Commit ebfe2dbd authored by Alvaro Herrera's avatar Alvaro Herrera

Prevent drop of tablespaces used by partitioned relations

When a tablespace is used in a partitioned relation (per commits
ca410302 in pg12 for tables and 33e6c34c3267 in pg11 for indexes),
it is possible to drop the tablespace, potentially causing various
problems.  One such was reported in bug #16577, where a rewriting ALTER
TABLE causes a server crash.

Protect against this by using pg_shdepend to keep track of tablespaces
when used for relations that don't keep physical files; we now abort a
tablespace if we see that the tablespace is referenced from any
partitioned relations.

Backpatch this to 11, where this problem has been latent all along.  We
don't try to create pg_shdepend entries for existing partitioned
indexes/tables, but any ones that are modified going forward will be
protected.

Note slight behavior change: when trying to drop a tablespace that
contains both regular tables as well as partitioned ones, you'd
previously get ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE and now you'll
get ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST.  Arguably, the latter is more
correct.

It is possible to add protecting pg_shdepend entries for existing
tables/indexes, by doing
  ALTER TABLE ONLY some_partitioned_table SET TABLESPACE pg_default;
  ALTER TABLE ONLY some_partitioned_table SET TABLESPACE original_tablespace;
for each partitioned table/index that is not in the database default
tablespace.  Because these partitioned objects do not have storage, no
file needs to be actually moved, so it shouldn't take more time than
what's required to acquire locks.

This query can be used to search for such relations:
SELECT ... FROM pg_class WHERE relkind IN ('p', 'I') AND reltablespace <> 0
Reported-by: default avatarAlexander Lakhin <exclusion@gmail.com>
Discussion: https://postgr.es/m/16577-881633a9f9894fd5@postgresql.org
Author: Álvaro Herrera <alvherre@alvh.no-ip.org>
Reviewed-by: default avatarMichael Paquier <michael@paquier.xyz>
parent 424d7a9b
...@@ -6849,10 +6849,21 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l ...@@ -6849,10 +6849,21 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><symbol>SHARED_DEPENDENCY_TABLESPACE</symbol> (<literal>t</literal>)</term>
<listitem>
<para>
The referenced object (which must be a tablespace) is mentioned as
the tablespace for a relation that doesn't have storage.
</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
Other dependency flavors might be needed in future. Note in particular Other dependency flavors might be needed in future. Note in particular
that the current definition only supports roles as referenced objects. that the current definition only supports roles and tablespaces as referenced
objects.
</para> </para>
</sect1> </sect1>
......
...@@ -440,6 +440,15 @@ heap_create(const char *relname, ...@@ -440,6 +440,15 @@ heap_create(const char *relname,
} }
} }
/*
* If a tablespace is specified, removal of that tablespace is normally
* protected by the existence of a physical file; but for relations with
* no files, add a pg_shdepend entry to account for that.
*/
if (!create_storage && reltablespace != InvalidOid)
recordDependencyOnTablespace(RelationRelationId, relid,
reltablespace);
return rel; return rel;
} }
......
...@@ -59,6 +59,7 @@ ...@@ -59,6 +59,7 @@
#include "commands/schemacmds.h" #include "commands/schemacmds.h"
#include "commands/subscriptioncmds.h" #include "commands/subscriptioncmds.h"
#include "commands/tablecmds.h" #include "commands/tablecmds.h"
#include "commands/tablespace.h"
#include "commands/typecmds.h" #include "commands/typecmds.h"
#include "miscadmin.h" #include "miscadmin.h"
#include "storage/lmgr.h" #include "storage/lmgr.h"
...@@ -186,11 +187,14 @@ recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner) ...@@ -186,11 +187,14 @@ recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
* *
* There must be no more than one existing entry for the given dependent * There must be no more than one existing entry for the given dependent
* object and dependency type! So in practice this can only be used for * object and dependency type! So in practice this can only be used for
* updating SHARED_DEPENDENCY_OWNER entries, which should have that property. * updating SHARED_DEPENDENCY_OWNER and SHARED_DEPENDENCY_TABLESPACE
* entries, which should have that property.
* *
* If there is no previous entry, we assume it was referencing a PINned * If there is no previous entry, we assume it was referencing a PINned
* object, so we create a new entry. If the new referenced object is * object, so we create a new entry. If the new referenced object is
* PINned, we don't create an entry (and drop the old one, if any). * PINned, we don't create an entry (and drop the old one, if any).
* (For tablespaces, we don't record dependencies in certain cases, so
* there are other possible reasons for entries to be missing.)
* *
* sdepRel must be the pg_shdepend relation, already opened and suitably * sdepRel must be the pg_shdepend relation, already opened and suitably
* locked. * locked.
...@@ -344,6 +348,58 @@ changeDependencyOnOwner(Oid classId, Oid objectId, Oid newOwnerId) ...@@ -344,6 +348,58 @@ changeDependencyOnOwner(Oid classId, Oid objectId, Oid newOwnerId)
table_close(sdepRel, RowExclusiveLock); table_close(sdepRel, RowExclusiveLock);
} }
/*
* recordDependencyOnTablespace
*
* A convenient wrapper of recordSharedDependencyOn -- register the specified
* tablespace as default for the given object.
*
* Note: it's the caller's responsibility to ensure that there isn't a
* tablespace entry for the object already.
*/
void
recordDependencyOnTablespace(Oid classId, Oid objectId, Oid tablespace)
{
ObjectAddress myself,
referenced;
ObjectAddressSet(myself, classId, objectId);
ObjectAddressSet(referenced, TableSpaceRelationId, tablespace);
recordSharedDependencyOn(&myself, &referenced,
SHARED_DEPENDENCY_TABLESPACE);
}
/*
* changeDependencyOnTablespace
*
* Update the shared dependencies to account for the new tablespace.
*
* Note: we don't need an objsubid argument because only whole objects
* have tablespaces.
*/
void
changeDependencyOnTablespace(Oid classId, Oid objectId, Oid newTablespaceId)
{
Relation sdepRel;
sdepRel = table_open(SharedDependRelationId, RowExclusiveLock);
if (newTablespaceId != DEFAULTTABLESPACE_OID &&
newTablespaceId != InvalidOid)
shdepChangeDep(sdepRel,
classId, objectId, 0,
TableSpaceRelationId, newTablespaceId,
SHARED_DEPENDENCY_TABLESPACE);
else
shdepDropDependency(sdepRel,
classId, objectId, 0, true,
InvalidOid, InvalidOid,
SHARED_DEPENDENCY_INVALID);
table_close(sdepRel, RowExclusiveLock);
}
/* /*
* getOidListDiff * getOidListDiff
* Helper for updateAclDependencies. * Helper for updateAclDependencies.
...@@ -1121,13 +1177,6 @@ shdepLockAndCheckObject(Oid classId, Oid objectId) ...@@ -1121,13 +1177,6 @@ shdepLockAndCheckObject(Oid classId, Oid objectId)
objectId))); objectId)));
break; break;
/*
* Currently, this routine need not support any other shared
* object types besides roles. If we wanted to record explicit
* dependencies on databases or tablespaces, we'd need code along
* these lines:
*/
#ifdef NOT_USED
case TableSpaceRelationId: case TableSpaceRelationId:
{ {
/* For lack of a syscache on pg_tablespace, do this: */ /* For lack of a syscache on pg_tablespace, do this: */
...@@ -1141,7 +1190,6 @@ shdepLockAndCheckObject(Oid classId, Oid objectId) ...@@ -1141,7 +1190,6 @@ shdepLockAndCheckObject(Oid classId, Oid objectId)
pfree(tablespace); pfree(tablespace);
break; break;
} }
#endif
case DatabaseRelationId: case DatabaseRelationId:
{ {
...@@ -1201,6 +1249,8 @@ storeObjectDescription(StringInfo descs, ...@@ -1201,6 +1249,8 @@ storeObjectDescription(StringInfo descs,
appendStringInfo(descs, _("privileges for %s"), objdesc); appendStringInfo(descs, _("privileges for %s"), objdesc);
else if (deptype == SHARED_DEPENDENCY_POLICY) else if (deptype == SHARED_DEPENDENCY_POLICY)
appendStringInfo(descs, _("target of %s"), objdesc); appendStringInfo(descs, _("target of %s"), objdesc);
else if (deptype == SHARED_DEPENDENCY_TABLESPACE)
appendStringInfo(descs, _("tablespace for %s"), objdesc);
else else
elog(ERROR, "unrecognized dependency type: %d", elog(ERROR, "unrecognized dependency type: %d",
(int) deptype); (int) deptype);
......
...@@ -13340,6 +13340,10 @@ ATExecSetTableSpaceNoStorage(Relation rel, Oid newTableSpace) ...@@ -13340,6 +13340,10 @@ ATExecSetTableSpaceNoStorage(Relation rel, Oid newTableSpace)
rd_rel->reltablespace = (newTableSpace == MyDatabaseTableSpace) ? InvalidOid : newTableSpace; rd_rel->reltablespace = (newTableSpace == MyDatabaseTableSpace) ? InvalidOid : newTableSpace;
CatalogTupleUpdate(pg_class, &tuple->t_self, tuple); CatalogTupleUpdate(pg_class, &tuple->t_self, tuple);
/* Record dependency on tablespace */
changeDependencyOnTablespace(RelationRelationId,
reloid, rd_rel->reltablespace);
InvokeObjectPostAlterHook(RelationRelationId, reloid, 0); InvokeObjectPostAlterHook(RelationRelationId, reloid, 0);
heap_freetuple(tuple); heap_freetuple(tuple);
......
...@@ -420,6 +420,8 @@ DropTableSpace(DropTableSpaceStmt *stmt) ...@@ -420,6 +420,8 @@ DropTableSpace(DropTableSpaceStmt *stmt)
Form_pg_tablespace spcform; Form_pg_tablespace spcform;
ScanKeyData entry[1]; ScanKeyData entry[1];
Oid tablespaceoid; Oid tablespaceoid;
char *detail;
char *detail_log;
/* /*
* Find the target tuple * Find the target tuple
...@@ -468,6 +470,16 @@ DropTableSpace(DropTableSpaceStmt *stmt) ...@@ -468,6 +470,16 @@ DropTableSpace(DropTableSpaceStmt *stmt)
aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLESPACE, aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLESPACE,
tablespacename); tablespacename);
/* Check for pg_shdepend entries depending on this tablespace */
if (checkSharedDependencies(TableSpaceRelationId, tablespaceoid,
&detail, &detail_log))
ereport(ERROR,
(errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
errmsg("tablespace \"%s\" cannot be dropped because some objects depend on it",
tablespacename),
errdetail_internal("%s", detail),
errdetail_log("%s", detail_log)));
/* DROP hook for the tablespace being removed */ /* DROP hook for the tablespace being removed */
InvokeObjectDropHook(TableSpaceRelationId, tablespaceoid, 0); InvokeObjectDropHook(TableSpaceRelationId, tablespaceoid, 0);
......
...@@ -67,6 +67,12 @@ typedef enum DependencyType ...@@ -67,6 +67,12 @@ typedef enum DependencyType
* a role mentioned in a policy object. The referenced object must be a * a role mentioned in a policy object. The referenced object must be a
* pg_authid entry. * pg_authid entry.
* *
* (e) a SHARED_DEPENDENCY_TABLESPACE entry means that the referenced
* object is a tablespace mentioned in a relation without storage. The
* referenced object must be a pg_tablespace entry. (Relations that have
* storage don't need this: they are protected by the existence of a physical
* file in the tablespace.)
*
* SHARED_DEPENDENCY_INVALID is a value used as a parameter in internal * SHARED_DEPENDENCY_INVALID is a value used as a parameter in internal
* routines, and is not valid in the catalog itself. * routines, and is not valid in the catalog itself.
*/ */
...@@ -76,6 +82,7 @@ typedef enum SharedDependencyType ...@@ -76,6 +82,7 @@ typedef enum SharedDependencyType
SHARED_DEPENDENCY_OWNER = 'o', SHARED_DEPENDENCY_OWNER = 'o',
SHARED_DEPENDENCY_ACL = 'a', SHARED_DEPENDENCY_ACL = 'a',
SHARED_DEPENDENCY_POLICY = 'r', SHARED_DEPENDENCY_POLICY = 'r',
SHARED_DEPENDENCY_TABLESPACE = 't',
SHARED_DEPENDENCY_INVALID = 0 SHARED_DEPENDENCY_INVALID = 0
} SharedDependencyType; } SharedDependencyType;
...@@ -253,6 +260,12 @@ extern void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner); ...@@ -253,6 +260,12 @@ extern void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner);
extern void changeDependencyOnOwner(Oid classId, Oid objectId, extern void changeDependencyOnOwner(Oid classId, Oid objectId,
Oid newOwnerId); Oid newOwnerId);
extern void recordDependencyOnTablespace(Oid classId, Oid objectId,
Oid tablespace);
extern void changeDependencyOnTablespace(Oid classId, Oid objectId,
Oid newTablespaceId);
extern void updateAclDependencies(Oid classId, Oid objectId, int32 objectSubId, extern void updateAclDependencies(Oid classId, Oid objectId, int32 objectSubId,
Oid ownerId, Oid ownerId,
int noldmembers, Oid *oldmembers, int noldmembers, Oid *oldmembers,
......
...@@ -249,6 +249,9 @@ CREATE TABLESPACE regress_badspace LOCATION '/no/such/location'; ...@@ -249,6 +249,9 @@ CREATE TABLESPACE regress_badspace LOCATION '/no/such/location';
-- No such tablespace -- No such tablespace
CREATE TABLE bar (i int) TABLESPACE regress_nosuchspace; CREATE TABLE bar (i int) TABLESPACE regress_nosuchspace;
-- Fail, in use for some partitioned object
DROP TABLESPACE regress_tblspace;
ALTER INDEX testschema.part_a_idx SET TABLESPACE pg_default;
-- Fail, not empty -- Fail, not empty
DROP TABLESPACE regress_tblspace; DROP TABLESPACE regress_tblspace;
......
...@@ -712,6 +712,11 @@ ERROR: directory "/no/such/location" does not exist ...@@ -712,6 +712,11 @@ ERROR: directory "/no/such/location" does not exist
-- No such tablespace -- No such tablespace
CREATE TABLE bar (i int) TABLESPACE regress_nosuchspace; CREATE TABLE bar (i int) TABLESPACE regress_nosuchspace;
ERROR: tablespace "regress_nosuchspace" does not exist ERROR: tablespace "regress_nosuchspace" does not exist
-- Fail, in use for some partitioned object
DROP TABLESPACE regress_tblspace;
ERROR: tablespace "regress_tblspace" cannot be dropped because some objects depend on it
DETAIL: tablespace for index testschema.part_a_idx
ALTER INDEX testschema.part_a_idx SET TABLESPACE pg_default;
-- Fail, not empty -- Fail, not empty
DROP TABLESPACE regress_tblspace; DROP TABLESPACE regress_tblspace;
ERROR: tablespace "regress_tblspace" is not empty ERROR: tablespace "regress_tblspace" is not empty
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment