diff options
| author | Andres Freund | 2023-07-13 20:03:33 +0000 |
|---|---|---|
| committer | Andres Freund | 2023-07-13 20:03:33 +0000 |
| commit | d11efe83038538a7b5169c679ceee457f5753877 (patch) | |
| tree | 8cad902b4c97a2931785d16a8e06f454fe021a0c /src/include | |
| parent | e246fd42363fcfd61cb98fb338c307e52747973f (diff) | |
Handle DROP DATABASE getting interrupted
Until now, when DROP DATABASE got interrupted in the wrong moment, the removal
of the pg_database row would also roll back, even though some irreversible
steps have already been taken. E.g. DropDatabaseBuffers() might have thrown
out dirty buffers, or files could have been unlinked. But we continued to
allow connections to such a corrupted database.
To fix this, mark databases invalid with an in-place update, just before
starting to perform irreversible steps. As we can't add a new column in the
back branches, we use pg_database.datconnlimit = -2 for this purpose.
An invalid database cannot be connected to anymore, but can still be
dropped.
Unfortunately we can't easily add output to psql's \l to indicate that some
database is invalid, it doesn't fit in any of the existing columns.
Add tests verifying that a interrupted DROP DATABASE is handled correctly in
the backend and in various tools.
Reported-by: Evgeny Morozov <postgresql3@realityexists.net>
Author: Andres Freund <andres@anarazel.de>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Thomas Munro <thomas.munro@gmail.com>
Discussion: https://postgr.es/m/20230509004637.cgvmfwrbht7xm7p6@awork3.anarazel.de
Discussion: https://postgr.es/m/20230314174521.74jl6ffqsee5mtug@awork3.anarazel.de
Backpatch: 11-, bug present in all supported versions
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/catalog/pg_database.h | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/include/catalog/pg_database.h b/src/include/catalog/pg_database.h index d3de45821c2..acba8a3943a 100644 --- a/src/include/catalog/pg_database.h +++ b/src/include/catalog/pg_database.h @@ -52,7 +52,10 @@ CATALOG(pg_database,1262,DatabaseRelationId) BKI_SHARED_RELATION BKI_ROWTYPE_OID /* new connections allowed? */ bool datallowconn; - /* max connections allowed (-1=no limit) */ + /* + * Max connections allowed. Negative values have special meaning, see + * DATCONNLIMIT_* defines below. + */ int32 datconnlimit; /* highest OID to consider a system OID */ @@ -89,4 +92,19 @@ DECLARE_UNIQUE_INDEX(pg_database_datname_index, 2671, on pg_database using btree DECLARE_UNIQUE_INDEX_PKEY(pg_database_oid_index, 2672, on pg_database using btree(oid oid_ops)); #define DatabaseOidIndexId 2672 +/* + * Special values for pg_database.datconnlimit. Normal values are >= 0. + */ +#define DATCONNLIMIT_UNLIMITED -1 /* no limit */ + +/* + * A database is set to invalid partway through being dropped. Using + * datconnlimit=-2 for this purpose isn't particularly clean, but is + * backpatchable. + */ +#define DATCONNLIMIT_INVALID_DB -2 + +extern bool database_is_invalid_form(Form_pg_database datform); +extern bool database_is_invalid_oid(Oid dboid); + #endif /* PG_DATABASE_H */ |