git.postgresql.org Git - postgresql.git/commit

author	Noah Misch <noah@leadboat.com>
	Sat, 15 Aug 2020 17:15:53 +0000 (10:15 -0700)
committer	Noah Misch <noah@leadboat.com>
	Sat, 15 Aug 2020 17:15:53 +0000 (10:15 -0700)
commit	566372b3d6435639e4cc4476d79b8505a0297c87
tree	cb23c4c35d85e463569d0759b275f484c240cc47	tree
parent	d4d443b3bbbb3eb9cdc511564ef3c57fde7dd3ac	commit \| diff

Prevent concurrent SimpleLruTruncate() for any given SLRU.

The SimpleLruTruncate() header comment states the new coding rule.  To
achieve this, add locktype "frozenid" and two LWLocks.  This closes a
rare opportunity for data loss, which manifested as "apparent
wraparound" or "could not access status of transaction" errors.  Data
loss is more likely in pg_multixact, due to released branches' thin
margin between multiStopLimit and multiWrapLimit.  If a user's physical
replication primary logged ":  apparent wraparound" messages, the user
should rebuild standbys of that primary regardless of symptoms.  At less
risk is a cluster having emitted "not accepting commands" errors or
"must be vacuumed" warnings at some point.  One can test a cluster for
this data loss by running VACUUM FREEZE in every database.  Back-patch
to 9.5 (all supported versions).

Discussion: https://postgr.es/m/20190218073103.GA1434723@rfd.leadboat.com

doc/src/sgml/catalogs.sgml		diff \| blob \| blame \| history
doc/src/sgml/monitoring.sgml		diff \| blob \| blame \| history
src/backend/access/transam/slru.c		diff \| blob \| blame \| history
src/backend/access/transam/subtrans.c		diff \| blob \| blame \| history
src/backend/commands/async.c		diff \| blob \| blame \| history
src/backend/commands/vacuum.c		diff \| blob \| blame \| history
src/backend/storage/lmgr/lmgr.c		diff \| blob \| blame \| history
src/backend/storage/lmgr/lwlocknames.txt		diff \| blob \| blame \| history
src/backend/utils/adt/lockfuncs.c		diff \| blob \| blame \| history
src/include/storage/lmgr.h		diff \| blob \| blame \| history
src/include/storage/lock.h		diff \| blob \| blame \| history