smgrdounlink takes care to not throw an ERROR if it fails to unlink
something, but that caution was rendered useless by commit
3396000684b41e7e9467d1abc67152b39e697035, which put an smgrexists call in
front of it; smgrexists *does* throw error if anything looks funny, such
as getting a permissions error from trying to open the file. If that
happens post-commit, you get a PANIC, and what's worse the same logic
appears in the WAL replay code, so the database even fails to restart.
Restore the intended behavior by removing the smgrexists call --- it isn't
accomplishing anything that we can't do better by adjusting mdunlink's
ideas of whether it ought to warn about ENOENT or not.
Per report from Joseph Shraibman of unrecoverable crash after trying to
drop a table whose FSM fork had somehow gotten chmod'd to 000 permissions.
Backpatch to 8.4, where the bogus coding was introduced.
for (fork = 0; fork <= MAX_FORKNUM; fork++)
{
- if (smgrexists(srel, fork))
- smgrdounlink(srel, fork, false, false);
+ smgrdounlink(srel, fork, false, false);
}
smgrclose(srel);
}
for (fork = 0; fork <= MAX_FORKNUM; fork++)
{
- if (smgrexists(srel, fork))
- {
- XLogDropRelation(xlrec->xnodes[i], fork);
- smgrdounlink(srel, fork, false, true);
- }
+ XLogDropRelation(xlrec->xnodes[i], fork);
+ smgrdounlink(srel, fork, false, true);
}
smgrclose(srel);
}
for (fork = 0; fork <= MAX_FORKNUM; fork++)
{
- if (smgrexists(srel, fork))
- {
- XLogDropRelation(xlrec->xnodes[i], fork);
- smgrdounlink(srel, fork, false, true);
- }
+ XLogDropRelation(xlrec->xnodes[i], fork);
+ smgrdounlink(srel, fork, false, true);
}
smgrclose(srel);
}
srel = smgropen(pending->relnode);
for (i = 0; i <= MAX_FORKNUM; i++)
{
- if (smgrexists(srel, i))
- smgrdounlink(srel,
- i,
- pending->isTemp,
- false);
+ smgrdounlink(srel,
+ i,
+ pending->isTemp,
+ false);
}
smgrclose(srel);
}
* number until it's safe, because relfilenode assignment skips over any
* existing file.
*
- * If isRedo is true, it's okay for the relation to be already gone.
+ * All the above applies only to the relation's main fork; other forks can
+ * just be removed immediately, since they are not needed to prevent the
+ * relfilenode number from being recycled. Also, we do not carefully
+ * track whether other forks have been created or not, but just attempt to
+ * unlink them unconditionally; so we should never complain about ENOENT.
+ *
+ * If isRedo is true, it's unsurprising for the relation to be already gone.
* Also, we should remove the file immediately instead of queuing a request
* for later, since during redo there's no possibility of creating a
* conflicting relation.
else
ret = -1;
}
- if (ret < 0)
- {
- if (!isRedo || errno != ENOENT)
- ereport(WARNING,
- (errcode_for_file_access(),
- errmsg("could not remove relation %s: %m", path)));
- }
+ if (ret < 0 && errno != ENOENT)
+ ereport(WARNING,
+ (errcode_for_file_access(),
+ errmsg("could not remove relation %s: %m", path)));
/*
* Delete any additional segments.
*/
- else
+ if (ret >= 0)
{
char *segpath = (char *) palloc(strlen(path) + 12);
BlockNumber segno;
projects / postgresql / commitdiff