postgresql/src/backend
Tom Lane 17118825b8 Fix transient clobbering of shared buffers during WAL replay.
RestoreBkpBlocks was in the habit of zeroing and refilling the target
buffer; which was perfectly safe when the code was written, but is unsafe
during Hot Standby operation.  The reason is that we have coding rules
that allow backends to continue accessing a tuple in a heap relation while
holding only a pin on its buffer.  Such a backend could see transiently
zeroed data, if WAL replay had occasion to change other data on the page.
This has been shown to be the cause of bug #6425 from Duncan Rance (who
deserves kudos for developing a sufficiently-reproducible test case) as
well as Bridget Frey's re-report of bug #6200.  It most likely explains the
original report as well, though we don't yet have confirmation of that.

To fix, change the code so that only bytes that are supposed to change will
change, even transiently.  This actually saves cycles in RestoreBkpBlocks,
since it's not writing the same bytes twice.

Also fix seq_redo, which has the same disease, though it has to work a bit
harder to meet the requirement.

So far as I can tell, no other WAL replay routines have this type of bug.
In particular, the index-related replay routines, which would certainly be
broken if they had to meet the same standard, are not at risk because we
do not have coding rules that allow access to an index page when not
holding a buffer lock on it.

Back-patch to 9.0 where Hot Standby was added.
2012-02-05 15:49:17 -05:00
..
access Fix transient clobbering of shared buffers during WAL replay. 2012-02-05 15:49:17 -05:00
bootstrap Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
catalog Add sequence USAGE privileges to information schema 2012-01-30 21:45:42 +02:00
commands Fix transient clobbering of shared buffers during WAL replay. 2012-02-05 15:49:17 -05:00
executor Allow SQL-language functions to reference parameters by name. 2012-02-04 19:23:49 -05:00
foreign Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
lib Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
libpq initdb: Add options --auth-local and --auth-host 2012-02-01 21:18:55 +02:00
main Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
nodes Use parameterized paths to generate inner indexscans more flexibly. 2012-01-27 19:26:38 -05:00
optimizer Allow spgist's text_ops to handle pattern-matching operators. 2012-02-02 13:10:56 -05:00
parser ALTER <thing> [IF EXISTS] ... allows silent DDL if required, 2012-01-23 23:25:04 +00:00
po Translation updates 2011-08-17 14:07:46 +03:00
port Fix poll() implementation of WaitLatchOrSocket to notice postmaster death. 2012-01-15 22:08:03 +02:00
postmaster Minor bug fix and cleanup from self-review of sync rep queues patch. 2012-01-30 14:36:17 +00:00
regex Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
replication Minor bug fix and cleanup from self-review of sync rep queues patch. 2012-01-30 14:36:17 +00:00
rewrite Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
snowball Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
storage Add missing Assert and fix inaccurate elog message in standby_redo(). 2012-02-04 22:32:35 -05:00
tcop ALTER <thing> [IF EXISTS] ... allows silent DDL if required, 2012-01-23 23:25:04 +00:00
tsearch Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
utils Add array_to_json and row_to_json functions. 2012-02-03 12:11:16 -05:00
.gitignore Add gitignore for mingw/cygwin build outputs 2011-06-09 18:11:47 +02:00
Makefile Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
common.mk Workaround for recursive make breakage 2011-01-13 09:32:06 +02:00
nls.mk Sort file list when creating gettext-files 2011-12-27 20:20:56 +02:00