Change client-side fsync_fname() to report errors fatally

Given all we have learned about fsync() error handling in the last few
years, reporting an fsync() error non-fatally is not useful,
unless you don't care much about the file, in which case you probably
don't need to use fsync() in the first place.

Change fsync_fname() and durable_rename() to exit(1) on fsync() errors
other than those that we specifically chose to ignore.

This affects initdb, pg_basebackup, pg_checksums, pg_dump, pg_dumpall,
and pg_rewind.

Reviewed-by: Michael Paquier 
Discussion: https://www.postgresql.org/message-id/flat/d239d1bd-aef0-ca7c-dc0a-da14bdcf0392%402ndquadrant.com

diff --git a/src/common/file_utils.c b/src/common/file_utils.c
index 413fe4eeb16951a898375f2da739f0fa75b044ae..7584c1f2fb4eed17a9dce2b45b200f2621a957b8 100644 (file)
--- a/src/common/file_utils.c
+++ b/src/common/file_utils.c
@@ -51,8 +51,6 @@ static void walkdir(const char *path,
  * fsyncing, and might not have privileges to write at all.
  *
  * serverVersion indicates the version of the server to be fsync'd.
- *
- * Errors are reported but not considered fatal.
  */
 void
 fsync_pgdata(const char *pg_data,
@@ -250,8 +248,8 @@ pre_sync_fname(const char *fname, bool isdir)
  * fsync_fname -- Try to fsync a file or directory
  *
  * Ignores errors trying to open unreadable files, or trying to fsync
- * directories on systems where that isn't allowed/required.  Reports
- * other errors non-fatally.
+ * directories on systems where that isn't allowed/required.  All other errors
+ * are fatal.
  */
 int
 fsync_fname(const char *fname, bool isdir)
@@ -294,9 +292,9 @@ fsync_fname(const char *fname, bool isdir)
     */
    if (returncode != 0 && !(isdir && (errno == EBADF || errno == EINVAL)))
    {
-       pg_log_error("could not fsync file \"%s\": %m", fname);
+       pg_log_fatal("could not fsync file \"%s\": %m", fname);
        (void) close(fd);
-       return -1;
+       exit(EXIT_FAILURE);
    }
 
    (void) close(fd);
@@ -364,9 +362,9 @@ durable_rename(const char *oldfile, const char *newfile)
    {
        if (fsync(fd) != 0)
        {
-           pg_log_error("could not fsync file \"%s\": %m", newfile);
+           pg_log_fatal("could not fsync file \"%s\": %m", newfile);
            close(fd);
-           return -1;
+           exit(EXIT_FAILURE);
        }
        close(fd);
    }