Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w2iyJ-000XdC-2v for pgsql-hackers@arkaria.postgresql.org; Wed, 18 Mar 2026 04:57:42 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w2iyI-007Siw-2L for pgsql-hackers@arkaria.postgresql.org; Wed, 18 Mar 2026 04:57:30 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w2iyI-007SZN-0r for pgsql-hackers@lists.postgresql.org; Wed, 18 Mar 2026 04:57:30 +0000 Received: from fhigh-b3-smtp.messagingengine.com ([202.12.124.154]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1w2ius-00000000Ijx-2vHo for pgsql-hackers@postgresql.org; Wed, 18 Mar 2026 04:57:29 +0000 Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46]) by mailfhigh.stl.internal (Postfix) with ESMTP id B7F5D7A00AC; Wed, 18 Mar 2026 00:53:58 -0400 (EDT) Received: from phl-frontend-03 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Wed, 18 Mar 2026 00:53:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paquier.xyz; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1773809638; x=1773896038; bh=r7jBPnzmZi sPujbcIqnhHrU9JHCgZ+ezUVZwWunfIxI=; b=JBXuaHXVL+YyB0zvSMo89aFqoX HpWdWAfoHnUww7SoU9VX+O34+LKjx44UITgHhj0aV1xuy0zVume70NoWtCz9iWmG civqYXiS5Qhsj5pbsn3QrpgJqRVBDHZdAURl/TqWAEqj8/pOWdblI+ftKvHeOe3I u3+QGo0/NunwBhtjvpxXIE6Mtk/e84gTYMfZveNXUKHeGTWkmua0QIeu7JkxXEEG vToyzg3m7phEipNBfcA2q6KOtXjCSp4T4SJaJN7MxPPSVj1kFxFCS4UVIfb3+z9r Uncjk6HHbuKcqWFur39TdsmNax4tsswS/IwlZZplyCYapWgfLfTkBRlFlS3g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1773809638; x=1773896038; bh=r7jBPnzmZisPujbcIqnhHrU9JHCgZ+ezUVZ wWunfIxI=; b=JGf4+xBbj1AnOLW46PWp3pkLRz8qeglXU76XavwjF0faSNSF8KM zzpiChT4SGHNHm3yMrZMtFf90Z4fAb4debKIjs/BkQPymoqCdq1uZkHdcrWNLWIh kcoLITlo9Cbzq47cle9fljW6ciiiwQQQT5VTrGuiFvBYBb+OViGPlz8Trm4OG7KG K+NuNF4THY1NBhZjJGR4DSEcw1Q6uz3OkbFksYjp4Xs8q3suv7WXuIOCDiFZNkix onOM2a5GpysUYMVrN5431PrUw9fh90VdswO8bdFp5gFbz2sFfxC/K7F2q6BYFV/d mvhfDSWC3W4H64/C3A00RYJnBh148TNcy3w== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdeftdefvddvucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnegfrh hlucfvnfffucdljedtmdenucfjughrpeffhffvvefukfhfgggtuggjsehgtderredttddv necuhfhrohhmpefoihgthhgrvghlucfrrghquhhivghruceomhhitghhrggvlhesphgrqh huihgvrhdrgiihiieqnecuggftrfgrthhtvghrnhepteelieefudffhffhtdetleeggeeg fffhkeeuveetiefgudduvedutefggeeivdejnecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomhepmhhitghhrggvlhesphgrqhhuihgvrhdrgiihiidp nhgspghrtghpthhtohepjedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepuggrvh hiugesphhgsggrtghkrhgvshhtrdhorhhgpdhrtghpthhtohepthhrihhsthgrnhdrhihi mhesghhmrghilhdrtghomhdprhgtphhtthhopehpghhsqhhlqdhhrggtkhgvrhhssehpoh hsthhgrhgvshhqlhdrohhrghdprhgtphhtthhopehhlhhinhhnrghkrgesihhkihdrfhhi pdhrtghpthhtoheprhhosggvrhhtmhhhrggrshesghhmrghilhdrtghomhdprhgtphhtth hopegrnhgurhgvshesrghnrghrrgiivghlrdguvgdprhgtphhtthhopehmrghsrghordhf uhhjihhisehgmhgrihhlrdgtohhm X-ME-Proxy: Feedback-ID: i0fe9450f:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 18 Mar 2026 00:53:55 -0400 (EDT) Date: Wed, 18 Mar 2026 13:53:51 +0900 From: Michael Paquier To: David Steele Cc: Haibo Yan , Pg Hackers , Heikki Linnakangas , Robert Haas , Andres Freund , Fujii Masao Subject: Re: Return pg_control from pg_backup_stop(). Message-ID: References: <8b8aa673-fcef-4e14-a05d-0885283ef1b8@pgbackrest.org> <17DC1346-0CDE-4E39-B110-3D6FB0797AC6@gmail.com> <7F7B289B-F94F-42C2-9E54-6A689C0D64BB@gmail.com> <1800c83c-264a-4183-9da5-ac78e25849a8@pgbackrest.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="8V4C4ROzhKllyeSn" Content-Disposition: inline In-Reply-To: <1800c83c-264a-4183-9da5-ac78e25849a8@pgbackrest.org> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --8V4C4ROzhKllyeSn Content-Type: multipart/mixed; boundary="wCHQKHAnDpDjn8nr" Content-Disposition: inline --wCHQKHAnDpDjn8nr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 18, 2026 at 04:05:24AM +0000, David Steele wrote: > On 3/18/26 08:43, Michael Paquier wrote: >> I was wondering if we should have an assertion at least to cross-check >> that the contents we store in shared memory never go out-of-sync with >> the on-disk contents, in the shape of a USE_ASSERT_CHECKING block that >> calls get_controlfile() and memcmp()'s the contents between shmem and >> the on-disk file, while the LWLock is taken. We ship the control file >> last on purpose, one reason being backups taken from standbys, so that >> may be sensible to do. >=20 > As far as I can see this should always be true -- I audited all the >=20 > LWLockAcquire(ControlFileLock, LW_EXCLUSIVE) >=20 > sections and the file is always saved once if is updated. Let me see if I > can add this check without too much pain, e.g. an additional parameter. This matches with my reads of the code. The attached check, that can be applied on top of your patches, passes under check-world. >> Another property of the new control file flag that is implied in the >> implementation but not documented is that we should never check for >> backupLabelRequired when a backup_label is gone. >=20 > I'm not sure what you mean here? That's exactly when we do want to check = as > below: Sorry for the confusion, I meant that "we should never check for backupLabelRequired when we have a backup_label". > Using the pg_control copy from pg_backup_stop() is entirely optional and > nothing is broken if vendors decide not to use it. This can be demonstrat= ed > by applying the 01 patch without 02. In that case the tests in > 042_low_level_backup continue to run. You can also apply 01 and 02 and > revert the test changes in 042_low_level_backup and that works, too. FWIW, after a second look I am actually wondering if 0002 is safe at all. The contents of the control file are fetched after we are done with do_pg_backup_stop(), and there could be a bunch of activity that happens between the end of do_pg_backup_stop() and the backup_control_file() call, where the control file could be updated more and interfere with the recovery startup for some of its fields? GUC parameter updates that may touch the control file are one thing popping into mind. -- Michael --wCHQKHAnDpDjn8nr Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=0001-Add-consistency-check-for-shmem-and-on-disk-control-.patch Content-Transfer-Encoding: quoted-printable =46rom de5b9b00867e39e73dc99a1ee61a814cead1ab7d Mon Sep 17 00:00:00 2001 =46rom: Michael Paquier Date: Wed, 18 Mar 2026 13:44:01 +0900 Subject: [PATCH] Add consistency check for shmem and on-disk control file --- src/backend/access/transam/xlog.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam= /xlog.c index c8ea1ea49d24..0f8516fcb563 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -9606,6 +9606,17 @@ backup_control_file(uint8_t *controlFile) =20 LWLockAcquire(ControlFileLock, LW_SHARED); memcpy(controlFile, ControlFile, sizeof(ControlFileData)); + +#ifdef USE_ASSERT_CHECKING + { + bool crc_ok; + ControlFileData *dataDisk =3D get_controlfile(DataDir, &crc_ok); + + Assert(crc_ok && + memcmp(dataDisk, ControlFile, sizeof(ControlFileData)) =3D=3D 0); + } +#endif + LWLockRelease(ControlFileLock); =20 controlData->backupLabelRequired =3D true; --=20 2.53.0 --wCHQKHAnDpDjn8nr-- --8V4C4ROzhKllyeSn Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEG72nH6vTowiyblFKnvQgOdbyQH0FAmm6L98ACgkQnvQgOdby QH2/rA/5AWNGGXbgqfq1qK16GrHHkQ7H1CwFvHNvH8QTjed2q8mXZ6eNxuSVCsEV 6DchchNjT8KNAcapcUIibPl/KWTFxTLIImkoB8GDbtDZo7QgYDYcnaqhscva4eJP +vQ3E0s0RWGo+tbZawWdP8DGnn3B/2oRmvH+HvmNyIRT+YJ3l857fAZrOFHBPT9r vNZGzcpN9WWcSI9c14PowZBrlX7QGZvZ5lGb34iOjfySJPPGi1lri9pznuRHjV9f Y/drLQ6OojdBZz07RJrO3purCZK0xZyGTZNMEmoM8i8Rx4DbCoSEfAiEzCFUdkv3 S+KzXUvLyj8XU0StXMBrB3p8QiG5Vr6oZc3QgNVPo8i62HwrbX/yOCZcTbK7Aqsh ONNmdMA0yn9bfd4OvcQofEr/XGkM2sFiPrFygfxIqzcftC7Oa/cS7Ivtdlw7+H+1 ati3Uy+rx3McO7kUA6OBtyF611Rx6/xE7HQ+nJGbtu9LfNN3zV+dsKu3jrZyNAP4 mZyXIm4xaBdr8bMMA2L7FFZzUNIMb0nrBkZfosWGMkusShepu+l5n9mI3NF2DOpf 11mLlP37WN8w0OivoDgWWNrCTtnZ0KHnPPPHwU7D0GvMgeWQAKEGM9Om89odi8Uk Y+eaKU/WU89Lra2D5bAKPbObDwZIQElVVQTEehTBD0zWR2YGFjg= =2mr4 -----END PGP SIGNATURE----- --8V4C4ROzhKllyeSn--