diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2013-01-18 18:06:45 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2013-01-18 18:06:45 -0500 |
| commit | 4d08f56deeb27a9a10072cfc976db0204d1c9684 (patch) | |
| tree | a188a59c2d3ebf62a903667aebf49c951b97c74c /src/tutorial/funcs_new.c | |
| parent | 94b6458c10cd2f0c41f0561a562811ff4b05e2e5 (diff) | |
Protect against SnapshotNow race conditions in pg_tablespace scans.
Use of SnapshotNow is known to expose us to race conditions if the tuple(s)
being sought could be updated by concurrently-committing transactions.
CREATE DATABASE and DROP DATABASE are particularly exposed because they do
heavyweight filesystem operations during their scans of pg_tablespace,
so that the scans run for a very long time compared to most. Furthermore,
the potential consequences of a missed or twice-visited row are nastier
than average:
* createdb() could fail with a bogus "file already exists" error, or
silently fail to copy one or more tablespace's worth of files into the
new database.
* remove_dbtablespaces() could miss one or more tablespaces, thus failing
to free filesystem space for the dropped database.
* check_db_file_conflict() could likewise miss a tablespace, leading to an
OID conflict that could result in data loss either immediately or in
future operations. (This seems of very low probability, though, since a
duplicate database OID would be unlikely to start with.)
Hence, it seems worth fixing these three places to use MVCC snapshots, even
though this will someday be superseded by a generic solution to SnapshotNow
race conditions.
Back-patch to all active branches.
Stephen Frost and Tom Lane
Diffstat (limited to 'src/tutorial/funcs_new.c')
0 files changed, 0 insertions, 0 deletions