Log the creation of an init fork unconditionally.

Previously, it was thought that this only needed to be done for the
benefit of possible standbys, so wal_level = minimal skipped it.
But that's not safe, because during crash recovery we might replay
XLOG_DBASE_CREATE or XLOG_TBLSPC_CREATE record which recursively
removes the directory that contains the new init fork.  So log it
always.

The user-visible effect of this bug is that if you create a database
or tablespace, then create an unlogged table, then crash without
checkpointing, then restart, accessing the table will fail, because
the it won't have been properly reset.  This commit fixes that.

Michael Paquier, per a report from Konstantin Knizhnik.  Wording of
the comments per a suggestion from me.

diff --git a/src/backend/access/nbtree/nbtree.c b/src/backend/access/nbtree/nbtree.c
index 469c2ed83fd47a282a0f31acb6dc801888370530..e1727763d8afb3f4a4dafd3a871cd935cb089252 100644 (file)
--- a/src/backend/access/nbtree/nbtree.c
+++ b/src/backend/access/nbtree/nbtree.c
@@ -208,13 +208,18 @@ btbuildempty(PG_FUNCTION_ARGS)
    metapage = (Page) palloc(BLCKSZ);
    _bt_initmetapage(metapage, P_NONE, 0);
 
-   /* Write the page.  If archiving/streaming, XLOG it. */
+   /*
+    * Write the page and log it.  It might seem that an immediate sync
+    * would be sufficient to guarantee that the file exists on disk, but
+    * recovery itself might remove it while replaying, for example, an
+    * XLOG_DBASE_CREATE or XLOG_TBLSPC_CREATE record.  Therefore, we
+    * need this even when wal_level=minimal.
+    */
    PageSetChecksumInplace(metapage, BTREE_METAPAGE);
    smgrwrite(index->rd_smgr, INIT_FORKNUM, BTREE_METAPAGE,
              (char *) metapage, true);
-   if (XLogIsNeeded())
-       log_newpage(&index->rd_smgr->smgr_rnode.node, INIT_FORKNUM,
-                   BTREE_METAPAGE, metapage, false);
+   log_newpage(&index->rd_smgr->smgr_rnode.node, INIT_FORKNUM,
+               BTREE_METAPAGE, metapage, false);
 
    /*
     * An immediate sync is required even if we xlog'd the page, because the

diff --git a/src/backend/access/spgist/spginsert.c b/src/backend/access/spgist/spginsert.c
index a4408f03bd365d4784858d5df6a6524a0f8a543a..cf3d11c34cbc090133fd3846776d88f03aa07911 100644 (file)
--- a/src/backend/access/spgist/spginsert.c
+++ b/src/backend/access/spgist/spginsert.c
@@ -163,13 +163,18 @@ spgbuildempty(PG_FUNCTION_ARGS)
    page = (Page) palloc(BLCKSZ);
    SpGistInitMetapage(page);
 
-   /* Write the page.  If archiving/streaming, XLOG it. */
+   /*
+    * Write the page and log it unconditionally.  This is important
+    * particularly for indexes created on tablespaces and databases
+    * whose creation happened after the last redo pointer as recovery
+    * removes any of their existing content when the corresponding
+    * create records are replayed.
+    */
    PageSetChecksumInplace(page, SPGIST_METAPAGE_BLKNO);
    smgrwrite(index->rd_smgr, INIT_FORKNUM, SPGIST_METAPAGE_BLKNO,
              (char *) page, true);
-   if (XLogIsNeeded())
-       log_newpage(&index->rd_smgr->smgr_rnode.node, INIT_FORKNUM,
-                   SPGIST_METAPAGE_BLKNO, page, false);
+   log_newpage(&index->rd_smgr->smgr_rnode.node, INIT_FORKNUM,
+               SPGIST_METAPAGE_BLKNO, page, false);
 
    /* Likewise for the root page. */
    SpGistInitPage(page, SPGIST_LEAF);
@@ -177,9 +182,8 @@ spgbuildempty(PG_FUNCTION_ARGS)
    PageSetChecksumInplace(page, SPGIST_ROOT_BLKNO);
    smgrwrite(index->rd_smgr, INIT_FORKNUM, SPGIST_ROOT_BLKNO,
              (char *) page, true);
-   if (XLogIsNeeded())
-       log_newpage(&index->rd_smgr->smgr_rnode.node, INIT_FORKNUM,
-                   SPGIST_ROOT_BLKNO, page, true);
+   log_newpage(&index->rd_smgr->smgr_rnode.node, INIT_FORKNUM,
+               SPGIST_ROOT_BLKNO, page, true);
 
    /* Likewise for the null-tuples root page. */
    SpGistInitPage(page, SPGIST_LEAF | SPGIST_NULLS);
@@ -187,9 +191,8 @@ spgbuildempty(PG_FUNCTION_ARGS)
    PageSetChecksumInplace(page, SPGIST_NULL_BLKNO);
    smgrwrite(index->rd_smgr, INIT_FORKNUM, SPGIST_NULL_BLKNO,
              (char *) page, true);
-   if (XLogIsNeeded())
-       log_newpage(&index->rd_smgr->smgr_rnode.node, INIT_FORKNUM,
-                   SPGIST_NULL_BLKNO, page, true);
+   log_newpage(&index->rd_smgr->smgr_rnode.node, INIT_FORKNUM,
+               SPGIST_NULL_BLKNO, page, true);
 
    /*
     * An immediate sync is required even if we xlog'd the pages, because the

diff --git a/src/backend/catalog/heap.c b/src/backend/catalog/heap.c
index 3a8cf53646a6e106c2125a1e19ffe0a1b1d57412..5cc9697a8f29a08ceb17555da8f8271c11f96e3e 100644 (file)
--- a/src/backend/catalog/heap.c
+++ b/src/backend/catalog/heap.c
@@ -1355,18 +1355,19 @@ heap_create_with_catalog(const char *relname,
 
 /*
  * Set up an init fork for an unlogged table so that it can be correctly
- * reinitialized on restart.  Since we're going to do an immediate sync, we
- * only need to xlog this if archiving or streaming is enabled.  And the
- * immediate sync is required, because otherwise there's no guarantee that
- * this will hit the disk before the next checkpoint moves the redo pointer.
+ * reinitialized on restart.  An immediate sync is required even if the
+ * page has been logged, because the write did not go through
+ * shared_buffers and therefore a concurrent checkpoint may have moved
+ * the redo pointer past our xlog record.  Recovery may as well remove it
+ * while replaying, for example, XLOG_DBASE_CREATE or XLOG_TBLSPC_CREATE
+ * record. Therefore, logging is necessary even if wal_level=minimal.
  */
 void
 heap_create_init_fork(Relation rel)
 {
    RelationOpenSmgr(rel);
    smgrcreate(rel->rd_smgr, INIT_FORKNUM, false);
-   if (XLogIsNeeded())
-       log_smgrcreate(&rel->rd_smgr->smgr_rnode.node, INIT_FORKNUM);
+   log_smgrcreate(&rel->rd_smgr->smgr_rnode.node, INIT_FORKNUM);
    smgrimmedsync(rel->rd_smgr, INIT_FORKNUM);
 }