Move truncate to cfs_mmap to avoid SIGSEGV in case of recovery of CFS map file with zero length

knizhnik · knizhnik · commit e6c29f0e0e2c · 2017-02-14T10:42:53.000+03:00
diff --git a/src/backend/storage/file/cfs.c b/src/backend/storage/file/cfs.c
@@ -55,6 +55,7 @@
 #include "utils/resowner_private.h"
 #include "postmaster/bgworker.h"
 
+
 /*
  * GUC variable that defines compression level.
  * 0 - no compression, 1 - max speed,
@@ -417,15 +418,21 @@ int cfs_msync(FileMap* map)
 FileMap* cfs_mmap(int md)
 {
 	FileMap* map;
+	if (ftruncate(md, sizeof(FileMap)) != 0) 
+	{
+		return (FileMap*)MAP_FAILED;
+	}
+	
 #ifdef WIN32
-	HANDLE mh = CreateFileMapping(_get_osfhandle(md), NULL, PAGE_READWRITE, 
+	{
+		HANDLE mh = CreateFileMapping(_get_osfhandle(md), NULL, PAGE_READWRITE, 
 								  0, (DWORD)sizeof(FileMap), NULL);
-	if (mh == NULL)
-		return (FileMap*)MAP_FAILED;
-
-	map = (FileMap*)MapViewOfFile(mh, FILE_MAP_ALL_ACCESS, 0, 0, 0); 
-	CloseHandle(mh);
+		if (mh == NULL)
+			return (FileMap*)MAP_FAILED;
 
+		map = (FileMap*)MapViewOfFile(mh, FILE_MAP_ALL_ACCESS, 0, 0, 0); 
+		CloseHandle(mh);
+	}
 	if (map == NULL)
 		return (FileMap*)MAP_FAILED;
 
@@ -533,17 +540,44 @@ static bool cfs_write_file(int fd, void const* data, uint32 size)
 void cfs_lock_file(FileMap* map, char const* file_path)
 {
 	long delay = CFS_LOCK_MIN_TIMEOUT;
+	int n_attempts = 0;
 
 	while (true)
 	{
 		uint64 count = pg_atomic_fetch_add_u32(&map->lock, 1);
+		bool revokeLock = false;
 
 		if (count < CFS_GC_LOCK)
 			break;
-
-		if (InRecovery)
+		
+		if (InRecovery) 
+		{
+			revokeLock = true;
+		} 
+		else 
 		{
-			/* Uhhh... looks like last GC was interrupted.
+			if (!pg_atomic_unlocked_test_flag(&cfs_state->gc_started))
+			{
+				if (++n_attempts > MAX_LOCK_ATTEMPTS) 
+				{
+					/* So there is GC lock, but no active GC process during MAX_LOCK_ATTEMPTS.
+					 * Most likely it means that GC is crashed (may be together with other postgres processes or even OS)
+					 * without releasing lock. And for some reasons recovery was not performed and this page left locked.
+					 * We should revoke the the lock to allow access to this segment.
+					 */
+					revokeLock = true;
+				}
+			}
+			else
+			{
+				n_attempts = 0; /* Reset counter of attempts because GC is in progress */
+			}
+		}
+		if (revokeLock 
+            /* use gc_started flag to prevent race condition with other backends and GC */
+			&& pg_atomic_test_set_flag(&cfs_state->gc_started)) 
+		{
+			/* Ugggh... looks like last GC was interrupted.
 			 * Try to recover the file.
 			 */
 			char* map_bck_path = psprintf("%s.cfm.bck", file_path);
@@ -565,18 +599,20 @@ void cfs_lock_file(FileMap* map, char const* file_path)
 			else
 			{
 				/* Presence of backup file means that we still have
-				 * unchanged data and map files. Just remove backup files,
-				 * grab lock and continue processing
+				 * unchanged data and map files. Just remove backup files and 
+				 * revoke GC lock.
 				 */
 				unlink(file_bck_path);
 				unlink(map_bck_path);
 			}
 
+			pg_atomic_clear_flag(&cfs_state->gc_started);
+			count = pg_atomic_fetch_sub_u32(&map->lock, CFS_GC_LOCK); /* revoke GC lock */
+			Assert((int)count > 0);
 			pfree(file_bck_path);
 			pfree(map_bck_path);
 			break;
-		}
-
+		} 
 		pg_atomic_fetch_sub_u32(&map->lock, 1);
 		pg_usleep(delay);
 		if (delay < CFS_LOCK_MAX_TIMEOUT)
diff --git a/src/backend/storage/file/fd.c b/src/backend/storage/file/fd.c
@@ -1322,9 +1322,6 @@ PathNameOpenFile(FileName fileName, int fileFlags, int fileMode)
 			goto io_error;
 		}
 
-		if (ftruncate(vfdP->md, sizeof(FileMap)) != 0)
-			elog(LOG, "OPEN MAP ftruncate FAILED: %d", errno);
-
 		vfdP->map = cfs_mmap(vfdP->md);
 		if (vfdP->map == MAP_FAILED)
 		{
diff --git a/src/include/storage/cfs.h b/src/include/storage/cfs.h
@@ -15,6 +15,15 @@
 #define CFS_DISABLE_TIMEOUT  1000   /* milliseconds */
 #define CFS_ESTIMATE_PROBES  10
 
+/* 
+ * Maximal number of attempts backend should perform to lock file segment.
+ * If during all this attempts gc_started flag is not set (it means that no GC is active at this moment),
+ * then it means that for some reasons GC process was crashed (may be together with other postgres processes or even OS)
+ * without releasing lock. And for some reasons recovery was not performed and this page left locked. Цe should revoke this lock
+ * to allow access to this database segment.
+ */
+#define MAX_LOCK_ATTEMPTS 100
+
 /* Maximal size of buffer for compressing (size) bytes where (size) is equal to PostgreSQL page size.
  * Some compression algorithms requires to provide buffer large enough for worst case and immediately returns error is buffer is not enough.
  * Accurate calculation of required buffer size is not needed here and doubling buffer size works for all used compression algorithms. */

Original file line number	Diff line number	Diff line change
`@@ -1322,9 +1322,6 @@ PathNameOpenFile(FileName fileName, int fileFlags, int fileMode)`
`1322`	`1322`	`goto io_error;`
`1323`	`1323`	`}`
`1324`	`1324`
`1325`		`- if (ftruncate(vfdP->md, sizeof(FileMap)) != 0)`
`1326`		`- elog(LOG, "OPEN MAP ftruncate FAILED: %d", errno);`
`1327`		`-`
`1328`	`1325`	`vfdP->map = cfs_mmap(vfdP->md);`
`1329`	`1326`	`if (vfdP->map == MAP_FAILED)`
`1330`	`1327`	`{`