Re: Spurious "apparent wraparound" via SimpleLruTruncate() rounding - Mailing list pgsql-hackers

From Kyotaro Horiguchi
Subject Re: Spurious "apparent wraparound" via SimpleLruTruncate() rounding
Date
Msg-id CAKPRHzJD_Y2VSJjmYZg7+8yFq6cMJVFWJURK7AXTX6OuZeuAig@mail.gmail.com
Whole thread Raw
In response to Spurious "apparent wraparound" via SimpleLruTruncate() rounding  (Noah Misch <noah@leadboat.com>)
Responses Re: Spurious "apparent wraparound" via SimpleLruTruncate() rounding
List pgsql-hackers
Sorry in advance for link-breaking message forced by gmail..

https://www.postgresql.org/message-id/flat/20190202083822.GC32531@gust.leadboat.com

> 1. The result of the test is valid only until we release the SLRU ControlLock,
>    which we do before SlruScanDirCbDeleteCutoff() uses the cutoff to evaluate
>    segments for deletion.  Once we release that lock, latest_page_number can
>    advance.  This creates a TOCTOU race condition, allowing excess deletion:
>
>
>    [local] test=# table trunc_clog_concurrency ;
>    ERROR:  could not access status of transaction 2149484247
>    DETAIL:  Could not open file "pg_xact/0801": No such file or directory.

It seems like some other vacuum process saw larger cutoff page? If I'm
not missing something, the missing page is no longer the
"recently-populated" page at the time (As I understand it as the last
page that holds valid data). Couldn't we just ignore ENOENT there?

> 2. By the time the "apparent wraparound" test fires, we've already WAL-logged
>    the truncation.  clog_redo() suppresses the "apparent wraparound" test,
>    then deletes too much.  Startup then fails:

I agree that if truncation is skipped after issuing log, it will
lead to data-loss at the next recovery. But the follwoing log..:

>    881997 2019-02-10 02:53:32.105 GMT FATAL:  could not access status of transaction 708112327
>    881997 2019-02-10 02:53:32.105 GMT DETAIL:  Could not open file "pg_xact/02A3": No such file or directory.
>    881855 2019-02-10 02:53:32.107 GMT LOG:  startup process (PID 881997) exited with exit code 1

If it came from the same reason as 1, the log is simply ignorable, so
recovery stopping by the error is unacceptable, but the ENOENT is just
ignorable for the same reason.

As the result, I agree to (a) (fix rounding), and (c) (test
wrap-around before writing WAL) but I'm not sure for others. And
additional fix for ignorable ENOENT is needed.

What do you think about this?

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center



pgsql-hackers by date:

Previous
From: Fabien COELHO
Date:
Subject: Re: pgbench - allow to create partitioned tables
Next
From: Martijn van Oosterhout
Date:
Subject: Re: [PATCH] Improve performance of NOTIFY over many databases (issueblocking on AccessExclusiveLock on object 0 of class 1262 of database 0)