Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * postmaster.c
4 : * This program acts as a clearing house for requests to the
5 : * POSTGRES system. Frontend programs connect to the Postmaster,
6 : * and postmaster forks a new backend process to handle the
7 : * connection.
8 : *
9 : * The postmaster also manages system-wide operations such as
10 : * startup and shutdown. The postmaster itself doesn't do those
11 : * operations, mind you --- it just forks off a subprocess to do them
12 : * at the right times. It also takes care of resetting the system
13 : * if a backend crashes.
14 : *
15 : * The postmaster process creates the shared memory and semaphore
16 : * pools during startup, but as a rule does not touch them itself.
17 : * In particular, it is not a member of the PGPROC array of backends
18 : * and so it cannot participate in lock-manager operations. Keeping
19 : * the postmaster away from shared memory operations makes it simpler
20 : * and more reliable. The postmaster is almost always able to recover
21 : * from crashes of individual backends by resetting shared memory;
22 : * if it did much with shared memory then it would be prone to crashing
23 : * along with the backends.
24 : *
25 : * When a request message is received, we now fork() immediately.
26 : * The child process performs authentication of the request, and
27 : * then becomes a backend if successful. This allows the auth code
28 : * to be written in a simple single-threaded style (as opposed to the
29 : * crufty "poor man's multitasking" code that used to be needed).
30 : * More importantly, it ensures that blockages in non-multithreaded
31 : * libraries like SSL or PAM cannot cause denial of service to other
32 : * clients.
33 : *
34 : *
35 : * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
36 : * Portions Copyright (c) 1994, Regents of the University of California
37 : *
38 : *
39 : * IDENTIFICATION
40 : * src/backend/postmaster/postmaster.c
41 : *
42 : * NOTES
43 : *
44 : * Initialization:
45 : * The Postmaster sets up shared memory data structures
46 : * for the backends.
47 : *
48 : * Synchronization:
49 : * The Postmaster shares memory with the backends but should avoid
50 : * touching shared memory, so as not to become stuck if a crashing
51 : * backend screws up locks or shared memory. Likewise, the Postmaster
52 : * should never block on messages from frontend clients.
53 : *
54 : * Garbage Collection:
55 : * The Postmaster cleans up after backends if they have an emergency
56 : * exit and/or core dump.
57 : *
58 : * Error Reporting:
59 : * Use write_stderr() only for reporting "interactive" errors
60 : * (essentially, bogus arguments on the command line). Once the
61 : * postmaster is launched, use ereport().
62 : *
63 : *-------------------------------------------------------------------------
64 : */
65 :
66 : #include "postgres.h"
67 :
68 : #include <unistd.h>
69 : #include <signal.h>
70 : #include <time.h>
71 : #include <sys/wait.h>
72 : #include <ctype.h>
73 : #include <sys/stat.h>
74 : #include <sys/socket.h>
75 : #include <fcntl.h>
76 : #include <sys/param.h>
77 : #include <netdb.h>
78 : #include <limits.h>
79 :
80 : #ifdef USE_BONJOUR
81 : #include <dns_sd.h>
82 : #endif
83 :
84 : #ifdef USE_SYSTEMD
85 : #include <systemd/sd-daemon.h>
86 : #endif
87 :
88 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
89 : #include <pthread.h>
90 : #endif
91 :
92 : #include "access/xlog.h"
93 : #include "access/xlogrecovery.h"
94 : #include "common/file_perm.h"
95 : #include "common/pg_prng.h"
96 : #include "lib/ilist.h"
97 : #include "libpq/libpq.h"
98 : #include "libpq/pqsignal.h"
99 : #include "pg_getopt.h"
100 : #include "pgstat.h"
101 : #include "port/pg_bswap.h"
102 : #include "postmaster/autovacuum.h"
103 : #include "postmaster/bgworker_internals.h"
104 : #include "postmaster/pgarch.h"
105 : #include "postmaster/postmaster.h"
106 : #include "postmaster/syslogger.h"
107 : #include "postmaster/walsummarizer.h"
108 : #include "replication/logicallauncher.h"
109 : #include "replication/slotsync.h"
110 : #include "replication/walsender.h"
111 : #include "storage/fd.h"
112 : #include "storage/ipc.h"
113 : #include "storage/pmsignal.h"
114 : #include "tcop/backend_startup.h"
115 : #include "tcop/tcopprot.h"
116 : #include "utils/datetime.h"
117 : #include "utils/memutils.h"
118 : #include "utils/pidfile.h"
119 : #include "utils/timestamp.h"
120 : #include "utils/varlena.h"
121 :
122 : #ifdef EXEC_BACKEND
123 : #include "common/file_utils.h"
124 : #include "storage/pg_shmem.h"
125 : #endif
126 :
127 :
128 : /*
129 : * CountChildren and SignalChildren take a bitmask argument to represent
130 : * BackendTypes to count or signal. Define a separate type and functions to
131 : * work with the bitmasks, to avoid accidentally passing a plain BackendType
132 : * in place of a bitmask or vice versa.
133 : */
134 : typedef struct
135 : {
136 : uint32 mask;
137 : } BackendTypeMask;
138 :
139 : StaticAssertDecl(BACKEND_NUM_TYPES < 32, "too many backend types for uint32");
140 :
141 : static const BackendTypeMask BTYPE_MASK_ALL = {(1 << BACKEND_NUM_TYPES) - 1};
142 : static const BackendTypeMask BTYPE_MASK_NONE = {0};
143 :
144 : static inline BackendTypeMask
145 1586 : btmask(BackendType t)
146 : {
147 1586 : BackendTypeMask mask = {.mask = 1 << t};
148 :
149 1586 : return mask;
150 : }
151 :
152 : static inline BackendTypeMask
153 77392 : btmask_add(BackendTypeMask mask, BackendType t)
154 : {
155 77392 : mask.mask |= 1 << t;
156 77392 : return mask;
157 : }
158 :
159 : static inline BackendTypeMask
160 5250 : btmask_del(BackendTypeMask mask, BackendType t)
161 : {
162 5250 : mask.mask &= ~(1 << t);
163 5250 : return mask;
164 : }
165 :
166 : static inline BackendTypeMask
167 3306 : btmask_all_except(BackendType t)
168 : {
169 3306 : BackendTypeMask mask = BTYPE_MASK_ALL;
170 :
171 3306 : mask = btmask_del(mask, t);
172 3306 : return mask;
173 : }
174 :
175 : static inline BackendTypeMask
176 972 : btmask_all_except2(BackendType t1, BackendType t2)
177 : {
178 972 : BackendTypeMask mask = BTYPE_MASK_ALL;
179 :
180 972 : mask = btmask_del(mask, t1);
181 972 : mask = btmask_del(mask, t2);
182 972 : return mask;
183 : }
184 :
185 : static inline bool
186 102474 : btmask_contains(BackendTypeMask mask, BackendType t)
187 : {
188 102474 : return (mask.mask & (1 << t)) != 0;
189 : }
190 :
191 :
192 : BackgroundWorker *MyBgworkerEntry = NULL;
193 :
194 : /* The socket number we are listening for connections on */
195 : int PostPortNumber = DEF_PGPORT;
196 :
197 : /* The directory names for Unix socket(s) */
198 : char *Unix_socket_directories;
199 :
200 : /* The TCP listen address(es) */
201 : char *ListenAddresses;
202 :
203 : /*
204 : * SuperuserReservedConnections is the number of backends reserved for
205 : * superuser use, and ReservedConnections is the number of backends reserved
206 : * for use by roles with privileges of the pg_use_reserved_connections
207 : * predefined role. These are taken out of the pool of MaxConnections backend
208 : * slots, so the number of backend slots available for roles that are neither
209 : * superuser nor have privileges of pg_use_reserved_connections is
210 : * (MaxConnections - SuperuserReservedConnections - ReservedConnections).
211 : *
212 : * If the number of remaining slots is less than or equal to
213 : * SuperuserReservedConnections, only superusers can make new connections. If
214 : * the number of remaining slots is greater than SuperuserReservedConnections
215 : * but less than or equal to
216 : * (SuperuserReservedConnections + ReservedConnections), only superusers and
217 : * roles with privileges of pg_use_reserved_connections can make new
218 : * connections. Note that pre-existing superuser and
219 : * pg_use_reserved_connections connections don't count against the limits.
220 : */
221 : int SuperuserReservedConnections;
222 : int ReservedConnections;
223 :
224 : /* The socket(s) we're listening to. */
225 : #define MAXLISTEN 64
226 : static int NumListenSockets = 0;
227 : static pgsocket *ListenSockets = NULL;
228 :
229 : /* still more option variables */
230 : bool EnableSSL = false;
231 :
232 : int PreAuthDelay = 0;
233 : int AuthenticationTimeout = 60;
234 :
235 : bool log_hostname; /* for ps display and logging */
236 : bool Log_connections = false;
237 :
238 : bool enable_bonjour = false;
239 : char *bonjour_name;
240 : bool restart_after_crash = true;
241 : bool remove_temp_files_after_crash = true;
242 : bool send_abort_for_crash = false;
243 : bool send_abort_for_kill = false;
244 :
245 : /* special child processes; NULL when not running */
246 : static PMChild *StartupPMChild = NULL,
247 : *BgWriterPMChild = NULL,
248 : *CheckpointerPMChild = NULL,
249 : *WalWriterPMChild = NULL,
250 : *WalReceiverPMChild = NULL,
251 : *WalSummarizerPMChild = NULL,
252 : *AutoVacLauncherPMChild = NULL,
253 : *PgArchPMChild = NULL,
254 : *SysLoggerPMChild = NULL,
255 : *SlotSyncWorkerPMChild = NULL;
256 :
257 : /* Startup process's status */
258 : typedef enum
259 : {
260 : STARTUP_NOT_RUNNING,
261 : STARTUP_RUNNING,
262 : STARTUP_SIGNALED, /* we sent it a SIGQUIT or SIGKILL */
263 : STARTUP_CRASHED,
264 : } StartupStatusEnum;
265 :
266 : static StartupStatusEnum StartupStatus = STARTUP_NOT_RUNNING;
267 :
268 : /* Startup/shutdown state */
269 : #define NoShutdown 0
270 : #define SmartShutdown 1
271 : #define FastShutdown 2
272 : #define ImmediateShutdown 3
273 :
274 : static int Shutdown = NoShutdown;
275 :
276 : static bool FatalError = false; /* T if recovering from backend crash */
277 :
278 : /*
279 : * We use a simple state machine to control startup, shutdown, and
280 : * crash recovery (which is rather like shutdown followed by startup).
281 : *
282 : * After doing all the postmaster initialization work, we enter PM_STARTUP
283 : * state and the startup process is launched. The startup process begins by
284 : * reading the control file and other preliminary initialization steps.
285 : * In a normal startup, or after crash recovery, the startup process exits
286 : * with exit code 0 and we switch to PM_RUN state. However, archive recovery
287 : * is handled specially since it takes much longer and we would like to support
288 : * hot standby during archive recovery.
289 : *
290 : * When the startup process is ready to start archive recovery, it signals the
291 : * postmaster, and we switch to PM_RECOVERY state. The background writer and
292 : * checkpointer are launched, while the startup process continues applying WAL.
293 : * If Hot Standby is enabled, then, after reaching a consistent point in WAL
294 : * redo, startup process signals us again, and we switch to PM_HOT_STANDBY
295 : * state and begin accepting connections to perform read-only queries. When
296 : * archive recovery is finished, the startup process exits with exit code 0
297 : * and we switch to PM_RUN state.
298 : *
299 : * Normal child backends can only be launched when we are in PM_RUN or
300 : * PM_HOT_STANDBY state. (connsAllowed can also restrict launching.)
301 : * In other states we handle connection requests by launching "dead-end"
302 : * child processes, which will simply send the client an error message and
303 : * quit. (We track these in the ActiveChildList so that we can know when they
304 : * are all gone; this is important because they're still connected to shared
305 : * memory, and would interfere with an attempt to destroy the shmem segment,
306 : * possibly leading to SHMALL failure when we try to make a new one.)
307 : * In PM_WAIT_DEAD_END state we are waiting for all the dead-end children
308 : * to drain out of the system, and therefore stop accepting connection
309 : * requests at all until the last existing child has quit (which hopefully
310 : * will not be very long).
311 : *
312 : * Notice that this state variable does not distinguish *why* we entered
313 : * states later than PM_RUN --- Shutdown and FatalError must be consulted
314 : * to find that out. FatalError is never true in PM_RECOVERY, PM_HOT_STANDBY,
315 : * or PM_RUN states, nor in PM_SHUTDOWN states (because we don't enter those
316 : * states when trying to recover from a crash). It can be true in PM_STARTUP
317 : * state, because we don't clear it until we've successfully started WAL redo.
318 : */
319 : typedef enum
320 : {
321 : PM_INIT, /* postmaster starting */
322 : PM_STARTUP, /* waiting for startup subprocess */
323 : PM_RECOVERY, /* in archive recovery mode */
324 : PM_HOT_STANDBY, /* in hot standby mode */
325 : PM_RUN, /* normal "database is alive" state */
326 : PM_STOP_BACKENDS, /* need to stop remaining backends */
327 : PM_WAIT_BACKENDS, /* waiting for live backends to exit */
328 : PM_SHUTDOWN, /* waiting for checkpointer to do shutdown
329 : * ckpt */
330 : PM_SHUTDOWN_2, /* waiting for archiver and walsenders to
331 : * finish */
332 : PM_WAIT_DEAD_END, /* waiting for dead-end children to exit */
333 : PM_NO_CHILDREN, /* all important children have exited */
334 : } PMState;
335 :
336 : static PMState pmState = PM_INIT;
337 :
338 : /*
339 : * While performing a "smart shutdown", we restrict new connections but stay
340 : * in PM_RUN or PM_HOT_STANDBY state until all the client backends are gone.
341 : * connsAllowed is a sub-state indicator showing the active restriction.
342 : * It is of no interest unless pmState is PM_RUN or PM_HOT_STANDBY.
343 : */
344 : static bool connsAllowed = true;
345 :
346 : /* Start time of SIGKILL timeout during immediate shutdown or child crash */
347 : /* Zero means timeout is not running */
348 : static time_t AbortStartTime = 0;
349 :
350 : /* Length of said timeout */
351 : #define SIGKILL_CHILDREN_AFTER_SECS 5
352 :
353 : static bool ReachedNormalRunning = false; /* T if we've reached PM_RUN */
354 :
355 : bool ClientAuthInProgress = false; /* T during new-client
356 : * authentication */
357 :
358 : bool redirection_done = false; /* stderr redirected for syslogger? */
359 :
360 : /* received START_AUTOVAC_LAUNCHER signal */
361 : static bool start_autovac_launcher = false;
362 :
363 : /* the launcher needs to be signaled to communicate some condition */
364 : static bool avlauncher_needs_signal = false;
365 :
366 : /* received START_WALRECEIVER signal */
367 : static bool WalReceiverRequested = false;
368 :
369 : /* set when there's a worker that needs to be started up */
370 : static bool StartWorkerNeeded = true;
371 : static bool HaveCrashedWorker = false;
372 :
373 : /* set when signals arrive */
374 : static volatile sig_atomic_t pending_pm_pmsignal;
375 : static volatile sig_atomic_t pending_pm_child_exit;
376 : static volatile sig_atomic_t pending_pm_reload_request;
377 : static volatile sig_atomic_t pending_pm_shutdown_request;
378 : static volatile sig_atomic_t pending_pm_fast_shutdown_request;
379 : static volatile sig_atomic_t pending_pm_immediate_shutdown_request;
380 :
381 : /* event multiplexing object */
382 : static WaitEventSet *pm_wait_set;
383 :
384 : #ifdef USE_SSL
385 : /* Set when and if SSL has been initialized properly */
386 : bool LoadedSSL = false;
387 : #endif
388 :
389 : #ifdef USE_BONJOUR
390 : static DNSServiceRef bonjour_sdref = NULL;
391 : #endif
392 :
393 : /*
394 : * postmaster.c - function prototypes
395 : */
396 : static void CloseServerPorts(int status, Datum arg);
397 : static void unlink_external_pid_file(int status, Datum arg);
398 : static void getInstallationPaths(const char *argv0);
399 : static void checkControlFile(void);
400 : static void handle_pm_pmsignal_signal(SIGNAL_ARGS);
401 : static void handle_pm_child_exit_signal(SIGNAL_ARGS);
402 : static void handle_pm_reload_request_signal(SIGNAL_ARGS);
403 : static void handle_pm_shutdown_request_signal(SIGNAL_ARGS);
404 : static void process_pm_pmsignal(void);
405 : static void process_pm_child_exit(void);
406 : static void process_pm_reload_request(void);
407 : static void process_pm_shutdown_request(void);
408 : static void dummy_handler(SIGNAL_ARGS);
409 : static void CleanupBackend(PMChild *bp, int exitstatus);
410 : static void HandleChildCrash(int pid, int exitstatus, const char *procname);
411 : static void LogChildExit(int lev, const char *procname,
412 : int pid, int exitstatus);
413 : static void PostmasterStateMachine(void);
414 :
415 : static void ExitPostmaster(int status) pg_attribute_noreturn();
416 : static int ServerLoop(void);
417 : static int BackendStartup(ClientSocket *client_sock);
418 : static void report_fork_failure_to_client(ClientSocket *client_sock, int errnum);
419 : static CAC_state canAcceptConnections(BackendType backend_type);
420 : static void signal_child(PMChild *pmchild, int signal);
421 : static void sigquit_child(PMChild *pmchild);
422 : static bool SignalChildren(int signal, BackendTypeMask targetMask);
423 : static void TerminateChildren(int signal);
424 : static int CountChildren(BackendTypeMask targetMask);
425 : static void LaunchMissingBackgroundProcesses(void);
426 : static void maybe_start_bgworkers(void);
427 : static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
428 : static PMChild *StartChildProcess(BackendType type);
429 : static void StartSysLogger(void);
430 : static void StartAutovacuumWorker(void);
431 : static bool StartBackgroundWorker(RegisteredBgWorker *rw);
432 : static void InitPostmasterDeathWatchHandle(void);
433 :
434 : #ifdef WIN32
435 : #define WNOHANG 0 /* ignored, so any integer value will do */
436 :
437 : static pid_t waitpid(pid_t pid, int *exitstatus, int options);
438 : static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
439 :
440 : static HANDLE win32ChildQueue;
441 :
442 : typedef struct
443 : {
444 : HANDLE waitHandle;
445 : HANDLE procHandle;
446 : DWORD procId;
447 : } win32_deadchild_waitinfo;
448 : #endif /* WIN32 */
449 :
450 : /* Macros to check exit status of a child process */
451 : #define EXIT_STATUS_0(st) ((st) == 0)
452 : #define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
453 : #define EXIT_STATUS_3(st) (WIFEXITED(st) && WEXITSTATUS(st) == 3)
454 :
455 : #ifndef WIN32
456 : /*
457 : * File descriptors for pipe used to monitor if postmaster is alive.
458 : * First is POSTMASTER_FD_WATCH, second is POSTMASTER_FD_OWN.
459 : */
460 : int postmaster_alive_fds[2] = {-1, -1};
461 : #else
462 : /* Process handle of postmaster used for the same purpose on Windows */
463 : HANDLE PostmasterHandle;
464 : #endif
465 :
466 : /*
467 : * Postmaster main entry point
468 : */
469 : void
470 1534 : PostmasterMain(int argc, char *argv[])
471 : {
472 : int opt;
473 : int status;
474 1534 : char *userDoption = NULL;
475 1534 : bool listen_addr_saved = false;
476 1534 : char *output_config_variable = NULL;
477 :
478 1534 : InitProcessGlobals();
479 :
480 1534 : PostmasterPid = MyProcPid;
481 :
482 1534 : IsPostmasterEnvironment = true;
483 :
484 : /*
485 : * Start our win32 signal implementation
486 : */
487 : #ifdef WIN32
488 : pgwin32_signal_initialize();
489 : #endif
490 :
491 : /*
492 : * We should not be creating any files or directories before we check the
493 : * data directory (see checkDataDir()), but just in case set the umask to
494 : * the most restrictive (owner-only) permissions.
495 : *
496 : * checkDataDir() will reset the umask based on the data directory
497 : * permissions.
498 : */
499 1534 : umask(PG_MODE_MASK_OWNER);
500 :
501 : /*
502 : * By default, palloc() requests in the postmaster will be allocated in
503 : * the PostmasterContext, which is space that can be recycled by backends.
504 : * Allocated data that needs to be available to backends should be
505 : * allocated in TopMemoryContext.
506 : */
507 1534 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
508 : "Postmaster",
509 : ALLOCSET_DEFAULT_SIZES);
510 1534 : MemoryContextSwitchTo(PostmasterContext);
511 :
512 : /* Initialize paths to installation files */
513 1534 : getInstallationPaths(argv[0]);
514 :
515 : /*
516 : * Set up signal handlers for the postmaster process.
517 : *
518 : * CAUTION: when changing this list, check for side-effects on the signal
519 : * handling setup of child processes. See tcop/postgres.c,
520 : * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
521 : * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/syslogger.c,
522 : * postmaster/bgworker.c and postmaster/checkpointer.c.
523 : */
524 1534 : pqinitmask();
525 1534 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
526 :
527 1534 : pqsignal(SIGHUP, handle_pm_reload_request_signal);
528 1534 : pqsignal(SIGINT, handle_pm_shutdown_request_signal);
529 1534 : pqsignal(SIGQUIT, handle_pm_shutdown_request_signal);
530 1534 : pqsignal(SIGTERM, handle_pm_shutdown_request_signal);
531 1534 : pqsignal(SIGALRM, SIG_IGN); /* ignored */
532 1534 : pqsignal(SIGPIPE, SIG_IGN); /* ignored */
533 1534 : pqsignal(SIGUSR1, handle_pm_pmsignal_signal);
534 1534 : pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
535 1534 : pqsignal(SIGCHLD, handle_pm_child_exit_signal);
536 :
537 : /* This may configure SIGURG, depending on platform. */
538 1534 : InitializeLatchSupport();
539 1534 : InitProcessLocalLatch();
540 :
541 : /*
542 : * No other place in Postgres should touch SIGTTIN/SIGTTOU handling. We
543 : * ignore those signals in a postmaster environment, so that there is no
544 : * risk of a child process freezing up due to writing to stderr. But for
545 : * a standalone backend, their default handling is reasonable. Hence, all
546 : * child processes should just allow the inherited settings to stand.
547 : */
548 : #ifdef SIGTTIN
549 1534 : pqsignal(SIGTTIN, SIG_IGN); /* ignored */
550 : #endif
551 : #ifdef SIGTTOU
552 1534 : pqsignal(SIGTTOU, SIG_IGN); /* ignored */
553 : #endif
554 :
555 : /* ignore SIGXFSZ, so that ulimit violations work like disk full */
556 : #ifdef SIGXFSZ
557 1534 : pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
558 : #endif
559 :
560 : /* Begin accepting signals. */
561 1534 : sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
562 :
563 : /*
564 : * Options setup
565 : */
566 1534 : InitializeGUCOptions();
567 :
568 1534 : opterr = 1;
569 :
570 : /*
571 : * Parse command-line options. CAUTION: keep this in sync with
572 : * tcop/postgres.c (the option sets should not conflict) and with the
573 : * common help() function in main/main.c.
574 : */
575 5320 : while ((opt = getopt(argc, argv, "B:bC:c:D:d:EeFf:h:ijk:lN:OPp:r:S:sTt:W:-:")) != -1)
576 : {
577 3786 : switch (opt)
578 : {
579 0 : case 'B':
580 0 : SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
581 0 : break;
582 :
583 44 : case 'b':
584 : /* Undocumented flag used for binary upgrades */
585 44 : IsBinaryUpgrade = true;
586 44 : break;
587 :
588 4 : case 'C':
589 4 : output_config_variable = strdup(optarg);
590 4 : break;
591 :
592 1788 : case 'c':
593 : case '-':
594 : {
595 : char *name,
596 : *value;
597 :
598 1788 : ParseLongOption(optarg, &name, &value);
599 1788 : if (!value)
600 : {
601 0 : if (opt == '-')
602 0 : ereport(ERROR,
603 : (errcode(ERRCODE_SYNTAX_ERROR),
604 : errmsg("--%s requires a value",
605 : optarg)));
606 : else
607 0 : ereport(ERROR,
608 : (errcode(ERRCODE_SYNTAX_ERROR),
609 : errmsg("-c %s requires a value",
610 : optarg)));
611 : }
612 :
613 1788 : SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
614 1788 : pfree(name);
615 1788 : pfree(value);
616 1788 : break;
617 : }
618 :
619 1534 : case 'D':
620 1534 : userDoption = strdup(optarg);
621 1534 : break;
622 :
623 0 : case 'd':
624 0 : set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
625 0 : break;
626 :
627 0 : case 'E':
628 0 : SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
629 0 : break;
630 :
631 0 : case 'e':
632 0 : SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
633 0 : break;
634 :
635 176 : case 'F':
636 176 : SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
637 176 : break;
638 :
639 0 : case 'f':
640 0 : if (!set_plan_disabling_options(optarg, PGC_POSTMASTER, PGC_S_ARGV))
641 : {
642 0 : write_stderr("%s: invalid argument for option -f: \"%s\"\n",
643 : progname, optarg);
644 0 : ExitPostmaster(1);
645 : }
646 0 : break;
647 :
648 0 : case 'h':
649 0 : SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
650 0 : break;
651 :
652 0 : case 'i':
653 0 : SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
654 0 : break;
655 :
656 0 : case 'j':
657 : /* only used by interactive backend */
658 0 : break;
659 :
660 176 : case 'k':
661 176 : SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV);
662 176 : break;
663 :
664 0 : case 'l':
665 0 : SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
666 0 : break;
667 :
668 0 : case 'N':
669 0 : SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
670 0 : break;
671 :
672 0 : case 'O':
673 0 : SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
674 0 : break;
675 :
676 0 : case 'P':
677 0 : SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
678 0 : break;
679 :
680 64 : case 'p':
681 64 : SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
682 64 : break;
683 :
684 0 : case 'r':
685 : /* only used by single-user backend */
686 0 : break;
687 :
688 0 : case 'S':
689 0 : SetConfigOption("work_mem", optarg, PGC_POSTMASTER, PGC_S_ARGV);
690 0 : break;
691 :
692 0 : case 's':
693 0 : SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
694 0 : break;
695 :
696 0 : case 'T':
697 :
698 : /*
699 : * This option used to be defined as sending SIGSTOP after a
700 : * backend crash, but sending SIGABRT seems more useful.
701 : */
702 0 : SetConfigOption("send_abort_for_crash", "true", PGC_POSTMASTER, PGC_S_ARGV);
703 0 : break;
704 :
705 0 : case 't':
706 : {
707 0 : const char *tmp = get_stats_option_name(optarg);
708 :
709 0 : if (tmp)
710 : {
711 0 : SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
712 : }
713 : else
714 : {
715 0 : write_stderr("%s: invalid argument for option -t: \"%s\"\n",
716 : progname, optarg);
717 0 : ExitPostmaster(1);
718 : }
719 0 : break;
720 : }
721 :
722 0 : case 'W':
723 0 : SetConfigOption("post_auth_delay", optarg, PGC_POSTMASTER, PGC_S_ARGV);
724 0 : break;
725 :
726 0 : default:
727 0 : write_stderr("Try \"%s --help\" for more information.\n",
728 : progname);
729 0 : ExitPostmaster(1);
730 : }
731 : }
732 :
733 : /*
734 : * Postmaster accepts no non-option switch arguments.
735 : */
736 1534 : if (optind < argc)
737 : {
738 0 : write_stderr("%s: invalid argument: \"%s\"\n",
739 0 : progname, argv[optind]);
740 0 : write_stderr("Try \"%s --help\" for more information.\n",
741 : progname);
742 0 : ExitPostmaster(1);
743 : }
744 :
745 : /*
746 : * Locate the proper configuration files and data directory, and read
747 : * postgresql.conf for the first time.
748 : */
749 1534 : if (!SelectConfigFiles(userDoption, progname))
750 0 : ExitPostmaster(2);
751 :
752 1532 : if (output_config_variable != NULL)
753 : {
754 : /*
755 : * If this is a runtime-computed GUC, it hasn't yet been initialized,
756 : * and the present value is not useful. However, this is a convenient
757 : * place to print the value for most GUCs because it is safe to run
758 : * postmaster startup to this point even if the server is already
759 : * running. For the handful of runtime-computed GUCs that we cannot
760 : * provide meaningful values for yet, we wait until later in
761 : * postmaster startup to print the value. We won't be able to use -C
762 : * on running servers for those GUCs, but using this option now would
763 : * lead to incorrect results for them.
764 : */
765 4 : int flags = GetConfigOptionFlags(output_config_variable, true);
766 :
767 4 : if ((flags & GUC_RUNTIME_COMPUTED) == 0)
768 : {
769 : /*
770 : * "-C guc" was specified, so print GUC's value and exit. No
771 : * extra permission check is needed because the user is reading
772 : * inside the data dir.
773 : */
774 2 : const char *config_val = GetConfigOption(output_config_variable,
775 : false, false);
776 :
777 2 : puts(config_val ? config_val : "");
778 2 : ExitPostmaster(0);
779 : }
780 :
781 : /*
782 : * A runtime-computed GUC will be printed later on. As we initialize
783 : * a server startup sequence, silence any log messages that may show
784 : * up in the output generated. FATAL and more severe messages are
785 : * useful to show, even if one would only expect at least PANIC. LOG
786 : * entries are hidden.
787 : */
788 2 : SetConfigOption("log_min_messages", "FATAL", PGC_SUSET,
789 : PGC_S_OVERRIDE);
790 : }
791 :
792 : /* Verify that DataDir looks reasonable */
793 1530 : checkDataDir();
794 :
795 : /* Check that pg_control exists */
796 1530 : checkControlFile();
797 :
798 : /* And switch working directory into it */
799 1530 : ChangeToDataDir();
800 :
801 : /*
802 : * Check for invalid combinations of GUC settings.
803 : */
804 1530 : if (SuperuserReservedConnections + ReservedConnections >= MaxConnections)
805 : {
806 0 : write_stderr("%s: \"superuser_reserved_connections\" (%d) plus \"reserved_connections\" (%d) must be less than \"max_connections\" (%d)\n",
807 : progname,
808 : SuperuserReservedConnections, ReservedConnections,
809 : MaxConnections);
810 0 : ExitPostmaster(1);
811 : }
812 1530 : if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)
813 0 : ereport(ERROR,
814 : (errmsg("WAL archival cannot be enabled when \"wal_level\" is \"minimal\"")));
815 1530 : if (max_wal_senders > 0 && wal_level == WAL_LEVEL_MINIMAL)
816 0 : ereport(ERROR,
817 : (errmsg("WAL streaming (\"max_wal_senders\" > 0) requires \"wal_level\" to be \"replica\" or \"logical\"")));
818 1530 : if (summarize_wal && wal_level == WAL_LEVEL_MINIMAL)
819 0 : ereport(ERROR,
820 : (errmsg("WAL cannot be summarized when \"wal_level\" is \"minimal\"")));
821 :
822 : /*
823 : * Other one-time internal sanity checks can go here, if they are fast.
824 : * (Put any slow processing further down, after postmaster.pid creation.)
825 : */
826 1530 : if (!CheckDateTokenTables())
827 : {
828 0 : write_stderr("%s: invalid datetoken tables, please fix\n", progname);
829 0 : ExitPostmaster(1);
830 : }
831 :
832 : /*
833 : * Now that we are done processing the postmaster arguments, reset
834 : * getopt(3) library so that it will work correctly in subprocesses.
835 : */
836 1530 : optind = 1;
837 : #ifdef HAVE_INT_OPTRESET
838 : optreset = 1; /* some systems need this too */
839 : #endif
840 :
841 : /* For debugging: display postmaster environment */
842 : {
843 : extern char **environ;
844 : char **p;
845 :
846 1530 : ereport(DEBUG3,
847 : (errmsg_internal("%s: PostmasterMain: initial environment dump:",
848 : progname)));
849 1530 : ereport(DEBUG3,
850 : (errmsg_internal("-----------------------------------------")));
851 62362 : for (p = environ; *p; ++p)
852 60832 : ereport(DEBUG3,
853 : (errmsg_internal("\t%s", *p)));
854 1530 : ereport(DEBUG3,
855 : (errmsg_internal("-----------------------------------------")));
856 : }
857 :
858 : /*
859 : * Create lockfile for data directory.
860 : *
861 : * We want to do this before we try to grab the input sockets, because the
862 : * data directory interlock is more reliable than the socket-file
863 : * interlock (thanks to whoever decided to put socket files in /tmp :-().
864 : * For the same reason, it's best to grab the TCP socket(s) before the
865 : * Unix socket(s).
866 : *
867 : * Also note that this internally sets up the on_proc_exit function that
868 : * is responsible for removing both data directory and socket lockfiles;
869 : * so it must happen before opening sockets so that at exit, the socket
870 : * lockfiles go away after CloseServerPorts runs.
871 : */
872 1530 : CreateDataDirLockFile(true);
873 :
874 : /*
875 : * Read the control file (for error checking and config info).
876 : *
877 : * Since we verify the control file's CRC, this has a useful side effect
878 : * on machines where we need a run-time test for CRC support instructions.
879 : * The postmaster will do the test once at startup, and then its child
880 : * processes will inherit the correct function pointer and not need to
881 : * repeat the test.
882 : */
883 1528 : LocalProcessControlFile(false);
884 :
885 : /*
886 : * Register the apply launcher. It's probably a good idea to call this
887 : * before any modules had a chance to take the background worker slots.
888 : */
889 1528 : ApplyLauncherRegister();
890 :
891 : /*
892 : * process any libraries that should be preloaded at postmaster start
893 : */
894 1528 : process_shared_preload_libraries();
895 :
896 : /*
897 : * Initialize SSL library, if specified.
898 : */
899 : #ifdef USE_SSL
900 1528 : if (EnableSSL)
901 : {
902 62 : (void) secure_initialize(true);
903 52 : LoadedSSL = true;
904 : }
905 : #endif
906 :
907 : /*
908 : * Now that loadable modules have had their chance to alter any GUCs,
909 : * calculate MaxBackends and initialize the machinery to track child
910 : * processes.
911 : */
912 1518 : InitializeMaxBackends();
913 1518 : InitPostmasterChildSlots();
914 :
915 : /*
916 : * Calculate the size of the PGPROC fast-path lock arrays.
917 : */
918 1518 : InitializeFastPathLocks();
919 :
920 : /*
921 : * Give preloaded libraries a chance to request additional shared memory.
922 : */
923 1518 : process_shmem_requests();
924 :
925 : /*
926 : * Now that loadable modules have had their chance to request additional
927 : * shared memory, determine the value of any runtime-computed GUCs that
928 : * depend on the amount of shared memory required.
929 : */
930 1518 : InitializeShmemGUCs();
931 :
932 : /*
933 : * Now that modules have been loaded, we can process any custom resource
934 : * managers specified in the wal_consistency_checking GUC.
935 : */
936 1518 : InitializeWalConsistencyChecking();
937 :
938 : /*
939 : * If -C was specified with a runtime-computed GUC, we held off printing
940 : * the value earlier, as the GUC was not yet initialized. We handle -C
941 : * for most GUCs before we lock the data directory so that the option may
942 : * be used on a running server. However, a handful of GUCs are runtime-
943 : * computed and do not have meaningful values until after locking the data
944 : * directory, and we cannot safely calculate their values earlier on a
945 : * running server. At this point, such GUCs should be properly
946 : * initialized, and we haven't yet set up shared memory, so this is a good
947 : * time to handle the -C option for these special GUCs.
948 : */
949 1518 : if (output_config_variable != NULL)
950 : {
951 2 : const char *config_val = GetConfigOption(output_config_variable,
952 : false, false);
953 :
954 2 : puts(config_val ? config_val : "");
955 2 : ExitPostmaster(0);
956 : }
957 :
958 : /*
959 : * Set up shared memory and semaphores.
960 : *
961 : * Note: if using SysV shmem and/or semas, each postmaster startup will
962 : * normally choose the same IPC keys. This helps ensure that we will
963 : * clean up dead IPC objects if the postmaster crashes and is restarted.
964 : */
965 1516 : CreateSharedMemoryAndSemaphores();
966 :
967 : /*
968 : * Estimate number of openable files. This must happen after setting up
969 : * semaphores, because on some platforms semaphores count as open files.
970 : */
971 1514 : set_max_safe_fds();
972 :
973 : /*
974 : * Set reference point for stack-depth checking.
975 : */
976 1514 : (void) set_stack_base();
977 :
978 : /*
979 : * Initialize pipe (or process handle on Windows) that allows children to
980 : * wake up from sleep on postmaster death.
981 : */
982 1514 : InitPostmasterDeathWatchHandle();
983 :
984 : #ifdef WIN32
985 :
986 : /*
987 : * Initialize I/O completion port used to deliver list of dead children.
988 : */
989 : win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
990 : if (win32ChildQueue == NULL)
991 : ereport(FATAL,
992 : (errmsg("could not create I/O completion port for child queue")));
993 : #endif
994 :
995 : #ifdef EXEC_BACKEND
996 : /* Write out nondefault GUC settings for child processes to use */
997 : write_nondefault_variables(PGC_POSTMASTER);
998 :
999 : /*
1000 : * Clean out the temp directory used to transmit parameters to child
1001 : * processes (see internal_forkexec). We must do this before launching
1002 : * any child processes, else we have a race condition: we could remove a
1003 : * parameter file before the child can read it. It should be safe to do
1004 : * so now, because we verified earlier that there are no conflicting
1005 : * Postgres processes in this data directory.
1006 : */
1007 : RemovePgTempFilesInDir(PG_TEMP_FILES_DIR, true, false);
1008 : #endif
1009 :
1010 : /*
1011 : * Forcibly remove the files signaling a standby promotion request.
1012 : * Otherwise, the existence of those files triggers a promotion too early,
1013 : * whether a user wants that or not.
1014 : *
1015 : * This removal of files is usually unnecessary because they can exist
1016 : * only during a few moments during a standby promotion. However there is
1017 : * a race condition: if pg_ctl promote is executed and creates the files
1018 : * during a promotion, the files can stay around even after the server is
1019 : * brought up to be the primary. Then, if a new standby starts by using
1020 : * the backup taken from the new primary, the files can exist at server
1021 : * startup and must be removed in order to avoid an unexpected promotion.
1022 : *
1023 : * Note that promotion signal files need to be removed before the startup
1024 : * process is invoked. Because, after that, they can be used by
1025 : * postmaster's SIGUSR1 signal handler.
1026 : */
1027 1514 : RemovePromoteSignalFiles();
1028 :
1029 : /* Do the same for logrotate signal file */
1030 1514 : RemoveLogrotateSignalFiles();
1031 :
1032 : /* Remove any outdated file holding the current log filenames. */
1033 1514 : if (unlink(LOG_METAINFO_DATAFILE) < 0 && errno != ENOENT)
1034 0 : ereport(LOG,
1035 : (errcode_for_file_access(),
1036 : errmsg("could not remove file \"%s\": %m",
1037 : LOG_METAINFO_DATAFILE)));
1038 :
1039 : /*
1040 : * If enabled, start up syslogger collection subprocess
1041 : */
1042 1514 : if (Logging_collector)
1043 2 : StartSysLogger();
1044 :
1045 : /*
1046 : * Reset whereToSendOutput from DestDebug (its starting state) to
1047 : * DestNone. This stops ereport from sending log messages to stderr unless
1048 : * Log_destination permits. We don't do this until the postmaster is
1049 : * fully launched, since startup failures may as well be reported to
1050 : * stderr.
1051 : *
1052 : * If we are in fact disabling logging to stderr, first emit a log message
1053 : * saying so, to provide a breadcrumb trail for users who may not remember
1054 : * that their logging is configured to go somewhere else.
1055 : */
1056 1514 : if (!(Log_destination & LOG_DESTINATION_STDERR))
1057 0 : ereport(LOG,
1058 : (errmsg("ending log output to stderr"),
1059 : errhint("Future log output will go to log destination \"%s\".",
1060 : Log_destination_string)));
1061 :
1062 1514 : whereToSendOutput = DestNone;
1063 :
1064 : /*
1065 : * Report server startup in log. While we could emit this much earlier,
1066 : * it seems best to do so after starting the log collector, if we intend
1067 : * to use one.
1068 : */
1069 1514 : ereport(LOG,
1070 : (errmsg("starting %s", PG_VERSION_STR)));
1071 :
1072 : /*
1073 : * Establish input sockets.
1074 : *
1075 : * First set up an on_proc_exit function that's charged with closing the
1076 : * sockets again at postmaster shutdown.
1077 : */
1078 1514 : ListenSockets = palloc(MAXLISTEN * sizeof(pgsocket));
1079 1514 : on_proc_exit(CloseServerPorts, 0);
1080 :
1081 1514 : if (ListenAddresses)
1082 : {
1083 : char *rawstring;
1084 : List *elemlist;
1085 : ListCell *l;
1086 1514 : int success = 0;
1087 :
1088 : /* Need a modifiable copy of ListenAddresses */
1089 1514 : rawstring = pstrdup(ListenAddresses);
1090 :
1091 : /* Parse string into list of hostnames */
1092 1514 : if (!SplitGUCList(rawstring, ',', &elemlist))
1093 : {
1094 : /* syntax error in list */
1095 0 : ereport(FATAL,
1096 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1097 : errmsg("invalid list syntax in parameter \"%s\"",
1098 : "listen_addresses")));
1099 : }
1100 :
1101 1572 : foreach(l, elemlist)
1102 : {
1103 58 : char *curhost = (char *) lfirst(l);
1104 :
1105 58 : if (strcmp(curhost, "*") == 0)
1106 0 : status = ListenServerPort(AF_UNSPEC, NULL,
1107 0 : (unsigned short) PostPortNumber,
1108 : NULL,
1109 : ListenSockets,
1110 : &NumListenSockets,
1111 : MAXLISTEN);
1112 : else
1113 58 : status = ListenServerPort(AF_UNSPEC, curhost,
1114 58 : (unsigned short) PostPortNumber,
1115 : NULL,
1116 : ListenSockets,
1117 : &NumListenSockets,
1118 : MAXLISTEN);
1119 :
1120 58 : if (status == STATUS_OK)
1121 : {
1122 58 : success++;
1123 : /* record the first successful host addr in lockfile */
1124 58 : if (!listen_addr_saved)
1125 : {
1126 58 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, curhost);
1127 58 : listen_addr_saved = true;
1128 : }
1129 : }
1130 : else
1131 0 : ereport(WARNING,
1132 : (errmsg("could not create listen socket for \"%s\"",
1133 : curhost)));
1134 : }
1135 :
1136 1514 : if (!success && elemlist != NIL)
1137 0 : ereport(FATAL,
1138 : (errmsg("could not create any TCP/IP sockets")));
1139 :
1140 1514 : list_free(elemlist);
1141 1514 : pfree(rawstring);
1142 : }
1143 :
1144 : #ifdef USE_BONJOUR
1145 : /* Register for Bonjour only if we opened TCP socket(s) */
1146 : if (enable_bonjour && NumListenSockets > 0)
1147 : {
1148 : DNSServiceErrorType err;
1149 :
1150 : /*
1151 : * We pass 0 for interface_index, which will result in registering on
1152 : * all "applicable" interfaces. It's not entirely clear from the
1153 : * DNS-SD docs whether this would be appropriate if we have bound to
1154 : * just a subset of the available network interfaces.
1155 : */
1156 : err = DNSServiceRegister(&bonjour_sdref,
1157 : 0,
1158 : 0,
1159 : bonjour_name,
1160 : "_postgresql._tcp.",
1161 : NULL,
1162 : NULL,
1163 : pg_hton16(PostPortNumber),
1164 : 0,
1165 : NULL,
1166 : NULL,
1167 : NULL);
1168 : if (err != kDNSServiceErr_NoError)
1169 : ereport(LOG,
1170 : (errmsg("DNSServiceRegister() failed: error code %ld",
1171 : (long) err)));
1172 :
1173 : /*
1174 : * We don't bother to read the mDNS daemon's reply, and we expect that
1175 : * it will automatically terminate our registration when the socket is
1176 : * closed at postmaster termination. So there's nothing more to be
1177 : * done here. However, the bonjour_sdref is kept around so that
1178 : * forked children can close their copies of the socket.
1179 : */
1180 : }
1181 : #endif
1182 :
1183 1514 : if (Unix_socket_directories)
1184 : {
1185 : char *rawstring;
1186 : List *elemlist;
1187 : ListCell *l;
1188 1514 : int success = 0;
1189 :
1190 : /* Need a modifiable copy of Unix_socket_directories */
1191 1514 : rawstring = pstrdup(Unix_socket_directories);
1192 :
1193 : /* Parse string into list of directories */
1194 1514 : if (!SplitDirectoriesString(rawstring, ',', &elemlist))
1195 : {
1196 : /* syntax error in list */
1197 0 : ereport(FATAL,
1198 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1199 : errmsg("invalid list syntax in parameter \"%s\"",
1200 : "unix_socket_directories")));
1201 : }
1202 :
1203 3026 : foreach(l, elemlist)
1204 : {
1205 1512 : char *socketdir = (char *) lfirst(l);
1206 :
1207 1512 : status = ListenServerPort(AF_UNIX, NULL,
1208 1512 : (unsigned short) PostPortNumber,
1209 : socketdir,
1210 : ListenSockets,
1211 : &NumListenSockets,
1212 : MAXLISTEN);
1213 :
1214 1512 : if (status == STATUS_OK)
1215 : {
1216 1512 : success++;
1217 : /* record the first successful Unix socket in lockfile */
1218 1512 : if (success == 1)
1219 1512 : AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
1220 : }
1221 : else
1222 0 : ereport(WARNING,
1223 : (errmsg("could not create Unix-domain socket in directory \"%s\"",
1224 : socketdir)));
1225 : }
1226 :
1227 1514 : if (!success && elemlist != NIL)
1228 0 : ereport(FATAL,
1229 : (errmsg("could not create any Unix-domain sockets")));
1230 :
1231 1514 : list_free_deep(elemlist);
1232 1514 : pfree(rawstring);
1233 : }
1234 :
1235 : /*
1236 : * check that we have some socket to listen on
1237 : */
1238 1514 : if (NumListenSockets == 0)
1239 0 : ereport(FATAL,
1240 : (errmsg("no socket created for listening")));
1241 :
1242 : /*
1243 : * If no valid TCP ports, write an empty line for listen address,
1244 : * indicating the Unix socket must be used. Note that this line is not
1245 : * added to the lock file until there is a socket backing it.
1246 : */
1247 1514 : if (!listen_addr_saved)
1248 1456 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, "");
1249 :
1250 : /*
1251 : * Record postmaster options. We delay this till now to avoid recording
1252 : * bogus options (eg, unusable port number).
1253 : */
1254 1514 : if (!CreateOptsFile(argc, argv, my_exec_path))
1255 0 : ExitPostmaster(1);
1256 :
1257 : /*
1258 : * Write the external PID file if requested
1259 : */
1260 1514 : if (external_pid_file)
1261 : {
1262 0 : FILE *fpidfile = fopen(external_pid_file, "w");
1263 :
1264 0 : if (fpidfile)
1265 : {
1266 0 : fprintf(fpidfile, "%d\n", MyProcPid);
1267 0 : fclose(fpidfile);
1268 :
1269 : /* Make PID file world readable */
1270 0 : if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
1271 0 : write_stderr("%s: could not change permissions of external PID file \"%s\": %m\n",
1272 : progname, external_pid_file);
1273 : }
1274 : else
1275 0 : write_stderr("%s: could not write external PID file \"%s\": %m\n",
1276 : progname, external_pid_file);
1277 :
1278 0 : on_proc_exit(unlink_external_pid_file, 0);
1279 : }
1280 :
1281 : /*
1282 : * Remove old temporary files. At this point there can be no other
1283 : * Postgres processes running in this directory, so this should be safe.
1284 : */
1285 1514 : RemovePgTempFiles();
1286 :
1287 : /*
1288 : * Initialize the autovacuum subsystem (again, no process start yet)
1289 : */
1290 1514 : autovac_init();
1291 :
1292 : /*
1293 : * Load configuration files for client authentication.
1294 : */
1295 1514 : if (!load_hba())
1296 : {
1297 : /*
1298 : * It makes no sense to continue if we fail to load the HBA file,
1299 : * since there is no way to connect to the database in this case.
1300 : */
1301 0 : ereport(FATAL,
1302 : /* translator: %s is a configuration file */
1303 : (errmsg("could not load %s", HbaFileName)));
1304 : }
1305 1514 : if (!load_ident())
1306 : {
1307 : /*
1308 : * We can start up without the IDENT file, although it means that you
1309 : * cannot log in using any of the authentication methods that need a
1310 : * user name mapping. load_ident() already logged the details of error
1311 : * to the log.
1312 : */
1313 : }
1314 :
1315 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1316 :
1317 : /*
1318 : * On macOS, libintl replaces setlocale() with a version that calls
1319 : * CFLocaleCopyCurrent() when its second argument is "" and every relevant
1320 : * environment variable is unset or empty. CFLocaleCopyCurrent() makes
1321 : * the process multithreaded. The postmaster calls sigprocmask() and
1322 : * calls fork() without an immediate exec(), both of which have undefined
1323 : * behavior in a multithreaded program. A multithreaded postmaster is the
1324 : * normal case on Windows, which offers neither fork() nor sigprocmask().
1325 : */
1326 : if (pthread_is_threaded_np() != 0)
1327 : ereport(FATAL,
1328 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1329 : errmsg("postmaster became multithreaded during startup"),
1330 : errhint("Set the LC_ALL environment variable to a valid locale.")));
1331 : #endif
1332 :
1333 : /*
1334 : * Remember postmaster startup time
1335 : */
1336 1514 : PgStartTime = GetCurrentTimestamp();
1337 :
1338 : /*
1339 : * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
1340 : * see what's happening.
1341 : */
1342 1514 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STARTING);
1343 :
1344 : /* Start bgwriter and checkpointer so they can help with recovery */
1345 1514 : if (CheckpointerPMChild == NULL)
1346 1514 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
1347 1514 : if (BgWriterPMChild == NULL)
1348 1514 : BgWriterPMChild = StartChildProcess(B_BG_WRITER);
1349 :
1350 : /*
1351 : * We're ready to rock and roll...
1352 : */
1353 1514 : StartupPMChild = StartChildProcess(B_STARTUP);
1354 : Assert(StartupPMChild != NULL);
1355 1514 : StartupStatus = STARTUP_RUNNING;
1356 1514 : pmState = PM_STARTUP;
1357 :
1358 : /* Some workers may be scheduled to start now */
1359 1514 : maybe_start_bgworkers();
1360 :
1361 1514 : status = ServerLoop();
1362 :
1363 : /*
1364 : * ServerLoop probably shouldn't ever return, but if it does, close down.
1365 : */
1366 0 : ExitPostmaster(status != STATUS_OK);
1367 :
1368 : abort(); /* not reached */
1369 : }
1370 :
1371 :
1372 : /*
1373 : * on_proc_exit callback to close server's listen sockets
1374 : */
1375 : static void
1376 1508 : CloseServerPorts(int status, Datum arg)
1377 : {
1378 : int i;
1379 :
1380 : /*
1381 : * First, explicitly close all the socket FDs. We used to just let this
1382 : * happen implicitly at postmaster exit, but it's better to close them
1383 : * before we remove the postmaster.pid lockfile; otherwise there's a race
1384 : * condition if a new postmaster wants to re-use the TCP port number.
1385 : */
1386 3074 : for (i = 0; i < NumListenSockets; i++)
1387 : {
1388 1566 : if (closesocket(ListenSockets[i]) != 0)
1389 0 : elog(LOG, "could not close listen socket: %m");
1390 : }
1391 1508 : NumListenSockets = 0;
1392 :
1393 : /*
1394 : * Next, remove any filesystem entries for Unix sockets. To avoid race
1395 : * conditions against incoming postmasters, this must happen after closing
1396 : * the sockets and before removing lock files.
1397 : */
1398 1508 : RemoveSocketFiles();
1399 :
1400 : /*
1401 : * We don't do anything about socket lock files here; those will be
1402 : * removed in a later on_proc_exit callback.
1403 : */
1404 1508 : }
1405 :
1406 : /*
1407 : * on_proc_exit callback to delete external_pid_file
1408 : */
1409 : static void
1410 0 : unlink_external_pid_file(int status, Datum arg)
1411 : {
1412 0 : if (external_pid_file)
1413 0 : unlink(external_pid_file);
1414 0 : }
1415 :
1416 :
1417 : /*
1418 : * Compute and check the directory paths to files that are part of the
1419 : * installation (as deduced from the postgres executable's own location)
1420 : */
1421 : static void
1422 1534 : getInstallationPaths(const char *argv0)
1423 : {
1424 : DIR *pdir;
1425 :
1426 : /* Locate the postgres executable itself */
1427 1534 : if (find_my_exec(argv0, my_exec_path) < 0)
1428 0 : ereport(FATAL,
1429 : (errmsg("%s: could not locate my own executable path", argv0)));
1430 :
1431 : #ifdef EXEC_BACKEND
1432 : /* Locate executable backend before we change working directory */
1433 : if (find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1434 : postgres_exec_path) < 0)
1435 : ereport(FATAL,
1436 : (errmsg("%s: could not locate matching postgres executable",
1437 : argv0)));
1438 : #endif
1439 :
1440 : /*
1441 : * Locate the pkglib directory --- this has to be set early in case we try
1442 : * to load any modules from it in response to postgresql.conf entries.
1443 : */
1444 1534 : get_pkglib_path(my_exec_path, pkglib_path);
1445 :
1446 : /*
1447 : * Verify that there's a readable directory there; otherwise the Postgres
1448 : * installation is incomplete or corrupt. (A typical cause of this
1449 : * failure is that the postgres executable has been moved or hardlinked to
1450 : * some directory that's not a sibling of the installation lib/
1451 : * directory.)
1452 : */
1453 1534 : pdir = AllocateDir(pkglib_path);
1454 1534 : if (pdir == NULL)
1455 0 : ereport(ERROR,
1456 : (errcode_for_file_access(),
1457 : errmsg("could not open directory \"%s\": %m",
1458 : pkglib_path),
1459 : errhint("This may indicate an incomplete PostgreSQL installation, or that the file \"%s\" has been moved away from its proper location.",
1460 : my_exec_path)));
1461 1534 : FreeDir(pdir);
1462 :
1463 : /*
1464 : * It's not worth checking the share/ directory. If the lib/ directory is
1465 : * there, then share/ probably is too.
1466 : */
1467 1534 : }
1468 :
1469 : /*
1470 : * Check that pg_control exists in the correct location in the data directory.
1471 : *
1472 : * No attempt is made to validate the contents of pg_control here. This is
1473 : * just a sanity check to see if we are looking at a real data directory.
1474 : */
1475 : static void
1476 1530 : checkControlFile(void)
1477 : {
1478 : char path[MAXPGPATH];
1479 : FILE *fp;
1480 :
1481 1530 : snprintf(path, sizeof(path), "%s/global/pg_control", DataDir);
1482 :
1483 1530 : fp = AllocateFile(path, PG_BINARY_R);
1484 1530 : if (fp == NULL)
1485 : {
1486 0 : write_stderr("%s: could not find the database system\n"
1487 : "Expected to find it in the directory \"%s\",\n"
1488 : "but could not open file \"%s\": %m\n",
1489 : progname, DataDir, path);
1490 0 : ExitPostmaster(2);
1491 : }
1492 1530 : FreeFile(fp);
1493 1530 : }
1494 :
1495 : /*
1496 : * Determine how long should we let ServerLoop sleep, in milliseconds.
1497 : *
1498 : * In normal conditions we wait at most one minute, to ensure that the other
1499 : * background tasks handled by ServerLoop get done even when no requests are
1500 : * arriving. However, if there are background workers waiting to be started,
1501 : * we don't actually sleep so that they are quickly serviced. Other exception
1502 : * cases are as shown in the code.
1503 : */
1504 : static int
1505 368868 : DetermineSleepTime(void)
1506 : {
1507 368868 : TimestampTz next_wakeup = 0;
1508 :
1509 : /*
1510 : * Normal case: either there are no background workers at all, or we're in
1511 : * a shutdown sequence (during which we ignore bgworkers altogether).
1512 : */
1513 368868 : if (Shutdown > NoShutdown ||
1514 361912 : (!StartWorkerNeeded && !HaveCrashedWorker))
1515 : {
1516 368868 : if (AbortStartTime != 0)
1517 : {
1518 : int seconds;
1519 :
1520 : /* time left to abort; clamp to 0 in case it already expired */
1521 2208 : seconds = SIGKILL_CHILDREN_AFTER_SECS -
1522 2208 : (time(NULL) - AbortStartTime);
1523 :
1524 2208 : return Max(seconds * 1000, 0);
1525 : }
1526 : else
1527 366660 : return 60 * 1000;
1528 : }
1529 :
1530 0 : if (StartWorkerNeeded)
1531 0 : return 0;
1532 :
1533 0 : if (HaveCrashedWorker)
1534 : {
1535 : dlist_mutable_iter iter;
1536 :
1537 : /*
1538 : * When there are crashed bgworkers, we sleep just long enough that
1539 : * they are restarted when they request to be. Scan the list to
1540 : * determine the minimum of all wakeup times according to most recent
1541 : * crash time and requested restart interval.
1542 : */
1543 0 : dlist_foreach_modify(iter, &BackgroundWorkerList)
1544 : {
1545 : RegisteredBgWorker *rw;
1546 : TimestampTz this_wakeup;
1547 :
1548 0 : rw = dlist_container(RegisteredBgWorker, rw_lnode, iter.cur);
1549 :
1550 0 : if (rw->rw_crashed_at == 0)
1551 0 : continue;
1552 :
1553 0 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART
1554 0 : || rw->rw_terminate)
1555 : {
1556 0 : ForgetBackgroundWorker(rw);
1557 0 : continue;
1558 : }
1559 :
1560 0 : this_wakeup = TimestampTzPlusMilliseconds(rw->rw_crashed_at,
1561 : 1000L * rw->rw_worker.bgw_restart_time);
1562 0 : if (next_wakeup == 0 || this_wakeup < next_wakeup)
1563 0 : next_wakeup = this_wakeup;
1564 : }
1565 : }
1566 :
1567 0 : if (next_wakeup != 0)
1568 : {
1569 : int ms;
1570 :
1571 : /* result of TimestampDifferenceMilliseconds is in [0, INT_MAX] */
1572 0 : ms = (int) TimestampDifferenceMilliseconds(GetCurrentTimestamp(),
1573 : next_wakeup);
1574 0 : return Min(60 * 1000, ms);
1575 : }
1576 :
1577 0 : return 60 * 1000;
1578 : }
1579 :
1580 : /*
1581 : * Activate or deactivate notifications of server socket events. Since we
1582 : * don't currently have a way to remove events from an existing WaitEventSet,
1583 : * we'll just destroy and recreate the whole thing. This is called during
1584 : * shutdown so we can wait for backends to exit without accepting new
1585 : * connections, and during crash reinitialization when we need to start
1586 : * listening for new connections again. The WaitEventSet will be freed in fork
1587 : * children by ClosePostmasterPorts().
1588 : */
1589 : static void
1590 3042 : ConfigurePostmasterWaitSet(bool accept_connections)
1591 : {
1592 3042 : if (pm_wait_set)
1593 1528 : FreeWaitEventSet(pm_wait_set);
1594 3042 : pm_wait_set = NULL;
1595 :
1596 4566 : pm_wait_set = CreateWaitEventSet(NULL,
1597 1524 : accept_connections ? (1 + NumListenSockets) : 1);
1598 3042 : AddWaitEventToSet(pm_wait_set, WL_LATCH_SET, PGINVALID_SOCKET, MyLatch,
1599 : NULL);
1600 :
1601 3042 : if (accept_connections)
1602 : {
1603 3106 : for (int i = 0; i < NumListenSockets; i++)
1604 1582 : AddWaitEventToSet(pm_wait_set, WL_SOCKET_ACCEPT, ListenSockets[i],
1605 : NULL, NULL);
1606 : }
1607 3042 : }
1608 :
1609 : /*
1610 : * Main idle loop of postmaster
1611 : */
1612 : static int
1613 1514 : ServerLoop(void)
1614 : {
1615 : time_t last_lockfile_recheck_time,
1616 : last_touch_time;
1617 : WaitEvent events[MAXLISTEN];
1618 : int nevents;
1619 :
1620 1514 : ConfigurePostmasterWaitSet(true);
1621 1514 : last_lockfile_recheck_time = last_touch_time = time(NULL);
1622 :
1623 : for (;;)
1624 367354 : {
1625 : time_t now;
1626 :
1627 368868 : nevents = WaitEventSetWait(pm_wait_set,
1628 368868 : DetermineSleepTime(),
1629 : events,
1630 : lengthof(events),
1631 : 0 /* postmaster posts no wait_events */ );
1632 :
1633 : /*
1634 : * Latch set by signal handler, or new connection pending on any of
1635 : * our sockets? If the latter, fork a child process to deal with it.
1636 : */
1637 736224 : for (int i = 0; i < nevents; i++)
1638 : {
1639 368866 : if (events[i].events & WL_LATCH_SET)
1640 343202 : ResetLatch(MyLatch);
1641 :
1642 : /*
1643 : * The following requests are handled unconditionally, even if we
1644 : * didn't see WL_LATCH_SET. This gives high priority to shutdown
1645 : * and reload requests where the latch happens to appear later in
1646 : * events[] or will be reported by a later call to
1647 : * WaitEventSetWait().
1648 : */
1649 368866 : if (pending_pm_shutdown_request)
1650 1502 : process_pm_shutdown_request();
1651 368866 : if (pending_pm_reload_request)
1652 248 : process_pm_reload_request();
1653 368866 : if (pending_pm_child_exit)
1654 36782 : process_pm_child_exit();
1655 367358 : if (pending_pm_pmsignal)
1656 304928 : process_pm_pmsignal();
1657 :
1658 367358 : if (events[i].events & WL_SOCKET_ACCEPT)
1659 : {
1660 : ClientSocket s;
1661 :
1662 25664 : if (AcceptConnection(events[i].fd, &s) == STATUS_OK)
1663 25664 : BackendStartup(&s);
1664 :
1665 : /* We no longer need the open socket in this process */
1666 25662 : if (s.sock != PGINVALID_SOCKET)
1667 : {
1668 25662 : if (closesocket(s.sock) != 0)
1669 0 : elog(LOG, "could not close client socket: %m");
1670 : }
1671 : }
1672 : }
1673 :
1674 : /*
1675 : * If we need to launch any background processes after changing state
1676 : * or because some exited, do so now.
1677 : */
1678 367358 : LaunchMissingBackgroundProcesses();
1679 :
1680 : /* If we need to signal the autovacuum launcher, do so now */
1681 367354 : if (avlauncher_needs_signal)
1682 : {
1683 536 : avlauncher_needs_signal = false;
1684 536 : if (AutoVacLauncherPMChild != NULL)
1685 536 : kill(AutoVacLauncherPMChild->pid, SIGUSR2);
1686 : }
1687 :
1688 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1689 :
1690 : /*
1691 : * With assertions enabled, check regularly for appearance of
1692 : * additional threads. All builds check at start and exit.
1693 : */
1694 : Assert(pthread_is_threaded_np() == 0);
1695 : #endif
1696 :
1697 : /*
1698 : * Lastly, check to see if it's time to do some things that we don't
1699 : * want to do every single time through the loop, because they're a
1700 : * bit expensive. Note that there's up to a minute of slop in when
1701 : * these tasks will be performed, since DetermineSleepTime() will let
1702 : * us sleep at most that long; except for SIGKILL timeout which has
1703 : * special-case logic there.
1704 : */
1705 367354 : now = time(NULL);
1706 :
1707 : /*
1708 : * If we already sent SIGQUIT to children and they are slow to shut
1709 : * down, it's time to send them SIGKILL (or SIGABRT if requested).
1710 : * This doesn't happen normally, but under certain conditions backends
1711 : * can get stuck while shutting down. This is a last measure to get
1712 : * them unwedged.
1713 : *
1714 : * Note we also do this during recovery from a process crash.
1715 : */
1716 367354 : if ((Shutdown >= ImmediateShutdown || FatalError) &&
1717 2218 : AbortStartTime != 0 &&
1718 2208 : (now - AbortStartTime) >= SIGKILL_CHILDREN_AFTER_SECS)
1719 : {
1720 : /* We were gentle with them before. Not anymore */
1721 0 : ereport(LOG,
1722 : /* translator: %s is SIGKILL or SIGABRT */
1723 : (errmsg("issuing %s to recalcitrant children",
1724 : send_abort_for_kill ? "SIGABRT" : "SIGKILL")));
1725 0 : TerminateChildren(send_abort_for_kill ? SIGABRT : SIGKILL);
1726 : /* reset flag so we don't SIGKILL again */
1727 0 : AbortStartTime = 0;
1728 : }
1729 :
1730 : /*
1731 : * Once a minute, verify that postmaster.pid hasn't been removed or
1732 : * overwritten. If it has, we force a shutdown. This avoids having
1733 : * postmasters and child processes hanging around after their database
1734 : * is gone, and maybe causing problems if a new database cluster is
1735 : * created in the same place. It also provides some protection
1736 : * against a DBA foolishly removing postmaster.pid and manually
1737 : * starting a new postmaster. Data corruption is likely to ensue from
1738 : * that anyway, but we can minimize the damage by aborting ASAP.
1739 : */
1740 367354 : if (now - last_lockfile_recheck_time >= 1 * SECS_PER_MINUTE)
1741 : {
1742 40 : if (!RecheckDataDirLockFile())
1743 : {
1744 0 : ereport(LOG,
1745 : (errmsg("performing immediate shutdown because data directory lock file is invalid")));
1746 0 : kill(MyProcPid, SIGQUIT);
1747 : }
1748 40 : last_lockfile_recheck_time = now;
1749 : }
1750 :
1751 : /*
1752 : * Touch Unix socket and lock files every 58 minutes, to ensure that
1753 : * they are not removed by overzealous /tmp-cleaning tasks. We assume
1754 : * no one runs cleaners with cutoff times of less than an hour ...
1755 : */
1756 367354 : if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
1757 : {
1758 0 : TouchSocketFiles();
1759 0 : TouchSocketLockFiles();
1760 0 : last_touch_time = now;
1761 : }
1762 : }
1763 : }
1764 :
1765 : /*
1766 : * canAcceptConnections --- check to see if database state allows connections
1767 : * of the specified type. backend_type can be B_BACKEND or B_AUTOVAC_WORKER.
1768 : * (Note that we don't yet know whether a normal B_BACKEND connection might
1769 : * turn into a walsender.)
1770 : */
1771 : static CAC_state
1772 27256 : canAcceptConnections(BackendType backend_type)
1773 : {
1774 27256 : CAC_state result = CAC_OK;
1775 :
1776 : Assert(backend_type == B_BACKEND || backend_type == B_AUTOVAC_WORKER);
1777 :
1778 : /*
1779 : * Can't start backends when in startup/shutdown/inconsistent recovery
1780 : * state. We treat autovac workers the same as user backends for this
1781 : * purpose.
1782 : */
1783 27256 : if (pmState != PM_RUN && pmState != PM_HOT_STANDBY)
1784 : {
1785 220 : if (Shutdown > NoShutdown)
1786 10 : return CAC_SHUTDOWN; /* shutdown is pending */
1787 210 : else if (!FatalError && pmState == PM_STARTUP)
1788 200 : return CAC_STARTUP; /* normal startup */
1789 10 : else if (!FatalError && pmState == PM_RECOVERY)
1790 10 : return CAC_NOTCONSISTENT; /* not yet at consistent recovery
1791 : * state */
1792 : else
1793 0 : return CAC_RECOVERY; /* else must be crash recovery */
1794 : }
1795 :
1796 : /*
1797 : * "Smart shutdown" restrictions are applied only to normal connections,
1798 : * not to autovac workers.
1799 : */
1800 27036 : if (!connsAllowed && backend_type == B_BACKEND)
1801 0 : return CAC_SHUTDOWN; /* shutdown is pending */
1802 :
1803 27036 : return result;
1804 : }
1805 :
1806 : /*
1807 : * ClosePostmasterPorts -- close all the postmaster's open sockets
1808 : *
1809 : * This is called during child process startup to release file descriptors
1810 : * that are not needed by that child process. The postmaster still has
1811 : * them open, of course.
1812 : *
1813 : * Note: we pass am_syslogger as a boolean because we don't want to set
1814 : * the global variable yet when this is called.
1815 : */
1816 : void
1817 35672 : ClosePostmasterPorts(bool am_syslogger)
1818 : {
1819 : /* Release resources held by the postmaster's WaitEventSet. */
1820 35672 : if (pm_wait_set)
1821 : {
1822 32464 : FreeWaitEventSetAfterFork(pm_wait_set);
1823 32464 : pm_wait_set = NULL;
1824 : }
1825 :
1826 : #ifndef WIN32
1827 :
1828 : /*
1829 : * Close the write end of postmaster death watch pipe. It's important to
1830 : * do this as early as possible, so that if postmaster dies, others won't
1831 : * think that it's still running because we're holding the pipe open.
1832 : */
1833 35672 : if (close(postmaster_alive_fds[POSTMASTER_FD_OWN]) != 0)
1834 0 : ereport(FATAL,
1835 : (errcode_for_file_access(),
1836 : errmsg_internal("could not close postmaster death monitoring pipe in child process: %m")));
1837 35672 : postmaster_alive_fds[POSTMASTER_FD_OWN] = -1;
1838 : /* Notify fd.c that we released one pipe FD. */
1839 35672 : ReleaseExternalFD();
1840 : #endif
1841 :
1842 : /*
1843 : * Close the postmaster's listen sockets. These aren't tracked by fd.c,
1844 : * so we don't call ReleaseExternalFD() here.
1845 : *
1846 : * The listen sockets are marked as FD_CLOEXEC, so this isn't needed in
1847 : * EXEC_BACKEND mode.
1848 : */
1849 : #ifndef EXEC_BACKEND
1850 35672 : if (ListenSockets)
1851 : {
1852 72252 : for (int i = 0; i < NumListenSockets; i++)
1853 : {
1854 36582 : if (closesocket(ListenSockets[i]) != 0)
1855 0 : elog(LOG, "could not close listen socket: %m");
1856 : }
1857 35670 : pfree(ListenSockets);
1858 : }
1859 35672 : NumListenSockets = 0;
1860 35672 : ListenSockets = NULL;
1861 : #endif
1862 :
1863 : /*
1864 : * If using syslogger, close the read side of the pipe. We don't bother
1865 : * tracking this in fd.c, either.
1866 : */
1867 35672 : if (!am_syslogger)
1868 : {
1869 : #ifndef WIN32
1870 35670 : if (syslogPipe[0] >= 0)
1871 28 : close(syslogPipe[0]);
1872 35670 : syslogPipe[0] = -1;
1873 : #else
1874 : if (syslogPipe[0])
1875 : CloseHandle(syslogPipe[0]);
1876 : syslogPipe[0] = 0;
1877 : #endif
1878 : }
1879 :
1880 : #ifdef USE_BONJOUR
1881 : /* If using Bonjour, close the connection to the mDNS daemon */
1882 : if (bonjour_sdref)
1883 : close(DNSServiceRefSockFD(bonjour_sdref));
1884 : #endif
1885 35672 : }
1886 :
1887 :
1888 : /*
1889 : * InitProcessGlobals -- set MyProcPid, MyStartTime[stamp], random seeds
1890 : *
1891 : * Called early in the postmaster and every backend.
1892 : */
1893 : void
1894 37638 : InitProcessGlobals(void)
1895 : {
1896 37638 : MyProcPid = getpid();
1897 37638 : MyStartTimestamp = GetCurrentTimestamp();
1898 37638 : MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
1899 :
1900 : /*
1901 : * Set a different global seed in every process. We want something
1902 : * unpredictable, so if possible, use high-quality random bits for the
1903 : * seed. Otherwise, fall back to a seed based on timestamp and PID.
1904 : */
1905 37638 : if (unlikely(!pg_prng_strong_seed(&pg_global_prng_state)))
1906 : {
1907 : uint64 rseed;
1908 :
1909 : /*
1910 : * Since PIDs and timestamps tend to change more frequently in their
1911 : * least significant bits, shift the timestamp left to allow a larger
1912 : * total number of seeds in a given time period. Since that would
1913 : * leave only 20 bits of the timestamp that cycle every ~1 second,
1914 : * also mix in some higher bits.
1915 : */
1916 0 : rseed = ((uint64) MyProcPid) ^
1917 0 : ((uint64) MyStartTimestamp << 12) ^
1918 0 : ((uint64) MyStartTimestamp >> 20);
1919 :
1920 0 : pg_prng_seed(&pg_global_prng_state, rseed);
1921 : }
1922 :
1923 : /*
1924 : * Also make sure that we've set a good seed for random(3). Use of that
1925 : * is deprecated in core Postgres, but extensions might use it.
1926 : */
1927 : #ifndef WIN32
1928 37638 : srandom(pg_prng_uint32(&pg_global_prng_state));
1929 : #endif
1930 37638 : }
1931 :
1932 : /*
1933 : * Child processes use SIGUSR1 to notify us of 'pmsignals'. pg_ctl uses
1934 : * SIGUSR1 to ask postmaster to check for logrotate and promote files.
1935 : */
1936 : static void
1937 305232 : handle_pm_pmsignal_signal(SIGNAL_ARGS)
1938 : {
1939 305232 : pending_pm_pmsignal = true;
1940 305232 : SetLatch(MyLatch);
1941 305232 : }
1942 :
1943 : /*
1944 : * pg_ctl uses SIGHUP to request a reload of the configuration files.
1945 : */
1946 : static void
1947 248 : handle_pm_reload_request_signal(SIGNAL_ARGS)
1948 : {
1949 248 : pending_pm_reload_request = true;
1950 248 : SetLatch(MyLatch);
1951 248 : }
1952 :
1953 : /*
1954 : * Re-read config files, and tell children to do same.
1955 : */
1956 : static void
1957 248 : process_pm_reload_request(void)
1958 : {
1959 248 : pending_pm_reload_request = false;
1960 :
1961 248 : ereport(DEBUG2,
1962 : (errmsg_internal("postmaster received reload request signal")));
1963 :
1964 248 : if (Shutdown <= SmartShutdown)
1965 : {
1966 248 : ereport(LOG,
1967 : (errmsg("received SIGHUP, reloading configuration files")));
1968 248 : ProcessConfigFile(PGC_SIGHUP);
1969 248 : SignalChildren(SIGHUP, btmask_all_except(B_DEAD_END_BACKEND));
1970 :
1971 : /* Reload authentication config files too */
1972 248 : if (!load_hba())
1973 0 : ereport(LOG,
1974 : /* translator: %s is a configuration file */
1975 : (errmsg("%s was not reloaded", HbaFileName)));
1976 :
1977 248 : if (!load_ident())
1978 0 : ereport(LOG,
1979 : (errmsg("%s was not reloaded", IdentFileName)));
1980 :
1981 : #ifdef USE_SSL
1982 : /* Reload SSL configuration as well */
1983 248 : if (EnableSSL)
1984 : {
1985 2 : if (secure_initialize(false) == 0)
1986 2 : LoadedSSL = true;
1987 : else
1988 0 : ereport(LOG,
1989 : (errmsg("SSL configuration was not reloaded")));
1990 : }
1991 : else
1992 : {
1993 246 : secure_destroy();
1994 246 : LoadedSSL = false;
1995 : }
1996 : #endif
1997 :
1998 : #ifdef EXEC_BACKEND
1999 : /* Update the starting-point file for future children */
2000 : write_nondefault_variables(PGC_SIGHUP);
2001 : #endif
2002 : }
2003 248 : }
2004 :
2005 : /*
2006 : * pg_ctl uses SIGTERM, SIGINT and SIGQUIT to request different types of
2007 : * shutdown.
2008 : */
2009 : static void
2010 1502 : handle_pm_shutdown_request_signal(SIGNAL_ARGS)
2011 : {
2012 1502 : switch (postgres_signal_arg)
2013 : {
2014 34 : case SIGTERM:
2015 : /* smart is implied if the other two flags aren't set */
2016 34 : pending_pm_shutdown_request = true;
2017 34 : break;
2018 854 : case SIGINT:
2019 854 : pending_pm_fast_shutdown_request = true;
2020 854 : pending_pm_shutdown_request = true;
2021 854 : break;
2022 614 : case SIGQUIT:
2023 614 : pending_pm_immediate_shutdown_request = true;
2024 614 : pending_pm_shutdown_request = true;
2025 614 : break;
2026 : }
2027 1502 : SetLatch(MyLatch);
2028 1502 : }
2029 :
2030 : /*
2031 : * Process shutdown request.
2032 : */
2033 : static void
2034 1502 : process_pm_shutdown_request(void)
2035 : {
2036 : int mode;
2037 :
2038 1502 : ereport(DEBUG2,
2039 : (errmsg_internal("postmaster received shutdown request signal")));
2040 :
2041 1502 : pending_pm_shutdown_request = false;
2042 :
2043 : /*
2044 : * If more than one shutdown request signal arrived since the last server
2045 : * loop, take the one that is the most immediate. That matches the
2046 : * priority that would apply if we processed them one by one in any order.
2047 : */
2048 1502 : if (pending_pm_immediate_shutdown_request)
2049 : {
2050 614 : pending_pm_immediate_shutdown_request = false;
2051 614 : pending_pm_fast_shutdown_request = false;
2052 614 : mode = ImmediateShutdown;
2053 : }
2054 888 : else if (pending_pm_fast_shutdown_request)
2055 : {
2056 854 : pending_pm_fast_shutdown_request = false;
2057 854 : mode = FastShutdown;
2058 : }
2059 : else
2060 34 : mode = SmartShutdown;
2061 :
2062 1502 : switch (mode)
2063 : {
2064 34 : case SmartShutdown:
2065 :
2066 : /*
2067 : * Smart Shutdown:
2068 : *
2069 : * Wait for children to end their work, then shut down.
2070 : */
2071 34 : if (Shutdown >= SmartShutdown)
2072 0 : break;
2073 34 : Shutdown = SmartShutdown;
2074 34 : ereport(LOG,
2075 : (errmsg("received smart shutdown request")));
2076 :
2077 : /* Report status */
2078 34 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2079 : #ifdef USE_SYSTEMD
2080 : sd_notify(0, "STOPPING=1");
2081 : #endif
2082 :
2083 : /*
2084 : * If we reached normal running, we go straight to waiting for
2085 : * client backends to exit. If already in PM_STOP_BACKENDS or a
2086 : * later state, do not change it.
2087 : */
2088 34 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2089 34 : connsAllowed = false;
2090 0 : else if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2091 : {
2092 : /* There should be no clients, so proceed to stop children */
2093 0 : pmState = PM_STOP_BACKENDS;
2094 : }
2095 :
2096 : /*
2097 : * Now wait for online backup mode to end and backends to exit. If
2098 : * that is already the case, PostmasterStateMachine will take the
2099 : * next step.
2100 : */
2101 34 : PostmasterStateMachine();
2102 34 : break;
2103 :
2104 854 : case FastShutdown:
2105 :
2106 : /*
2107 : * Fast Shutdown:
2108 : *
2109 : * Abort all children with SIGTERM (rollback active transactions
2110 : * and exit) and shut down when they are gone.
2111 : */
2112 854 : if (Shutdown >= FastShutdown)
2113 0 : break;
2114 854 : Shutdown = FastShutdown;
2115 854 : ereport(LOG,
2116 : (errmsg("received fast shutdown request")));
2117 :
2118 : /* Report status */
2119 854 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2120 : #ifdef USE_SYSTEMD
2121 : sd_notify(0, "STOPPING=1");
2122 : #endif
2123 :
2124 854 : if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2125 : {
2126 : /* Just shut down background processes silently */
2127 0 : pmState = PM_STOP_BACKENDS;
2128 : }
2129 854 : else if (pmState == PM_RUN ||
2130 100 : pmState == PM_HOT_STANDBY)
2131 : {
2132 : /* Report that we're about to zap live client sessions */
2133 854 : ereport(LOG,
2134 : (errmsg("aborting any active transactions")));
2135 854 : pmState = PM_STOP_BACKENDS;
2136 : }
2137 :
2138 : /*
2139 : * PostmasterStateMachine will issue any necessary signals, or
2140 : * take the next step if no child processes need to be killed.
2141 : */
2142 854 : PostmasterStateMachine();
2143 854 : break;
2144 :
2145 614 : case ImmediateShutdown:
2146 :
2147 : /*
2148 : * Immediate Shutdown:
2149 : *
2150 : * abort all children with SIGQUIT, wait for them to exit,
2151 : * terminate remaining ones with SIGKILL, then exit without
2152 : * attempt to properly shut down the data base system.
2153 : */
2154 614 : if (Shutdown >= ImmediateShutdown)
2155 0 : break;
2156 614 : Shutdown = ImmediateShutdown;
2157 614 : ereport(LOG,
2158 : (errmsg("received immediate shutdown request")));
2159 :
2160 : /* Report status */
2161 614 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2162 : #ifdef USE_SYSTEMD
2163 : sd_notify(0, "STOPPING=1");
2164 : #endif
2165 :
2166 : /* tell children to shut down ASAP */
2167 : /* (note we don't apply send_abort_for_crash here) */
2168 614 : SetQuitSignalReason(PMQUIT_FOR_STOP);
2169 614 : TerminateChildren(SIGQUIT);
2170 614 : pmState = PM_WAIT_BACKENDS;
2171 :
2172 : /* set stopwatch for them to die */
2173 614 : AbortStartTime = time(NULL);
2174 :
2175 : /*
2176 : * Now wait for backends to exit. If there are none,
2177 : * PostmasterStateMachine will take the next step.
2178 : */
2179 614 : PostmasterStateMachine();
2180 614 : break;
2181 : }
2182 1502 : }
2183 :
2184 : static void
2185 37066 : handle_pm_child_exit_signal(SIGNAL_ARGS)
2186 : {
2187 37066 : pending_pm_child_exit = true;
2188 37066 : SetLatch(MyLatch);
2189 37066 : }
2190 :
2191 : /*
2192 : * Cleanup after a child process dies.
2193 : */
2194 : static void
2195 36782 : process_pm_child_exit(void)
2196 : {
2197 : int pid; /* process id of dead child process */
2198 : int exitstatus; /* its exit status */
2199 :
2200 36782 : pending_pm_child_exit = false;
2201 :
2202 36782 : ereport(DEBUG4,
2203 : (errmsg_internal("reaping dead processes")));
2204 :
2205 75914 : while ((pid = waitpid(-1, &exitstatus, WNOHANG)) > 0)
2206 : {
2207 : PMChild *pmchild;
2208 :
2209 : /*
2210 : * Check if this child was a startup process.
2211 : */
2212 39132 : if (StartupPMChild && pid == StartupPMChild->pid)
2213 : {
2214 1524 : ReleasePostmasterChildSlot(StartupPMChild);
2215 1524 : StartupPMChild = NULL;
2216 :
2217 : /*
2218 : * Startup process exited in response to a shutdown request (or it
2219 : * completed normally regardless of the shutdown request).
2220 : */
2221 1524 : if (Shutdown > NoShutdown &&
2222 188 : (EXIT_STATUS_0(exitstatus) || EXIT_STATUS_1(exitstatus)))
2223 : {
2224 100 : StartupStatus = STARTUP_NOT_RUNNING;
2225 100 : pmState = PM_WAIT_BACKENDS;
2226 : /* PostmasterStateMachine logic does the rest */
2227 100 : continue;
2228 : }
2229 :
2230 1424 : if (EXIT_STATUS_3(exitstatus))
2231 : {
2232 0 : ereport(LOG,
2233 : (errmsg("shutdown at recovery target")));
2234 0 : StartupStatus = STARTUP_NOT_RUNNING;
2235 0 : Shutdown = Max(Shutdown, SmartShutdown);
2236 0 : TerminateChildren(SIGTERM);
2237 0 : pmState = PM_WAIT_BACKENDS;
2238 : /* PostmasterStateMachine logic does the rest */
2239 0 : continue;
2240 : }
2241 :
2242 : /*
2243 : * Unexpected exit of startup process (including FATAL exit)
2244 : * during PM_STARTUP is treated as catastrophic. There are no
2245 : * other processes running yet, so we can just exit.
2246 : */
2247 1424 : if (pmState == PM_STARTUP &&
2248 1044 : StartupStatus != STARTUP_SIGNALED &&
2249 1044 : !EXIT_STATUS_0(exitstatus))
2250 : {
2251 0 : LogChildExit(LOG, _("startup process"),
2252 : pid, exitstatus);
2253 0 : ereport(LOG,
2254 : (errmsg("aborting startup due to startup process failure")));
2255 0 : ExitPostmaster(1);
2256 : }
2257 :
2258 : /*
2259 : * After PM_STARTUP, any unexpected exit (including FATAL exit) of
2260 : * the startup process is catastrophic, so kill other children,
2261 : * and set StartupStatus so we don't try to reinitialize after
2262 : * they're gone. Exception: if StartupStatus is STARTUP_SIGNALED,
2263 : * then we previously sent the startup process a SIGQUIT; so
2264 : * that's probably the reason it died, and we do want to try to
2265 : * restart in that case.
2266 : *
2267 : * This stanza also handles the case where we sent a SIGQUIT
2268 : * during PM_STARTUP due to some dead-end child crashing: in that
2269 : * situation, if the startup process dies on the SIGQUIT, we need
2270 : * to transition to PM_WAIT_BACKENDS state which will allow
2271 : * PostmasterStateMachine to restart the startup process. (On the
2272 : * other hand, the startup process might complete normally, if we
2273 : * were too late with the SIGQUIT. In that case we'll fall
2274 : * through and commence normal operations.)
2275 : */
2276 1424 : if (!EXIT_STATUS_0(exitstatus))
2277 : {
2278 94 : if (StartupStatus == STARTUP_SIGNALED)
2279 : {
2280 88 : StartupStatus = STARTUP_NOT_RUNNING;
2281 88 : if (pmState == PM_STARTUP)
2282 0 : pmState = PM_WAIT_BACKENDS;
2283 : }
2284 : else
2285 6 : StartupStatus = STARTUP_CRASHED;
2286 94 : HandleChildCrash(pid, exitstatus,
2287 94 : _("startup process"));
2288 94 : continue;
2289 : }
2290 :
2291 : /*
2292 : * Startup succeeded, commence normal operations
2293 : */
2294 1330 : StartupStatus = STARTUP_NOT_RUNNING;
2295 1330 : FatalError = false;
2296 1330 : AbortStartTime = 0;
2297 1330 : ReachedNormalRunning = true;
2298 1330 : pmState = PM_RUN;
2299 1330 : connsAllowed = true;
2300 :
2301 : /*
2302 : * At the next iteration of the postmaster's main loop, we will
2303 : * crank up the background tasks like the autovacuum launcher and
2304 : * background workers that were not started earlier already.
2305 : */
2306 1330 : StartWorkerNeeded = true;
2307 :
2308 : /* at this point we are really open for business */
2309 1330 : ereport(LOG,
2310 : (errmsg("database system is ready to accept connections")));
2311 :
2312 : /* Report status */
2313 1330 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
2314 : #ifdef USE_SYSTEMD
2315 : sd_notify(0, "READY=1");
2316 : #endif
2317 :
2318 1330 : continue;
2319 : }
2320 :
2321 : /*
2322 : * Was it the bgwriter? Normal exit can be ignored; we'll start a new
2323 : * one at the next iteration of the postmaster's main loop, if
2324 : * necessary. Any other exit condition is treated as a crash.
2325 : */
2326 37608 : if (BgWriterPMChild && pid == BgWriterPMChild->pid)
2327 : {
2328 1518 : ReleasePostmasterChildSlot(BgWriterPMChild);
2329 1518 : BgWriterPMChild = NULL;
2330 1518 : if (!EXIT_STATUS_0(exitstatus))
2331 630 : HandleChildCrash(pid, exitstatus,
2332 630 : _("background writer process"));
2333 1518 : continue;
2334 : }
2335 :
2336 : /*
2337 : * Was it the checkpointer?
2338 : */
2339 36090 : if (CheckpointerPMChild && pid == CheckpointerPMChild->pid)
2340 : {
2341 1518 : ReleasePostmasterChildSlot(CheckpointerPMChild);
2342 1518 : CheckpointerPMChild = NULL;
2343 1518 : if (EXIT_STATUS_0(exitstatus) && pmState == PM_SHUTDOWN)
2344 : {
2345 : /*
2346 : * OK, we saw normal exit of the checkpointer after it's been
2347 : * told to shut down. We expect that it wrote a shutdown
2348 : * checkpoint. (If for some reason it didn't, recovery will
2349 : * occur on next postmaster start.)
2350 : *
2351 : * At this point we should have no normal backend children
2352 : * left (else we'd not be in PM_SHUTDOWN state) but we might
2353 : * have dead-end children to wait for.
2354 : *
2355 : * If we have an archiver subprocess, tell it to do a last
2356 : * archive cycle and quit. Likewise, if we have walsender
2357 : * processes, tell them to send any remaining WAL and quit.
2358 : */
2359 : Assert(Shutdown > NoShutdown);
2360 :
2361 : /* Waken archiver for the last time */
2362 888 : if (PgArchPMChild != NULL)
2363 28 : signal_child(PgArchPMChild, SIGUSR2);
2364 :
2365 : /*
2366 : * Waken walsenders for the last time. No regular backends
2367 : * should be around anymore.
2368 : */
2369 888 : SignalChildren(SIGUSR2, btmask(B_WAL_SENDER));
2370 :
2371 888 : pmState = PM_SHUTDOWN_2;
2372 : }
2373 : else
2374 : {
2375 : /*
2376 : * Any unexpected exit of the checkpointer (including FATAL
2377 : * exit) is treated as a crash.
2378 : */
2379 630 : HandleChildCrash(pid, exitstatus,
2380 630 : _("checkpointer process"));
2381 : }
2382 :
2383 1518 : continue;
2384 : }
2385 :
2386 : /*
2387 : * Was it the wal writer? Normal exit can be ignored; we'll start a
2388 : * new one at the next iteration of the postmaster's main loop, if
2389 : * necessary. Any other exit condition is treated as a crash.
2390 : */
2391 34572 : if (WalWriterPMChild && pid == WalWriterPMChild->pid)
2392 : {
2393 1324 : ReleasePostmasterChildSlot(WalWriterPMChild);
2394 1324 : WalWriterPMChild = NULL;
2395 1324 : if (!EXIT_STATUS_0(exitstatus))
2396 536 : HandleChildCrash(pid, exitstatus,
2397 536 : _("WAL writer process"));
2398 1324 : continue;
2399 : }
2400 :
2401 : /*
2402 : * Was it the wal receiver? If exit status is zero (normal) or one
2403 : * (FATAL exit), we assume everything is all right just like normal
2404 : * backends. (If we need a new wal receiver, we'll start one at the
2405 : * next iteration of the postmaster's main loop.)
2406 : */
2407 33248 : if (WalReceiverPMChild && pid == WalReceiverPMChild->pid)
2408 : {
2409 442 : ReleasePostmasterChildSlot(WalReceiverPMChild);
2410 442 : WalReceiverPMChild = NULL;
2411 442 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2412 30 : HandleChildCrash(pid, exitstatus,
2413 30 : _("WAL receiver process"));
2414 442 : continue;
2415 : }
2416 :
2417 : /*
2418 : * Was it the wal summarizer? Normal exit can be ignored; we'll start
2419 : * a new one at the next iteration of the postmaster's main loop, if
2420 : * necessary. Any other exit condition is treated as a crash.
2421 : */
2422 32806 : if (WalSummarizerPMChild && pid == WalSummarizerPMChild->pid)
2423 : {
2424 36 : ReleasePostmasterChildSlot(WalSummarizerPMChild);
2425 36 : WalSummarizerPMChild = NULL;
2426 36 : if (!EXIT_STATUS_0(exitstatus))
2427 34 : HandleChildCrash(pid, exitstatus,
2428 34 : _("WAL summarizer process"));
2429 36 : continue;
2430 : }
2431 :
2432 : /*
2433 : * Was it the autovacuum launcher? Normal exit can be ignored; we'll
2434 : * start a new one at the next iteration of the postmaster's main
2435 : * loop, if necessary. Any other exit condition is treated as a
2436 : * crash.
2437 : */
2438 32770 : if (AutoVacLauncherPMChild && pid == AutoVacLauncherPMChild->pid)
2439 : {
2440 1146 : ReleasePostmasterChildSlot(AutoVacLauncherPMChild);
2441 1146 : AutoVacLauncherPMChild = NULL;
2442 1146 : if (!EXIT_STATUS_0(exitstatus))
2443 458 : HandleChildCrash(pid, exitstatus,
2444 458 : _("autovacuum launcher process"));
2445 1146 : continue;
2446 : }
2447 :
2448 : /*
2449 : * Was it the archiver? If exit status is zero (normal) or one (FATAL
2450 : * exit), we assume everything is all right just like normal backends
2451 : * and just try to start a new one on the next cycle of the
2452 : * postmaster's main loop, to retry archiving remaining files.
2453 : */
2454 31624 : if (PgArchPMChild && pid == PgArchPMChild->pid)
2455 : {
2456 102 : ReleasePostmasterChildSlot(PgArchPMChild);
2457 102 : PgArchPMChild = NULL;
2458 102 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2459 72 : HandleChildCrash(pid, exitstatus,
2460 72 : _("archiver process"));
2461 102 : continue;
2462 : }
2463 :
2464 : /* Was it the system logger? If so, try to start a new one */
2465 31522 : if (SysLoggerPMChild && pid == SysLoggerPMChild->pid)
2466 : {
2467 0 : ReleasePostmasterChildSlot(SysLoggerPMChild);
2468 0 : SysLoggerPMChild = NULL;
2469 :
2470 : /* for safety's sake, launch new logger *first* */
2471 0 : if (Logging_collector)
2472 0 : StartSysLogger();
2473 :
2474 0 : if (!EXIT_STATUS_0(exitstatus))
2475 0 : LogChildExit(LOG, _("system logger process"),
2476 : pid, exitstatus);
2477 0 : continue;
2478 : }
2479 :
2480 : /*
2481 : * Was it the slot sync worker? Normal exit or FATAL exit can be
2482 : * ignored (FATAL can be caused by libpqwalreceiver on receiving
2483 : * shutdown request by the startup process during promotion); we'll
2484 : * start a new one at the next iteration of the postmaster's main
2485 : * loop, if necessary. Any other exit condition is treated as a crash.
2486 : */
2487 31522 : if (SlotSyncWorkerPMChild && pid == SlotSyncWorkerPMChild->pid)
2488 : {
2489 8 : ReleasePostmasterChildSlot(SlotSyncWorkerPMChild);
2490 8 : SlotSyncWorkerPMChild = NULL;
2491 8 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2492 0 : HandleChildCrash(pid, exitstatus,
2493 0 : _("slot sync worker process"));
2494 8 : continue;
2495 : }
2496 :
2497 : /*
2498 : * Was it a backend or a background worker?
2499 : */
2500 31514 : pmchild = FindPostmasterChildByPid(pid);
2501 31514 : if (pmchild)
2502 : {
2503 31514 : CleanupBackend(pmchild, exitstatus);
2504 : }
2505 :
2506 : /*
2507 : * We don't know anything about this child process. That's highly
2508 : * unexpected, as we do track all the child processes that we fork.
2509 : */
2510 : else
2511 : {
2512 0 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2513 0 : HandleChildCrash(pid, exitstatus, _("untracked child process"));
2514 : else
2515 0 : LogChildExit(LOG, _("untracked child process"), pid, exitstatus);
2516 : }
2517 : } /* loop over pending child-death reports */
2518 :
2519 : /*
2520 : * After cleaning out the SIGCHLD queue, see if we have any state changes
2521 : * or actions to make.
2522 : */
2523 36782 : PostmasterStateMachine();
2524 35274 : }
2525 :
2526 : /*
2527 : * CleanupBackend -- cleanup after terminated backend or background worker.
2528 : *
2529 : * Remove all local state associated with the child process and release its
2530 : * PMChild slot.
2531 : */
2532 : static void
2533 31514 : CleanupBackend(PMChild *bp,
2534 : int exitstatus) /* child's exit status. */
2535 : {
2536 : char namebuf[MAXPGPATH];
2537 : const char *procname;
2538 31514 : bool crashed = false;
2539 31514 : bool logged = false;
2540 : pid_t bp_pid;
2541 : bool bp_bgworker_notify;
2542 : BackendType bp_bkend_type;
2543 : RegisteredBgWorker *rw;
2544 :
2545 : /* Construct a process name for the log message */
2546 31514 : if (bp->bkend_type == B_BG_WORKER)
2547 : {
2548 4800 : snprintf(namebuf, MAXPGPATH, _("background worker \"%s\""),
2549 4800 : bp->rw->rw_worker.bgw_type);
2550 4800 : procname = namebuf;
2551 : }
2552 : else
2553 26714 : procname = _(GetBackendTypeDesc(bp->bkend_type));
2554 :
2555 : /*
2556 : * If a backend dies in an ugly way then we must signal all other backends
2557 : * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
2558 : * assume everything is all right and proceed to remove the backend from
2559 : * the active child list.
2560 : */
2561 31514 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2562 1024 : crashed = true;
2563 :
2564 : #ifdef WIN32
2565 :
2566 : /*
2567 : * On win32, also treat ERROR_WAIT_NO_CHILDREN (128) as nonfatal case,
2568 : * since that sometimes happens under load when the process fails to start
2569 : * properly (long before it starts using shared memory). Microsoft reports
2570 : * it is related to mutex failure:
2571 : * http://archives.postgresql.org/pgsql-hackers/2010-09/msg00790.php
2572 : */
2573 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
2574 : {
2575 : LogChildExit(LOG, procname, bp->pid, exitstatus);
2576 : logged = true;
2577 : crashed = false;
2578 : }
2579 : #endif
2580 :
2581 : /*
2582 : * Release the PMChild entry.
2583 : *
2584 : * If the process attached to shared memory, this also checks that it
2585 : * detached cleanly.
2586 : */
2587 31514 : bp_pid = bp->pid;
2588 31514 : bp_bgworker_notify = bp->bgworker_notify;
2589 31514 : bp_bkend_type = bp->bkend_type;
2590 31514 : rw = bp->rw;
2591 31514 : if (!ReleasePostmasterChildSlot(bp))
2592 : {
2593 : /*
2594 : * Uh-oh, the child failed to clean itself up. Treat as a crash after
2595 : * all.
2596 : */
2597 668 : crashed = true;
2598 : }
2599 31514 : bp = NULL;
2600 :
2601 31514 : if (crashed)
2602 : {
2603 1024 : HandleChildCrash(bp_pid, exitstatus, procname);
2604 1024 : return;
2605 : }
2606 :
2607 : /*
2608 : * This backend may have been slated to receive SIGUSR1 when some
2609 : * background worker started or stopped. Cancel those notifications, as
2610 : * we don't want to signal PIDs that are not PostgreSQL backends. This
2611 : * gets skipped in the (probably very common) case where the backend has
2612 : * never requested any such notifications.
2613 : */
2614 30490 : if (bp_bgworker_notify)
2615 460 : BackgroundWorkerStopNotifications(bp_pid);
2616 :
2617 : /*
2618 : * If it was a background worker, also update its RegisteredBgWorker
2619 : * entry.
2620 : */
2621 30490 : if (bp_bkend_type == B_BG_WORKER)
2622 : {
2623 4236 : if (!EXIT_STATUS_0(exitstatus))
2624 : {
2625 : /* Record timestamp, so we know when to restart the worker. */
2626 1104 : rw->rw_crashed_at = GetCurrentTimestamp();
2627 : }
2628 : else
2629 : {
2630 : /* Zero exit status means terminate */
2631 3132 : rw->rw_crashed_at = 0;
2632 3132 : rw->rw_terminate = true;
2633 : }
2634 :
2635 4236 : rw->rw_pid = 0;
2636 4236 : ReportBackgroundWorkerExit(rw); /* report child death */
2637 :
2638 4236 : if (!logged)
2639 : {
2640 4236 : LogChildExit(EXIT_STATUS_0(exitstatus) ? DEBUG1 : LOG,
2641 : procname, bp_pid, exitstatus);
2642 4236 : logged = true;
2643 : }
2644 :
2645 : /* have it be restarted */
2646 4236 : HaveCrashedWorker = true;
2647 : }
2648 :
2649 30490 : if (!logged)
2650 26254 : LogChildExit(DEBUG2, procname, bp_pid, exitstatus);
2651 : }
2652 :
2653 : /*
2654 : * HandleChildCrash -- cleanup after failed backend, bgwriter, checkpointer,
2655 : * walwriter, autovacuum, archiver, slot sync worker, or background worker.
2656 : *
2657 : * The objectives here are to clean up our local state about the child
2658 : * process, and to signal all other remaining children to quickdie.
2659 : *
2660 : * The caller has already released its PMChild slot.
2661 : */
2662 : static void
2663 3508 : HandleChildCrash(int pid, int exitstatus, const char *procname)
2664 : {
2665 : bool take_action;
2666 :
2667 : /*
2668 : * We only log messages and send signals if this is the first process
2669 : * crash and we're not doing an immediate shutdown; otherwise, we're only
2670 : * here to update postmaster's idea of live processes. If we have already
2671 : * signaled children, nonzero exit status is to be expected, so don't
2672 : * clutter log.
2673 : */
2674 3508 : take_action = !FatalError && Shutdown != ImmediateShutdown;
2675 :
2676 3508 : if (take_action)
2677 : {
2678 16 : LogChildExit(LOG, procname, pid, exitstatus);
2679 16 : ereport(LOG,
2680 : (errmsg("terminating any other active server processes")));
2681 16 : SetQuitSignalReason(PMQUIT_FOR_CRASH);
2682 : }
2683 :
2684 : /*
2685 : * Signal all other child processes to exit. The crashed process has
2686 : * already been removed from ActiveChildList.
2687 : */
2688 3508 : if (take_action)
2689 : {
2690 : dlist_iter iter;
2691 :
2692 84 : dlist_foreach(iter, &ActiveChildList)
2693 : {
2694 68 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
2695 :
2696 : /* We do NOT restart the syslogger */
2697 68 : if (bp == SysLoggerPMChild)
2698 0 : continue;
2699 :
2700 68 : if (bp == StartupPMChild)
2701 0 : StartupStatus = STARTUP_SIGNALED;
2702 :
2703 : /*
2704 : * This backend is still alive. Unless we did so already, tell it
2705 : * to commit hara-kiri.
2706 : *
2707 : * We could exclude dead-end children here, but at least when
2708 : * sending SIGABRT it seems better to include them.
2709 : */
2710 68 : sigquit_child(bp);
2711 : }
2712 : }
2713 :
2714 3508 : if (Shutdown != ImmediateShutdown)
2715 84 : FatalError = true;
2716 :
2717 : /* We now transit into a state of waiting for children to die */
2718 3508 : if (pmState == PM_RECOVERY ||
2719 3504 : pmState == PM_HOT_STANDBY ||
2720 3502 : pmState == PM_RUN ||
2721 3492 : pmState == PM_STOP_BACKENDS ||
2722 3492 : pmState == PM_SHUTDOWN)
2723 16 : pmState = PM_WAIT_BACKENDS;
2724 :
2725 : /*
2726 : * .. and if this doesn't happen quickly enough, now the clock is ticking
2727 : * for us to kill them without mercy.
2728 : */
2729 3508 : if (AbortStartTime == 0)
2730 16 : AbortStartTime = time(NULL);
2731 3508 : }
2732 :
2733 : /*
2734 : * Log the death of a child process.
2735 : */
2736 : static void
2737 30506 : LogChildExit(int lev, const char *procname, int pid, int exitstatus)
2738 : {
2739 : /*
2740 : * size of activity_buffer is arbitrary, but set equal to default
2741 : * track_activity_query_size
2742 : */
2743 : char activity_buffer[1024];
2744 30506 : const char *activity = NULL;
2745 :
2746 30506 : if (!EXIT_STATUS_0(exitstatus))
2747 1638 : activity = pgstat_get_crashed_backend_activity(pid,
2748 : activity_buffer,
2749 : sizeof(activity_buffer));
2750 :
2751 30506 : if (WIFEXITED(exitstatus))
2752 30498 : ereport(lev,
2753 :
2754 : /*------
2755 : translator: %s is a noun phrase describing a child process, such as
2756 : "server process" */
2757 : (errmsg("%s (PID %d) exited with exit code %d",
2758 : procname, pid, WEXITSTATUS(exitstatus)),
2759 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2760 8 : else if (WIFSIGNALED(exitstatus))
2761 : {
2762 : #if defined(WIN32)
2763 : ereport(lev,
2764 :
2765 : /*------
2766 : translator: %s is a noun phrase describing a child process, such as
2767 : "server process" */
2768 : (errmsg("%s (PID %d) was terminated by exception 0x%X",
2769 : procname, pid, WTERMSIG(exitstatus)),
2770 : errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
2771 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2772 : #else
2773 8 : ereport(lev,
2774 :
2775 : /*------
2776 : translator: %s is a noun phrase describing a child process, such as
2777 : "server process" */
2778 : (errmsg("%s (PID %d) was terminated by signal %d: %s",
2779 : procname, pid, WTERMSIG(exitstatus),
2780 : pg_strsignal(WTERMSIG(exitstatus))),
2781 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2782 : #endif
2783 : }
2784 : else
2785 0 : ereport(lev,
2786 :
2787 : /*------
2788 : translator: %s is a noun phrase describing a child process, such as
2789 : "server process" */
2790 : (errmsg("%s (PID %d) exited with unrecognized status %d",
2791 : procname, pid, exitstatus),
2792 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2793 30506 : }
2794 :
2795 : /*
2796 : * Advance the postmaster's state machine and take actions as appropriate
2797 : *
2798 : * This is common code for process_pm_shutdown_request(),
2799 : * process_pm_child_exit() and process_pm_pmsignal(), which process the signals
2800 : * that might mean we need to change state.
2801 : */
2802 : static void
2803 40450 : PostmasterStateMachine(void)
2804 : {
2805 : /* If we're doing a smart shutdown, try to advance that state. */
2806 40450 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2807 : {
2808 31956 : if (!connsAllowed)
2809 : {
2810 : /*
2811 : * This state ends when we have no normal client backends running.
2812 : * Then we're ready to stop other children.
2813 : */
2814 68 : if (CountChildren(btmask(B_BACKEND)) == 0)
2815 34 : pmState = PM_STOP_BACKENDS;
2816 : }
2817 : }
2818 :
2819 : /*
2820 : * In the PM_WAIT_BACKENDS state, wait for all the regular backends and
2821 : * procesess like autovacuum and background workers that are comparable to
2822 : * backends to exit.
2823 : *
2824 : * PM_STOP_BACKENDS is a transient state that means the same as
2825 : * PM_WAIT_BACKENDS, but we signal the processes first, before waiting for
2826 : * them. Treating it as a distinct pmState allows us to share this code
2827 : * across multiple shutdown code paths.
2828 : */
2829 40450 : if (pmState == PM_STOP_BACKENDS || pmState == PM_WAIT_BACKENDS)
2830 : {
2831 7456 : BackendTypeMask targetMask = BTYPE_MASK_NONE;
2832 :
2833 : /*
2834 : * PM_WAIT_BACKENDS state ends when we have no regular backends, no
2835 : * autovac launcher or workers, and no bgworkers (including
2836 : * unconnected ones). No walwriter, bgwriter, slot sync worker, or
2837 : * WAL summarizer either.
2838 : */
2839 7456 : targetMask = btmask_add(targetMask, B_BACKEND);
2840 7456 : targetMask = btmask_add(targetMask, B_AUTOVAC_LAUNCHER);
2841 7456 : targetMask = btmask_add(targetMask, B_AUTOVAC_WORKER);
2842 7456 : targetMask = btmask_add(targetMask, B_BG_WORKER);
2843 :
2844 7456 : targetMask = btmask_add(targetMask, B_WAL_WRITER);
2845 7456 : targetMask = btmask_add(targetMask, B_BG_WRITER);
2846 7456 : targetMask = btmask_add(targetMask, B_SLOTSYNC_WORKER);
2847 7456 : targetMask = btmask_add(targetMask, B_WAL_SUMMARIZER);
2848 :
2849 : /* If we're in recovery, also stop startup and walreceiver procs */
2850 7456 : targetMask = btmask_add(targetMask, B_STARTUP);
2851 7456 : targetMask = btmask_add(targetMask, B_WAL_RECEIVER);
2852 :
2853 : /*
2854 : * If we are doing crash recovery or an immediate shutdown then we
2855 : * expect the checkpointer to exit as well, otherwise not.
2856 : */
2857 7456 : if (FatalError || Shutdown >= ImmediateShutdown)
2858 2832 : targetMask = btmask_add(targetMask, B_CHECKPOINTER);
2859 :
2860 : /*
2861 : * Walsenders and archiver will continue running; they will be
2862 : * terminated later after writing the checkpoint record. We also let
2863 : * dead-end children to keep running for now. The syslogger process
2864 : * exits last.
2865 : *
2866 : * This assertion checks that we have covered all backend types,
2867 : * either by including them in targetMask, or by noting here that they
2868 : * are allowed to continue running.
2869 : */
2870 : #ifdef USE_ASSERT_CHECKING
2871 : {
2872 : BackendTypeMask remainMask = BTYPE_MASK_NONE;
2873 :
2874 : remainMask = btmask_add(remainMask, B_WAL_SENDER);
2875 : remainMask = btmask_add(remainMask, B_ARCHIVER);
2876 : remainMask = btmask_add(remainMask, B_DEAD_END_BACKEND);
2877 : remainMask = btmask_add(remainMask, B_LOGGER);
2878 :
2879 : /* checkpointer may or may not be in targetMask already */
2880 : remainMask = btmask_add(remainMask, B_CHECKPOINTER);
2881 :
2882 : /* these are not real postmaster children */
2883 : remainMask = btmask_add(remainMask, B_INVALID);
2884 : remainMask = btmask_add(remainMask, B_STANDALONE_BACKEND);
2885 :
2886 : /* All types should be included in targetMask or remainMask */
2887 : Assert((remainMask.mask | targetMask.mask) == BTYPE_MASK_ALL.mask);
2888 : }
2889 : #endif
2890 :
2891 : /* If we had not yet signaled the processes to exit, do so now */
2892 7456 : if (pmState == PM_STOP_BACKENDS)
2893 : {
2894 : /*
2895 : * Forget any pending requests for background workers, since we're
2896 : * no longer willing to launch any new workers. (If additional
2897 : * requests arrive, BackgroundWorkerStateChange will reject them.)
2898 : */
2899 888 : ForgetUnstartedBackgroundWorkers();
2900 :
2901 888 : SignalChildren(SIGTERM, targetMask);
2902 :
2903 888 : pmState = PM_WAIT_BACKENDS;
2904 : }
2905 :
2906 : /* Are any of the target processes still running? */
2907 7456 : if (CountChildren(targetMask) == 0)
2908 : {
2909 1518 : if (Shutdown >= ImmediateShutdown || FatalError)
2910 : {
2911 : /*
2912 : * Stop any dead-end children and stop creating new ones.
2913 : */
2914 630 : pmState = PM_WAIT_DEAD_END;
2915 630 : ConfigurePostmasterWaitSet(false);
2916 630 : SignalChildren(SIGQUIT, btmask(B_DEAD_END_BACKEND));
2917 :
2918 : /*
2919 : * We already SIGQUIT'd walsenders and the archiver, if any,
2920 : * when we started immediate shutdown or entered FatalError
2921 : * state.
2922 : */
2923 : }
2924 : else
2925 : {
2926 : /*
2927 : * If we get here, we are proceeding with normal shutdown. All
2928 : * the regular children are gone, and it's time to tell the
2929 : * checkpointer to do a shutdown checkpoint.
2930 : */
2931 : Assert(Shutdown > NoShutdown);
2932 : /* Start the checkpointer if not running */
2933 888 : if (CheckpointerPMChild == NULL)
2934 0 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
2935 : /* And tell it to shut down */
2936 888 : if (CheckpointerPMChild != NULL)
2937 : {
2938 888 : signal_child(CheckpointerPMChild, SIGUSR2);
2939 888 : pmState = PM_SHUTDOWN;
2940 : }
2941 : else
2942 : {
2943 : /*
2944 : * If we failed to fork a checkpointer, just shut down.
2945 : * Any required cleanup will happen at next restart. We
2946 : * set FatalError so that an "abnormal shutdown" message
2947 : * gets logged when we exit.
2948 : *
2949 : * We don't consult send_abort_for_crash here, as it's
2950 : * unlikely that dumping cores would illuminate the reason
2951 : * for checkpointer fork failure.
2952 : */
2953 0 : FatalError = true;
2954 0 : pmState = PM_WAIT_DEAD_END;
2955 0 : ConfigurePostmasterWaitSet(false);
2956 :
2957 : /* Kill the walsenders and archiver too */
2958 0 : SignalChildren(SIGQUIT, btmask_all_except(B_LOGGER));
2959 : }
2960 : }
2961 : }
2962 : }
2963 :
2964 40450 : if (pmState == PM_SHUTDOWN_2)
2965 : {
2966 : /*
2967 : * PM_SHUTDOWN_2 state ends when there's no other children than
2968 : * dead-end children left. There shouldn't be any regular backends
2969 : * left by now anyway; what we're really waiting for is walsenders and
2970 : * archiver.
2971 : */
2972 972 : if (CountChildren(btmask_all_except2(B_LOGGER, B_DEAD_END_BACKEND)) == 0)
2973 : {
2974 888 : pmState = PM_WAIT_DEAD_END;
2975 888 : ConfigurePostmasterWaitSet(false);
2976 888 : SignalChildren(SIGTERM, btmask_all_except(B_LOGGER));
2977 : }
2978 : }
2979 :
2980 40450 : if (pmState == PM_WAIT_DEAD_END)
2981 : {
2982 : /*
2983 : * PM_WAIT_DEAD_END state ends when all other children are gone except
2984 : * for the logger. During normal shutdown, all that remains are
2985 : * dead-end backends, but in FatalError processing we jump straight
2986 : * here with more processes remaining. Note that they have already
2987 : * been sent appropriate shutdown signals, either during a normal
2988 : * state transition leading up to PM_WAIT_DEAD_END, or during
2989 : * FatalError processing.
2990 : *
2991 : * The reason we wait is to protect against a new postmaster starting
2992 : * conflicting subprocesses; this isn't an ironclad protection, but it
2993 : * at least helps in the shutdown-and-immediately-restart scenario.
2994 : */
2995 1556 : if (CountChildren(btmask_all_except(B_LOGGER)) == 0)
2996 : {
2997 : /* These other guys should be dead already */
2998 : Assert(StartupPMChild == NULL);
2999 : Assert(WalReceiverPMChild == NULL);
3000 : Assert(WalSummarizerPMChild == NULL);
3001 : Assert(BgWriterPMChild == NULL);
3002 : Assert(CheckpointerPMChild == NULL);
3003 : Assert(WalWriterPMChild == NULL);
3004 : Assert(AutoVacLauncherPMChild == NULL);
3005 : Assert(SlotSyncWorkerPMChild == NULL);
3006 : /* syslogger is not considered here */
3007 1518 : pmState = PM_NO_CHILDREN;
3008 : }
3009 : }
3010 :
3011 : /*
3012 : * If we've been told to shut down, we exit as soon as there are no
3013 : * remaining children. If there was a crash, cleanup will occur at the
3014 : * next startup. (Before PostgreSQL 8.3, we tried to recover from the
3015 : * crash before exiting, but that seems unwise if we are quitting because
3016 : * we got SIGTERM from init --- there may well not be time for recovery
3017 : * before init decides to SIGKILL us.)
3018 : *
3019 : * Note that the syslogger continues to run. It will exit when it sees
3020 : * EOF on its input pipe, which happens when there are no more upstream
3021 : * processes.
3022 : */
3023 40450 : if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
3024 : {
3025 1502 : if (FatalError)
3026 : {
3027 0 : ereport(LOG, (errmsg("abnormal database system shutdown")));
3028 0 : ExitPostmaster(1);
3029 : }
3030 : else
3031 : {
3032 : /*
3033 : * Normal exit from the postmaster is here. We don't need to log
3034 : * anything here, since the UnlinkLockFiles proc_exit callback
3035 : * will do so, and that should be the last user-visible action.
3036 : */
3037 1502 : ExitPostmaster(0);
3038 : }
3039 : }
3040 :
3041 : /*
3042 : * If the startup process failed, or the user does not want an automatic
3043 : * restart after backend crashes, wait for all non-syslogger children to
3044 : * exit, and then exit postmaster. We don't try to reinitialize when the
3045 : * startup process fails, because more than likely it will just fail again
3046 : * and we will keep trying forever.
3047 : */
3048 38948 : if (pmState == PM_NO_CHILDREN)
3049 : {
3050 16 : if (StartupStatus == STARTUP_CRASHED)
3051 : {
3052 6 : ereport(LOG,
3053 : (errmsg("shutting down due to startup process failure")));
3054 6 : ExitPostmaster(1);
3055 : }
3056 10 : if (!restart_after_crash)
3057 : {
3058 0 : ereport(LOG,
3059 : (errmsg("shutting down because \"restart_after_crash\" is off")));
3060 0 : ExitPostmaster(1);
3061 : }
3062 : }
3063 :
3064 : /*
3065 : * If we need to recover from a crash, wait for all non-syslogger children
3066 : * to exit, then reset shmem and start the startup process.
3067 : */
3068 38942 : if (FatalError && pmState == PM_NO_CHILDREN)
3069 : {
3070 10 : ereport(LOG,
3071 : (errmsg("all server processes terminated; reinitializing")));
3072 :
3073 : /* remove leftover temporary files after a crash */
3074 10 : if (remove_temp_files_after_crash)
3075 8 : RemovePgTempFiles();
3076 :
3077 : /* allow background workers to immediately restart */
3078 10 : ResetBackgroundWorkerCrashTimes();
3079 :
3080 10 : shmem_exit(1);
3081 :
3082 : /* re-read control file into local memory */
3083 10 : LocalProcessControlFile(true);
3084 :
3085 : /* re-create shared memory and semaphores */
3086 10 : CreateSharedMemoryAndSemaphores();
3087 :
3088 10 : StartupPMChild = StartChildProcess(B_STARTUP);
3089 : Assert(StartupPMChild != NULL);
3090 10 : StartupStatus = STARTUP_RUNNING;
3091 10 : pmState = PM_STARTUP;
3092 : /* crash recovery started, reset SIGKILL flag */
3093 10 : AbortStartTime = 0;
3094 :
3095 : /* start accepting server socket connection events again */
3096 10 : ConfigurePostmasterWaitSet(true);
3097 : }
3098 38942 : }
3099 :
3100 : /*
3101 : * Launch background processes after state change, or relaunch after an
3102 : * existing process has exited.
3103 : *
3104 : * Check the current pmState and the status of any background processes. If
3105 : * there are any background processes missing that should be running in the
3106 : * current state, but are not, launch them.
3107 : */
3108 : static void
3109 367358 : LaunchMissingBackgroundProcesses(void)
3110 : {
3111 : /* Syslogger is active in all states */
3112 367358 : if (SysLoggerPMChild == NULL && Logging_collector)
3113 0 : StartSysLogger();
3114 :
3115 : /*
3116 : * The checkpointer and the background writer are active from the start,
3117 : * until shutdown is initiated.
3118 : *
3119 : * (If the checkpointer is not running when we enter the PM_SHUTDOWN
3120 : * state, it is launched one more time to perform the shutdown checkpoint.
3121 : * That's done in PostmasterStateMachine(), not here.)
3122 : */
3123 367358 : if (pmState == PM_RUN || pmState == PM_RECOVERY ||
3124 10524 : pmState == PM_HOT_STANDBY || pmState == PM_STARTUP)
3125 : {
3126 360388 : if (CheckpointerPMChild == NULL)
3127 10 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
3128 360388 : if (BgWriterPMChild == NULL)
3129 10 : BgWriterPMChild = StartChildProcess(B_BG_WRITER);
3130 : }
3131 :
3132 : /*
3133 : * WAL writer is needed only in normal operation (else we cannot be
3134 : * writing any new WAL).
3135 : */
3136 367358 : if (WalWriterPMChild == NULL && pmState == PM_RUN)
3137 1330 : WalWriterPMChild = StartChildProcess(B_WAL_WRITER);
3138 :
3139 : /*
3140 : * We don't want autovacuum to run in binary upgrade mode because
3141 : * autovacuum might update relfrozenxid for empty tables before the
3142 : * physical files are put in place.
3143 : */
3144 380520 : if (!IsBinaryUpgrade && AutoVacLauncherPMChild == NULL &&
3145 19432 : (AutoVacuumingActive() || start_autovac_launcher) &&
3146 6892 : pmState == PM_RUN)
3147 : {
3148 1152 : AutoVacLauncherPMChild = StartChildProcess(B_AUTOVAC_LAUNCHER);
3149 1152 : if (AutoVacLauncherPMChild != NULL)
3150 1152 : start_autovac_launcher = false; /* signal processed */
3151 : }
3152 :
3153 : /*
3154 : * If WAL archiving is enabled always, we are allowed to start archiver
3155 : * even during recovery.
3156 : */
3157 367358 : if (PgArchPMChild == NULL &&
3158 365400 : ((XLogArchivingActive() && pmState == PM_RUN) ||
3159 365400 : (XLogArchivingAlways() && (pmState == PM_RECOVERY || pmState == PM_HOT_STANDBY))) &&
3160 96 : PgArchCanRestart())
3161 96 : PgArchPMChild = StartChildProcess(B_ARCHIVER);
3162 :
3163 : /*
3164 : * If we need to start a slot sync worker, try to do that now
3165 : *
3166 : * We allow to start the slot sync worker when we are on a hot standby,
3167 : * fast or immediate shutdown is not in progress, slot sync parameters are
3168 : * configured correctly, and it is the first time of worker's launch, or
3169 : * enough time has passed since the worker was launched last.
3170 : */
3171 367358 : if (SlotSyncWorkerPMChild == NULL && pmState == PM_HOT_STANDBY &&
3172 3312 : Shutdown <= SmartShutdown && sync_replication_slots &&
3173 22 : ValidateSlotSyncParams(LOG) && SlotSyncWorkerCanRestart())
3174 8 : SlotSyncWorkerPMChild = StartChildProcess(B_SLOTSYNC_WORKER);
3175 :
3176 : /*
3177 : * If we need to start a WAL receiver, try to do that now
3178 : *
3179 : * Note: if a walreceiver process is already running, it might seem that
3180 : * we should clear WalReceiverRequested. However, there's a race
3181 : * condition if the walreceiver terminates and the startup process
3182 : * immediately requests a new one: it's quite possible to get the signal
3183 : * for the request before reaping the dead walreceiver process. Better to
3184 : * risk launching an extra walreceiver than to miss launching one we need.
3185 : * (The walreceiver code has logic to recognize that it should go away if
3186 : * not needed.)
3187 : */
3188 367358 : if (WalReceiverRequested)
3189 : {
3190 656 : if (WalReceiverPMChild == NULL &&
3191 448 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
3192 444 : pmState == PM_HOT_STANDBY) &&
3193 442 : Shutdown <= SmartShutdown)
3194 : {
3195 442 : WalReceiverPMChild = StartChildProcess(B_WAL_RECEIVER);
3196 442 : if (WalReceiverPMChild != 0)
3197 442 : WalReceiverRequested = false;
3198 : /* else leave the flag set, so we'll try again later */
3199 : }
3200 : }
3201 :
3202 : /* If we need to start a WAL summarizer, try to do that now */
3203 367358 : if (summarize_wal && WalSummarizerPMChild == NULL &&
3204 106 : (pmState == PM_RUN || pmState == PM_HOT_STANDBY) &&
3205 36 : Shutdown <= SmartShutdown)
3206 36 : WalSummarizerPMChild = StartChildProcess(B_WAL_SUMMARIZER);
3207 :
3208 : /* Get other worker processes running, if needed */
3209 367358 : if (StartWorkerNeeded || HaveCrashedWorker)
3210 9010 : maybe_start_bgworkers();
3211 367354 : }
3212 :
3213 : /*
3214 : * Send a signal to a postmaster child process
3215 : *
3216 : * On systems that have setsid(), each child process sets itself up as a
3217 : * process group leader. For signals that are generally interpreted in the
3218 : * appropriate fashion, we signal the entire process group not just the
3219 : * direct child process. This allows us to, for example, SIGQUIT a blocked
3220 : * archive_recovery script, or SIGINT a script being run by a backend via
3221 : * system().
3222 : *
3223 : * There is a race condition for recently-forked children: they might not
3224 : * have executed setsid() yet. So we signal the child directly as well as
3225 : * the group. We assume such a child will handle the signal before trying
3226 : * to spawn any grandchild processes. We also assume that signaling the
3227 : * child twice will not cause any problems.
3228 : */
3229 : static void
3230 10000 : signal_child(PMChild *pmchild, int signal)
3231 : {
3232 10000 : pid_t pid = pmchild->pid;
3233 :
3234 10000 : if (kill(pid, signal) < 0)
3235 0 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
3236 : #ifdef HAVE_SETSID
3237 10000 : switch (signal)
3238 : {
3239 7440 : case SIGINT:
3240 : case SIGTERM:
3241 : case SIGQUIT:
3242 : case SIGKILL:
3243 : case SIGABRT:
3244 7440 : if (kill(-pid, signal) < 0)
3245 64 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
3246 7440 : break;
3247 2560 : default:
3248 2560 : break;
3249 : }
3250 : #endif
3251 10000 : }
3252 :
3253 : /*
3254 : * Convenience function for killing a child process after a crash of some
3255 : * other child process. We log the action at a higher level than we would
3256 : * otherwise do, and we apply send_abort_for_crash to decide which signal
3257 : * to send. Normally it's SIGQUIT -- and most other comments in this file
3258 : * are written on the assumption that it is -- but developers might prefer
3259 : * to use SIGABRT to collect per-child core dumps.
3260 : */
3261 : static void
3262 68 : sigquit_child(PMChild *pmchild)
3263 : {
3264 68 : ereport(DEBUG2,
3265 : (errmsg_internal("sending %s to process %d",
3266 : (send_abort_for_crash ? "SIGABRT" : "SIGQUIT"),
3267 : (int) pmchild->pid)));
3268 68 : signal_child(pmchild, (send_abort_for_crash ? SIGABRT : SIGQUIT));
3269 68 : }
3270 :
3271 : /*
3272 : * Send a signal to the targeted children.
3273 : */
3274 : static bool
3275 4156 : SignalChildren(int signal, BackendTypeMask targetMask)
3276 : {
3277 : dlist_iter iter;
3278 4156 : bool signaled = false;
3279 :
3280 14190 : dlist_foreach(iter, &ActiveChildList)
3281 : {
3282 10034 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
3283 :
3284 : /*
3285 : * If we need to distinguish between B_BACKEND and B_WAL_SENDER, check
3286 : * if any B_BACKEND backends have recently announced that they are
3287 : * actually WAL senders.
3288 : */
3289 10034 : if (btmask_contains(targetMask, B_WAL_SENDER) != btmask_contains(targetMask, B_BACKEND) &&
3290 5038 : bp->bkend_type == B_BACKEND)
3291 : {
3292 610 : if (IsPostmasterChildWalSender(bp->child_slot))
3293 72 : bp->bkend_type = B_WAL_SENDER;
3294 : }
3295 :
3296 10034 : if (!btmask_contains(targetMask, bp->bkend_type))
3297 1102 : continue;
3298 :
3299 8932 : ereport(DEBUG4,
3300 : (errmsg_internal("sending signal %d to %s process %d",
3301 : signal, GetBackendTypeDesc(bp->bkend_type), (int) bp->pid)));
3302 8932 : signal_child(bp, signal);
3303 8932 : signaled = true;
3304 : }
3305 4156 : return signaled;
3306 : }
3307 :
3308 : /*
3309 : * Send a termination signal to children. This considers all of our children
3310 : * processes, except syslogger.
3311 : */
3312 : static void
3313 614 : TerminateChildren(int signal)
3314 : {
3315 614 : SignalChildren(signal, btmask_all_except(B_LOGGER));
3316 614 : if (StartupPMChild != NULL)
3317 : {
3318 88 : if (signal == SIGQUIT || signal == SIGKILL || signal == SIGABRT)
3319 88 : StartupStatus = STARTUP_SIGNALED;
3320 : }
3321 614 : }
3322 :
3323 : /*
3324 : * BackendStartup -- start backend process
3325 : *
3326 : * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
3327 : *
3328 : * Note: if you change this code, also consider StartAutovacuumWorker and
3329 : * StartBackgroundWorker.
3330 : */
3331 : static int
3332 25664 : BackendStartup(ClientSocket *client_sock)
3333 : {
3334 25664 : PMChild *bn = NULL;
3335 : pid_t pid;
3336 : BackendStartupData startup_data;
3337 : CAC_state cac;
3338 :
3339 : /*
3340 : * Allocate and assign the child slot. Note we must do this before
3341 : * forking, so that we can handle failures (out of memory or child-process
3342 : * slots) cleanly.
3343 : */
3344 25664 : cac = canAcceptConnections(B_BACKEND);
3345 25664 : if (cac == CAC_OK)
3346 : {
3347 : /* Can change later to B_WAL_SENDER */
3348 25444 : bn = AssignPostmasterChildSlot(B_BACKEND);
3349 25444 : if (!bn)
3350 : {
3351 : /*
3352 : * Too many regular child processes; launch a dead-end child
3353 : * process instead.
3354 : */
3355 56 : cac = CAC_TOOMANY;
3356 : }
3357 : }
3358 25664 : if (!bn)
3359 : {
3360 276 : bn = AllocDeadEndChild();
3361 276 : if (!bn)
3362 : {
3363 0 : ereport(LOG,
3364 : (errcode(ERRCODE_OUT_OF_MEMORY),
3365 : errmsg("out of memory")));
3366 0 : return STATUS_ERROR;
3367 : }
3368 : }
3369 :
3370 : /* Pass down canAcceptConnections state */
3371 25664 : startup_data.canAcceptConnections = cac;
3372 25664 : bn->rw = NULL;
3373 :
3374 : /* Hasn't asked to be notified about any bgworkers yet */
3375 25664 : bn->bgworker_notify = false;
3376 :
3377 25664 : pid = postmaster_child_launch(bn->bkend_type, bn->child_slot,
3378 : (char *) &startup_data, sizeof(startup_data),
3379 : client_sock);
3380 25662 : if (pid < 0)
3381 : {
3382 : /* in parent, fork failed */
3383 0 : int save_errno = errno;
3384 :
3385 0 : (void) ReleasePostmasterChildSlot(bn);
3386 0 : errno = save_errno;
3387 0 : ereport(LOG,
3388 : (errmsg("could not fork new process for connection: %m")));
3389 0 : report_fork_failure_to_client(client_sock, save_errno);
3390 0 : return STATUS_ERROR;
3391 : }
3392 :
3393 : /* in parent, successful fork */
3394 25662 : ereport(DEBUG2,
3395 : (errmsg_internal("forked new %s, pid=%d socket=%d",
3396 : GetBackendTypeDesc(bn->bkend_type),
3397 : (int) pid, (int) client_sock->sock)));
3398 :
3399 : /*
3400 : * Everything's been successful, it's safe to add this backend to our list
3401 : * of backends.
3402 : */
3403 25662 : bn->pid = pid;
3404 25662 : return STATUS_OK;
3405 : }
3406 :
3407 : /*
3408 : * Try to report backend fork() failure to client before we close the
3409 : * connection. Since we do not care to risk blocking the postmaster on
3410 : * this connection, we set the connection to non-blocking and try only once.
3411 : *
3412 : * This is grungy special-purpose code; we cannot use backend libpq since
3413 : * it's not up and running.
3414 : */
3415 : static void
3416 0 : report_fork_failure_to_client(ClientSocket *client_sock, int errnum)
3417 : {
3418 : char buffer[1000];
3419 : int rc;
3420 :
3421 : /* Format the error message packet (always V2 protocol) */
3422 0 : snprintf(buffer, sizeof(buffer), "E%s%s\n",
3423 : _("could not fork new process for connection: "),
3424 : strerror(errnum));
3425 :
3426 : /* Set port to non-blocking. Don't do send() if this fails */
3427 0 : if (!pg_set_noblock(client_sock->sock))
3428 0 : return;
3429 :
3430 : /* We'll retry after EINTR, but ignore all other failures */
3431 : do
3432 : {
3433 0 : rc = send(client_sock->sock, buffer, strlen(buffer) + 1, 0);
3434 0 : } while (rc < 0 && errno == EINTR);
3435 : }
3436 :
3437 : /*
3438 : * ExitPostmaster -- cleanup
3439 : *
3440 : * Do NOT call exit() directly --- always go through here!
3441 : */
3442 : static void
3443 1512 : ExitPostmaster(int status)
3444 : {
3445 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
3446 :
3447 : /*
3448 : * There is no known cause for a postmaster to become multithreaded after
3449 : * startup. Recheck to account for the possibility of unknown causes.
3450 : * This message uses LOG level, because an unclean shutdown at this point
3451 : * would usually not look much different from a clean shutdown.
3452 : */
3453 : if (pthread_is_threaded_np() != 0)
3454 : ereport(LOG,
3455 : (errcode(ERRCODE_INTERNAL_ERROR),
3456 : errmsg_internal("postmaster became multithreaded"),
3457 : errdetail("Please report this to <%s>.", PACKAGE_BUGREPORT)));
3458 : #endif
3459 :
3460 : /* should cleanup shared memory and kill all backends */
3461 :
3462 : /*
3463 : * Not sure of the semantics here. When the Postmaster dies, should the
3464 : * backends all be killed? probably not.
3465 : *
3466 : * MUST -- vadim 05-10-1999
3467 : */
3468 :
3469 1512 : proc_exit(status);
3470 : }
3471 :
3472 : /*
3473 : * Handle pmsignal conditions representing requests from backends,
3474 : * and check for promote and logrotate requests from pg_ctl.
3475 : */
3476 : static void
3477 304928 : process_pm_pmsignal(void)
3478 : {
3479 304928 : pending_pm_pmsignal = false;
3480 :
3481 304928 : ereport(DEBUG2,
3482 : (errmsg_internal("postmaster received pmsignal signal")));
3483 :
3484 : /*
3485 : * RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in
3486 : * unexpected states. If the startup process quickly starts up, completes
3487 : * recovery, exits, we might process the death of the startup process
3488 : * first. We don't want to go back to recovery in that case.
3489 : */
3490 304928 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_STARTED) &&
3491 480 : pmState == PM_STARTUP && Shutdown == NoShutdown)
3492 : {
3493 : /* WAL redo has started. We're out of reinitialization. */
3494 480 : FatalError = false;
3495 480 : AbortStartTime = 0;
3496 :
3497 : /*
3498 : * Start the archiver if we're responsible for (re-)archiving received
3499 : * files.
3500 : */
3501 : Assert(PgArchPMChild == NULL);
3502 480 : if (XLogArchivingAlways())
3503 6 : PgArchPMChild = StartChildProcess(B_ARCHIVER);
3504 :
3505 : /*
3506 : * If we aren't planning to enter hot standby mode later, treat
3507 : * RECOVERY_STARTED as meaning we're out of startup, and report status
3508 : * accordingly.
3509 : */
3510 480 : if (!EnableHotStandby)
3511 : {
3512 4 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STANDBY);
3513 : #ifdef USE_SYSTEMD
3514 : sd_notify(0, "READY=1");
3515 : #endif
3516 : }
3517 :
3518 480 : pmState = PM_RECOVERY;
3519 : }
3520 :
3521 304928 : if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY) &&
3522 286 : pmState == PM_RECOVERY && Shutdown == NoShutdown)
3523 : {
3524 286 : ereport(LOG,
3525 : (errmsg("database system is ready to accept read-only connections")));
3526 :
3527 : /* Report status */
3528 286 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
3529 : #ifdef USE_SYSTEMD
3530 : sd_notify(0, "READY=1");
3531 : #endif
3532 :
3533 286 : pmState = PM_HOT_STANDBY;
3534 286 : connsAllowed = true;
3535 :
3536 : /* Some workers may be scheduled to start now */
3537 286 : StartWorkerNeeded = true;
3538 : }
3539 :
3540 : /* Process background worker state changes. */
3541 304928 : if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))
3542 : {
3543 : /* Accept new worker requests only if not stopping. */
3544 2056 : BackgroundWorkerStateChange(pmState < PM_STOP_BACKENDS);
3545 2056 : StartWorkerNeeded = true;
3546 : }
3547 :
3548 : /* Tell syslogger to rotate logfile if requested */
3549 304928 : if (SysLoggerPMChild != NULL)
3550 : {
3551 2 : if (CheckLogrotateSignal())
3552 : {
3553 2 : signal_child(SysLoggerPMChild, SIGUSR1);
3554 2 : RemoveLogrotateSignalFiles();
3555 : }
3556 0 : else if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE))
3557 : {
3558 0 : signal_child(SysLoggerPMChild, SIGUSR1);
3559 : }
3560 : }
3561 :
3562 304928 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER) &&
3563 298136 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
3564 : {
3565 : /*
3566 : * Start one iteration of the autovacuum daemon, even if autovacuuming
3567 : * is nominally not enabled. This is so we can have an active defense
3568 : * against transaction ID wraparound. We set a flag for the main loop
3569 : * to do it rather than trying to do it here --- this is because the
3570 : * autovac process itself may send the signal, and we want to handle
3571 : * that by launching another iteration as soon as the current one
3572 : * completes.
3573 : */
3574 298136 : start_autovac_launcher = true;
3575 : }
3576 :
3577 304928 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER) &&
3578 1594 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
3579 : {
3580 : /* The autovacuum launcher wants us to start a worker process. */
3581 1592 : StartAutovacuumWorker();
3582 : }
3583 :
3584 304928 : if (CheckPostmasterSignal(PMSIGNAL_START_WALRECEIVER))
3585 : {
3586 : /* Startup Process wants us to start the walreceiver process. */
3587 446 : WalReceiverRequested = true;
3588 : }
3589 :
3590 : /*
3591 : * Try to advance postmaster's state machine, if a child requests it.
3592 : *
3593 : * Be careful about the order of this action relative to this function's
3594 : * other actions. Generally, this should be after other actions, in case
3595 : * they have effects PostmasterStateMachine would need to know about.
3596 : * However, we should do it before the CheckPromoteSignal step, which
3597 : * cannot have any (immediate) effect on the state machine, but does
3598 : * depend on what state we're in now.
3599 : */
3600 304928 : if (CheckPostmasterSignal(PMSIGNAL_ADVANCE_STATE_MACHINE))
3601 : {
3602 2166 : PostmasterStateMachine();
3603 : }
3604 :
3605 304928 : if (StartupPMChild != NULL &&
3606 1318 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
3607 2206 : pmState == PM_HOT_STANDBY) &&
3608 1318 : CheckPromoteSignal())
3609 : {
3610 : /*
3611 : * Tell startup process to finish recovery.
3612 : *
3613 : * Leave the promote signal file in place and let the Startup process
3614 : * do the unlink.
3615 : */
3616 82 : signal_child(StartupPMChild, SIGUSR2);
3617 : }
3618 304928 : }
3619 :
3620 : /*
3621 : * Dummy signal handler
3622 : *
3623 : * We use this for signals that we don't actually use in the postmaster,
3624 : * but we do use in backends. If we were to SIG_IGN such signals in the
3625 : * postmaster, then a newly started backend might drop a signal that arrives
3626 : * before it's able to reconfigure its signal processing. (See notes in
3627 : * tcop/postgres.c.)
3628 : */
3629 : static void
3630 0 : dummy_handler(SIGNAL_ARGS)
3631 : {
3632 0 : }
3633 :
3634 : /*
3635 : * Count up number of child processes of specified types.
3636 : */
3637 : static int
3638 10052 : CountChildren(BackendTypeMask targetMask)
3639 : {
3640 : dlist_iter iter;
3641 10052 : int cnt = 0;
3642 :
3643 34176 : dlist_foreach(iter, &ActiveChildList)
3644 : {
3645 24124 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
3646 :
3647 : /*
3648 : * If we need to distinguish between B_BACKEND and B_WAL_SENDER, check
3649 : * if any B_BACKEND backends have recently announced that they are
3650 : * actually WAL senders.
3651 : */
3652 24124 : if (btmask_contains(targetMask, B_WAL_SENDER) != btmask_contains(targetMask, B_BACKEND) &&
3653 23934 : bp->bkend_type == B_BACKEND)
3654 : {
3655 2172 : if (IsPostmasterChildWalSender(bp->child_slot))
3656 94 : bp->bkend_type = B_WAL_SENDER;
3657 : }
3658 :
3659 24124 : if (!btmask_contains(targetMask, bp->bkend_type))
3660 6040 : continue;
3661 :
3662 18084 : ereport(DEBUG4,
3663 : (errmsg_internal("%s process %d is still running",
3664 : GetBackendTypeDesc(bp->bkend_type), (int) bp->pid)));
3665 :
3666 18084 : cnt++;
3667 : }
3668 10052 : return cnt;
3669 : }
3670 :
3671 :
3672 : /*
3673 : * StartChildProcess -- start an auxiliary process for the postmaster
3674 : *
3675 : * "type" determines what kind of child will be started. All child types
3676 : * initially go to AuxiliaryProcessMain, which will handle common setup.
3677 : *
3678 : * Return value of StartChildProcess is subprocess' PMChild entry, or NULL on
3679 : * failure.
3680 : */
3681 : static PMChild *
3682 9234 : StartChildProcess(BackendType type)
3683 : {
3684 : PMChild *pmchild;
3685 : pid_t pid;
3686 :
3687 9234 : pmchild = AssignPostmasterChildSlot(type);
3688 9234 : if (!pmchild)
3689 : {
3690 536 : if (type == B_AUTOVAC_WORKER)
3691 536 : ereport(LOG,
3692 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
3693 : errmsg("no slot available for new autovacuum worker process")));
3694 : else
3695 : {
3696 : /* shouldn't happen because we allocate enough slots */
3697 0 : elog(LOG, "no postmaster child slot available for aux process");
3698 : }
3699 536 : return NULL;
3700 : }
3701 :
3702 8698 : pid = postmaster_child_launch(type, pmchild->child_slot, NULL, 0, NULL);
3703 8698 : if (pid < 0)
3704 : {
3705 : /* in parent, fork failed */
3706 0 : ReleasePostmasterChildSlot(pmchild);
3707 0 : ereport(LOG,
3708 : (errmsg("could not fork \"%s\" process: %m", PostmasterChildName(type))));
3709 :
3710 : /*
3711 : * fork failure is fatal during startup, but there's no need to choke
3712 : * immediately if starting other child types fails.
3713 : */
3714 0 : if (type == B_STARTUP)
3715 0 : ExitPostmaster(1);
3716 0 : return NULL;
3717 : }
3718 :
3719 : /* in parent, successful fork */
3720 8698 : pmchild->pid = pid;
3721 8698 : return pmchild;
3722 : }
3723 :
3724 : /*
3725 : * StartSysLogger -- start the syslogger process
3726 : */
3727 : void
3728 2 : StartSysLogger(void)
3729 : {
3730 : Assert(SysLoggerPMChild == NULL);
3731 :
3732 2 : SysLoggerPMChild = AssignPostmasterChildSlot(B_LOGGER);
3733 2 : if (!SysLoggerPMChild)
3734 0 : elog(PANIC, "no postmaster child slot available for syslogger");
3735 2 : SysLoggerPMChild->pid = SysLogger_Start(SysLoggerPMChild->child_slot);
3736 2 : if (SysLoggerPMChild->pid == 0)
3737 : {
3738 0 : ReleasePostmasterChildSlot(SysLoggerPMChild);
3739 0 : SysLoggerPMChild = NULL;
3740 : }
3741 2 : }
3742 :
3743 : /*
3744 : * StartAutovacuumWorker
3745 : * Start an autovac worker process.
3746 : *
3747 : * This function is here because it enters the resulting PID into the
3748 : * postmaster's private backends list.
3749 : *
3750 : * NB -- this code very roughly matches BackendStartup.
3751 : */
3752 : static void
3753 1592 : StartAutovacuumWorker(void)
3754 : {
3755 : PMChild *bn;
3756 :
3757 : /*
3758 : * If not in condition to run a process, don't try, but handle it like a
3759 : * fork failure. This does not normally happen, since the signal is only
3760 : * supposed to be sent by autovacuum launcher when it's OK to do it, but
3761 : * we have to check to avoid race-condition problems during DB state
3762 : * changes.
3763 : */
3764 1592 : if (canAcceptConnections(B_AUTOVAC_WORKER) == CAC_OK)
3765 : {
3766 1592 : bn = StartChildProcess(B_AUTOVAC_WORKER);
3767 1592 : if (bn)
3768 : {
3769 1056 : bn->bgworker_notify = false;
3770 1056 : bn->rw = NULL;
3771 1056 : return;
3772 : }
3773 : else
3774 : {
3775 : /*
3776 : * fork failed, fall through to report -- actual error message was
3777 : * logged by StartChildProcess
3778 : */
3779 : }
3780 : }
3781 :
3782 : /*
3783 : * Report the failure to the launcher, if it's running. (If it's not, we
3784 : * might not even be connected to shared memory, so don't try to call
3785 : * AutoVacWorkerFailed.) Note that we also need to signal it so that it
3786 : * responds to the condition, but we don't do that here, instead waiting
3787 : * for ServerLoop to do it. This way we avoid a ping-pong signaling in
3788 : * quick succession between the autovac launcher and postmaster in case
3789 : * things get ugly.
3790 : */
3791 536 : if (AutoVacLauncherPMChild != NULL)
3792 : {
3793 536 : AutoVacWorkerFailed();
3794 536 : avlauncher_needs_signal = true;
3795 : }
3796 : }
3797 :
3798 :
3799 : /*
3800 : * Create the opts file
3801 : */
3802 : static bool
3803 1514 : CreateOptsFile(int argc, char *argv[], char *fullprogname)
3804 : {
3805 : FILE *fp;
3806 : int i;
3807 :
3808 : #define OPTS_FILE "postmaster.opts"
3809 :
3810 1514 : if ((fp = fopen(OPTS_FILE, "w")) == NULL)
3811 : {
3812 0 : ereport(LOG,
3813 : (errcode_for_file_access(),
3814 : errmsg("could not create file \"%s\": %m", OPTS_FILE)));
3815 0 : return false;
3816 : }
3817 :
3818 1514 : fprintf(fp, "%s", fullprogname);
3819 7532 : for (i = 1; i < argc; i++)
3820 6018 : fprintf(fp, " \"%s\"", argv[i]);
3821 1514 : fputs("\n", fp);
3822 :
3823 1514 : if (fclose(fp))
3824 : {
3825 0 : ereport(LOG,
3826 : (errcode_for_file_access(),
3827 : errmsg("could not write file \"%s\": %m", OPTS_FILE)));
3828 0 : return false;
3829 : }
3830 :
3831 1514 : return true;
3832 : }
3833 :
3834 :
3835 : /*
3836 : * Start a new bgworker.
3837 : * Starting time conditions must have been checked already.
3838 : *
3839 : * Returns true on success, false on failure.
3840 : * In either case, update the RegisteredBgWorker's state appropriately.
3841 : *
3842 : * NB -- this code very roughly matches BackendStartup.
3843 : */
3844 : static bool
3845 4806 : StartBackgroundWorker(RegisteredBgWorker *rw)
3846 : {
3847 : PMChild *bn;
3848 : pid_t worker_pid;
3849 :
3850 : Assert(rw->rw_pid == 0);
3851 :
3852 : /*
3853 : * Allocate and assign the child slot. Note we must do this before
3854 : * forking, so that we can handle failures (out of memory or child-process
3855 : * slots) cleanly.
3856 : *
3857 : * Treat failure as though the worker had crashed. That way, the
3858 : * postmaster will wait a bit before attempting to start it again; if we
3859 : * tried again right away, most likely we'd find ourselves hitting the
3860 : * same resource-exhaustion condition.
3861 : */
3862 4806 : bn = AssignPostmasterChildSlot(B_BG_WORKER);
3863 4806 : if (bn == NULL)
3864 : {
3865 0 : ereport(LOG,
3866 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
3867 : errmsg("no slot available for new background worker process")));
3868 0 : rw->rw_crashed_at = GetCurrentTimestamp();
3869 0 : return false;
3870 : }
3871 4806 : bn->rw = rw;
3872 4806 : bn->bkend_type = B_BG_WORKER;
3873 4806 : bn->bgworker_notify = false;
3874 :
3875 4806 : ereport(DEBUG1,
3876 : (errmsg_internal("starting background worker process \"%s\"",
3877 : rw->rw_worker.bgw_name)));
3878 :
3879 4806 : worker_pid = postmaster_child_launch(B_BG_WORKER, bn->child_slot,
3880 4806 : (char *) &rw->rw_worker, sizeof(BackgroundWorker), NULL);
3881 4802 : if (worker_pid == -1)
3882 : {
3883 : /* in postmaster, fork failed ... */
3884 0 : ereport(LOG,
3885 : (errmsg("could not fork background worker process: %m")));
3886 : /* undo what AssignPostmasterChildSlot did */
3887 0 : ReleasePostmasterChildSlot(bn);
3888 :
3889 : /* mark entry as crashed, so we'll try again later */
3890 0 : rw->rw_crashed_at = GetCurrentTimestamp();
3891 0 : return false;
3892 : }
3893 :
3894 : /* in postmaster, fork successful ... */
3895 4802 : rw->rw_pid = worker_pid;
3896 4802 : bn->pid = rw->rw_pid;
3897 4802 : ReportBackgroundWorkerPID(rw);
3898 4802 : return true;
3899 : }
3900 :
3901 : /*
3902 : * Does the current postmaster state require starting a worker with the
3903 : * specified start_time?
3904 : */
3905 : static bool
3906 6556 : bgworker_should_start_now(BgWorkerStartTime start_time)
3907 : {
3908 6556 : switch (pmState)
3909 : {
3910 0 : case PM_NO_CHILDREN:
3911 : case PM_WAIT_DEAD_END:
3912 : case PM_SHUTDOWN_2:
3913 : case PM_SHUTDOWN:
3914 : case PM_WAIT_BACKENDS:
3915 : case PM_STOP_BACKENDS:
3916 0 : break;
3917 :
3918 4806 : case PM_RUN:
3919 4806 : if (start_time == BgWorkerStart_RecoveryFinished)
3920 2074 : return true;
3921 : /* fall through */
3922 :
3923 : case PM_HOT_STANDBY:
3924 3012 : if (start_time == BgWorkerStart_ConsistentState)
3925 2732 : return true;
3926 : /* fall through */
3927 :
3928 : case PM_RECOVERY:
3929 : case PM_STARTUP:
3930 : case PM_INIT:
3931 1750 : if (start_time == BgWorkerStart_PostmasterStart)
3932 0 : return true;
3933 : /* fall through */
3934 : }
3935 :
3936 1750 : return false;
3937 : }
3938 :
3939 : /*
3940 : * If the time is right, start background worker(s).
3941 : *
3942 : * As a side effect, the bgworker control variables are set or reset
3943 : * depending on whether more workers may need to be started.
3944 : *
3945 : * We limit the number of workers started per call, to avoid consuming the
3946 : * postmaster's attention for too long when many such requests are pending.
3947 : * As long as StartWorkerNeeded is true, ServerLoop will not block and will
3948 : * call this function again after dealing with any other issues.
3949 : */
3950 : static void
3951 10524 : maybe_start_bgworkers(void)
3952 : {
3953 : #define MAX_BGWORKERS_TO_LAUNCH 100
3954 10524 : int num_launched = 0;
3955 10524 : TimestampTz now = 0;
3956 : dlist_mutable_iter iter;
3957 :
3958 : /*
3959 : * During crash recovery, we have no need to be called until the state
3960 : * transition out of recovery.
3961 : */
3962 10524 : if (FatalError)
3963 : {
3964 0 : StartWorkerNeeded = false;
3965 0 : HaveCrashedWorker = false;
3966 0 : return;
3967 : }
3968 :
3969 : /* Don't need to be called again unless we find a reason for it below */
3970 10524 : StartWorkerNeeded = false;
3971 10524 : HaveCrashedWorker = false;
3972 :
3973 29020 : dlist_foreach_modify(iter, &BackgroundWorkerList)
3974 : {
3975 : RegisteredBgWorker *rw;
3976 :
3977 18500 : rw = dlist_container(RegisteredBgWorker, rw_lnode, iter.cur);
3978 :
3979 : /* ignore if already running */
3980 18500 : if (rw->rw_pid != 0)
3981 9866 : continue;
3982 :
3983 : /* if marked for death, clean up and remove from list */
3984 8634 : if (rw->rw_terminate)
3985 : {
3986 0 : ForgetBackgroundWorker(rw);
3987 0 : continue;
3988 : }
3989 :
3990 : /*
3991 : * If this worker has crashed previously, maybe it needs to be
3992 : * restarted (unless on registration it specified it doesn't want to
3993 : * be restarted at all). Check how long ago did a crash last happen.
3994 : * If the last crash is too recent, don't start it right away; let it
3995 : * be restarted once enough time has passed.
3996 : */
3997 8634 : if (rw->rw_crashed_at != 0)
3998 : {
3999 2078 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
4000 : {
4001 : int notify_pid;
4002 :
4003 0 : notify_pid = rw->rw_worker.bgw_notify_pid;
4004 :
4005 0 : ForgetBackgroundWorker(rw);
4006 :
4007 : /* Report worker is gone now. */
4008 0 : if (notify_pid != 0)
4009 0 : kill(notify_pid, SIGUSR1);
4010 :
4011 0 : continue;
4012 : }
4013 :
4014 : /* read system time only when needed */
4015 2078 : if (now == 0)
4016 2078 : now = GetCurrentTimestamp();
4017 :
4018 2078 : if (!TimestampDifferenceExceeds(rw->rw_crashed_at, now,
4019 2078 : rw->rw_worker.bgw_restart_time * 1000))
4020 : {
4021 : /* Set flag to remember that we have workers to start later */
4022 2078 : HaveCrashedWorker = true;
4023 2078 : continue;
4024 : }
4025 : }
4026 :
4027 6556 : if (bgworker_should_start_now(rw->rw_worker.bgw_start_time))
4028 : {
4029 : /* reset crash time before trying to start worker */
4030 4806 : rw->rw_crashed_at = 0;
4031 :
4032 : /*
4033 : * Try to start the worker.
4034 : *
4035 : * On failure, give up processing workers for now, but set
4036 : * StartWorkerNeeded so we'll come back here on the next iteration
4037 : * of ServerLoop to try again. (We don't want to wait, because
4038 : * there might be additional ready-to-run workers.) We could set
4039 : * HaveCrashedWorker as well, since this worker is now marked
4040 : * crashed, but there's no need because the next run of this
4041 : * function will do that.
4042 : */
4043 4806 : if (!StartBackgroundWorker(rw))
4044 : {
4045 0 : StartWorkerNeeded = true;
4046 0 : return;
4047 : }
4048 :
4049 : /*
4050 : * If we've launched as many workers as allowed, quit, but have
4051 : * ServerLoop call us again to look for additional ready-to-run
4052 : * workers. There might not be any, but we'll find out the next
4053 : * time we run.
4054 : */
4055 4802 : if (++num_launched >= MAX_BGWORKERS_TO_LAUNCH)
4056 : {
4057 0 : StartWorkerNeeded = true;
4058 0 : return;
4059 : }
4060 : }
4061 : }
4062 : }
4063 :
4064 : /*
4065 : * When a backend asks to be notified about worker state changes, we
4066 : * set a flag in its backend entry. The background worker machinery needs
4067 : * to know when such backends exit.
4068 : */
4069 : bool
4070 3526 : PostmasterMarkPIDForWorkerNotify(int pid)
4071 : {
4072 : dlist_iter iter;
4073 : PMChild *bp;
4074 :
4075 7014 : dlist_foreach(iter, &ActiveChildList)
4076 : {
4077 7014 : bp = dlist_container(PMChild, elem, iter.cur);
4078 7014 : if (bp->pid == pid)
4079 : {
4080 3526 : bp->bgworker_notify = true;
4081 3526 : return true;
4082 : }
4083 : }
4084 0 : return false;
4085 : }
4086 :
4087 : #ifdef WIN32
4088 :
4089 : /*
4090 : * Subset implementation of waitpid() for Windows. We assume pid is -1
4091 : * (that is, check all child processes) and options is WNOHANG (don't wait).
4092 : */
4093 : static pid_t
4094 : waitpid(pid_t pid, int *exitstatus, int options)
4095 : {
4096 : win32_deadchild_waitinfo *childinfo;
4097 : DWORD exitcode;
4098 : DWORD dwd;
4099 : ULONG_PTR key;
4100 : OVERLAPPED *ovl;
4101 :
4102 : /* Try to consume one win32_deadchild_waitinfo from the queue. */
4103 : if (!GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
4104 : {
4105 : errno = EAGAIN;
4106 : return -1;
4107 : }
4108 :
4109 : childinfo = (win32_deadchild_waitinfo *) key;
4110 : pid = childinfo->procId;
4111 :
4112 : /*
4113 : * Remove handle from wait - required even though it's set to wait only
4114 : * once
4115 : */
4116 : UnregisterWaitEx(childinfo->waitHandle, NULL);
4117 :
4118 : if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
4119 : {
4120 : /*
4121 : * Should never happen. Inform user and set a fixed exitcode.
4122 : */
4123 : write_stderr("could not read exit code for process\n");
4124 : exitcode = 255;
4125 : }
4126 : *exitstatus = exitcode;
4127 :
4128 : /*
4129 : * Close the process handle. Only after this point can the PID can be
4130 : * recycled by the kernel.
4131 : */
4132 : CloseHandle(childinfo->procHandle);
4133 :
4134 : /*
4135 : * Free struct that was allocated before the call to
4136 : * RegisterWaitForSingleObject()
4137 : */
4138 : pfree(childinfo);
4139 :
4140 : return pid;
4141 : }
4142 :
4143 : /*
4144 : * Note! Code below executes on a thread pool! All operations must
4145 : * be thread safe! Note that elog() and friends must *not* be used.
4146 : */
4147 : static void WINAPI
4148 : pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
4149 : {
4150 : /* Should never happen, since we use INFINITE as timeout value. */
4151 : if (TimerOrWaitFired)
4152 : return;
4153 :
4154 : /*
4155 : * Post the win32_deadchild_waitinfo object for waitpid() to deal with. If
4156 : * that fails, we leak the object, but we also leak a whole process and
4157 : * get into an unrecoverable state, so there's not much point in worrying
4158 : * about that. We'd like to panic, but we can't use that infrastructure
4159 : * from this thread.
4160 : */
4161 : if (!PostQueuedCompletionStatus(win32ChildQueue,
4162 : 0,
4163 : (ULONG_PTR) lpParameter,
4164 : NULL))
4165 : write_stderr("could not post child completion status\n");
4166 :
4167 : /* Queue SIGCHLD signal. */
4168 : pg_queue_signal(SIGCHLD);
4169 : }
4170 :
4171 : /*
4172 : * Queue a waiter to signal when this child dies. The wait will be handled
4173 : * automatically by an operating system thread pool. The memory and the
4174 : * process handle will be freed by a later call to waitpid().
4175 : */
4176 : void
4177 : pgwin32_register_deadchild_callback(HANDLE procHandle, DWORD procId)
4178 : {
4179 : win32_deadchild_waitinfo *childinfo;
4180 :
4181 : childinfo = palloc(sizeof(win32_deadchild_waitinfo));
4182 : childinfo->procHandle = procHandle;
4183 : childinfo->procId = procId;
4184 :
4185 : if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
4186 : procHandle,
4187 : pgwin32_deadchild_callback,
4188 : childinfo,
4189 : INFINITE,
4190 : WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
4191 : ereport(FATAL,
4192 : (errmsg_internal("could not register process for wait: error code %lu",
4193 : GetLastError())));
4194 : }
4195 :
4196 : #endif /* WIN32 */
4197 :
4198 : /*
4199 : * Initialize one and only handle for monitoring postmaster death.
4200 : *
4201 : * Called once in the postmaster, so that child processes can subsequently
4202 : * monitor if their parent is dead.
4203 : */
4204 : static void
4205 1514 : InitPostmasterDeathWatchHandle(void)
4206 : {
4207 : #ifndef WIN32
4208 :
4209 : /*
4210 : * Create a pipe. Postmaster holds the write end of the pipe open
4211 : * (POSTMASTER_FD_OWN), and children hold the read end. Children can pass
4212 : * the read file descriptor to select() to wake up in case postmaster
4213 : * dies, or check for postmaster death with a (read() == 0). Children must
4214 : * close the write end as soon as possible after forking, because EOF
4215 : * won't be signaled in the read end until all processes have closed the
4216 : * write fd. That is taken care of in ClosePostmasterPorts().
4217 : */
4218 : Assert(MyProcPid == PostmasterPid);
4219 1514 : if (pipe(postmaster_alive_fds) < 0)
4220 0 : ereport(FATAL,
4221 : (errcode_for_file_access(),
4222 : errmsg_internal("could not create pipe to monitor postmaster death: %m")));
4223 :
4224 : /* Notify fd.c that we've eaten two FDs for the pipe. */
4225 1514 : ReserveExternalFD();
4226 1514 : ReserveExternalFD();
4227 :
4228 : /*
4229 : * Set O_NONBLOCK to allow testing for the fd's presence with a read()
4230 : * call.
4231 : */
4232 1514 : if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFL, O_NONBLOCK) == -1)
4233 0 : ereport(FATAL,
4234 : (errcode_for_socket_access(),
4235 : errmsg_internal("could not set postmaster death monitoring pipe to nonblocking mode: %m")));
4236 : #else
4237 :
4238 : /*
4239 : * On Windows, we use a process handle for the same purpose.
4240 : */
4241 : if (DuplicateHandle(GetCurrentProcess(),
4242 : GetCurrentProcess(),
4243 : GetCurrentProcess(),
4244 : &PostmasterHandle,
4245 : 0,
4246 : TRUE,
4247 : DUPLICATE_SAME_ACCESS) == 0)
4248 : ereport(FATAL,
4249 : (errmsg_internal("could not duplicate postmaster handle: error code %lu",
4250 : GetLastError())));
4251 : #endif /* WIN32 */
4252 1514 : }
|
