summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Lane2017-05-29 21:08:16 +0000
committerTom Lane2017-05-29 21:08:16 +0000
commitf3db7f164a29c5cbdc1d6d5d0d23854df58783c1 (patch)
tree1002f0327b20fc11906d626aa250bd5df3b35d75
parentce509452955487c9e11d042b6a564c76600334db (diff)
Prevent running pg_resetwal/pg_resetxlog against wrong-version data dirs.
pg_resetwal (formerly pg_resetxlog) doesn't insist on finding a matching version number in pg_control, and that seems like an important thing to preserve since recovering from corrupt pg_control is a prime reason to need to run it. However, that means you can try to run it against a data directory of a different major version, which is at best useless and at worst disastrous. So as to provide some protection against that type of pilot error, inspect PG_VERSION at startup and refuse to do anything if it doesn't match. PG_VERSION is read-only after initdb, so it's unlikely to get corrupted, and even if it were corrupted it would be easy to fix by hand. This hazard has been there all along, so back-patch to all supported branches. Michael Paquier, with some kibitzing by me Discussion: https://postgr.es/m/[email protected]
-rw-r--r--doc/src/sgml/ref/pg_resetwal.sgml5
-rw-r--r--src/bin/pg_resetwal/pg_resetwal.c70
2 files changed, 74 insertions, 1 deletions
diff --git a/doc/src/sgml/ref/pg_resetwal.sgml b/doc/src/sgml/ref/pg_resetwal.sgml
index 0d93b56ddd..defaf170dc 100644
--- a/doc/src/sgml/ref/pg_resetwal.sgml
+++ b/doc/src/sgml/ref/pg_resetwal.sgml
@@ -281,6 +281,11 @@ PostgreSQL documentation
<command>pg_resetwal</command> to run. But before you do
so, make doubly certain that there is no server process still alive.
</para>
+
+ <para>
+ <command>pg_resetwal</command> works only with servers of the same
+ major version.
+ </para>
</refsect1>
<refsect1>
diff --git a/src/bin/pg_resetwal/pg_resetwal.c b/src/bin/pg_resetwal/pg_resetwal.c
index a3ecccb035..7f01067581 100644
--- a/src/bin/pg_resetwal/pg_resetwal.c
+++ b/src/bin/pg_resetwal/pg_resetwal.c
@@ -71,6 +71,7 @@ static MultiXactOffset set_mxoff = (MultiXactOffset) -1;
static uint32 minXlogTli = 0;
static XLogSegNo minXlogSegNo = 0;
+static void CheckDataVersion(void);
static bool ReadControlFile(void);
static void GuessControlValues(void);
static void PrintControlValues(bool guessed);
@@ -319,6 +320,9 @@ main(int argc, char *argv[])
exit(1);
}
+ /* Check that data directory matches our server version */
+ CheckDataVersion();
+
/*
* Check for a postmaster lock file --- if there is one, refuse to
* proceed, on grounds we might be interfering with a live installation.
@@ -453,6 +457,70 @@ main(int argc, char *argv[])
/*
+ * Look at the version string stored in PG_VERSION and decide if this utility
+ * can be run safely or not.
+ *
+ * We don't want to inject pg_control and WAL files that are for a different
+ * major version; that can't do anything good. Note that we don't treat
+ * mismatching version info in pg_control as a reason to bail out, because
+ * recovering from a corrupted pg_control is one of the main reasons for this
+ * program to exist at all. However, PG_VERSION is unlikely to get corrupted,
+ * and if it were it would be easy to fix by hand. So let's make this check
+ * to prevent simple user errors.
+ */
+static void
+CheckDataVersion(void)
+{
+ const char *ver_file = "PG_VERSION";
+ FILE *ver_fd;
+ char rawline[64];
+ int len;
+
+ if ((ver_fd = fopen(ver_file, "r")) == NULL)
+ {
+ fprintf(stderr, _("%s: could not open file \"%s\" for reading: %s\n"),
+ progname, ver_file, strerror(errno));
+ exit(1);
+ }
+
+ /* version number has to be the first line read */
+ if (!fgets(rawline, sizeof(rawline), ver_fd))
+ {
+ if (!ferror(ver_fd))
+ {
+ fprintf(stderr, _("%s: unexpected empty file \"%s\"\n"),
+ progname, ver_file);
+ }
+ else
+ {
+ fprintf(stderr, _("%s: could not read file \"%s\": %s\n"),
+ progname, ver_file, strerror(errno));
+ }
+ exit(1);
+ }
+
+ /* remove trailing newline, handling Windows newlines as well */
+ len = strlen(rawline);
+ if (len > 0 && rawline[len - 1] == '\n')
+ {
+ rawline[--len] = '\0';
+ if (len > 0 && rawline[len - 1] == '\r')
+ rawline[--len] = '\0';
+ }
+
+ if (strcmp(rawline, PG_MAJORVERSION) != 0)
+ {
+ fprintf(stderr, _("%s: data directory is of wrong version\n"
+ "File \"%s\" contains \"%s\", which is not compatible with this program's version \"%s\".\n"),
+ progname, ver_file, rawline, PG_MAJORVERSION);
+ exit(1);
+ }
+
+ fclose(ver_fd);
+}
+
+
+/*
* Try to read the existing pg_control file.
*
* This routine is also responsible for updating old pg_control versions
@@ -521,7 +589,7 @@ ReadControlFile(void)
}
/* Looks like it's a mess. */
- fprintf(stderr, _("%s: pg_control exists but is broken or unknown version; ignoring it\n"),
+ fprintf(stderr, _("%s: pg_control exists but is broken or wrong version; ignoring it\n"),
progname);
return false;
}