On 09/01/2026 19:58, Andrey Borodin wrote:
On 6 Jan 2026, at 16:53, Heikki Linnakangas <[email protected]> wrote:
For all branches, I propose
v1-0002-Add-check-for-invalid-offset-at-multixid-truncati.patch to add a check
for oldestOffset == 0. That fixes the potential for catastrophic truncation
with invalid offset 0.
Multixid that is used in heap is WAL-logged. WAL-logged multixact has non-zero
offset.
So in non-corrupted database such as condition is impossible.
However, I observed several incidents when AI recommended pg_resetwal to users.
Proposed safeguard might be useful to prevent sprawling corruption in database.
+1
On 6 Jan 2026, at 16:53, Heikki Linnakangas <[email protected]> wrote:
But for 'master', I propose the attached
v1-0001-Remove-some-unnecessary-code-from-multixact-trunc.patch.
The patch simplifies the code while maintaining correctness.
The only issue I can think of is that clog, commit_ts and async are still using
approach based on SlruScanDirectory().
Clog, commit_ts and async actually all use SimpleLruTruncate for the
truncation. Which in turn uses SlruScanDirectory().
There is one subtle difference between clog and commit_ts, and
multixact. Before truncation, clog and commit_ts use
SlruScanDirCbReportPresence to check if there are any files to remove,
and only perform the truncation if there are. Multixact doesn't do that
check, so it will write a truncation WAL record, even if there are no
files to remove, while clog/commit_ts will not. That's OK, and isn't new
with this patch anyway.
Pushed, thanks for the review!
- Heikki
