diff options
| author | Noah Misch <noah@leadboat.com> | 2024-02-01 13:44:19 -0800 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2024-02-01 13:44:22 -0800 |
| commit | d493bed28f7f6c77051bba3dde383e0ff78d3a19 (patch) | |
| tree | 01a85c8561df4442276f562075b493234e85273e /src/backend/utils/cache/relmapper.c | |
| parent | 970b1aeeba78ad609455f7b55c9d81d06f2a75a5 (diff) | |
Handle interleavings between CREATE DATABASE steps and base backup.
Restoring a base backup taken in the middle of CreateDirAndVersionFile()
or write_relmap_file() would lose the function's effects. The symptom
was absence of the database directory, PG_VERSION file, or
pg_filenode.map. If missing the directory, recovery would fail. Either
missing file would not fail recovery but would render the new database
unusable. Fix CreateDirAndVersionFile() with the transam/README "action
first and then write a WAL entry" strategy. That has a side benefit of
moving filesystem mutations out of a critical section, reducing the ways
to PANIC. Fix the write_relmap_file() call with a lock acquisition, so
it interacts with checkpoints like non-CREATE DATABASE calls do.
Back-patch to v15, where commit 9c08aea6a3090a396be334cc58c511edab05776a
introduced STRATEGY=WAL_LOG and made it the default.
Discussion: https://postgr.es/m/20240130195003.0a.nmisch@google.com
Diffstat (limited to 'src/backend/utils/cache/relmapper.c')
| -rw-r--r-- | src/backend/utils/cache/relmapper.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/backend/utils/cache/relmapper.c b/src/backend/utils/cache/relmapper.c index 2a330cf3ba4..4c500448c30 100644 --- a/src/backend/utils/cache/relmapper.c +++ b/src/backend/utils/cache/relmapper.c @@ -298,14 +298,15 @@ RelationMapCopy(Oid dbid, Oid tsid, char *srcdbpath, char *dstdbpath) * Write the same data into the destination database's relmap file. * * No sinval is needed because no one can be connected to the destination - * database yet. For the same reason, there is no need to acquire - * RelationMappingLock. + * database yet. * * There's no point in trying to preserve files here. The new database * isn't usable yet anyway, and won't ever be if we can't install a relmap * file. */ + LWLockAcquire(RelationMappingLock, LW_EXCLUSIVE); write_relmap_file(&map, true, false, false, dbid, tsid, dstdbpath); + LWLockRelease(RelationMappingLock); } /* @@ -627,10 +628,12 @@ RelationMapFinishBootstrap(void) Assert(pending_local_updates.num_mappings == 0); /* Write the files; no WAL or sinval needed */ + LWLockAcquire(RelationMappingLock, LW_EXCLUSIVE); write_relmap_file(&shared_map, false, false, false, InvalidOid, GLOBALTABLESPACE_OID, "global"); write_relmap_file(&local_map, false, false, false, MyDatabaseId, MyDatabaseTableSpace, DatabasePath); + LWLockRelease(RelationMappingLock); } /* @@ -877,6 +880,15 @@ write_relmap_file(RelMapFile *newmap, bool write_wal, bool send_sinval, char mapfilename[MAXPGPATH]; /* + * Even without concurrent use of this map, CheckPointRelationMap() relies + * on this locking. Without it, a restore of a base backup taken after + * this function's XLogInsert() and before its durable_rename() would not + * have the changes. wal_level=minimal doesn't need the lock, but this + * isn't performance-critical enough for such a micro-optimization. + */ + Assert(LWLockHeldByMeInMode(RelationMappingLock, LW_EXCLUSIVE)); + + /* * Fill in the overhead fields and update CRC. */ newmap->magic = RELMAPPER_FILEMAGIC; |