On Sat, Oct 13, 2018 at 05:53:00PM -0400, Andrew Dunstan wrote: > It occurred to me that a pretty simple fix could just be to blacklist > everything that didn't start with a digit. The whitelist approach is > probably preferable... depends how urgent we see this as.
Yeah, possibly, still that's not a correct long-term fix. So attached is what I think we should do for HEAD and REL_11_STABLE with an approach using a whitelist. I have added positive and negative tests on top of the existing TAP tests, as suggested by Michael B, and I made the code use relpath.h to make sure that we don't miss any fork types. Any objections to this patch? -- Michael
diff --git a/src/bin/pg_verify_checksums/pg_verify_checksums.c b/src/bin/pg_verify_checksums/pg_verify_checksums.c
index 1bc020ab6c..7fb9d656fa 100644
--- a/src/bin/pg_verify_checksums/pg_verify_checksums.c
+++ b/src/bin/pg_verify_checksums/pg_verify_checksums.c
@@ -15,6 +15,7 @@
#include "catalog/pg_control.h"
#include "common/controldata_utils.h"
+#include "common/relpath.h"
#include "getopt_long.h"
#include "pg_getopt.h"
#include "storage/bufpage.h"
@@ -49,26 +50,66 @@ usage(void)
printf(_("Report bugs to <[email protected]>.\n"));
}
-static const char *const skip[] = {
- "pg_control",
- "pg_filenode.map",
- "pg_internal.init",
- "PG_VERSION",
- NULL,
-};
-
static bool
skipfile(const char *fn)
{
- const char *const *f;
+ int pos;
+ int savepos;
if (strcmp(fn, ".") == 0 ||
strcmp(fn, "..") == 0)
return true;
- for (f = skip; *f; f++)
- if (strcmp(*f, fn) == 0)
+ /*----------
+ * Only files including data checksums are authorized for scanning. This
+ * is guessed based on the file name, by reverse-engineering
+ * GetRelationPath so make sure to update both code paths if any updates
+ * are done. The following file names are allowed:
+ * <digits>
+ * <digits>.<segment>
+ * <digits>_<forkname>
+ * <digits>_<forkname>.<segment>
+ *
+ * Note that temporary files, beginning with 't', are also skipped.
+ *
+ *----------
+ */
+
+ /* A non-empty string of digits should follow */
+ for (pos = 0; isdigit((unsigned char) fn[pos]); ++pos)
+ ;
+ /* good to go if only digits */
+ if (fn[pos] == '\0')
+ return false;
+ /* leave if no digits */
+ if (pos == 0)
+ return true;
+
+ /* Authorized fork files can be scanned */
+ if (fn[pos] == '_')
+ {
+ int forkchar = forkname_chars(&fn[pos + 1], NULL);
+
+ if (forkchar <= 0)
return true;
+
+ pos += forkchar + 1;
+ }
+
+ /* Check for an optional segment number */
+ if (fn[pos] == '.')
+ {
+ savepos = pos + 1; /* count dot */
+ /* This should use only digits */
+ for (pos = savepos; isdigit((unsigned char) fn[pos]); ++pos)
+ ;
+ if (fn[pos] != '\0')
+ return true;
+ }
+
+ /* Now this should be the end */
+ if (fn[pos] != '\0')
+ return true;
return false;
}
diff --git a/src/bin/pg_verify_checksums/t/002_actions.pl b/src/bin/pg_verify_checksums/t/002_actions.pl
index dc29da09af..33408ced89 100644
--- a/src/bin/pg_verify_checksums/t/002_actions.pl
+++ b/src/bin/pg_verify_checksums/t/002_actions.pl
@@ -5,7 +5,7 @@ use strict;
use warnings;
use PostgresNode;
use TestLib;
-use Test::More tests => 12;
+use Test::More tests => 36;
# Initialize node with checksums enabled.
my $node = get_new_node('node_checksum');
@@ -17,6 +17,28 @@ command_like(['pg_controldata', $pgdata],
qr/Data page checksum version:.*1/,
'checksums enabled in control file');
+# Add set of dummy files with some contents. These should not be scanned
+# by the tool.
+append_to_file "$pgdata/global/123.12t", "foo";
+append_to_file "$pgdata/global/foo", "foo2";
+append_to_file "$pgdata/global/t123", "bar";
+append_to_file "$pgdata/global/123a", "bar2";
+append_to_file "$pgdata/global/.123", "foobar";
+append_to_file "$pgdata/global/_fsm", "foobar2";
+append_to_file "$pgdata/global/_init", "foobar3";
+append_to_file "$pgdata/global/_vm.123", "foohoge";
+append_to_file "$pgdata/global/123_vm.123t", "foohoge2";
+
+# Those are correct but empty files, so they should pass through.
+append_to_file "$pgdata/global/99999", "";
+append_to_file "$pgdata/global/99999.123", "";
+append_to_file "$pgdata/global/99999_fsm", "";
+append_to_file "$pgdata/global/99999_init", "";
+append_to_file "$pgdata/global/99999_vm", "";
+append_to_file "$pgdata/global/99999_init.123", "";
+append_to_file "$pgdata/global/99999_fsm.123", "";
+append_to_file "$pgdata/global/99999_vm.123", "";
+
# Checksums pass on a newly-created cluster
command_ok(['pg_verify_checksums', '-D', $pgdata],
"succeeds with offline cluster");
@@ -67,3 +89,30 @@ $node->command_checks_all([ 'pg_verify_checksums', '-D', $pgdata, '-r',
[qr/Bad checksums:.*1/],
[qr/checksum verification failed/],
'fails for corrupted data on single relfilenode');
+
+# Utility routine to check that pg_verify_checksums is correctly
+# able to detect correctly-shaped relation files with some data.
+sub fail_corrupt
+{
+ my $node = shift;
+ my $file = shift;
+ my $pgdata = $node->data_dir;
+
+ # Create the file with some data in it.
+ append_to_file "$pgdata/global/$file", "foo";
+
+ $node->command_checks_all([ 'pg_verify_checksums', '-D', $pgdata],
+ 1,
+ [qr/^$/],
+ [qr/could not read block/],
+ "fails for corrupted data in $file");
+}
+
+fail_corrupt($node, "99999");
+fail_corrupt($node, "99999.123");
+fail_corrupt($node, "99999_fsm");
+fail_corrupt($node, "99999_init");
+fail_corrupt($node, "99999_vm");
+fail_corrupt($node, "99999_init.123");
+fail_corrupt($node, "99999_fsm.123");
+fail_corrupt($node, "99999_vm.123");
signature.asc
Description: PGP signature
