granicus.if.org Git - postgresql/commit

Fix race condition between hot standby and restoring a full-page image.

There was a window in RestoreBackupBlock where a page would be zeroed out,
but not yet locked. If a backend pinned and locked the page in that window,
it saw the zeroed page instead of the old page or new page contents, which
could lead to missing rows in a result set, or errors.

To fix, replace RBM_ZERO with RBM_ZERO_AND_LOCK, which atomically pins,
zeroes, and locks the page, if it's not in the buffer cache already.

In stable branches, the old RBM_ZERO constant is renamed to RBM_DO_NOT_USE,
to avoid breaking any 3rd party extensions that might use RBM_ZERO. More
importantly, this avoids renumbering the other enum values, which would
cause even bigger confusion in extensions that use ReadBufferExtended, but
haven't been recompiled.

Backpatch to all supported versions; this has been racy since hot standby
was introduced.

author	Heikki Linnakangas <heikki.linnakangas@iki.fi>
	Thu, 13 Nov 2014 17:47:44 +0000 (19:47 +0200)
committer	Heikki Linnakangas <heikki.linnakangas@iki.fi>
	Thu, 13 Nov 2014 18:00:51 +0000 (20:00 +0200)
commit	681dbe7d4599b4b13f9039ac961be14988120c1d
tree	ac7c2f35b6bc0c39f9dfcb5ea337b6824100eb8a	tree \| snapshot
parent	ef5a3b957c1d9eb405aef109df8152ec9ee96b6f	commit \| diff

src/backend/access/hash/hashpage.c		diff \| blob \| history
src/backend/access/heap/heapam.c		diff \| blob \| history
src/backend/access/transam/xlog.c		diff \| blob \| history
src/backend/access/transam/xlogutils.c		diff \| blob \| history
src/backend/storage/buffer/bufmgr.c		diff \| blob \| history
src/include/storage/bufmgr.h		diff \| blob \| history