Add code to prevent transaction ID wraparound by enforcing a safe limit

in GetNewTransactionId(). Since the limit value has to be computed before we run any real transactions, this requires adding code to database startup to scan pg_database and determine the oldest datfrozenxid. This can conveniently be combined with the first stage of an attack on the problem that the 'flat file' copies of pg_shadow and pg_group are not properly updated during WAL recovery. The code I've added to startup resides in a new file src/backend/utils/init/flatfiles.c, and it is responsible for rewriting the flat files as well as initializing the XID wraparound limit value. This will eventually allow us to get rid of GetRawDatabaseInfo too, but we'll need an initdb so we can add a trigger to pg_database.
2025-10-22 14:32:25 +03:00 · 2005-02-20 02:22:07 +00:00
parent 617d16f4ff
commit 60b2444cc3
15 changed files with 1191 additions and 571 deletions
--- a/src/include/access/transam.h
+++ b/src/include/access/transam.h
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/access/transam.h,v 1.51 2004/12/31 22:03:21 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/access/transam.h,v 1.52 2005/02/20 02:22:03 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -75,13 +75,21 @@

 /*
 * VariableCache is placed in shmem and used by
- * backends to get next available XID & OID.
+ * backends to get next available OID & XID.
+ *
+ * Note: xidWrapLimit and limit_datname are not "active" values, but are
+ * used just to generate useful messages when xidWarnLimit or xidStopLimit
+ * are exceeded.
 */
 typedef struct VariableCacheData
 {
-	TransactionId nextXid;		/* next XID to assign */
 	Oid			nextOid;		/* next OID to assign */
 	uint32		oidCount;		/* OIDs available before must do XLOG work */
+	TransactionId nextXid;		/* next XID to assign */
+	TransactionId xidWarnLimit;	/* start complaining here */
+	TransactionId xidStopLimit;	/* refuse to advance nextXid beyond here */
+	TransactionId xidWrapLimit;	/* where the world ends */
+	NameData	limit_datname;	/* database that needs vacuumed first */
 } VariableCacheData;

 typedef VariableCacheData *VariableCache;
@@ -118,6 +126,8 @@ extern bool TransactionIdFollowsOrEquals(TransactionId id1, TransactionId id2);
 /* in transam/varsup.c */
 extern TransactionId GetNewTransactionId(bool isSubXact);
 extern TransactionId ReadNewTransactionId(void);
+extern void SetTransactionIdLimit(TransactionId oldest_datfrozenxid,
+								  Name oldest_datname);
 extern Oid	GetNewObjectId(void);
 extern void CheckMaxObjectId(Oid assigned_oid);