diff options
| author | Tom Lane | 2005-02-20 02:22:07 +0000 |
|---|---|---|
| committer | Tom Lane | 2005-02-20 02:22:07 +0000 |
| commit | 60b2444cc3ba037630c9b940c3c9ef01b954b87b (patch) | |
| tree | 801836d707d7b2af3367b9a4fa768a44d2530a1e /src/include/access | |
| parent | 617d16f4ff4959b1615cc9f57e271629c000ccff (diff) | |
Add code to prevent transaction ID wraparound by enforcing a safe limit
in GetNewTransactionId(). Since the limit value has to be computed
before we run any real transactions, this requires adding code to database
startup to scan pg_database and determine the oldest datfrozenxid.
This can conveniently be combined with the first stage of an attack on
the problem that the 'flat file' copies of pg_shadow and pg_group are
not properly updated during WAL recovery. The code I've added to
startup resides in a new file src/backend/utils/init/flatfiles.c, and
it is responsible for rewriting the flat files as well as initializing
the XID wraparound limit value. This will eventually allow us to get
rid of GetRawDatabaseInfo too, but we'll need an initdb so we can add
a trigger to pg_database.
Diffstat (limited to 'src/include/access')
| -rw-r--r-- | src/include/access/transam.h | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/include/access/transam.h b/src/include/access/transam.h index bf52484cc43..e623c5d0006 100644 --- a/src/include/access/transam.h +++ b/src/include/access/transam.h @@ -7,7 +7,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/access/transam.h,v 1.51 2004/12/31 22:03:21 pgsql Exp $ + * $PostgreSQL: pgsql/src/include/access/transam.h,v 1.52 2005/02/20 02:22:03 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -75,13 +75,21 @@ /* * VariableCache is placed in shmem and used by - * backends to get next available XID & OID. + * backends to get next available OID & XID. + * + * Note: xidWrapLimit and limit_datname are not "active" values, but are + * used just to generate useful messages when xidWarnLimit or xidStopLimit + * are exceeded. */ typedef struct VariableCacheData { - TransactionId nextXid; /* next XID to assign */ Oid nextOid; /* next OID to assign */ uint32 oidCount; /* OIDs available before must do XLOG work */ + TransactionId nextXid; /* next XID to assign */ + TransactionId xidWarnLimit; /* start complaining here */ + TransactionId xidStopLimit; /* refuse to advance nextXid beyond here */ + TransactionId xidWrapLimit; /* where the world ends */ + NameData limit_datname; /* database that needs vacuumed first */ } VariableCacheData; typedef VariableCacheData *VariableCache; @@ -118,6 +126,8 @@ extern bool TransactionIdFollowsOrEquals(TransactionId id1, TransactionId id2); /* in transam/varsup.c */ extern TransactionId GetNewTransactionId(bool isSubXact); extern TransactionId ReadNewTransactionId(void); +extern void SetTransactionIdLimit(TransactionId oldest_datfrozenxid, + Name oldest_datname); extern Oid GetNewObjectId(void); extern void CheckMaxObjectId(Oid assigned_oid); |