While working on the pytest stuff, I found this issue when making it
work on Windows, but the issue can exist everywhere. pg_mkdir_p can fail
if there is a concurrent directory creation. This patch makes it
tolerant of concurrent directory creation. To make it more robust it
stops using stat() on Windows and instead uses GetFileAttributes().
I think this makes the function actually meet the contract set out in
the file's header comment:
* pg_mkdir_p --- create a directory and, if necessary, parent directories
*
* This is equivalent to "mkdir -p" except we don't complain if the target
* directory already exists.
Thanks to Bryan Green for help with the Windows part.
There might be a few call sites that actually work around this bug that
we can clean up.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
From 55de4a69c6fcfbe72c5801acd67a78bae6d89e96 Mon Sep 17 00:00:00 2001
From: Andrew Dunstan <[email protected]>
Date: Thu, 18 Jun 2026 08:49:57 -0400
Subject: [PATCH] Make pg_mkdir_p tolerant of a concurrent directory creation
pg_mkdir_p creates each missing path component with a stat() followed
by mkdir(). If the stat() reports the component as absent but another
process creates it in the window before this process's mkdir(), mkdir()
fails with EEXIST and pg_mkdir_p treated that as a hard error -- unlike
"mkdir -p", which is meant to be idempotent and race-tolerant.
This shows up when several processes concurrently create paths that
share an ancestor directory: for example, parallel initdb runs whose
data directories live under a common temporary directory. One process
wins the race to create the shared ancestor and the others fail with
could not create directory "...": File exists
On Windows, stat() opens a file handle and participates in share-mode
locking, which means it can transiently fail on a directory another
process is concurrently creating. Use GetFileAttributes() instead: it
requests only FILE_READ_ATTRIBUTES and is exempt from share-mode
denial, so it reliably sees a concurrently-created directory. Use the
same probe for the post-mkdir() fallback check.
On other platforms, after a failing mkdir() with EEXIST, the error is
genuine only if the path is still not a directory.
---
src/port/pgmkdirp.c | 52 +++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 50 insertions(+), 2 deletions(-)
diff --git a/src/port/pgmkdirp.c b/src/port/pgmkdirp.c
index 7d7cea4dd0e..2ce9186f11f 100644
--- a/src/port/pgmkdirp.c
+++ b/src/port/pgmkdirp.c
@@ -56,7 +56,9 @@
int
pg_mkdir_p(char *path, int omode)
{
+#ifndef WIN32
struct stat sb;
+#endif
mode_t numask,
oumask;
int last,
@@ -119,6 +121,42 @@ pg_mkdir_p(char *path, int omode)
if (last)
(void) umask(oumask);
+#ifdef WIN32
+ {
+ /*
+ * On Windows, stat() opens a handle and can transiently fail on a
+ * directory another process is concurrently creating. Probe with
+ * a path-based attribute query instead: it requests only
+ * FILE_READ_ATTRIBUTES and is exempt from share-mode denial, so it
+ * reliably sees a concurrently-created directory.
+ */
+ DWORD attr = GetFileAttributes(path);
+
+ if (attr != INVALID_FILE_ATTRIBUTES)
+ {
+ /* pre-existing entry */
+ if (!(attr & FILE_ATTRIBUTE_DIRECTORY))
+ {
+ errno = last ? EEXIST : ENOTDIR;
+ retval = -1;
+ break;
+ }
+ /* already a directory: nothing to do, fall through */
+ }
+ else if (mkdir(path, last ? omode : S_IRWXU | S_IRWXG | S_IRWXO) < 0)
+ {
+ /* tolerate a concurrent creation; re-probe the same way */
+ attr = GetFileAttributes(path);
+ if (errno != EEXIST ||
+ attr == INVALID_FILE_ATTRIBUTES ||
+ !(attr & FILE_ATTRIBUTE_DIRECTORY))
+ {
+ retval = -1;
+ break;
+ }
+ }
+ }
+#else
/* check for pre-existing directory */
if (stat(path, &sb) == 0)
{
@@ -134,9 +172,19 @@ pg_mkdir_p(char *path, int omode)
}
else if (mkdir(path, last ? omode : S_IRWXU | S_IRWXG | S_IRWXO) < 0)
{
- retval = -1;
- break;
+ /*
+ * Tolerate a concurrent creation: another process may have
+ * created the directory in the window between the stat() above
+ * and this mkdir(). Only treat it as an error if the path still
+ * is not a directory.
+ */
+ if (errno != EEXIST || stat(path, &sb) != 0 || !S_ISDIR(sb.st_mode))
+ {
+ retval = -1;
+ break;
+ }
}
+#endif
if (!last)
*p = '/';
}
--
2.43.0
