pgsql: Add safeguards for pg_fsync() called with incorrectly-opened fds

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: pgsql-committers(at)lists(dot)postgresql(dot)org
Subject: pgsql: Add safeguards for pg_fsync() called with incorrectly-opened fds
Date: 2019-11-26 04:33:42
Message-ID: E1iZSXm-0008Mn-Rs@gemulon.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Add safeguards for pg_fsync() called with incorrectly-opened fds

On some platforms, fsync() returns EBADFD when opening a file descriptor
with O_RDONLY (read-only), leading ultimately now to a PANIC to prevent
data corruption.

This commit adds a new sanity check in pg_fsync() based on fcntl() to
make sure that we don't repeat again mistakes with incorrectly-set file
descriptors so as problems are detected at an early stage. Without
that, such errors could only be detected after running Postgres on a
specific supported platform for the culprit code path, which could take
some time before being found. b8e19b93 was a fix for such a problem,
which got undetected for more than 5 years, and a586cc4b fixed another
similar issue.

Note that the new check added works as well when fsync=off is
configured, so as all regression tests would detect problems as long as
assertions are enabled. fcntl() being not available on Windows, the
new checks do not happen there.

Author: Michael Paquier
Reviewed-by: Mark Dilger
Discussion: https://postgr.es/m/20191009062640.GB21379@paquier.xyz

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/12198239c0a5122e29619d50f76f89adc5bc7ade

Modified Files
--------------
src/backend/storage/file/fd.c | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)

Browse pgsql-committers by date

  From Date Subject
Next Message Michael Paquier 2019-11-26 04:41:10 Re: pgsql: Use native methods to open input in TestLib::slurp_file on Windo
Previous Message Amit Kapila 2019-11-26 04:25:48 pgsql: Don't shut down Gather[Merge] early under Limit.