From 5f1d931cf3fd3653c3f11835b4aa1dc04edb63ad Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Thu, 13 Nov 2014 19:47:44 +0200 Subject: Fix race condition between hot standby and restoring a full-page image. There was a window in RestoreBackupBlock where a page would be zeroed out, but not yet locked. If a backend pinned and locked the page in that window, it saw the zeroed page instead of the old page or new page contents, which could lead to missing rows in a result set, or errors. To fix, replace RBM_ZERO with RBM_ZERO_AND_LOCK, which atomically pins, zeroes, and locks the page, if it's not in the buffer cache already. In stable branches, the old RBM_ZERO constant is renamed to RBM_DO_NOT_USE, to avoid breaking any 3rd party extensions that might use RBM_ZERO. More importantly, this avoids renumbering the other enum values, which would cause even bigger confusion in extensions that use ReadBufferExtended, but haven't been recompiled. Backpatch to all supported versions; this has been racy since hot standby was introduced. --- src/backend/access/heap/heapam.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/backend/access/heap/heapam.c') diff --git a/src/backend/access/heap/heapam.c b/src/backend/access/heap/heapam.c index 0105825e14a..6645732f74c 100644 --- a/src/backend/access/heap/heapam.c +++ b/src/backend/access/heap/heapam.c @@ -4367,9 +4367,8 @@ heap_xlog_newpage(XLogRecPtr lsn, XLogRecord *record) * not do anything that assumes we are touching a heap. */ buffer = XLogReadBufferExtended(xlrec->node, xlrec->forknum, xlrec->blkno, - RBM_ZERO); + RBM_ZERO_AND_LOCK); Assert(BufferIsValid(buffer)); - LockBuffer(buffer, BUFFER_LOCK_EXCLUSIVE); page = (Page) BufferGetPage(buffer); Assert(record->xl_len == SizeOfHeapNewpage + BLCKSZ); -- cgit v1.2.3