]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9aab83f) | patch
Fix race condition leading to hanging logical slot creation.
authorAndres Freund <andres@anarazel.de>
Sat, 13 May 2017 21:21:00 +0000 (14:21 -0700)
committerAndres Freund <andres@anarazel.de>
Sat, 13 May 2017 21:21:00 +0000 (14:21 -0700)
commit955a684e0401954a58e956535107bc4b7136d952
tree112e419e61d56a480e96dfcfa86819945e09c33atree | snapshot
parent9aab83fc5039d83e84144b7bed3fb1d62a74ae78commit | diff
Fix race condition leading to hanging logical slot creation.

The snapshot assembly during the creation of logical slots relied
waiting for transactions in xl_running_xacts to end, by checking for
their commit/abort records.  Unfortunately, despite locking, it is
possible to see an xl_running_xact record listing transactions as
ready, that have already WAL-logged an commit/abort record, as the
locking just prevents the ProcArray to be adjusted, and the commit
record has to be logged first.

That lead to either delayed or hanging snapshot creation, because
snapbuild.c would wait "forever" to see commit/abort records for some
transactions.  That hang resolved only if a xl_running_xacts record
without any running transactions happened to be logged, far from
certain on a busy server.

It's impractical to prevent that via more heavyweight locking, the
likelihood of deadlocks and significantly increased contention would
be too big.

Instead change the initial snapshot creation to be solely based on
tracking the oldest running transaction via
xl_running_xacts->oldestRunningXid - that actually ends up
significantly simplifying the code.  That has two disadvantages:
1) Because we cannot fully "trust" the contents of xl_running_xacts,
   we cannot use it to build the initial snapshot.  Instead we have to
   wait twice for all running transactions to finish.
2) Previously a slot, unless the race occurred, could be created when
   the all transaction perceived as running based on commit/abort
   records, now we have to wait for the next xl_running_xacts record.
To address that, trigger logging new xl_running_xacts record from
within snapbuild.c exactly when necessary.

Unfortunately snabuild.c's SnapBuild is stored on disk, one of the
stupider ideas of a certain Mr Freund, so we can't change it in a
minor release.  As this is going to be backpatched, we have to hack
around a bit to keep on-disk compatibility.  A later commit will
rejigger that on master.

Author: Andres Freund, based on a quite different patch from Petr Jelinek
Analyzed-By: Petr Jelinek
Reviewed-By: Petr Jelinek
Discussion: https://postgr.es/m/f37e975c-908f-858e-707f-058d3b1eb214@2ndquadrant.com
Backpatch: 9.4-, where logical decoding has been introduced
contrib/test_decoding/expected/ondisk_startup.out diff | blob | history
contrib/test_decoding/specs/ondisk_startup.spec diff | blob | history
src/backend/replication/logical/decode.c diff | blob | history
src/backend/replication/logical/reorderbuffer.c diff | blob | history
src/backend/replication/logical/snapbuild.c diff | blob | history
src/include/replication/snapbuild.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.