Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * postmaster.c
4 : * This program acts as a clearing house for requests to the
5 : * POSTGRES system. Frontend programs send a startup message
6 : * to the Postmaster and the postmaster uses the info in the
7 : * message to setup a backend process.
8 : *
9 : * The postmaster also manages system-wide operations such as
10 : * startup and shutdown. The postmaster itself doesn't do those
11 : * operations, mind you --- it just forks off a subprocess to do them
12 : * at the right times. It also takes care of resetting the system
13 : * if a backend crashes.
14 : *
15 : * The postmaster process creates the shared memory and semaphore
16 : * pools during startup, but as a rule does not touch them itself.
17 : * In particular, it is not a member of the PGPROC array of backends
18 : * and so it cannot participate in lock-manager operations. Keeping
19 : * the postmaster away from shared memory operations makes it simpler
20 : * and more reliable. The postmaster is almost always able to recover
21 : * from crashes of individual backends by resetting shared memory;
22 : * if it did much with shared memory then it would be prone to crashing
23 : * along with the backends.
24 : *
25 : * When a request message is received, we now fork() immediately.
26 : * The child process performs authentication of the request, and
27 : * then becomes a backend if successful. This allows the auth code
28 : * to be written in a simple single-threaded style (as opposed to the
29 : * crufty "poor man's multitasking" code that used to be needed).
30 : * More importantly, it ensures that blockages in non-multithreaded
31 : * libraries like SSL or PAM cannot cause denial of service to other
32 : * clients.
33 : *
34 : *
35 : * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
36 : * Portions Copyright (c) 1994, Regents of the University of California
37 : *
38 : *
39 : * IDENTIFICATION
40 : * src/backend/postmaster/postmaster.c
41 : *
42 : * NOTES
43 : *
44 : * Initialization:
45 : * The Postmaster sets up shared memory data structures
46 : * for the backends.
47 : *
48 : * Synchronization:
49 : * The Postmaster shares memory with the backends but should avoid
50 : * touching shared memory, so as not to become stuck if a crashing
51 : * backend screws up locks or shared memory. Likewise, the Postmaster
52 : * should never block on messages from frontend clients.
53 : *
54 : * Garbage Collection:
55 : * The Postmaster cleans up after backends if they have an emergency
56 : * exit and/or core dump.
57 : *
58 : * Error Reporting:
59 : * Use write_stderr() only for reporting "interactive" errors
60 : * (essentially, bogus arguments on the command line). Once the
61 : * postmaster is launched, use ereport().
62 : *
63 : *-------------------------------------------------------------------------
64 : */
65 :
66 : #include "postgres.h"
67 :
68 : #include <unistd.h>
69 : #include <signal.h>
70 : #include <time.h>
71 : #include <sys/wait.h>
72 : #include <ctype.h>
73 : #include <sys/stat.h>
74 : #include <sys/socket.h>
75 : #include <fcntl.h>
76 : #include <sys/param.h>
77 : #include <netdb.h>
78 : #include <limits.h>
79 :
80 : #ifdef HAVE_SYS_SELECT_H
81 : #include <sys/select.h>
82 : #endif
83 :
84 : #ifdef USE_BONJOUR
85 : #include <dns_sd.h>
86 : #endif
87 :
88 : #ifdef USE_SYSTEMD
89 : #include <systemd/sd-daemon.h>
90 : #endif
91 :
92 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
93 : #include <pthread.h>
94 : #endif
95 :
96 : #include "access/transam.h"
97 : #include "access/xlog.h"
98 : #include "catalog/pg_control.h"
99 : #include "common/file_perm.h"
100 : #include "common/ip.h"
101 : #include "common/pg_prng.h"
102 : #include "common/string.h"
103 : #include "lib/ilist.h"
104 : #include "libpq/auth.h"
105 : #include "libpq/libpq.h"
106 : #include "libpq/pqformat.h"
107 : #include "libpq/pqsignal.h"
108 : #include "pg_getopt.h"
109 : #include "pgstat.h"
110 : #include "port/pg_bswap.h"
111 : #include "postmaster/autovacuum.h"
112 : #include "postmaster/auxprocess.h"
113 : #include "postmaster/bgworker_internals.h"
114 : #include "postmaster/fork_process.h"
115 : #include "postmaster/interrupt.h"
116 : #include "postmaster/pgarch.h"
117 : #include "postmaster/postmaster.h"
118 : #include "postmaster/syslogger.h"
119 : #include "replication/logicallauncher.h"
120 : #include "replication/walsender.h"
121 : #include "storage/fd.h"
122 : #include "storage/ipc.h"
123 : #include "storage/pg_shmem.h"
124 : #include "storage/pmsignal.h"
125 : #include "storage/proc.h"
126 : #include "tcop/tcopprot.h"
127 : #include "utils/builtins.h"
128 : #include "utils/datetime.h"
129 : #include "utils/memutils.h"
130 : #include "utils/pidfile.h"
131 : #include "utils/ps_status.h"
132 : #include "utils/queryjumble.h"
133 : #include "utils/timeout.h"
134 : #include "utils/timestamp.h"
135 : #include "utils/varlena.h"
136 :
137 : #ifdef EXEC_BACKEND
138 : #include "storage/spin.h"
139 : #endif
140 :
141 :
142 : /*
143 : * Possible types of a backend. Beyond being the possible bkend_type values in
144 : * struct bkend, these are OR-able request flag bits for SignalSomeChildren()
145 : * and CountChildren().
146 : */
147 : #define BACKEND_TYPE_NORMAL 0x0001 /* normal backend */
148 : #define BACKEND_TYPE_AUTOVAC 0x0002 /* autovacuum worker process */
149 : #define BACKEND_TYPE_WALSND 0x0004 /* walsender process */
150 : #define BACKEND_TYPE_BGWORKER 0x0008 /* bgworker process */
151 : #define BACKEND_TYPE_ALL 0x000F /* OR of all the above */
152 :
153 : /*
154 : * List of active backends (or child processes anyway; we don't actually
155 : * know whether a given child has become a backend or is still in the
156 : * authorization phase). This is used mainly to keep track of how many
157 : * children we have and send them appropriate signals when necessary.
158 : *
159 : * As shown in the above set of backend types, this list includes not only
160 : * "normal" client sessions, but also autovacuum workers, walsenders, and
161 : * background workers. (Note that at the time of launch, walsenders are
162 : * labeled BACKEND_TYPE_NORMAL; we relabel them to BACKEND_TYPE_WALSND
163 : * upon noticing they've changed their PMChildFlags entry. Hence that check
164 : * must be done before any operation that needs to distinguish walsenders
165 : * from normal backends.)
166 : *
167 : * Also, "dead_end" children are in it: these are children launched just for
168 : * the purpose of sending a friendly rejection message to a would-be client.
169 : * We must track them because they are attached to shared memory, but we know
170 : * they will never become live backends. dead_end children are not assigned a
171 : * PMChildSlot. dead_end children have bkend_type NORMAL.
172 : *
173 : * "Special" children such as the startup, bgwriter and autovacuum launcher
174 : * tasks are not in this list. They are tracked via StartupPID and other
175 : * pid_t variables below. (Thus, there can't be more than one of any given
176 : * "special" child process type. We use BackendList entries for any child
177 : * process there can be more than one of.)
178 : */
179 : typedef struct bkend
180 : {
181 : pid_t pid; /* process id of backend */
182 : int32 cancel_key; /* cancel key for cancels for this backend */
183 : int child_slot; /* PMChildSlot for this backend, if any */
184 : int bkend_type; /* child process flavor, see above */
185 : bool dead_end; /* is it going to send an error and quit? */
186 : bool bgworker_notify; /* gets bgworker start/stop notifications */
187 : dlist_node elem; /* list link in BackendList */
188 : } Backend;
189 :
190 : static dlist_head BackendList = DLIST_STATIC_INIT(BackendList);
191 :
192 : #ifdef EXEC_BACKEND
193 : static Backend *ShmemBackendArray;
194 : #endif
195 :
196 : BackgroundWorker *MyBgworkerEntry = NULL;
197 :
198 :
199 :
200 : /* The socket number we are listening for connections on */
201 : int PostPortNumber;
202 :
203 : /* The directory names for Unix socket(s) */
204 : char *Unix_socket_directories;
205 :
206 : /* The TCP listen address(es) */
207 : char *ListenAddresses;
208 :
209 : /*
210 : * ReservedBackends is the number of backends reserved for superuser use.
211 : * This number is taken out of the pool size given by MaxConnections so
212 : * number of backend slots available to non-superusers is
213 : * (MaxConnections - ReservedBackends). Note what this really means is
214 : * "if there are <= ReservedBackends connections available, only superusers
215 : * can make new connections" --- pre-existing superuser connections don't
216 : * count against the limit.
217 : */
218 : int ReservedBackends;
219 :
220 : /* The socket(s) we're listening to. */
221 : #define MAXLISTEN 64
222 : static pgsocket ListenSocket[MAXLISTEN];
223 :
224 : /*
225 : * These globals control the behavior of the postmaster in case some
226 : * backend dumps core. Normally, it kills all peers of the dead backend
227 : * and reinitializes shared memory. By specifying -s or -n, we can have
228 : * the postmaster stop (rather than kill) peers and not reinitialize
229 : * shared data structures. (Reinit is currently dead code, though.)
230 : */
231 : static bool Reinit = true;
232 : static int SendStop = false;
233 :
234 : /* still more option variables */
235 : bool EnableSSL = false;
236 :
237 : int PreAuthDelay = 0;
238 : int AuthenticationTimeout = 60;
239 :
240 : bool log_hostname; /* for ps display and logging */
241 : bool Log_connections = false;
242 : bool Db_user_namespace = false;
243 :
244 : bool enable_bonjour = false;
245 : char *bonjour_name;
246 : bool restart_after_crash = true;
247 : bool remove_temp_files_after_crash = true;
248 :
249 : /* PIDs of special child processes; 0 when not running */
250 : static pid_t StartupPID = 0,
251 : BgWriterPID = 0,
252 : CheckpointerPID = 0,
253 : WalWriterPID = 0,
254 : WalReceiverPID = 0,
255 : AutoVacPID = 0,
256 : PgArchPID = 0,
257 : PgStatPID = 0,
258 : SysLoggerPID = 0;
259 :
260 : /* Startup process's status */
261 : typedef enum
262 : {
263 : STARTUP_NOT_RUNNING,
264 : STARTUP_RUNNING,
265 : STARTUP_SIGNALED, /* we sent it a SIGQUIT or SIGKILL */
266 : STARTUP_CRASHED
267 : } StartupStatusEnum;
268 :
269 : static StartupStatusEnum StartupStatus = STARTUP_NOT_RUNNING;
270 :
271 : /* Startup/shutdown state */
272 : #define NoShutdown 0
273 : #define SmartShutdown 1
274 : #define FastShutdown 2
275 : #define ImmediateShutdown 3
276 :
277 : static int Shutdown = NoShutdown;
278 :
279 : static bool FatalError = false; /* T if recovering from backend crash */
280 :
281 : /*
282 : * We use a simple state machine to control startup, shutdown, and
283 : * crash recovery (which is rather like shutdown followed by startup).
284 : *
285 : * After doing all the postmaster initialization work, we enter PM_STARTUP
286 : * state and the startup process is launched. The startup process begins by
287 : * reading the control file and other preliminary initialization steps.
288 : * In a normal startup, or after crash recovery, the startup process exits
289 : * with exit code 0 and we switch to PM_RUN state. However, archive recovery
290 : * is handled specially since it takes much longer and we would like to support
291 : * hot standby during archive recovery.
292 : *
293 : * When the startup process is ready to start archive recovery, it signals the
294 : * postmaster, and we switch to PM_RECOVERY state. The background writer and
295 : * checkpointer are launched, while the startup process continues applying WAL.
296 : * If Hot Standby is enabled, then, after reaching a consistent point in WAL
297 : * redo, startup process signals us again, and we switch to PM_HOT_STANDBY
298 : * state and begin accepting connections to perform read-only queries. When
299 : * archive recovery is finished, the startup process exits with exit code 0
300 : * and we switch to PM_RUN state.
301 : *
302 : * Normal child backends can only be launched when we are in PM_RUN or
303 : * PM_HOT_STANDBY state. (connsAllowed can also restrict launching.)
304 : * In other states we handle connection requests by launching "dead_end"
305 : * child processes, which will simply send the client an error message and
306 : * quit. (We track these in the BackendList so that we can know when they
307 : * are all gone; this is important because they're still connected to shared
308 : * memory, and would interfere with an attempt to destroy the shmem segment,
309 : * possibly leading to SHMALL failure when we try to make a new one.)
310 : * In PM_WAIT_DEAD_END state we are waiting for all the dead_end children
311 : * to drain out of the system, and therefore stop accepting connection
312 : * requests at all until the last existing child has quit (which hopefully
313 : * will not be very long).
314 : *
315 : * Notice that this state variable does not distinguish *why* we entered
316 : * states later than PM_RUN --- Shutdown and FatalError must be consulted
317 : * to find that out. FatalError is never true in PM_RECOVERY, PM_HOT_STANDBY,
318 : * or PM_RUN states, nor in PM_SHUTDOWN states (because we don't enter those
319 : * states when trying to recover from a crash). It can be true in PM_STARTUP
320 : * state, because we don't clear it until we've successfully started WAL redo.
321 : */
322 : typedef enum
323 : {
324 : PM_INIT, /* postmaster starting */
325 : PM_STARTUP, /* waiting for startup subprocess */
326 : PM_RECOVERY, /* in archive recovery mode */
327 : PM_HOT_STANDBY, /* in hot standby mode */
328 : PM_RUN, /* normal "database is alive" state */
329 : PM_STOP_BACKENDS, /* need to stop remaining backends */
330 : PM_WAIT_BACKENDS, /* waiting for live backends to exit */
331 : PM_SHUTDOWN, /* waiting for checkpointer to do shutdown
332 : * ckpt */
333 : PM_SHUTDOWN_2, /* waiting for archiver and walsenders to
334 : * finish */
335 : PM_WAIT_DEAD_END, /* waiting for dead_end children to exit */
336 : PM_NO_CHILDREN /* all important children have exited */
337 : } PMState;
338 :
339 : static PMState pmState = PM_INIT;
340 :
341 : /*
342 : * While performing a "smart shutdown", we restrict new connections but stay
343 : * in PM_RUN or PM_HOT_STANDBY state until all the client backends are gone.
344 : * connsAllowed is a sub-state indicator showing the active restriction.
345 : * It is of no interest unless pmState is PM_RUN or PM_HOT_STANDBY.
346 : */
347 : typedef enum
348 : {
349 : ALLOW_ALL_CONNS, /* normal not-shutting-down state */
350 : ALLOW_SUPERUSER_CONNS, /* only superusers can connect */
351 : ALLOW_NO_CONNS /* no new connections allowed, period */
352 : } ConnsAllowedState;
353 :
354 : static ConnsAllowedState connsAllowed = ALLOW_ALL_CONNS;
355 :
356 : /* Start time of SIGKILL timeout during immediate shutdown or child crash */
357 : /* Zero means timeout is not running */
358 : static time_t AbortStartTime = 0;
359 :
360 : /* Length of said timeout */
361 : #define SIGKILL_CHILDREN_AFTER_SECS 5
362 :
363 : static bool ReachedNormalRunning = false; /* T if we've reached PM_RUN */
364 :
365 : bool ClientAuthInProgress = false; /* T during new-client
366 : * authentication */
367 :
368 : bool redirection_done = false; /* stderr redirected for syslogger? */
369 :
370 : /* received START_AUTOVAC_LAUNCHER signal */
371 : static volatile sig_atomic_t start_autovac_launcher = false;
372 :
373 : /* the launcher needs to be signaled to communicate some condition */
374 : static volatile bool avlauncher_needs_signal = false;
375 :
376 : /* received START_WALRECEIVER signal */
377 : static volatile sig_atomic_t WalReceiverRequested = false;
378 :
379 : /* set when there's a worker that needs to be started up */
380 : static volatile bool StartWorkerNeeded = true;
381 : static volatile bool HaveCrashedWorker = false;
382 :
383 : #ifdef USE_SSL
384 : /* Set when and if SSL has been initialized properly */
385 : static bool LoadedSSL = false;
386 : #endif
387 :
388 : #ifdef USE_BONJOUR
389 : static DNSServiceRef bonjour_sdref = NULL;
390 : #endif
391 :
392 : /*
393 : * postmaster.c - function prototypes
394 : */
395 : static void CloseServerPorts(int status, Datum arg);
396 : static void unlink_external_pid_file(int status, Datum arg);
397 : static void getInstallationPaths(const char *argv0);
398 : static void checkControlFile(void);
399 : static Port *ConnCreate(int serverFd);
400 : static void ConnFree(Port *port);
401 : static void reset_shared(void);
402 : static void SIGHUP_handler(SIGNAL_ARGS);
403 : static void pmdie(SIGNAL_ARGS);
404 : static void reaper(SIGNAL_ARGS);
405 : static void sigusr1_handler(SIGNAL_ARGS);
406 : static void process_startup_packet_die(SIGNAL_ARGS);
407 : static void dummy_handler(SIGNAL_ARGS);
408 : static void StartupPacketTimeoutHandler(void);
409 : static void CleanupBackend(int pid, int exitstatus);
410 : static bool CleanupBackgroundWorker(int pid, int exitstatus);
411 : static void HandleChildCrash(int pid, int exitstatus, const char *procname);
412 : static void LogChildExit(int lev, const char *procname,
413 : int pid, int exitstatus);
414 : static void PostmasterStateMachine(void);
415 : static void BackendInitialize(Port *port);
416 : static void BackendRun(Port *port) pg_attribute_noreturn();
417 : static void ExitPostmaster(int status) pg_attribute_noreturn();
418 : static int ServerLoop(void);
419 : static int BackendStartup(Port *port);
420 : static int ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done);
421 : static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options);
422 : static void processCancelRequest(Port *port, void *pkt);
423 : static int initMasks(fd_set *rmask);
424 : static void report_fork_failure_to_client(Port *port, int errnum);
425 : static CAC_state canAcceptConnections(int backend_type);
426 : static bool RandomCancelKey(int32 *cancel_key);
427 : static void signal_child(pid_t pid, int signal);
428 : static bool SignalSomeChildren(int signal, int targets);
429 : static void TerminateChildren(int signal);
430 :
431 : #define SignalChildren(sig) SignalSomeChildren(sig, BACKEND_TYPE_ALL)
432 :
433 : static int CountChildren(int target);
434 : static bool assign_backendlist_entry(RegisteredBgWorker *rw);
435 : static void maybe_start_bgworkers(void);
436 : static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
437 : static pid_t StartChildProcess(AuxProcType type);
438 : static void StartAutovacuumWorker(void);
439 : static void MaybeStartWalReceiver(void);
440 : static void InitPostmasterDeathWatchHandle(void);
441 :
442 : /*
443 : * Archiver is allowed to start up at the current postmaster state?
444 : *
445 : * If WAL archiving is enabled always, we are allowed to start archiver
446 : * even during recovery.
447 : */
448 : #define PgArchStartupAllowed() \
449 : (((XLogArchivingActive() && pmState == PM_RUN) || \
450 : (XLogArchivingAlways() && \
451 : (pmState == PM_RECOVERY || pmState == PM_HOT_STANDBY))) && \
452 : PgArchCanRestart())
453 :
454 : #ifdef EXEC_BACKEND
455 :
456 : #ifdef WIN32
457 : #define WNOHANG 0 /* ignored, so any integer value will do */
458 :
459 : static pid_t waitpid(pid_t pid, int *exitstatus, int options);
460 : static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
461 :
462 : static HANDLE win32ChildQueue;
463 :
464 : typedef struct
465 : {
466 : HANDLE waitHandle;
467 : HANDLE procHandle;
468 : DWORD procId;
469 : } win32_deadchild_waitinfo;
470 : #endif /* WIN32 */
471 :
472 : static pid_t backend_forkexec(Port *port);
473 : static pid_t internal_forkexec(int argc, char *argv[], Port *port);
474 :
475 : /* Type for a socket that can be inherited to a client process */
476 : #ifdef WIN32
477 : typedef struct
478 : {
479 : SOCKET origsocket; /* Original socket value, or PGINVALID_SOCKET
480 : * if not a socket */
481 : WSAPROTOCOL_INFO wsainfo;
482 : } InheritableSocket;
483 : #else
484 : typedef int InheritableSocket;
485 : #endif
486 :
487 : /*
488 : * Structure contains all variables passed to exec:ed backends
489 : */
490 : typedef struct
491 : {
492 : Port port;
493 : InheritableSocket portsocket;
494 : char DataDir[MAXPGPATH];
495 : pgsocket ListenSocket[MAXLISTEN];
496 : int32 MyCancelKey;
497 : int MyPMChildSlot;
498 : #ifndef WIN32
499 : unsigned long UsedShmemSegID;
500 : #else
501 : void *ShmemProtectiveRegion;
502 : HANDLE UsedShmemSegID;
503 : #endif
504 : void *UsedShmemSegAddr;
505 : slock_t *ShmemLock;
506 : VariableCache ShmemVariableCache;
507 : Backend *ShmemBackendArray;
508 : #ifndef HAVE_SPINLOCKS
509 : PGSemaphore *SpinlockSemaArray;
510 : #endif
511 : int NamedLWLockTrancheRequests;
512 : NamedLWLockTranche *NamedLWLockTrancheArray;
513 : LWLockPadded *MainLWLockArray;
514 : slock_t *ProcStructLock;
515 : PROC_HDR *ProcGlobal;
516 : PGPROC *AuxiliaryProcs;
517 : PGPROC *PreparedXactProcs;
518 : PMSignalData *PMSignalState;
519 : InheritableSocket pgStatSock;
520 : pid_t PostmasterPid;
521 : TimestampTz PgStartTime;
522 : TimestampTz PgReloadTime;
523 : pg_time_t first_syslogger_file_time;
524 : bool redirection_done;
525 : bool IsBinaryUpgrade;
526 : bool query_id_enabled;
527 : int max_safe_fds;
528 : int MaxBackends;
529 : #ifdef WIN32
530 : HANDLE PostmasterHandle;
531 : HANDLE initial_signal_pipe;
532 : HANDLE syslogPipe[2];
533 : #else
534 : int postmaster_alive_fds[2];
535 : int syslogPipe[2];
536 : #endif
537 : char my_exec_path[MAXPGPATH];
538 : char pkglib_path[MAXPGPATH];
539 : } BackendParameters;
540 :
541 : static void read_backend_variables(char *id, Port *port);
542 : static void restore_backend_variables(BackendParameters *param, Port *port);
543 :
544 : #ifndef WIN32
545 : static bool save_backend_variables(BackendParameters *param, Port *port);
546 : #else
547 : static bool save_backend_variables(BackendParameters *param, Port *port,
548 : HANDLE childProcess, pid_t childPid);
549 : #endif
550 :
551 : static void ShmemBackendArrayAdd(Backend *bn);
552 : static void ShmemBackendArrayRemove(Backend *bn);
553 : #endif /* EXEC_BACKEND */
554 :
555 : #define StartupDataBase() StartChildProcess(StartupProcess)
556 : #define StartArchiver() StartChildProcess(ArchiverProcess)
557 : #define StartBackgroundWriter() StartChildProcess(BgWriterProcess)
558 : #define StartCheckpointer() StartChildProcess(CheckpointerProcess)
559 : #define StartWalWriter() StartChildProcess(WalWriterProcess)
560 : #define StartWalReceiver() StartChildProcess(WalReceiverProcess)
561 :
562 : /* Macros to check exit status of a child process */
563 : #define EXIT_STATUS_0(st) ((st) == 0)
564 : #define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
565 : #define EXIT_STATUS_3(st) (WIFEXITED(st) && WEXITSTATUS(st) == 3)
566 :
567 : #ifndef WIN32
568 : /*
569 : * File descriptors for pipe used to monitor if postmaster is alive.
570 : * First is POSTMASTER_FD_WATCH, second is POSTMASTER_FD_OWN.
571 : */
572 : int postmaster_alive_fds[2] = {-1, -1};
573 : #else
574 : /* Process handle of postmaster used for the same purpose on Windows */
575 : HANDLE PostmasterHandle;
576 : #endif
577 :
578 : /*
579 : * Postmaster main entry point
580 : */
581 : void
582 956 : PostmasterMain(int argc, char *argv[])
583 : {
584 : int opt;
585 : int status;
586 956 : char *userDoption = NULL;
587 956 : bool listen_addr_saved = false;
588 : int i;
589 956 : char *output_config_variable = NULL;
590 :
591 956 : InitProcessGlobals();
592 :
593 956 : PostmasterPid = MyProcPid;
594 :
595 956 : IsPostmasterEnvironment = true;
596 :
597 : /*
598 : * Start our win32 signal implementation
599 : */
600 : #ifdef WIN32
601 : pgwin32_signal_initialize();
602 : #endif
603 :
604 : /*
605 : * We should not be creating any files or directories before we check the
606 : * data directory (see checkDataDir()), but just in case set the umask to
607 : * the most restrictive (owner-only) permissions.
608 : *
609 : * checkDataDir() will reset the umask based on the data directory
610 : * permissions.
611 : */
612 956 : umask(PG_MODE_MASK_OWNER);
613 :
614 : /*
615 : * By default, palloc() requests in the postmaster will be allocated in
616 : * the PostmasterContext, which is space that can be recycled by backends.
617 : * Allocated data that needs to be available to backends should be
618 : * allocated in TopMemoryContext.
619 : */
620 956 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
621 : "Postmaster",
622 : ALLOCSET_DEFAULT_SIZES);
623 956 : MemoryContextSwitchTo(PostmasterContext);
624 :
625 : /* Initialize paths to installation files */
626 956 : getInstallationPaths(argv[0]);
627 :
628 : /*
629 : * Set up signal handlers for the postmaster process.
630 : *
631 : * In the postmaster, we use pqsignal_pm() rather than pqsignal() (which
632 : * is used by all child processes and client processes). That has a
633 : * couple of special behaviors:
634 : *
635 : * 1. Except on Windows, we tell sigaction() to block all signals for the
636 : * duration of the signal handler. This is faster than our old approach
637 : * of blocking/unblocking explicitly in the signal handler, and it should
638 : * also prevent excessive stack consumption if signals arrive quickly.
639 : *
640 : * 2. We do not set the SA_RESTART flag. This is because signals will be
641 : * blocked at all times except when ServerLoop is waiting for something to
642 : * happen, and during that window, we want signals to exit the select(2)
643 : * wait so that ServerLoop can respond if anything interesting happened.
644 : * On some platforms, signals marked SA_RESTART would not cause the
645 : * select() wait to end.
646 : *
647 : * Child processes will generally want SA_RESTART, so pqsignal() sets that
648 : * flag. We expect children to set up their own handlers before
649 : * unblocking signals.
650 : *
651 : * CAUTION: when changing this list, check for side-effects on the signal
652 : * handling setup of child processes. See tcop/postgres.c,
653 : * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
654 : * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/pgstat.c,
655 : * postmaster/syslogger.c, postmaster/bgworker.c and
656 : * postmaster/checkpointer.c.
657 : */
658 956 : pqinitmask();
659 956 : PG_SETMASK(&BlockSig);
660 :
661 956 : pqsignal_pm(SIGHUP, SIGHUP_handler); /* reread config file and have
662 : * children do same */
663 956 : pqsignal_pm(SIGINT, pmdie); /* send SIGTERM and shut down */
664 956 : pqsignal_pm(SIGQUIT, pmdie); /* send SIGQUIT and die */
665 956 : pqsignal_pm(SIGTERM, pmdie); /* wait for children and shut down */
666 956 : pqsignal_pm(SIGALRM, SIG_IGN); /* ignored */
667 956 : pqsignal_pm(SIGPIPE, SIG_IGN); /* ignored */
668 956 : pqsignal_pm(SIGUSR1, sigusr1_handler); /* message from child process */
669 956 : pqsignal_pm(SIGUSR2, dummy_handler); /* unused, reserve for children */
670 956 : pqsignal_pm(SIGCHLD, reaper); /* handle child termination */
671 :
672 : #ifdef SIGURG
673 :
674 : /*
675 : * Ignore SIGURG for now. Child processes may change this (see
676 : * InitializeLatchSupport), but they will not receive any such signals
677 : * until they wait on a latch.
678 : */
679 956 : pqsignal_pm(SIGURG, SIG_IGN); /* ignored */
680 : #endif
681 :
682 : /*
683 : * No other place in Postgres should touch SIGTTIN/SIGTTOU handling. We
684 : * ignore those signals in a postmaster environment, so that there is no
685 : * risk of a child process freezing up due to writing to stderr. But for
686 : * a standalone backend, their default handling is reasonable. Hence, all
687 : * child processes should just allow the inherited settings to stand.
688 : */
689 : #ifdef SIGTTIN
690 956 : pqsignal_pm(SIGTTIN, SIG_IGN); /* ignored */
691 : #endif
692 : #ifdef SIGTTOU
693 956 : pqsignal_pm(SIGTTOU, SIG_IGN); /* ignored */
694 : #endif
695 :
696 : /* ignore SIGXFSZ, so that ulimit violations work like disk full */
697 : #ifdef SIGXFSZ
698 956 : pqsignal_pm(SIGXFSZ, SIG_IGN); /* ignored */
699 : #endif
700 :
701 : /*
702 : * Options setup
703 : */
704 956 : InitializeGUCOptions();
705 :
706 956 : opterr = 1;
707 :
708 : /*
709 : * Parse command-line options. CAUTION: keep this in sync with
710 : * tcop/postgres.c (the option sets should not conflict) and with the
711 : * common help() function in main/main.c.
712 : */
713 3186 : while ((opt = getopt(argc, argv, "B:bc:C:D:d:EeFf:h:ijk:lN:nOPp:r:S:sTt:W:-:")) != -1)
714 : {
715 2230 : switch (opt)
716 : {
717 0 : case 'B':
718 0 : SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
719 0 : break;
720 :
721 8 : case 'b':
722 : /* Undocumented flag used for binary upgrades */
723 8 : IsBinaryUpgrade = true;
724 8 : break;
725 :
726 4 : case 'C':
727 4 : output_config_variable = strdup(optarg);
728 4 : break;
729 :
730 952 : case 'D':
731 952 : userDoption = strdup(optarg);
732 952 : break;
733 :
734 0 : case 'd':
735 0 : set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
736 0 : break;
737 :
738 0 : case 'E':
739 0 : SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
740 0 : break;
741 :
742 0 : case 'e':
743 0 : SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
744 0 : break;
745 :
746 146 : case 'F':
747 146 : SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
748 146 : break;
749 :
750 0 : case 'f':
751 0 : if (!set_plan_disabling_options(optarg, PGC_POSTMASTER, PGC_S_ARGV))
752 : {
753 0 : write_stderr("%s: invalid argument for option -f: \"%s\"\n",
754 : progname, optarg);
755 0 : ExitPostmaster(1);
756 : }
757 0 : break;
758 :
759 0 : case 'h':
760 0 : SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
761 0 : break;
762 :
763 0 : case 'i':
764 0 : SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
765 0 : break;
766 :
767 0 : case 'j':
768 : /* only used by interactive backend */
769 0 : break;
770 :
771 146 : case 'k':
772 146 : SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV);
773 146 : break;
774 :
775 0 : case 'l':
776 0 : SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
777 0 : break;
778 :
779 0 : case 'N':
780 0 : SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
781 0 : break;
782 :
783 0 : case 'n':
784 : /* Don't reinit shared mem after abnormal exit */
785 0 : Reinit = false;
786 0 : break;
787 :
788 0 : case 'O':
789 0 : SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
790 0 : break;
791 :
792 0 : case 'P':
793 0 : SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
794 0 : break;
795 :
796 8 : case 'p':
797 8 : SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
798 8 : break;
799 :
800 0 : case 'r':
801 : /* only used by single-user backend */
802 0 : break;
803 :
804 0 : case 'S':
805 0 : SetConfigOption("work_mem", optarg, PGC_POSTMASTER, PGC_S_ARGV);
806 0 : break;
807 :
808 0 : case 's':
809 0 : SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
810 0 : break;
811 :
812 0 : case 'T':
813 :
814 : /*
815 : * In the event that some backend dumps core, send SIGSTOP,
816 : * rather than SIGQUIT, to all its peers. This lets the wily
817 : * post_hacker collect core dumps from everyone.
818 : */
819 0 : SendStop = true;
820 0 : break;
821 :
822 0 : case 't':
823 : {
824 0 : const char *tmp = get_stats_option_name(optarg);
825 :
826 0 : if (tmp)
827 : {
828 0 : SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
829 : }
830 : else
831 : {
832 0 : write_stderr("%s: invalid argument for option -t: \"%s\"\n",
833 : progname, optarg);
834 0 : ExitPostmaster(1);
835 : }
836 0 : break;
837 : }
838 :
839 0 : case 'W':
840 0 : SetConfigOption("post_auth_delay", optarg, PGC_POSTMASTER, PGC_S_ARGV);
841 0 : break;
842 :
843 966 : case 'c':
844 : case '-':
845 : {
846 : char *name,
847 : *value;
848 :
849 966 : ParseLongOption(optarg, &name, &value);
850 966 : if (!value)
851 : {
852 0 : if (opt == '-')
853 0 : ereport(ERROR,
854 : (errcode(ERRCODE_SYNTAX_ERROR),
855 : errmsg("--%s requires a value",
856 : optarg)));
857 : else
858 0 : ereport(ERROR,
859 : (errcode(ERRCODE_SYNTAX_ERROR),
860 : errmsg("-c %s requires a value",
861 : optarg)));
862 : }
863 :
864 966 : SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
865 966 : free(name);
866 966 : if (value)
867 966 : free(value);
868 966 : break;
869 : }
870 :
871 0 : default:
872 0 : write_stderr("Try \"%s --help\" for more information.\n",
873 : progname);
874 0 : ExitPostmaster(1);
875 : }
876 : }
877 :
878 : /*
879 : * Postmaster accepts no non-option switch arguments.
880 : */
881 956 : if (optind < argc)
882 : {
883 0 : write_stderr("%s: invalid argument: \"%s\"\n",
884 0 : progname, argv[optind]);
885 0 : write_stderr("Try \"%s --help\" for more information.\n",
886 : progname);
887 0 : ExitPostmaster(1);
888 : }
889 :
890 : /*
891 : * Locate the proper configuration files and data directory, and read
892 : * postgresql.conf for the first time.
893 : */
894 956 : if (!SelectConfigFiles(userDoption, progname))
895 0 : ExitPostmaster(2);
896 :
897 954 : if (output_config_variable != NULL)
898 : {
899 : /*
900 : * If this is a runtime-computed GUC, it hasn't yet been initialized,
901 : * and the present value is not useful. However, this is a convenient
902 : * place to print the value for most GUCs because it is safe to run
903 : * postmaster startup to this point even if the server is already
904 : * running. For the handful of runtime-computed GUCs that we cannot
905 : * provide meaningful values for yet, we wait until later in
906 : * postmaster startup to print the value. We won't be able to use -C
907 : * on running servers for those GUCs, but using this option now would
908 : * lead to incorrect results for them.
909 : */
910 4 : int flags = GetConfigOptionFlags(output_config_variable, true);
911 :
912 4 : if ((flags & GUC_RUNTIME_COMPUTED) == 0)
913 : {
914 : /*
915 : * "-C guc" was specified, so print GUC's value and exit. No
916 : * extra permission check is needed because the user is reading
917 : * inside the data dir.
918 : */
919 2 : const char *config_val = GetConfigOption(output_config_variable,
920 : false, false);
921 :
922 2 : puts(config_val ? config_val : "");
923 2 : ExitPostmaster(0);
924 : }
925 : }
926 :
927 : /* Verify that DataDir looks reasonable */
928 952 : checkDataDir();
929 :
930 : /* Check that pg_control exists */
931 952 : checkControlFile();
932 :
933 : /* And switch working directory into it */
934 952 : ChangeToDataDir();
935 :
936 : /*
937 : * Check for invalid combinations of GUC settings.
938 : */
939 952 : if (ReservedBackends >= MaxConnections)
940 : {
941 0 : write_stderr("%s: superuser_reserved_connections (%d) must be less than max_connections (%d)\n",
942 : progname,
943 : ReservedBackends, MaxConnections);
944 0 : ExitPostmaster(1);
945 : }
946 952 : if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)
947 0 : ereport(ERROR,
948 : (errmsg("WAL archival cannot be enabled when wal_level is \"minimal\"")));
949 952 : if (max_wal_senders > 0 && wal_level == WAL_LEVEL_MINIMAL)
950 0 : ereport(ERROR,
951 : (errmsg("WAL streaming (max_wal_senders > 0) requires wal_level \"replica\" or \"logical\"")));
952 :
953 : /*
954 : * Other one-time internal sanity checks can go here, if they are fast.
955 : * (Put any slow processing further down, after postmaster.pid creation.)
956 : */
957 952 : if (!CheckDateTokenTables())
958 : {
959 0 : write_stderr("%s: invalid datetoken tables, please fix\n", progname);
960 0 : ExitPostmaster(1);
961 : }
962 :
963 : /*
964 : * Now that we are done processing the postmaster arguments, reset
965 : * getopt(3) library so that it will work correctly in subprocesses.
966 : */
967 952 : optind = 1;
968 : #ifdef HAVE_INT_OPTRESET
969 : optreset = 1; /* some systems need this too */
970 : #endif
971 :
972 : /* For debugging: display postmaster environment */
973 : {
974 : extern char **environ;
975 : char **p;
976 :
977 952 : ereport(DEBUG3,
978 : (errmsg_internal("%s: PostmasterMain: initial environment dump:",
979 : progname)));
980 952 : ereport(DEBUG3,
981 : (errmsg_internal("-----------------------------------------")));
982 34852 : for (p = environ; *p; ++p)
983 33900 : ereport(DEBUG3,
984 : (errmsg_internal("\t%s", *p)));
985 952 : ereport(DEBUG3,
986 : (errmsg_internal("-----------------------------------------")));
987 : }
988 :
989 : /*
990 : * Create lockfile for data directory.
991 : *
992 : * We want to do this before we try to grab the input sockets, because the
993 : * data directory interlock is more reliable than the socket-file
994 : * interlock (thanks to whoever decided to put socket files in /tmp :-().
995 : * For the same reason, it's best to grab the TCP socket(s) before the
996 : * Unix socket(s).
997 : *
998 : * Also note that this internally sets up the on_proc_exit function that
999 : * is responsible for removing both data directory and socket lockfiles;
1000 : * so it must happen before opening sockets so that at exit, the socket
1001 : * lockfiles go away after CloseServerPorts runs.
1002 : */
1003 952 : CreateDataDirLockFile(true);
1004 :
1005 : /*
1006 : * Read the control file (for error checking and config info).
1007 : *
1008 : * Since we verify the control file's CRC, this has a useful side effect
1009 : * on machines where we need a run-time test for CRC support instructions.
1010 : * The postmaster will do the test once at startup, and then its child
1011 : * processes will inherit the correct function pointer and not need to
1012 : * repeat the test.
1013 : */
1014 950 : LocalProcessControlFile(false);
1015 :
1016 : /*
1017 : * Register the apply launcher. Since it registers a background worker,
1018 : * it needs to be called before InitializeMaxBackends(), and it's probably
1019 : * a good idea to call it before any modules had chance to take the
1020 : * background worker slots.
1021 : */
1022 950 : ApplyLauncherRegister();
1023 :
1024 : /*
1025 : * process any libraries that should be preloaded at postmaster start
1026 : */
1027 950 : process_shared_preload_libraries();
1028 :
1029 : /*
1030 : * Initialize SSL library, if specified.
1031 : */
1032 : #ifdef USE_SSL
1033 950 : if (EnableSSL)
1034 : {
1035 34 : (void) secure_initialize(true);
1036 28 : LoadedSSL = true;
1037 : }
1038 : #endif
1039 :
1040 : /*
1041 : * Now that loadable modules have had their chance to register background
1042 : * workers, calculate MaxBackends.
1043 : */
1044 944 : InitializeMaxBackends();
1045 :
1046 : /*
1047 : * Now that loadable modules have had their chance to request additional
1048 : * shared memory, determine the value of any runtime-computed GUCs that
1049 : * depend on the amount of shared memory required.
1050 : */
1051 944 : InitializeShmemGUCs();
1052 :
1053 : /*
1054 : * If -C was specified with a runtime-computed GUC, we held off printing
1055 : * the value earlier, as the GUC was not yet initialized. We handle -C
1056 : * for most GUCs before we lock the data directory so that the option may
1057 : * be used on a running server. However, a handful of GUCs are runtime-
1058 : * computed and do not have meaningful values until after locking the data
1059 : * directory, and we cannot safely calculate their values earlier on a
1060 : * running server. At this point, such GUCs should be properly
1061 : * initialized, and we haven't yet set up shared memory, so this is a good
1062 : * time to handle the -C option for these special GUCs.
1063 : */
1064 944 : if (output_config_variable != NULL)
1065 : {
1066 2 : const char *config_val = GetConfigOption(output_config_variable,
1067 : false, false);
1068 :
1069 2 : puts(config_val ? config_val : "");
1070 2 : ExitPostmaster(0);
1071 : }
1072 :
1073 : /*
1074 : * Set up shared memory and semaphores.
1075 : */
1076 942 : reset_shared();
1077 :
1078 : /*
1079 : * Estimate number of openable files. This must happen after setting up
1080 : * semaphores, because on some platforms semaphores count as open files.
1081 : */
1082 940 : set_max_safe_fds();
1083 :
1084 : /*
1085 : * Set reference point for stack-depth checking.
1086 : */
1087 940 : set_stack_base();
1088 :
1089 : /*
1090 : * Initialize pipe (or process handle on Windows) that allows children to
1091 : * wake up from sleep on postmaster death.
1092 : */
1093 940 : InitPostmasterDeathWatchHandle();
1094 :
1095 : #ifdef WIN32
1096 :
1097 : /*
1098 : * Initialize I/O completion port used to deliver list of dead children.
1099 : */
1100 : win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
1101 : if (win32ChildQueue == NULL)
1102 : ereport(FATAL,
1103 : (errmsg("could not create I/O completion port for child queue")));
1104 : #endif
1105 :
1106 : #ifdef EXEC_BACKEND
1107 : /* Write out nondefault GUC settings for child processes to use */
1108 : write_nondefault_variables(PGC_POSTMASTER);
1109 :
1110 : /*
1111 : * Clean out the temp directory used to transmit parameters to child
1112 : * processes (see internal_forkexec, below). We must do this before
1113 : * launching any child processes, else we have a race condition: we could
1114 : * remove a parameter file before the child can read it. It should be
1115 : * safe to do so now, because we verified earlier that there are no
1116 : * conflicting Postgres processes in this data directory.
1117 : */
1118 : RemovePgTempFilesInDir(PG_TEMP_FILES_DIR, true, false);
1119 : #endif
1120 :
1121 : /*
1122 : * Forcibly remove the files signaling a standby promotion request.
1123 : * Otherwise, the existence of those files triggers a promotion too early,
1124 : * whether a user wants that or not.
1125 : *
1126 : * This removal of files is usually unnecessary because they can exist
1127 : * only during a few moments during a standby promotion. However there is
1128 : * a race condition: if pg_ctl promote is executed and creates the files
1129 : * during a promotion, the files can stay around even after the server is
1130 : * brought up to be the primary. Then, if a new standby starts by using
1131 : * the backup taken from the new primary, the files can exist at server
1132 : * startup and must be removed in order to avoid an unexpected promotion.
1133 : *
1134 : * Note that promotion signal files need to be removed before the startup
1135 : * process is invoked. Because, after that, they can be used by
1136 : * postmaster's SIGUSR1 signal handler.
1137 : */
1138 940 : RemovePromoteSignalFiles();
1139 :
1140 : /* Do the same for logrotate signal file */
1141 940 : RemoveLogrotateSignalFiles();
1142 :
1143 : /* Remove any outdated file holding the current log filenames. */
1144 940 : if (unlink(LOG_METAINFO_DATAFILE) < 0 && errno != ENOENT)
1145 0 : ereport(LOG,
1146 : (errcode_for_file_access(),
1147 : errmsg("could not remove file \"%s\": %m",
1148 : LOG_METAINFO_DATAFILE)));
1149 :
1150 : /*
1151 : * If enabled, start up syslogger collection subprocess
1152 : */
1153 940 : SysLoggerPID = SysLogger_Start();
1154 :
1155 : /*
1156 : * Reset whereToSendOutput from DestDebug (its starting state) to
1157 : * DestNone. This stops ereport from sending log messages to stderr unless
1158 : * Log_destination permits. We don't do this until the postmaster is
1159 : * fully launched, since startup failures may as well be reported to
1160 : * stderr.
1161 : *
1162 : * If we are in fact disabling logging to stderr, first emit a log message
1163 : * saying so, to provide a breadcrumb trail for users who may not remember
1164 : * that their logging is configured to go somewhere else.
1165 : */
1166 940 : if (!(Log_destination & LOG_DESTINATION_STDERR))
1167 0 : ereport(LOG,
1168 : (errmsg("ending log output to stderr"),
1169 : errhint("Future log output will go to log destination \"%s\".",
1170 : Log_destination_string)));
1171 :
1172 940 : whereToSendOutput = DestNone;
1173 :
1174 : /*
1175 : * Report server startup in log. While we could emit this much earlier,
1176 : * it seems best to do so after starting the log collector, if we intend
1177 : * to use one.
1178 : */
1179 940 : ereport(LOG,
1180 : (errmsg("starting %s", PG_VERSION_STR)));
1181 :
1182 : /*
1183 : * Establish input sockets.
1184 : *
1185 : * First, mark them all closed, and set up an on_proc_exit function that's
1186 : * charged with closing the sockets again at postmaster shutdown.
1187 : */
1188 61100 : for (i = 0; i < MAXLISTEN; i++)
1189 60160 : ListenSocket[i] = PGINVALID_SOCKET;
1190 :
1191 940 : on_proc_exit(CloseServerPorts, 0);
1192 :
1193 940 : if (ListenAddresses)
1194 : {
1195 : char *rawstring;
1196 : List *elemlist;
1197 : ListCell *l;
1198 940 : int success = 0;
1199 :
1200 : /* Need a modifiable copy of ListenAddresses */
1201 940 : rawstring = pstrdup(ListenAddresses);
1202 :
1203 : /* Parse string into list of hostnames */
1204 940 : if (!SplitGUCList(rawstring, ',', &elemlist))
1205 : {
1206 : /* syntax error in list */
1207 0 : ereport(FATAL,
1208 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1209 : errmsg("invalid list syntax in parameter \"%s\"",
1210 : "listen_addresses")));
1211 : }
1212 :
1213 972 : foreach(l, elemlist)
1214 : {
1215 32 : char *curhost = (char *) lfirst(l);
1216 :
1217 32 : if (strcmp(curhost, "*") == 0)
1218 0 : status = StreamServerPort(AF_UNSPEC, NULL,
1219 0 : (unsigned short) PostPortNumber,
1220 : NULL,
1221 : ListenSocket, MAXLISTEN);
1222 : else
1223 32 : status = StreamServerPort(AF_UNSPEC, curhost,
1224 32 : (unsigned short) PostPortNumber,
1225 : NULL,
1226 : ListenSocket, MAXLISTEN);
1227 :
1228 32 : if (status == STATUS_OK)
1229 : {
1230 32 : success++;
1231 : /* record the first successful host addr in lockfile */
1232 32 : if (!listen_addr_saved)
1233 : {
1234 32 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, curhost);
1235 32 : listen_addr_saved = true;
1236 : }
1237 : }
1238 : else
1239 0 : ereport(WARNING,
1240 : (errmsg("could not create listen socket for \"%s\"",
1241 : curhost)));
1242 : }
1243 :
1244 940 : if (!success && elemlist != NIL)
1245 0 : ereport(FATAL,
1246 : (errmsg("could not create any TCP/IP sockets")));
1247 :
1248 940 : list_free(elemlist);
1249 940 : pfree(rawstring);
1250 : }
1251 :
1252 : #ifdef USE_BONJOUR
1253 : /* Register for Bonjour only if we opened TCP socket(s) */
1254 : if (enable_bonjour && ListenSocket[0] != PGINVALID_SOCKET)
1255 : {
1256 : DNSServiceErrorType err;
1257 :
1258 : /*
1259 : * We pass 0 for interface_index, which will result in registering on
1260 : * all "applicable" interfaces. It's not entirely clear from the
1261 : * DNS-SD docs whether this would be appropriate if we have bound to
1262 : * just a subset of the available network interfaces.
1263 : */
1264 : err = DNSServiceRegister(&bonjour_sdref,
1265 : 0,
1266 : 0,
1267 : bonjour_name,
1268 : "_postgresql._tcp.",
1269 : NULL,
1270 : NULL,
1271 : pg_hton16(PostPortNumber),
1272 : 0,
1273 : NULL,
1274 : NULL,
1275 : NULL);
1276 : if (err != kDNSServiceErr_NoError)
1277 : ereport(LOG,
1278 : (errmsg("DNSServiceRegister() failed: error code %ld",
1279 : (long) err)));
1280 :
1281 : /*
1282 : * We don't bother to read the mDNS daemon's reply, and we expect that
1283 : * it will automatically terminate our registration when the socket is
1284 : * closed at postmaster termination. So there's nothing more to be
1285 : * done here. However, the bonjour_sdref is kept around so that
1286 : * forked children can close their copies of the socket.
1287 : */
1288 : }
1289 : #endif
1290 :
1291 : #ifdef HAVE_UNIX_SOCKETS
1292 940 : if (Unix_socket_directories)
1293 : {
1294 : char *rawstring;
1295 : List *elemlist;
1296 : ListCell *l;
1297 940 : int success = 0;
1298 :
1299 : /* Need a modifiable copy of Unix_socket_directories */
1300 940 : rawstring = pstrdup(Unix_socket_directories);
1301 :
1302 : /* Parse string into list of directories */
1303 940 : if (!SplitDirectoriesString(rawstring, ',', &elemlist))
1304 : {
1305 : /* syntax error in list */
1306 0 : ereport(FATAL,
1307 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1308 : errmsg("invalid list syntax in parameter \"%s\"",
1309 : "unix_socket_directories")));
1310 : }
1311 :
1312 1878 : foreach(l, elemlist)
1313 : {
1314 938 : char *socketdir = (char *) lfirst(l);
1315 :
1316 938 : status = StreamServerPort(AF_UNIX, NULL,
1317 938 : (unsigned short) PostPortNumber,
1318 : socketdir,
1319 : ListenSocket, MAXLISTEN);
1320 :
1321 938 : if (status == STATUS_OK)
1322 : {
1323 938 : success++;
1324 : /* record the first successful Unix socket in lockfile */
1325 938 : if (success == 1)
1326 938 : AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
1327 : }
1328 : else
1329 0 : ereport(WARNING,
1330 : (errmsg("could not create Unix-domain socket in directory \"%s\"",
1331 : socketdir)));
1332 : }
1333 :
1334 940 : if (!success && elemlist != NIL)
1335 0 : ereport(FATAL,
1336 : (errmsg("could not create any Unix-domain sockets")));
1337 :
1338 940 : list_free_deep(elemlist);
1339 940 : pfree(rawstring);
1340 : }
1341 : #endif
1342 :
1343 : /*
1344 : * check that we have some socket to listen on
1345 : */
1346 940 : if (ListenSocket[0] == PGINVALID_SOCKET)
1347 0 : ereport(FATAL,
1348 : (errmsg("no socket created for listening")));
1349 :
1350 : /*
1351 : * If no valid TCP ports, write an empty line for listen address,
1352 : * indicating the Unix socket must be used. Note that this line is not
1353 : * added to the lock file until there is a socket backing it.
1354 : */
1355 940 : if (!listen_addr_saved)
1356 908 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, "");
1357 :
1358 : /*
1359 : * Record postmaster options. We delay this till now to avoid recording
1360 : * bogus options (eg, unusable port number).
1361 : */
1362 940 : if (!CreateOptsFile(argc, argv, my_exec_path))
1363 0 : ExitPostmaster(1);
1364 :
1365 : /*
1366 : * Write the external PID file if requested
1367 : */
1368 940 : if (external_pid_file)
1369 : {
1370 0 : FILE *fpidfile = fopen(external_pid_file, "w");
1371 :
1372 0 : if (fpidfile)
1373 : {
1374 0 : fprintf(fpidfile, "%d\n", MyProcPid);
1375 0 : fclose(fpidfile);
1376 :
1377 : /* Make PID file world readable */
1378 0 : if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
1379 0 : write_stderr("%s: could not change permissions of external PID file \"%s\": %s\n",
1380 0 : progname, external_pid_file, strerror(errno));
1381 : }
1382 : else
1383 0 : write_stderr("%s: could not write external PID file \"%s\": %s\n",
1384 0 : progname, external_pid_file, strerror(errno));
1385 :
1386 0 : on_proc_exit(unlink_external_pid_file, 0);
1387 : }
1388 :
1389 : /*
1390 : * Remove old temporary files. At this point there can be no other
1391 : * Postgres processes running in this directory, so this should be safe.
1392 : */
1393 940 : RemovePgTempFiles();
1394 :
1395 : /*
1396 : * Initialize stats collection subsystem (this does NOT start the
1397 : * collector process!)
1398 : */
1399 940 : pgstat_init();
1400 :
1401 : /*
1402 : * Initialize the autovacuum subsystem (again, no process start yet)
1403 : */
1404 940 : autovac_init();
1405 :
1406 : /*
1407 : * Load configuration files for client authentication.
1408 : */
1409 940 : if (!load_hba())
1410 : {
1411 : /*
1412 : * It makes no sense to continue if we fail to load the HBA file,
1413 : * since there is no way to connect to the database in this case.
1414 : */
1415 0 : ereport(FATAL,
1416 : (errmsg("could not load pg_hba.conf")));
1417 : }
1418 940 : if (!load_ident())
1419 : {
1420 : /*
1421 : * We can start up without the IDENT file, although it means that you
1422 : * cannot log in using any of the authentication methods that need a
1423 : * user name mapping. load_ident() already logged the details of error
1424 : * to the log.
1425 : */
1426 : }
1427 :
1428 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1429 :
1430 : /*
1431 : * On macOS, libintl replaces setlocale() with a version that calls
1432 : * CFLocaleCopyCurrent() when its second argument is "" and every relevant
1433 : * environment variable is unset or empty. CFLocaleCopyCurrent() makes
1434 : * the process multithreaded. The postmaster calls sigprocmask() and
1435 : * calls fork() without an immediate exec(), both of which have undefined
1436 : * behavior in a multithreaded program. A multithreaded postmaster is the
1437 : * normal case on Windows, which offers neither fork() nor sigprocmask().
1438 : */
1439 : if (pthread_is_threaded_np() != 0)
1440 : ereport(FATAL,
1441 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1442 : errmsg("postmaster became multithreaded during startup"),
1443 : errhint("Set the LC_ALL environment variable to a valid locale.")));
1444 : #endif
1445 :
1446 : /*
1447 : * Remember postmaster startup time
1448 : */
1449 940 : PgStartTime = GetCurrentTimestamp();
1450 :
1451 : /*
1452 : * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
1453 : * see what's happening.
1454 : */
1455 940 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STARTING);
1456 :
1457 : /* Start bgwriter and checkpointer so they can help with recovery */
1458 940 : if (CheckpointerPID == 0)
1459 940 : CheckpointerPID = StartCheckpointer();
1460 940 : if (BgWriterPID == 0)
1461 940 : BgWriterPID = StartBackgroundWriter();
1462 :
1463 : /*
1464 : * We're ready to rock and roll...
1465 : */
1466 940 : StartupPID = StartupDataBase();
1467 : Assert(StartupPID != 0);
1468 940 : StartupStatus = STARTUP_RUNNING;
1469 940 : pmState = PM_STARTUP;
1470 :
1471 : /* Some workers may be scheduled to start now */
1472 940 : maybe_start_bgworkers();
1473 :
1474 940 : status = ServerLoop();
1475 :
1476 : /*
1477 : * ServerLoop probably shouldn't ever return, but if it does, close down.
1478 : */
1479 0 : ExitPostmaster(status != STATUS_OK);
1480 :
1481 : abort(); /* not reached */
1482 : }
1483 :
1484 :
1485 : /*
1486 : * on_proc_exit callback to close server's listen sockets
1487 : */
1488 : static void
1489 934 : CloseServerPorts(int status, Datum arg)
1490 : {
1491 : int i;
1492 :
1493 : /*
1494 : * First, explicitly close all the socket FDs. We used to just let this
1495 : * happen implicitly at postmaster exit, but it's better to close them
1496 : * before we remove the postmaster.pid lockfile; otherwise there's a race
1497 : * condition if a new postmaster wants to re-use the TCP port number.
1498 : */
1499 60710 : for (i = 0; i < MAXLISTEN; i++)
1500 : {
1501 59776 : if (ListenSocket[i] != PGINVALID_SOCKET)
1502 : {
1503 966 : StreamClose(ListenSocket[i]);
1504 966 : ListenSocket[i] = PGINVALID_SOCKET;
1505 : }
1506 : }
1507 :
1508 : /*
1509 : * Next, remove any filesystem entries for Unix sockets. To avoid race
1510 : * conditions against incoming postmasters, this must happen after closing
1511 : * the sockets and before removing lock files.
1512 : */
1513 934 : RemoveSocketFiles();
1514 :
1515 : /*
1516 : * We don't do anything about socket lock files here; those will be
1517 : * removed in a later on_proc_exit callback.
1518 : */
1519 934 : }
1520 :
1521 : /*
1522 : * on_proc_exit callback to delete external_pid_file
1523 : */
1524 : static void
1525 0 : unlink_external_pid_file(int status, Datum arg)
1526 : {
1527 0 : if (external_pid_file)
1528 0 : unlink(external_pid_file);
1529 0 : }
1530 :
1531 :
1532 : /*
1533 : * Compute and check the directory paths to files that are part of the
1534 : * installation (as deduced from the postgres executable's own location)
1535 : */
1536 : static void
1537 956 : getInstallationPaths(const char *argv0)
1538 : {
1539 : DIR *pdir;
1540 :
1541 : /* Locate the postgres executable itself */
1542 956 : if (find_my_exec(argv0, my_exec_path) < 0)
1543 0 : ereport(FATAL,
1544 : (errmsg("%s: could not locate my own executable path", argv0)));
1545 :
1546 : #ifdef EXEC_BACKEND
1547 : /* Locate executable backend before we change working directory */
1548 : if (find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1549 : postgres_exec_path) < 0)
1550 : ereport(FATAL,
1551 : (errmsg("%s: could not locate matching postgres executable",
1552 : argv0)));
1553 : #endif
1554 :
1555 : /*
1556 : * Locate the pkglib directory --- this has to be set early in case we try
1557 : * to load any modules from it in response to postgresql.conf entries.
1558 : */
1559 956 : get_pkglib_path(my_exec_path, pkglib_path);
1560 :
1561 : /*
1562 : * Verify that there's a readable directory there; otherwise the Postgres
1563 : * installation is incomplete or corrupt. (A typical cause of this
1564 : * failure is that the postgres executable has been moved or hardlinked to
1565 : * some directory that's not a sibling of the installation lib/
1566 : * directory.)
1567 : */
1568 956 : pdir = AllocateDir(pkglib_path);
1569 956 : if (pdir == NULL)
1570 0 : ereport(ERROR,
1571 : (errcode_for_file_access(),
1572 : errmsg("could not open directory \"%s\": %m",
1573 : pkglib_path),
1574 : errhint("This may indicate an incomplete PostgreSQL installation, or that the file \"%s\" has been moved away from its proper location.",
1575 : my_exec_path)));
1576 956 : FreeDir(pdir);
1577 :
1578 : /*
1579 : * XXX is it worth similarly checking the share/ directory? If the lib/
1580 : * directory is there, then share/ probably is too.
1581 : */
1582 956 : }
1583 :
1584 : /*
1585 : * Check that pg_control exists in the correct location in the data directory.
1586 : *
1587 : * No attempt is made to validate the contents of pg_control here. This is
1588 : * just a sanity check to see if we are looking at a real data directory.
1589 : */
1590 : static void
1591 952 : checkControlFile(void)
1592 : {
1593 : char path[MAXPGPATH];
1594 : FILE *fp;
1595 :
1596 952 : snprintf(path, sizeof(path), "%s/global/pg_control", DataDir);
1597 :
1598 952 : fp = AllocateFile(path, PG_BINARY_R);
1599 952 : if (fp == NULL)
1600 : {
1601 0 : write_stderr("%s: could not find the database system\n"
1602 : "Expected to find it in the directory \"%s\",\n"
1603 : "but could not open file \"%s\": %s\n",
1604 0 : progname, DataDir, path, strerror(errno));
1605 0 : ExitPostmaster(2);
1606 : }
1607 952 : FreeFile(fp);
1608 952 : }
1609 :
1610 : /*
1611 : * Determine how long should we let ServerLoop sleep.
1612 : *
1613 : * In normal conditions we wait at most one minute, to ensure that the other
1614 : * background tasks handled by ServerLoop get done even when no requests are
1615 : * arriving. However, if there are background workers waiting to be started,
1616 : * we don't actually sleep so that they are quickly serviced. Other exception
1617 : * cases are as shown in the code.
1618 : */
1619 : static void
1620 28946 : DetermineSleepTime(struct timeval *timeout)
1621 : {
1622 28946 : TimestampTz next_wakeup = 0;
1623 :
1624 : /*
1625 : * Normal case: either there are no background workers at all, or we're in
1626 : * a shutdown sequence (during which we ignore bgworkers altogether).
1627 : */
1628 28946 : if (Shutdown > NoShutdown ||
1629 25110 : (!StartWorkerNeeded && !HaveCrashedWorker))
1630 : {
1631 28946 : if (AbortStartTime != 0)
1632 : {
1633 : /* time left to abort; clamp to 0 in case it already expired */
1634 996 : timeout->tv_sec = SIGKILL_CHILDREN_AFTER_SECS -
1635 996 : (time(NULL) - AbortStartTime);
1636 996 : timeout->tv_sec = Max(timeout->tv_sec, 0);
1637 996 : timeout->tv_usec = 0;
1638 : }
1639 : else
1640 : {
1641 27950 : timeout->tv_sec = 60;
1642 27950 : timeout->tv_usec = 0;
1643 : }
1644 28946 : return;
1645 : }
1646 :
1647 0 : if (StartWorkerNeeded)
1648 : {
1649 0 : timeout->tv_sec = 0;
1650 0 : timeout->tv_usec = 0;
1651 0 : return;
1652 : }
1653 :
1654 0 : if (HaveCrashedWorker)
1655 : {
1656 : slist_mutable_iter siter;
1657 :
1658 : /*
1659 : * When there are crashed bgworkers, we sleep just long enough that
1660 : * they are restarted when they request to be. Scan the list to
1661 : * determine the minimum of all wakeup times according to most recent
1662 : * crash time and requested restart interval.
1663 : */
1664 0 : slist_foreach_modify(siter, &BackgroundWorkerList)
1665 : {
1666 : RegisteredBgWorker *rw;
1667 : TimestampTz this_wakeup;
1668 :
1669 0 : rw = slist_container(RegisteredBgWorker, rw_lnode, siter.cur);
1670 :
1671 0 : if (rw->rw_crashed_at == 0)
1672 0 : continue;
1673 :
1674 0 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART
1675 0 : || rw->rw_terminate)
1676 : {
1677 0 : ForgetBackgroundWorker(&siter);
1678 0 : continue;
1679 : }
1680 :
1681 0 : this_wakeup = TimestampTzPlusMilliseconds(rw->rw_crashed_at,
1682 : 1000L * rw->rw_worker.bgw_restart_time);
1683 0 : if (next_wakeup == 0 || this_wakeup < next_wakeup)
1684 0 : next_wakeup = this_wakeup;
1685 : }
1686 : }
1687 :
1688 0 : if (next_wakeup != 0)
1689 : {
1690 : long secs;
1691 : int microsecs;
1692 :
1693 0 : TimestampDifference(GetCurrentTimestamp(), next_wakeup,
1694 : &secs, µsecs);
1695 0 : timeout->tv_sec = secs;
1696 0 : timeout->tv_usec = microsecs;
1697 :
1698 : /* Ensure we don't exceed one minute */
1699 0 : if (timeout->tv_sec > 60)
1700 : {
1701 0 : timeout->tv_sec = 60;
1702 0 : timeout->tv_usec = 0;
1703 : }
1704 : }
1705 : else
1706 : {
1707 0 : timeout->tv_sec = 60;
1708 0 : timeout->tv_usec = 0;
1709 : }
1710 : }
1711 :
1712 : /*
1713 : * Main idle loop of postmaster
1714 : *
1715 : * NB: Needs to be called with signals blocked
1716 : */
1717 : static int
1718 940 : ServerLoop(void)
1719 : {
1720 : fd_set readmask;
1721 : int nSockets;
1722 : time_t last_lockfile_recheck_time,
1723 : last_touch_time;
1724 :
1725 940 : last_lockfile_recheck_time = last_touch_time = time(NULL);
1726 :
1727 940 : nSockets = initMasks(&readmask);
1728 :
1729 : for (;;)
1730 28910 : {
1731 : fd_set rmask;
1732 : int selres;
1733 : time_t now;
1734 :
1735 : /*
1736 : * Wait for a connection request to arrive.
1737 : *
1738 : * We block all signals except while sleeping. That makes it safe for
1739 : * signal handlers, which again block all signals while executing, to
1740 : * do nontrivial work.
1741 : *
1742 : * If we are in PM_WAIT_DEAD_END state, then we don't want to accept
1743 : * any new connections, so we don't call select(), and just sleep.
1744 : */
1745 29850 : memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
1746 :
1747 29850 : if (pmState == PM_WAIT_DEAD_END)
1748 : {
1749 904 : PG_SETMASK(&UnBlockSig);
1750 :
1751 904 : pg_usleep(100000L); /* 100 msec seems reasonable */
1752 10 : selres = 0;
1753 :
1754 10 : PG_SETMASK(&BlockSig);
1755 : }
1756 : else
1757 : {
1758 : /* must set timeout each time; some OSes change it! */
1759 : struct timeval timeout;
1760 :
1761 : /* Needs to run with blocked signals! */
1762 28946 : DetermineSleepTime(&timeout);
1763 :
1764 28946 : PG_SETMASK(&UnBlockSig);
1765 :
1766 28946 : selres = select(nSockets, &rmask, NULL, NULL, &timeout);
1767 :
1768 28902 : PG_SETMASK(&BlockSig);
1769 : }
1770 :
1771 : /* Now check the select() result */
1772 28912 : if (selres < 0)
1773 : {
1774 16832 : if (errno != EINTR && errno != EWOULDBLOCK)
1775 : {
1776 0 : ereport(LOG,
1777 : (errcode_for_socket_access(),
1778 : errmsg("select() failed in postmaster: %m")));
1779 0 : return STATUS_ERROR;
1780 : }
1781 : }
1782 :
1783 : /*
1784 : * New connection pending on any of our sockets? If so, fork a child
1785 : * process to deal with it.
1786 : */
1787 28912 : if (selres > 0)
1788 : {
1789 : int i;
1790 :
1791 24574 : for (i = 0; i < MAXLISTEN; i++)
1792 : {
1793 24574 : if (ListenSocket[i] == PGINVALID_SOCKET)
1794 12068 : break;
1795 12506 : if (FD_ISSET(ListenSocket[i], &rmask))
1796 : {
1797 : Port *port;
1798 :
1799 12070 : port = ConnCreate(ListenSocket[i]);
1800 12070 : if (port)
1801 : {
1802 12070 : BackendStartup(port);
1803 :
1804 : /*
1805 : * We no longer need the open socket or port structure
1806 : * in this process
1807 : */
1808 12068 : StreamClose(port->sock);
1809 12068 : ConnFree(port);
1810 : }
1811 : }
1812 : }
1813 : }
1814 :
1815 : /* If we have lost the log collector, try to start a new one */
1816 28910 : if (SysLoggerPID == 0 && Logging_collector)
1817 0 : SysLoggerPID = SysLogger_Start();
1818 :
1819 : /*
1820 : * If no background writer process is running, and we are not in a
1821 : * state that prevents it, start one. It doesn't matter if this
1822 : * fails, we'll just try again later. Likewise for the checkpointer.
1823 : */
1824 28910 : if (pmState == PM_RUN || pmState == PM_RECOVERY ||
1825 6152 : pmState == PM_HOT_STANDBY || pmState == PM_STARTUP)
1826 : {
1827 24144 : if (CheckpointerPID == 0)
1828 8 : CheckpointerPID = StartCheckpointer();
1829 24144 : if (BgWriterPID == 0)
1830 8 : BgWriterPID = StartBackgroundWriter();
1831 : }
1832 :
1833 : /*
1834 : * Likewise, if we have lost the walwriter process, try to start a new
1835 : * one. But this is needed only in normal operation (else we cannot
1836 : * be writing any new WAL).
1837 : */
1838 28910 : if (WalWriterPID == 0 && pmState == PM_RUN)
1839 0 : WalWriterPID = StartWalWriter();
1840 :
1841 : /*
1842 : * If we have lost the autovacuum launcher, try to start a new one. We
1843 : * don't want autovacuum to run in binary upgrade mode because
1844 : * autovacuum might update relfrozenxid for empty tables before the
1845 : * physical files are put in place.
1846 : */
1847 34804 : if (!IsBinaryUpgrade && AutoVacPID == 0 &&
1848 7604 : (AutoVacuumingActive() || start_autovac_launcher) &&
1849 4184 : pmState == PM_RUN)
1850 : {
1851 0 : AutoVacPID = StartAutoVacLauncher();
1852 0 : if (AutoVacPID != 0)
1853 0 : start_autovac_launcher = false; /* signal processed */
1854 : }
1855 :
1856 : /* If we have lost the stats collector, try to start a new one */
1857 28910 : if (PgStatPID == 0 &&
1858 338 : (pmState == PM_RUN || pmState == PM_HOT_STANDBY))
1859 0 : PgStatPID = pgstat_start();
1860 :
1861 : /* If we have lost the archiver, try to start a new one. */
1862 28910 : if (PgArchPID == 0 && PgArchStartupAllowed())
1863 0 : PgArchPID = StartArchiver();
1864 :
1865 : /* If we need to signal the autovacuum launcher, do so now */
1866 28910 : if (avlauncher_needs_signal)
1867 : {
1868 0 : avlauncher_needs_signal = false;
1869 0 : if (AutoVacPID != 0)
1870 0 : kill(AutoVacPID, SIGUSR2);
1871 : }
1872 :
1873 : /* If we need to start a WAL receiver, try to do that now */
1874 28910 : if (WalReceiverRequested)
1875 200 : MaybeStartWalReceiver();
1876 :
1877 : /* Get other worker processes running, if needed */
1878 28910 : if (StartWorkerNeeded || HaveCrashedWorker)
1879 4492 : maybe_start_bgworkers();
1880 :
1881 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1882 :
1883 : /*
1884 : * With assertions enabled, check regularly for appearance of
1885 : * additional threads. All builds check at start and exit.
1886 : */
1887 : Assert(pthread_is_threaded_np() == 0);
1888 : #endif
1889 :
1890 : /*
1891 : * Lastly, check to see if it's time to do some things that we don't
1892 : * want to do every single time through the loop, because they're a
1893 : * bit expensive. Note that there's up to a minute of slop in when
1894 : * these tasks will be performed, since DetermineSleepTime() will let
1895 : * us sleep at most that long; except for SIGKILL timeout which has
1896 : * special-case logic there.
1897 : */
1898 28910 : now = time(NULL);
1899 :
1900 : /*
1901 : * If we already sent SIGQUIT to children and they are slow to shut
1902 : * down, it's time to send them SIGKILL. This doesn't happen
1903 : * normally, but under certain conditions backends can get stuck while
1904 : * shutting down. This is a last measure to get them unwedged.
1905 : *
1906 : * Note we also do this during recovery from a process crash.
1907 : */
1908 28910 : if ((Shutdown >= ImmediateShutdown || (FatalError && !SendStop)) &&
1909 1388 : AbortStartTime != 0 &&
1910 1380 : (now - AbortStartTime) >= SIGKILL_CHILDREN_AFTER_SECS)
1911 : {
1912 : /* We were gentle with them before. Not anymore */
1913 0 : ereport(LOG,
1914 : (errmsg("issuing SIGKILL to recalcitrant children")));
1915 0 : TerminateChildren(SIGKILL);
1916 : /* reset flag so we don't SIGKILL again */
1917 0 : AbortStartTime = 0;
1918 : }
1919 :
1920 : /*
1921 : * Once a minute, verify that postmaster.pid hasn't been removed or
1922 : * overwritten. If it has, we force a shutdown. This avoids having
1923 : * postmasters and child processes hanging around after their database
1924 : * is gone, and maybe causing problems if a new database cluster is
1925 : * created in the same place. It also provides some protection
1926 : * against a DBA foolishly removing postmaster.pid and manually
1927 : * starting a new postmaster. Data corruption is likely to ensue from
1928 : * that anyway, but we can minimize the damage by aborting ASAP.
1929 : */
1930 28910 : if (now - last_lockfile_recheck_time >= 1 * SECS_PER_MINUTE)
1931 : {
1932 8 : if (!RecheckDataDirLockFile())
1933 : {
1934 0 : ereport(LOG,
1935 : (errmsg("performing immediate shutdown because data directory lock file is invalid")));
1936 0 : kill(MyProcPid, SIGQUIT);
1937 : }
1938 8 : last_lockfile_recheck_time = now;
1939 : }
1940 :
1941 : /*
1942 : * Touch Unix socket and lock files every 58 minutes, to ensure that
1943 : * they are not removed by overzealous /tmp-cleaning tasks. We assume
1944 : * no one runs cleaners with cutoff times of less than an hour ...
1945 : */
1946 28910 : if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
1947 : {
1948 0 : TouchSocketFiles();
1949 0 : TouchSocketLockFiles();
1950 0 : last_touch_time = now;
1951 : }
1952 : }
1953 : }
1954 :
1955 : /*
1956 : * Initialise the masks for select() for the ports we are listening on.
1957 : * Return the number of sockets to listen on.
1958 : */
1959 : static int
1960 940 : initMasks(fd_set *rmask)
1961 : {
1962 940 : int maxsock = -1;
1963 : int i;
1964 :
1965 940 : FD_ZERO(rmask);
1966 :
1967 1912 : for (i = 0; i < MAXLISTEN; i++)
1968 : {
1969 1912 : int fd = ListenSocket[i];
1970 :
1971 1912 : if (fd == PGINVALID_SOCKET)
1972 940 : break;
1973 972 : FD_SET(fd, rmask);
1974 :
1975 972 : if (fd > maxsock)
1976 972 : maxsock = fd;
1977 : }
1978 :
1979 940 : return maxsock + 1;
1980 : }
1981 :
1982 :
1983 : /*
1984 : * Read a client's startup packet and do something according to it.
1985 : *
1986 : * Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
1987 : * not return at all.
1988 : *
1989 : * (Note that ereport(FATAL) stuff is sent to the client, so only use it
1990 : * if that's what you want. Return STATUS_ERROR if you don't want to
1991 : * send anything to the client, which would typically be appropriate
1992 : * if we detect a communications failure.)
1993 : *
1994 : * Set ssl_done and/or gss_done when negotiation of an encrypted layer
1995 : * (currently, TLS or GSSAPI) is completed. A successful negotiation of either
1996 : * encryption layer sets both flags, but a rejected negotiation sets only the
1997 : * flag for that layer, since the client may wish to try the other one. We
1998 : * should make no assumption here about the order in which the client may make
1999 : * requests.
2000 : */
2001 : static int
2002 12270 : ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
2003 : {
2004 : int32 len;
2005 : char *buf;
2006 : ProtocolVersion proto;
2007 : MemoryContext oldcontext;
2008 :
2009 12270 : pq_startmsgread();
2010 :
2011 : /*
2012 : * Grab the first byte of the length word separately, so that we can tell
2013 : * whether we have no data at all or an incomplete packet. (This might
2014 : * sound inefficient, but it's not really, because of buffering in
2015 : * pqcomm.c.)
2016 : */
2017 12270 : if (pq_getbytes((char *) &len, 1) == EOF)
2018 : {
2019 : /*
2020 : * If we get no data at all, don't clutter the log with a complaint;
2021 : * such cases often occur for legitimate reasons. An example is that
2022 : * we might be here after responding to NEGOTIATE_SSL_CODE, and if the
2023 : * client didn't like our response, it'll probably just drop the
2024 : * connection. Service-monitoring software also often just opens and
2025 : * closes a connection without sending anything. (So do port
2026 : * scanners, which may be less benign, but it's not really our job to
2027 : * notice those.)
2028 : */
2029 16 : return STATUS_ERROR;
2030 : }
2031 :
2032 12254 : if (pq_getbytes(((char *) &len) + 1, 3) == EOF)
2033 : {
2034 : /* Got a partial length word, so bleat about that */
2035 0 : if (!ssl_done && !gss_done)
2036 0 : ereport(COMMERROR,
2037 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2038 : errmsg("incomplete startup packet")));
2039 0 : return STATUS_ERROR;
2040 : }
2041 :
2042 12254 : len = pg_ntoh32(len);
2043 12254 : len -= 4;
2044 :
2045 12254 : if (len < (int32) sizeof(ProtocolVersion) ||
2046 12254 : len > MAX_STARTUP_PACKET_LENGTH)
2047 : {
2048 0 : ereport(COMMERROR,
2049 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2050 : errmsg("invalid length of startup packet")));
2051 0 : return STATUS_ERROR;
2052 : }
2053 :
2054 : /*
2055 : * Allocate space to hold the startup packet, plus one extra byte that's
2056 : * initialized to be zero. This ensures we will have null termination of
2057 : * all strings inside the packet.
2058 : */
2059 12254 : buf = palloc(len + 1);
2060 12254 : buf[len] = '\0';
2061 :
2062 12254 : if (pq_getbytes(buf, len) == EOF)
2063 : {
2064 0 : ereport(COMMERROR,
2065 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2066 : errmsg("incomplete startup packet")));
2067 0 : return STATUS_ERROR;
2068 : }
2069 12254 : pq_endmsgread();
2070 :
2071 : /*
2072 : * The first field is either a protocol version number or a special
2073 : * request code.
2074 : */
2075 12254 : port->proto = proto = pg_ntoh32(*((ProtocolVersion *) buf));
2076 :
2077 12254 : if (proto == CANCEL_REQUEST_CODE)
2078 : {
2079 4 : processCancelRequest(port, buf);
2080 : /* Not really an error, but we don't want to proceed further */
2081 4 : return STATUS_ERROR;
2082 : }
2083 :
2084 12250 : if (proto == NEGOTIATE_SSL_CODE && !ssl_done)
2085 : {
2086 : char SSLok;
2087 :
2088 : #ifdef USE_SSL
2089 : /* No SSL when disabled or on Unix sockets */
2090 432 : if (!LoadedSSL || IS_AF_UNIX(port->laddr.addr.ss_family))
2091 282 : SSLok = 'N';
2092 : else
2093 150 : SSLok = 'S'; /* Support for SSL */
2094 : #else
2095 : SSLok = 'N'; /* No support for SSL */
2096 : #endif
2097 :
2098 432 : retry1:
2099 432 : if (send(port->sock, &SSLok, 1, 0) != 1)
2100 : {
2101 0 : if (errno == EINTR)
2102 0 : goto retry1; /* if interrupted, just retry */
2103 0 : ereport(COMMERROR,
2104 : (errcode_for_socket_access(),
2105 : errmsg("failed to send SSL negotiation response: %m")));
2106 0 : return STATUS_ERROR; /* close the connection */
2107 : }
2108 :
2109 : #ifdef USE_SSL
2110 432 : if (SSLok == 'S' && secure_open_server(port) == -1)
2111 30 : return STATUS_ERROR;
2112 : #endif
2113 :
2114 : /*
2115 : * At this point we should have no data already buffered. If we do,
2116 : * it was received before we performed the SSL handshake, so it wasn't
2117 : * encrypted and indeed may have been injected by a man-in-the-middle.
2118 : * We report this case to the client.
2119 : */
2120 402 : if (pq_buffer_has_data())
2121 0 : ereport(FATAL,
2122 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2123 : errmsg("received unencrypted data after SSL request"),
2124 : errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
2125 :
2126 : /*
2127 : * regular startup packet, cancel, etc packet should follow, but not
2128 : * another SSL negotiation request, and a GSS request should only
2129 : * follow if SSL was rejected (client may negotiate in either order)
2130 : */
2131 402 : return ProcessStartupPacket(port, true, SSLok == 'S');
2132 : }
2133 11818 : else if (proto == NEGOTIATE_GSS_CODE && !gss_done)
2134 : {
2135 0 : char GSSok = 'N';
2136 :
2137 : #ifdef ENABLE_GSS
2138 : /* No GSSAPI encryption when on Unix socket */
2139 : if (!IS_AF_UNIX(port->laddr.addr.ss_family))
2140 : GSSok = 'G';
2141 : #endif
2142 :
2143 0 : while (send(port->sock, &GSSok, 1, 0) != 1)
2144 : {
2145 0 : if (errno == EINTR)
2146 0 : continue;
2147 0 : ereport(COMMERROR,
2148 : (errcode_for_socket_access(),
2149 : errmsg("failed to send GSSAPI negotiation response: %m")));
2150 0 : return STATUS_ERROR; /* close the connection */
2151 : }
2152 :
2153 : #ifdef ENABLE_GSS
2154 : if (GSSok == 'G' && secure_open_gssapi(port) == -1)
2155 : return STATUS_ERROR;
2156 : #endif
2157 :
2158 : /*
2159 : * At this point we should have no data already buffered. If we do,
2160 : * it was received before we performed the GSS handshake, so it wasn't
2161 : * encrypted and indeed may have been injected by a man-in-the-middle.
2162 : * We report this case to the client.
2163 : */
2164 0 : if (pq_buffer_has_data())
2165 0 : ereport(FATAL,
2166 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2167 : errmsg("received unencrypted data after GSSAPI encryption request"),
2168 : errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
2169 :
2170 : /*
2171 : * regular startup packet, cancel, etc packet should follow, but not
2172 : * another GSS negotiation request, and an SSL request should only
2173 : * follow if GSS was rejected (client may negotiate in either order)
2174 : */
2175 0 : return ProcessStartupPacket(port, GSSok == 'G', true);
2176 : }
2177 :
2178 : /* Could add additional special packet types here */
2179 :
2180 : /*
2181 : * Set FrontendProtocol now so that ereport() knows what format to send if
2182 : * we fail during startup.
2183 : */
2184 11818 : FrontendProtocol = proto;
2185 :
2186 : /* Check that the major protocol version is in range. */
2187 11818 : if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
2188 11818 : PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST))
2189 0 : ereport(FATAL,
2190 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
2191 : errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
2192 : PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
2193 : PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
2194 : PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
2195 : PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));
2196 :
2197 : /*
2198 : * Now fetch parameters out of startup packet and save them into the Port
2199 : * structure. All data structures attached to the Port struct must be
2200 : * allocated in TopMemoryContext so that they will remain available in a
2201 : * running backend (even after PostmasterContext is destroyed). We need
2202 : * not worry about leaking this storage on failure, since we aren't in the
2203 : * postmaster process anymore.
2204 : */
2205 11818 : oldcontext = MemoryContextSwitchTo(TopMemoryContext);
2206 :
2207 : /* Handle protocol version 3 startup packet */
2208 : {
2209 11818 : int32 offset = sizeof(ProtocolVersion);
2210 11818 : List *unrecognized_protocol_options = NIL;
2211 :
2212 : /*
2213 : * Scan packet body for name/option pairs. We can assume any string
2214 : * beginning within the packet body is null-terminated, thanks to
2215 : * zeroing extra byte above.
2216 : */
2217 11818 : port->guc_options = NIL;
2218 :
2219 59788 : while (offset < len)
2220 : {
2221 59788 : char *nameptr = buf + offset;
2222 : int32 valoffset;
2223 : char *valptr;
2224 :
2225 59788 : if (*nameptr == '\0')
2226 11818 : break; /* found packet terminator */
2227 47970 : valoffset = offset + strlen(nameptr) + 1;
2228 47970 : if (valoffset >= len)
2229 0 : break; /* missing value, will complain below */
2230 47970 : valptr = buf + valoffset;
2231 :
2232 47970 : if (strcmp(nameptr, "database") == 0)
2233 11818 : port->database_name = pstrdup(valptr);
2234 36152 : else if (strcmp(nameptr, "user") == 0)
2235 11818 : port->user_name = pstrdup(valptr);
2236 24334 : else if (strcmp(nameptr, "options") == 0)
2237 3930 : port->cmdline_options = pstrdup(valptr);
2238 20404 : else if (strcmp(nameptr, "replication") == 0)
2239 : {
2240 : /*
2241 : * Due to backward compatibility concerns the replication
2242 : * parameter is a hybrid beast which allows the value to be
2243 : * either boolean or the string 'database'. The latter
2244 : * connects to a specific database which is e.g. required for
2245 : * logical decoding while.
2246 : */
2247 970 : if (strcmp(valptr, "database") == 0)
2248 : {
2249 468 : am_walsender = true;
2250 468 : am_db_walsender = true;
2251 : }
2252 502 : else if (!parse_bool(valptr, &am_walsender))
2253 0 : ereport(FATAL,
2254 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2255 : errmsg("invalid value for parameter \"%s\": \"%s\"",
2256 : "replication",
2257 : valptr),
2258 : errhint("Valid values are: \"false\", 0, \"true\", 1, \"database\".")));
2259 : }
2260 19434 : else if (strncmp(nameptr, "_pq_.", 5) == 0)
2261 : {
2262 : /*
2263 : * Any option beginning with _pq_. is reserved for use as a
2264 : * protocol-level option, but at present no such options are
2265 : * defined.
2266 : */
2267 : unrecognized_protocol_options =
2268 0 : lappend(unrecognized_protocol_options, pstrdup(nameptr));
2269 : }
2270 : else
2271 : {
2272 : /* Assume it's a generic GUC option */
2273 19434 : port->guc_options = lappend(port->guc_options,
2274 19434 : pstrdup(nameptr));
2275 19434 : port->guc_options = lappend(port->guc_options,
2276 19434 : pstrdup(valptr));
2277 :
2278 : /*
2279 : * Copy application_name to port if we come across it. This
2280 : * is done so we can log the application_name in the
2281 : * connection authorization message. Note that the GUC would
2282 : * be used but we haven't gone through GUC setup yet.
2283 : */
2284 19434 : if (strcmp(nameptr, "application_name") == 0)
2285 : {
2286 11704 : char *tmp_app_name = pstrdup(valptr);
2287 :
2288 11704 : pg_clean_ascii(tmp_app_name);
2289 :
2290 11704 : port->application_name = tmp_app_name;
2291 : }
2292 : }
2293 47970 : offset = valoffset + strlen(valptr) + 1;
2294 : }
2295 :
2296 : /*
2297 : * If we didn't find a packet terminator exactly at the end of the
2298 : * given packet length, complain.
2299 : */
2300 11818 : if (offset != len - 1)
2301 0 : ereport(FATAL,
2302 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2303 : errmsg("invalid startup packet layout: expected terminator as last byte")));
2304 :
2305 : /*
2306 : * If the client requested a newer protocol version or if the client
2307 : * requested any protocol options we didn't recognize, let them know
2308 : * the newest minor protocol version we do support and the names of
2309 : * any unrecognized options.
2310 : */
2311 11818 : if (PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST) ||
2312 : unrecognized_protocol_options != NIL)
2313 0 : SendNegotiateProtocolVersion(unrecognized_protocol_options);
2314 : }
2315 :
2316 : /* Check a user name was given. */
2317 11818 : if (port->user_name == NULL || port->user_name[0] == '\0')
2318 0 : ereport(FATAL,
2319 : (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
2320 : errmsg("no PostgreSQL user name specified in startup packet")));
2321 :
2322 : /* The database defaults to the user name. */
2323 11818 : if (port->database_name == NULL || port->database_name[0] == '\0')
2324 0 : port->database_name = pstrdup(port->user_name);
2325 :
2326 11818 : if (Db_user_namespace)
2327 : {
2328 : /*
2329 : * If user@, it is a global user, remove '@'. We only want to do this
2330 : * if there is an '@' at the end and no earlier in the user string or
2331 : * they may fake as a local user of another database attaching to this
2332 : * database.
2333 : */
2334 0 : if (strchr(port->user_name, '@') ==
2335 0 : port->user_name + strlen(port->user_name) - 1)
2336 0 : *strchr(port->user_name, '@') = '\0';
2337 : else
2338 : {
2339 : /* Append '@' and dbname */
2340 0 : port->user_name = psprintf("%s@%s", port->user_name, port->database_name);
2341 : }
2342 : }
2343 :
2344 : /*
2345 : * Truncate given database and user names to length of a Postgres name.
2346 : * This avoids lookup failures when overlength names are given.
2347 : */
2348 11818 : if (strlen(port->database_name) >= NAMEDATALEN)
2349 0 : port->database_name[NAMEDATALEN - 1] = '\0';
2350 11818 : if (strlen(port->user_name) >= NAMEDATALEN)
2351 0 : port->user_name[NAMEDATALEN - 1] = '\0';
2352 :
2353 11818 : if (am_walsender)
2354 970 : MyBackendType = B_WAL_SENDER;
2355 : else
2356 10848 : MyBackendType = B_BACKEND;
2357 :
2358 : /*
2359 : * Normal walsender backends, e.g. for streaming replication, are not
2360 : * connected to a particular database. But walsenders used for logical
2361 : * replication need to connect to a specific database. We allow streaming
2362 : * replication commands to be issued even if connected to a database as it
2363 : * can make sense to first make a basebackup and then stream changes
2364 : * starting from that.
2365 : */
2366 11818 : if (am_walsender && !am_db_walsender)
2367 502 : port->database_name[0] = '\0';
2368 :
2369 : /*
2370 : * Done putting stuff in TopMemoryContext.
2371 : */
2372 11818 : MemoryContextSwitchTo(oldcontext);
2373 :
2374 : /*
2375 : * If we're going to reject the connection due to database state, say so
2376 : * now instead of wasting cycles on an authentication exchange. (This also
2377 : * allows a pg_ping utility to be written.)
2378 : */
2379 11818 : switch (port->canAcceptConnections)
2380 : {
2381 10 : case CAC_STARTUP:
2382 10 : ereport(FATAL,
2383 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2384 : errmsg("the database system is starting up")));
2385 : break;
2386 8 : case CAC_NOTCONSISTENT:
2387 8 : if (EnableHotStandby)
2388 8 : ereport(FATAL,
2389 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2390 : errmsg("the database system is not yet accepting connections"),
2391 : errdetail("Consistent recovery state has not been yet reached.")));
2392 : else
2393 0 : ereport(FATAL,
2394 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2395 : errmsg("the database system is not accepting connections"),
2396 : errdetail("Hot standby mode is disabled.")));
2397 : break;
2398 6 : case CAC_SHUTDOWN:
2399 6 : ereport(FATAL,
2400 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2401 : errmsg("the database system is shutting down")));
2402 : break;
2403 0 : case CAC_RECOVERY:
2404 0 : ereport(FATAL,
2405 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2406 : errmsg("the database system is in recovery mode")));
2407 : break;
2408 0 : case CAC_TOOMANY:
2409 0 : ereport(FATAL,
2410 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
2411 : errmsg("sorry, too many clients already")));
2412 : break;
2413 0 : case CAC_SUPERUSER:
2414 : /* OK for now, will check in InitPostgres */
2415 0 : break;
2416 11794 : case CAC_OK:
2417 11794 : break;
2418 : }
2419 :
2420 11794 : return STATUS_OK;
2421 : }
2422 :
2423 : /*
2424 : * Send a NegotiateProtocolVersion to the client. This lets the client know
2425 : * that they have requested a newer minor protocol version than we are able
2426 : * to speak. We'll speak the highest version we know about; the client can,
2427 : * of course, abandon the connection if that's a problem.
2428 : *
2429 : * We also include in the response a list of protocol options we didn't
2430 : * understand. This allows clients to include optional parameters that might
2431 : * be present either in newer protocol versions or third-party protocol
2432 : * extensions without fear of having to reconnect if those options are not
2433 : * understood, while at the same time making certain that the client is aware
2434 : * of which options were actually accepted.
2435 : */
2436 : static void
2437 0 : SendNegotiateProtocolVersion(List *unrecognized_protocol_options)
2438 : {
2439 : StringInfoData buf;
2440 : ListCell *lc;
2441 :
2442 0 : pq_beginmessage(&buf, 'v'); /* NegotiateProtocolVersion */
2443 0 : pq_sendint32(&buf, PG_PROTOCOL_LATEST);
2444 0 : pq_sendint32(&buf, list_length(unrecognized_protocol_options));
2445 0 : foreach(lc, unrecognized_protocol_options)
2446 0 : pq_sendstring(&buf, lfirst(lc));
2447 0 : pq_endmessage(&buf);
2448 :
2449 : /* no need to flush, some other message will follow */
2450 0 : }
2451 :
2452 : /*
2453 : * The client has sent a cancel request packet, not a normal
2454 : * start-a-new-connection packet. Perform the necessary processing.
2455 : * Nothing is sent back to the client.
2456 : */
2457 : static void
2458 4 : processCancelRequest(Port *port, void *pkt)
2459 : {
2460 4 : CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
2461 : int backendPID;
2462 : int32 cancelAuthCode;
2463 : Backend *bp;
2464 :
2465 : #ifndef EXEC_BACKEND
2466 : dlist_iter iter;
2467 : #else
2468 : int i;
2469 : #endif
2470 :
2471 4 : backendPID = (int) pg_ntoh32(canc->backendPID);
2472 4 : cancelAuthCode = (int32) pg_ntoh32(canc->cancelAuthCode);
2473 :
2474 : /*
2475 : * See if we have a matching backend. In the EXEC_BACKEND case, we can no
2476 : * longer access the postmaster's own backend list, and must rely on the
2477 : * duplicate array in shared memory.
2478 : */
2479 : #ifndef EXEC_BACKEND
2480 6 : dlist_foreach(iter, &BackendList)
2481 : {
2482 6 : bp = dlist_container(Backend, elem, iter.cur);
2483 : #else
2484 : for (i = MaxLivePostmasterChildren() - 1; i >= 0; i--)
2485 : {
2486 : bp = (Backend *) &ShmemBackendArray[i];
2487 : #endif
2488 6 : if (bp->pid == backendPID)
2489 : {
2490 4 : if (bp->cancel_key == cancelAuthCode)
2491 : {
2492 : /* Found a match; signal that backend to cancel current op */
2493 4 : ereport(DEBUG2,
2494 : (errmsg_internal("processing cancel request: sending SIGINT to process %d",
2495 : backendPID)));
2496 4 : signal_child(bp->pid, SIGINT);
2497 : }
2498 : else
2499 : /* Right PID, wrong key: no way, Jose */
2500 0 : ereport(LOG,
2501 : (errmsg("wrong key in cancel request for process %d",
2502 : backendPID)));
2503 4 : return;
2504 : }
2505 : #ifndef EXEC_BACKEND /* make GNU Emacs 26.1 see brace balance */
2506 : }
2507 : #else
2508 : }
2509 : #endif
2510 :
2511 : /* No matching backend */
2512 0 : ereport(LOG,
2513 : (errmsg("PID %d in cancel request did not match any process",
2514 : backendPID)));
2515 : }
2516 :
2517 : /*
2518 : * canAcceptConnections --- check to see if database state allows connections
2519 : * of the specified type. backend_type can be BACKEND_TYPE_NORMAL,
2520 : * BACKEND_TYPE_AUTOVAC, or BACKEND_TYPE_BGWORKER. (Note that we don't yet
2521 : * know whether a NORMAL connection might turn into a walsender.)
2522 : */
2523 : static CAC_state
2524 14982 : canAcceptConnections(int backend_type)
2525 : {
2526 14982 : CAC_state result = CAC_OK;
2527 :
2528 : /*
2529 : * Can't start backends when in startup/shutdown/inconsistent recovery
2530 : * state. We treat autovac workers the same as user backends for this
2531 : * purpose. However, bgworkers are excluded from this test; we expect
2532 : * bgworker_should_start_now() decided whether the DB state allows them.
2533 : */
2534 14982 : if (pmState != PM_RUN && pmState != PM_HOT_STANDBY &&
2535 : backend_type != BACKEND_TYPE_BGWORKER)
2536 : {
2537 24 : if (Shutdown > NoShutdown)
2538 6 : return CAC_SHUTDOWN; /* shutdown is pending */
2539 18 : else if (!FatalError && pmState == PM_STARTUP)
2540 10 : return CAC_STARTUP; /* normal startup */
2541 8 : else if (!FatalError && pmState == PM_RECOVERY)
2542 8 : return CAC_NOTCONSISTENT; /* not yet at consistent recovery
2543 : * state */
2544 : else
2545 0 : return CAC_RECOVERY; /* else must be crash recovery */
2546 : }
2547 :
2548 : /*
2549 : * "Smart shutdown" restrictions are applied only to normal connections,
2550 : * not to autovac workers or bgworkers. When only superusers can connect,
2551 : * we return CAC_SUPERUSER to indicate that superuserness must be checked
2552 : * later. Note that neither CAC_OK nor CAC_SUPERUSER can safely be
2553 : * returned until we have checked for too many children.
2554 : */
2555 14958 : if (connsAllowed != ALLOW_ALL_CONNS &&
2556 : backend_type == BACKEND_TYPE_NORMAL)
2557 : {
2558 0 : if (connsAllowed == ALLOW_SUPERUSER_CONNS)
2559 0 : result = CAC_SUPERUSER; /* allow superusers only */
2560 : else
2561 0 : return CAC_SHUTDOWN; /* shutdown is pending */
2562 : }
2563 :
2564 : /*
2565 : * Don't start too many children.
2566 : *
2567 : * We allow more connections here than we can have backends because some
2568 : * might still be authenticating; they might fail auth, or some existing
2569 : * backend might exit before the auth cycle is completed. The exact
2570 : * MaxBackends limit is enforced when a new backend tries to join the
2571 : * shared-inval backend array.
2572 : *
2573 : * The limit here must match the sizes of the per-child-process arrays;
2574 : * see comments for MaxLivePostmasterChildren().
2575 : */
2576 14958 : if (CountChildren(BACKEND_TYPE_ALL) >= MaxLivePostmasterChildren())
2577 0 : result = CAC_TOOMANY;
2578 :
2579 14958 : return result;
2580 : }
2581 :
2582 :
2583 : /*
2584 : * ConnCreate -- create a local connection data structure
2585 : *
2586 : * Returns NULL on failure, other than out-of-memory which is fatal.
2587 : */
2588 : static Port *
2589 12070 : ConnCreate(int serverFd)
2590 : {
2591 : Port *port;
2592 :
2593 12070 : if (!(port = (Port *) calloc(1, sizeof(Port))))
2594 : {
2595 0 : ereport(LOG,
2596 : (errcode(ERRCODE_OUT_OF_MEMORY),
2597 : errmsg("out of memory")));
2598 0 : ExitPostmaster(1);
2599 : }
2600 :
2601 12070 : if (StreamConnection(serverFd, port) != STATUS_OK)
2602 : {
2603 0 : if (port->sock != PGINVALID_SOCKET)
2604 0 : StreamClose(port->sock);
2605 0 : ConnFree(port);
2606 0 : return NULL;
2607 : }
2608 :
2609 12070 : return port;
2610 : }
2611 :
2612 :
2613 : /*
2614 : * ConnFree -- free a local connection data structure
2615 : *
2616 : * Caller has already closed the socket if any, so there's not much
2617 : * to do here.
2618 : */
2619 : static void
2620 12068 : ConnFree(Port *conn)
2621 : {
2622 12068 : free(conn);
2623 12068 : }
2624 :
2625 :
2626 : /*
2627 : * ClosePostmasterPorts -- close all the postmaster's open sockets
2628 : *
2629 : * This is called during child process startup to release file descriptors
2630 : * that are not needed by that child process. The postmaster still has
2631 : * them open, of course.
2632 : *
2633 : * Note: we pass am_syslogger as a boolean because we don't want to set
2634 : * the global variable yet when this is called.
2635 : */
2636 : void
2637 18630 : ClosePostmasterPorts(bool am_syslogger)
2638 : {
2639 : int i;
2640 :
2641 : #ifndef WIN32
2642 :
2643 : /*
2644 : * Close the write end of postmaster death watch pipe. It's important to
2645 : * do this as early as possible, so that if postmaster dies, others won't
2646 : * think that it's still running because we're holding the pipe open.
2647 : */
2648 18630 : if (close(postmaster_alive_fds[POSTMASTER_FD_OWN]) != 0)
2649 0 : ereport(FATAL,
2650 : (errcode_for_file_access(),
2651 : errmsg_internal("could not close postmaster death monitoring pipe in child process: %m")));
2652 18630 : postmaster_alive_fds[POSTMASTER_FD_OWN] = -1;
2653 : /* Notify fd.c that we released one pipe FD. */
2654 18630 : ReleaseExternalFD();
2655 : #endif
2656 :
2657 : /*
2658 : * Close the postmaster's listen sockets. These aren't tracked by fd.c,
2659 : * so we don't call ReleaseExternalFD() here.
2660 : */
2661 1210950 : for (i = 0; i < MAXLISTEN; i++)
2662 : {
2663 1192320 : if (ListenSocket[i] != PGINVALID_SOCKET)
2664 : {
2665 19386 : StreamClose(ListenSocket[i]);
2666 19386 : ListenSocket[i] = PGINVALID_SOCKET;
2667 : }
2668 : }
2669 :
2670 : /*
2671 : * If using syslogger, close the read side of the pipe. We don't bother
2672 : * tracking this in fd.c, either.
2673 : */
2674 18630 : if (!am_syslogger)
2675 : {
2676 : #ifndef WIN32
2677 18628 : if (syslogPipe[0] >= 0)
2678 26 : close(syslogPipe[0]);
2679 18628 : syslogPipe[0] = -1;
2680 : #else
2681 : if (syslogPipe[0])
2682 : CloseHandle(syslogPipe[0]);
2683 : syslogPipe[0] = 0;
2684 : #endif
2685 : }
2686 :
2687 : #ifdef USE_BONJOUR
2688 : /* If using Bonjour, close the connection to the mDNS daemon */
2689 : if (bonjour_sdref)
2690 : close(DNSServiceRefSockFD(bonjour_sdref));
2691 : #endif
2692 18630 : }
2693 :
2694 :
2695 : /*
2696 : * InitProcessGlobals -- set MyProcPid, MyStartTime[stamp], random seeds
2697 : *
2698 : * Called early in the postmaster and every backend.
2699 : */
2700 : void
2701 21536 : InitProcessGlobals(void)
2702 : {
2703 21536 : MyProcPid = getpid();
2704 21536 : MyStartTimestamp = GetCurrentTimestamp();
2705 21536 : MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
2706 :
2707 : /*
2708 : * Set a different global seed in every process. We want something
2709 : * unpredictable, so if possible, use high-quality random bits for the
2710 : * seed. Otherwise, fall back to a seed based on timestamp and PID.
2711 : */
2712 21536 : if (unlikely(!pg_prng_strong_seed(&pg_global_prng_state)))
2713 : {
2714 : uint64 rseed;
2715 :
2716 : /*
2717 : * Since PIDs and timestamps tend to change more frequently in their
2718 : * least significant bits, shift the timestamp left to allow a larger
2719 : * total number of seeds in a given time period. Since that would
2720 : * leave only 20 bits of the timestamp that cycle every ~1 second,
2721 : * also mix in some higher bits.
2722 : */
2723 0 : rseed = ((uint64) MyProcPid) ^
2724 0 : ((uint64) MyStartTimestamp << 12) ^
2725 0 : ((uint64) MyStartTimestamp >> 20);
2726 :
2727 0 : pg_prng_seed(&pg_global_prng_state, rseed);
2728 : }
2729 :
2730 : /*
2731 : * Also make sure that we've set a good seed for random(3). Use of that
2732 : * is deprecated in core Postgres, but extensions might use it.
2733 : */
2734 : #ifndef WIN32
2735 21536 : srandom(pg_prng_uint32(&pg_global_prng_state));
2736 : #endif
2737 21536 : }
2738 :
2739 :
2740 : /*
2741 : * reset_shared -- reset shared memory and semaphores
2742 : */
2743 : static void
2744 950 : reset_shared(void)
2745 : {
2746 : /*
2747 : * Create or re-create shared memory and semaphores.
2748 : *
2749 : * Note: in each "cycle of life" we will normally assign the same IPC keys
2750 : * (if using SysV shmem and/or semas). This helps ensure that we will
2751 : * clean up dead IPC objects if the postmaster crashes and is restarted.
2752 : */
2753 950 : CreateSharedMemoryAndSemaphores();
2754 948 : }
2755 :
2756 :
2757 : /*
2758 : * SIGHUP -- reread config files, and tell children to do same
2759 : */
2760 : static void
2761 104 : SIGHUP_handler(SIGNAL_ARGS)
2762 : {
2763 104 : int save_errno = errno;
2764 :
2765 : /*
2766 : * We rely on the signal mechanism to have blocked all signals ... except
2767 : * on Windows, which lacks sigaction(), so we have to do it manually.
2768 : */
2769 : #ifdef WIN32
2770 : PG_SETMASK(&BlockSig);
2771 : #endif
2772 :
2773 104 : if (Shutdown <= SmartShutdown)
2774 : {
2775 104 : ereport(LOG,
2776 : (errmsg("received SIGHUP, reloading configuration files")));
2777 104 : ProcessConfigFile(PGC_SIGHUP);
2778 104 : SignalChildren(SIGHUP);
2779 104 : if (StartupPID != 0)
2780 16 : signal_child(StartupPID, SIGHUP);
2781 104 : if (BgWriterPID != 0)
2782 104 : signal_child(BgWriterPID, SIGHUP);
2783 104 : if (CheckpointerPID != 0)
2784 104 : signal_child(CheckpointerPID, SIGHUP);
2785 104 : if (WalWriterPID != 0)
2786 88 : signal_child(WalWriterPID, SIGHUP);
2787 104 : if (WalReceiverPID != 0)
2788 14 : signal_child(WalReceiverPID, SIGHUP);
2789 104 : if (AutoVacPID != 0)
2790 84 : signal_child(AutoVacPID, SIGHUP);
2791 104 : if (PgArchPID != 0)
2792 6 : signal_child(PgArchPID, SIGHUP);
2793 104 : if (SysLoggerPID != 0)
2794 0 : signal_child(SysLoggerPID, SIGHUP);
2795 104 : if (PgStatPID != 0)
2796 104 : signal_child(PgStatPID, SIGHUP);
2797 :
2798 : /* Reload authentication config files too */
2799 104 : if (!load_hba())
2800 0 : ereport(LOG,
2801 : /* translator: %s is a configuration file */
2802 : (errmsg("%s was not reloaded", "pg_hba.conf")));
2803 :
2804 104 : if (!load_ident())
2805 0 : ereport(LOG,
2806 : (errmsg("%s was not reloaded", "pg_ident.conf")));
2807 :
2808 : #ifdef USE_SSL
2809 : /* Reload SSL configuration as well */
2810 104 : if (EnableSSL)
2811 : {
2812 0 : if (secure_initialize(false) == 0)
2813 0 : LoadedSSL = true;
2814 : else
2815 0 : ereport(LOG,
2816 : (errmsg("SSL configuration was not reloaded")));
2817 : }
2818 : else
2819 : {
2820 104 : secure_destroy();
2821 104 : LoadedSSL = false;
2822 : }
2823 : #endif
2824 :
2825 : #ifdef EXEC_BACKEND
2826 : /* Update the starting-point file for future children */
2827 : write_nondefault_variables(PGC_SIGHUP);
2828 : #endif
2829 : }
2830 :
2831 : #ifdef WIN32
2832 : PG_SETMASK(&UnBlockSig);
2833 : #endif
2834 :
2835 104 : errno = save_errno;
2836 104 : }
2837 :
2838 :
2839 : /*
2840 : * pmdie -- signal handler for processing various postmaster signals.
2841 : */
2842 : static void
2843 928 : pmdie(SIGNAL_ARGS)
2844 : {
2845 928 : int save_errno = errno;
2846 :
2847 : /*
2848 : * We rely on the signal mechanism to have blocked all signals ... except
2849 : * on Windows, which lacks sigaction(), so we have to do it manually.
2850 : */
2851 : #ifdef WIN32
2852 : PG_SETMASK(&BlockSig);
2853 : #endif
2854 :
2855 928 : ereport(DEBUG2,
2856 : (errmsg_internal("postmaster received signal %d",
2857 : postgres_signal_arg)));
2858 :
2859 928 : switch (postgres_signal_arg)
2860 : {
2861 8 : case SIGTERM:
2862 :
2863 : /*
2864 : * Smart Shutdown:
2865 : *
2866 : * Wait for children to end their work, then shut down.
2867 : */
2868 8 : if (Shutdown >= SmartShutdown)
2869 0 : break;
2870 8 : Shutdown = SmartShutdown;
2871 8 : ereport(LOG,
2872 : (errmsg("received smart shutdown request")));
2873 :
2874 : /* Report status */
2875 8 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2876 : #ifdef USE_SYSTEMD
2877 : sd_notify(0, "STOPPING=1");
2878 : #endif
2879 :
2880 : /*
2881 : * If we reached normal running, we have to wait for any online
2882 : * backup mode to end; otherwise go straight to waiting for client
2883 : * backends to exit. (The difference is that in the former state,
2884 : * we'll still let in new superuser clients, so that somebody can
2885 : * end the online backup mode.) If already in PM_STOP_BACKENDS or
2886 : * a later state, do not change it.
2887 : */
2888 8 : if (pmState == PM_RUN)
2889 8 : connsAllowed = ALLOW_SUPERUSER_CONNS;
2890 0 : else if (pmState == PM_HOT_STANDBY)
2891 0 : connsAllowed = ALLOW_NO_CONNS;
2892 0 : else if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2893 : {
2894 : /* There should be no clients, so proceed to stop children */
2895 0 : pmState = PM_STOP_BACKENDS;
2896 : }
2897 :
2898 : /*
2899 : * Now wait for online backup mode to end and backends to exit. If
2900 : * that is already the case, PostmasterStateMachine will take the
2901 : * next step.
2902 : */
2903 8 : PostmasterStateMachine();
2904 8 : break;
2905 :
2906 536 : case SIGINT:
2907 :
2908 : /*
2909 : * Fast Shutdown:
2910 : *
2911 : * Abort all children with SIGTERM (rollback active transactions
2912 : * and exit) and shut down when they are gone.
2913 : */
2914 536 : if (Shutdown >= FastShutdown)
2915 0 : break;
2916 536 : Shutdown = FastShutdown;
2917 536 : ereport(LOG,
2918 : (errmsg("received fast shutdown request")));
2919 :
2920 : /* Report status */
2921 536 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2922 : #ifdef USE_SYSTEMD
2923 : sd_notify(0, "STOPPING=1");
2924 : #endif
2925 :
2926 536 : if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2927 : {
2928 : /* Just shut down background processes silently */
2929 0 : pmState = PM_STOP_BACKENDS;
2930 : }
2931 536 : else if (pmState == PM_RUN ||
2932 46 : pmState == PM_HOT_STANDBY)
2933 : {
2934 : /* Report that we're about to zap live client sessions */
2935 536 : ereport(LOG,
2936 : (errmsg("aborting any active transactions")));
2937 536 : pmState = PM_STOP_BACKENDS;
2938 : }
2939 :
2940 : /*
2941 : * PostmasterStateMachine will issue any necessary signals, or
2942 : * take the next step if no child processes need to be killed.
2943 : */
2944 536 : PostmasterStateMachine();
2945 536 : break;
2946 :
2947 384 : case SIGQUIT:
2948 :
2949 : /*
2950 : * Immediate Shutdown:
2951 : *
2952 : * abort all children with SIGQUIT, wait for them to exit,
2953 : * terminate remaining ones with SIGKILL, then exit without
2954 : * attempt to properly shut down the data base system.
2955 : */
2956 384 : if (Shutdown >= ImmediateShutdown)
2957 0 : break;
2958 384 : Shutdown = ImmediateShutdown;
2959 384 : ereport(LOG,
2960 : (errmsg("received immediate shutdown request")));
2961 :
2962 : /* Report status */
2963 384 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2964 : #ifdef USE_SYSTEMD
2965 : sd_notify(0, "STOPPING=1");
2966 : #endif
2967 :
2968 : /* tell children to shut down ASAP */
2969 384 : SetQuitSignalReason(PMQUIT_FOR_STOP);
2970 384 : TerminateChildren(SIGQUIT);
2971 384 : pmState = PM_WAIT_BACKENDS;
2972 :
2973 : /* set stopwatch for them to die */
2974 384 : AbortStartTime = time(NULL);
2975 :
2976 : /*
2977 : * Now wait for backends to exit. If there are none,
2978 : * PostmasterStateMachine will take the next step.
2979 : */
2980 384 : PostmasterStateMachine();
2981 384 : break;
2982 : }
2983 :
2984 : #ifdef WIN32
2985 : PG_SETMASK(&UnBlockSig);
2986 : #endif
2987 :
2988 928 : errno = save_errno;
2989 928 : }
2990 :
2991 : /*
2992 : * Reaper -- signal handler to cleanup after a child process dies.
2993 : */
2994 : static void
2995 18928 : reaper(SIGNAL_ARGS)
2996 : {
2997 18928 : int save_errno = errno;
2998 : int pid; /* process id of dead child process */
2999 : int exitstatus; /* its exit status */
3000 :
3001 : /*
3002 : * We rely on the signal mechanism to have blocked all signals ... except
3003 : * on Windows, which lacks sigaction(), so we have to do it manually.
3004 : */
3005 : #ifdef WIN32
3006 : PG_SETMASK(&BlockSig);
3007 : #endif
3008 :
3009 18928 : ereport(DEBUG4,
3010 : (errmsg_internal("reaping dead processes")));
3011 :
3012 39586 : while ((pid = waitpid(-1, &exitstatus, WNOHANG)) > 0)
3013 : {
3014 : /*
3015 : * Check if this child was a startup process.
3016 : */
3017 20662 : if (pid == StartupPID)
3018 : {
3019 948 : StartupPID = 0;
3020 :
3021 : /*
3022 : * Startup process exited in response to a shutdown request (or it
3023 : * completed normally regardless of the shutdown request).
3024 : */
3025 948 : if (Shutdown > NoShutdown &&
3026 116 : (EXIT_STATUS_0(exitstatus) || EXIT_STATUS_1(exitstatus)))
3027 : {
3028 46 : StartupStatus = STARTUP_NOT_RUNNING;
3029 46 : pmState = PM_WAIT_BACKENDS;
3030 : /* PostmasterStateMachine logic does the rest */
3031 46 : continue;
3032 : }
3033 :
3034 902 : if (EXIT_STATUS_3(exitstatus))
3035 : {
3036 0 : ereport(LOG,
3037 : (errmsg("shutdown at recovery target")));
3038 0 : StartupStatus = STARTUP_NOT_RUNNING;
3039 0 : Shutdown = Max(Shutdown, SmartShutdown);
3040 0 : TerminateChildren(SIGTERM);
3041 0 : pmState = PM_WAIT_BACKENDS;
3042 : /* PostmasterStateMachine logic does the rest */
3043 0 : continue;
3044 : }
3045 :
3046 : /*
3047 : * Unexpected exit of startup process (including FATAL exit)
3048 : * during PM_STARTUP is treated as catastrophic. There are no
3049 : * other processes running yet, so we can just exit.
3050 : */
3051 902 : if (pmState == PM_STARTUP &&
3052 632 : StartupStatus != STARTUP_SIGNALED &&
3053 632 : !EXIT_STATUS_0(exitstatus))
3054 : {
3055 0 : LogChildExit(LOG, _("startup process"),
3056 : pid, exitstatus);
3057 0 : ereport(LOG,
3058 : (errmsg("aborting startup due to startup process failure")));
3059 0 : ExitPostmaster(1);
3060 : }
3061 :
3062 : /*
3063 : * After PM_STARTUP, any unexpected exit (including FATAL exit) of
3064 : * the startup process is catastrophic, so kill other children,
3065 : * and set StartupStatus so we don't try to reinitialize after
3066 : * they're gone. Exception: if StartupStatus is STARTUP_SIGNALED,
3067 : * then we previously sent the startup process a SIGQUIT; so
3068 : * that's probably the reason it died, and we do want to try to
3069 : * restart in that case.
3070 : *
3071 : * This stanza also handles the case where we sent a SIGQUIT
3072 : * during PM_STARTUP due to some dead_end child crashing: in that
3073 : * situation, if the startup process dies on the SIGQUIT, we need
3074 : * to transition to PM_WAIT_BACKENDS state which will allow
3075 : * PostmasterStateMachine to restart the startup process. (On the
3076 : * other hand, the startup process might complete normally, if we
3077 : * were too late with the SIGQUIT. In that case we'll fall
3078 : * through and commence normal operations.)
3079 : */
3080 902 : if (!EXIT_STATUS_0(exitstatus))
3081 : {
3082 76 : if (StartupStatus == STARTUP_SIGNALED)
3083 : {
3084 70 : StartupStatus = STARTUP_NOT_RUNNING;
3085 70 : if (pmState == PM_STARTUP)
3086 0 : pmState = PM_WAIT_BACKENDS;
3087 : }
3088 : else
3089 6 : StartupStatus = STARTUP_CRASHED;
3090 76 : HandleChildCrash(pid, exitstatus,
3091 76 : _("startup process"));
3092 76 : continue;
3093 : }
3094 :
3095 : /*
3096 : * Startup succeeded, commence normal operations
3097 : */
3098 826 : StartupStatus = STARTUP_NOT_RUNNING;
3099 826 : FatalError = false;
3100 826 : AbortStartTime = 0;
3101 826 : ReachedNormalRunning = true;
3102 826 : pmState = PM_RUN;
3103 826 : connsAllowed = ALLOW_ALL_CONNS;
3104 :
3105 : /*
3106 : * Crank up the background tasks, if we didn't do that already
3107 : * when we entered consistent recovery state. It doesn't matter
3108 : * if this fails, we'll just try again later.
3109 : */
3110 826 : if (CheckpointerPID == 0)
3111 0 : CheckpointerPID = StartCheckpointer();
3112 826 : if (BgWriterPID == 0)
3113 0 : BgWriterPID = StartBackgroundWriter();
3114 826 : if (WalWriterPID == 0)
3115 826 : WalWriterPID = StartWalWriter();
3116 :
3117 : /*
3118 : * Likewise, start other special children as needed. In a restart
3119 : * situation, some of them may be alive already.
3120 : */
3121 826 : if (!IsBinaryUpgrade && AutoVacuumingActive() && AutoVacPID == 0)
3122 782 : AutoVacPID = StartAutoVacLauncher();
3123 826 : if (PgArchStartupAllowed() && PgArchPID == 0)
3124 36 : PgArchPID = StartArchiver();
3125 826 : if (PgStatPID == 0)
3126 760 : PgStatPID = pgstat_start();
3127 :
3128 : /* workers may be scheduled to start now */
3129 826 : maybe_start_bgworkers();
3130 :
3131 : /* at this point we are really open for business */
3132 822 : ereport(LOG,
3133 : (errmsg("database system is ready to accept connections")));
3134 :
3135 : /* Report status */
3136 822 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
3137 : #ifdef USE_SYSTEMD
3138 : sd_notify(0, "READY=1");
3139 : #endif
3140 :
3141 822 : continue;
3142 : }
3143 :
3144 : /*
3145 : * Was it the bgwriter? Normal exit can be ignored; we'll start a new
3146 : * one at the next iteration of the postmaster's main loop, if
3147 : * necessary. Any other exit condition is treated as a crash.
3148 : */
3149 19714 : if (pid == BgWriterPID)
3150 : {
3151 942 : BgWriterPID = 0;
3152 942 : if (!EXIT_STATUS_0(exitstatus))
3153 398 : HandleChildCrash(pid, exitstatus,
3154 398 : _("background writer process"));
3155 942 : continue;
3156 : }
3157 :
3158 : /*
3159 : * Was it the checkpointer?
3160 : */
3161 18772 : if (pid == CheckpointerPID)
3162 : {
3163 942 : CheckpointerPID = 0;
3164 942 : if (EXIT_STATUS_0(exitstatus) && pmState == PM_SHUTDOWN)
3165 : {
3166 : /*
3167 : * OK, we saw normal exit of the checkpointer after it's been
3168 : * told to shut down. We expect that it wrote a shutdown
3169 : * checkpoint. (If for some reason it didn't, recovery will
3170 : * occur on next postmaster start.)
3171 : *
3172 : * At this point we should have no normal backend children
3173 : * left (else we'd not be in PM_SHUTDOWN state) but we might
3174 : * have dead_end children to wait for.
3175 : *
3176 : * If we have an archiver subprocess, tell it to do a last
3177 : * archive cycle and quit. Likewise, if we have walsender
3178 : * processes, tell them to send any remaining WAL and quit.
3179 : */
3180 : Assert(Shutdown > NoShutdown);
3181 :
3182 : /* Waken archiver for the last time */
3183 544 : if (PgArchPID != 0)
3184 6 : signal_child(PgArchPID, SIGUSR2);
3185 :
3186 : /*
3187 : * Waken walsenders for the last time. No regular backends
3188 : * should be around anymore.
3189 : */
3190 544 : SignalChildren(SIGUSR2);
3191 :
3192 544 : pmState = PM_SHUTDOWN_2;
3193 :
3194 : /*
3195 : * We can also shut down the stats collector now; there's
3196 : * nothing left for it to do.
3197 : */
3198 544 : if (PgStatPID != 0)
3199 544 : signal_child(PgStatPID, SIGQUIT);
3200 : }
3201 : else
3202 : {
3203 : /*
3204 : * Any unexpected exit of the checkpointer (including FATAL
3205 : * exit) is treated as a crash.
3206 : */
3207 398 : HandleChildCrash(pid, exitstatus,
3208 398 : _("checkpointer process"));
3209 : }
3210 :
3211 942 : continue;
3212 : }
3213 :
3214 : /*
3215 : * Was it the wal writer? Normal exit can be ignored; we'll start a
3216 : * new one at the next iteration of the postmaster's main loop, if
3217 : * necessary. Any other exit condition is treated as a crash.
3218 : */
3219 17830 : if (pid == WalWriterPID)
3220 : {
3221 820 : WalWriterPID = 0;
3222 820 : if (!EXIT_STATUS_0(exitstatus))
3223 322 : HandleChildCrash(pid, exitstatus,
3224 322 : _("WAL writer process"));
3225 820 : continue;
3226 : }
3227 :
3228 : /*
3229 : * Was it the wal receiver? If exit status is zero (normal) or one
3230 : * (FATAL exit), we assume everything is all right just like normal
3231 : * backends. (If we need a new wal receiver, we'll start one at the
3232 : * next iteration of the postmaster's main loop.)
3233 : */
3234 17010 : if (pid == WalReceiverPID)
3235 : {
3236 286 : WalReceiverPID = 0;
3237 286 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3238 18 : HandleChildCrash(pid, exitstatus,
3239 18 : _("WAL receiver process"));
3240 286 : continue;
3241 : }
3242 :
3243 : /*
3244 : * Was it the autovacuum launcher? Normal exit can be ignored; we'll
3245 : * start a new one at the next iteration of the postmaster's main
3246 : * loop, if necessary. Any other exit condition is treated as a
3247 : * crash.
3248 : */
3249 16724 : if (pid == AutoVacPID)
3250 : {
3251 776 : AutoVacPID = 0;
3252 776 : if (!EXIT_STATUS_0(exitstatus))
3253 304 : HandleChildCrash(pid, exitstatus,
3254 304 : _("autovacuum launcher process"));
3255 776 : continue;
3256 : }
3257 :
3258 : /*
3259 : * Was it the archiver? If exit status is zero (normal) or one (FATAL
3260 : * exit), we assume everything is all right just like normal backends
3261 : * and just try to restart a new one so that we immediately retry
3262 : * archiving remaining files. (If fail, we'll try again in future
3263 : * cycles of the postmaster's main loop.) Unless we were waiting for
3264 : * it to shut down; don't restart it in that case, and
3265 : * PostmasterStateMachine() will advance to the next shutdown step.
3266 : */
3267 15948 : if (pid == PgArchPID)
3268 : {
3269 40 : PgArchPID = 0;
3270 40 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3271 34 : HandleChildCrash(pid, exitstatus,
3272 34 : _("archiver process"));
3273 40 : if (PgArchStartupAllowed())
3274 0 : PgArchPID = StartArchiver();
3275 40 : continue;
3276 : }
3277 :
3278 : /*
3279 : * Was it the statistics collector? If so, just try to start a new
3280 : * one; no need to force reset of the rest of the system. (If fail,
3281 : * we'll try again in future cycles of the main loop.)
3282 : */
3283 15908 : if (pid == PgStatPID)
3284 : {
3285 938 : PgStatPID = 0;
3286 938 : if (!EXIT_STATUS_0(exitstatus))
3287 0 : LogChildExit(LOG, _("statistics collector process"),
3288 : pid, exitstatus);
3289 938 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
3290 0 : PgStatPID = pgstat_start();
3291 938 : continue;
3292 : }
3293 :
3294 : /* Was it the system logger? If so, try to start a new one */
3295 14970 : if (pid == SysLoggerPID)
3296 : {
3297 0 : SysLoggerPID = 0;
3298 : /* for safety's sake, launch new logger *first* */
3299 0 : SysLoggerPID = SysLogger_Start();
3300 0 : if (!EXIT_STATUS_0(exitstatus))
3301 0 : LogChildExit(LOG, _("system logger process"),
3302 : pid, exitstatus);
3303 0 : continue;
3304 : }
3305 :
3306 : /* Was it one of our background workers? */
3307 14970 : if (CleanupBackgroundWorker(pid, exitstatus))
3308 : {
3309 : /* have it be restarted */
3310 2848 : HaveCrashedWorker = true;
3311 2848 : continue;
3312 : }
3313 :
3314 : /*
3315 : * Else do standard backend child cleanup.
3316 : */
3317 12122 : CleanupBackend(pid, exitstatus);
3318 : } /* loop over pending child-death reports */
3319 :
3320 : /*
3321 : * After cleaning out the SIGCHLD queue, see if we have any state changes
3322 : * or actions to make.
3323 : */
3324 18924 : PostmasterStateMachine();
3325 :
3326 : /* Done with signal handler */
3327 : #ifdef WIN32
3328 : PG_SETMASK(&UnBlockSig);
3329 : #endif
3330 :
3331 17990 : errno = save_errno;
3332 17990 : }
3333 :
3334 : /*
3335 : * Scan the bgworkers list and see if the given PID (which has just stopped
3336 : * or crashed) is in it. Handle its shutdown if so, and return true. If not a
3337 : * bgworker, return false.
3338 : *
3339 : * This is heavily based on CleanupBackend. One important difference is that
3340 : * we don't know yet that the dying process is a bgworker, so we must be silent
3341 : * until we're sure it is.
3342 : */
3343 : static bool
3344 14970 : CleanupBackgroundWorker(int pid,
3345 : int exitstatus) /* child's exit status */
3346 : {
3347 : char namebuf[MAXPGPATH];
3348 : slist_mutable_iter iter;
3349 :
3350 29446 : slist_foreach_modify(iter, &BackgroundWorkerList)
3351 : {
3352 : RegisteredBgWorker *rw;
3353 :
3354 17324 : rw = slist_container(RegisteredBgWorker, rw_lnode, iter.cur);
3355 :
3356 17324 : if (rw->rw_pid != pid)
3357 14476 : continue;
3358 :
3359 : #ifdef WIN32
3360 : /* see CleanupBackend */
3361 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
3362 : exitstatus = 0;
3363 : #endif
3364 :
3365 2848 : snprintf(namebuf, MAXPGPATH, _("background worker \"%s\""),
3366 2848 : rw->rw_worker.bgw_type);
3367 :
3368 :
3369 2848 : if (!EXIT_STATUS_0(exitstatus))
3370 : {
3371 : /* Record timestamp, so we know when to restart the worker. */
3372 964 : rw->rw_crashed_at = GetCurrentTimestamp();
3373 : }
3374 : else
3375 : {
3376 : /* Zero exit status means terminate */
3377 1884 : rw->rw_crashed_at = 0;
3378 1884 : rw->rw_terminate = true;
3379 : }
3380 :
3381 : /*
3382 : * Additionally, just like a backend, any exit status other than 0 or
3383 : * 1 is considered a crash and causes a system-wide restart.
3384 : */
3385 2848 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3386 : {
3387 332 : HandleChildCrash(pid, exitstatus, namebuf);
3388 332 : return true;
3389 : }
3390 :
3391 : /*
3392 : * We must release the postmaster child slot. If the worker failed to
3393 : * do so, it did not clean up after itself, requiring a crash-restart
3394 : * cycle.
3395 : */
3396 2516 : if (!ReleasePostmasterChildSlot(rw->rw_child_slot))
3397 : {
3398 0 : HandleChildCrash(pid, exitstatus, namebuf);
3399 0 : return true;
3400 : }
3401 :
3402 : /* Get it out of the BackendList and clear out remaining data */
3403 2516 : dlist_delete(&rw->rw_backend->elem);
3404 : #ifdef EXEC_BACKEND
3405 : ShmemBackendArrayRemove(rw->rw_backend);
3406 : #endif
3407 :
3408 : /*
3409 : * It's possible that this background worker started some OTHER
3410 : * background worker and asked to be notified when that worker started
3411 : * or stopped. If so, cancel any notifications destined for the
3412 : * now-dead backend.
3413 : */
3414 2516 : if (rw->rw_backend->bgworker_notify)
3415 142 : BackgroundWorkerStopNotifications(rw->rw_pid);
3416 2516 : free(rw->rw_backend);
3417 2516 : rw->rw_backend = NULL;
3418 2516 : rw->rw_pid = 0;
3419 2516 : rw->rw_child_slot = 0;
3420 2516 : ReportBackgroundWorkerExit(&iter); /* report child death */
3421 :
3422 2516 : LogChildExit(EXIT_STATUS_0(exitstatus) ? DEBUG1 : LOG,
3423 : namebuf, pid, exitstatus);
3424 :
3425 2516 : return true;
3426 : }
3427 :
3428 12122 : return false;
3429 : }
3430 :
3431 : /*
3432 : * CleanupBackend -- cleanup after terminated backend.
3433 : *
3434 : * Remove all local state associated with backend.
3435 : *
3436 : * If you change this, see also CleanupBackgroundWorker.
3437 : */
3438 : static void
3439 12122 : CleanupBackend(int pid,
3440 : int exitstatus) /* child's exit status. */
3441 : {
3442 : dlist_mutable_iter iter;
3443 :
3444 12122 : LogChildExit(DEBUG2, _("server process"), pid, exitstatus);
3445 :
3446 : /*
3447 : * If a backend dies in an ugly way then we must signal all other backends
3448 : * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
3449 : * assume everything is all right and proceed to remove the backend from
3450 : * the active backend list.
3451 : */
3452 :
3453 : #ifdef WIN32
3454 :
3455 : /*
3456 : * On win32, also treat ERROR_WAIT_NO_CHILDREN (128) as nonfatal case,
3457 : * since that sometimes happens under load when the process fails to start
3458 : * properly (long before it starts using shared memory). Microsoft reports
3459 : * it is related to mutex failure:
3460 : * http://archives.postgresql.org/pgsql-hackers/2010-09/msg00790.php
3461 : */
3462 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
3463 : {
3464 : LogChildExit(LOG, _("server process"), pid, exitstatus);
3465 : exitstatus = 0;
3466 : }
3467 : #endif
3468 :
3469 12122 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3470 : {
3471 242 : HandleChildCrash(pid, exitstatus, _("server process"));
3472 242 : return;
3473 : }
3474 :
3475 23110 : dlist_foreach_modify(iter, &BackendList)
3476 : {
3477 23110 : Backend *bp = dlist_container(Backend, elem, iter.cur);
3478 :
3479 23110 : if (bp->pid == pid)
3480 : {
3481 11880 : if (!bp->dead_end)
3482 : {
3483 11856 : if (!ReleasePostmasterChildSlot(bp->child_slot))
3484 : {
3485 : /*
3486 : * Uh-oh, the child failed to clean itself up. Treat as a
3487 : * crash after all.
3488 : */
3489 0 : HandleChildCrash(pid, exitstatus, _("server process"));
3490 0 : return;
3491 : }
3492 : #ifdef EXEC_BACKEND
3493 : ShmemBackendArrayRemove(bp);
3494 : #endif
3495 : }
3496 11880 : if (bp->bgworker_notify)
3497 : {
3498 : /*
3499 : * This backend may have been slated to receive SIGUSR1 when
3500 : * some background worker started or stopped. Cancel those
3501 : * notifications, as we don't want to signal PIDs that are not
3502 : * PostgreSQL backends. This gets skipped in the (probably
3503 : * very common) case where the backend has never requested any
3504 : * such notifications.
3505 : */
3506 76 : BackgroundWorkerStopNotifications(bp->pid);
3507 : }
3508 11880 : dlist_delete(iter.cur);
3509 11880 : free(bp);
3510 11880 : break;
3511 : }
3512 : }
3513 : }
3514 :
3515 : /*
3516 : * HandleChildCrash -- cleanup after failed backend, bgwriter, checkpointer,
3517 : * walwriter, autovacuum, archiver or background worker.
3518 : *
3519 : * The objectives here are to clean up our local state about the child
3520 : * process, and to signal all other remaining children to quickdie.
3521 : */
3522 : static void
3523 2124 : HandleChildCrash(int pid, int exitstatus, const char *procname)
3524 : {
3525 : dlist_mutable_iter iter;
3526 : slist_iter siter;
3527 : Backend *bp;
3528 : bool take_action;
3529 :
3530 : /*
3531 : * We only log messages and send signals if this is the first process
3532 : * crash and we're not doing an immediate shutdown; otherwise, we're only
3533 : * here to update postmaster's idea of live processes. If we have already
3534 : * signaled children, nonzero exit status is to be expected, so don't
3535 : * clutter log.
3536 : */
3537 2124 : take_action = !FatalError && Shutdown != ImmediateShutdown;
3538 :
3539 2124 : if (take_action)
3540 : {
3541 14 : LogChildExit(LOG, procname, pid, exitstatus);
3542 14 : ereport(LOG,
3543 : (errmsg("terminating any other active server processes")));
3544 14 : SetQuitSignalReason(PMQUIT_FOR_CRASH);
3545 : }
3546 :
3547 : /* Process background workers. */
3548 4300 : slist_foreach(siter, &BackgroundWorkerList)
3549 : {
3550 : RegisteredBgWorker *rw;
3551 :
3552 2176 : rw = slist_container(RegisteredBgWorker, rw_lnode, siter.cur);
3553 2176 : if (rw->rw_pid == 0)
3554 854 : continue; /* not running */
3555 1322 : if (rw->rw_pid == pid)
3556 : {
3557 : /*
3558 : * Found entry for freshly-dead worker, so remove it.
3559 : */
3560 332 : (void) ReleasePostmasterChildSlot(rw->rw_child_slot);
3561 332 : dlist_delete(&rw->rw_backend->elem);
3562 : #ifdef EXEC_BACKEND
3563 : ShmemBackendArrayRemove(rw->rw_backend);
3564 : #endif
3565 332 : free(rw->rw_backend);
3566 332 : rw->rw_backend = NULL;
3567 332 : rw->rw_pid = 0;
3568 332 : rw->rw_child_slot = 0;
3569 : /* don't reset crashed_at */
3570 : /* don't report child stop, either */
3571 : /* Keep looping so we can signal remaining workers */
3572 : }
3573 : else
3574 : {
3575 : /*
3576 : * This worker is still alive. Unless we did so already, tell it
3577 : * to commit hara-kiri.
3578 : *
3579 : * SIGQUIT is the special signal that says exit without proc_exit
3580 : * and let the user know what's going on. But if SendStop is set
3581 : * (-T on command line), then we send SIGSTOP instead, so that we
3582 : * can get core dumps from all backends by hand.
3583 : */
3584 990 : if (take_action)
3585 : {
3586 8 : ereport(DEBUG2,
3587 : (errmsg_internal("sending %s to process %d",
3588 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3589 : (int) rw->rw_pid)));
3590 8 : signal_child(rw->rw_pid, (SendStop ? SIGSTOP : SIGQUIT));
3591 : }
3592 : }
3593 : }
3594 :
3595 : /* Process regular backends */
3596 4474 : dlist_foreach_modify(iter, &BackendList)
3597 : {
3598 2350 : bp = dlist_container(Backend, elem, iter.cur);
3599 :
3600 2350 : if (bp->pid == pid)
3601 : {
3602 : /*
3603 : * Found entry for freshly-dead backend, so remove it.
3604 : */
3605 242 : if (!bp->dead_end)
3606 : {
3607 242 : (void) ReleasePostmasterChildSlot(bp->child_slot);
3608 : #ifdef EXEC_BACKEND
3609 : ShmemBackendArrayRemove(bp);
3610 : #endif
3611 : }
3612 242 : dlist_delete(iter.cur);
3613 242 : free(bp);
3614 : /* Keep looping so we can signal remaining backends */
3615 : }
3616 : else
3617 : {
3618 : /*
3619 : * This backend is still alive. Unless we did so already, tell it
3620 : * to commit hara-kiri.
3621 : *
3622 : * SIGQUIT is the special signal that says exit without proc_exit
3623 : * and let the user know what's going on. But if SendStop is set
3624 : * (-T on command line), then we send SIGSTOP instead, so that we
3625 : * can get core dumps from all backends by hand.
3626 : *
3627 : * We could exclude dead_end children here, but at least in the
3628 : * SIGSTOP case it seems better to include them.
3629 : *
3630 : * Background workers were already processed above; ignore them
3631 : * here.
3632 : */
3633 2108 : if (bp->bkend_type == BACKEND_TYPE_BGWORKER)
3634 990 : continue;
3635 :
3636 1118 : if (take_action)
3637 : {
3638 8 : ereport(DEBUG2,
3639 : (errmsg_internal("sending %s to process %d",
3640 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3641 : (int) bp->pid)));
3642 8 : signal_child(bp->pid, (SendStop ? SIGSTOP : SIGQUIT));
3643 : }
3644 : }
3645 : }
3646 :
3647 : /* Take care of the startup process too */
3648 2124 : if (pid == StartupPID)
3649 : {
3650 0 : StartupPID = 0;
3651 : /* Caller adjusts StartupStatus, so don't touch it here */
3652 : }
3653 2124 : else if (StartupPID != 0 && take_action)
3654 : {
3655 0 : ereport(DEBUG2,
3656 : (errmsg_internal("sending %s to process %d",
3657 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3658 : (int) StartupPID)));
3659 0 : signal_child(StartupPID, (SendStop ? SIGSTOP : SIGQUIT));
3660 0 : StartupStatus = STARTUP_SIGNALED;
3661 : }
3662 :
3663 : /* Take care of the bgwriter too */
3664 2124 : if (pid == BgWriterPID)
3665 0 : BgWriterPID = 0;
3666 2124 : else if (BgWriterPID != 0 && take_action)
3667 : {
3668 14 : ereport(DEBUG2,
3669 : (errmsg_internal("sending %s to process %d",
3670 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3671 : (int) BgWriterPID)));
3672 14 : signal_child(BgWriterPID, (SendStop ? SIGSTOP : SIGQUIT));
3673 : }
3674 :
3675 : /* Take care of the checkpointer too */
3676 2124 : if (pid == CheckpointerPID)
3677 0 : CheckpointerPID = 0;
3678 2124 : else if (CheckpointerPID != 0 && take_action)
3679 : {
3680 14 : ereport(DEBUG2,
3681 : (errmsg_internal("sending %s to process %d",
3682 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3683 : (int) CheckpointerPID)));
3684 14 : signal_child(CheckpointerPID, (SendStop ? SIGSTOP : SIGQUIT));
3685 : }
3686 :
3687 : /* Take care of the walwriter too */
3688 2124 : if (pid == WalWriterPID)
3689 0 : WalWriterPID = 0;
3690 2124 : else if (WalWriterPID != 0 && take_action)
3691 : {
3692 8 : ereport(DEBUG2,
3693 : (errmsg_internal("sending %s to process %d",
3694 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3695 : (int) WalWriterPID)));
3696 8 : signal_child(WalWriterPID, (SendStop ? SIGSTOP : SIGQUIT));
3697 : }
3698 :
3699 : /* Take care of the walreceiver too */
3700 2124 : if (pid == WalReceiverPID)
3701 0 : WalReceiverPID = 0;
3702 2124 : else if (WalReceiverPID != 0 && take_action)
3703 : {
3704 0 : ereport(DEBUG2,
3705 : (errmsg_internal("sending %s to process %d",
3706 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3707 : (int) WalReceiverPID)));
3708 0 : signal_child(WalReceiverPID, (SendStop ? SIGSTOP : SIGQUIT));
3709 : }
3710 :
3711 : /* Take care of the autovacuum launcher too */
3712 2124 : if (pid == AutoVacPID)
3713 0 : AutoVacPID = 0;
3714 2124 : else if (AutoVacPID != 0 && take_action)
3715 : {
3716 8 : ereport(DEBUG2,
3717 : (errmsg_internal("sending %s to process %d",
3718 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3719 : (int) AutoVacPID)));
3720 8 : signal_child(AutoVacPID, (SendStop ? SIGSTOP : SIGQUIT));
3721 : }
3722 :
3723 : /* Take care of the archiver too */
3724 2124 : if (pid == PgArchPID)
3725 0 : PgArchPID = 0;
3726 2124 : else if (PgArchPID != 0 && take_action)
3727 : {
3728 0 : ereport(DEBUG2,
3729 : (errmsg_internal("sending %s to process %d",
3730 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3731 : (int) PgArchPID)));
3732 0 : signal_child(PgArchPID, (SendStop ? SIGSTOP : SIGQUIT));
3733 : }
3734 :
3735 : /*
3736 : * Force a power-cycle of the pgstat process too. (This isn't absolutely
3737 : * necessary, but it seems like a good idea for robustness, and it
3738 : * simplifies the state-machine logic in the case where a shutdown request
3739 : * arrives during crash processing.)
3740 : */
3741 2124 : if (PgStatPID != 0 && take_action)
3742 : {
3743 10 : ereport(DEBUG2,
3744 : (errmsg_internal("sending %s to process %d",
3745 : "SIGQUIT",
3746 : (int) PgStatPID)));
3747 10 : signal_child(PgStatPID, SIGQUIT);
3748 10 : allow_immediate_pgstat_restart();
3749 : }
3750 :
3751 : /* We do NOT restart the syslogger */
3752 :
3753 2124 : if (Shutdown != ImmediateShutdown)
3754 74 : FatalError = true;
3755 :
3756 : /* We now transit into a state of waiting for children to die */
3757 2124 : if (pmState == PM_RECOVERY ||
3758 2120 : pmState == PM_HOT_STANDBY ||
3759 2118 : pmState == PM_RUN ||
3760 2110 : pmState == PM_STOP_BACKENDS ||
3761 2110 : pmState == PM_SHUTDOWN)
3762 14 : pmState = PM_WAIT_BACKENDS;
3763 :
3764 : /*
3765 : * .. and if this doesn't happen quickly enough, now the clock is ticking
3766 : * for us to kill them without mercy.
3767 : */
3768 2124 : if (AbortStartTime == 0)
3769 14 : AbortStartTime = time(NULL);
3770 2124 : }
3771 :
3772 : /*
3773 : * Log the death of a child process.
3774 : */
3775 : static void
3776 14652 : LogChildExit(int lev, const char *procname, int pid, int exitstatus)
3777 : {
3778 : /*
3779 : * size of activity_buffer is arbitrary, but set equal to default
3780 : * track_activity_query_size
3781 : */
3782 : char activity_buffer[1024];
3783 14652 : const char *activity = NULL;
3784 :
3785 14652 : if (!EXIT_STATUS_0(exitstatus))
3786 998 : activity = pgstat_get_crashed_backend_activity(pid,
3787 : activity_buffer,
3788 : sizeof(activity_buffer));
3789 :
3790 14652 : if (WIFEXITED(exitstatus))
3791 14640 : ereport(lev,
3792 :
3793 : /*------
3794 : translator: %s is a noun phrase describing a child process, such as
3795 : "server process" */
3796 : (errmsg("%s (PID %d) exited with exit code %d",
3797 : procname, pid, WEXITSTATUS(exitstatus)),
3798 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3799 12 : else if (WIFSIGNALED(exitstatus))
3800 : {
3801 : #if defined(WIN32)
3802 : ereport(lev,
3803 :
3804 : /*------
3805 : translator: %s is a noun phrase describing a child process, such as
3806 : "server process" */
3807 : (errmsg("%s (PID %d) was terminated by exception 0x%X",
3808 : procname, pid, WTERMSIG(exitstatus)),
3809 : errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
3810 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3811 : #else
3812 12 : ereport(lev,
3813 :
3814 : /*------
3815 : translator: %s is a noun phrase describing a child process, such as
3816 : "server process" */
3817 : (errmsg("%s (PID %d) was terminated by signal %d: %s",
3818 : procname, pid, WTERMSIG(exitstatus),
3819 : pg_strsignal(WTERMSIG(exitstatus))),
3820 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3821 : #endif
3822 : }
3823 : else
3824 0 : ereport(lev,
3825 :
3826 : /*------
3827 : translator: %s is a noun phrase describing a child process, such as
3828 : "server process" */
3829 : (errmsg("%s (PID %d) exited with unrecognized status %d",
3830 : procname, pid, exitstatus),
3831 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3832 14652 : }
3833 :
3834 : /*
3835 : * Advance the postmaster's state machine and take actions as appropriate
3836 : *
3837 : * This is common code for pmdie(), reaper() and sigusr1_handler(), which
3838 : * receive the signals that might mean we need to change state.
3839 : */
3840 : static void
3841 20872 : PostmasterStateMachine(void)
3842 : {
3843 : /* If we're doing a smart shutdown, try to advance that state. */
3844 20872 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
3845 : {
3846 14998 : if (connsAllowed == ALLOW_SUPERUSER_CONNS)
3847 : {
3848 : /*
3849 : * ALLOW_SUPERUSER_CONNS state ends as soon as online backup mode
3850 : * is not active.
3851 : */
3852 8 : if (!BackupInProgress())
3853 8 : connsAllowed = ALLOW_NO_CONNS;
3854 : }
3855 :
3856 14998 : if (connsAllowed == ALLOW_NO_CONNS)
3857 : {
3858 : /*
3859 : * ALLOW_NO_CONNS state ends when we have no normal client
3860 : * backends running. Then we're ready to stop other children.
3861 : */
3862 16 : if (CountChildren(BACKEND_TYPE_NORMAL) == 0)
3863 8 : pmState = PM_STOP_BACKENDS;
3864 : }
3865 : }
3866 :
3867 : /*
3868 : * If we're ready to do so, signal child processes to shut down. (This
3869 : * isn't a persistent state, but treating it as a distinct pmState allows
3870 : * us to share this code across multiple shutdown code paths.)
3871 : */
3872 20872 : if (pmState == PM_STOP_BACKENDS)
3873 : {
3874 : /*
3875 : * Forget any pending requests for background workers, since we're no
3876 : * longer willing to launch any new workers. (If additional requests
3877 : * arrive, BackgroundWorkerStateChange will reject them.)
3878 : */
3879 544 : ForgetUnstartedBackgroundWorkers();
3880 :
3881 : /* Signal all backend children except walsenders */
3882 544 : SignalSomeChildren(SIGTERM,
3883 : BACKEND_TYPE_ALL - BACKEND_TYPE_WALSND);
3884 : /* and the autovac launcher too */
3885 544 : if (AutoVacPID != 0)
3886 472 : signal_child(AutoVacPID, SIGTERM);
3887 : /* and the bgwriter too */
3888 544 : if (BgWriterPID != 0)
3889 544 : signal_child(BgWriterPID, SIGTERM);
3890 : /* and the walwriter too */
3891 544 : if (WalWriterPID != 0)
3892 498 : signal_child(WalWriterPID, SIGTERM);
3893 : /* If we're in recovery, also stop startup and walreceiver procs */
3894 544 : if (StartupPID != 0)
3895 46 : signal_child(StartupPID, SIGTERM);
3896 544 : if (WalReceiverPID != 0)
3897 30 : signal_child(WalReceiverPID, SIGTERM);
3898 : /* checkpointer, archiver, stats, and syslogger may continue for now */
3899 :
3900 : /* Now transition to PM_WAIT_BACKENDS state to wait for them to die */
3901 544 : pmState = PM_WAIT_BACKENDS;
3902 : }
3903 :
3904 : /*
3905 : * If we are in a state-machine state that implies waiting for backends to
3906 : * exit, see if they're all gone, and change state if so.
3907 : */
3908 20872 : if (pmState == PM_WAIT_BACKENDS)
3909 : {
3910 : /*
3911 : * PM_WAIT_BACKENDS state ends when we have no regular backends
3912 : * (including autovac workers), no bgworkers (including unconnected
3913 : * ones), and no walwriter, autovac launcher or bgwriter. If we are
3914 : * doing crash recovery or an immediate shutdown then we expect the
3915 : * checkpointer to exit as well, otherwise not. The stats and
3916 : * syslogger processes are disregarded since they are not connected to
3917 : * shared memory; we also disregard dead_end children here. Walsenders
3918 : * and archiver are also disregarded, they will be terminated later
3919 : * after writing the checkpoint record.
3920 : */
3921 4314 : if (CountChildren(BACKEND_TYPE_ALL - BACKEND_TYPE_WALSND) == 0 &&
3922 2154 : StartupPID == 0 &&
3923 2020 : WalReceiverPID == 0 &&
3924 1984 : BgWriterPID == 0 &&
3925 1392 : (CheckpointerPID == 0 ||
3926 896 : (!FatalError && Shutdown < ImmediateShutdown)) &&
3927 1320 : WalWriterPID == 0 &&
3928 1070 : AutoVacPID == 0)
3929 : {
3930 942 : if (Shutdown >= ImmediateShutdown || FatalError)
3931 : {
3932 : /*
3933 : * Start waiting for dead_end children to die. This state
3934 : * change causes ServerLoop to stop creating new ones.
3935 : */
3936 398 : pmState = PM_WAIT_DEAD_END;
3937 :
3938 : /*
3939 : * We already SIGQUIT'd the archiver and stats processes, if
3940 : * any, when we started immediate shutdown or entered
3941 : * FatalError state.
3942 : */
3943 : }
3944 : else
3945 : {
3946 : /*
3947 : * If we get here, we are proceeding with normal shutdown. All
3948 : * the regular children are gone, and it's time to tell the
3949 : * checkpointer to do a shutdown checkpoint.
3950 : */
3951 : Assert(Shutdown > NoShutdown);
3952 : /* Start the checkpointer if not running */
3953 544 : if (CheckpointerPID == 0)
3954 0 : CheckpointerPID = StartCheckpointer();
3955 : /* And tell it to shut down */
3956 544 : if (CheckpointerPID != 0)
3957 : {
3958 544 : signal_child(CheckpointerPID, SIGUSR2);
3959 544 : pmState = PM_SHUTDOWN;
3960 : }
3961 : else
3962 : {
3963 : /*
3964 : * If we failed to fork a checkpointer, just shut down.
3965 : * Any required cleanup will happen at next restart. We
3966 : * set FatalError so that an "abnormal shutdown" message
3967 : * gets logged when we exit.
3968 : */
3969 0 : FatalError = true;
3970 0 : pmState = PM_WAIT_DEAD_END;
3971 :
3972 : /* Kill the walsenders, archiver and stats collector too */
3973 0 : SignalChildren(SIGQUIT);
3974 0 : if (PgArchPID != 0)
3975 0 : signal_child(PgArchPID, SIGQUIT);
3976 0 : if (PgStatPID != 0)
3977 0 : signal_child(PgStatPID, SIGQUIT);
3978 : }
3979 : }
3980 : }
3981 : }
3982 :
3983 20872 : if (pmState == PM_SHUTDOWN_2)
3984 : {
3985 : /*
3986 : * PM_SHUTDOWN_2 state ends when there's no other children than
3987 : * dead_end children left. There shouldn't be any regular backends
3988 : * left by now anyway; what we're really waiting for is walsenders and
3989 : * archiver.
3990 : */
3991 610 : if (PgArchPID == 0 && CountChildren(BACKEND_TYPE_ALL) == 0)
3992 : {
3993 544 : pmState = PM_WAIT_DEAD_END;
3994 : }
3995 : }
3996 :
3997 20872 : if (pmState == PM_WAIT_DEAD_END)
3998 : {
3999 : /*
4000 : * PM_WAIT_DEAD_END state ends when the BackendList is entirely empty
4001 : * (ie, no dead_end children remain), and the archiver and stats
4002 : * collector are gone too.
4003 : *
4004 : * The reason we wait for those two is to protect them against a new
4005 : * postmaster starting conflicting subprocesses; this isn't an
4006 : * ironclad protection, but it at least helps in the
4007 : * shutdown-and-immediately-restart scenario. Note that they have
4008 : * already been sent appropriate shutdown signals, either during a
4009 : * normal state transition leading up to PM_WAIT_DEAD_END, or during
4010 : * FatalError processing.
4011 : */
4012 1878 : if (dlist_is_empty(&BackendList) &&
4013 1868 : PgArchPID == 0 && PgStatPID == 0)
4014 : {
4015 : /* These other guys should be dead already */
4016 : Assert(StartupPID == 0);
4017 : Assert(WalReceiverPID == 0);
4018 : Assert(BgWriterPID == 0);
4019 : Assert(CheckpointerPID == 0);
4020 : Assert(WalWriterPID == 0);
4021 : Assert(AutoVacPID == 0);
4022 : /* syslogger is not considered here */
4023 942 : pmState = PM_NO_CHILDREN;
4024 : }
4025 : }
4026 :
4027 : /*
4028 : * If we've been told to shut down, we exit as soon as there are no
4029 : * remaining children. If there was a crash, cleanup will occur at the
4030 : * next startup. (Before PostgreSQL 8.3, we tried to recover from the
4031 : * crash before exiting, but that seems unwise if we are quitting because
4032 : * we got SIGTERM from init --- there may well not be time for recovery
4033 : * before init decides to SIGKILL us.)
4034 : *
4035 : * Note that the syslogger continues to run. It will exit when it sees
4036 : * EOF on its input pipe, which happens when there are no more upstream
4037 : * processes.
4038 : */
4039 20872 : if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
4040 : {
4041 928 : if (FatalError)
4042 : {
4043 0 : ereport(LOG, (errmsg("abnormal database system shutdown")));
4044 0 : ExitPostmaster(1);
4045 : }
4046 : else
4047 : {
4048 : /*
4049 : * Terminate exclusive backup mode to avoid recovery after a clean
4050 : * fast shutdown. Since an exclusive backup can only be taken
4051 : * during normal running (and not, for example, while running
4052 : * under Hot Standby) it only makes sense to do this if we reached
4053 : * normal running. If we're still in recovery, the backup file is
4054 : * one we're recovering *from*, and we must keep it around so that
4055 : * recovery restarts from the right place.
4056 : */
4057 928 : if (ReachedNormalRunning)
4058 812 : CancelBackup();
4059 :
4060 : /*
4061 : * Normal exit from the postmaster is here. We don't need to log
4062 : * anything here, since the UnlinkLockFiles proc_exit callback
4063 : * will do so, and that should be the last user-visible action.
4064 : */
4065 928 : ExitPostmaster(0);
4066 : }
4067 : }
4068 :
4069 : /*
4070 : * If the startup process failed, or the user does not want an automatic
4071 : * restart after backend crashes, wait for all non-syslogger children to
4072 : * exit, and then exit postmaster. We don't try to reinitialize when the
4073 : * startup process fails, because more than likely it will just fail again
4074 : * and we will keep trying forever.
4075 : */
4076 19944 : if (pmState == PM_NO_CHILDREN)
4077 : {
4078 14 : if (StartupStatus == STARTUP_CRASHED)
4079 : {
4080 6 : ereport(LOG,
4081 : (errmsg("shutting down due to startup process failure")));
4082 6 : ExitPostmaster(1);
4083 : }
4084 8 : if (!restart_after_crash)
4085 : {
4086 0 : ereport(LOG,
4087 : (errmsg("shutting down because restart_after_crash is off")));
4088 0 : ExitPostmaster(1);
4089 : }
4090 : }
4091 :
4092 : /*
4093 : * If we need to recover from a crash, wait for all non-syslogger children
4094 : * to exit, then reset shmem and StartupDataBase.
4095 : */
4096 19938 : if (FatalError && pmState == PM_NO_CHILDREN)
4097 : {
4098 8 : ereport(LOG,
4099 : (errmsg("all server processes terminated; reinitializing")));
4100 :
4101 : /* remove leftover temporary files after a crash */
4102 8 : if (remove_temp_files_after_crash)
4103 6 : RemovePgTempFiles();
4104 :
4105 : /* allow background workers to immediately restart */
4106 8 : ResetBackgroundWorkerCrashTimes();
4107 :
4108 8 : shmem_exit(1);
4109 :
4110 : /* re-read control file into local memory */
4111 8 : LocalProcessControlFile(true);
4112 :
4113 8 : reset_shared();
4114 :
4115 8 : StartupPID = StartupDataBase();
4116 : Assert(StartupPID != 0);
4117 8 : StartupStatus = STARTUP_RUNNING;
4118 8 : pmState = PM_STARTUP;
4119 : /* crash recovery started, reset SIGKILL flag */
4120 8 : AbortStartTime = 0;
4121 : }
4122 19938 : }
4123 :
4124 :
4125 : /*
4126 : * Send a signal to a postmaster child process
4127 : *
4128 : * On systems that have setsid(), each child process sets itself up as a
4129 : * process group leader. For signals that are generally interpreted in the
4130 : * appropriate fashion, we signal the entire process group not just the
4131 : * direct child process. This allows us to, for example, SIGQUIT a blocked
4132 : * archive_recovery script, or SIGINT a script being run by a backend via
4133 : * system().
4134 : *
4135 : * There is a race condition for recently-forked children: they might not
4136 : * have executed setsid() yet. So we signal the child directly as well as
4137 : * the group. We assume such a child will handle the signal before trying
4138 : * to spawn any grandchild processes. We also assume that signaling the
4139 : * child twice will not cause any problems.
4140 : */
4141 : static void
4142 6886 : signal_child(pid_t pid, int signal)
4143 : {
4144 6886 : if (kill(pid, signal) < 0)
4145 0 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
4146 : #ifdef HAVE_SETSID
4147 6886 : switch (signal)
4148 : {
4149 5446 : case SIGINT:
4150 : case SIGTERM:
4151 : case SIGQUIT:
4152 : case SIGSTOP:
4153 : case SIGKILL:
4154 5446 : if (kill(-pid, signal) < 0)
4155 6 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
4156 5446 : break;
4157 1440 : default:
4158 1440 : break;
4159 : }
4160 : #endif
4161 6886 : }
4162 :
4163 : /*
4164 : * Send a signal to the targeted children (but NOT special children;
4165 : * dead_end children are never signaled, either).
4166 : */
4167 : static bool
4168 1576 : SignalSomeChildren(int signal, int target)
4169 : {
4170 : dlist_iter iter;
4171 1576 : bool signaled = false;
4172 :
4173 3284 : dlist_foreach(iter, &BackendList)
4174 : {
4175 1708 : Backend *bp = dlist_container(Backend, elem, iter.cur);
4176 :
4177 1708 : if (bp->dead_end)
4178 6 : continue;
4179 :
4180 : /*
4181 : * Since target == BACKEND_TYPE_ALL is the most common case, we test
4182 : * it first and avoid touching shared memory for every child.
4183 : */
4184 1702 : if (target != BACKEND_TYPE_ALL)
4185 : {
4186 : /*
4187 : * Assign bkend_type for any recently announced WAL Sender
4188 : * processes.
4189 : */
4190 1154 : if (bp->bkend_type == BACKEND_TYPE_NORMAL &&
4191 310 : IsPostmasterChildWalSender(bp->child_slot))
4192 46 : bp->bkend_type = BACKEND_TYPE_WALSND;
4193 :
4194 844 : if (!(target & bp->bkend_type))
4195 46 : continue;
4196 : }
4197 :
4198 1656 : ereport(DEBUG4,
4199 : (errmsg_internal("sending signal %d to process %d",
4200 : signal, (int) bp->pid)));
4201 1656 : signal_child(bp->pid, signal);
4202 1656 : signaled = true;
4203 : }
4204 1576 : return signaled;
4205 : }
4206 :
4207 : /*
4208 : * Send a termination signal to children. This considers all of our children
4209 : * processes, except syslogger and dead_end backends.
4210 : */
4211 : static void
4212 384 : TerminateChildren(int signal)
4213 : {
4214 384 : SignalChildren(signal);
4215 384 : if (StartupPID != 0)
4216 : {
4217 70 : signal_child(StartupPID, signal);
4218 70 : if (signal == SIGQUIT || signal == SIGKILL)
4219 70 : StartupStatus = STARTUP_SIGNALED;
4220 : }
4221 384 : if (BgWriterPID != 0)
4222 384 : signal_child(BgWriterPID, signal);
4223 384 : if (CheckpointerPID != 0)
4224 384 : signal_child(CheckpointerPID, signal);
4225 384 : if (WalWriterPID != 0)
4226 314 : signal_child(WalWriterPID, signal);
4227 384 : if (WalReceiverPID != 0)
4228 18 : signal_child(WalReceiverPID, signal);
4229 384 : if (AutoVacPID != 0)
4230 296 : signal_child(AutoVacPID, signal);
4231 384 : if (PgArchPID != 0)
4232 34 : signal_child(PgArchPID, signal);
4233 384 : if (PgStatPID != 0)
4234 384 : signal_child(PgStatPID, signal);
4235 384 : }
4236 :
4237 : /*
4238 : * BackendStartup -- start backend process
4239 : *
4240 : * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
4241 : *
4242 : * Note: if you change this code, also consider StartAutovacuumWorker.
4243 : */
4244 : static int
4245 12070 : BackendStartup(Port *port)
4246 : {
4247 : Backend *bn; /* for backend cleanup */
4248 : pid_t pid;
4249 :
4250 : /*
4251 : * Create backend data structure. Better before the fork() so we can
4252 : * handle failure cleanly.
4253 : */
4254 12070 : bn = (Backend *) malloc(sizeof(Backend));
4255 12070 : if (!bn)
4256 : {
4257 0 : ereport(LOG,
4258 : (errcode(ERRCODE_OUT_OF_MEMORY),
4259 : errmsg("out of memory")));
4260 0 : return STATUS_ERROR;
4261 : }
4262 :
4263 : /*
4264 : * Compute the cancel key that will be assigned to this backend. The
4265 : * backend will have its own copy in the forked-off process' value of
4266 : * MyCancelKey, so that it can transmit the key to the frontend.
4267 : */
4268 12070 : if (!RandomCancelKey(&MyCancelKey))
4269 : {
4270 0 : free(bn);
4271 0 : ereport(LOG,
4272 : (errcode(ERRCODE_INTERNAL_ERROR),
4273 : errmsg("could not generate random cancel key")));
4274 0 : return STATUS_ERROR;
4275 : }
4276 :
4277 12070 : bn->cancel_key = MyCancelKey;
4278 :
4279 : /* Pass down canAcceptConnections state */
4280 12070 : port->canAcceptConnections = canAcceptConnections(BACKEND_TYPE_NORMAL);
4281 12094 : bn->dead_end = (port->canAcceptConnections != CAC_OK &&
4282 24 : port->canAcceptConnections != CAC_SUPERUSER);
4283 :
4284 : /*
4285 : * Unless it's a dead_end child, assign it a child slot number
4286 : */
4287 12070 : if (!bn->dead_end)
4288 12046 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
4289 : else
4290 24 : bn->child_slot = 0;
4291 :
4292 : /* Hasn't asked to be notified about any bgworkers yet */
4293 12070 : bn->bgworker_notify = false;
4294 :
4295 : #ifdef EXEC_BACKEND
4296 : pid = backend_forkexec(port);
4297 : #else /* !EXEC_BACKEND */
4298 12070 : pid = fork_process();
4299 23936 : if (pid == 0) /* child */
4300 : {
4301 11868 : free(bn);
4302 :
4303 : /* Detangle from postmaster */
4304 11868 : InitPostmasterChild();
4305 :
4306 : /* Close the postmaster's sockets */
4307 11868 : ClosePostmasterPorts(false);
4308 :
4309 : /* Perform additional initialization and collect startup packet */
4310 11868 : BackendInitialize(port);
4311 :
4312 : /*
4313 : * Create a per-backend PGPROC struct in shared memory. We must do
4314 : * this before we can use LWLocks. In the !EXEC_BACKEND case (here)
4315 : * this could be delayed a bit further, but EXEC_BACKEND needs to do
4316 : * stuff with LWLocks before PostgresMain(), so we do it here as well
4317 : * for symmetry.
4318 : */
4319 11794 : InitProcess();
4320 :
4321 : /* And run the backend */
4322 11790 : BackendRun(port);
4323 : }
4324 : #endif /* EXEC_BACKEND */
4325 :
4326 12068 : if (pid < 0)
4327 : {
4328 : /* in parent, fork failed */
4329 0 : int save_errno = errno;
4330 :
4331 0 : if (!bn->dead_end)
4332 0 : (void) ReleasePostmasterChildSlot(bn->child_slot);
4333 0 : free(bn);
4334 0 : errno = save_errno;
4335 0 : ereport(LOG,
4336 : (errmsg("could not fork new process for connection: %m")));
4337 0 : report_fork_failure_to_client(port, save_errno);
4338 0 : return STATUS_ERROR;
4339 : }
4340 :
4341 : /* in parent, successful fork */
4342 12068 : ereport(DEBUG2,
4343 : (errmsg_internal("forked new backend, pid=%d socket=%d",
4344 : (int) pid, (int) port->sock)));
4345 :
4346 : /*
4347 : * Everything's been successful, it's safe to add this backend to our list
4348 : * of backends.
4349 : */
4350 12068 : bn->pid = pid;
4351 12068 : bn->bkend_type = BACKEND_TYPE_NORMAL; /* Can change later to WALSND */
4352 12068 : dlist_push_head(&BackendList, &bn->elem);
4353 :
4354 : #ifdef EXEC_BACKEND
4355 : if (!bn->dead_end)
4356 : ShmemBackendArrayAdd(bn);
4357 : #endif
4358 :
4359 12068 : return STATUS_OK;
4360 : }
4361 :
4362 : /*
4363 : * Try to report backend fork() failure to client before we close the
4364 : * connection. Since we do not care to risk blocking the postmaster on
4365 : * this connection, we set the connection to non-blocking and try only once.
4366 : *
4367 : * This is grungy special-purpose code; we cannot use backend libpq since
4368 : * it's not up and running.
4369 : */
4370 : static void
4371 0 : report_fork_failure_to_client(Port *port, int errnum)
4372 : {
4373 : char buffer[1000];
4374 : int rc;
4375 :
4376 : /* Format the error message packet (always V2 protocol) */
4377 0 : snprintf(buffer, sizeof(buffer), "E%s%s\n",
4378 : _("could not fork new process for connection: "),
4379 : strerror(errnum));
4380 :
4381 : /* Set port to non-blocking. Don't do send() if this fails */
4382 0 : if (!pg_set_noblock(port->sock))
4383 0 : return;
4384 :
4385 : /* We'll retry after EINTR, but ignore all other failures */
4386 : do
4387 : {
4388 0 : rc = send(port->sock, buffer, strlen(buffer) + 1, 0);
4389 0 : } while (rc < 0 && errno == EINTR);
4390 : }
4391 :
4392 :
4393 : /*
4394 : * BackendInitialize -- initialize an interactive (postmaster-child)
4395 : * backend process, and collect the client's startup packet.
4396 : *
4397 : * returns: nothing. Will not return at all if there's any failure.
4398 : *
4399 : * Note: this code does not depend on having any access to shared memory.
4400 : * Indeed, our approach to SIGTERM/timeout handling *requires* that
4401 : * shared memory not have been touched yet; see comments within.
4402 : * In the EXEC_BACKEND case, we are physically attached to shared memory
4403 : * but have not yet set up most of our local pointers to shmem structures.
4404 : */
4405 : static void
4406 11868 : BackendInitialize(Port *port)
4407 : {
4408 : int status;
4409 : int ret;
4410 : char remote_host[NI_MAXHOST];
4411 : char remote_port[NI_MAXSERV];
4412 : StringInfoData ps_data;
4413 :
4414 : /* Save port etc. for ps status */
4415 11868 : MyProcPort = port;
4416 :
4417 : /* Tell fd.c about the long-lived FD associated with the port */
4418 11868 : ReserveExternalFD();
4419 :
4420 : /*
4421 : * PreAuthDelay is a debugging aid for investigating problems in the
4422 : * authentication cycle: it can be set in postgresql.conf to allow time to
4423 : * attach to the newly-forked backend with a debugger. (See also
4424 : * PostAuthDelay, which we allow clients to pass through PGOPTIONS, but it
4425 : * is not honored until after authentication.)
4426 : */
4427 11868 : if (PreAuthDelay > 0)
4428 0 : pg_usleep(PreAuthDelay * 1000000L);
4429 :
4430 : /* This flag will remain set until InitPostgres finishes authentication */
4431 11868 : ClientAuthInProgress = true; /* limit visibility of log messages */
4432 :
4433 : /* set these to empty in case they are needed before we set them up */
4434 11868 : port->remote_host = "";
4435 11868 : port->remote_port = "";
4436 :
4437 : /*
4438 : * Initialize libpq and enable reporting of ereport errors to the client.
4439 : * Must do this now because authentication uses libpq to send messages.
4440 : */
4441 11868 : pq_init(); /* initialize libpq to talk to client */
4442 11868 : whereToSendOutput = DestRemote; /* now safe to ereport to client */
4443 :
4444 : /*
4445 : * We arrange to do _exit(1) if we receive SIGTERM or timeout while trying
4446 : * to collect the startup packet; while SIGQUIT results in _exit(2).
4447 : * Otherwise the postmaster cannot shutdown the database FAST or IMMED
4448 : * cleanly if a buggy client fails to send the packet promptly.
4449 : *
4450 : * Exiting with _exit(1) is only possible because we have not yet touched
4451 : * shared memory; therefore no outside-the-process state needs to get
4452 : * cleaned up.
4453 : */
4454 11868 : pqsignal(SIGTERM, process_startup_packet_die);
4455 : /* SIGQUIT handler was already set up by InitPostmasterChild */
4456 11868 : InitializeTimeouts(); /* establishes SIGALRM handler */
4457 11868 : PG_SETMASK(&StartupBlockSig);
4458 :
4459 : /*
4460 : * Get the remote host name and port for logging and status display.
4461 : */
4462 11868 : remote_host[0] = '\0';
4463 11868 : remote_port[0] = '\0';
4464 11868 : if ((ret = pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
4465 : remote_host, sizeof(remote_host),
4466 : remote_port, sizeof(remote_port),
4467 : (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV)) != 0)
4468 0 : ereport(WARNING,
4469 : (errmsg_internal("pg_getnameinfo_all() failed: %s",
4470 : gai_strerror(ret))));
4471 :
4472 : /*
4473 : * Save remote_host and remote_port in port structure (after this, they
4474 : * will appear in log_line_prefix data for log messages).
4475 : */
4476 11868 : port->remote_host = strdup(remote_host);
4477 11868 : port->remote_port = strdup(remote_port);
4478 :
4479 : /* And now we can issue the Log_connections message, if wanted */
4480 11868 : if (Log_connections)
4481 : {
4482 274 : if (remote_port[0])
4483 152 : ereport(LOG,
4484 : (errmsg("connection received: host=%s port=%s",
4485 : remote_host,
4486 : remote_port)));
4487 : else
4488 122 : ereport(LOG,
4489 : (errmsg("connection received: host=%s",
4490 : remote_host)));
4491 : }
4492 :
4493 : /*
4494 : * If we did a reverse lookup to name, we might as well save the results
4495 : * rather than possibly repeating the lookup during authentication.
4496 : *
4497 : * Note that we don't want to specify NI_NAMEREQD above, because then we'd
4498 : * get nothing useful for a client without an rDNS entry. Therefore, we
4499 : * must check whether we got a numeric IPv4 or IPv6 address, and not save
4500 : * it into remote_hostname if so. (This test is conservative and might
4501 : * sometimes classify a hostname as numeric, but an error in that
4502 : * direction is safe; it only results in a possible extra lookup.)
4503 : */
4504 11868 : if (log_hostname &&
4505 152 : ret == 0 &&
4506 152 : strspn(remote_host, "0123456789.") < strlen(remote_host) &&
4507 152 : strspn(remote_host, "0123456789ABCDEFabcdef:") < strlen(remote_host))
4508 152 : port->remote_hostname = strdup(remote_host);
4509 :
4510 : /*
4511 : * Ready to begin client interaction. We will give up and _exit(1) after
4512 : * a time delay, so that a broken client can't hog a connection
4513 : * indefinitely. PreAuthDelay and any DNS interactions above don't count
4514 : * against the time limit.
4515 : *
4516 : * Note: AuthenticationTimeout is applied here while waiting for the
4517 : * startup packet, and then again in InitPostgres for the duration of any
4518 : * authentication operations. So a hostile client could tie up the
4519 : * process for nearly twice AuthenticationTimeout before we kick him off.
4520 : *
4521 : * Note: because PostgresMain will call InitializeTimeouts again, the
4522 : * registration of STARTUP_PACKET_TIMEOUT will be lost. This is okay
4523 : * since we never use it again after this function.
4524 : */
4525 11868 : RegisterTimeout(STARTUP_PACKET_TIMEOUT, StartupPacketTimeoutHandler);
4526 11868 : enable_timeout_after(STARTUP_PACKET_TIMEOUT, AuthenticationTimeout * 1000);
4527 :
4528 : /*
4529 : * Receive the startup packet (which might turn out to be a cancel request
4530 : * packet).
4531 : */
4532 11868 : status = ProcessStartupPacket(port, false, false);
4533 :
4534 : /*
4535 : * Disable the timeout, and prevent SIGTERM again.
4536 : */
4537 11844 : disable_timeout(STARTUP_PACKET_TIMEOUT, false);
4538 11844 : PG_SETMASK(&BlockSig);
4539 :
4540 : /*
4541 : * As a safety check that nothing in startup has yet performed
4542 : * shared-memory modifications that would need to be undone if we had
4543 : * exited through SIGTERM or timeout above, check that no on_shmem_exit
4544 : * handlers have been registered yet. (This isn't terribly bulletproof,
4545 : * since someone might misuse an on_proc_exit handler for shmem cleanup,
4546 : * but it's a cheap and helpful check. We cannot disallow on_proc_exit
4547 : * handlers unfortunately, since pq_init() already registered one.)
4548 : */
4549 11844 : check_on_shmem_exit_lists_are_empty();
4550 :
4551 : /*
4552 : * Stop here if it was bad or a cancel packet. ProcessStartupPacket
4553 : * already did any appropriate error reporting.
4554 : */
4555 11844 : if (status != STATUS_OK)
4556 50 : proc_exit(0);
4557 :
4558 : /*
4559 : * Now that we have the user and database name, we can set the process
4560 : * title for ps. It's good to do this as early as possible in startup.
4561 : */
4562 11794 : initStringInfo(&ps_data);
4563 11794 : if (am_walsender)
4564 962 : appendStringInfo(&ps_data, "%s ", GetBackendTypeDesc(B_WAL_SENDER));
4565 11794 : appendStringInfo(&ps_data, "%s ", port->user_name);
4566 11794 : if (!am_walsender)
4567 10832 : appendStringInfo(&ps_data, "%s ", port->database_name);
4568 11794 : appendStringInfo(&ps_data, "%s", port->remote_host);
4569 11794 : if (port->remote_port[0] != '\0')
4570 390 : appendStringInfo(&ps_data, "(%s)", port->remote_port);
4571 :
4572 11794 : init_ps_display(ps_data.data);
4573 11794 : pfree(ps_data.data);
4574 :
4575 11794 : set_ps_display("initializing");
4576 11794 : }
4577 :
4578 :
4579 : /*
4580 : * BackendRun -- set up the backend's argument list and invoke PostgresMain()
4581 : *
4582 : * returns:
4583 : * Doesn't return at all.
4584 : */
4585 : static void
4586 11790 : BackendRun(Port *port)
4587 : {
4588 : /*
4589 : * Make sure we aren't in PostmasterContext anymore. (We can't delete it
4590 : * just yet, though, because InitPostgres will need the HBA data.)
4591 : */
4592 11790 : MemoryContextSwitchTo(TopMemoryContext);
4593 :
4594 11790 : PostgresMain(port->database_name, port->user_name);
4595 : }
4596 :
4597 :
4598 : #ifdef EXEC_BACKEND
4599 :
4600 : /*
4601 : * postmaster_forkexec -- fork and exec a postmaster subprocess
4602 : *
4603 : * The caller must have set up the argv array already, except for argv[2]
4604 : * which will be filled with the name of the temp variable file.
4605 : *
4606 : * Returns the child process PID, or -1 on fork failure (a suitable error
4607 : * message has been logged on failure).
4608 : *
4609 : * All uses of this routine will dispatch to SubPostmasterMain in the
4610 : * child process.
4611 : */
4612 : pid_t
4613 : postmaster_forkexec(int argc, char *argv[])
4614 : {
4615 : Port port;
4616 :
4617 : /* This entry point passes dummy values for the Port variables */
4618 : memset(&port, 0, sizeof(port));
4619 : return internal_forkexec(argc, argv, &port);
4620 : }
4621 :
4622 : /*
4623 : * backend_forkexec -- fork/exec off a backend process
4624 : *
4625 : * Some operating systems (WIN32) don't have fork() so we have to simulate
4626 : * it by storing parameters that need to be passed to the child and
4627 : * then create a new child process.
4628 : *
4629 : * returns the pid of the fork/exec'd process, or -1 on failure
4630 : */
4631 : static pid_t
4632 : backend_forkexec(Port *port)
4633 : {
4634 : char *av[4];
4635 : int ac = 0;
4636 :
4637 : av[ac++] = "postgres";
4638 : av[ac++] = "--forkbackend";
4639 : av[ac++] = NULL; /* filled in by internal_forkexec */
4640 :
4641 : av[ac] = NULL;
4642 : Assert(ac < lengthof(av));
4643 :
4644 : return internal_forkexec(ac, av, port);
4645 : }
4646 :
4647 : #ifndef WIN32
4648 :
4649 : /*
4650 : * internal_forkexec non-win32 implementation
4651 : *
4652 : * - writes out backend variables to the parameter file
4653 : * - fork():s, and then exec():s the child process
4654 : */
4655 : static pid_t
4656 : internal_forkexec(int argc, char *argv[], Port *port)
4657 : {
4658 : static unsigned long tmpBackendFileNum = 0;
4659 : pid_t pid;
4660 : char tmpfilename[MAXPGPATH];
4661 : BackendParameters param;
4662 : FILE *fp;
4663 :
4664 : if (!save_backend_variables(¶m, port))
4665 : return -1; /* log made by save_backend_variables */
4666 :
4667 : /* Calculate name for temp file */
4668 : snprintf(tmpfilename, MAXPGPATH, "%s/%s.backend_var.%d.%lu",
4669 : PG_TEMP_FILES_DIR, PG_TEMP_FILE_PREFIX,
4670 : MyProcPid, ++tmpBackendFileNum);
4671 :
4672 : /* Open file */
4673 : fp = AllocateFile(tmpfilename, PG_BINARY_W);
4674 : if (!fp)
4675 : {
4676 : /*
4677 : * As in OpenTemporaryFileInTablespace, try to make the temp-file
4678 : * directory, ignoring errors.
4679 : */
4680 : (void) MakePGDirectory(PG_TEMP_FILES_DIR);
4681 :
4682 : fp = AllocateFile(tmpfilename, PG_BINARY_W);
4683 : if (!fp)
4684 : {
4685 : ereport(LOG,
4686 : (errcode_for_file_access(),
4687 : errmsg("could not create file \"%s\": %m",
4688 : tmpfilename)));
4689 : return -1;
4690 : }
4691 : }
4692 :
4693 : if (fwrite(¶m, sizeof(param), 1, fp) != 1)
4694 : {
4695 : ereport(LOG,
4696 : (errcode_for_file_access(),
4697 : errmsg("could not write to file \"%s\": %m", tmpfilename)));
4698 : FreeFile(fp);
4699 : return -1;
4700 : }
4701 :
4702 : /* Release file */
4703 : if (FreeFile(fp))
4704 : {
4705 : ereport(LOG,
4706 : (errcode_for_file_access(),
4707 : errmsg("could not write to file \"%s\": %m", tmpfilename)));
4708 : return -1;
4709 : }
4710 :
4711 : /* Make sure caller set up argv properly */
4712 : Assert(argc >= 3);
4713 : Assert(argv[argc] == NULL);
4714 : Assert(strncmp(argv[1], "--fork", 6) == 0);
4715 : Assert(argv[2] == NULL);
4716 :
4717 : /* Insert temp file name after --fork argument */
4718 : argv[2] = tmpfilename;
4719 :
4720 : /* Fire off execv in child */
4721 : if ((pid = fork_process()) == 0)
4722 : {
4723 : if (execv(postgres_exec_path, argv) < 0)
4724 : {
4725 : ereport(LOG,
4726 : (errmsg("could not execute server process \"%s\": %m",
4727 : postgres_exec_path)));
4728 : /* We're already in the child process here, can't return */
4729 : exit(1);
4730 : }
4731 : }
4732 :
4733 : return pid; /* Parent returns pid, or -1 on fork failure */
4734 : }
4735 : #else /* WIN32 */
4736 :
4737 : /*
4738 : * internal_forkexec win32 implementation
4739 : *
4740 : * - starts backend using CreateProcess(), in suspended state
4741 : * - writes out backend variables to the parameter file
4742 : * - during this, duplicates handles and sockets required for
4743 : * inheritance into the new process
4744 : * - resumes execution of the new process once the backend parameter
4745 : * file is complete.
4746 : */
4747 : static pid_t
4748 : internal_forkexec(int argc, char *argv[], Port *port)
4749 : {
4750 : int retry_count = 0;
4751 : STARTUPINFO si;
4752 : PROCESS_INFORMATION pi;
4753 : int i;
4754 : int j;
4755 : char cmdLine[MAXPGPATH * 2];
4756 : HANDLE paramHandle;
4757 : BackendParameters *param;
4758 : SECURITY_ATTRIBUTES sa;
4759 : char paramHandleStr[32];
4760 : win32_deadchild_waitinfo *childinfo;
4761 :
4762 : /* Make sure caller set up argv properly */
4763 : Assert(argc >= 3);
4764 : Assert(argv[argc] == NULL);
4765 : Assert(strncmp(argv[1], "--fork", 6) == 0);
4766 : Assert(argv[2] == NULL);
4767 :
4768 : /* Resume here if we need to retry */
4769 : retry:
4770 :
4771 : /* Set up shared memory for parameter passing */
4772 : ZeroMemory(&sa, sizeof(sa));
4773 : sa.nLength = sizeof(sa);
4774 : sa.bInheritHandle = TRUE;
4775 : paramHandle = CreateFileMapping(INVALID_HANDLE_VALUE,
4776 : &sa,
4777 : PAGE_READWRITE,
4778 : 0,
4779 : sizeof(BackendParameters),
4780 : NULL);
4781 : if (paramHandle == INVALID_HANDLE_VALUE)
4782 : {
4783 : ereport(LOG,
4784 : (errmsg("could not create backend parameter file mapping: error code %lu",
4785 : GetLastError())));
4786 : return -1;
4787 : }
4788 :
4789 : param = MapViewOfFile(paramHandle, FILE_MAP_WRITE, 0, 0, sizeof(BackendParameters));
4790 : if (!param)
4791 : {
4792 : ereport(LOG,
4793 : (errmsg("could not map backend parameter memory: error code %lu",
4794 : GetLastError())));
4795 : CloseHandle(paramHandle);
4796 : return -1;
4797 : }
4798 :
4799 : /* Insert temp file name after --fork argument */
4800 : #ifdef _WIN64
4801 : sprintf(paramHandleStr, "%llu", (LONG_PTR) paramHandle);
4802 : #else
4803 : sprintf(paramHandleStr, "%lu", (DWORD) paramHandle);
4804 : #endif
4805 : argv[2] = paramHandleStr;
4806 :
4807 : /* Format the cmd line */
4808 : cmdLine[sizeof(cmdLine) - 1] = '\0';
4809 : cmdLine[sizeof(cmdLine) - 2] = '\0';
4810 : snprintf(cmdLine, sizeof(cmdLine) - 1, "\"%s\"", postgres_exec_path);
4811 : i = 0;
4812 : while (argv[++i] != NULL)
4813 : {
4814 : j = strlen(cmdLine);
4815 : snprintf(cmdLine + j, sizeof(cmdLine) - 1 - j, " \"%s\"", argv[i]);
4816 : }
4817 : if (cmdLine[sizeof(cmdLine) - 2] != '\0')
4818 : {
4819 : ereport(LOG,
4820 : (errmsg("subprocess command line too long")));
4821 : UnmapViewOfFile(param);
4822 : CloseHandle(paramHandle);
4823 : return -1;
4824 : }
4825 :
4826 : memset(&pi, 0, sizeof(pi));
4827 : memset(&si, 0, sizeof(si));
4828 : si.cb = sizeof(si);
4829 :
4830 : /*
4831 : * Create the subprocess in a suspended state. This will be resumed later,
4832 : * once we have written out the parameter file.
4833 : */
4834 : if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED,
4835 : NULL, NULL, &si, &pi))
4836 : {
4837 : ereport(LOG,
4838 : (errmsg("CreateProcess() call failed: %m (error code %lu)",
4839 : GetLastError())));
4840 : UnmapViewOfFile(param);
4841 : CloseHandle(paramHandle);
4842 : return -1;
4843 : }
4844 :
4845 : if (!save_backend_variables(param, port, pi.hProcess, pi.dwProcessId))
4846 : {
4847 : /*
4848 : * log made by save_backend_variables, but we have to clean up the
4849 : * mess with the half-started process
4850 : */
4851 : if (!TerminateProcess(pi.hProcess, 255))
4852 : ereport(LOG,
4853 : (errmsg_internal("could not terminate unstarted process: error code %lu",
4854 : GetLastError())));
4855 : CloseHandle(pi.hProcess);
4856 : CloseHandle(pi.hThread);
4857 : UnmapViewOfFile(param);
4858 : CloseHandle(paramHandle);
4859 : return -1; /* log made by save_backend_variables */
4860 : }
4861 :
4862 : /* Drop the parameter shared memory that is now inherited to the backend */
4863 : if (!UnmapViewOfFile(param))
4864 : ereport(LOG,
4865 : (errmsg("could not unmap view of backend parameter file: error code %lu",
4866 : GetLastError())));
4867 : if (!CloseHandle(paramHandle))
4868 : ereport(LOG,
4869 : (errmsg("could not close handle to backend parameter file: error code %lu",
4870 : GetLastError())));
4871 :
4872 : /*
4873 : * Reserve the memory region used by our main shared memory segment before
4874 : * we resume the child process. Normally this should succeed, but if ASLR
4875 : * is active then it might sometimes fail due to the stack or heap having
4876 : * gotten mapped into that range. In that case, just terminate the
4877 : * process and retry.
4878 : */
4879 : if (!pgwin32_ReserveSharedMemoryRegion(pi.hProcess))
4880 : {
4881 : /* pgwin32_ReserveSharedMemoryRegion already made a log entry */
4882 : if (!TerminateProcess(pi.hProcess, 255))
4883 : ereport(LOG,
4884 : (errmsg_internal("could not terminate process that failed to reserve memory: error code %lu",
4885 : GetLastError())));
4886 : CloseHandle(pi.hProcess);
4887 : CloseHandle(pi.hThread);
4888 : if (++retry_count < 100)
4889 : goto retry;
4890 : ereport(LOG,
4891 : (errmsg("giving up after too many tries to reserve shared memory"),
4892 : errhint("This might be caused by ASLR or antivirus software.")));
4893 : return -1;
4894 : }
4895 :
4896 : /*
4897 : * Now that the backend variables are written out, we start the child
4898 : * thread so it can start initializing while we set up the rest of the
4899 : * parent state.
4900 : */
4901 : if (ResumeThread(pi.hThread) == -1)
4902 : {
4903 : if (!TerminateProcess(pi.hProcess, 255))
4904 : {
4905 : ereport(LOG,
4906 : (errmsg_internal("could not terminate unstartable process: error code %lu",
4907 : GetLastError())));
4908 : CloseHandle(pi.hProcess);
4909 : CloseHandle(pi.hThread);
4910 : return -1;
4911 : }
4912 : CloseHandle(pi.hProcess);
4913 : CloseHandle(pi.hThread);
4914 : ereport(LOG,
4915 : (errmsg_internal("could not resume thread of unstarted process: error code %lu",
4916 : GetLastError())));
4917 : return -1;
4918 : }
4919 :
4920 : /*
4921 : * Queue a waiter to signal when this child dies. The wait will be handled
4922 : * automatically by an operating system thread pool.
4923 : *
4924 : * Note: use malloc instead of palloc, since it needs to be thread-safe.
4925 : * Struct will be free():d from the callback function that runs on a
4926 : * different thread.
4927 : */
4928 : childinfo = malloc(sizeof(win32_deadchild_waitinfo));
4929 : if (!childinfo)
4930 : ereport(FATAL,
4931 : (errcode(ERRCODE_OUT_OF_MEMORY),
4932 : errmsg("out of memory")));
4933 :
4934 : childinfo->procHandle = pi.hProcess;
4935 : childinfo->procId = pi.dwProcessId;
4936 :
4937 : if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
4938 : pi.hProcess,
4939 : pgwin32_deadchild_callback,
4940 : childinfo,
4941 : INFINITE,
4942 : WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
4943 : ereport(FATAL,
4944 : (errmsg_internal("could not register process for wait: error code %lu",
4945 : GetLastError())));
4946 :
4947 : /* Don't close pi.hProcess here - the wait thread needs access to it */
4948 :
4949 : CloseHandle(pi.hThread);
4950 :
4951 : return pi.dwProcessId;
4952 : }
4953 : #endif /* WIN32 */
4954 :
4955 :
4956 : /*
4957 : * SubPostmasterMain -- Get the fork/exec'd process into a state equivalent
4958 : * to what it would be if we'd simply forked on Unix, and then
4959 : * dispatch to the appropriate place.
4960 : *
4961 : * The first two command line arguments are expected to be "--forkFOO"
4962 : * (where FOO indicates which postmaster child we are to become), and
4963 : * the name of a variables file that we can read to load data that would
4964 : * have been inherited by fork() on Unix. Remaining arguments go to the
4965 : * subprocess FooMain() routine.
4966 : */
4967 : void
4968 : SubPostmasterMain(int argc, char *argv[])
4969 : {
4970 : Port port;
4971 :
4972 : /* In EXEC_BACKEND case we will not have inherited these settings */
4973 : IsPostmasterEnvironment = true;
4974 : whereToSendOutput = DestNone;
4975 :
4976 : /* Setup essential subsystems (to ensure elog() behaves sanely) */
4977 : InitializeGUCOptions();
4978 :
4979 : /* Check we got appropriate args */
4980 : if (argc < 3)
4981 : elog(FATAL, "invalid subpostmaster invocation");
4982 :
4983 : /* Read in the variables file */
4984 : memset(&port, 0, sizeof(Port));
4985 : read_backend_variables(argv[2], &port);
4986 :
4987 : /* Close the postmaster's sockets (as soon as we know them) */
4988 : ClosePostmasterPorts(strcmp(argv[1], "--forklog") == 0);
4989 :
4990 : /* Setup as postmaster child */
4991 : InitPostmasterChild();
4992 :
4993 : /*
4994 : * If appropriate, physically re-attach to shared memory segment. We want
4995 : * to do this before going any further to ensure that we can attach at the
4996 : * same address the postmaster used. On the other hand, if we choose not
4997 : * to re-attach, we may have other cleanup to do.
4998 : *
4999 : * If testing EXEC_BACKEND on Linux, you should run this as root before
5000 : * starting the postmaster:
5001 : *
5002 : * echo 0 >/proc/sys/kernel/randomize_va_space
5003 : *
5004 : * This prevents using randomized stack and code addresses that cause the
5005 : * child process's memory map to be different from the parent's, making it
5006 : * sometimes impossible to attach to shared memory at the desired address.
5007 : * Return the setting to its old value (usually '1' or '2') when finished.
5008 : */
5009 : if (strcmp(argv[1], "--forkbackend") == 0 ||
5010 : strcmp(argv[1], "--forkavlauncher") == 0 ||
5011 : strcmp(argv[1], "--forkavworker") == 0 ||
5012 : strcmp(argv[1], "--forkaux") == 0 ||
5013 : strncmp(argv[1], "--forkbgworker=", 15) == 0)
5014 : PGSharedMemoryReAttach();
5015 : else
5016 : PGSharedMemoryNoReAttach();
5017 :
5018 : /* autovacuum needs this set before calling InitProcess */
5019 : if (strcmp(argv[1], "--forkavlauncher") == 0)
5020 : AutovacuumLauncherIAm();
5021 : if (strcmp(argv[1], "--forkavworker") == 0)
5022 : AutovacuumWorkerIAm();
5023 :
5024 : /* Read in remaining GUC variables */
5025 : read_nondefault_variables();
5026 :
5027 : /*
5028 : * Check that the data directory looks valid, which will also check the
5029 : * privileges on the data directory and update our umask and file/group
5030 : * variables for creating files later. Note: this should really be done
5031 : * before we create any files or directories.
5032 : */
5033 : checkDataDir();
5034 :
5035 : /*
5036 : * (re-)read control file, as it contains config. The postmaster will
5037 : * already have read this, but this process doesn't know about that.
5038 : */
5039 : LocalProcessControlFile(false);
5040 :
5041 : /*
5042 : * Reload any libraries that were preloaded by the postmaster. Since we
5043 : * exec'd this process, those libraries didn't come along with us; but we
5044 : * should load them into all child processes to be consistent with the
5045 : * non-EXEC_BACKEND behavior.
5046 : */
5047 : process_shared_preload_libraries();
5048 :
5049 : /* Run backend or appropriate child */
5050 : if (strcmp(argv[1], "--forkbackend") == 0)
5051 : {
5052 : Assert(argc == 3); /* shouldn't be any more args */
5053 :
5054 : /*
5055 : * Need to reinitialize the SSL library in the backend, since the
5056 : * context structures contain function pointers and cannot be passed
5057 : * through the parameter file.
5058 : *
5059 : * If for some reason reload fails (maybe the user installed broken
5060 : * key files), soldier on without SSL; that's better than all
5061 : * connections becoming impossible.
5062 : *
5063 : * XXX should we do this in all child processes? For the moment it's
5064 : * enough to do it in backend children.
5065 : */
5066 : #ifdef USE_SSL
5067 : if (EnableSSL)
5068 : {
5069 : if (secure_initialize(false) == 0)
5070 : LoadedSSL = true;
5071 : else
5072 : ereport(LOG,
5073 : (errmsg("SSL configuration could not be loaded in child process")));
5074 : }
5075 : #endif
5076 :
5077 : /*
5078 : * Perform additional initialization and collect startup packet.
5079 : *
5080 : * We want to do this before InitProcess() for a couple of reasons: 1.
5081 : * so that we aren't eating up a PGPROC slot while waiting on the
5082 : * client. 2. so that if InitProcess() fails due to being out of
5083 : * PGPROC slots, we have already initialized libpq and are able to
5084 : * report the error to the client.
5085 : */
5086 : BackendInitialize(&port);
5087 :
5088 : /* Restore basic shared memory pointers */
5089 : InitShmemAccess(UsedShmemSegAddr);
5090 :
5091 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5092 : InitProcess();
5093 :
5094 : /* Attach process to shared data structures */
5095 : CreateSharedMemoryAndSemaphores();
5096 :
5097 : /* And run the backend */
5098 : BackendRun(&port); /* does not return */
5099 : }
5100 : if (strcmp(argv[1], "--forkaux") == 0)
5101 : {
5102 : AuxProcType auxtype;
5103 :
5104 : Assert(argc == 4);
5105 :
5106 : /* Restore basic shared memory pointers */
5107 : InitShmemAccess(UsedShmemSegAddr);
5108 :
5109 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5110 : InitAuxiliaryProcess();
5111 :
5112 : /* Attach process to shared data structures */
5113 : CreateSharedMemoryAndSemaphores();
5114 :
5115 : auxtype = atoi(argv[3]);
5116 : AuxiliaryProcessMain(auxtype); /* does not return */
5117 : }
5118 : if (strcmp(argv[1], "--forkavlauncher") == 0)
5119 : {
5120 : /* Restore basic shared memory pointers */
5121 : InitShmemAccess(UsedShmemSegAddr);
5122 :
5123 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5124 : InitProcess();
5125 :
5126 : /* Attach process to shared data structures */
5127 : CreateSharedMemoryAndSemaphores();
5128 :
5129 : AutoVacLauncherMain(argc - 2, argv + 2); /* does not return */
5130 : }
5131 : if (strcmp(argv[1], "--forkavworker") == 0)
5132 : {
5133 : /* Restore basic shared memory pointers */
5134 : InitShmemAccess(UsedShmemSegAddr);
5135 :
5136 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5137 : InitProcess();
5138 :
5139 : /* Attach process to shared data structures */
5140 : CreateSharedMemoryAndSemaphores();
5141 :
5142 : AutoVacWorkerMain(argc - 2, argv + 2); /* does not return */
5143 : }
5144 : if (strncmp(argv[1], "--forkbgworker=", 15) == 0)
5145 : {
5146 : int shmem_slot;
5147 :
5148 : /* do this as early as possible; in particular, before InitProcess() */
5149 : IsBackgroundWorker = true;
5150 :
5151 : /* Restore basic shared memory pointers */
5152 : InitShmemAccess(UsedShmemSegAddr);
5153 :
5154 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5155 : InitProcess();
5156 :
5157 : /* Attach process to shared data structures */
5158 : CreateSharedMemoryAndSemaphores();
5159 :
5160 : /* Fetch MyBgworkerEntry from shared memory */
5161 : shmem_slot = atoi(argv[1] + 15);
5162 : MyBgworkerEntry = BackgroundWorkerEntry(shmem_slot);
5163 :
5164 : StartBackgroundWorker();
5165 : }
5166 : if (strcmp(argv[1], "--forkcol") == 0)
5167 : {
5168 : /* Do not want to attach to shared memory */
5169 :
5170 : PgstatCollectorMain(argc, argv); /* does not return */
5171 : }
5172 : if (strcmp(argv[1], "--forklog") == 0)
5173 : {
5174 : /* Do not want to attach to shared memory */
5175 :
5176 : SysLoggerMain(argc, argv); /* does not return */
5177 : }
5178 :
5179 : abort(); /* shouldn't get here */
5180 : }
5181 : #endif /* EXEC_BACKEND */
5182 :
5183 :
5184 : /*
5185 : * ExitPostmaster -- cleanup
5186 : *
5187 : * Do NOT call exit() directly --- always go through here!
5188 : */
5189 : static void
5190 938 : ExitPostmaster(int status)
5191 : {
5192 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
5193 :
5194 : /*
5195 : * There is no known cause for a postmaster to become multithreaded after
5196 : * startup. Recheck to account for the possibility of unknown causes.
5197 : * This message uses LOG level, because an unclean shutdown at this point
5198 : * would usually not look much different from a clean shutdown.
5199 : */
5200 : if (pthread_is_threaded_np() != 0)
5201 : ereport(LOG,
5202 : (errcode(ERRCODE_INTERNAL_ERROR),
5203 : errmsg_internal("postmaster became multithreaded"),
5204 : errdetail("Please report this to <%s>.", PACKAGE_BUGREPORT)));
5205 : #endif
5206 :
5207 : /* should cleanup shared memory and kill all backends */
5208 :
5209 : /*
5210 : * Not sure of the semantics here. When the Postmaster dies, should the
5211 : * backends all be killed? probably not.
5212 : *
5213 : * MUST -- vadim 05-10-1999
5214 : */
5215 :
5216 938 : proc_exit(status);
5217 : }
5218 :
5219 : /*
5220 : * sigusr1_handler - handle signal conditions from child processes
5221 : */
5222 : static void
5223 2986 : sigusr1_handler(SIGNAL_ARGS)
5224 : {
5225 2986 : int save_errno = errno;
5226 :
5227 : /*
5228 : * We rely on the signal mechanism to have blocked all signals ... except
5229 : * on Windows, which lacks sigaction(), so we have to do it manually.
5230 : */
5231 : #ifdef WIN32
5232 : PG_SETMASK(&BlockSig);
5233 : #endif
5234 :
5235 : /*
5236 : * RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in
5237 : * unexpected states. If the startup process quickly starts up, completes
5238 : * recovery, exits, we might process the death of the startup process
5239 : * first. We don't want to go back to recovery in that case.
5240 : */
5241 2986 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_STARTED) &&
5242 316 : pmState == PM_STARTUP && Shutdown == NoShutdown)
5243 : {
5244 : /* WAL redo has started. We're out of reinitialization. */
5245 316 : FatalError = false;
5246 316 : AbortStartTime = 0;
5247 :
5248 : /*
5249 : * Start the archiver if we're responsible for (re-)archiving received
5250 : * files.
5251 : */
5252 : Assert(PgArchPID == 0);
5253 316 : if (XLogArchivingAlways())
5254 4 : PgArchPID = StartArchiver();
5255 :
5256 : /*
5257 : * If we aren't planning to enter hot standby mode later, treat
5258 : * RECOVERY_STARTED as meaning we're out of startup, and report status
5259 : * accordingly.
5260 : */
5261 316 : if (!EnableHotStandby)
5262 : {
5263 4 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STANDBY);
5264 : #ifdef USE_SYSTEMD
5265 : sd_notify(0, "READY=1");
5266 : #endif
5267 : }
5268 :
5269 316 : pmState = PM_RECOVERY;
5270 : }
5271 :
5272 2986 : if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY) &&
5273 184 : pmState == PM_RECOVERY && Shutdown == NoShutdown)
5274 : {
5275 : /*
5276 : * Likewise, start other special children as needed.
5277 : */
5278 : Assert(PgStatPID == 0);
5279 184 : PgStatPID = pgstat_start();
5280 :
5281 184 : ereport(LOG,
5282 : (errmsg("database system is ready to accept read-only connections")));
5283 :
5284 : /* Report status */
5285 184 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
5286 : #ifdef USE_SYSTEMD
5287 : sd_notify(0, "READY=1");
5288 : #endif
5289 :
5290 184 : pmState = PM_HOT_STANDBY;
5291 184 : connsAllowed = ALLOW_ALL_CONNS;
5292 :
5293 : /* Some workers may be scheduled to start now */
5294 184 : StartWorkerNeeded = true;
5295 : }
5296 :
5297 : /* Process background worker state changes. */
5298 2986 : if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))
5299 : {
5300 : /* Accept new worker requests only if not stopping. */
5301 1086 : BackgroundWorkerStateChange(pmState < PM_STOP_BACKENDS);
5302 1086 : StartWorkerNeeded = true;
5303 : }
5304 :
5305 2986 : if (StartWorkerNeeded || HaveCrashedWorker)
5306 1272 : maybe_start_bgworkers();
5307 :
5308 : /* Tell syslogger to rotate logfile if requested */
5309 2986 : if (SysLoggerPID != 0)
5310 : {
5311 2 : if (CheckLogrotateSignal())
5312 : {
5313 2 : signal_child(SysLoggerPID, SIGUSR1);
5314 2 : RemoveLogrotateSignalFiles();
5315 : }
5316 0 : else if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE))
5317 : {
5318 0 : signal_child(SysLoggerPID, SIGUSR1);
5319 : }
5320 : }
5321 :
5322 2986 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER) &&
5323 0 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
5324 : {
5325 : /*
5326 : * Start one iteration of the autovacuum daemon, even if autovacuuming
5327 : * is nominally not enabled. This is so we can have an active defense
5328 : * against transaction ID wraparound. We set a flag for the main loop
5329 : * to do it rather than trying to do it here --- this is because the
5330 : * autovac process itself may send the signal, and we want to handle
5331 : * that by launching another iteration as soon as the current one
5332 : * completes.
5333 : */
5334 0 : start_autovac_launcher = true;
5335 : }
5336 :
5337 2986 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER) &&
5338 58 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
5339 : {
5340 : /* The autovacuum launcher wants us to start a worker process. */
5341 58 : StartAutovacuumWorker();
5342 : }
5343 :
5344 2986 : if (CheckPostmasterSignal(PMSIGNAL_START_WALRECEIVER))
5345 : {
5346 : /* Startup Process wants us to start the walreceiver process. */
5347 : /* Start immediately if possible, else remember request for later. */
5348 288 : WalReceiverRequested = true;
5349 288 : MaybeStartWalReceiver();
5350 : }
5351 :
5352 : /*
5353 : * Try to advance postmaster's state machine, if a child requests it.
5354 : *
5355 : * Be careful about the order of this action relative to sigusr1_handler's
5356 : * other actions. Generally, this should be after other actions, in case
5357 : * they have effects PostmasterStateMachine would need to know about.
5358 : * However, we should do it before the CheckPromoteSignal step, which
5359 : * cannot have any (immediate) effect on the state machine, but does
5360 : * depend on what state we're in now.
5361 : */
5362 2986 : if (CheckPostmasterSignal(PMSIGNAL_ADVANCE_STATE_MACHINE))
5363 : {
5364 1020 : PostmasterStateMachine();
5365 : }
5366 :
5367 2986 : if (StartupPID != 0 &&
5368 832 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
5369 1376 : pmState == PM_HOT_STANDBY) &&
5370 830 : CheckPromoteSignal())
5371 : {
5372 : /*
5373 : * Tell startup process to finish recovery.
5374 : *
5375 : * Leave the promote signal file in place and let the Startup process
5376 : * do the unlink.
5377 : */
5378 66 : signal_child(StartupPID, SIGUSR2);
5379 : }
5380 :
5381 : #ifdef WIN32
5382 : PG_SETMASK(&UnBlockSig);
5383 : #endif
5384 :
5385 2986 : errno = save_errno;
5386 2986 : }
5387 :
5388 : /*
5389 : * SIGTERM while processing startup packet.
5390 : *
5391 : * Running proc_exit() from a signal handler would be quite unsafe.
5392 : * However, since we have not yet touched shared memory, we can just
5393 : * pull the plug and exit without running any atexit handlers.
5394 : *
5395 : * One might be tempted to try to send a message, or log one, indicating
5396 : * why we are disconnecting. However, that would be quite unsafe in itself.
5397 : * Also, it seems undesirable to provide clues about the database's state
5398 : * to a client that has not yet completed authentication, or even sent us
5399 : * a startup packet.
5400 : */
5401 : static void
5402 0 : process_startup_packet_die(SIGNAL_ARGS)
5403 : {
5404 0 : _exit(1);
5405 : }
5406 :
5407 : /*
5408 : * Dummy signal handler
5409 : *
5410 : * We use this for signals that we don't actually use in the postmaster,
5411 : * but we do use in backends. If we were to SIG_IGN such signals in the
5412 : * postmaster, then a newly started backend might drop a signal that arrives
5413 : * before it's able to reconfigure its signal processing. (See notes in
5414 : * tcop/postgres.c.)
5415 : */
5416 : static void
5417 0 : dummy_handler(SIGNAL_ARGS)
5418 : {
5419 0 : }
5420 :
5421 : /*
5422 : * Timeout while processing startup packet.
5423 : * As for process_startup_packet_die(), we exit via _exit(1).
5424 : */
5425 : static void
5426 0 : StartupPacketTimeoutHandler(void)
5427 : {
5428 0 : _exit(1);
5429 : }
5430 :
5431 :
5432 : /*
5433 : * Generate a random cancel key.
5434 : */
5435 : static bool
5436 14982 : RandomCancelKey(int32 *cancel_key)
5437 : {
5438 14982 : return pg_strong_random(cancel_key, sizeof(int32));
5439 : }
5440 :
5441 : /*
5442 : * Count up number of child processes of specified types (dead_end children
5443 : * are always excluded).
5444 : */
5445 : static int
5446 19892 : CountChildren(int target)
5447 : {
5448 : dlist_iter iter;
5449 19892 : int cnt = 0;
5450 :
5451 62454 : dlist_foreach(iter, &BackendList)
5452 : {
5453 42562 : Backend *bp = dlist_container(Backend, elem, iter.cur);
5454 :
5455 42562 : if (bp->dead_end)
5456 16 : continue;
5457 :
5458 : /*
5459 : * Since target == BACKEND_TYPE_ALL is the most common case, we test
5460 : * it first and avoid touching shared memory for every child.
5461 : */
5462 42546 : if (target != BACKEND_TYPE_ALL)
5463 : {
5464 : /*
5465 : * Assign bkend_type for any recently announced WAL Sender
5466 : * processes.
5467 : */
5468 4238 : if (bp->bkend_type == BACKEND_TYPE_NORMAL &&
5469 1010 : IsPostmasterChildWalSender(bp->child_slot))
5470 60 : bp->bkend_type = BACKEND_TYPE_WALSND;
5471 :
5472 3228 : if (!(target & bp->bkend_type))
5473 368 : continue;
5474 : }
5475 :
5476 42178 : cnt++;
5477 : }
5478 19892 : return cnt;
5479 : }
5480 :
5481 :
5482 : /*
5483 : * StartChildProcess -- start an auxiliary process for the postmaster
5484 : *
5485 : * "type" determines what kind of child will be started. All child types
5486 : * initially go to AuxiliaryProcessMain, which will handle common setup.
5487 : *
5488 : * Return value of StartChildProcess is subprocess' PID, or 0 if failed
5489 : * to start subprocess.
5490 : */
5491 : static pid_t
5492 3996 : StartChildProcess(AuxProcType type)
5493 : {
5494 : pid_t pid;
5495 :
5496 : #ifdef EXEC_BACKEND
5497 : {
5498 : char *av[10];
5499 : int ac = 0;
5500 : char typebuf[32];
5501 :
5502 : /*
5503 : * Set up command-line arguments for subprocess
5504 : */
5505 : av[ac++] = "postgres";
5506 : av[ac++] = "--forkaux";
5507 : av[ac++] = NULL; /* filled in by postmaster_forkexec */
5508 :
5509 : snprintf(typebuf, sizeof(typebuf), "%d", type);
5510 : av[ac++] = typebuf;
5511 :
5512 : av[ac] = NULL;
5513 : Assert(ac < lengthof(av));
5514 :
5515 : pid = postmaster_forkexec(ac, av);
5516 : }
5517 : #else /* !EXEC_BACKEND */
5518 3996 : pid = fork_process();
5519 :
5520 6754 : if (pid == 0) /* child */
5521 : {
5522 2758 : InitPostmasterChild();
5523 :
5524 : /* Close the postmaster's sockets */
5525 2758 : ClosePostmasterPorts(false);
5526 :
5527 : /* Release postmaster's working memory context */
5528 2758 : MemoryContextSwitchTo(TopMemoryContext);
5529 2758 : MemoryContextDelete(PostmasterContext);
5530 2758 : PostmasterContext = NULL;
5531 :
5532 2758 : AuxiliaryProcessMain(type); /* does not return */
5533 : }
5534 : #endif /* EXEC_BACKEND */
5535 :
5536 3996 : if (pid < 0)
5537 : {
5538 : /* in parent, fork failed */
5539 0 : int save_errno = errno;
5540 :
5541 0 : errno = save_errno;
5542 0 : switch (type)
5543 : {
5544 0 : case StartupProcess:
5545 0 : ereport(LOG,
5546 : (errmsg("could not fork startup process: %m")));
5547 0 : break;
5548 0 : case ArchiverProcess:
5549 0 : ereport(LOG,
5550 : (errmsg("could not fork archiver process: %m")));
5551 0 : break;
5552 0 : case BgWriterProcess:
5553 0 : ereport(LOG,
5554 : (errmsg("could not fork background writer process: %m")));
5555 0 : break;
5556 0 : case CheckpointerProcess:
5557 0 : ereport(LOG,
5558 : (errmsg("could not fork checkpointer process: %m")));
5559 0 : break;
5560 0 : case WalWriterProcess:
5561 0 : ereport(LOG,
5562 : (errmsg("could not fork WAL writer process: %m")));
5563 0 : break;
5564 0 : case WalReceiverProcess:
5565 0 : ereport(LOG,
5566 : (errmsg("could not fork WAL receiver process: %m")));
5567 0 : break;
5568 0 : default:
5569 0 : ereport(LOG,
5570 : (errmsg("could not fork process: %m")));
5571 0 : break;
5572 : }
5573 :
5574 : /*
5575 : * fork failure is fatal during startup, but there's no need to choke
5576 : * immediately if starting other child types fails.
5577 : */
5578 0 : if (type == StartupProcess)
5579 0 : ExitPostmaster(1);
5580 0 : return 0;
5581 : }
5582 :
5583 : /*
5584 : * in parent, successful fork
5585 : */
5586 3996 : return pid;
5587 : }
5588 :
5589 : /*
5590 : * StartAutovacuumWorker
5591 : * Start an autovac worker process.
5592 : *
5593 : * This function is here because it enters the resulting PID into the
5594 : * postmaster's private backends list.
5595 : *
5596 : * NB -- this code very roughly matches BackendStartup.
5597 : */
5598 : static void
5599 58 : StartAutovacuumWorker(void)
5600 : {
5601 : Backend *bn;
5602 :
5603 : /*
5604 : * If not in condition to run a process, don't try, but handle it like a
5605 : * fork failure. This does not normally happen, since the signal is only
5606 : * supposed to be sent by autovacuum launcher when it's OK to do it, but
5607 : * we have to check to avoid race-condition problems during DB state
5608 : * changes.
5609 : */
5610 58 : if (canAcceptConnections(BACKEND_TYPE_AUTOVAC) == CAC_OK)
5611 : {
5612 : /*
5613 : * Compute the cancel key that will be assigned to this session. We
5614 : * probably don't need cancel keys for autovac workers, but we'd
5615 : * better have something random in the field to prevent unfriendly
5616 : * people from sending cancels to them.
5617 : */
5618 58 : if (!RandomCancelKey(&MyCancelKey))
5619 : {
5620 0 : ereport(LOG,
5621 : (errcode(ERRCODE_INTERNAL_ERROR),
5622 : errmsg("could not generate random cancel key")));
5623 0 : return;
5624 : }
5625 :
5626 58 : bn = (Backend *) malloc(sizeof(Backend));
5627 58 : if (bn)
5628 : {
5629 58 : bn->cancel_key = MyCancelKey;
5630 :
5631 : /* Autovac workers are not dead_end and need a child slot */
5632 58 : bn->dead_end = false;
5633 58 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
5634 58 : bn->bgworker_notify = false;
5635 :
5636 58 : bn->pid = StartAutoVacWorker();
5637 58 : if (bn->pid > 0)
5638 : {
5639 58 : bn->bkend_type = BACKEND_TYPE_AUTOVAC;
5640 58 : dlist_push_head(&BackendList, &bn->elem);
5641 : #ifdef EXEC_BACKEND
5642 : ShmemBackendArrayAdd(bn);
5643 : #endif
5644 : /* all OK */
5645 58 : return;
5646 : }
5647 :
5648 : /*
5649 : * fork failed, fall through to report -- actual error message was
5650 : * logged by StartAutoVacWorker
5651 : */
5652 0 : (void) ReleasePostmasterChildSlot(bn->child_slot);
5653 0 : free(bn);
5654 : }
5655 : else
5656 0 : ereport(LOG,
5657 : (errcode(ERRCODE_OUT_OF_MEMORY),
5658 : errmsg("out of memory")));
5659 : }
5660 :
5661 : /*
5662 : * Report the failure to the launcher, if it's running. (If it's not, we
5663 : * might not even be connected to shared memory, so don't try to call
5664 : * AutoVacWorkerFailed.) Note that we also need to signal it so that it
5665 : * responds to the condition, but we don't do that here, instead waiting
5666 : * for ServerLoop to do it. This way we avoid a ping-pong signaling in
5667 : * quick succession between the autovac launcher and postmaster in case
5668 : * things get ugly.
5669 : */
5670 0 : if (AutoVacPID != 0)
5671 : {
5672 0 : AutoVacWorkerFailed();
5673 0 : avlauncher_needs_signal = true;
5674 : }
5675 : }
5676 :
5677 : /*
5678 : * MaybeStartWalReceiver
5679 : * Start the WAL receiver process, if not running and our state allows.
5680 : *
5681 : * Note: if WalReceiverPID is already nonzero, it might seem that we should
5682 : * clear WalReceiverRequested. However, there's a race condition if the
5683 : * walreceiver terminates and the startup process immediately requests a new
5684 : * one: it's quite possible to get the signal for the request before reaping
5685 : * the dead walreceiver process. Better to risk launching an extra
5686 : * walreceiver than to miss launching one we need. (The walreceiver code
5687 : * has logic to recognize that it should go away if not needed.)
5688 : */
5689 : static void
5690 488 : MaybeStartWalReceiver(void)
5691 : {
5692 488 : if (WalReceiverPID == 0 &&
5693 292 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
5694 290 : pmState == PM_HOT_STANDBY) &&
5695 286 : Shutdown <= SmartShutdown)
5696 : {
5697 286 : WalReceiverPID = StartWalReceiver();
5698 286 : if (WalReceiverPID != 0)
5699 286 : WalReceiverRequested = false;
5700 : /* else leave the flag set, so we'll try again later */
5701 : }
5702 488 : }
5703 :
5704 :
5705 : /*
5706 : * Create the opts file
5707 : */
5708 : static bool
5709 940 : CreateOptsFile(int argc, char *argv[], char *fullprogname)
5710 : {
5711 : FILE *fp;
5712 : int i;
5713 :
5714 : #define OPTS_FILE "postmaster.opts"
5715 :
5716 940 : if ((fp = fopen(OPTS_FILE, "w")) == NULL)
5717 : {
5718 0 : ereport(LOG,
5719 : (errcode_for_file_access(),
5720 : errmsg("could not create file \"%s\": %m", OPTS_FILE)));
5721 0 : return false;
5722 : }
5723 :
5724 940 : fprintf(fp, "%s", fullprogname);
5725 4426 : for (i = 1; i < argc; i++)
5726 3486 : fprintf(fp, " \"%s\"", argv[i]);
5727 940 : fputs("\n", fp);
5728 :
5729 940 : if (fclose(fp))
5730 : {
5731 0 : ereport(LOG,
5732 : (errcode_for_file_access(),
5733 : errmsg("could not write file \"%s\": %m", OPTS_FILE)));
5734 0 : return false;
5735 : }
5736 :
5737 940 : return true;
5738 : }
5739 :
5740 :
5741 : /*
5742 : * MaxLivePostmasterChildren
5743 : *
5744 : * This reports the number of entries needed in per-child-process arrays
5745 : * (the PMChildFlags array, and if EXEC_BACKEND the ShmemBackendArray).
5746 : * These arrays include regular backends, autovac workers, walsenders
5747 : * and background workers, but not special children nor dead_end children.
5748 : * This allows the arrays to have a fixed maximum size, to wit the same
5749 : * too-many-children limit enforced by canAcceptConnections(). The exact value
5750 : * isn't too critical as long as it's more than MaxBackends.
5751 : */
5752 : int
5753 27482 : MaxLivePostmasterChildren(void)
5754 : {
5755 54964 : return 2 * (MaxConnections + autovacuum_max_workers + 1 +
5756 27482 : max_wal_senders + max_worker_processes);
5757 : }
5758 :
5759 : /*
5760 : * Connect background worker to a database.
5761 : */
5762 : void
5763 510 : BackgroundWorkerInitializeConnection(const char *dbname, const char *username, uint32 flags)
5764 : {
5765 510 : BackgroundWorker *worker = MyBgworkerEntry;
5766 :
5767 : /* XXX is this the right errcode? */
5768 510 : if (!(worker->bgw_flags & BGWORKER_BACKEND_DATABASE_CONNECTION))
5769 0 : ereport(FATAL,
5770 : (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
5771 : errmsg("database connection requirement not indicated during registration")));
5772 :
5773 510 : InitPostgres(dbname, InvalidOid, username, InvalidOid, NULL, (flags & BGWORKER_BYPASS_ALLOWCONN) != 0);
5774 :
5775 : /* it had better not gotten out of "init" mode yet */
5776 506 : if (!IsInitProcessingMode())
5777 0 : ereport(ERROR,
5778 : (errmsg("invalid processing mode in background worker")));
5779 506 : SetProcessingMode(NormalProcessing);
5780 506 : }
5781 :
5782 : /*
5783 : * Connect background worker to a database using OIDs.
5784 : */
5785 : void
5786 1998 : BackgroundWorkerInitializeConnectionByOid(Oid dboid, Oid useroid, uint32 flags)
5787 : {
5788 1998 : BackgroundWorker *worker = MyBgworkerEntry;
5789 :
5790 : /* XXX is this the right errcode? */
5791 1998 : if (!(worker->bgw_flags & BGWORKER_BACKEND_DATABASE_CONNECTION))
5792 0 : ereport(FATAL,
5793 : (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
5794 : errmsg("database connection requirement not indicated during registration")));
5795 :
5796 1998 : InitPostgres(NULL, dboid, NULL, useroid, NULL, (flags & BGWORKER_BYPASS_ALLOWCONN) != 0);
5797 :
5798 : /* it had better not gotten out of "init" mode yet */
5799 1994 : if (!IsInitProcessingMode())
5800 0 : ereport(ERROR,
5801 : (errmsg("invalid processing mode in background worker")));
5802 1994 : SetProcessingMode(NormalProcessing);
5803 1994 : }
5804 :
5805 : /*
5806 : * Block/unblock signals in a background worker
5807 : */
5808 : void
5809 0 : BackgroundWorkerBlockSignals(void)
5810 : {
5811 0 : PG_SETMASK(&BlockSig);
5812 0 : }
5813 :
5814 : void
5815 2566 : BackgroundWorkerUnblockSignals(void)
5816 : {
5817 2566 : PG_SETMASK(&UnBlockSig);
5818 2566 : }
5819 :
5820 : #ifdef EXEC_BACKEND
5821 : static pid_t
5822 : bgworker_forkexec(int shmem_slot)
5823 : {
5824 : char *av[10];
5825 : int ac = 0;
5826 : char forkav[MAXPGPATH];
5827 :
5828 : snprintf(forkav, MAXPGPATH, "--forkbgworker=%d", shmem_slot);
5829 :
5830 : av[ac++] = "postgres";
5831 : av[ac++] = forkav;
5832 : av[ac++] = NULL; /* filled in by postmaster_forkexec */
5833 : av[ac] = NULL;
5834 :
5835 : Assert(ac < lengthof(av));
5836 :
5837 : return postmaster_forkexec(ac, av);
5838 : }
5839 : #endif
5840 :
5841 : /*
5842 : * Start a new bgworker.
5843 : * Starting time conditions must have been checked already.
5844 : *
5845 : * Returns true on success, false on failure.
5846 : * In either case, update the RegisteredBgWorker's state appropriately.
5847 : *
5848 : * This code is heavily based on autovacuum.c, q.v.
5849 : */
5850 : static bool
5851 2854 : do_start_bgworker(RegisteredBgWorker *rw)
5852 : {
5853 : pid_t worker_pid;
5854 :
5855 : Assert(rw->rw_pid == 0);
5856 :
5857 : /*
5858 : * Allocate and assign the Backend element. Note we must do this before
5859 : * forking, so that we can handle failures (out of memory or child-process
5860 : * slots) cleanly.
5861 : *
5862 : * Treat failure as though the worker had crashed. That way, the
5863 : * postmaster will wait a bit before attempting to start it again; if we
5864 : * tried again right away, most likely we'd find ourselves hitting the
5865 : * same resource-exhaustion condition.
5866 : */
5867 2854 : if (!assign_backendlist_entry(rw))
5868 : {
5869 0 : rw->rw_crashed_at = GetCurrentTimestamp();
5870 0 : return false;
5871 : }
5872 :
5873 2854 : ereport(DEBUG1,
5874 : (errmsg_internal("starting background worker process \"%s\"",
5875 : rw->rw_worker.bgw_name)));
5876 :
5877 : #ifdef EXEC_BACKEND
5878 : switch ((worker_pid = bgworker_forkexec(rw->rw_shmem_slot)))
5879 : #else
5880 2854 : switch ((worker_pid = fork_process()))
5881 : #endif
5882 : {
5883 0 : case -1:
5884 : /* in postmaster, fork failed ... */
5885 0 : ereport(LOG,
5886 : (errmsg("could not fork worker process: %m")));
5887 : /* undo what assign_backendlist_entry did */
5888 0 : ReleasePostmasterChildSlot(rw->rw_child_slot);
5889 0 : rw->rw_child_slot = 0;
5890 0 : free(rw->rw_backend);
5891 0 : rw->rw_backend = NULL;
5892 : /* mark entry as crashed, so we'll try again later */
5893 0 : rw->rw_crashed_at = GetCurrentTimestamp();
5894 0 : break;
5895 :
5896 : #ifndef EXEC_BACKEND
5897 2522 : case 0:
5898 : /* in postmaster child ... */
5899 2522 : InitPostmasterChild();
5900 :
5901 : /* Close the postmaster's sockets */
5902 2522 : ClosePostmasterPorts(false);
5903 :
5904 : /*
5905 : * Before blowing away PostmasterContext, save this bgworker's
5906 : * data where it can find it.
5907 : */
5908 2522 : MyBgworkerEntry = (BackgroundWorker *)
5909 2522 : MemoryContextAlloc(TopMemoryContext, sizeof(BackgroundWorker));
5910 2522 : memcpy(MyBgworkerEntry, &rw->rw_worker, sizeof(BackgroundWorker));
5911 :
5912 : /* Release postmaster's working memory context */
5913 2522 : MemoryContextSwitchTo(TopMemoryContext);
5914 2522 : MemoryContextDelete(PostmasterContext);
5915 2522 : PostmasterContext = NULL;
5916 :
5917 2522 : StartBackgroundWorker();
5918 :
5919 : exit(1); /* should not get here */
5920 : break;
5921 : #endif
5922 2850 : default:
5923 : /* in postmaster, fork successful ... */
5924 2850 : rw->rw_pid = worker_pid;
5925 2850 : rw->rw_backend->pid = rw->rw_pid;
5926 2850 : ReportBackgroundWorkerPID(rw);
5927 : /* add new worker to lists of backends */
5928 2850 : dlist_push_head(&BackendList, &rw->rw_backend->elem);
5929 : #ifdef EXEC_BACKEND
5930 : ShmemBackendArrayAdd(rw->rw_backend);
5931 : #endif
5932 2850 : return true;
5933 : }
5934 :
5935 0 : return false;
5936 : }
5937 :
5938 : /*
5939 : * Does the current postmaster state require starting a worker with the
5940 : * specified start_time?
5941 : */
5942 : static bool
5943 3982 : bgworker_should_start_now(BgWorkerStartTime start_time)
5944 : {
5945 3982 : switch (pmState)
5946 : {
5947 0 : case PM_NO_CHILDREN:
5948 : case PM_WAIT_DEAD_END:
5949 : case PM_SHUTDOWN_2:
5950 : case PM_SHUTDOWN:
5951 : case PM_WAIT_BACKENDS:
5952 : case PM_STOP_BACKENDS:
5953 0 : break;
5954 :
5955 2854 : case PM_RUN:
5956 2854 : if (start_time == BgWorkerStart_RecoveryFinished)
5957 1148 : return true;
5958 : /* fall through */
5959 :
5960 : case PM_HOT_STANDBY:
5961 1890 : if (start_time == BgWorkerStart_ConsistentState)
5962 1706 : return true;
5963 : /* fall through */
5964 :
5965 : case PM_RECOVERY:
5966 : case PM_STARTUP:
5967 : case PM_INIT:
5968 1128 : if (start_time == BgWorkerStart_PostmasterStart)
5969 0 : return true;
5970 : /* fall through */
5971 :
5972 : }
5973 :
5974 1128 : return false;
5975 : }
5976 :
5977 : /*
5978 : * Allocate the Backend struct for a connected background worker, but don't
5979 : * add it to the list of backends just yet.
5980 : *
5981 : * On failure, return false without changing any worker state.
5982 : *
5983 : * Some info from the Backend is copied into the passed rw.
5984 : */
5985 : static bool
5986 2854 : assign_backendlist_entry(RegisteredBgWorker *rw)
5987 : {
5988 : Backend *bn;
5989 :
5990 : /*
5991 : * Check that database state allows another connection. Currently the
5992 : * only possible failure is CAC_TOOMANY, so we just log an error message
5993 : * based on that rather than checking the error code precisely.
5994 : */
5995 2854 : if (canAcceptConnections(BACKEND_TYPE_BGWORKER) != CAC_OK)
5996 : {
5997 0 : ereport(LOG,
5998 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
5999 : errmsg("no slot available for new worker process")));
6000 0 : return false;
6001 : }
6002 :
6003 : /*
6004 : * Compute the cancel key that will be assigned to this session. We
6005 : * probably don't need cancel keys for background workers, but we'd better
6006 : * have something random in the field to prevent unfriendly people from
6007 : * sending cancels to them.
6008 : */
6009 2854 : if (!RandomCancelKey(&MyCancelKey))
6010 : {
6011 0 : ereport(LOG,
6012 : (errcode(ERRCODE_INTERNAL_ERROR),
6013 : errmsg("could not generate random cancel key")));
6014 0 : return false;
6015 : }
6016 :
6017 2854 : bn = malloc(sizeof(Backend));
6018 2854 : if (bn == NULL)
6019 : {
6020 0 : ereport(LOG,
6021 : (errcode(ERRCODE_OUT_OF_MEMORY),
6022 : errmsg("out of memory")));
6023 0 : return false;
6024 : }
6025 :
6026 2854 : bn->cancel_key = MyCancelKey;
6027 2854 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
6028 2854 : bn->bkend_type = BACKEND_TYPE_BGWORKER;
6029 2854 : bn->dead_end = false;
6030 2854 : bn->bgworker_notify = false;
6031 :
6032 2854 : rw->rw_backend = bn;
6033 2854 : rw->rw_child_slot = bn->child_slot;
6034 :
6035 2854 : return true;
6036 : }
6037 :
6038 : /*
6039 : * If the time is right, start background worker(s).
6040 : *
6041 : * As a side effect, the bgworker control variables are set or reset
6042 : * depending on whether more workers may need to be started.
6043 : *
6044 : * We limit the number of workers started per call, to avoid consuming the
6045 : * postmaster's attention for too long when many such requests are pending.
6046 : * As long as StartWorkerNeeded is true, ServerLoop will not block and will
6047 : * call this function again after dealing with any other issues.
6048 : */
6049 : static void
6050 7530 : maybe_start_bgworkers(void)
6051 : {
6052 : #define MAX_BGWORKERS_TO_LAUNCH 100
6053 7530 : int num_launched = 0;
6054 7530 : TimestampTz now = 0;
6055 : slist_mutable_iter iter;
6056 :
6057 : /*
6058 : * During crash recovery, we have no need to be called until the state
6059 : * transition out of recovery.
6060 : */
6061 7530 : if (FatalError)
6062 : {
6063 8 : StartWorkerNeeded = false;
6064 8 : HaveCrashedWorker = false;
6065 8 : return;
6066 : }
6067 :
6068 : /* Don't need to be called again unless we find a reason for it below */
6069 7522 : StartWorkerNeeded = false;
6070 7522 : HaveCrashedWorker = false;
6071 :
6072 19722 : slist_foreach_modify(iter, &BackgroundWorkerList)
6073 : {
6074 : RegisteredBgWorker *rw;
6075 :
6076 12204 : rw = slist_container(RegisteredBgWorker, rw_lnode, iter.cur);
6077 :
6078 : /* ignore if already running */
6079 12204 : if (rw->rw_pid != 0)
6080 5580 : continue;
6081 :
6082 : /* if marked for death, clean up and remove from list */
6083 6624 : if (rw->rw_terminate)
6084 : {
6085 0 : ForgetBackgroundWorker(&iter);
6086 0 : continue;
6087 : }
6088 :
6089 : /*
6090 : * If this worker has crashed previously, maybe it needs to be
6091 : * restarted (unless on registration it specified it doesn't want to
6092 : * be restarted at all). Check how long ago did a crash last happen.
6093 : * If the last crash is too recent, don't start it right away; let it
6094 : * be restarted once enough time has passed.
6095 : */
6096 6624 : if (rw->rw_crashed_at != 0)
6097 : {
6098 2642 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
6099 : {
6100 : int notify_pid;
6101 :
6102 10 : notify_pid = rw->rw_worker.bgw_notify_pid;
6103 :
6104 10 : ForgetBackgroundWorker(&iter);
6105 :
6106 : /* Report worker is gone now. */
6107 10 : if (notify_pid != 0)
6108 10 : kill(notify_pid, SIGUSR1);
6109 :
6110 10 : continue;
6111 : }
6112 :
6113 : /* read system time only when needed */
6114 2632 : if (now == 0)
6115 2632 : now = GetCurrentTimestamp();
6116 :
6117 2632 : if (!TimestampDifferenceExceeds(rw->rw_crashed_at, now,
6118 2632 : rw->rw_worker.bgw_restart_time * 1000))
6119 : {
6120 : /* Set flag to remember that we have workers to start later */
6121 2632 : HaveCrashedWorker = true;
6122 2632 : continue;
6123 : }
6124 : }
6125 :
6126 3982 : if (bgworker_should_start_now(rw->rw_worker.bgw_start_time))
6127 : {
6128 : /* reset crash time before trying to start worker */
6129 2854 : rw->rw_crashed_at = 0;
6130 :
6131 : /*
6132 : * Try to start the worker.
6133 : *
6134 : * On failure, give up processing workers for now, but set
6135 : * StartWorkerNeeded so we'll come back here on the next iteration
6136 : * of ServerLoop to try again. (We don't want to wait, because
6137 : * there might be additional ready-to-run workers.) We could set
6138 : * HaveCrashedWorker as well, since this worker is now marked
6139 : * crashed, but there's no need because the next run of this
6140 : * function will do that.
6141 : */
6142 2854 : if (!do_start_bgworker(rw))
6143 : {
6144 0 : StartWorkerNeeded = true;
6145 0 : return;
6146 : }
6147 :
6148 : /*
6149 : * If we've launched as many workers as allowed, quit, but have
6150 : * ServerLoop call us again to look for additional ready-to-run
6151 : * workers. There might not be any, but we'll find out the next
6152 : * time we run.
6153 : */
6154 2850 : if (++num_launched >= MAX_BGWORKERS_TO_LAUNCH)
6155 : {
6156 0 : StartWorkerNeeded = true;
6157 0 : return;
6158 : }
6159 : }
6160 : }
6161 : }
6162 :
6163 : /*
6164 : * When a backend asks to be notified about worker state changes, we
6165 : * set a flag in its backend entry. The background worker machinery needs
6166 : * to know when such backends exit.
6167 : */
6168 : bool
6169 2024 : PostmasterMarkPIDForWorkerNotify(int pid)
6170 : {
6171 : dlist_iter iter;
6172 : Backend *bp;
6173 :
6174 4154 : dlist_foreach(iter, &BackendList)
6175 : {
6176 4154 : bp = dlist_container(Backend, elem, iter.cur);
6177 4154 : if (bp->pid == pid)
6178 : {
6179 2024 : bp->bgworker_notify = true;
6180 2024 : return true;
6181 : }
6182 : }
6183 0 : return false;
6184 : }
6185 :
6186 : #ifdef EXEC_BACKEND
6187 :
6188 : /*
6189 : * The following need to be available to the save/restore_backend_variables
6190 : * functions. They are marked NON_EXEC_STATIC in their home modules.
6191 : */
6192 : extern slock_t *ShmemLock;
6193 : extern slock_t *ProcStructLock;
6194 : extern PGPROC *AuxiliaryProcs;
6195 : extern PMSignalData *PMSignalState;
6196 : extern pgsocket pgStatSock;
6197 : extern pg_time_t first_syslogger_file_time;
6198 :
6199 : #ifndef WIN32
6200 : #define write_inheritable_socket(dest, src, childpid) ((*(dest) = (src)), true)
6201 : #define read_inheritable_socket(dest, src) (*(dest) = *(src))
6202 : #else
6203 : static bool write_duplicated_handle(HANDLE *dest, HANDLE src, HANDLE child);
6204 : static bool write_inheritable_socket(InheritableSocket *dest, SOCKET src,
6205 : pid_t childPid);
6206 : static void read_inheritable_socket(SOCKET *dest, InheritableSocket *src);
6207 : #endif
6208 :
6209 :
6210 : /* Save critical backend variables into the BackendParameters struct */
6211 : #ifndef WIN32
6212 : static bool
6213 : save_backend_variables(BackendParameters *param, Port *port)
6214 : #else
6215 : static bool
6216 : save_backend_variables(BackendParameters *param, Port *port,
6217 : HANDLE childProcess, pid_t childPid)
6218 : #endif
6219 : {
6220 : memcpy(¶m->port, port, sizeof(Port));
6221 : if (!write_inheritable_socket(¶m->portsocket, port->sock, childPid))
6222 : return false;
6223 :
6224 : strlcpy(param->DataDir, DataDir, MAXPGPATH);
6225 :
6226 : memcpy(¶m->ListenSocket, &ListenSocket, sizeof(ListenSocket));
6227 :
6228 : param->MyCancelKey = MyCancelKey;
6229 : param->MyPMChildSlot = MyPMChildSlot;
6230 :
6231 : #ifdef WIN32
6232 : param->ShmemProtectiveRegion = ShmemProtectiveRegion;
6233 : #endif
6234 : param->UsedShmemSegID = UsedShmemSegID;
6235 : param->UsedShmemSegAddr = UsedShmemSegAddr;
6236 :
6237 : param->ShmemLock = ShmemLock;
6238 : param->ShmemVariableCache = ShmemVariableCache;
6239 : param->ShmemBackendArray = ShmemBackendArray;
6240 :
6241 : #ifndef HAVE_SPINLOCKS
6242 : param->SpinlockSemaArray = SpinlockSemaArray;
6243 : #endif
6244 : param->NamedLWLockTrancheRequests = NamedLWLockTrancheRequests;
6245 : param->NamedLWLockTrancheArray = NamedLWLockTrancheArray;
6246 : param->MainLWLockArray = MainLWLockArray;
6247 : param->ProcStructLock = ProcStructLock;
6248 : param->ProcGlobal = ProcGlobal;
6249 : param->AuxiliaryProcs = AuxiliaryProcs;
6250 : param->PreparedXactProcs = PreparedXactProcs;
6251 : param->PMSignalState = PMSignalState;
6252 : if (!write_inheritable_socket(¶m->pgStatSock, pgStatSock, childPid))
6253 : return false;
6254 :
6255 : param->PostmasterPid = PostmasterPid;
6256 : param->PgStartTime = PgStartTime;
6257 : param->PgReloadTime = PgReloadTime;
6258 : param->first_syslogger_file_time = first_syslogger_file_time;
6259 :
6260 : param->redirection_done = redirection_done;
6261 : param->IsBinaryUpgrade = IsBinaryUpgrade;
6262 : param->query_id_enabled = query_id_enabled;
6263 : param->max_safe_fds = max_safe_fds;
6264 :
6265 : param->MaxBackends = MaxBackends;
6266 :
6267 : #ifdef WIN32
6268 : param->PostmasterHandle = PostmasterHandle;
6269 : if (!write_duplicated_handle(¶m->initial_signal_pipe,
6270 : pgwin32_create_signal_listener(childPid),
6271 : childProcess))
6272 : return false;
6273 : #else
6274 : memcpy(¶m->postmaster_alive_fds, &postmaster_alive_fds,
6275 : sizeof(postmaster_alive_fds));
6276 : #endif
6277 :
6278 : memcpy(¶m->syslogPipe, &syslogPipe, sizeof(syslogPipe));
6279 :
6280 : strlcpy(param->my_exec_path, my_exec_path, MAXPGPATH);
6281 :
6282 : strlcpy(param->pkglib_path, pkglib_path, MAXPGPATH);
6283 :
6284 : return true;
6285 : }
6286 :
6287 :
6288 : #ifdef WIN32
6289 : /*
6290 : * Duplicate a handle for usage in a child process, and write the child
6291 : * process instance of the handle to the parameter file.
6292 : */
6293 : static bool
6294 : write_duplicated_handle(HANDLE *dest, HANDLE src, HANDLE childProcess)
6295 : {
6296 : HANDLE hChild = INVALID_HANDLE_VALUE;
6297 :
6298 : if (!DuplicateHandle(GetCurrentProcess(),
6299 : src,
6300 : childProcess,
6301 : &hChild,
6302 : 0,
6303 : TRUE,
6304 : DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS))
6305 : {
6306 : ereport(LOG,
6307 : (errmsg_internal("could not duplicate handle to be written to backend parameter file: error code %lu",
6308 : GetLastError())));
6309 : return false;
6310 : }
6311 :
6312 : *dest = hChild;
6313 : return true;
6314 : }
6315 :
6316 : /*
6317 : * Duplicate a socket for usage in a child process, and write the resulting
6318 : * structure to the parameter file.
6319 : * This is required because a number of LSPs (Layered Service Providers) very
6320 : * common on Windows (antivirus, firewalls, download managers etc) break
6321 : * straight socket inheritance.
6322 : */
6323 : static bool
6324 : write_inheritable_socket(InheritableSocket *dest, SOCKET src, pid_t childpid)
6325 : {
6326 : dest->origsocket = src;
6327 : if (src != 0 && src != PGINVALID_SOCKET)
6328 : {
6329 : /* Actual socket */
6330 : if (WSADuplicateSocket(src, childpid, &dest->wsainfo) != 0)
6331 : {
6332 : ereport(LOG,
6333 : (errmsg("could not duplicate socket %d for use in backend: error code %d",
6334 : (int) src, WSAGetLastError())));
6335 : return false;
6336 : }
6337 : }
6338 : return true;
6339 : }
6340 :
6341 : /*
6342 : * Read a duplicate socket structure back, and get the socket descriptor.
6343 : */
6344 : static void
6345 : read_inheritable_socket(SOCKET *dest, InheritableSocket *src)
6346 : {
6347 : SOCKET s;
6348 :
6349 : if (src->origsocket == PGINVALID_SOCKET || src->origsocket == 0)
6350 : {
6351 : /* Not a real socket! */
6352 : *dest = src->origsocket;
6353 : }
6354 : else
6355 : {
6356 : /* Actual socket, so create from structure */
6357 : s = WSASocket(FROM_PROTOCOL_INFO,
6358 : FROM_PROTOCOL_INFO,
6359 : FROM_PROTOCOL_INFO,
6360 : &src->wsainfo,
6361 : 0,
6362 : 0);
6363 : if (s == INVALID_SOCKET)
6364 : {
6365 : write_stderr("could not create inherited socket: error code %d\n",
6366 : WSAGetLastError());
6367 : exit(1);
6368 : }
6369 : *dest = s;
6370 :
6371 : /*
6372 : * To make sure we don't get two references to the same socket, close
6373 : * the original one. (This would happen when inheritance actually
6374 : * works..
6375 : */
6376 : closesocket(src->origsocket);
6377 : }
6378 : }
6379 : #endif
6380 :
6381 : static void
6382 : read_backend_variables(char *id, Port *port)
6383 : {
6384 : BackendParameters param;
6385 :
6386 : #ifndef WIN32
6387 : /* Non-win32 implementation reads from file */
6388 : FILE *fp;
6389 :
6390 : /* Open file */
6391 : fp = AllocateFile(id, PG_BINARY_R);
6392 : if (!fp)
6393 : {
6394 : write_stderr("could not open backend variables file \"%s\": %s\n",
6395 : id, strerror(errno));
6396 : exit(1);
6397 : }
6398 :
6399 : if (fread(¶m, sizeof(param), 1, fp) != 1)
6400 : {
6401 : write_stderr("could not read from backend variables file \"%s\": %s\n",
6402 : id, strerror(errno));
6403 : exit(1);
6404 : }
6405 :
6406 : /* Release file */
6407 : FreeFile(fp);
6408 : if (unlink(id) != 0)
6409 : {
6410 : write_stderr("could not remove file \"%s\": %s\n",
6411 : id, strerror(errno));
6412 : exit(1);
6413 : }
6414 : #else
6415 : /* Win32 version uses mapped file */
6416 : HANDLE paramHandle;
6417 : BackendParameters *paramp;
6418 :
6419 : #ifdef _WIN64
6420 : paramHandle = (HANDLE) _atoi64(id);
6421 : #else
6422 : paramHandle = (HANDLE) atol(id);
6423 : #endif
6424 : paramp = MapViewOfFile(paramHandle, FILE_MAP_READ, 0, 0, 0);
6425 : if (!paramp)
6426 : {
6427 : write_stderr("could not map view of backend variables: error code %lu\n",
6428 : GetLastError());
6429 : exit(1);
6430 : }
6431 :
6432 : memcpy(¶m, paramp, sizeof(BackendParameters));
6433 :
6434 : if (!UnmapViewOfFile(paramp))
6435 : {
6436 : write_stderr("could not unmap view of backend variables: error code %lu\n",
6437 : GetLastError());
6438 : exit(1);
6439 : }
6440 :
6441 : if (!CloseHandle(paramHandle))
6442 : {
6443 : write_stderr("could not close handle to backend parameter variables: error code %lu\n",
6444 : GetLastError());
6445 : exit(1);
6446 : }
6447 : #endif
6448 :
6449 : restore_backend_variables(¶m, port);
6450 : }
6451 :
6452 : /* Restore critical backend variables from the BackendParameters struct */
6453 : static void
6454 : restore_backend_variables(BackendParameters *param, Port *port)
6455 : {
6456 : memcpy(port, ¶m->port, sizeof(Port));
6457 : read_inheritable_socket(&port->sock, ¶m->portsocket);
6458 :
6459 : SetDataDir(param->DataDir);
6460 :
6461 : memcpy(&ListenSocket, ¶m->ListenSocket, sizeof(ListenSocket));
6462 :
6463 : MyCancelKey = param->MyCancelKey;
6464 : MyPMChildSlot = param->MyPMChildSlot;
6465 :
6466 : #ifdef WIN32
6467 : ShmemProtectiveRegion = param->ShmemProtectiveRegion;
6468 : #endif
6469 : UsedShmemSegID = param->UsedShmemSegID;
6470 : UsedShmemSegAddr = param->UsedShmemSegAddr;
6471 :
6472 : ShmemLock = param->ShmemLock;
6473 : ShmemVariableCache = param->ShmemVariableCache;
6474 : ShmemBackendArray = param->ShmemBackendArray;
6475 :
6476 : #ifndef HAVE_SPINLOCKS
6477 : SpinlockSemaArray = param->SpinlockSemaArray;
6478 : #endif
6479 : NamedLWLockTrancheRequests = param->NamedLWLockTrancheRequests;
6480 : NamedLWLockTrancheArray = param->NamedLWLockTrancheArray;
6481 : MainLWLockArray = param->MainLWLockArray;
6482 : ProcStructLock = param->ProcStructLock;
6483 : ProcGlobal = param->ProcGlobal;
6484 : AuxiliaryProcs = param->AuxiliaryProcs;
6485 : PreparedXactProcs = param->PreparedXactProcs;
6486 : PMSignalState = param->PMSignalState;
6487 : read_inheritable_socket(&pgStatSock, ¶m->pgStatSock);
6488 :
6489 : PostmasterPid = param->PostmasterPid;
6490 : PgStartTime = param->PgStartTime;
6491 : PgReloadTime = param->PgReloadTime;
6492 : first_syslogger_file_time = param->first_syslogger_file_time;
6493 :
6494 : redirection_done = param->redirection_done;
6495 : IsBinaryUpgrade = param->IsBinaryUpgrade;
6496 : query_id_enabled = param->query_id_enabled;
6497 : max_safe_fds = param->max_safe_fds;
6498 :
6499 : MaxBackends = param->MaxBackends;
6500 :
6501 : #ifdef WIN32
6502 : PostmasterHandle = param->PostmasterHandle;
6503 : pgwin32_initial_signal_pipe = param->initial_signal_pipe;
6504 : #else
6505 : memcpy(&postmaster_alive_fds, ¶m->postmaster_alive_fds,
6506 : sizeof(postmaster_alive_fds));
6507 : #endif
6508 :
6509 : memcpy(&syslogPipe, ¶m->syslogPipe, sizeof(syslogPipe));
6510 :
6511 : strlcpy(my_exec_path, param->my_exec_path, MAXPGPATH);
6512 :
6513 : strlcpy(pkglib_path, param->pkglib_path, MAXPGPATH);
6514 :
6515 : /*
6516 : * We need to restore fd.c's counts of externally-opened FDs; to avoid
6517 : * confusion, be sure to do this after restoring max_safe_fds. (Note:
6518 : * BackendInitialize will handle this for port->sock.)
6519 : */
6520 : #ifndef WIN32
6521 : if (postmaster_alive_fds[0] >= 0)
6522 : ReserveExternalFD();
6523 : if (postmaster_alive_fds[1] >= 0)
6524 : ReserveExternalFD();
6525 : #endif
6526 : if (pgStatSock != PGINVALID_SOCKET)
6527 : ReserveExternalFD();
6528 : }
6529 :
6530 :
6531 : Size
6532 : ShmemBackendArraySize(void)
6533 : {
6534 : return mul_size(MaxLivePostmasterChildren(), sizeof(Backend));
6535 : }
6536 :
6537 : void
6538 : ShmemBackendArrayAllocation(void)
6539 : {
6540 : Size size = ShmemBackendArraySize();
6541 :
6542 : ShmemBackendArray = (Backend *) ShmemAlloc(size);
6543 : /* Mark all slots as empty */
6544 : memset(ShmemBackendArray, 0, size);
6545 : }
6546 :
6547 : static void
6548 : ShmemBackendArrayAdd(Backend *bn)
6549 : {
6550 : /* The array slot corresponding to my PMChildSlot should be free */
6551 : int i = bn->child_slot - 1;
6552 :
6553 : Assert(ShmemBackendArray[i].pid == 0);
6554 : ShmemBackendArray[i] = *bn;
6555 : }
6556 :
6557 : static void
6558 : ShmemBackendArrayRemove(Backend *bn)
6559 : {
6560 : int i = bn->child_slot - 1;
6561 :
6562 : Assert(ShmemBackendArray[i].pid == bn->pid);
6563 : /* Mark the slot as empty */
6564 : ShmemBackendArray[i].pid = 0;
6565 : }
6566 : #endif /* EXEC_BACKEND */
6567 :
6568 :
6569 : #ifdef WIN32
6570 :
6571 : /*
6572 : * Subset implementation of waitpid() for Windows. We assume pid is -1
6573 : * (that is, check all child processes) and options is WNOHANG (don't wait).
6574 : */
6575 : static pid_t
6576 : waitpid(pid_t pid, int *exitstatus, int options)
6577 : {
6578 : DWORD dwd;
6579 : ULONG_PTR key;
6580 : OVERLAPPED *ovl;
6581 :
6582 : /*
6583 : * Check if there are any dead children. If there are, return the pid of
6584 : * the first one that died.
6585 : */
6586 : if (GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
6587 : {
6588 : *exitstatus = (int) key;
6589 : return dwd;
6590 : }
6591 :
6592 : return -1;
6593 : }
6594 :
6595 : /*
6596 : * Note! Code below executes on a thread pool! All operations must
6597 : * be thread safe! Note that elog() and friends must *not* be used.
6598 : */
6599 : static void WINAPI
6600 : pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
6601 : {
6602 : win32_deadchild_waitinfo *childinfo = (win32_deadchild_waitinfo *) lpParameter;
6603 : DWORD exitcode;
6604 :
6605 : if (TimerOrWaitFired)
6606 : return; /* timeout. Should never happen, since we use
6607 : * INFINITE as timeout value. */
6608 :
6609 : /*
6610 : * Remove handle from wait - required even though it's set to wait only
6611 : * once
6612 : */
6613 : UnregisterWaitEx(childinfo->waitHandle, NULL);
6614 :
6615 : if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
6616 : {
6617 : /*
6618 : * Should never happen. Inform user and set a fixed exitcode.
6619 : */
6620 : write_stderr("could not read exit code for process\n");
6621 : exitcode = 255;
6622 : }
6623 :
6624 : if (!PostQueuedCompletionStatus(win32ChildQueue, childinfo->procId, (ULONG_PTR) exitcode, NULL))
6625 : write_stderr("could not post child completion status\n");
6626 :
6627 : /*
6628 : * Handle is per-process, so we close it here instead of in the
6629 : * originating thread
6630 : */
6631 : CloseHandle(childinfo->procHandle);
6632 :
6633 : /*
6634 : * Free struct that was allocated before the call to
6635 : * RegisterWaitForSingleObject()
6636 : */
6637 : free(childinfo);
6638 :
6639 : /* Queue SIGCHLD signal */
6640 : pg_queue_signal(SIGCHLD);
6641 : }
6642 : #endif /* WIN32 */
6643 :
6644 : /*
6645 : * Initialize one and only handle for monitoring postmaster death.
6646 : *
6647 : * Called once in the postmaster, so that child processes can subsequently
6648 : * monitor if their parent is dead.
6649 : */
6650 : static void
6651 940 : InitPostmasterDeathWatchHandle(void)
6652 : {
6653 : #ifndef WIN32
6654 :
6655 : /*
6656 : * Create a pipe. Postmaster holds the write end of the pipe open
6657 : * (POSTMASTER_FD_OWN), and children hold the read end. Children can pass
6658 : * the read file descriptor to select() to wake up in case postmaster
6659 : * dies, or check for postmaster death with a (read() == 0). Children must
6660 : * close the write end as soon as possible after forking, because EOF
6661 : * won't be signaled in the read end until all processes have closed the
6662 : * write fd. That is taken care of in ClosePostmasterPorts().
6663 : */
6664 : Assert(MyProcPid == PostmasterPid);
6665 940 : if (pipe(postmaster_alive_fds) < 0)
6666 0 : ereport(FATAL,
6667 : (errcode_for_file_access(),
6668 : errmsg_internal("could not create pipe to monitor postmaster death: %m")));
6669 :
6670 : /* Notify fd.c that we've eaten two FDs for the pipe. */
6671 940 : ReserveExternalFD();
6672 940 : ReserveExternalFD();
6673 :
6674 : /*
6675 : * Set O_NONBLOCK to allow testing for the fd's presence with a read()
6676 : * call.
6677 : */
6678 940 : if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFL, O_NONBLOCK) == -1)
6679 0 : ereport(FATAL,
6680 : (errcode_for_socket_access(),
6681 : errmsg_internal("could not set postmaster death monitoring pipe to nonblocking mode: %m")));
6682 : #else
6683 :
6684 : /*
6685 : * On Windows, we use a process handle for the same purpose.
6686 : */
6687 : if (DuplicateHandle(GetCurrentProcess(),
6688 : GetCurrentProcess(),
6689 : GetCurrentProcess(),
6690 : &PostmasterHandle,
6691 : 0,
6692 : TRUE,
6693 : DUPLICATE_SAME_ACCESS) == 0)
6694 : ereport(FATAL,
6695 : (errmsg_internal("could not duplicate postmaster handle: error code %lu",
6696 : GetLastError())));
6697 : #endif /* WIN32 */
6698 940 : }
|
