• Tom Lane's avatar
    Fix fsync-at-startup code to not treat errors as fatal. · d8179b00
    Tom Lane authored
    Commit 2ce439f3 introduced a rather serious
    regression, namely that if its scan of the data directory came across any
    un-fsync-able files, it would fail and thereby prevent database startup.
    Worse yet, symlinks to such files also caused the problem, which meant that
    crash restart was guaranteed to fail on certain common installations such
    as older Debian.
    
    After discussion, we agreed that (1) failure to start is worse than any
    consequence of not fsync'ing is likely to be, therefore treat all errors
    in this code as nonfatal; (2) we should not chase symlinks other than
    those that are expected to exist, namely pg_xlog/ and tablespace links
    under pg_tblspc/.  The latter restriction avoids possibly fsync'ing a
    much larger part of the filesystem than intended, if the user has left
    random symlinks hanging about in the data directory.
    
    This commit takes care of that and also does some code beautification,
    mainly moving the relevant code into fd.c, which seems a much better place
    for it than xlog.c, and making sure that the conditional compilation for
    the pre_sync_fname pass has something to do with whether pg_flush_data
    works.
    
    I also relocated the call site in xlog.c down a few lines; it seems a
    bit silly to be doing this before ValidateXLOGDirectoryStructure().
    
    The similar logic in initdb.c ought to be made to match this, but that
    change is noncritical and will be dealt with separately.
    
    Back-patch to all active branches, like the prior commit.
    
    Abhijit Menon-Sen and Tom Lane
    d8179b00
fd.c 68.6 KB