• Tom Lane's avatar
    Force immediate commit after CREATE DATABASE etc in extended protocol. · 3e1297a6
    Tom Lane authored
    We have a few commands that "can't run in a transaction block",
    meaning that if they complete their processing but then we fail
    to COMMIT, we'll be left with inconsistent on-disk state.
    However, the existing defenses for this are only watertight for
    simple query protocol.  In extended protocol, we didn't commit
    until receiving a Sync message.  Since the client is allowed to
    issue another command instead of Sync, we're in trouble if that
    command fails or is an explicit ROLLBACK.  In any case, sitting
    in an inconsistent state while waiting for a client message
    that might not come seems pretty risky.
    
    This case wasn't reachable via libpq before we introduced pipeline
    mode, but it's always been an intended aspect of extended query
    protocol, and likely there are other clients that could reach it
    before.
    
    To fix, set a flag in PreventInTransactionBlock that tells
    exec_execute_message to force an immediate commit.  This seems
    to be the approach that does least damage to existing working
    cases while still preventing the undesirable outcomes.
    
    While here, add some documentation to protocol.sgml that explicitly
    says how to use pipelining.  That's latent in the existing docs if
    you know what to look for, but it's better to spell it out; and it
    provides a place to document this new behavior.
    
    Per bug #17434 from Yugo Nagata.  It's been wrong for ages,
    so back-patch to all supported branches.
    
    Discussion: https://postgr.es/m/17434-d9f7a064ce2a88a3@postgresql.org
    3e1297a6
xact.h 16 KB