NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commite525770

committed

Prevent concurrent SimpleLruTruncate() for any given SLRU.

The SimpleLruTruncate() header comment states the new coding rule. Toachieve this, add locktype "frozenid" and two LWLocks. This closes arare opportunity for data loss, which manifested as "apparentwraparound" or "could not access status of transaction" errors. Dataloss is more likely in pg_multixact, due to released branches' thinmargin between multiStopLimit and multiWrapLimit. If a user's physicalreplication primary logged ": apparent wraparound" messages, the usershould rebuild standbys of that primary regardless of symptoms. At lessrisk is a cluster having emitted "not accepting commands" errors or"must be vacuumed" warnings at some point. One can test a cluster forthis data loss by running VACUUM FREEZE in every database. Back-patchto 9.5 (all supported versions).Discussion:https://postgr.es/m/20190218073103.GA1434723@rfd.leadboat.com

1 parentdea0709 commite525770Copy full SHA for e525770

File tree

12 files changed

+119

-16

lines changed

doc/src/sgml
- catalogs.sgml
- monitoring.sgml
src
- backend
  - access/transam
    - slru.c
    - subtrans.c
  - commands
    - async.c
    - vacuum.c
  - storage/lmgr
  - utils/adt
    - lockfuncs.c
- include/storage
  - lmgr.h
  - lock.h

12 files changed

+119

-16

lines changed

`‎doc/src/sgml/catalogs.sgml`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8886,7 +8886,8 @@ SCRAM-SHA-256$<replaceable><iteration count></>:<replaceable><salt><`
`8886`	`8886`	`and general database objects (identified by class OID and object OID,`
`8887`	`8887`	`in the same way as in <structname>pg_description</structname> or`
`8888`	`8888`	`<structname>pg_depend</structname>). Also, the right to extend a`
`8889`		`- relation is represented as a separate lockable object.`
	`8889`	`+ relation is represented as a separate lockable object, as is the right to`
	`8890`	`+ update <structname>pg_database</structname>.<structfield>datfrozenxid</structfield>.`
`8890`	`8891`	`Also, <quote>advisory</> locks can be taken on numbers that have`
`8891`	`8892`	`user-defined meanings.`
`8892`	`8893`	`</para>`
`@@ -8912,6 +8913,7 @@ SCRAM-SHA-256$<replaceable><iteration count></>:<replaceable><salt><`
`8912`	`8913`	`Type of the lockable object:`
`8913`	`8914`	`<literal>relation</>,`
`8914`	`8915`	`<literal>extend</>,`
	`8916`	`+ <literal>frozenid</literal>,`
`8915`	`8917`	`<literal>page</>,`
`8916`	`8918`	`<literal>tuple</>,`
`8917`	`8919`	`<literal>transactionid</>,`

`‎doc/src/sgml/monitoring.sgml`

Lines changed: 18 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -845,7 +845,7 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser`
`845`	`845`
`846`	`846`	`<tbody>`
`847`	`847`	`<row>`
`848`		`- <entry morerows="62"><literal>LWLock</></entry>`
	`848`	`+ <entry morerows="64"><literal>LWLock</></entry>`
`849`	`849`	`<entry><literal>ShmemIndexLock</></entry>`
`850`	`850`	`<entry>Waiting to find or allocate space in shared memory.</entry>`
`851`	`851`	`</row>`
`@@ -1043,6 +1043,16 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser`
`1043`	`1043`	`<entry>Waiting to execute <function>txid_status</function> or update`
`1044`	`1044`	`the oldest transaction id available to it.</entry>`
`1045`	`1045`	`</row>`
	`1046`	`+ <row>`
	`1047`	`+ <entry><literal>WrapLimitsVacuumLock</literal></entry>`
	`1048`	`+ <entry>Waiting to update limits on transaction id and multixact`
	`1049`	`+ consumption.</entry>`
	`1050`	`+ </row>`
	`1051`	`+ <row>`
	`1052`	`+ <entry><literal>NotifyQueueTailLock</literal></entry>`
	`1053`	`+ <entry>Waiting to update limit on notification message`
	`1054`	`+ storage.</entry>`
	`1055`	`+ </row>`
`1046`	`1056`	`<row>`
`1047`	`1057`	`<entry><literal>clog</></entry>`
`1048`	`1058`	`<entry>Waiting for I/O on a clog (transaction status) buffer.</entry>`
`@@ -1118,14 +1128,20 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser`
`1118`	`1128`	`<entry>Waiting for TBM shared iterator lock.</entry>`
`1119`	`1129`	`</row>`
`1120`	`1130`	`<row>`
`1121`		`- <entry morerows="9"><literal>Lock</></entry>`
	`1131`	`+ <entry morerows="10"><literal>Lock</></entry>`
`1122`	`1132`	`<entry><literal>relation</></entry>`
`1123`	`1133`	`<entry>Waiting to acquire a lock on a relation.</entry>`
`1124`	`1134`	`</row>`
`1125`	`1135`	`<row>`
`1126`	`1136`	`<entry><literal>extend</></entry>`
`1127`	`1137`	`<entry>Waiting to extend a relation.</entry>`
`1128`	`1138`	`</row>`
	`1139`	`+ <row>`
	`1140`	`+ <entry><literal>frozenid</literal></entry>`
	`1141`	`+ <entry>Waiting to`
	`1142`	`+ update <structname>pg_database</structname>.<structfield>datfrozenxid</structfield>`
	`1143`	`+ and <structname>pg_database</structname>.<structfield>datminmxid</structfield>.</entry>`
	`1144`	`+ </row>`
`1129`	`1145`	`<row>`
`1130`	`1146`	`<entry><literal>page</></entry>`
`1131`	`1147`	`<entry>Waiting to acquire a lock on page of a relation.</entry>`

`‎src/backend/access/transam/slru.c`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1164,6 +1164,14 @@ SimpleLruFlush(SlruCtl ctl, bool allow_redirtied)`
`1164`	`1164`
`1165`	`1165`	`/*`
`1166`	`1166`	`* Remove all segments before the one holding the passed page number`
	`1167`	`+ *`
	`1168`	`+ * All SLRUs prevent concurrent calls to this function, either with an LWLock`
	`1169`	`+ * or by calling it only as part of a checkpoint. Mutual exclusion must begin`
	`1170`	`+ * before computing cutoffPage. Mutual exclusion must end after any limit`
	`1171`	`+ * update that would permit other backends to write fresh data into the`
	`1172`	`+ * segment immediately preceding the one containing cutoffPage. Otherwise,`
	`1173`	`+ * when the SLRU is quite full, SimpleLruTruncate() might delete that segment`
	`1174`	`+ * after it has accrued freshly-written data.`
`1167`	`1175`	`*/`
`1168`	`1176`	`void`
`1169`	`1177`	`SimpleLruTruncate(SlruCtlctl,intcutoffPage)`

`‎src/backend/access/transam/subtrans.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -347,8 +347,8 @@ ExtendSUBTRANS(TransactionId newestXact)`
`347`	`347`	`/*`
`348`	`348`	`* Remove all SUBTRANS segments before the one holding the passed transaction ID`
`349`	`349`	`*`
`350`		`- *This isnormally called during checkpoint, with oldestXact being the`
`351`		`- *oldest TransactionXmin of any running transaction.`
	`350`	`+ *oldestXact isthe oldest TransactionXmin of any running transaction. This`
	`351`	`+ *is called only during checkpoint.`
`352`	`352`	`*/`
`353`	`353`	`void`
`354`	`354`	`TruncateSUBTRANS(TransactionIdoldestXact)`

`‎src/backend/commands/async.c`

Lines changed: 27 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -224,19 +224,22 @@ typedef struct QueueBackendStatus`
`224`	`224`	`/*`
`225`	`225`	`* Shared memory state for LISTEN/NOTIFY (excluding its SLRU stuff)`
`226`	`226`	`*`
`227`		`- * The AsyncQueueControl structure is protected by the AsyncQueueLock.`
	`227`	`+ * The AsyncQueueControl structure is protected by the AsyncQueueLock and`
	`228`	`+ * NotifyQueueTailLock.`
`228`	`229`	`*`
`229`		`- * When holdingthe lockin SHARED mode, backends may only inspect their own`
`230`		`- * entries as well as the head and tail pointers. Consequently we can allow a`
`231`		`- * backend to update its own record while holding only SHARED lock (since no`
`232`		`- * other backend will inspect it).`
	`230`	`+ * When holdingAsyncQueueLockin SHARED mode, backends may only inspect their`
	`231`	`+ *ownentries as well as the head and tail pointers. Consequently we can`
	`232`	`+ *allow abackend to update its own record while holding only SHARED lock`
	`233`	`+ *(since noother backend will inspect it).`
`233`	`234`	`*`
`234`		`- * When holding the lock in EXCLUSIVE mode, backends can inspect the entries`
`235`		`- * of other backends and also change the head and tail pointers.`
	`235`	`+ * When holding AsyncQueueLock in EXCLUSIVE mode, backends can inspect the`
	`236`	`+ * entries of other backends and also change the head pointer. When holding`
	`237`	`+ * both AsyncQueueLock and NotifyQueueTailLock in EXCLUSIVE mode, backends can`
	`238`	`+ * change the tail pointer.`
`236`	`239`	`*`
`237`	`240`	`* AsyncCtlLock is used as the control lock for the pg_notify SLRU buffers.`
`238`		`- * In order to avoid deadlocks, whenever we needboth locks, wealwaysfirst`
`239`		`- *getAsyncQueueLock andthen AsyncCtlLock.`
	`241`	`+ * In order to avoid deadlocks, whenever we needmultiple locks, we first get`
	`242`	`+ *NotifyQueueTailLock, thenAsyncQueueLock, andlastly AsyncCtlLock.`
`240`	`243`	`*`
`241`	`244`	`* Each backend uses the backend[] array entry with index equal to its`
`242`	`245`	`* BackendId (which can range from 1 to MaxBackends). We rely on this to make`
`@@ -2013,6 +2016,10 @@ asyncQueueAdvanceTail(void)`
`2013`	`2016`	`intnewtailpage;`
`2014`	`2017`	`intboundary;`
`2015`	`2018`
	`2019`	`+/* Restrict task to one backend per cluster; see SimpleLruTruncate(). */`
	`2020`	`+LWLockAcquire(NotifyQueueTailLock,LW_EXCLUSIVE);`
	`2021`	`+`
	`2022`	`+/* Compute the new tail. */`
`2016`	`2023`	`LWLockAcquire(AsyncQueueLock,LW_EXCLUSIVE);`
`2017`	`2024`	`min=QUEUE_HEAD;`
`2018`	`2025`	`for (i=1;i <=MaxBackends;i++)`
`@@ -2021,7 +2028,6 @@ asyncQueueAdvanceTail(void)`
`2021`	`2028`	`min=QUEUE_POS_MIN(min,QUEUE_BACKEND_POS(i));`
`2022`	`2029`	`}`
`2023`	`2030`	`oldtailpage=QUEUE_POS_PAGE(QUEUE_TAIL);`
`2024`		`-QUEUE_TAIL=min;`
`2025`	`2031`	`LWLockRelease(AsyncQueueLock);`
`2026`	`2032`
`2027`	`2033`	`/*`
`@@ -2041,6 +2047,17 @@ asyncQueueAdvanceTail(void)`
`2041`	`2047`	`*/`
`2042`	`2048`	`SimpleLruTruncate(AsyncCtl,newtailpage);`
`2043`	`2049`	`}`
	`2050`	`+`
	`2051`	`+/*`
	`2052`	`+ * Advertise the new tail. This changes asyncQueueIsFull()'s verdict for`
	`2053`	`+ * the segment immediately prior to the new tail, allowing fresh data into`
	`2054`	`+ * that segment.`
	`2055`	`+ */`
	`2056`	`+LWLockAcquire(AsyncQueueLock,LW_EXCLUSIVE);`
	`2057`	`+QUEUE_TAIL=min;`
	`2058`	`+LWLockRelease(AsyncQueueLock);`
	`2059`	`+`
	`2060`	`+LWLockRelease(NotifyQueueTailLock);`
`2044`	`2061`	`}`
`2045`	`2062`
`2046`	`2063`	`/*`

`‎src/backend/commands/vacuum.c`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -933,6 +933,14 @@ vac_update_datfrozenxid(void)`
`933`	`933`	`boolbogus= false;`
`934`	`934`	`booldirty= false;`
`935`	`935`
	`936`	`+/*`
	`937`	`+ * Restrict this task to one backend per database. This avoids race`
	`938`	`+ * conditions that would move datfrozenxid or datminmxid backward. It`
	`939`	`+ * avoids calling vac_truncate_clog() with a datfrozenxid preceding a`
	`940`	`+ * datfrozenxid passed to an earlier vac_truncate_clog() call.`
	`941`	`+ */`
	`942`	`+LockDatabaseFrozenIds(ExclusiveLock);`
	`943`	`+`
`936`	`944`	`/*`
`937`	`945`	`* Initialize the "min" calculation with GetOldestXmin, which is a`
`938`	`946`	`* reasonable approximation to the minimum relfrozenxid for not-yet-`
`@@ -1097,6 +1105,9 @@ vac_truncate_clog(TransactionId frozenXID,`
`1097`	`1105`	`boolbogus= false;`
`1098`	`1106`	`boolfrozenAlreadyWrapped= false;`
`1099`	`1107`
	`1108`	`+/* Restrict task to one backend per cluster; see SimpleLruTruncate(). */`
	`1109`	`+LWLockAcquire(WrapLimitsVacuumLock,LW_EXCLUSIVE);`
	`1110`	`+`
`1100`	`1111`	`/* init oldest datoids to sync with my frozenXID/minMulti values */`
`1101`	`1112`	`oldestxid_datoid=MyDatabaseId;`
`1102`	`1113`	`minmulti_datoid=MyDatabaseId;`
`@@ -1206,6 +1217,8 @@ vac_truncate_clog(TransactionId frozenXID,`
`1206`	`1217`	`*/`
`1207`	`1218`	`SetTransactionIdLimit(frozenXID,oldestxid_datoid);`
`1208`	`1219`	`SetMultiXactIdLimit(minMulti,minmulti_datoid, false);`
	`1220`	`+`
	`1221`	`+LWLockRelease(WrapLimitsVacuumLock);`
`1209`	`1222`	`}`
`1210`	`1223`
`1211`	`1224`

`‎src/backend/storage/lmgr/lmgr.c`

Lines changed: 20 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -412,6 +412,21 @@ UnlockRelationForExtension(Relation relation, LOCKMODE lockmode)`
`412`	`412`	`LockRelease(&tag,lockmode, false);`
`413`	`413`	`}`
`414`	`414`
	`415`	`+/*`
	`416`	`+ *LockDatabaseFrozenIds`
	`417`	`+ *`
	`418`	`+ * This allows one backend per database to execute vac_update_datfrozenxid().`
	`419`	`+ */`
	`420`	`+void`
	`421`	`+LockDatabaseFrozenIds(LOCKMODElockmode)`
	`422`	`+{`
	`423`	`+LOCKTAGtag;`
	`424`	`+`
	`425`	`+SET_LOCKTAG_DATABASE_FROZEN_IDS(tag,MyDatabaseId);`
	`426`	`+`
	`427`	`+(void)LockAcquire(&tag,lockmode, false, false);`
	`428`	`+}`
	`429`	`+`
`415`	`430`	`/*`
`416`	`431`	`*LockPage`
`417`	`432`	`*`
`@@ -1015,6 +1030,11 @@ DescribeLockTag(StringInfo buf, const LOCKTAG *tag)`
`1015`	`1030`	`tag->locktag_field2,`
`1016`	`1031`	`tag->locktag_field1);`
`1017`	`1032`	`break;`
	`1033`	`+caseLOCKTAG_DATABASE_FROZEN_IDS:`
	`1034`	`+appendStringInfo(buf,`
	`1035`	`+_("pg_database.datfrozenxid of database %u"),`
	`1036`	`+tag->locktag_field1);`
	`1037`	`+break;`
`1018`	`1038`	`caseLOCKTAG_PAGE:`
`1019`	`1039`	`appendStringInfo(buf,`
`1020`	`1040`	`_("page %u of relation %u of database %u"),`

`‎src/backend/storage/lmgr/lwlock.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -495,7 +495,7 @@ RegisterLWLockTranches(void)`
`495`	`495`
`496`	`496`	`if (LWLockTrancheArray==NULL)`
`497`	`497`	`{`
`498`		`-LWLockTranchesAllocated=64;`
	`498`	`+LWLockTranchesAllocated=128;`
`499`	`499`	`LWLockTrancheArray= (char**)`
`500`	`500`	`MemoryContextAllocZero(TopMemoryContext,`
`501`	`501`	`LWLockTranchesAllocatedsizeof(char));`

`‎src/backend/storage/lmgr/lwlocknames.txt`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,3 +50,5 @@ OldSnapshotTimeMapLock42`
`50`	`50`	`BackendRandomLock43`
`51`	`51`	`LogicalRepWorkerLock44`
`52`	`52`	`CLogTruncationLock45`
	`53`	`+WrapLimitsVacuumLock46`
	`54`	`+NotifyQueueTailLock47`

`‎src/backend/utils/adt/lockfuncs.c`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@`
`26`	`26`	`constchar*constLockTagTypeNames[]= {`
`27`	`27`	`"relation",`
`28`	`28`	`"extend",`
	`29`	`+"frozenid",`
`29`	`30`	`"page",`
`30`	`31`	`"tuple",`
`31`	`32`	`"transactionid",`
`@@ -245,6 +246,17 @@ pg_lock_status(PG_FUNCTION_ARGS)`
`245`	`246`	`nulls[8]= true;`
`246`	`247`	`nulls[9]= true;`
`247`	`248`	`break;`
	`249`	`+caseLOCKTAG_DATABASE_FROZEN_IDS:`
	`250`	`+values[1]=ObjectIdGetDatum(instance->locktag.locktag_field1);`
	`251`	`+nulls[2]= true;`
	`252`	`+nulls[3]= true;`
	`253`	`+nulls[4]= true;`
	`254`	`+nulls[5]= true;`
	`255`	`+nulls[6]= true;`
	`256`	`+nulls[7]= true;`
	`257`	`+nulls[8]= true;`
	`258`	`+nulls[9]= true;`
	`259`	`+break;`
`248`	`260`	`caseLOCKTAG_PAGE:`
`249`	`261`	`values[1]=ObjectIdGetDatum(instance->locktag.locktag_field1);`
`250`	`262`	`values[2]=ObjectIdGetDatum(instance->locktag.locktag_field2);`

`‎src/include/storage/lmgr.h`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,9 @@ extern bool ConditionalLockRelationForExtension(Relation relation,`
`57`	`57`	`LOCKMODElockmode);`
`58`	`58`	`externintRelationExtensionLockWaiterCount(Relationrelation);`
`59`	`59`
	`60`	`+/* Lock to recompute pg_database.datfrozenxid in the current database */`
	`61`	`+externvoidLockDatabaseFrozenIds(LOCKMODElockmode);`
	`62`	`+`
`60`	`63`	`/* Lock a page (currently only used within indexes) */`
`61`	`64`	`externvoidLockPage(Relationrelation,BlockNumberblkno,LOCKMODElockmode);`
`62`	`65`	`externboolConditionalLockPage(Relationrelation,BlockNumberblkno,LOCKMODElockmode);`

`‎src/include/storage/lock.h`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -141,6 +141,8 @@ typedef enum LockTagType`
`141`	`141`	`/* ID info for a relation is DB OID + REL OID; DB OID = 0 if shared */`
`142`	`142`	`LOCKTAG_RELATION_EXTEND,/* the right to extend a relation */`
`143`	`143`	`/* same ID info as RELATION */`
	`144`	`+LOCKTAG_DATABASE_FROZEN_IDS,/* pg_database.datfrozenxid */`
	`145`	`+/* ID info for frozen IDs is DB OID */`
`144`	`146`	`LOCKTAG_PAGE,/* one page of a relation */`
`145`	`147`	`/* ID info for a page is RELATION info + BlockNumber */`
`146`	`148`	`LOCKTAG_TUPLE,/* one physical tuple */`
`@@ -206,6 +208,14 @@ typedef struct LOCKTAG`
`206`	`208`	`(locktag).locktag_type = LOCKTAG_RELATION_EXTEND, \`
`207`	`209`	`(locktag).locktag_lockmethodid = DEFAULT_LOCKMETHOD)`
`208`	`210`
	`211`	`+#defineSET_LOCKTAG_DATABASE_FROZEN_IDS(locktag,dboid) \`
	`212`	`+((locktag).locktag_field1 = (dboid), \`
	`213`	`+ (locktag).locktag_field2 = 0, \`
	`214`	`+ (locktag).locktag_field3 = 0, \`
	`215`	`+ (locktag).locktag_field4 = 0, \`
	`216`	`+ (locktag).locktag_type = LOCKTAG_DATABASE_FROZEN_IDS, \`
	`217`	`+ (locktag).locktag_lockmethodid = DEFAULT_LOCKMETHOD)`
	`218`	`+`
`209`	`219`	`#defineSET_LOCKTAG_PAGE(locktag,dboid,reloid,blocknum) \`
`210`	`220`	`((locktag).locktag_field1 = (dboid), \`
`211`	`221`	`(locktag).locktag_field2 = (reloid), \`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite525770

File tree

12 files changed

12 files changed

`‎doc/src/sgml/catalogs.sgml`

`‎doc/src/sgml/monitoring.sgml`

`‎src/backend/access/transam/slru.c`

`‎src/backend/access/transam/subtrans.c`

`‎src/backend/commands/async.c`

`‎src/backend/commands/vacuum.c`

`‎src/backend/storage/lmgr/lmgr.c`

`‎src/backend/storage/lmgr/lwlock.c`

`‎src/backend/storage/lmgr/lwlocknames.txt`

`‎src/backend/utils/adt/lockfuncs.c`

`‎src/include/storage/lmgr.h`

`‎src/include/storage/lock.h`

0 commit comments