Fix low-probability bug in relcache startup: write_irels wrote the

pg_internal.init file in-place, which meant that if another backend
started at about the same time, it might read the incomplete file.
init_irels tries to guard against that, but I have now seen a crash
due to reading bad data from a partly-written file.  (This may indicate
a kernel bug on my platform?  Not sure.)  Anyway, clearly the safest
course is to write the new pg_internal.init file under a unique temporary
filename, and rename it into place only after it's all written.

diff --git a/src/backend/utils/cache/relcache.c b/src/backend/utils/cache/relcache.c
index 6ed3b7414ed1e3ed412c2bd37c390cca8086bf1c..97ec7d300d1fdbde1decf3229ee89090aeb3463e 100644 (file)
--- a/src/backend/utils/cache/relcache.c
+++ b/src/backend/utils/cache/relcache.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/utils/cache/relcache.c,v 1.93 2000/03/17 02:36:27 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/utils/cache/relcache.c,v 1.94 2000/03/31 19:39:22 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -33,6 +33,7 @@
 #include <errno.h>
 #include <sys/file.h>
 #include <fcntl.h>
+#include <unistd.h>
 
 #include "postgres.h"
 
@@ -2266,14 +2267,26 @@ write_irels(void)
    int         i;
    int         relno;
    RelationBuildDescInfo bi;
+   char        tempfilename[MAXPGPATH];
+   char        finalfilename[MAXPGPATH];
+
+   /*
+    * We must write a temporary file and rename it into place.  Otherwise,
+    * another backend starting at about the same time might crash trying to
+    * read the partially-complete file.
+    */
+   snprintf(tempfilename, sizeof(tempfilename), "%s%c%s.%d",
+            DatabasePath, SEP_CHAR, RELCACHE_INIT_FILENAME, MyProcPid);
+   snprintf(finalfilename, sizeof(finalfilename), "%s%c%s",
+            DatabasePath, SEP_CHAR, RELCACHE_INIT_FILENAME);
 
 #ifndef __CYGWIN32__
-   fd = FileNameOpenFile(RELCACHE_INIT_FILENAME, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+   fd = PathNameOpenFile(tempfilename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
 #else
-   fd = FileNameOpenFile(RELCACHE_INIT_FILENAME, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0600);
+   fd = PathNameOpenFile(tempfilename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0600);
 #endif
    if (fd < 0)
-       elog(FATAL, "cannot create init file %s", RELCACHE_INIT_FILENAME);
+       elog(FATAL, "cannot create init file %s", tempfilename);
 
    FileSeek(fd, 0L, SEEK_SET);
 
@@ -2397,4 +2410,10 @@ write_irels(void)
    }
 
    FileClose(fd);
+
+    /*
+     * And rename the temp file to its final name, deleting any previously-
+    * existing init file.
+     */
+    rename(tempfilename, finalfilename);
 }