mirror of
https://github.com/postgres/postgres.git
synced 2026-03-11 10:45:17 -04:00
ba02d24bac
RelationTruncate() does three things, while holding an
AccessExclusiveLock and preventing checkpoints:
1. Logs the truncation.
2. Drops buffers, even if they're dirty.
3. Truncates some number of files.
Step 2 could previously be canceled if it had to wait for I/O, and step
3 could and still can fail in file APIs. All orderings of these
operations have data corruption hazards if interrupted, so we can't give
up until the whole operation is done. When dirty pages were discarded
but the corresponding blocks were left on disk due to ERROR, old page
versions could come back from disk, reviving deleted data (see
pgsql-bugs #18146 and several like it). When primary and standby were
allowed to disagree on relation size, standbys could panic (see
pgsql-bugs #18426) or revive data unknown to visibility management on
the primary (theorized).
Changes:
* WAL is now unconditionally flushed first
* smgrtruncate() is now called in a critical section, preventing
interrupts and causing PANIC on file API failure
* smgrtruncate() has a new parameter for existing fork sizes,
because it can't call smgrnblocks() itself inside a critical section
The changes apply to RelationTruncate(), smgr_redo() and
pg_truncate_visibility_map(). That last is also brought up to date with
other evolutions of the truncation protocol.
The VACUUM FileTruncate() failure mode had been discussed in older
reports than the ones referenced below, with independent analysis from
many people, but earlier theories on how to fix it were too complicated
to back-patch. The more recently invented cancellation bug was
diagnosed by Alexander Lakhin. Other corruption scenarios were spotted
by me while iterating on this patch and earlier commit
|
||
|---|---|---|
| .. | ||
| access | ||
| archive | ||
| backup | ||
| bootstrap | ||
| catalog | ||
| commands | ||
| common | ||
| datatype | ||
| executor | ||
| fe_utils | ||
| foreign | ||
| jit | ||
| lib | ||
| libpq | ||
| mb | ||
| nodes | ||
| optimizer | ||
| parser | ||
| partitioning | ||
| pch | ||
| port | ||
| portability | ||
| postmaster | ||
| regex | ||
| replication | ||
| rewrite | ||
| snowball | ||
| statistics | ||
| storage | ||
| tcop | ||
| tsearch | ||
| utils | ||
| .gitignore | ||
| c.h | ||
| fmgr.h | ||
| funcapi.h | ||
| getopt_long.h | ||
| Makefile | ||
| meson.build | ||
| miscadmin.h | ||
| pg_config.h.in | ||
| pg_config_ext.h.in | ||
| pg_config_ext.h.meson | ||
| pg_config_manual.h | ||
| pg_getopt.h | ||
| pg_trace.h | ||
| pgstat.h | ||
| pgtar.h | ||
| pgtime.h | ||
| port.h | ||
| postgres.h | ||
| postgres_ext.h | ||
| postgres_fe.h | ||
| varatt.h | ||
| windowapi.h | ||