pgsql: Protect against SnapshotNow race conditions in pg_tablespace sca

Protect against SnapshotNow race conditions in pg_tablespace scans.

Use of SnapshotNow is known to expose us to race conditions if the tuple(s)
being sought could be updated by concurrently-committing transactions.
CREATE DATABASE and DROP DATABASE are particularly exposed because they do
heavyweight filesystem operations during their scans of pg_tablespace,
so that the scans run for a very long time compared to most. Furthermore,
the potential consequences of a missed or twice-visited row are nastier
than average:

* createdb() could fail with a bogus "file already exists" error, or
silently fail to copy one or more tablespace's worth of files into the
new database.

* remove_dbtablespaces() could miss one or more tablespaces, thus failing
to free filesystem space for the dropped database.

* check_db_file_conflict() could likewise miss a tablespace, leading to an
OID conflict that could result in data loss either immediately or in
future operations. (This seems of very low probability, though, since a
duplicate database OID would be unlikely to start with.)

Hence, it seems worth fixing these three places to use MVCC snapshots, even
though this will someday be superseded by a generic solution to SnapshotNow
race conditions.

Back-patch to all active branches.

Stephen Frost and Tom Lane

Branch
------
REL8_4_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/4d08f56deeb27a9a10072cfc976db0204d1c9684

Modified Files
--------------
src/backend/commands/dbcommands.c | 57 +++++++++++++++++++++++++++++++++++--
1 files changed, 54 insertions(+), 3 deletions(-)