Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * xlogreader.c
4 : * Generic XLog reading facility
5 : *
6 : * Portions Copyright (c) 2013-2025, PostgreSQL Global Development Group
7 : *
8 : * IDENTIFICATION
9 : * src/backend/access/transam/xlogreader.c
10 : *
11 : * NOTES
12 : * See xlogreader.h for more notes on this facility.
13 : *
14 : * This file is compiled as both front-end and backend code, so it
15 : * may not use ereport, server-defined static variables, etc.
16 : *-------------------------------------------------------------------------
17 : */
18 : #include "postgres.h"
19 :
20 : #include <unistd.h>
21 : #ifdef USE_LZ4
22 : #include <lz4.h>
23 : #endif
24 : #ifdef USE_ZSTD
25 : #include <zstd.h>
26 : #endif
27 :
28 : #include "access/transam.h"
29 : #include "access/xlog_internal.h"
30 : #include "access/xlogreader.h"
31 : #include "access/xlogrecord.h"
32 : #include "catalog/pg_control.h"
33 : #include "common/pg_lzcompress.h"
34 : #include "replication/origin.h"
35 :
36 : #ifndef FRONTEND
37 : #include "pgstat.h"
38 : #include "storage/bufmgr.h"
39 : #else
40 : #include "common/logging.h"
41 : #endif
42 :
43 : static void report_invalid_record(XLogReaderState *state, const char *fmt,...)
44 : pg_attribute_printf(2, 3);
45 : static void allocate_recordbuf(XLogReaderState *state, uint32 reclength);
46 : static int ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr,
47 : int reqLen);
48 : static void XLogReaderInvalReadState(XLogReaderState *state);
49 : static XLogPageReadResult XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking);
50 : static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
51 : XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess);
52 : static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record,
53 : XLogRecPtr recptr);
54 : static void ResetDecoder(XLogReaderState *state);
55 : static void WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
56 : int segsize, const char *waldir);
57 :
58 : /* size of the buffer allocated for error message. */
59 : #define MAX_ERRORMSG_LEN 1000
60 :
61 : /*
62 : * Default size; large enough that typical users of XLogReader won't often need
63 : * to use the 'oversized' memory allocation code path.
64 : */
65 : #define DEFAULT_DECODE_BUFFER_SIZE (64 * 1024)
66 :
67 : /*
68 : * Construct a string in state->errormsg_buf explaining what's wrong with
69 : * the current record being read.
70 : */
71 : static void
72 450 : report_invalid_record(XLogReaderState *state, const char *fmt,...)
73 : {
74 : va_list args;
75 :
76 450 : fmt = _(fmt);
77 :
78 450 : va_start(args, fmt);
79 450 : vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
80 450 : va_end(args);
81 :
82 450 : state->errormsg_deferred = true;
83 450 : }
84 :
85 : /*
86 : * Set the size of the decoding buffer. A pointer to a caller supplied memory
87 : * region may also be passed in, in which case non-oversized records will be
88 : * decoded there.
89 : */
90 : void
91 1668 : XLogReaderSetDecodeBuffer(XLogReaderState *state, void *buffer, size_t size)
92 : {
93 : Assert(state->decode_buffer == NULL);
94 :
95 1668 : state->decode_buffer = buffer;
96 1668 : state->decode_buffer_size = size;
97 1668 : state->decode_buffer_tail = buffer;
98 1668 : state->decode_buffer_head = buffer;
99 1668 : }
100 :
101 : /*
102 : * Allocate and initialize a new XLogReader.
103 : *
104 : * Returns NULL if the xlogreader couldn't be allocated.
105 : */
106 : XLogReaderState *
107 5140 : XLogReaderAllocate(int wal_segment_size, const char *waldir,
108 : XLogReaderRoutine *routine, void *private_data)
109 : {
110 : XLogReaderState *state;
111 :
112 : state = (XLogReaderState *)
113 5140 : palloc_extended(sizeof(XLogReaderState),
114 : MCXT_ALLOC_NO_OOM | MCXT_ALLOC_ZERO);
115 5140 : if (!state)
116 0 : return NULL;
117 :
118 : /* initialize caller-provided support functions */
119 5140 : state->routine = *routine;
120 :
121 : /*
122 : * Permanently allocate readBuf. We do it this way, rather than just
123 : * making a static array, for two reasons: (1) no need to waste the
124 : * storage in most instantiations of the backend; (2) a static char array
125 : * isn't guaranteed to have any particular alignment, whereas
126 : * palloc_extended() will provide MAXALIGN'd storage.
127 : */
128 5140 : state->readBuf = (char *) palloc_extended(XLOG_BLCKSZ,
129 : MCXT_ALLOC_NO_OOM);
130 5140 : if (!state->readBuf)
131 : {
132 0 : pfree(state);
133 0 : return NULL;
134 : }
135 :
136 : /* Initialize segment info. */
137 5140 : WALOpenSegmentInit(&state->seg, &state->segcxt, wal_segment_size,
138 : waldir);
139 :
140 : /* system_identifier initialized to zeroes above */
141 5140 : state->private_data = private_data;
142 : /* ReadRecPtr, EndRecPtr and readLen initialized to zeroes above */
143 5140 : state->errormsg_buf = palloc_extended(MAX_ERRORMSG_LEN + 1,
144 : MCXT_ALLOC_NO_OOM);
145 5140 : if (!state->errormsg_buf)
146 : {
147 0 : pfree(state->readBuf);
148 0 : pfree(state);
149 0 : return NULL;
150 : }
151 5140 : state->errormsg_buf[0] = '\0';
152 :
153 : /*
154 : * Allocate an initial readRecordBuf of minimal size, which can later be
155 : * enlarged if necessary.
156 : */
157 5140 : allocate_recordbuf(state, 0);
158 5140 : return state;
159 : }
160 :
161 : void
162 4166 : XLogReaderFree(XLogReaderState *state)
163 : {
164 4166 : if (state->seg.ws_file != -1)
165 2552 : state->routine.segment_close(state);
166 :
167 4166 : if (state->decode_buffer && state->free_decode_buffer)
168 4114 : pfree(state->decode_buffer);
169 :
170 4166 : pfree(state->errormsg_buf);
171 4166 : if (state->readRecordBuf)
172 4166 : pfree(state->readRecordBuf);
173 4166 : pfree(state->readBuf);
174 4166 : pfree(state);
175 4166 : }
176 :
177 : /*
178 : * Allocate readRecordBuf to fit a record of at least the given length.
179 : *
180 : * readRecordBufSize is set to the new buffer size.
181 : *
182 : * To avoid useless small increases, round its size to a multiple of
183 : * XLOG_BLCKSZ, and make sure it's at least 5*Max(BLCKSZ, XLOG_BLCKSZ) to start
184 : * with. (That is enough for all "normal" records, but very large commit or
185 : * abort records might need more space.)
186 : *
187 : * Note: This routine should *never* be called for xl_tot_len until the header
188 : * of the record has been fully validated.
189 : */
190 : static void
191 5190 : allocate_recordbuf(XLogReaderState *state, uint32 reclength)
192 : {
193 5190 : uint32 newSize = reclength;
194 :
195 5190 : newSize += XLOG_BLCKSZ - (newSize % XLOG_BLCKSZ);
196 5190 : newSize = Max(newSize, 5 * Max(BLCKSZ, XLOG_BLCKSZ));
197 :
198 5190 : if (state->readRecordBuf)
199 50 : pfree(state->readRecordBuf);
200 5190 : state->readRecordBuf = (char *) palloc(newSize);
201 5190 : state->readRecordBufSize = newSize;
202 5190 : }
203 :
204 : /*
205 : * Initialize the passed segment structs.
206 : */
207 : static void
208 5140 : WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
209 : int segsize, const char *waldir)
210 : {
211 5140 : seg->ws_file = -1;
212 5140 : seg->ws_segno = 0;
213 5140 : seg->ws_tli = 0;
214 :
215 5140 : segcxt->ws_segsize = segsize;
216 5140 : if (waldir)
217 0 : snprintf(segcxt->ws_dir, MAXPGPATH, "%s", waldir);
218 5140 : }
219 :
220 : /*
221 : * Begin reading WAL at 'RecPtr'.
222 : *
223 : * 'RecPtr' should point to the beginning of a valid WAL record. Pointing at
224 : * the beginning of a page is also OK, if there is a new record right after
225 : * the page header, i.e. not a continuation.
226 : *
227 : * This does not make any attempt to read the WAL yet, and hence cannot fail.
228 : * If the starting address is not correct, the first call to XLogReadRecord()
229 : * will error out.
230 : */
231 : void
232 6566 : XLogBeginRead(XLogReaderState *state, XLogRecPtr RecPtr)
233 : {
234 : Assert(!XLogRecPtrIsInvalid(RecPtr));
235 :
236 6566 : ResetDecoder(state);
237 :
238 : /* Begin at the passed-in record pointer. */
239 6566 : state->EndRecPtr = RecPtr;
240 6566 : state->NextRecPtr = RecPtr;
241 6566 : state->ReadRecPtr = InvalidXLogRecPtr;
242 6566 : state->DecodeRecPtr = InvalidXLogRecPtr;
243 6566 : }
244 :
245 : /*
246 : * Release the last record that was returned by XLogNextRecord(), if any, to
247 : * free up space. Returns the LSN past the end of the record.
248 : */
249 : XLogRecPtr
250 20273594 : XLogReleasePreviousRecord(XLogReaderState *state)
251 : {
252 : DecodedXLogRecord *record;
253 : XLogRecPtr next_lsn;
254 :
255 20273594 : if (!state->record)
256 10143348 : return InvalidXLogRecPtr;
257 :
258 : /*
259 : * Remove it from the decoded record queue. It must be the oldest item
260 : * decoded, decode_queue_head.
261 : */
262 10130246 : record = state->record;
263 10130246 : next_lsn = record->next_lsn;
264 : Assert(record == state->decode_queue_head);
265 10130246 : state->record = NULL;
266 10130246 : state->decode_queue_head = record->next;
267 :
268 : /* It might also be the newest item decoded, decode_queue_tail. */
269 10130246 : if (state->decode_queue_tail == record)
270 4788590 : state->decode_queue_tail = NULL;
271 :
272 : /* Release the space. */
273 10130246 : if (unlikely(record->oversized))
274 : {
275 : /* It's not in the decode buffer, so free it to release space. */
276 84 : pfree(record);
277 : }
278 : else
279 : {
280 : /* It must be the head (oldest) record in the decode buffer. */
281 : Assert(state->decode_buffer_head == (char *) record);
282 :
283 : /*
284 : * We need to update head to point to the next record that is in the
285 : * decode buffer, if any, being careful to skip oversized ones
286 : * (they're not in the decode buffer).
287 : */
288 10130162 : record = record->next;
289 10130162 : while (unlikely(record && record->oversized))
290 0 : record = record->next;
291 :
292 10130162 : if (record)
293 : {
294 : /* Adjust head to release space up to the next record. */
295 5341656 : state->decode_buffer_head = (char *) record;
296 : }
297 : else
298 : {
299 : /*
300 : * Otherwise we might as well just reset head and tail to the
301 : * start of the buffer space, because we're empty. This means
302 : * we'll keep overwriting the same piece of memory if we're not
303 : * doing any prefetching.
304 : */
305 4788506 : state->decode_buffer_head = state->decode_buffer;
306 4788506 : state->decode_buffer_tail = state->decode_buffer;
307 : }
308 : }
309 :
310 10130246 : return next_lsn;
311 : }
312 :
313 : /*
314 : * Attempt to read an XLOG record.
315 : *
316 : * XLogBeginRead() or XLogFindNextRecord() and then XLogReadAhead() must be
317 : * called before the first call to XLogNextRecord(). This functions returns
318 : * records and errors that were put into an internal queue by XLogReadAhead().
319 : *
320 : * On success, a record is returned.
321 : *
322 : * The returned record (or *errormsg) points to an internal buffer that's
323 : * valid until the next call to XLogNextRecord.
324 : */
325 : DecodedXLogRecord *
326 10136582 : XLogNextRecord(XLogReaderState *state, char **errormsg)
327 : {
328 : /* Release the last record returned by XLogNextRecord(). */
329 10136582 : XLogReleasePreviousRecord(state);
330 :
331 10136582 : if (state->decode_queue_head == NULL)
332 : {
333 864 : *errormsg = NULL;
334 864 : if (state->errormsg_deferred)
335 : {
336 450 : if (state->errormsg_buf[0] != '\0')
337 444 : *errormsg = state->errormsg_buf;
338 450 : state->errormsg_deferred = false;
339 : }
340 :
341 : /*
342 : * state->EndRecPtr is expected to have been set by the last call to
343 : * XLogBeginRead() or XLogNextRecord(), and is the location of the
344 : * error.
345 : */
346 : Assert(!XLogRecPtrIsInvalid(state->EndRecPtr));
347 :
348 864 : return NULL;
349 : }
350 :
351 : /*
352 : * Record this as the most recent record returned, so that we'll release
353 : * it next time. This also exposes it to the traditional
354 : * XLogRecXXX(xlogreader) macros, which work with the decoder rather than
355 : * the record for historical reasons.
356 : */
357 10135718 : state->record = state->decode_queue_head;
358 :
359 : /*
360 : * Update the pointers to the beginning and one-past-the-end of this
361 : * record, again for the benefit of historical code that expected the
362 : * decoder to track this rather than accessing these fields of the record
363 : * itself.
364 : */
365 10135718 : state->ReadRecPtr = state->record->lsn;
366 10135718 : state->EndRecPtr = state->record->next_lsn;
367 :
368 10135718 : *errormsg = NULL;
369 :
370 10135718 : return state->record;
371 : }
372 :
373 : /*
374 : * Attempt to read an XLOG record.
375 : *
376 : * XLogBeginRead() or XLogFindNextRecord() must be called before the first call
377 : * to XLogReadRecord().
378 : *
379 : * If the page_read callback fails to read the requested data, NULL is
380 : * returned. The callback is expected to have reported the error; errormsg
381 : * is set to NULL.
382 : *
383 : * If the reading fails for some other reason, NULL is also returned, and
384 : * *errormsg is set to a string with details of the failure.
385 : *
386 : * The returned pointer (or *errormsg) points to an internal buffer that's
387 : * valid until the next call to XLogReadRecord.
388 : */
389 : XLogRecord *
390 4771424 : XLogReadRecord(XLogReaderState *state, char **errormsg)
391 : {
392 : DecodedXLogRecord *decoded;
393 :
394 : /*
395 : * Release last returned record, if there is one. We need to do this so
396 : * that we can check for empty decode queue accurately.
397 : */
398 4771424 : XLogReleasePreviousRecord(state);
399 :
400 : /*
401 : * Call XLogReadAhead() in blocking mode to make sure there is something
402 : * in the queue, though we don't use the result.
403 : */
404 4771424 : if (!XLogReaderHasQueuedRecordOrError(state))
405 4771424 : XLogReadAhead(state, false /* nonblocking */ );
406 :
407 : /* Consume the head record or error. */
408 4771094 : decoded = XLogNextRecord(state, errormsg);
409 4771094 : if (decoded)
410 : {
411 : /*
412 : * This function returns a pointer to the record's header, not the
413 : * actual decoded record. The caller will access the decoded record
414 : * through the XLogRecGetXXX() macros, which reach the decoded
415 : * recorded as xlogreader->record.
416 : */
417 : Assert(state->record == decoded);
418 4770716 : return &decoded->header;
419 : }
420 :
421 378 : return NULL;
422 : }
423 :
424 : /*
425 : * Allocate space for a decoded record. The only member of the returned
426 : * object that is initialized is the 'oversized' flag, indicating that the
427 : * decoded record wouldn't fit in the decode buffer and must eventually be
428 : * freed explicitly.
429 : *
430 : * The caller is responsible for adjusting decode_buffer_tail with the real
431 : * size after successfully decoding a record into this space. This way, if
432 : * decoding fails, then there is nothing to undo unless the 'oversized' flag
433 : * was set and pfree() must be called.
434 : *
435 : * Return NULL if there is no space in the decode buffer and allow_oversized
436 : * is false, or if memory allocation fails for an oversized buffer.
437 : */
438 : static DecodedXLogRecord *
439 10138436 : XLogReadRecordAlloc(XLogReaderState *state, size_t xl_tot_len, bool allow_oversized)
440 : {
441 10138436 : size_t required_space = DecodeXLogRecordRequiredSpace(xl_tot_len);
442 10138436 : DecodedXLogRecord *decoded = NULL;
443 :
444 : /* Allocate a circular decode buffer if we don't have one already. */
445 10138436 : if (unlikely(state->decode_buffer == NULL))
446 : {
447 4576 : if (state->decode_buffer_size == 0)
448 2908 : state->decode_buffer_size = DEFAULT_DECODE_BUFFER_SIZE;
449 4576 : state->decode_buffer = palloc(state->decode_buffer_size);
450 4576 : state->decode_buffer_head = state->decode_buffer;
451 4576 : state->decode_buffer_tail = state->decode_buffer;
452 4576 : state->free_decode_buffer = true;
453 : }
454 :
455 : /* Try to allocate space in the circular decode buffer. */
456 10138436 : if (state->decode_buffer_tail >= state->decode_buffer_head)
457 : {
458 : /* Empty, or tail is to the right of head. */
459 8687296 : if (required_space <=
460 8687296 : state->decode_buffer_size -
461 8687296 : (state->decode_buffer_tail - state->decode_buffer))
462 : {
463 : /*-
464 : * There is space between tail and end.
465 : *
466 : * +-----+--------------------+-----+
467 : * | |////////////////////|here!|
468 : * +-----+--------------------+-----+
469 : * ^ ^
470 : * | |
471 : * h t
472 : */
473 8646166 : decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
474 8646166 : decoded->oversized = false;
475 8646166 : return decoded;
476 : }
477 41130 : else if (required_space <
478 41130 : state->decode_buffer_head - state->decode_buffer)
479 : {
480 : /*-
481 : * There is space between start and head.
482 : *
483 : * +-----+--------------------+-----+
484 : * |here!|////////////////////| |
485 : * +-----+--------------------+-----+
486 : * ^ ^
487 : * | |
488 : * h t
489 : */
490 40852 : decoded = (DecodedXLogRecord *) state->decode_buffer;
491 40852 : decoded->oversized = false;
492 40852 : return decoded;
493 : }
494 : }
495 : else
496 : {
497 : /* Tail is to the left of head. */
498 1451140 : if (required_space <
499 1451140 : state->decode_buffer_head - state->decode_buffer_tail)
500 : {
501 : /*-
502 : * There is space between tail and head.
503 : *
504 : * +-----+--------------------+-----+
505 : * |/////|here! |/////|
506 : * +-----+--------------------+-----+
507 : * ^ ^
508 : * | |
509 : * t h
510 : */
511 1451134 : decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
512 1451134 : decoded->oversized = false;
513 1451134 : return decoded;
514 : }
515 : }
516 :
517 : /* Not enough space in the decode buffer. Are we allowed to allocate? */
518 284 : if (allow_oversized)
519 : {
520 84 : decoded = palloc(required_space);
521 84 : decoded->oversized = true;
522 84 : return decoded;
523 : }
524 :
525 200 : return NULL;
526 : }
527 :
528 : static XLogPageReadResult
529 10146852 : XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking)
530 : {
531 : XLogRecPtr RecPtr;
532 : XLogRecord *record;
533 : XLogRecPtr targetPagePtr;
534 : bool randAccess;
535 : uint32 len,
536 : total_len;
537 : uint32 targetRecOff;
538 : uint32 pageHeaderSize;
539 : bool assembled;
540 : bool gotheader;
541 : int readOff;
542 : DecodedXLogRecord *decoded;
543 : char *errormsg; /* not used */
544 :
545 : /*
546 : * randAccess indicates whether to verify the previous-record pointer of
547 : * the record we're reading. We only do this if we're reading
548 : * sequentially, which is what we initially assume.
549 : */
550 10146852 : randAccess = false;
551 :
552 : /* reset error state */
553 10146852 : state->errormsg_buf[0] = '\0';
554 10146852 : decoded = NULL;
555 :
556 10146852 : state->abortedRecPtr = InvalidXLogRecPtr;
557 10146852 : state->missingContrecPtr = InvalidXLogRecPtr;
558 :
559 10146852 : RecPtr = state->NextRecPtr;
560 :
561 10146852 : if (state->DecodeRecPtr != InvalidXLogRecPtr)
562 : {
563 : /* read the record after the one we just read */
564 :
565 : /*
566 : * NextRecPtr is pointing to end+1 of the previous WAL record. If
567 : * we're at a page boundary, no more records can fit on the current
568 : * page. We must skip over the page header, but we can't do that until
569 : * we've read in the page, since the header size is variable.
570 : */
571 : }
572 : else
573 : {
574 : /*
575 : * Caller supplied a position to start at.
576 : *
577 : * In this case, NextRecPtr should already be pointing either to a
578 : * valid record starting position or alternatively to the beginning of
579 : * a page. See the header comments for XLogBeginRead.
580 : */
581 : Assert(RecPtr % XLOG_BLCKSZ == 0 || XRecOffIsValid(RecPtr));
582 6526 : randAccess = true;
583 : }
584 :
585 10146854 : restart:
586 10146854 : state->nonblocking = nonblocking;
587 10146854 : state->currRecPtr = RecPtr;
588 10146854 : assembled = false;
589 :
590 10146854 : targetPagePtr = RecPtr - (RecPtr % XLOG_BLCKSZ);
591 10146854 : targetRecOff = RecPtr % XLOG_BLCKSZ;
592 :
593 : /*
594 : * Read the page containing the record into state->readBuf. Request enough
595 : * byte to cover the whole record header, or at least the part of it that
596 : * fits on the same page.
597 : */
598 10146854 : readOff = ReadPageInternal(state, targetPagePtr,
599 10146854 : Min(targetRecOff + SizeOfXLogRecord, XLOG_BLCKSZ));
600 10146426 : if (readOff == XLREAD_WOULDBLOCK)
601 7216 : return XLREAD_WOULDBLOCK;
602 10139210 : else if (readOff < 0)
603 452 : goto err;
604 :
605 : /*
606 : * ReadPageInternal always returns at least the page header, so we can
607 : * examine it now.
608 : */
609 10138758 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
610 10138758 : if (targetRecOff == 0)
611 : {
612 : /*
613 : * At page start, so skip over page header.
614 : */
615 9970 : RecPtr += pageHeaderSize;
616 9970 : targetRecOff = pageHeaderSize;
617 : }
618 10128788 : else if (targetRecOff < pageHeaderSize)
619 : {
620 0 : report_invalid_record(state, "invalid record offset at %X/%X: expected at least %u, got %u",
621 0 : LSN_FORMAT_ARGS(RecPtr),
622 : pageHeaderSize, targetRecOff);
623 0 : goto err;
624 : }
625 :
626 10138758 : if ((((XLogPageHeader) state->readBuf)->xlp_info & XLP_FIRST_IS_CONTRECORD) &&
627 : targetRecOff == pageHeaderSize)
628 : {
629 0 : report_invalid_record(state, "contrecord is requested by %X/%X",
630 0 : LSN_FORMAT_ARGS(RecPtr));
631 0 : goto err;
632 : }
633 :
634 : /* ReadPageInternal has verified the page header */
635 : Assert(pageHeaderSize <= readOff);
636 :
637 : /*
638 : * Read the record length.
639 : *
640 : * NB: Even though we use an XLogRecord pointer here, the whole record
641 : * header might not fit on this page. xl_tot_len is the first field of the
642 : * struct, so it must be on this page (the records are MAXALIGNed), but we
643 : * cannot access any other fields until we've verified that we got the
644 : * whole header.
645 : */
646 10138758 : record = (XLogRecord *) (state->readBuf + RecPtr % XLOG_BLCKSZ);
647 10138758 : total_len = record->xl_tot_len;
648 :
649 : /*
650 : * If the whole record header is on this page, validate it immediately.
651 : * Otherwise do just a basic sanity check on xl_tot_len, and validate the
652 : * rest of the header after reading it from the next page. The xl_tot_len
653 : * check is necessary here to ensure that we enter the "Need to reassemble
654 : * record" code path below; otherwise we might fail to apply
655 : * ValidXLogRecordHeader at all.
656 : */
657 10138758 : if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
658 : {
659 10118810 : if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr, record,
660 : randAccess))
661 404 : goto err;
662 10118406 : gotheader = true;
663 : }
664 : else
665 : {
666 : /* There may be no next page if it's too small. */
667 19948 : if (total_len < SizeOfXLogRecord)
668 : {
669 2 : report_invalid_record(state,
670 : "invalid record length at %X/%X: expected at least %u, got %u",
671 2 : LSN_FORMAT_ARGS(RecPtr),
672 : (uint32) SizeOfXLogRecord, total_len);
673 2 : goto err;
674 : }
675 : /* We'll validate the header once we have the next page. */
676 19946 : gotheader = false;
677 : }
678 :
679 : /*
680 : * Try to find space to decode this record, if we can do so without
681 : * calling palloc. If we can't, we'll try again below after we've
682 : * validated that total_len isn't garbage bytes from a recycled WAL page.
683 : */
684 10138352 : decoded = XLogReadRecordAlloc(state,
685 : total_len,
686 : false /* allow_oversized */ );
687 10138352 : if (decoded == NULL && nonblocking)
688 : {
689 : /*
690 : * There is no space in the circular decode buffer, and the caller is
691 : * only reading ahead. The caller should consume existing records to
692 : * make space.
693 : */
694 92 : return XLREAD_WOULDBLOCK;
695 : }
696 :
697 10138260 : len = XLOG_BLCKSZ - RecPtr % XLOG_BLCKSZ;
698 10138260 : if (total_len > len)
699 : {
700 : /* Need to reassemble record */
701 : char *contdata;
702 : XLogPageHeader pageHeader;
703 : char *buffer;
704 : uint32 gotlen;
705 :
706 2730624 : assembled = true;
707 :
708 : /*
709 : * We always have space for a couple of pages, enough to validate a
710 : * boundary-spanning record header.
711 : */
712 : Assert(state->readRecordBufSize >= XLOG_BLCKSZ * 2);
713 : Assert(state->readRecordBufSize >= len);
714 :
715 : /* Copy the first fragment of the record from the first page. */
716 2730624 : memcpy(state->readRecordBuf,
717 2730624 : state->readBuf + RecPtr % XLOG_BLCKSZ, len);
718 2730624 : buffer = state->readRecordBuf + len;
719 2730624 : gotlen = len;
720 :
721 : do
722 : {
723 : /* Calculate pointer to beginning of next page */
724 2783234 : targetPagePtr += XLOG_BLCKSZ;
725 :
726 : /* Wait for the next page to become available */
727 2783234 : readOff = ReadPageInternal(state, targetPagePtr,
728 2783234 : Min(total_len - gotlen + SizeOfXLogShortPHD,
729 : XLOG_BLCKSZ));
730 :
731 2783232 : if (readOff == XLREAD_WOULDBLOCK)
732 2404 : return XLREAD_WOULDBLOCK;
733 2780828 : else if (readOff < 0)
734 36 : goto err;
735 :
736 : Assert(SizeOfXLogShortPHD <= readOff);
737 :
738 2780792 : pageHeader = (XLogPageHeader) state->readBuf;
739 :
740 : /*
741 : * If we were expecting a continuation record and got an
742 : * "overwrite contrecord" flag, that means the continuation record
743 : * was overwritten with a different record. Restart the read by
744 : * assuming the address to read is the location where we found
745 : * this flag; but keep track of the LSN of the record we were
746 : * reading, for later verification.
747 : */
748 2780792 : if (pageHeader->xlp_info & XLP_FIRST_IS_OVERWRITE_CONTRECORD)
749 : {
750 2 : state->overwrittenRecPtr = RecPtr;
751 2 : RecPtr = targetPagePtr;
752 2 : goto restart;
753 : }
754 :
755 : /* Check that the continuation on next page looks valid */
756 2780790 : if (!(pageHeader->xlp_info & XLP_FIRST_IS_CONTRECORD))
757 : {
758 2 : report_invalid_record(state,
759 : "there is no contrecord flag at %X/%X",
760 2 : LSN_FORMAT_ARGS(RecPtr));
761 2 : goto err;
762 : }
763 :
764 : /*
765 : * Cross-check that xlp_rem_len agrees with how much of the record
766 : * we expect there to be left.
767 : */
768 2780788 : if (pageHeader->xlp_rem_len == 0 ||
769 2780788 : total_len != (pageHeader->xlp_rem_len + gotlen))
770 : {
771 4 : report_invalid_record(state,
772 : "invalid contrecord length %u (expected %lld) at %X/%X",
773 : pageHeader->xlp_rem_len,
774 4 : ((long long) total_len) - gotlen,
775 4 : LSN_FORMAT_ARGS(RecPtr));
776 4 : goto err;
777 : }
778 :
779 : /* Append the continuation from this page to the buffer */
780 2780784 : pageHeaderSize = XLogPageHeaderSize(pageHeader);
781 :
782 2780784 : if (readOff < pageHeaderSize)
783 0 : readOff = ReadPageInternal(state, targetPagePtr,
784 : pageHeaderSize);
785 :
786 : Assert(pageHeaderSize <= readOff);
787 :
788 2780784 : contdata = (char *) state->readBuf + pageHeaderSize;
789 2780784 : len = XLOG_BLCKSZ - pageHeaderSize;
790 2780784 : if (pageHeader->xlp_rem_len < len)
791 2728154 : len = pageHeader->xlp_rem_len;
792 :
793 2780784 : if (readOff < pageHeaderSize + len)
794 0 : readOff = ReadPageInternal(state, targetPagePtr,
795 0 : pageHeaderSize + len);
796 :
797 2780784 : memcpy(buffer, contdata, len);
798 2780784 : buffer += len;
799 2780784 : gotlen += len;
800 :
801 : /* If we just reassembled the record header, validate it. */
802 2780784 : if (!gotheader)
803 : {
804 19920 : record = (XLogRecord *) state->readRecordBuf;
805 19920 : if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr,
806 : record, randAccess))
807 0 : goto err;
808 19920 : gotheader = true;
809 : }
810 :
811 : /*
812 : * We might need a bigger buffer. We have validated the record
813 : * header, in the case that it split over a page boundary. We've
814 : * also cross-checked total_len against xlp_rem_len on the second
815 : * page, and verified xlp_pageaddr on both.
816 : */
817 2780784 : if (total_len > state->readRecordBufSize)
818 : {
819 : char save_copy[XLOG_BLCKSZ * 2];
820 :
821 : /*
822 : * Save and restore the data we already had. It can't be more
823 : * than two pages.
824 : */
825 : Assert(gotlen <= lengthof(save_copy));
826 : Assert(gotlen <= state->readRecordBufSize);
827 50 : memcpy(save_copy, state->readRecordBuf, gotlen);
828 50 : allocate_recordbuf(state, total_len);
829 50 : memcpy(state->readRecordBuf, save_copy, gotlen);
830 50 : buffer = state->readRecordBuf + gotlen;
831 : }
832 2780784 : } while (gotlen < total_len);
833 : Assert(gotheader);
834 :
835 2728174 : record = (XLogRecord *) state->readRecordBuf;
836 2728174 : if (!ValidXLogRecord(state, record, RecPtr))
837 0 : goto err;
838 :
839 2728174 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
840 2728174 : state->DecodeRecPtr = RecPtr;
841 2728174 : state->NextRecPtr = targetPagePtr + pageHeaderSize
842 2728174 : + MAXALIGN(pageHeader->xlp_rem_len);
843 : }
844 : else
845 : {
846 : /* Wait for the record data to become available */
847 7407636 : readOff = ReadPageInternal(state, targetPagePtr,
848 7407636 : Min(targetRecOff + total_len, XLOG_BLCKSZ));
849 7407636 : if (readOff == XLREAD_WOULDBLOCK)
850 0 : return XLREAD_WOULDBLOCK;
851 7407636 : else if (readOff < 0)
852 0 : goto err;
853 :
854 : /* Record does not cross a page boundary */
855 7407636 : if (!ValidXLogRecord(state, record, RecPtr))
856 2 : goto err;
857 :
858 7407634 : state->NextRecPtr = RecPtr + MAXALIGN(total_len);
859 :
860 7407634 : state->DecodeRecPtr = RecPtr;
861 : }
862 :
863 : /*
864 : * Special processing if it's an XLOG SWITCH record
865 : */
866 10135808 : if (record->xl_rmid == RM_XLOG_ID &&
867 95616 : (record->xl_info & ~XLR_INFO_MASK) == XLOG_SWITCH)
868 : {
869 : /* Pretend it extends to end of segment */
870 312 : state->NextRecPtr += state->segcxt.ws_segsize - 1;
871 312 : state->NextRecPtr -= XLogSegmentOffset(state->NextRecPtr, state->segcxt.ws_segsize);
872 : }
873 :
874 : /*
875 : * If we got here without a DecodedXLogRecord, it means we needed to
876 : * validate total_len before trusting it, but by now we've done that.
877 : */
878 10135808 : if (decoded == NULL)
879 : {
880 : Assert(!nonblocking);
881 84 : decoded = XLogReadRecordAlloc(state,
882 : total_len,
883 : true /* allow_oversized */ );
884 : /* allocation should always happen under allow_oversized */
885 : Assert(decoded != NULL);
886 : }
887 :
888 10135808 : if (DecodeXLogRecord(state, decoded, record, RecPtr, &errormsg))
889 : {
890 : /* Record the location of the next record. */
891 10135808 : decoded->next_lsn = state->NextRecPtr;
892 :
893 : /*
894 : * If it's in the decode buffer, mark the decode buffer space as
895 : * occupied.
896 : */
897 10135808 : if (!decoded->oversized)
898 : {
899 : /* The new decode buffer head must be MAXALIGNed. */
900 : Assert(decoded->size == MAXALIGN(decoded->size));
901 10135724 : if ((char *) decoded == state->decode_buffer)
902 4834738 : state->decode_buffer_tail = state->decode_buffer + decoded->size;
903 : else
904 5300986 : state->decode_buffer_tail += decoded->size;
905 : }
906 :
907 : /* Insert it into the queue of decoded records. */
908 : Assert(state->decode_queue_tail != decoded);
909 10135808 : if (state->decode_queue_tail)
910 5341746 : state->decode_queue_tail->next = decoded;
911 10135808 : state->decode_queue_tail = decoded;
912 10135808 : if (!state->decode_queue_head)
913 4794062 : state->decode_queue_head = decoded;
914 10135808 : return XLREAD_SUCCESS;
915 : }
916 :
917 0 : err:
918 902 : if (assembled)
919 : {
920 : /*
921 : * We get here when a record that spans multiple pages needs to be
922 : * assembled, but something went wrong -- perhaps a contrecord piece
923 : * was lost. If caller is WAL replay, it will know where the aborted
924 : * record was and where to direct followup WAL to be written, marking
925 : * the next piece with XLP_FIRST_IS_OVERWRITE_CONTRECORD, which will
926 : * in turn signal downstream WAL consumers that the broken WAL record
927 : * is to be ignored.
928 : */
929 42 : state->abortedRecPtr = RecPtr;
930 42 : state->missingContrecPtr = targetPagePtr;
931 :
932 : /*
933 : * If we got here without reporting an error, make sure an error is
934 : * queued so that XLogPrefetcherReadRecord() doesn't bring us back a
935 : * second time and clobber the above state.
936 : */
937 42 : state->errormsg_deferred = true;
938 : }
939 :
940 902 : if (decoded && decoded->oversized)
941 0 : pfree(decoded);
942 :
943 : /*
944 : * Invalidate the read state. We might read from a different source after
945 : * failure.
946 : */
947 902 : XLogReaderInvalReadState(state);
948 :
949 : /*
950 : * If an error was written to errormsg_buf, it'll be returned to the
951 : * caller of XLogReadRecord() after all successfully decoded records from
952 : * the read queue.
953 : */
954 :
955 902 : return XLREAD_FAIL;
956 : }
957 :
958 : /*
959 : * Try to decode the next available record, and return it. The record will
960 : * also be returned to XLogNextRecord(), which must be called to 'consume'
961 : * each record.
962 : *
963 : * If nonblocking is true, may return NULL due to lack of data or WAL decoding
964 : * space.
965 : */
966 : DecodedXLogRecord *
967 10146852 : XLogReadAhead(XLogReaderState *state, bool nonblocking)
968 : {
969 : XLogPageReadResult result;
970 :
971 10146852 : if (state->errormsg_deferred)
972 0 : return NULL;
973 :
974 10146852 : result = XLogDecodeNextRecord(state, nonblocking);
975 10146422 : if (result == XLREAD_SUCCESS)
976 : {
977 : Assert(state->decode_queue_tail != NULL);
978 10135808 : return state->decode_queue_tail;
979 : }
980 :
981 10614 : return NULL;
982 : }
983 :
984 : /*
985 : * Read a single xlog page including at least [pageptr, reqLen] of valid data
986 : * via the page_read() callback.
987 : *
988 : * Returns XLREAD_FAIL if the required page cannot be read for some
989 : * reason; errormsg_buf is set in that case (unless the error occurs in the
990 : * page_read callback).
991 : *
992 : * Returns XLREAD_WOULDBLOCK if the requested data can't be read without
993 : * waiting. This can be returned only if the installed page_read callback
994 : * respects the state->nonblocking flag, and cannot read the requested data
995 : * immediately.
996 : *
997 : * We fetch the page from a reader-local cache if we know we have the required
998 : * data and if there hasn't been any error since caching the data.
999 : */
1000 : static int
1001 20337796 : ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
1002 : {
1003 : int readLen;
1004 : uint32 targetPageOff;
1005 : XLogSegNo targetSegNo;
1006 : XLogPageHeader hdr;
1007 :
1008 : Assert((pageptr % XLOG_BLCKSZ) == 0);
1009 :
1010 20337796 : XLByteToSeg(pageptr, targetSegNo, state->segcxt.ws_segsize);
1011 20337796 : targetPageOff = XLogSegmentOffset(pageptr, state->segcxt.ws_segsize);
1012 :
1013 : /* check whether we have all the requested data already */
1014 20337796 : if (targetSegNo == state->seg.ws_segno &&
1015 20329922 : targetPageOff == state->segoff && reqLen <= state->readLen)
1016 17519458 : return state->readLen;
1017 :
1018 : /*
1019 : * Invalidate contents of internal buffer before read attempt. Just set
1020 : * the length to 0, rather than a full XLogReaderInvalReadState(), so we
1021 : * don't forget the segment we last successfully read.
1022 : */
1023 2818338 : state->readLen = 0;
1024 :
1025 : /*
1026 : * Data is not in our buffer.
1027 : *
1028 : * Every time we actually read the segment, even if we looked at parts of
1029 : * it before, we need to do verification as the page_read callback might
1030 : * now be rereading data from a different source.
1031 : *
1032 : * Whenever switching to a new WAL segment, we read the first page of the
1033 : * file and validate its header, even if that's not where the target
1034 : * record is. This is so that we can check the additional identification
1035 : * info that is present in the first page's "long" header.
1036 : */
1037 2818338 : if (targetSegNo != state->seg.ws_segno && targetPageOff != 0)
1038 : {
1039 4562 : XLogRecPtr targetSegmentPtr = pageptr - targetPageOff;
1040 :
1041 4562 : readLen = state->routine.page_read(state, targetSegmentPtr, XLOG_BLCKSZ,
1042 : state->currRecPtr,
1043 : state->readBuf);
1044 4550 : if (readLen == XLREAD_WOULDBLOCK)
1045 0 : return XLREAD_WOULDBLOCK;
1046 4550 : else if (readLen < 0)
1047 0 : goto err;
1048 :
1049 : /* we can be sure to have enough WAL available, we scrolled back */
1050 : Assert(readLen == XLOG_BLCKSZ);
1051 :
1052 4550 : if (!XLogReaderValidatePageHeader(state, targetSegmentPtr,
1053 : state->readBuf))
1054 0 : goto err;
1055 : }
1056 :
1057 : /*
1058 : * First, read the requested data length, but at least a short page header
1059 : * so that we can validate it.
1060 : */
1061 2818326 : readLen = state->routine.page_read(state, pageptr, Max(reqLen, SizeOfXLogShortPHD),
1062 : state->currRecPtr,
1063 : state->readBuf);
1064 2817908 : if (readLen == XLREAD_WOULDBLOCK)
1065 9620 : return XLREAD_WOULDBLOCK;
1066 2808288 : else if (readLen < 0)
1067 458 : goto err;
1068 :
1069 : Assert(readLen <= XLOG_BLCKSZ);
1070 :
1071 : /* Do we have enough data to check the header length? */
1072 2807830 : if (readLen <= SizeOfXLogShortPHD)
1073 0 : goto err;
1074 :
1075 : Assert(readLen >= reqLen);
1076 :
1077 2807830 : hdr = (XLogPageHeader) state->readBuf;
1078 :
1079 : /* still not enough */
1080 2807830 : if (readLen < XLogPageHeaderSize(hdr))
1081 : {
1082 0 : readLen = state->routine.page_read(state, pageptr, XLogPageHeaderSize(hdr),
1083 : state->currRecPtr,
1084 : state->readBuf);
1085 0 : if (readLen == XLREAD_WOULDBLOCK)
1086 0 : return XLREAD_WOULDBLOCK;
1087 0 : else if (readLen < 0)
1088 0 : goto err;
1089 : }
1090 :
1091 : /*
1092 : * Now that we know we have the full header, validate it.
1093 : */
1094 2807830 : if (!XLogReaderValidatePageHeader(state, pageptr, (char *) hdr))
1095 30 : goto err;
1096 :
1097 : /* update read state information */
1098 2807800 : state->seg.ws_segno = targetSegNo;
1099 2807800 : state->segoff = targetPageOff;
1100 2807800 : state->readLen = readLen;
1101 :
1102 2807800 : return readLen;
1103 :
1104 488 : err:
1105 488 : XLogReaderInvalReadState(state);
1106 :
1107 488 : return XLREAD_FAIL;
1108 : }
1109 :
1110 : /*
1111 : * Invalidate the xlogreader's read state to force a re-read.
1112 : */
1113 : static void
1114 1390 : XLogReaderInvalReadState(XLogReaderState *state)
1115 : {
1116 1390 : state->seg.ws_segno = 0;
1117 1390 : state->segoff = 0;
1118 1390 : state->readLen = 0;
1119 1390 : }
1120 :
1121 : /*
1122 : * Validate an XLOG record header.
1123 : *
1124 : * This is just a convenience subroutine to avoid duplicated code in
1125 : * XLogReadRecord. It's not intended for use from anywhere else.
1126 : */
1127 : static bool
1128 10138730 : ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
1129 : XLogRecPtr PrevRecPtr, XLogRecord *record,
1130 : bool randAccess)
1131 : {
1132 10138730 : if (record->xl_tot_len < SizeOfXLogRecord)
1133 : {
1134 394 : report_invalid_record(state,
1135 : "invalid record length at %X/%X: expected at least %u, got %u",
1136 394 : LSN_FORMAT_ARGS(RecPtr),
1137 : (uint32) SizeOfXLogRecord, record->xl_tot_len);
1138 394 : return false;
1139 : }
1140 10138336 : if (!RmgrIdIsValid(record->xl_rmid))
1141 : {
1142 0 : report_invalid_record(state,
1143 : "invalid resource manager ID %u at %X/%X",
1144 0 : record->xl_rmid, LSN_FORMAT_ARGS(RecPtr));
1145 0 : return false;
1146 : }
1147 10138336 : if (randAccess)
1148 : {
1149 : /*
1150 : * We can't exactly verify the prev-link, but surely it should be less
1151 : * than the record's own address.
1152 : */
1153 6526 : if (!(record->xl_prev < RecPtr))
1154 : {
1155 0 : report_invalid_record(state,
1156 : "record with incorrect prev-link %X/%X at %X/%X",
1157 0 : LSN_FORMAT_ARGS(record->xl_prev),
1158 0 : LSN_FORMAT_ARGS(RecPtr));
1159 0 : return false;
1160 : }
1161 : }
1162 : else
1163 : {
1164 : /*
1165 : * Record's prev-link should exactly match our previous location. This
1166 : * check guards against torn WAL pages where a stale but valid-looking
1167 : * WAL record starts on a sector boundary.
1168 : */
1169 10131810 : if (record->xl_prev != PrevRecPtr)
1170 : {
1171 10 : report_invalid_record(state,
1172 : "record with incorrect prev-link %X/%X at %X/%X",
1173 10 : LSN_FORMAT_ARGS(record->xl_prev),
1174 10 : LSN_FORMAT_ARGS(RecPtr));
1175 10 : return false;
1176 : }
1177 : }
1178 :
1179 10138326 : return true;
1180 : }
1181 :
1182 :
1183 : /*
1184 : * CRC-check an XLOG record. We do not believe the contents of an XLOG
1185 : * record (other than to the minimal extent of computing the amount of
1186 : * data to read in) until we've checked the CRCs.
1187 : *
1188 : * We assume all of the record (that is, xl_tot_len bytes) has been read
1189 : * into memory at *record. Also, ValidXLogRecordHeader() has accepted the
1190 : * record's header, which means in particular that xl_tot_len is at least
1191 : * SizeOfXLogRecord.
1192 : */
1193 : static bool
1194 10135810 : ValidXLogRecord(XLogReaderState *state, XLogRecord *record, XLogRecPtr recptr)
1195 : {
1196 : pg_crc32c crc;
1197 :
1198 : Assert(record->xl_tot_len >= SizeOfXLogRecord);
1199 :
1200 : /* Calculate the CRC */
1201 10135810 : INIT_CRC32C(crc);
1202 10135810 : COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
1203 : /* include the record header last */
1204 10135810 : COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
1205 10135810 : FIN_CRC32C(crc);
1206 :
1207 10135810 : if (!EQ_CRC32C(record->xl_crc, crc))
1208 : {
1209 2 : report_invalid_record(state,
1210 : "incorrect resource manager data checksum in record at %X/%X",
1211 2 : LSN_FORMAT_ARGS(recptr));
1212 2 : return false;
1213 : }
1214 :
1215 10135808 : return true;
1216 : }
1217 :
1218 : /*
1219 : * Validate a page header.
1220 : *
1221 : * Check if 'phdr' is valid as the header of the XLog page at position
1222 : * 'recptr'.
1223 : */
1224 : bool
1225 2814306 : XLogReaderValidatePageHeader(XLogReaderState *state, XLogRecPtr recptr,
1226 : char *phdr)
1227 : {
1228 : XLogSegNo segno;
1229 : int32 offset;
1230 2814306 : XLogPageHeader hdr = (XLogPageHeader) phdr;
1231 :
1232 : Assert((recptr % XLOG_BLCKSZ) == 0);
1233 :
1234 2814306 : XLByteToSeg(recptr, segno, state->segcxt.ws_segsize);
1235 2814306 : offset = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1236 :
1237 2814306 : if (hdr->xlp_magic != XLOG_PAGE_MAGIC)
1238 : {
1239 : char fname[MAXFNAMELEN];
1240 :
1241 24 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1242 :
1243 24 : report_invalid_record(state,
1244 : "invalid magic number %04X in WAL segment %s, LSN %X/%X, offset %u",
1245 24 : hdr->xlp_magic,
1246 : fname,
1247 24 : LSN_FORMAT_ARGS(recptr),
1248 : offset);
1249 24 : return false;
1250 : }
1251 :
1252 2814282 : if ((hdr->xlp_info & ~XLP_ALL_FLAGS) != 0)
1253 : {
1254 : char fname[MAXFNAMELEN];
1255 :
1256 2 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1257 :
1258 2 : report_invalid_record(state,
1259 : "invalid info bits %04X in WAL segment %s, LSN %X/%X, offset %u",
1260 2 : hdr->xlp_info,
1261 : fname,
1262 2 : LSN_FORMAT_ARGS(recptr),
1263 : offset);
1264 2 : return false;
1265 : }
1266 :
1267 2814280 : if (hdr->xlp_info & XLP_LONG_HEADER)
1268 : {
1269 8670 : XLogLongPageHeader longhdr = (XLogLongPageHeader) hdr;
1270 :
1271 8670 : if (state->system_identifier &&
1272 5646 : longhdr->xlp_sysid != state->system_identifier)
1273 : {
1274 0 : report_invalid_record(state,
1275 : "WAL file is from different database system: WAL file database system identifier is %llu, pg_control database system identifier is %llu",
1276 0 : (unsigned long long) longhdr->xlp_sysid,
1277 0 : (unsigned long long) state->system_identifier);
1278 0 : return false;
1279 : }
1280 8670 : else if (longhdr->xlp_seg_size != state->segcxt.ws_segsize)
1281 : {
1282 0 : report_invalid_record(state,
1283 : "WAL file is from different database system: incorrect segment size in page header");
1284 0 : return false;
1285 : }
1286 8670 : else if (longhdr->xlp_xlog_blcksz != XLOG_BLCKSZ)
1287 : {
1288 0 : report_invalid_record(state,
1289 : "WAL file is from different database system: incorrect XLOG_BLCKSZ in page header");
1290 0 : return false;
1291 : }
1292 : }
1293 2805610 : else if (offset == 0)
1294 : {
1295 : char fname[MAXFNAMELEN];
1296 :
1297 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1298 :
1299 : /* hmm, first page of file doesn't have a long header? */
1300 0 : report_invalid_record(state,
1301 : "invalid info bits %04X in WAL segment %s, LSN %X/%X, offset %u",
1302 0 : hdr->xlp_info,
1303 : fname,
1304 0 : LSN_FORMAT_ARGS(recptr),
1305 : offset);
1306 0 : return false;
1307 : }
1308 :
1309 : /*
1310 : * Check that the address on the page agrees with what we expected. This
1311 : * check typically fails when an old WAL segment is recycled, and hasn't
1312 : * yet been overwritten with new data yet.
1313 : */
1314 2814280 : if (hdr->xlp_pageaddr != recptr)
1315 : {
1316 : char fname[MAXFNAMELEN];
1317 :
1318 10 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1319 :
1320 10 : report_invalid_record(state,
1321 : "unexpected pageaddr %X/%X in WAL segment %s, LSN %X/%X, offset %u",
1322 10 : LSN_FORMAT_ARGS(hdr->xlp_pageaddr),
1323 : fname,
1324 10 : LSN_FORMAT_ARGS(recptr),
1325 : offset);
1326 10 : return false;
1327 : }
1328 :
1329 : /*
1330 : * Since child timelines are always assigned a TLI greater than their
1331 : * immediate parent's TLI, we should never see TLI go backwards across
1332 : * successive pages of a consistent WAL sequence.
1333 : *
1334 : * Sometimes we re-read a segment that's already been (partially) read. So
1335 : * we only verify TLIs for pages that are later than the last remembered
1336 : * LSN.
1337 : */
1338 2814270 : if (recptr > state->latestPagePtr)
1339 : {
1340 2799824 : if (hdr->xlp_tli < state->latestPageTLI)
1341 : {
1342 : char fname[MAXFNAMELEN];
1343 :
1344 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1345 :
1346 0 : report_invalid_record(state,
1347 : "out-of-sequence timeline ID %u (after %u) in WAL segment %s, LSN %X/%X, offset %u",
1348 : hdr->xlp_tli,
1349 : state->latestPageTLI,
1350 : fname,
1351 0 : LSN_FORMAT_ARGS(recptr),
1352 : offset);
1353 0 : return false;
1354 : }
1355 : }
1356 2814270 : state->latestPagePtr = recptr;
1357 2814270 : state->latestPageTLI = hdr->xlp_tli;
1358 :
1359 2814270 : return true;
1360 : }
1361 :
1362 : /*
1363 : * Forget about an error produced by XLogReaderValidatePageHeader().
1364 : */
1365 : void
1366 6 : XLogReaderResetError(XLogReaderState *state)
1367 : {
1368 6 : state->errormsg_buf[0] = '\0';
1369 6 : state->errormsg_deferred = false;
1370 6 : }
1371 :
1372 : /*
1373 : * Find the first record with an lsn >= RecPtr.
1374 : *
1375 : * This is different from XLogBeginRead() in that RecPtr doesn't need to point
1376 : * to a valid record boundary. Useful for checking whether RecPtr is a valid
1377 : * xlog address for reading, and to find the first valid address after some
1378 : * address when dumping records for debugging purposes.
1379 : *
1380 : * This positions the reader, like XLogBeginRead(), so that the next call to
1381 : * XLogReadRecord() will read the next valid record.
1382 : */
1383 : XLogRecPtr
1384 36 : XLogFindNextRecord(XLogReaderState *state, XLogRecPtr RecPtr)
1385 : {
1386 : XLogRecPtr tmpRecPtr;
1387 36 : XLogRecPtr found = InvalidXLogRecPtr;
1388 : XLogPageHeader header;
1389 : char *errormsg;
1390 :
1391 : Assert(!XLogRecPtrIsInvalid(RecPtr));
1392 :
1393 : /* Make sure ReadPageInternal() can't return XLREAD_WOULDBLOCK. */
1394 36 : state->nonblocking = false;
1395 :
1396 : /*
1397 : * skip over potential continuation data, keeping in mind that it may span
1398 : * multiple pages
1399 : */
1400 36 : tmpRecPtr = RecPtr;
1401 : while (true)
1402 0 : {
1403 : XLogRecPtr targetPagePtr;
1404 : int targetRecOff;
1405 : uint32 pageHeaderSize;
1406 : int readLen;
1407 :
1408 : /*
1409 : * Compute targetRecOff. It should typically be equal or greater than
1410 : * short page-header since a valid record can't start anywhere before
1411 : * that, except when caller has explicitly specified the offset that
1412 : * falls somewhere there or when we are skipping multi-page
1413 : * continuation record. It doesn't matter though because
1414 : * ReadPageInternal() is prepared to handle that and will read at
1415 : * least short page-header worth of data
1416 : */
1417 36 : targetRecOff = tmpRecPtr % XLOG_BLCKSZ;
1418 :
1419 : /* scroll back to page boundary */
1420 36 : targetPagePtr = tmpRecPtr - targetRecOff;
1421 :
1422 : /* Read the page containing the record */
1423 36 : readLen = ReadPageInternal(state, targetPagePtr, targetRecOff);
1424 36 : if (readLen < 0)
1425 0 : goto err;
1426 :
1427 36 : header = (XLogPageHeader) state->readBuf;
1428 :
1429 36 : pageHeaderSize = XLogPageHeaderSize(header);
1430 :
1431 : /* make sure we have enough data for the page header */
1432 36 : readLen = ReadPageInternal(state, targetPagePtr, pageHeaderSize);
1433 36 : if (readLen < 0)
1434 0 : goto err;
1435 :
1436 : /* skip over potential continuation data */
1437 36 : if (header->xlp_info & XLP_FIRST_IS_CONTRECORD)
1438 : {
1439 : /*
1440 : * If the length of the remaining continuation data is more than
1441 : * what can fit in this page, the continuation record crosses over
1442 : * this page. Read the next page and try again. xlp_rem_len in the
1443 : * next page header will contain the remaining length of the
1444 : * continuation data
1445 : *
1446 : * Note that record headers are MAXALIGN'ed
1447 : */
1448 34 : if (MAXALIGN(header->xlp_rem_len) >= (XLOG_BLCKSZ - pageHeaderSize))
1449 0 : tmpRecPtr = targetPagePtr + XLOG_BLCKSZ;
1450 : else
1451 : {
1452 : /*
1453 : * The previous continuation record ends in this page. Set
1454 : * tmpRecPtr to point to the first valid record
1455 : */
1456 34 : tmpRecPtr = targetPagePtr + pageHeaderSize
1457 34 : + MAXALIGN(header->xlp_rem_len);
1458 34 : break;
1459 : }
1460 : }
1461 : else
1462 : {
1463 2 : tmpRecPtr = targetPagePtr + pageHeaderSize;
1464 2 : break;
1465 : }
1466 : }
1467 :
1468 : /*
1469 : * we know now that tmpRecPtr is an address pointing to a valid XLogRecord
1470 : * because either we're at the first record after the beginning of a page
1471 : * or we just jumped over the remaining data of a continuation.
1472 : */
1473 36 : XLogBeginRead(state, tmpRecPtr);
1474 912 : while (XLogReadRecord(state, &errormsg) != NULL)
1475 : {
1476 : /* past the record we've found, break out */
1477 912 : if (RecPtr <= state->ReadRecPtr)
1478 : {
1479 : /* Rewind the reader to the beginning of the last record. */
1480 36 : found = state->ReadRecPtr;
1481 36 : XLogBeginRead(state, found);
1482 36 : return found;
1483 : }
1484 : }
1485 :
1486 0 : err:
1487 0 : XLogReaderInvalReadState(state);
1488 :
1489 0 : return InvalidXLogRecPtr;
1490 : }
1491 :
1492 : /*
1493 : * Helper function to ease writing of XLogReaderRoutine->page_read callbacks.
1494 : * If this function is used, caller must supply a segment_open callback in
1495 : * 'state', as that is used here.
1496 : *
1497 : * Read 'count' bytes into 'buf', starting at location 'startptr', from WAL
1498 : * fetched from timeline 'tli'.
1499 : *
1500 : * Returns true if succeeded, false if an error occurs, in which case
1501 : * 'errinfo' receives error details.
1502 : */
1503 : bool
1504 253738 : WALRead(XLogReaderState *state,
1505 : char *buf, XLogRecPtr startptr, Size count, TimeLineID tli,
1506 : WALReadError *errinfo)
1507 : {
1508 : char *p;
1509 : XLogRecPtr recptr;
1510 : Size nbytes;
1511 : #ifndef FRONTEND
1512 : instr_time io_start;
1513 : #endif
1514 :
1515 253738 : p = buf;
1516 253738 : recptr = startptr;
1517 253738 : nbytes = count;
1518 :
1519 507752 : while (nbytes > 0)
1520 : {
1521 : uint32 startoff;
1522 : int segbytes;
1523 : int readbytes;
1524 :
1525 254014 : startoff = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1526 :
1527 : /*
1528 : * If the data we want is not in a segment we have open, close what we
1529 : * have (if anything) and open the next one, using the caller's
1530 : * provided segment_open callback.
1531 : */
1532 254014 : if (state->seg.ws_file < 0 ||
1533 250636 : !XLByteInSeg(recptr, state->seg.ws_segno, state->segcxt.ws_segsize) ||
1534 249188 : tli != state->seg.ws_tli)
1535 : {
1536 : XLogSegNo nextSegNo;
1537 :
1538 4826 : if (state->seg.ws_file >= 0)
1539 1448 : state->routine.segment_close(state);
1540 :
1541 4826 : XLByteToSeg(recptr, nextSegNo, state->segcxt.ws_segsize);
1542 4826 : state->routine.segment_open(state, nextSegNo, &tli);
1543 :
1544 : /* This shouldn't happen -- indicates a bug in segment_open */
1545 : Assert(state->seg.ws_file >= 0);
1546 :
1547 : /* Update the current segment info. */
1548 4826 : state->seg.ws_tli = tli;
1549 4826 : state->seg.ws_segno = nextSegNo;
1550 : }
1551 :
1552 : /* How many bytes are within this segment? */
1553 254014 : if (nbytes > (state->segcxt.ws_segsize - startoff))
1554 276 : segbytes = state->segcxt.ws_segsize - startoff;
1555 : else
1556 253738 : segbytes = nbytes;
1557 :
1558 : #ifndef FRONTEND
1559 : /* Measure I/O timing when reading segment */
1560 254014 : io_start = pgstat_prepare_io_time(track_io_timing);
1561 :
1562 254014 : pgstat_report_wait_start(WAIT_EVENT_WAL_READ);
1563 : #endif
1564 :
1565 : /* Reset errno first; eases reporting non-errno-affecting errors */
1566 254014 : errno = 0;
1567 254014 : readbytes = pg_pread(state->seg.ws_file, p, segbytes, (off_t) startoff);
1568 :
1569 : #ifndef FRONTEND
1570 254014 : pgstat_report_wait_end();
1571 :
1572 254014 : pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_NORMAL, IOOP_READ,
1573 : io_start, 1, readbytes);
1574 : #endif
1575 :
1576 254014 : if (readbytes <= 0)
1577 : {
1578 0 : errinfo->wre_errno = errno;
1579 0 : errinfo->wre_req = segbytes;
1580 0 : errinfo->wre_read = readbytes;
1581 0 : errinfo->wre_off = startoff;
1582 0 : errinfo->wre_seg = state->seg;
1583 0 : return false;
1584 : }
1585 :
1586 : /* Update state for read */
1587 254014 : recptr += readbytes;
1588 254014 : nbytes -= readbytes;
1589 254014 : p += readbytes;
1590 : }
1591 :
1592 253738 : return true;
1593 : }
1594 :
1595 : /* ----------------------------------------
1596 : * Functions for decoding the data and block references in a record.
1597 : * ----------------------------------------
1598 : */
1599 :
1600 : /*
1601 : * Private function to reset the state, forgetting all decoded records, if we
1602 : * are asked to move to a new read position.
1603 : */
1604 : static void
1605 6566 : ResetDecoder(XLogReaderState *state)
1606 : {
1607 : DecodedXLogRecord *r;
1608 :
1609 : /* Reset the decoded record queue, freeing any oversized records. */
1610 8314 : while ((r = state->decode_queue_head) != NULL)
1611 : {
1612 1748 : state->decode_queue_head = r->next;
1613 1748 : if (r->oversized)
1614 0 : pfree(r);
1615 : }
1616 6566 : state->decode_queue_tail = NULL;
1617 6566 : state->decode_queue_head = NULL;
1618 6566 : state->record = NULL;
1619 :
1620 : /* Reset the decode buffer to empty. */
1621 6566 : state->decode_buffer_tail = state->decode_buffer;
1622 6566 : state->decode_buffer_head = state->decode_buffer;
1623 :
1624 : /* Clear error state. */
1625 6566 : state->errormsg_buf[0] = '\0';
1626 6566 : state->errormsg_deferred = false;
1627 6566 : }
1628 :
1629 : /*
1630 : * Compute the maximum possible amount of padding that could be required to
1631 : * decode a record, given xl_tot_len from the record's header. This is the
1632 : * amount of output buffer space that we need to decode a record, though we
1633 : * might not finish up using it all.
1634 : *
1635 : * This computation is pessimistic and assumes the maximum possible number of
1636 : * blocks, due to lack of better information.
1637 : */
1638 : size_t
1639 10138436 : DecodeXLogRecordRequiredSpace(size_t xl_tot_len)
1640 : {
1641 10138436 : size_t size = 0;
1642 :
1643 : /* Account for the fixed size part of the decoded record struct. */
1644 10138436 : size += offsetof(DecodedXLogRecord, blocks[0]);
1645 : /* Account for the flexible blocks array of maximum possible size. */
1646 10138436 : size += sizeof(DecodedBkpBlock) * (XLR_MAX_BLOCK_ID + 1);
1647 : /* Account for all the raw main and block data. */
1648 10138436 : size += xl_tot_len;
1649 : /* We might insert padding before main_data. */
1650 10138436 : size += (MAXIMUM_ALIGNOF - 1);
1651 : /* We might insert padding before each block's data. */
1652 10138436 : size += (MAXIMUM_ALIGNOF - 1) * (XLR_MAX_BLOCK_ID + 1);
1653 : /* We might insert padding at the end. */
1654 10138436 : size += (MAXIMUM_ALIGNOF - 1);
1655 :
1656 10138436 : return size;
1657 : }
1658 :
1659 : /*
1660 : * Decode a record. "decoded" must point to a MAXALIGNed memory area that has
1661 : * space for at least DecodeXLogRecordRequiredSpace(record) bytes. On
1662 : * success, decoded->size contains the actual space occupied by the decoded
1663 : * record, which may turn out to be less.
1664 : *
1665 : * Only decoded->oversized member must be initialized already, and will not be
1666 : * modified. Other members will be initialized as required.
1667 : *
1668 : * On error, a human-readable error message is returned in *errormsg, and
1669 : * the return value is false.
1670 : */
1671 : bool
1672 10135808 : DecodeXLogRecord(XLogReaderState *state,
1673 : DecodedXLogRecord *decoded,
1674 : XLogRecord *record,
1675 : XLogRecPtr lsn,
1676 : char **errormsg)
1677 : {
1678 : /*
1679 : * read next _size bytes from record buffer, but check for overrun first.
1680 : */
1681 : #define COPY_HEADER_FIELD(_dst, _size) \
1682 : do { \
1683 : if (remaining < _size) \
1684 : goto shortdata_err; \
1685 : memcpy(_dst, ptr, _size); \
1686 : ptr += _size; \
1687 : remaining -= _size; \
1688 : } while(0)
1689 :
1690 : char *ptr;
1691 : char *out;
1692 : uint32 remaining;
1693 : uint32 datatotal;
1694 10135808 : RelFileLocator *rlocator = NULL;
1695 : uint8 block_id;
1696 :
1697 10135808 : decoded->header = *record;
1698 10135808 : decoded->lsn = lsn;
1699 10135808 : decoded->next = NULL;
1700 10135808 : decoded->record_origin = InvalidRepOriginId;
1701 10135808 : decoded->toplevel_xid = InvalidTransactionId;
1702 10135808 : decoded->main_data = NULL;
1703 10135808 : decoded->main_data_len = 0;
1704 10135808 : decoded->max_block_id = -1;
1705 10135808 : ptr = (char *) record;
1706 10135808 : ptr += SizeOfXLogRecord;
1707 10135808 : remaining = record->xl_tot_len - SizeOfXLogRecord;
1708 :
1709 : /* Decode the headers */
1710 10135808 : datatotal = 0;
1711 20844428 : while (remaining > datatotal)
1712 : {
1713 20753318 : COPY_HEADER_FIELD(&block_id, sizeof(uint8));
1714 :
1715 20753318 : if (block_id == XLR_BLOCK_ID_DATA_SHORT)
1716 : {
1717 : /* XLogRecordDataHeaderShort */
1718 : uint8 main_data_len;
1719 :
1720 10025616 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint8));
1721 :
1722 10025616 : decoded->main_data_len = main_data_len;
1723 10025616 : datatotal += main_data_len;
1724 10025616 : break; /* by convention, the main data fragment is
1725 : * always last */
1726 : }
1727 10727702 : else if (block_id == XLR_BLOCK_ID_DATA_LONG)
1728 : {
1729 : /* XLogRecordDataHeaderLong */
1730 : uint32 main_data_len;
1731 :
1732 19082 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint32));
1733 19082 : decoded->main_data_len = main_data_len;
1734 19082 : datatotal += main_data_len;
1735 19082 : break; /* by convention, the main data fragment is
1736 : * always last */
1737 : }
1738 10708620 : else if (block_id == XLR_BLOCK_ID_ORIGIN)
1739 : {
1740 25740 : COPY_HEADER_FIELD(&decoded->record_origin, sizeof(RepOriginId));
1741 : }
1742 10682880 : else if (block_id == XLR_BLOCK_ID_TOPLEVEL_XID)
1743 : {
1744 1312 : COPY_HEADER_FIELD(&decoded->toplevel_xid, sizeof(TransactionId));
1745 : }
1746 10681568 : else if (block_id <= XLR_MAX_BLOCK_ID)
1747 : {
1748 : /* XLogRecordBlockHeader */
1749 : DecodedBkpBlock *blk;
1750 : uint8 fork_flags;
1751 :
1752 : /* mark any intervening block IDs as not in use */
1753 10686696 : for (int i = decoded->max_block_id + 1; i < block_id; ++i)
1754 5128 : decoded->blocks[i].in_use = false;
1755 :
1756 10681568 : if (block_id <= decoded->max_block_id)
1757 : {
1758 0 : report_invalid_record(state,
1759 : "out-of-order block_id %u at %X/%X",
1760 : block_id,
1761 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1762 0 : goto err;
1763 : }
1764 10681568 : decoded->max_block_id = block_id;
1765 :
1766 10681568 : blk = &decoded->blocks[block_id];
1767 10681568 : blk->in_use = true;
1768 10681568 : blk->apply_image = false;
1769 :
1770 10681568 : COPY_HEADER_FIELD(&fork_flags, sizeof(uint8));
1771 10681568 : blk->forknum = fork_flags & BKPBLOCK_FORK_MASK;
1772 10681568 : blk->flags = fork_flags;
1773 10681568 : blk->has_image = ((fork_flags & BKPBLOCK_HAS_IMAGE) != 0);
1774 10681568 : blk->has_data = ((fork_flags & BKPBLOCK_HAS_DATA) != 0);
1775 :
1776 10681568 : blk->prefetch_buffer = InvalidBuffer;
1777 :
1778 10681568 : COPY_HEADER_FIELD(&blk->data_len, sizeof(uint16));
1779 : /* cross-check that the HAS_DATA flag is set iff data_length > 0 */
1780 10681568 : if (blk->has_data && blk->data_len == 0)
1781 : {
1782 0 : report_invalid_record(state,
1783 : "BKPBLOCK_HAS_DATA set, but no data included at %X/%X",
1784 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1785 0 : goto err;
1786 : }
1787 10681568 : if (!blk->has_data && blk->data_len != 0)
1788 : {
1789 0 : report_invalid_record(state,
1790 : "BKPBLOCK_HAS_DATA not set, but data length is %u at %X/%X",
1791 0 : (unsigned int) blk->data_len,
1792 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1793 0 : goto err;
1794 : }
1795 10681568 : datatotal += blk->data_len;
1796 :
1797 10681568 : if (blk->has_image)
1798 : {
1799 4660042 : COPY_HEADER_FIELD(&blk->bimg_len, sizeof(uint16));
1800 4660042 : COPY_HEADER_FIELD(&blk->hole_offset, sizeof(uint16));
1801 4660042 : COPY_HEADER_FIELD(&blk->bimg_info, sizeof(uint8));
1802 :
1803 4660042 : blk->apply_image = ((blk->bimg_info & BKPIMAGE_APPLY) != 0);
1804 :
1805 4660042 : if (BKPIMAGE_COMPRESSED(blk->bimg_info))
1806 : {
1807 0 : if (blk->bimg_info & BKPIMAGE_HAS_HOLE)
1808 0 : COPY_HEADER_FIELD(&blk->hole_length, sizeof(uint16));
1809 : else
1810 0 : blk->hole_length = 0;
1811 : }
1812 : else
1813 4660042 : blk->hole_length = BLCKSZ - blk->bimg_len;
1814 4660042 : datatotal += blk->bimg_len;
1815 :
1816 : /*
1817 : * cross-check that hole_offset > 0, hole_length > 0 and
1818 : * bimg_len < BLCKSZ if the HAS_HOLE flag is set.
1819 : */
1820 4660042 : if ((blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1821 4630666 : (blk->hole_offset == 0 ||
1822 4630666 : blk->hole_length == 0 ||
1823 4630666 : blk->bimg_len == BLCKSZ))
1824 : {
1825 0 : report_invalid_record(state,
1826 : "BKPIMAGE_HAS_HOLE set, but hole offset %u length %u block image length %u at %X/%X",
1827 0 : (unsigned int) blk->hole_offset,
1828 0 : (unsigned int) blk->hole_length,
1829 0 : (unsigned int) blk->bimg_len,
1830 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1831 0 : goto err;
1832 : }
1833 :
1834 : /*
1835 : * cross-check that hole_offset == 0 and hole_length == 0 if
1836 : * the HAS_HOLE flag is not set.
1837 : */
1838 4660042 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1839 29376 : (blk->hole_offset != 0 || blk->hole_length != 0))
1840 : {
1841 0 : report_invalid_record(state,
1842 : "BKPIMAGE_HAS_HOLE not set, but hole offset %u length %u at %X/%X",
1843 0 : (unsigned int) blk->hole_offset,
1844 0 : (unsigned int) blk->hole_length,
1845 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1846 0 : goto err;
1847 : }
1848 :
1849 : /*
1850 : * Cross-check that bimg_len < BLCKSZ if it is compressed.
1851 : */
1852 4660042 : if (BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1853 0 : blk->bimg_len == BLCKSZ)
1854 : {
1855 0 : report_invalid_record(state,
1856 : "BKPIMAGE_COMPRESSED set, but block image length %u at %X/%X",
1857 0 : (unsigned int) blk->bimg_len,
1858 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1859 0 : goto err;
1860 : }
1861 :
1862 : /*
1863 : * cross-check that bimg_len = BLCKSZ if neither HAS_HOLE is
1864 : * set nor COMPRESSED().
1865 : */
1866 4660042 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1867 29376 : !BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1868 29376 : blk->bimg_len != BLCKSZ)
1869 : {
1870 0 : report_invalid_record(state,
1871 : "neither BKPIMAGE_HAS_HOLE nor BKPIMAGE_COMPRESSED set, but block image length is %u at %X/%X",
1872 0 : (unsigned int) blk->data_len,
1873 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1874 0 : goto err;
1875 : }
1876 : }
1877 10681568 : if (!(fork_flags & BKPBLOCK_SAME_REL))
1878 : {
1879 9919740 : COPY_HEADER_FIELD(&blk->rlocator, sizeof(RelFileLocator));
1880 9919740 : rlocator = &blk->rlocator;
1881 : }
1882 : else
1883 : {
1884 761828 : if (rlocator == NULL)
1885 : {
1886 0 : report_invalid_record(state,
1887 : "BKPBLOCK_SAME_REL set but no previous rel at %X/%X",
1888 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1889 0 : goto err;
1890 : }
1891 :
1892 761828 : blk->rlocator = *rlocator;
1893 : }
1894 10681568 : COPY_HEADER_FIELD(&blk->blkno, sizeof(BlockNumber));
1895 : }
1896 : else
1897 : {
1898 0 : report_invalid_record(state,
1899 : "invalid block_id %u at %X/%X",
1900 0 : block_id, LSN_FORMAT_ARGS(state->ReadRecPtr));
1901 0 : goto err;
1902 : }
1903 : }
1904 :
1905 10135808 : if (remaining != datatotal)
1906 0 : goto shortdata_err;
1907 :
1908 : /*
1909 : * Ok, we've parsed the fragment headers, and verified that the total
1910 : * length of the payload in the fragments is equal to the amount of data
1911 : * left. Copy the data of each fragment to contiguous space after the
1912 : * blocks array, inserting alignment padding before the data fragments so
1913 : * they can be cast to struct pointers by REDO routines.
1914 : */
1915 10135808 : out = ((char *) decoded) +
1916 10135808 : offsetof(DecodedXLogRecord, blocks) +
1917 10135808 : sizeof(decoded->blocks[0]) * (decoded->max_block_id + 1);
1918 :
1919 : /* block data first */
1920 20822504 : for (block_id = 0; block_id <= decoded->max_block_id; block_id++)
1921 : {
1922 10686696 : DecodedBkpBlock *blk = &decoded->blocks[block_id];
1923 :
1924 10686696 : if (!blk->in_use)
1925 5128 : continue;
1926 :
1927 : Assert(blk->has_image || !blk->apply_image);
1928 :
1929 10681568 : if (blk->has_image)
1930 : {
1931 : /* no need to align image */
1932 4660042 : blk->bkp_image = out;
1933 4660042 : memcpy(out, ptr, blk->bimg_len);
1934 4660042 : ptr += blk->bimg_len;
1935 4660042 : out += blk->bimg_len;
1936 : }
1937 10681568 : if (blk->has_data)
1938 : {
1939 8042138 : out = (char *) MAXALIGN(out);
1940 8042138 : blk->data = out;
1941 8042138 : memcpy(blk->data, ptr, blk->data_len);
1942 8042138 : ptr += blk->data_len;
1943 8042138 : out += blk->data_len;
1944 : }
1945 : }
1946 :
1947 : /* and finally, the main data */
1948 10135808 : if (decoded->main_data_len > 0)
1949 : {
1950 10044698 : out = (char *) MAXALIGN(out);
1951 10044698 : decoded->main_data = out;
1952 10044698 : memcpy(decoded->main_data, ptr, decoded->main_data_len);
1953 10044698 : ptr += decoded->main_data_len;
1954 10044698 : out += decoded->main_data_len;
1955 : }
1956 :
1957 : /* Report the actual size we used. */
1958 10135808 : decoded->size = MAXALIGN(out - (char *) decoded);
1959 : Assert(DecodeXLogRecordRequiredSpace(record->xl_tot_len) >=
1960 : decoded->size);
1961 :
1962 10135808 : return true;
1963 :
1964 0 : shortdata_err:
1965 0 : report_invalid_record(state,
1966 : "record with invalid length at %X/%X",
1967 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1968 0 : err:
1969 0 : *errormsg = state->errormsg_buf;
1970 :
1971 0 : return false;
1972 : }
1973 :
1974 : /*
1975 : * Returns information about the block that a block reference refers to.
1976 : *
1977 : * This is like XLogRecGetBlockTagExtended, except that the block reference
1978 : * must exist and there's no access to prefetch_buffer.
1979 : */
1980 : void
1981 6499048 : XLogRecGetBlockTag(XLogReaderState *record, uint8 block_id,
1982 : RelFileLocator *rlocator, ForkNumber *forknum,
1983 : BlockNumber *blknum)
1984 : {
1985 6499048 : if (!XLogRecGetBlockTagExtended(record, block_id, rlocator, forknum,
1986 : blknum, NULL))
1987 : {
1988 : #ifndef FRONTEND
1989 0 : elog(ERROR, "could not locate backup block with ID %d in WAL record",
1990 : block_id);
1991 : #else
1992 : pg_fatal("could not locate backup block with ID %d in WAL record",
1993 : block_id);
1994 : #endif
1995 : }
1996 6499048 : }
1997 :
1998 : /*
1999 : * Returns information about the block that a block reference refers to,
2000 : * optionally including the buffer that the block may already be in.
2001 : *
2002 : * If the WAL record contains a block reference with the given ID, *rlocator,
2003 : * *forknum, *blknum and *prefetch_buffer are filled in (if not NULL), and
2004 : * returns true. Otherwise returns false.
2005 : */
2006 : bool
2007 17012332 : XLogRecGetBlockTagExtended(XLogReaderState *record, uint8 block_id,
2008 : RelFileLocator *rlocator, ForkNumber *forknum,
2009 : BlockNumber *blknum,
2010 : Buffer *prefetch_buffer)
2011 : {
2012 : DecodedBkpBlock *bkpb;
2013 :
2014 17012332 : if (!XLogRecHasBlockRef(record, block_id))
2015 83192 : return false;
2016 :
2017 16929140 : bkpb = &record->record->blocks[block_id];
2018 16929140 : if (rlocator)
2019 16810566 : *rlocator = bkpb->rlocator;
2020 16929140 : if (forknum)
2021 10321764 : *forknum = bkpb->forknum;
2022 16929140 : if (blknum)
2023 13866074 : *blknum = bkpb->blkno;
2024 16929140 : if (prefetch_buffer)
2025 5659750 : *prefetch_buffer = bkpb->prefetch_buffer;
2026 16929140 : return true;
2027 : }
2028 :
2029 : /*
2030 : * Returns the data associated with a block reference, or NULL if there is
2031 : * no data (e.g. because a full-page image was taken instead). The returned
2032 : * pointer points to a MAXALIGNed buffer.
2033 : */
2034 : char *
2035 6812208 : XLogRecGetBlockData(XLogReaderState *record, uint8 block_id, Size *len)
2036 : {
2037 : DecodedBkpBlock *bkpb;
2038 :
2039 6812208 : if (block_id > record->record->max_block_id ||
2040 6812208 : !record->record->blocks[block_id].in_use)
2041 0 : return NULL;
2042 :
2043 6812208 : bkpb = &record->record->blocks[block_id];
2044 :
2045 6812208 : if (!bkpb->has_data)
2046 : {
2047 452 : if (len)
2048 452 : *len = 0;
2049 452 : return NULL;
2050 : }
2051 : else
2052 : {
2053 6811756 : if (len)
2054 6804072 : *len = bkpb->data_len;
2055 6811756 : return bkpb->data;
2056 : }
2057 : }
2058 :
2059 : /*
2060 : * Restore a full-page image from a backup block attached to an XLOG record.
2061 : *
2062 : * Returns true if a full-page image is restored, and false on failure with
2063 : * an error to be consumed by the caller.
2064 : */
2065 : bool
2066 4633070 : RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
2067 : {
2068 : DecodedBkpBlock *bkpb;
2069 : char *ptr;
2070 : PGAlignedBlock tmp;
2071 :
2072 4633070 : if (block_id > record->record->max_block_id ||
2073 4633070 : !record->record->blocks[block_id].in_use)
2074 : {
2075 0 : report_invalid_record(record,
2076 : "could not restore image at %X/%X with invalid block %d specified",
2077 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2078 : block_id);
2079 0 : return false;
2080 : }
2081 4633070 : if (!record->record->blocks[block_id].has_image)
2082 : {
2083 0 : report_invalid_record(record, "could not restore image at %X/%X with invalid state, block %d",
2084 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2085 : block_id);
2086 0 : return false;
2087 : }
2088 :
2089 4633070 : bkpb = &record->record->blocks[block_id];
2090 4633070 : ptr = bkpb->bkp_image;
2091 :
2092 4633070 : if (BKPIMAGE_COMPRESSED(bkpb->bimg_info))
2093 : {
2094 : /* If a backup block image is compressed, decompress it */
2095 0 : bool decomp_success = true;
2096 :
2097 0 : if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_PGLZ) != 0)
2098 : {
2099 0 : if (pglz_decompress(ptr, bkpb->bimg_len, tmp.data,
2100 0 : BLCKSZ - bkpb->hole_length, true) < 0)
2101 0 : decomp_success = false;
2102 : }
2103 0 : else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_LZ4) != 0)
2104 : {
2105 : #ifdef USE_LZ4
2106 0 : if (LZ4_decompress_safe(ptr, tmp.data,
2107 0 : bkpb->bimg_len, BLCKSZ - bkpb->hole_length) <= 0)
2108 0 : decomp_success = false;
2109 : #else
2110 : report_invalid_record(record, "could not restore image at %X/%X compressed with %s not supported by build, block %d",
2111 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2112 : "LZ4",
2113 : block_id);
2114 : return false;
2115 : #endif
2116 : }
2117 0 : else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_ZSTD) != 0)
2118 : {
2119 : #ifdef USE_ZSTD
2120 : size_t decomp_result = ZSTD_decompress(tmp.data,
2121 : BLCKSZ - bkpb->hole_length,
2122 : ptr, bkpb->bimg_len);
2123 :
2124 : if (ZSTD_isError(decomp_result))
2125 : decomp_success = false;
2126 : #else
2127 0 : report_invalid_record(record, "could not restore image at %X/%X compressed with %s not supported by build, block %d",
2128 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2129 : "zstd",
2130 : block_id);
2131 0 : return false;
2132 : #endif
2133 : }
2134 : else
2135 : {
2136 0 : report_invalid_record(record, "could not restore image at %X/%X compressed with unknown method, block %d",
2137 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2138 : block_id);
2139 0 : return false;
2140 : }
2141 :
2142 0 : if (!decomp_success)
2143 : {
2144 0 : report_invalid_record(record, "could not decompress image at %X/%X, block %d",
2145 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2146 : block_id);
2147 0 : return false;
2148 : }
2149 :
2150 0 : ptr = tmp.data;
2151 : }
2152 :
2153 : /* generate page, taking into account hole if necessary */
2154 4633070 : if (bkpb->hole_length == 0)
2155 : {
2156 25222 : memcpy(page, ptr, BLCKSZ);
2157 : }
2158 : else
2159 : {
2160 4607848 : memcpy(page, ptr, bkpb->hole_offset);
2161 : /* must zero-fill the hole */
2162 24160348 : MemSet(page + bkpb->hole_offset, 0, bkpb->hole_length);
2163 4607848 : memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
2164 4607848 : ptr + bkpb->hole_offset,
2165 4607848 : BLCKSZ - (bkpb->hole_offset + bkpb->hole_length));
2166 : }
2167 :
2168 4633070 : return true;
2169 : }
2170 :
2171 : #ifndef FRONTEND
2172 :
2173 : /*
2174 : * Extract the FullTransactionId from a WAL record.
2175 : */
2176 : FullTransactionId
2177 0 : XLogRecGetFullXid(XLogReaderState *record)
2178 : {
2179 : /*
2180 : * This function is only safe during replay, because it depends on the
2181 : * replay state. See AdvanceNextFullTransactionIdPastXid() for more.
2182 : */
2183 : Assert(AmStartupProcess() || !IsUnderPostmaster);
2184 :
2185 0 : return FullTransactionIdFromAllowableAt(TransamVariables->nextXid,
2186 0 : XLogRecGetXid(record));
2187 : }
2188 :
2189 : #endif
|
