diff options
| author | Andres Freund <andres@anarazel.de> | 2016-03-09 18:53:53 -0800 |
|---|---|---|
| committer | Andres Freund <andres@anarazel.de> | 2016-03-09 18:53:53 -0800 |
| commit | 1d4a0ab19a7e45aa8b94d7f720d1d9cefb81ec40 (patch) | |
| tree | aba18aaf2557befbbf9f028a4a25e12843c51379 /src/backend/access/transam/xlogarchive.c | |
| parent | 606e0f9841b820d826f837bf741a3e5e9cc62fa1 (diff) | |
Avoid unlikely data-loss scenarios due to rename() without fsync.
Renaming a file using rename(2) is not guaranteed to be durable in face
of crashes. Use the previously added durable_rename()/durable_link_or_rename()
in various places where we previously just renamed files.
Most of the changed call sites are arguably not critical, but it seems
better to err on the side of too much durability. The most prominent
known case where the previously missing fsyncs could cause data loss is
crashes at the end of a checkpoint. After the actual checkpoint has been
performed, old WAL files are recycled. When they're filled, their
contents are fdatasynced, but we did not fsync the containing
directory. An OS/hardware crash in an unfortunate moment could then end
up leaving that file with its old name, but new content; WAL replay
would thus not replay it.
Reported-By: Tomas Vondra
Author: Michael Paquier, Tomas Vondra, Andres Freund
Discussion: 56583BDD.9060302@2ndquadrant.com
Backpatch: All supported branches
Diffstat (limited to 'src/backend/access/transam/xlogarchive.c')
| -rw-r--r-- | src/backend/access/transam/xlogarchive.c | 13 |
1 files changed, 2 insertions, 11 deletions
diff --git a/src/backend/access/transam/xlogarchive.c b/src/backend/access/transam/xlogarchive.c index 277c14a8104..d153a44ea9a 100644 --- a/src/backend/access/transam/xlogarchive.c +++ b/src/backend/access/transam/xlogarchive.c @@ -470,11 +470,7 @@ KeepFileRestoredFromArchive(char *path, char *xlogfname) reload = true; } - if (rename(path, xlogfpath) < 0) - ereport(ERROR, - (errcode_for_file_access(), - errmsg("could not rename file \"%s\" to \"%s\": %m", - path, xlogfpath))); + durable_rename(path, xlogfpath, ERROR); /* * Create .done file forcibly to prevent the restored segment from being @@ -580,12 +576,7 @@ XLogArchiveForceDone(const char *xlog) StatusFilePath(archiveReady, xlog, ".ready"); if (stat(archiveReady, &stat_buf) == 0) { - if (rename(archiveReady, archiveDone) < 0) - ereport(WARNING, - (errcode_for_file_access(), - errmsg("could not rename file \"%s\" to \"%s\": %m", - archiveReady, archiveDone))); - + (void) durable_rename(archiveReady, archiveDone, WARNING); return; } |