Prevent re-use of a deleted relation's relfilenode until after the next

checkpoint. This guards against an unlikely data-loss scenario in which we re-use the relfilenode, then crash, then replay the deletion and recreation of the file. Even then we'd be OK if all insertions into the new relation had been WAL-logged ... but that's not guaranteed given all the no-WAL-logging optimizations that have recently been added. Patch by Heikki Linnakangas, per a discussion last month.

Prevent re-use of a deleted relation's relfilenode until after the next
checkpoint. This guards against an unlikely data-loss scenario in which we re-use the relfilenode, then crash, then replay the deletion and recreation of the file. Even then we'd be OK if all insertions into the new relation had been WAL-logged ... but that's not guaranteed given all the no-WAL-logging optimizations that have recently been added. Patch by Heikki Linnakangas, per a discussion last month.
6cc4451b · Tom Lane · 7a550cb9 · 6cc4451b · 6cc4451b · 6cc4451b
Commit 6cc4451b authored Nov 15, 2007 by Tom Lane
5 changed files
--- a/src/backend/access/transam/xlog.c
+++ b/src/backend/access/transam/xlog.c
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2007, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/backend/access/transam/xlog.c,v 1.286 2007/10/12 19:39:59 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/access/transam/xlog.c,v 1.287 2007/11/15 20:36:40 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -45,6 +45,7 @@
 #include "storage/fd.h"
 #include "storage/pmsignal.h"
 #include "storage/procarray.h"
+#include "storage/smgr.h"
 #include "storage/spin.h"
 #include "utils/builtins.h"
 #include "utils/pg_locale.h"
@@ -5663,6 +5664,14 @@ CreateCheckPoint(int flags)
 		UpdateControlFile();
 	}
+	/*
+	 * Let smgr prepare for checkpoint; this has to happen before we
+	 * determine the REDO pointer.  Note that smgr must not do anything
+	 * that'd have to be undone if we decide no checkpoint is needed.
+	 */
+	smgrpreckpt();
+	/* Begin filling in the checkpoint WAL record */
 	MemSet(&checkPoint, 0, sizeof(checkPoint));
 	checkPoint.ThisTimeLineID = ThisTimeLineID;
 	checkPoint.time = time(NULL);
@@ -5886,6 +5895,11 @@ CreateCheckPoint(int flags)
 	 */
 	END_CRIT_SECTION();
+	/*
+	 * Let smgr do post-checkpoint cleanup (eg, deleting old files).
+	 */
+	smgrpostckpt();
 	/*
 	 * Delete old log files (those no longer needed even for previous
 	 * checkpoint).

--- a/src/backend/commands/tablespace.c
+++ b/src/backend/commands/tablespace.c
@@ -37,7 +37,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/commands/tablespace.c,v 1.49 2007/08/01 22:45:08 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/commands/tablespace.c,v 1.50 2007/11/15 20:36:40 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -57,6 +57,7 @@
 #include "commands/comment.h"
 #include "commands/tablespace.h"
 #include "miscadmin.h"
+#include "postmaster/bgwriter.h"
 #include "storage/fd.h"
 #include "utils/acl.h"
 #include "utils/builtins.h"
@@ -460,13 +461,29 @@ DropTableSpace(DropTableSpaceStmt *stmt)
 	LWLockAcquire(TablespaceCreateLock, LW_EXCLUSIVE);
 	/*
-	 * Try to remove the physical infrastructure
+	 * Try to remove the physical infrastructure. 
 	 */
 	if (!remove_tablespace_directories(tablespaceoid, false))
-		ereport(ERROR,
+	{
-				(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
+		/*
-				 errmsg("tablespace \"%s\" is not empty",
+		 * Not all files deleted?  However, there can be lingering empty files
-						tablespacename)));
+		 * in the directories, left behind by for example DROP TABLE, that
+		 * have been scheduled for deletion at next checkpoint (see comments
+		 * in mdunlink() for details).  We could just delete them immediately,
+		 * but we can't tell them apart from important data files that we
+		 * mustn't delete.  So instead, we force a checkpoint which will clean
+		 * out any lingering files, and try again.
+		 */
+		RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT);
+		if (!remove_tablespace_directories(tablespaceoid, false))
+		{
+			/* Still not empty, the files must be important then */
+			ereport(ERROR,
+					(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
+					 errmsg("tablespace \"%s\" is not empty",
+							tablespacename)));
+		}
+	}
 	/* Record the filesystem change in XLOG */
 	{

--- a/src/backend/storage/smgr/md.c
+++ b/src/backend/storage/smgr/md.c
--- a/src/backend/storage/smgr/smgr.c
+++ b/src/backend/storage/smgr/smgr.c
@@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/storage/smgr/smgr.c,v 1.106 2007/09/05 18:10:48 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/storage/smgr/smgr.c,v 1.107 2007/11/15 20:36:40 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -55,9 +55,11 @@ typedef struct f_smgr
 	void		(*smgr_truncate) (SMgrRelation reln, BlockNumber nblocks,
 								  bool isTemp);
 	void		(*smgr_immedsync) (SMgrRelation reln);
-	void		(*smgr_commit) (void);	/* may be NULL */
+	void		(*smgr_commit) (void);		/* may be NULL */
-	void		(*smgr_abort) (void);	/* may be NULL */
+	void		(*smgr_abort) (void);		/* may be NULL */
-	void		(*smgr_sync) (void);	/* may be NULL */
+	void		(*smgr_pre_ckpt) (void);	/* may be NULL */
+	void		(*smgr_sync) (void);		/* may be NULL */
+	void		(*smgr_post_ckpt) (void);	/* may be NULL */
 } f_smgr;
@@ -65,7 +67,7 @@ static const f_smgr smgrsw[] = {
 	/* magnetic disk */
 	{mdinit, NULL, mdclose, mdcreate, mdunlink, mdextend,
 		mdread, mdwrite, mdnblocks, mdtruncate, mdimmedsync,
-		NULL, NULL, mdsync
+		NULL, NULL, mdpreckpt, mdsync, mdpostckpt
 	}
 };
@@ -778,7 +780,22 @@ smgrabort(void)
 }
 /*
- *	smgrsync() -- Sync files to disk at checkpoint time.
+ *	smgrpreckpt() -- Prepare for checkpoint.
+ */
+void
+smgrpreckpt(void)
+{
+	int			i;
+	for (i = 0; i < NSmgr; i++)
+	{
+		if (smgrsw[i].smgr_pre_ckpt)
+			(*(smgrsw[i].smgr_pre_ckpt)) ();
+	}
+}
+/*
+ *	smgrsync() -- Sync files to disk during checkpoint.
 */
 void
 smgrsync(void)
@@ -792,6 +809,21 @@ smgrsync(void)
 	}
 }
+/*
+ *	smgrpostckpt() -- Post-checkpoint cleanup.
+ */
+void
+smgrpostckpt(void)
+{
+	int			i;
+	for (i = 0; i < NSmgr; i++)
+	{
+		if (smgrsw[i].smgr_post_ckpt)
+			(*(smgrsw[i].smgr_post_ckpt)) ();
+	}
+}
 void
 smgr_redo(XLogRecPtr lsn, XLogRecord *record)

--- a/src/include/storage/smgr.h
+++ b/src/include/storage/smgr.h
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2007, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/storage/smgr.h,v 1.59 2007/09/05 18:10:48 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/storage/smgr.h,v 1.60 2007/11/15 20:36:40 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -83,7 +83,9 @@ extern void AtSubAbort_smgr(void);
 extern void PostPrepare_smgr(void);
 extern void smgrcommit(void);
 extern void smgrabort(void);
+extern void smgrpreckpt(void);
 extern void smgrsync(void);
+extern void smgrpostckpt(void);
 extern void smgr_redo(XLogRecPtr lsn, XLogRecord *record);
 extern void smgr_desc(StringInfo buf, uint8 xl_info, char *rec);
@@ -104,7 +106,9 @@ extern void mdwrite(SMgrRelation reln, BlockNumber blocknum, char *buffer,
 extern BlockNumber mdnblocks(SMgrRelation reln);
 extern void mdtruncate(SMgrRelation reln, BlockNumber nblocks, bool isTemp);
 extern void mdimmedsync(SMgrRelation reln);
+extern void mdpreckpt(void);
 extern void mdsync(void);
+extern void mdpostckpt(void);
 extern void RememberFsyncRequest(RelFileNode rnode, BlockNumber segno);
 extern void ForgetRelationFsyncRequests(RelFileNode rnode);