From 9aaa247b9e9d2aa7c70e3dd95614eac2e2c7f53f Mon Sep 17 00:00:00 2001 From: Pavan Deolasee Date: Wed, 9 May 2018 16:37:54 +0530 Subject: [PATCH 2/2] Ensure recovery is run to the end upon promotion of a standby. When a standby is promoted to be a master, if the "Minimum recovery ending location" is left unchanged, a crash in the just promoted standby before the first checkpoint after promotion is complete, can lead to recovery ending without references to all invalid pages are resolved. This results in a PANIC situation. We now set minRecoveryPoint to InvalidRecPtr upon promotion, thus forcing recovery to the end in case of a crash. Analysis and bug fix by Pavan Deolasee, with help from Alvaro Herrera. --- src/backend/access/transam/xlog.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index 47a6c4d895..26b1a91fba 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -9010,10 +9010,16 @@ CreateEndOfRecoveryRecord(void) /* * Update the control file so that crash recovery can follow the timeline * changes to this point. + * + * Set minRecoveryPoint to InvalidXLogRecPtr so that a crash will force + * redo recovery to the end of WAL. Otherwise a crash immediately after + * promotion may lead to recovery to an inconsistent point and in the worst + * case, recovery failing because of invalid page references (see + * src/test/recovery/t/006_promotion_bug.pl). */ LWLockAcquire(ControlFileLock, LW_EXCLUSIVE); ControlFile->time = (pg_time_t) time(NULL); - ControlFile->minRecoveryPoint = recptr; + ControlFile->minRecoveryPoint = InvalidXLogRecPtr; ControlFile->minRecoveryPointTLI = ThisTimeLineID; UpdateControlFile(); LWLockRelease(ControlFileLock); -- 2.14.3 (Apple Git-98)