10231`	`Also, <quote>advisory</quote> locks can be taken on numbers that have`
`10231`	`10232`	`user-defined meanings.`
`10232`	`10233`	`</para>`
`@@ -10254,6 +10255,7 @@ SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable>&l`
`10254`	`10255`	`Type of the lockable object:`
`10255`	`10256`	`<literal>relation</literal>,`
`10256`	`10257`	`<literal>extend</literal>,`
	`10258`	`+ <literal>frozenid</literal>,`
`10257`	`10259`	`<literal>page</literal>,`
`10258`	`10260`	`<literal>tuple</literal>,`
`10259`	`10261`	`<literal>transactionid</literal>,`

`‎doc/src/sgml/monitoring.sgml`

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1742,6 +1742,12 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser`
`1742`	`1742`	`<entry><literal>extend</literal></entry>`
`1743`	`1743`	`<entry>Waiting to extend a relation.</entry>`
`1744`	`1744`	`</row>`
	`1745`	`+ <row>`
	`1746`	`+ <entry><literal>frozenid</literal></entry>`
	`1747`	`+ <entry>Waiting to`
	`1748`	`+ update <structname>pg_database</structname>.<structfield>datfrozenxid</structfield>`
	`1749`	`+ and <structname>pg_database</structname>.<structfield>datminmxid</structfield>.</entry>`
	`1750`	`+ </row>`
`1745`	`1751`	`<row>`
`1746`	`1752`	`<entry><literal>object</literal></entry>`
`1747`	`1753`	`<entry>Waiting to acquire a lock on a non-relation database object.</entry>`
`@@ -1910,6 +1916,11 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser`
`1910`	`1916`	`<entry><literal>NotifyQueue</literal></entry>`
`1911`	`1917`	`<entry>Waiting to read or update <command>NOTIFY</command> messages.</entry>`
`1912`	`1918`	`</row>`
	`1919`	`+ <row>`
	`1920`	`+ <entry><literal>NotifyQueueTail</literal></entry>`
	`1921`	`+ <entry>Waiting to update limit on <command>NOTIFY</command> message`
	`1922`	`+ storage.</entry>`
	`1923`	`+ </row>`
`1913`	`1924`	`<row>`
`1914`	`1925`	`<entry><literal>NotifySLRU</literal></entry>`
`1915`	`1926`	`<entry>Waiting to access the <command>NOTIFY</command> message SLRU`
`@@ -2086,6 +2097,11 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser`
`2086`	`2097`	`<entry><literal>WALWrite</literal></entry>`
`2087`	`2098`	`<entry>Waiting for WAL buffers to be written to disk.</entry>`
`2088`	`2099`	`</row>`
	`2100`	`+ <row>`
	`2101`	`+ <entry><literal>WrapLimitsVacuum</literal></entry>`
	`2102`	`+ <entry>Waiting to update limits on transaction id and multixact`
	`2103`	`+ consumption.</entry>`
	`2104`	`+ </row>`
`2089`	`2105`	`<row>`
`2090`	`2106`	`<entry><literal>XactBuffer</literal></entry>`
`2091`	`2107`	`<entry>Waiting for I/O on a transaction status SLRU buffer.</entry>`

`‎src/backend/access/transam/slru.c`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1191,6 +1191,14 @@ SimpleLruFlush(SlruCtl ctl, bool allow_redirtied)`
`1191`	`1191`
`1192`	`1192`	`/*`
`1193`	`1193`	`* Remove all segments before the one holding the passed page number`
	`1194`	`+ *`
	`1195`	`+ * All SLRUs prevent concurrent calls to this function, either with an LWLock`
	`1196`	`+ * or by calling it only as part of a checkpoint. Mutual exclusion must begin`
	`1197`	`+ * before computing cutoffPage. Mutual exclusion must end after any limit`
	`1198`	`+ * update that would permit other backends to write fresh data into the`
	`1199`	`+ * segment immediately preceding the one containing cutoffPage. Otherwise,`
	`1200`	`+ * when the SLRU is quite full, SimpleLruTruncate() might delete that segment`
	`1201`	`+ * after it has accrued freshly-written data.`
`1194`	`1202`	`*/`
`1195`	`1203`	`void`
`1196`	`1204`	`SimpleLruTruncate(SlruCtlctl,intcutoffPage)`

`‎src/backend/access/transam/subtrans.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -349,8 +349,8 @@ ExtendSUBTRANS(TransactionId newestXact)`
`349`	`349`	`/*`
`350`	`350`	`* Remove all SUBTRANS segments before the one holding the passed transaction ID`
`351`	`351`	`*`
`352`		`- *This isnormally called during checkpoint, with oldestXact being the`
`353`		`- *oldest TransactionXmin of any running transaction.`
	`352`	`+ *oldestXact isthe oldest TransactionXmin of any running transaction. This`
	`353`	`+ *is called only during checkpoint.`
`354`	`354`	`*/`
`355`	`355`	`void`
`356`	`356`	`TruncateSUBTRANS(TransactionIdoldestXact)`

`‎src/backend/commands/async.c`

Lines changed: 27 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -244,19 +244,22 @@ typedef struct QueueBackendStatus`
`244`	`244`	`/*`
`245`	`245`	`* Shared memory state for LISTEN/NOTIFY (excluding its SLRU stuff)`
`246`	`246`	`*`
`247`		`- * The AsyncQueueControl structure is protected by the NotifyQueueLock.`
	`247`	`+ * The AsyncQueueControl structure is protected by the NotifyQueueLock and`
	`248`	`+ * NotifyQueueTailLock.`
`248`	`249`	`*`
`249`		`- * When holdingthe lockin SHARED mode, backends may only inspect their own`
`250`		`- * entries as well as the head and tail pointers. Consequently we can allow a`
`251`		`- * backend to update its own record while holding only SHARED lock (since no`
`252`		`- * other backend will inspect it).`
	`250`	`+ * When holdingNotifyQueueLockin SHARED mode, backends may only inspect`
	`251`	`+ *their ownentries as well as the head and tail pointers. Consequently we`
	`252`	`+ *can allow abackend to update its own record while holding only SHARED lock`
	`253`	`+ *(since noother backend will inspect it).`
`253`	`254`	`*`
`254`		`- * When holding the lock in EXCLUSIVE mode, backends can inspect the entries`
`255`		`- * of other backends and also change the head and tail pointers.`
	`255`	`+ * When holding NotifyQueueLock in EXCLUSIVE mode, backends can inspect the`
	`256`	`+ * entries of other backends and also change the head pointer. When holding`
	`257`	`+ * both NotifyQueueLock and NotifyQueueTailLock in EXCLUSIVE mode, backends`
	`258`	`+ * can change the tail pointer.`
`256`	`259`	`*`
`257`	`260`	`* NotifySLRULock is used as the control lock for the pg_notify SLRU buffers.`
`258`		`- * In order to avoid deadlocks, whenever we needboth locks, wealwaysfirst`
`259`		`- *getNotifyQueueLock andthen NotifySLRULock.`
	`261`	`+ * In order to avoid deadlocks, whenever we needmultiple locks, we first get`
	`262`	`+ *NotifyQueueTailLock, thenNotifyQueueLock, andlastly NotifySLRULock.`
`260`	`263`	`*`
`261`	`264`	`* Each backend uses the backend[] array entry with index equal to its`
`262`	`265`	`* BackendId (which can range from 1 to MaxBackends). We rely on this to make`
`@@ -2177,6 +2180,10 @@ asyncQueueAdvanceTail(void)`
`2177`	`2180`	`intnewtailpage;`
`2178`	`2181`	`intboundary;`
`2179`	`2182`
	`2183`	`+/* Restrict task to one backend per cluster; see SimpleLruTruncate(). */`
	`2184`	`+LWLockAcquire(NotifyQueueTailLock,LW_EXCLUSIVE);`
	`2185`	`+`
	`2186`	`+/* Compute the new tail. */`
`2180`	`2187`	`LWLockAcquire(NotifyQueueLock,LW_EXCLUSIVE);`
`2181`	`2188`	`min=QUEUE_HEAD;`
`2182`	`2189`	`for (BackendIdi=QUEUE_FIRST_LISTENER;i>0;i=QUEUE_NEXT_LISTENER(i))`
`@@ -2185,7 +2192,6 @@ asyncQueueAdvanceTail(void)`
`2185`	`2192`	`min=QUEUE_POS_MIN(min,QUEUE_BACKEND_POS(i));`
`2186`	`2193`	`}`
`2187`	`2194`	`oldtailpage=QUEUE_POS_PAGE(QUEUE_TAIL);`
`2188`		`-QUEUE_TAIL=min;`
`2189`	`2195`	`LWLockRelease(NotifyQueueLock);`
`2190`	`2196`
`2191`	`2197`	`/*`
`@@ -2205,6 +2211,17 @@ asyncQueueAdvanceTail(void)`
`2205`	`2211`	`*/`
`2206`	`2212`	`SimpleLruTruncate(NotifyCtl,newtailpage);`
`2207`	`2213`	`}`
	`2214`	`+`
	`2215`	`+/*`
	`2216`	`+ * Advertise the new tail. This changes asyncQueueIsFull()'s verdict for`
	`2217`	`+ * the segment immediately prior to the new tail, allowing fresh data into`
	`2218`	`+ * that segment.`
	`2219`	`+ */`
	`2220`	`+LWLockAcquire(NotifyQueueLock,LW_EXCLUSIVE);`
	`2221`	`+QUEUE_TAIL=min;`
	`2222`	`+LWLockRelease(NotifyQueueLock);`
	`2223`	`+`
	`2224`	`+LWLockRelease(NotifyQueueTailLock);`
`2208`	`2225`	`}`
`2209`	`2226`
`2210`	`2227`	`/*`

`‎src/backend/commands/vacuum.c`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1361,6 +1361,14 @@ vac_update_datfrozenxid(void)`
`1361`	`1361`	`boolbogus= false;`
`1362`	`1362`	`booldirty= false;`
`1363`	`1363`
	`1364`	`+/*`
	`1365`	`+ * Restrict this task to one backend per database. This avoids race`
	`1366`	`+ * conditions that would move datfrozenxid or datminmxid backward. It`
	`1367`	`+ * avoids calling vac_truncate_clog() with a datfrozenxid preceding a`
	`1368`	`+ * datfrozenxid passed to an earlier vac_truncate_clog() call.`
	`1369`	`+ */`
	`1370`	`+LockDatabaseFrozenIds(ExclusiveLock);`
	`1371`	`+`
`1364`	`1372`	`/*`
`1365`	`1373`	`* Initialize the "min" calculation with`
`1366`	`1374`	`* GetOldestNonRemovableTransactionId(), which is a reasonable`
`@@ -1551,6 +1559,9 @@ vac_truncate_clog(TransactionId frozenXID,`
`1551`	`1559`	`boolbogus= false;`
`1552`	`1560`	`boolfrozenAlreadyWrapped= false;`
`1553`	`1561`
	`1562`	`+/* Restrict task to one backend per cluster; see SimpleLruTruncate(). */`
	`1563`	`+LWLockAcquire(WrapLimitsVacuumLock,LW_EXCLUSIVE);`
	`1564`	`+`
`1554`	`1565`	`/* init oldest datoids to sync with my frozenXID/minMulti values */`
`1555`	`1566`	`oldestxid_datoid=MyDatabaseId;`
`1556`	`1567`	`minmulti_datoid=MyDatabaseId;`
`@@ -1660,6 +1671,8 @@ vac_truncate_clog(TransactionId frozenXID,`
`1660`	`1671`	`*/`
`1661`	`1672`	`SetTransactionIdLimit(frozenXID,oldestxid_datoid);`
`1662`	`1673`	`SetMultiXactIdLimit(minMulti,minmulti_datoid, false);`
	`1674`	`+`
	`1675`	`+LWLockRelease(WrapLimitsVacuumLock);`
`1663`	`1676`	`}`
`1664`	`1677`
`1665`	`1678`

`‎src/backend/storage/lmgr/lmgr.c`

Lines changed: 20 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -460,6 +460,21 @@ UnlockRelationForExtension(Relation relation, LOCKMODE lockmode)`
`460`	`460`	`LockRelease(&tag,lockmode, false);`
`461`	`461`	`}`
`462`	`462`
	`463`	`+/*`
	`464`	`+ *LockDatabaseFrozenIds`
	`465`	`+ *`
	`466`	`+ * This allows one backend per database to execute vac_update_datfrozenxid().`
	`467`	`+ */`
	`468`	`+void`
	`469`	`+LockDatabaseFrozenIds(LOCKMODElockmode)`
	`470`	`+{`
	`471`	`+LOCKTAGtag;`
	`472`	`+`
	`473`	`+SET_LOCKTAG_DATABASE_FROZEN_IDS(tag,MyDatabaseId);`
	`474`	`+`
	`475`	`+(void)LockAcquire(&tag,lockmode, false, false);`
	`476`	`+}`
	`477`	`+`
`463`	`478`	`/*`
`464`	`479`	`*LockPage`
`465`	`480`	`*`
`@@ -1098,6 +1113,11 @@ DescribeLockTag(StringInfo buf, const LOCKTAG *tag)`
`1098`	`1113`	`tag->locktag_field2,`
`1099`	`1114`	`tag->locktag_field1);`
`1100`	`1115`	`break;`
	`1116`	`+caseLOCKTAG_DATABASE_FROZEN_IDS:`
	`1117`	`+appendStringInfo(buf,`
	`1118`	`+_("pg_database.datfrozenxid of database %u"),`
	`1119`	`+tag->locktag_field1);`
	`1120`	`+break;`
`1101`	`1121`	`caseLOCKTAG_PAGE:`
`1102`	`1122`	`appendStringInfo(buf,`
`1103`	`1123`	`_("page %u of relation %u of database %u"),`

`‎src/backend/storage/lmgr/lwlocknames.txt`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,3 +50,6 @@ MultiXactTruncationLock41`
`50`	`50`	`OldSnapshotTimeMapLock42`
`51`	`51`	`LogicalRepWorkerLock43`
`52`	`52`	`XactTruncationLock44`
	`53`	`+# 45 was XactTruncationLock until removal of BackendRandomLock`
	`54`	`+WrapLimitsVacuumLock46`
	`55`	`+NotifyQueueTailLock47`

`‎src/backend/utils/adt/lockfuncs.c`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@`
`29`	`29`	`constchar*constLockTagTypeNames[]= {`
`30`	`30`	`"relation",`
`31`	`31`	`"extend",`
	`32`	`+"frozenid",`
`32`	`33`	`"page",`
`33`	`34`	`"tuple",`
`34`	`35`	`"transactionid",`
`@@ -254,6 +255,17 @@ pg_lock_status(PG_FUNCTION_ARGS)`
`254`	`255`	`nulls[8]= true;`
`255`	`256`	`nulls[9]= true;`
`256`	`257`	`break;`
	`258`	`+caseLOCKTAG_DATABASE_FROZEN_IDS:`
	`259`	`+values[1]=ObjectIdGetDatum(instance->locktag.locktag_field1);`
	`260`	`+nulls[2]= true;`
	`261`	`+nulls[3]= true;`
	`262`	`+nulls[4]= true;`
	`263`	`+nulls[5]= true;`
	`264`	`+nulls[6]= true;`
	`265`	`+nulls[7]= true;`
	`266`	`+nulls[8]= true;`
	`267`	`+nulls[9]= true;`
	`268`	`+break;`
`257`	`269`	`caseLOCKTAG_PAGE:`
`258`	`270`	`values[1]=ObjectIdGetDatum(instance->locktag.locktag_field1);`
`259`	`271`	`values[2]=ObjectIdGetDatum(instance->locktag.locktag_field2);`

`‎src/include/storage/lmgr.h`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,9 @@ extern bool ConditionalLockRelationForExtension(Relation relation,`
`59`	`59`	`LOCKMODElockmode);`
`60`	`60`	`externintRelationExtensionLockWaiterCount(Relationrelation);`
`61`	`61`
	`62`	`+/* Lock to recompute pg_database.datfrozenxid in the current database */`
	`63`	`+externvoidLockDatabaseFrozenIds(LOCKMODElockmode);`
	`64`	`+`
`62`	`65`	`/* Lock a page (currently only used within indexes) */`
`63`	`66`	`externvoidLockPage(Relationrelation,BlockNumberblkno,LOCKMODElockmode);`
`64`	`67`	`externboolConditionalLockPage(Relationrelation,BlockNumberblkno,LOCKMODElockmode);`

`‎src/include/storage/lock.h`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -138,6 +138,7 @@ typedef enum LockTagType`
`138`	`138`	`{`
`139`	`139`	`LOCKTAG_RELATION,/* whole relation */`
`140`	`140`	`LOCKTAG_RELATION_EXTEND,/* the right to extend a relation */`
	`141`	`+LOCKTAG_DATABASE_FROZEN_IDS,/* pg_database.datfrozenxid */`
`141`	`142`	`LOCKTAG_PAGE,/* one page of a relation */`
`142`	`143`	`LOCKTAG_TUPLE,/* one physical tuple */`
`143`	`144`	`LOCKTAG_TRANSACTION,/* transaction (for waiting for xact done) */`
`@@ -194,6 +195,15 @@ typedef struct LOCKTAG`
`194`	`195`	`(locktag).locktag_type = LOCKTAG_RELATION_EXTEND, \`
`195`	`196`	`(locktag).locktag_lockmethodid = DEFAULT_LOCKMETHOD)`
`196`	`197`
	`198`	`+/* ID info for frozen IDs is DB OID */`
	`199`	`+#defineSET_LOCKTAG_DATABASE_FROZEN_IDS(locktag,dboid) \`
	`200`	`+((locktag).locktag_field1 = (dboid), \`
	`201`	`+ (locktag).locktag_field2 = 0, \`
	`202`	`+ (locktag).locktag_field3 = 0, \`
	`203`	`+ (locktag).locktag_field4 = 0, \`
	`204`	`+ (locktag).locktag_type = LOCKTAG_DATABASE_FROZEN_IDS, \`
	`205`	`+ (locktag).locktag_lockmethodid = DEFAULT_LOCKMETHOD)`
	`206`	`+`
`197`	`207`	`/* ID info for a page is RELATION info + BlockNumber */`
`198`	`208`	`#defineSET_LOCKTAG_PAGE(locktag,dboid,reloid,blocknum) \`
`199`	`209`	`((locktag).locktag_field1 = (dboid), \`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit566372b

File tree

11 files changed

11 files changed

`‎doc/src/sgml/catalogs.sgml`

`‎doc/src/sgml/monitoring.sgml`

`‎src/backend/access/transam/slru.c`

`‎src/backend/access/transam/subtrans.c`

`‎src/backend/commands/async.c`

`‎src/backend/commands/vacuum.c`

`‎src/backend/storage/lmgr/lmgr.c`

`‎src/backend/storage/lmgr/lwlocknames.txt`

`‎src/backend/utils/adt/lockfuncs.c`

`‎src/include/storage/lmgr.h`

`‎src/include/storage/lock.h`

0 commit comments