freespace: Don't modify page without any lock

Before this commit fsm_vacuum_page() modified the page without any lock on the
page. Historically that was kind of ok, as we didn't rely on the freespace to
really stay consistent and we did not have checksums. But these days pages are
checksummed and there are ways for FSM pages to be included in WAL records,
even if the FSM itself is still not WAL logged. If a FSM page ever were
modified while a WAL record referenced that page, we'd be in trouble, as the
WAL CRC could end up getting corrupted.

The reason to address this right now is a series of patches with the goal to
only allow modifications of pages with an appropriate lock level. Obviously
not having any lock is not appropriate :)

Reviewed-by: Kirill Reshke <reshkekirill@gmail.com>
Discussion: https://postgr.es/m/4wggb7purufpto6x35fd2kwhasehnzfdy3zdcu47qryubs2hdz@fa5kannykekr
Discussion: https://postgr.es/m/e6a8f734-2198-4958-a028-aba863d4a204@iki.fi

diff --git a/src/backend/storage/freespace/freespace.c b/src/backend/storage/freespace/freespace.c
index 19cf4155263fba8cacedb83e5623ac96c8f622e4..ad337c0087182cfab383547818f5e7d4049396b2 100644 (file)
--- a/src/backend/storage/freespace/freespace.c
+++ b/src/backend/storage/freespace/freespace.c
@@ -906,10 +906,12 @@ fsm_vacuum_page(Relation rel, FSMAddress addr,
    /*
     * Reset the next slot pointer. This encourages the use of low-numbered
     * pages, increasing the chances that a later vacuum can truncate the
-    * relation.  We don't bother with a lock here, nor with marking the page
-    * dirty if it wasn't already, since this is just a hint.
+    * relation. We don't bother with marking the page dirty if it wasn't
+    * already, since this is just a hint.
     */
+   LockBuffer(buf, BUFFER_LOCK_SHARE);
    ((FSMPage) PageGetContents(page))->fp_next_slot = 0;
+   LockBuffer(buf, BUFFER_LOCK_UNLOCK);
 
    ReleaseBuffer(buf);