Must not reach consistency before XLOG_BACKUP_RECORD

When waiting for an XLOG_BACKUP_RECORD the minRecoveryPoint
will be incorrect, so we must not declare recovery as consistent
before we have seen the record. Major bug allowing recovery to end
too early in some cases, allowing people to see inconsistent db.
This patch to HEAD and 9.2, other fix required for 9.1 and 9.0

Simon Riggs and Andres Freund, bug report by Jeff Janes

diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c
index 5a97edf50fcb727e84d276bf2320ee0e2d0f7de5..90069196f5c506865a5f973da5165bdcd38d2d48 100644 (file)
--- a/src/backend/access/transam/xlog.c
+++ b/src/backend/access/transam/xlog.c
@@ -6332,9 +6332,12 @@ CheckRecoveryConsistency(void)
                return;
 
        /*
-        * Have we passed our safe starting point?
+        * Have we passed our safe starting point? Note that minRecoveryPoint
+        * is known to be incorrectly set if ControlFile->backupEndRequired,
+        * until the XLOG_BACKUP_RECORD arrives to advise us of the correct
+        * minRecoveryPoint. All we prior to that is its not consistent yet.
         */
-       if (!reachedConsistency &&
+       if (!reachedConsistency && !ControlFile->backupEndRequired &&
                XLByteLE(minRecoveryPoint, EndRecPtr) &&
                XLogRecPtrIsInvalid(ControlFile->backupStartPoint))
        {