Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * postmaster.c
4 : * This program acts as a clearing house for requests to the
5 : * POSTGRES system. Frontend programs connect to the Postmaster,
6 : * and postmaster forks a new backend process to handle the
7 : * connection.
8 : *
9 : * The postmaster also manages system-wide operations such as
10 : * startup and shutdown. The postmaster itself doesn't do those
11 : * operations, mind you --- it just forks off a subprocess to do them
12 : * at the right times. It also takes care of resetting the system
13 : * if a backend crashes.
14 : *
15 : * The postmaster process creates the shared memory and semaphore
16 : * pools during startup, but as a rule does not touch them itself.
17 : * In particular, it is not a member of the PGPROC array of backends
18 : * and so it cannot participate in lock-manager operations. Keeping
19 : * the postmaster away from shared memory operations makes it simpler
20 : * and more reliable. The postmaster is almost always able to recover
21 : * from crashes of individual backends by resetting shared memory;
22 : * if it did much with shared memory then it would be prone to crashing
23 : * along with the backends.
24 : *
25 : * When a request message is received, we now fork() immediately.
26 : * The child process performs authentication of the request, and
27 : * then becomes a backend if successful. This allows the auth code
28 : * to be written in a simple single-threaded style (as opposed to the
29 : * crufty "poor man's multitasking" code that used to be needed).
30 : * More importantly, it ensures that blockages in non-multithreaded
31 : * libraries like SSL or PAM cannot cause denial of service to other
32 : * clients.
33 : *
34 : *
35 : * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
36 : * Portions Copyright (c) 1994, Regents of the University of California
37 : *
38 : *
39 : * IDENTIFICATION
40 : * src/backend/postmaster/postmaster.c
41 : *
42 : * NOTES
43 : *
44 : * Initialization:
45 : * The Postmaster sets up shared memory data structures
46 : * for the backends.
47 : *
48 : * Synchronization:
49 : * The Postmaster shares memory with the backends but should avoid
50 : * touching shared memory, so as not to become stuck if a crashing
51 : * backend screws up locks or shared memory. Likewise, the Postmaster
52 : * should never block on messages from frontend clients.
53 : *
54 : * Garbage Collection:
55 : * The Postmaster cleans up after backends if they have an emergency
56 : * exit and/or core dump.
57 : *
58 : * Error Reporting:
59 : * Use write_stderr() only for reporting "interactive" errors
60 : * (essentially, bogus arguments on the command line). Once the
61 : * postmaster is launched, use ereport().
62 : *
63 : *-------------------------------------------------------------------------
64 : */
65 :
66 : #include "postgres.h"
67 :
68 : #include <unistd.h>
69 : #include <signal.h>
70 : #include <time.h>
71 : #include <sys/wait.h>
72 : #include <ctype.h>
73 : #include <sys/stat.h>
74 : #include <sys/socket.h>
75 : #include <fcntl.h>
76 : #include <sys/param.h>
77 : #include <netdb.h>
78 : #include <limits.h>
79 :
80 : #ifdef USE_BONJOUR
81 : #include <dns_sd.h>
82 : #endif
83 :
84 : #ifdef USE_SYSTEMD
85 : #include <systemd/sd-daemon.h>
86 : #endif
87 :
88 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
89 : #include <pthread.h>
90 : #endif
91 :
92 : #include "access/xlog.h"
93 : #include "access/xlog_internal.h"
94 : #include "access/xlogrecovery.h"
95 : #include "common/file_perm.h"
96 : #include "common/pg_prng.h"
97 : #include "lib/ilist.h"
98 : #include "libpq/libpq.h"
99 : #include "libpq/pqsignal.h"
100 : #include "pg_getopt.h"
101 : #include "pgstat.h"
102 : #include "port/pg_bswap.h"
103 : #include "postmaster/autovacuum.h"
104 : #include "postmaster/bgworker_internals.h"
105 : #include "postmaster/pgarch.h"
106 : #include "postmaster/postmaster.h"
107 : #include "postmaster/syslogger.h"
108 : #include "postmaster/walsummarizer.h"
109 : #include "replication/logicallauncher.h"
110 : #include "replication/slotsync.h"
111 : #include "replication/walsender.h"
112 : #include "storage/aio_subsys.h"
113 : #include "storage/fd.h"
114 : #include "storage/io_worker.h"
115 : #include "storage/ipc.h"
116 : #include "storage/pmsignal.h"
117 : #include "storage/proc.h"
118 : #include "tcop/backend_startup.h"
119 : #include "tcop/tcopprot.h"
120 : #include "utils/datetime.h"
121 : #include "utils/memutils.h"
122 : #include "utils/pidfile.h"
123 : #include "utils/timestamp.h"
124 : #include "utils/varlena.h"
125 :
126 : #ifdef EXEC_BACKEND
127 : #include "common/file_utils.h"
128 : #include "storage/pg_shmem.h"
129 : #endif
130 :
131 :
132 : /*
133 : * CountChildren and SignalChildren take a bitmask argument to represent
134 : * BackendTypes to count or signal. Define a separate type and functions to
135 : * work with the bitmasks, to avoid accidentally passing a plain BackendType
136 : * in place of a bitmask or vice versa.
137 : */
138 : typedef struct
139 : {
140 : uint32 mask;
141 : } BackendTypeMask;
142 :
143 : StaticAssertDecl(BACKEND_NUM_TYPES < 32, "too many backend types for uint32");
144 :
145 : static const BackendTypeMask BTYPE_MASK_ALL = {(1 << BACKEND_NUM_TYPES) - 1};
146 : static const BackendTypeMask BTYPE_MASK_NONE = {0};
147 :
148 : static inline BackendTypeMask
149 2970 : btmask(BackendType t)
150 : {
151 2970 : BackendTypeMask mask = {.mask = 1 << t};
152 :
153 2970 : return mask;
154 : }
155 :
156 : static inline BackendTypeMask
157 30938 : btmask_add_n(BackendTypeMask mask, int nargs, BackendType *t)
158 : {
159 136166 : for (int i = 0; i < nargs; i++)
160 105228 : mask.mask |= 1 << t[i];
161 30938 : return mask;
162 : }
163 :
164 : #define btmask_add(mask, ...) \
165 : btmask_add_n(mask, \
166 : lengthof(((BackendType[]){__VA_ARGS__})), \
167 : (BackendType[]){__VA_ARGS__} \
168 : )
169 :
170 : static inline BackendTypeMask
171 8304 : btmask_del(BackendTypeMask mask, BackendType t)
172 : {
173 8304 : mask.mask &= ~(1 << t);
174 8304 : return mask;
175 : }
176 :
177 : static inline BackendTypeMask
178 4890 : btmask_all_except_n(int nargs, BackendType *t)
179 : {
180 4890 : BackendTypeMask mask = BTYPE_MASK_ALL;
181 :
182 13194 : for (int i = 0; i < nargs; i++)
183 8304 : mask = btmask_del(mask, t[i]);
184 4890 : return mask;
185 : }
186 :
187 : #define btmask_all_except(...) \
188 : btmask_all_except_n( \
189 : lengthof(((BackendType[]){__VA_ARGS__})), \
190 : (BackendType[]){__VA_ARGS__} \
191 : )
192 :
193 : static inline bool
194 265494 : btmask_contains(BackendTypeMask mask, BackendType t)
195 : {
196 265494 : return (mask.mask & (1 << t)) != 0;
197 : }
198 :
199 :
200 : BackgroundWorker *MyBgworkerEntry = NULL;
201 :
202 : /* The socket number we are listening for connections on */
203 : int PostPortNumber = DEF_PGPORT;
204 :
205 : /* The directory names for Unix socket(s) */
206 : char *Unix_socket_directories;
207 :
208 : /* The TCP listen address(es) */
209 : char *ListenAddresses;
210 :
211 : /*
212 : * SuperuserReservedConnections is the number of backends reserved for
213 : * superuser use, and ReservedConnections is the number of backends reserved
214 : * for use by roles with privileges of the pg_use_reserved_connections
215 : * predefined role. These are taken out of the pool of MaxConnections backend
216 : * slots, so the number of backend slots available for roles that are neither
217 : * superuser nor have privileges of pg_use_reserved_connections is
218 : * (MaxConnections - SuperuserReservedConnections - ReservedConnections).
219 : *
220 : * If the number of remaining slots is less than or equal to
221 : * SuperuserReservedConnections, only superusers can make new connections. If
222 : * the number of remaining slots is greater than SuperuserReservedConnections
223 : * but less than or equal to
224 : * (SuperuserReservedConnections + ReservedConnections), only superusers and
225 : * roles with privileges of pg_use_reserved_connections can make new
226 : * connections. Note that pre-existing superuser and
227 : * pg_use_reserved_connections connections don't count against the limits.
228 : */
229 : int SuperuserReservedConnections;
230 : int ReservedConnections;
231 :
232 : /* The socket(s) we're listening to. */
233 : #define MAXLISTEN 64
234 : static int NumListenSockets = 0;
235 : static pgsocket *ListenSockets = NULL;
236 :
237 : /* still more option variables */
238 : bool EnableSSL = false;
239 :
240 : int PreAuthDelay = 0;
241 : int AuthenticationTimeout = 60;
242 :
243 : bool log_hostname; /* for ps display and logging */
244 :
245 : bool enable_bonjour = false;
246 : char *bonjour_name;
247 : bool restart_after_crash = true;
248 : bool remove_temp_files_after_crash = true;
249 :
250 : /*
251 : * When terminating child processes after fatal errors, like a crash of a
252 : * child process, we normally send SIGQUIT -- and most other comments in this
253 : * file are written on the assumption that we do -- but developers might
254 : * prefer to use SIGABRT to collect per-child core dumps.
255 : */
256 : bool send_abort_for_crash = false;
257 : bool send_abort_for_kill = false;
258 :
259 : /* special child processes; NULL when not running */
260 : static PMChild *StartupPMChild = NULL,
261 : *BgWriterPMChild = NULL,
262 : *CheckpointerPMChild = NULL,
263 : *WalWriterPMChild = NULL,
264 : *WalReceiverPMChild = NULL,
265 : *WalSummarizerPMChild = NULL,
266 : *AutoVacLauncherPMChild = NULL,
267 : *PgArchPMChild = NULL,
268 : *SysLoggerPMChild = NULL,
269 : *SlotSyncWorkerPMChild = NULL;
270 :
271 : /* Startup process's status */
272 : typedef enum
273 : {
274 : STARTUP_NOT_RUNNING,
275 : STARTUP_RUNNING,
276 : STARTUP_SIGNALED, /* we sent it a SIGQUIT or SIGKILL */
277 : STARTUP_CRASHED,
278 : } StartupStatusEnum;
279 :
280 : static StartupStatusEnum StartupStatus = STARTUP_NOT_RUNNING;
281 :
282 : /* Startup/shutdown state */
283 : #define NoShutdown 0
284 : #define SmartShutdown 1
285 : #define FastShutdown 2
286 : #define ImmediateShutdown 3
287 :
288 : static int Shutdown = NoShutdown;
289 :
290 : static bool FatalError = false; /* T if recovering from backend crash */
291 :
292 : /*
293 : * We use a simple state machine to control startup, shutdown, and
294 : * crash recovery (which is rather like shutdown followed by startup).
295 : *
296 : * After doing all the postmaster initialization work, we enter PM_STARTUP
297 : * state and the startup process is launched. The startup process begins by
298 : * reading the control file and other preliminary initialization steps.
299 : * In a normal startup, or after crash recovery, the startup process exits
300 : * with exit code 0 and we switch to PM_RUN state. However, archive recovery
301 : * is handled specially since it takes much longer and we would like to support
302 : * hot standby during archive recovery.
303 : *
304 : * When the startup process is ready to start archive recovery, it signals the
305 : * postmaster, and we switch to PM_RECOVERY state. The background writer and
306 : * checkpointer are launched, while the startup process continues applying WAL.
307 : * If Hot Standby is enabled, then, after reaching a consistent point in WAL
308 : * redo, startup process signals us again, and we switch to PM_HOT_STANDBY
309 : * state and begin accepting connections to perform read-only queries. When
310 : * archive recovery is finished, the startup process exits with exit code 0
311 : * and we switch to PM_RUN state.
312 : *
313 : * Normal child backends can only be launched when we are in PM_RUN or
314 : * PM_HOT_STANDBY state. (connsAllowed can also restrict launching.)
315 : * In other states we handle connection requests by launching "dead-end"
316 : * child processes, which will simply send the client an error message and
317 : * quit. (We track these in the ActiveChildList so that we can know when they
318 : * are all gone; this is important because they're still connected to shared
319 : * memory, and would interfere with an attempt to destroy the shmem segment,
320 : * possibly leading to SHMALL failure when we try to make a new one.)
321 : * In PM_WAIT_DEAD_END state we are waiting for all the dead-end children
322 : * to drain out of the system, and therefore stop accepting connection
323 : * requests at all until the last existing child has quit (which hopefully
324 : * will not be very long).
325 : *
326 : * Notice that this state variable does not distinguish *why* we entered
327 : * states later than PM_RUN --- Shutdown and FatalError must be consulted
328 : * to find that out. FatalError is never true in PM_RECOVERY, PM_HOT_STANDBY,
329 : * or PM_RUN states, nor in PM_WAIT_XLOG_SHUTDOWN states (because we don't
330 : * enter those states when trying to recover from a crash). It can be true in
331 : * PM_STARTUP state, because we don't clear it until we've successfully
332 : * started WAL redo.
333 : */
334 : typedef enum
335 : {
336 : PM_INIT, /* postmaster starting */
337 : PM_STARTUP, /* waiting for startup subprocess */
338 : PM_RECOVERY, /* in archive recovery mode */
339 : PM_HOT_STANDBY, /* in hot standby mode */
340 : PM_RUN, /* normal "database is alive" state */
341 : PM_STOP_BACKENDS, /* need to stop remaining backends */
342 : PM_WAIT_BACKENDS, /* waiting for live backends to exit */
343 : PM_WAIT_XLOG_SHUTDOWN, /* waiting for checkpointer to do shutdown
344 : * ckpt */
345 : PM_WAIT_XLOG_ARCHIVAL, /* waiting for archiver and walsenders to
346 : * finish */
347 : PM_WAIT_IO_WORKERS, /* waiting for io workers to exit */
348 : PM_WAIT_CHECKPOINTER, /* waiting for checkpointer to shut down */
349 : PM_WAIT_DEAD_END, /* waiting for dead-end children to exit */
350 : PM_NO_CHILDREN, /* all important children have exited */
351 : } PMState;
352 :
353 : static PMState pmState = PM_INIT;
354 :
355 : /*
356 : * While performing a "smart shutdown", we restrict new connections but stay
357 : * in PM_RUN or PM_HOT_STANDBY state until all the client backends are gone.
358 : * connsAllowed is a sub-state indicator showing the active restriction.
359 : * It is of no interest unless pmState is PM_RUN or PM_HOT_STANDBY.
360 : */
361 : static bool connsAllowed = true;
362 :
363 : /* Start time of SIGKILL timeout during immediate shutdown or child crash */
364 : /* Zero means timeout is not running */
365 : static time_t AbortStartTime = 0;
366 :
367 : /* Length of said timeout */
368 : #define SIGKILL_CHILDREN_AFTER_SECS 5
369 :
370 : static bool ReachedNormalRunning = false; /* T if we've reached PM_RUN */
371 :
372 : bool ClientAuthInProgress = false; /* T during new-client
373 : * authentication */
374 :
375 : bool redirection_done = false; /* stderr redirected for syslogger? */
376 :
377 : /* received START_AUTOVAC_LAUNCHER signal */
378 : static bool start_autovac_launcher = false;
379 :
380 : /* the launcher needs to be signaled to communicate some condition */
381 : static bool avlauncher_needs_signal = false;
382 :
383 : /* received START_WALRECEIVER signal */
384 : static bool WalReceiverRequested = false;
385 :
386 : /* set when there's a worker that needs to be started up */
387 : static bool StartWorkerNeeded = true;
388 : static bool HaveCrashedWorker = false;
389 :
390 : /* set when signals arrive */
391 : static volatile sig_atomic_t pending_pm_pmsignal;
392 : static volatile sig_atomic_t pending_pm_child_exit;
393 : static volatile sig_atomic_t pending_pm_reload_request;
394 : static volatile sig_atomic_t pending_pm_shutdown_request;
395 : static volatile sig_atomic_t pending_pm_fast_shutdown_request;
396 : static volatile sig_atomic_t pending_pm_immediate_shutdown_request;
397 :
398 : /* event multiplexing object */
399 : static WaitEventSet *pm_wait_set;
400 :
401 : #ifdef USE_SSL
402 : /* Set when and if SSL has been initialized properly */
403 : bool LoadedSSL = false;
404 : #endif
405 :
406 : #ifdef USE_BONJOUR
407 : static DNSServiceRef bonjour_sdref = NULL;
408 : #endif
409 :
410 : /* State for IO worker management. */
411 : static int io_worker_count = 0;
412 : static PMChild *io_worker_children[MAX_IO_WORKERS];
413 :
414 : /*
415 : * postmaster.c - function prototypes
416 : */
417 : static void CloseServerPorts(int status, Datum arg);
418 : static void unlink_external_pid_file(int status, Datum arg);
419 : static void getInstallationPaths(const char *argv0);
420 : static void checkControlFile(void);
421 : static void handle_pm_pmsignal_signal(SIGNAL_ARGS);
422 : static void handle_pm_child_exit_signal(SIGNAL_ARGS);
423 : static void handle_pm_reload_request_signal(SIGNAL_ARGS);
424 : static void handle_pm_shutdown_request_signal(SIGNAL_ARGS);
425 : static void process_pm_pmsignal(void);
426 : static void process_pm_child_exit(void);
427 : static void process_pm_reload_request(void);
428 : static void process_pm_shutdown_request(void);
429 : static void dummy_handler(SIGNAL_ARGS);
430 : static void CleanupBackend(PMChild *bp, int exitstatus);
431 : static void HandleChildCrash(int pid, int exitstatus, const char *procname);
432 : static void LogChildExit(int lev, const char *procname,
433 : int pid, int exitstatus);
434 : static void PostmasterStateMachine(void);
435 : static void UpdatePMState(PMState newState);
436 :
437 : pg_noreturn static void ExitPostmaster(int status);
438 : static int ServerLoop(void);
439 : static int BackendStartup(ClientSocket *client_sock);
440 : static void report_fork_failure_to_client(ClientSocket *client_sock, int errnum);
441 : static CAC_state canAcceptConnections(BackendType backend_type);
442 : static void signal_child(PMChild *pmchild, int signal);
443 : static bool SignalChildren(int signal, BackendTypeMask targetMask);
444 : static void TerminateChildren(int signal);
445 : static int CountChildren(BackendTypeMask targetMask);
446 : static void LaunchMissingBackgroundProcesses(void);
447 : static void maybe_start_bgworkers(void);
448 : static bool maybe_reap_io_worker(int pid);
449 : static void maybe_adjust_io_workers(void);
450 : static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
451 : static PMChild *StartChildProcess(BackendType type);
452 : static void StartSysLogger(void);
453 : static void StartAutovacuumWorker(void);
454 : static bool StartBackgroundWorker(RegisteredBgWorker *rw);
455 : static void InitPostmasterDeathWatchHandle(void);
456 :
457 : #ifdef WIN32
458 : #define WNOHANG 0 /* ignored, so any integer value will do */
459 :
460 : static pid_t waitpid(pid_t pid, int *exitstatus, int options);
461 : static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
462 :
463 : static HANDLE win32ChildQueue;
464 :
465 : typedef struct
466 : {
467 : HANDLE waitHandle;
468 : HANDLE procHandle;
469 : DWORD procId;
470 : } win32_deadchild_waitinfo;
471 : #endif /* WIN32 */
472 :
473 : /* Macros to check exit status of a child process */
474 : #define EXIT_STATUS_0(st) ((st) == 0)
475 : #define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
476 : #define EXIT_STATUS_3(st) (WIFEXITED(st) && WEXITSTATUS(st) == 3)
477 :
478 : #ifndef WIN32
479 : /*
480 : * File descriptors for pipe used to monitor if postmaster is alive.
481 : * First is POSTMASTER_FD_WATCH, second is POSTMASTER_FD_OWN.
482 : */
483 : int postmaster_alive_fds[2] = {-1, -1};
484 : #else
485 : /* Process handle of postmaster used for the same purpose on Windows */
486 : HANDLE PostmasterHandle;
487 : #endif
488 :
489 : /*
490 : * Postmaster main entry point
491 : */
492 : void
493 1736 : PostmasterMain(int argc, char *argv[])
494 : {
495 : int opt;
496 : int status;
497 1736 : char *userDoption = NULL;
498 1736 : bool listen_addr_saved = false;
499 1736 : char *output_config_variable = NULL;
500 :
501 1736 : InitProcessGlobals();
502 :
503 1736 : PostmasterPid = MyProcPid;
504 :
505 1736 : IsPostmasterEnvironment = true;
506 :
507 : /*
508 : * Start our win32 signal implementation
509 : */
510 : #ifdef WIN32
511 : pgwin32_signal_initialize();
512 : #endif
513 :
514 : /*
515 : * We should not be creating any files or directories before we check the
516 : * data directory (see checkDataDir()), but just in case set the umask to
517 : * the most restrictive (owner-only) permissions.
518 : *
519 : * checkDataDir() will reset the umask based on the data directory
520 : * permissions.
521 : */
522 1736 : umask(PG_MODE_MASK_OWNER);
523 :
524 : /*
525 : * By default, palloc() requests in the postmaster will be allocated in
526 : * the PostmasterContext, which is space that can be recycled by backends.
527 : * Allocated data that needs to be available to backends should be
528 : * allocated in TopMemoryContext.
529 : */
530 1736 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
531 : "Postmaster",
532 : ALLOCSET_DEFAULT_SIZES);
533 1736 : MemoryContextSwitchTo(PostmasterContext);
534 :
535 : /* Initialize paths to installation files */
536 1736 : getInstallationPaths(argv[0]);
537 :
538 : /*
539 : * Set up signal handlers for the postmaster process.
540 : *
541 : * CAUTION: when changing this list, check for side-effects on the signal
542 : * handling setup of child processes. See tcop/postgres.c,
543 : * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
544 : * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/syslogger.c,
545 : * postmaster/bgworker.c and postmaster/checkpointer.c.
546 : */
547 1736 : pqinitmask();
548 1736 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
549 :
550 1736 : pqsignal(SIGHUP, handle_pm_reload_request_signal);
551 1736 : pqsignal(SIGINT, handle_pm_shutdown_request_signal);
552 1736 : pqsignal(SIGQUIT, handle_pm_shutdown_request_signal);
553 1736 : pqsignal(SIGTERM, handle_pm_shutdown_request_signal);
554 1736 : pqsignal(SIGALRM, SIG_IGN); /* ignored */
555 1736 : pqsignal(SIGPIPE, SIG_IGN); /* ignored */
556 1736 : pqsignal(SIGUSR1, handle_pm_pmsignal_signal);
557 1736 : pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
558 1736 : pqsignal(SIGCHLD, handle_pm_child_exit_signal);
559 :
560 : /* This may configure SIGURG, depending on platform. */
561 1736 : InitializeWaitEventSupport();
562 1736 : InitProcessLocalLatch();
563 :
564 : /*
565 : * No other place in Postgres should touch SIGTTIN/SIGTTOU handling. We
566 : * ignore those signals in a postmaster environment, so that there is no
567 : * risk of a child process freezing up due to writing to stderr. But for
568 : * a standalone backend, their default handling is reasonable. Hence, all
569 : * child processes should just allow the inherited settings to stand.
570 : */
571 : #ifdef SIGTTIN
572 1736 : pqsignal(SIGTTIN, SIG_IGN); /* ignored */
573 : #endif
574 : #ifdef SIGTTOU
575 1736 : pqsignal(SIGTTOU, SIG_IGN); /* ignored */
576 : #endif
577 :
578 : /* ignore SIGXFSZ, so that ulimit violations work like disk full */
579 : #ifdef SIGXFSZ
580 1736 : pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
581 : #endif
582 :
583 : /* Begin accepting signals. */
584 1736 : sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
585 :
586 : /*
587 : * Options setup
588 : */
589 1736 : InitializeGUCOptions();
590 :
591 1736 : opterr = 1;
592 :
593 : /*
594 : * Parse command-line options. CAUTION: keep this in sync with
595 : * tcop/postgres.c (the option sets should not conflict) and with the
596 : * common help() function in main/main.c.
597 : */
598 6242 : while ((opt = getopt(argc, argv, "B:bC:c:D:d:EeFf:h:ijk:lN:OPp:r:S:sTt:W:-:")) != -1)
599 : {
600 4510 : switch (opt)
601 : {
602 0 : case 'B':
603 0 : SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
604 0 : break;
605 :
606 94 : case 'b':
607 : /* Undocumented flag used for binary upgrades */
608 94 : IsBinaryUpgrade = true;
609 94 : break;
610 :
611 6 : case 'C':
612 6 : output_config_variable = strdup(optarg);
613 6 : break;
614 :
615 1394 : case '-':
616 :
617 : /*
618 : * Error if the user misplaced a special must-be-first option
619 : * for dispatching to a subprogram. parse_dispatch_option()
620 : * returns DISPATCH_POSTMASTER if it doesn't find a match, so
621 : * error for anything else.
622 : */
623 1394 : if (parse_dispatch_option(optarg) != DISPATCH_POSTMASTER)
624 0 : ereport(ERROR,
625 : (errcode(ERRCODE_SYNTAX_ERROR),
626 : errmsg("--%s must be first argument", optarg)));
627 :
628 : /* FALLTHROUGH */
629 : case 'c':
630 : {
631 : char *name,
632 : *value;
633 :
634 2184 : ParseLongOption(optarg, &name, &value);
635 2184 : if (!value)
636 : {
637 2 : if (opt == '-')
638 2 : ereport(ERROR,
639 : (errcode(ERRCODE_SYNTAX_ERROR),
640 : errmsg("--%s requires a value",
641 : optarg)));
642 : else
643 0 : ereport(ERROR,
644 : (errcode(ERRCODE_SYNTAX_ERROR),
645 : errmsg("-c %s requires a value",
646 : optarg)));
647 : }
648 :
649 2182 : SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
650 2180 : pfree(name);
651 2180 : pfree(value);
652 2180 : break;
653 : }
654 :
655 1732 : case 'D':
656 1732 : userDoption = strdup(optarg);
657 1732 : break;
658 :
659 0 : case 'd':
660 0 : set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
661 0 : break;
662 :
663 0 : case 'E':
664 0 : SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
665 0 : break;
666 :
667 0 : case 'e':
668 0 : SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
669 0 : break;
670 :
671 188 : case 'F':
672 188 : SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
673 188 : break;
674 :
675 0 : case 'f':
676 0 : if (!set_plan_disabling_options(optarg, PGC_POSTMASTER, PGC_S_ARGV))
677 : {
678 0 : write_stderr("%s: invalid argument for option -f: \"%s\"\n",
679 : progname, optarg);
680 0 : ExitPostmaster(1);
681 : }
682 0 : break;
683 :
684 0 : case 'h':
685 0 : SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
686 0 : break;
687 :
688 0 : case 'i':
689 0 : SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
690 0 : break;
691 :
692 0 : case 'j':
693 : /* only used by interactive backend */
694 0 : break;
695 :
696 188 : case 'k':
697 188 : SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV);
698 188 : break;
699 :
700 0 : case 'l':
701 0 : SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
702 0 : break;
703 :
704 0 : case 'N':
705 0 : SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
706 0 : break;
707 :
708 0 : case 'O':
709 0 : SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
710 0 : break;
711 :
712 0 : case 'P':
713 0 : SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
714 0 : break;
715 :
716 118 : case 'p':
717 118 : SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
718 118 : break;
719 :
720 0 : case 'r':
721 : /* only used by single-user backend */
722 0 : break;
723 :
724 0 : case 'S':
725 0 : SetConfigOption("work_mem", optarg, PGC_POSTMASTER, PGC_S_ARGV);
726 0 : break;
727 :
728 0 : case 's':
729 0 : SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
730 0 : break;
731 :
732 0 : case 'T':
733 :
734 : /*
735 : * This option used to be defined as sending SIGSTOP after a
736 : * backend crash, but sending SIGABRT seems more useful.
737 : */
738 0 : SetConfigOption("send_abort_for_crash", "true", PGC_POSTMASTER, PGC_S_ARGV);
739 0 : break;
740 :
741 0 : case 't':
742 : {
743 0 : const char *tmp = get_stats_option_name(optarg);
744 :
745 0 : if (tmp)
746 : {
747 0 : SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
748 : }
749 : else
750 : {
751 0 : write_stderr("%s: invalid argument for option -t: \"%s\"\n",
752 : progname, optarg);
753 0 : ExitPostmaster(1);
754 : }
755 0 : break;
756 : }
757 :
758 0 : case 'W':
759 0 : SetConfigOption("post_auth_delay", optarg, PGC_POSTMASTER, PGC_S_ARGV);
760 0 : break;
761 :
762 0 : default:
763 0 : write_stderr("Try \"%s --help\" for more information.\n",
764 : progname);
765 0 : ExitPostmaster(1);
766 : }
767 : }
768 :
769 : /*
770 : * Postmaster accepts no non-option switch arguments.
771 : */
772 1732 : if (optind < argc)
773 : {
774 0 : write_stderr("%s: invalid argument: \"%s\"\n",
775 0 : progname, argv[optind]);
776 0 : write_stderr("Try \"%s --help\" for more information.\n",
777 : progname);
778 0 : ExitPostmaster(1);
779 : }
780 :
781 : /*
782 : * Locate the proper configuration files and data directory, and read
783 : * postgresql.conf for the first time.
784 : */
785 1732 : if (!SelectConfigFiles(userDoption, progname))
786 0 : ExitPostmaster(2);
787 :
788 1724 : if (output_config_variable != NULL)
789 : {
790 : /*
791 : * If this is a runtime-computed GUC, it hasn't yet been initialized,
792 : * and the present value is not useful. However, this is a convenient
793 : * place to print the value for most GUCs because it is safe to run
794 : * postmaster startup to this point even if the server is already
795 : * running. For the handful of runtime-computed GUCs that we cannot
796 : * provide meaningful values for yet, we wait until later in
797 : * postmaster startup to print the value. We won't be able to use -C
798 : * on running servers for those GUCs, but using this option now would
799 : * lead to incorrect results for them.
800 : */
801 4 : int flags = GetConfigOptionFlags(output_config_variable, true);
802 :
803 4 : if ((flags & GUC_RUNTIME_COMPUTED) == 0)
804 : {
805 : /*
806 : * "-C guc" was specified, so print GUC's value and exit. No
807 : * extra permission check is needed because the user is reading
808 : * inside the data dir.
809 : */
810 2 : const char *config_val = GetConfigOption(output_config_variable,
811 : false, false);
812 :
813 2 : puts(config_val ? config_val : "");
814 2 : ExitPostmaster(0);
815 : }
816 :
817 : /*
818 : * A runtime-computed GUC will be printed later on. As we initialize
819 : * a server startup sequence, silence any log messages that may show
820 : * up in the output generated. FATAL and more severe messages are
821 : * useful to show, even if one would only expect at least PANIC. LOG
822 : * entries are hidden.
823 : */
824 2 : SetConfigOption("log_min_messages", "FATAL", PGC_SUSET,
825 : PGC_S_OVERRIDE);
826 : }
827 :
828 : /* Verify that DataDir looks reasonable */
829 1722 : checkDataDir();
830 :
831 : /* Check that pg_control exists */
832 1722 : checkControlFile();
833 :
834 : /* And switch working directory into it */
835 1722 : ChangeToDataDir();
836 :
837 : /*
838 : * Check for invalid combinations of GUC settings.
839 : */
840 1722 : if (SuperuserReservedConnections + ReservedConnections >= MaxConnections)
841 : {
842 0 : write_stderr("%s: \"superuser_reserved_connections\" (%d) plus \"reserved_connections\" (%d) must be less than \"max_connections\" (%d)\n",
843 : progname,
844 : SuperuserReservedConnections, ReservedConnections,
845 : MaxConnections);
846 0 : ExitPostmaster(1);
847 : }
848 1722 : if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)
849 0 : ereport(ERROR,
850 : (errmsg("WAL archival cannot be enabled when \"wal_level\" is \"minimal\"")));
851 1722 : if (max_wal_senders > 0 && wal_level == WAL_LEVEL_MINIMAL)
852 0 : ereport(ERROR,
853 : (errmsg("WAL streaming (\"max_wal_senders\" > 0) requires \"wal_level\" to be \"replica\" or \"logical\"")));
854 1722 : if (summarize_wal && wal_level == WAL_LEVEL_MINIMAL)
855 0 : ereport(ERROR,
856 : (errmsg("WAL cannot be summarized when \"wal_level\" is \"minimal\"")));
857 1722 : if (sync_replication_slots && wal_level < WAL_LEVEL_LOGICAL)
858 0 : ereport(ERROR,
859 : (errmsg("replication slot synchronization (\"sync_replication_slots\" = on) requires \"wal_level\" >= \"logical\"")));
860 :
861 : /*
862 : * Other one-time internal sanity checks can go here, if they are fast.
863 : * (Put any slow processing further down, after postmaster.pid creation.)
864 : */
865 1722 : if (!CheckDateTokenTables())
866 : {
867 0 : write_stderr("%s: invalid datetoken tables, please fix\n", progname);
868 0 : ExitPostmaster(1);
869 : }
870 :
871 : /*
872 : * Now that we are done processing the postmaster arguments, reset
873 : * getopt(3) library so that it will work correctly in subprocesses.
874 : */
875 1722 : optind = 1;
876 : #ifdef HAVE_INT_OPTRESET
877 : optreset = 1; /* some systems need this too */
878 : #endif
879 :
880 : /* For debugging: display postmaster environment */
881 1722 : if (message_level_is_interesting(DEBUG3))
882 : {
883 : #if !defined(WIN32) || defined(_MSC_VER)
884 : extern char **environ;
885 : #endif
886 : char **p;
887 : StringInfoData si;
888 :
889 4 : initStringInfo(&si);
890 :
891 4 : appendStringInfoString(&si, "initial environment dump:");
892 172 : for (p = environ; *p; ++p)
893 168 : appendStringInfo(&si, "\n%s", *p);
894 :
895 4 : ereport(DEBUG3, errmsg_internal("%s", si.data));
896 4 : pfree(si.data);
897 : }
898 :
899 : /*
900 : * Create lockfile for data directory.
901 : *
902 : * We want to do this before we try to grab the input sockets, because the
903 : * data directory interlock is more reliable than the socket-file
904 : * interlock (thanks to whoever decided to put socket files in /tmp :-().
905 : * For the same reason, it's best to grab the TCP socket(s) before the
906 : * Unix socket(s).
907 : *
908 : * Also note that this internally sets up the on_proc_exit function that
909 : * is responsible for removing both data directory and socket lockfiles;
910 : * so it must happen before opening sockets so that at exit, the socket
911 : * lockfiles go away after CloseServerPorts runs.
912 : */
913 1722 : CreateDataDirLockFile(true);
914 :
915 : /*
916 : * Read the control file (for error checking and config info).
917 : *
918 : * Since we verify the control file's CRC, this has a useful side effect
919 : * on machines where we need a run-time test for CRC support instructions.
920 : * The postmaster will do the test once at startup, and then its child
921 : * processes will inherit the correct function pointer and not need to
922 : * repeat the test.
923 : */
924 1718 : LocalProcessControlFile(false);
925 :
926 : /*
927 : * Register the apply launcher. It's probably a good idea to call this
928 : * before any modules had a chance to take the background worker slots.
929 : */
930 1718 : ApplyLauncherRegister();
931 :
932 : /*
933 : * process any libraries that should be preloaded at postmaster start
934 : */
935 1718 : process_shared_preload_libraries();
936 :
937 : /*
938 : * Initialize SSL library, if specified.
939 : */
940 : #ifdef USE_SSL
941 1718 : if (EnableSSL)
942 : {
943 62 : (void) secure_initialize(true);
944 52 : LoadedSSL = true;
945 : }
946 : #endif
947 :
948 : /*
949 : * Now that loadable modules have had their chance to alter any GUCs,
950 : * calculate MaxBackends and initialize the machinery to track child
951 : * processes.
952 : */
953 1708 : InitializeMaxBackends();
954 1708 : InitPostmasterChildSlots();
955 :
956 : /*
957 : * Calculate the size of the PGPROC fast-path lock arrays.
958 : */
959 1708 : InitializeFastPathLocks();
960 :
961 : /*
962 : * Give preloaded libraries a chance to request additional shared memory.
963 : */
964 1708 : process_shmem_requests();
965 :
966 : /*
967 : * Now that loadable modules have had their chance to request additional
968 : * shared memory, determine the value of any runtime-computed GUCs that
969 : * depend on the amount of shared memory required.
970 : */
971 1708 : InitializeShmemGUCs();
972 :
973 : /*
974 : * Now that modules have been loaded, we can process any custom resource
975 : * managers specified in the wal_consistency_checking GUC.
976 : */
977 1708 : InitializeWalConsistencyChecking();
978 :
979 : /*
980 : * If -C was specified with a runtime-computed GUC, we held off printing
981 : * the value earlier, as the GUC was not yet initialized. We handle -C
982 : * for most GUCs before we lock the data directory so that the option may
983 : * be used on a running server. However, a handful of GUCs are runtime-
984 : * computed and do not have meaningful values until after locking the data
985 : * directory, and we cannot safely calculate their values earlier on a
986 : * running server. At this point, such GUCs should be properly
987 : * initialized, and we haven't yet set up shared memory, so this is a good
988 : * time to handle the -C option for these special GUCs.
989 : */
990 1708 : if (output_config_variable != NULL)
991 : {
992 2 : const char *config_val = GetConfigOption(output_config_variable,
993 : false, false);
994 :
995 2 : puts(config_val ? config_val : "");
996 2 : ExitPostmaster(0);
997 : }
998 :
999 : /*
1000 : * Set up shared memory and semaphores.
1001 : *
1002 : * Note: if using SysV shmem and/or semas, each postmaster startup will
1003 : * normally choose the same IPC keys. This helps ensure that we will
1004 : * clean up dead IPC objects if the postmaster crashes and is restarted.
1005 : */
1006 1706 : CreateSharedMemoryAndSemaphores();
1007 :
1008 : /*
1009 : * Estimate number of openable files. This must happen after setting up
1010 : * semaphores, because on some platforms semaphores count as open files.
1011 : */
1012 1704 : set_max_safe_fds();
1013 :
1014 : /*
1015 : * Initialize pipe (or process handle on Windows) that allows children to
1016 : * wake up from sleep on postmaster death.
1017 : */
1018 1704 : InitPostmasterDeathWatchHandle();
1019 :
1020 : #ifdef WIN32
1021 :
1022 : /*
1023 : * Initialize I/O completion port used to deliver list of dead children.
1024 : */
1025 : win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
1026 : if (win32ChildQueue == NULL)
1027 : ereport(FATAL,
1028 : (errmsg("could not create I/O completion port for child queue")));
1029 : #endif
1030 :
1031 : #ifdef EXEC_BACKEND
1032 : /* Write out nondefault GUC settings for child processes to use */
1033 : write_nondefault_variables(PGC_POSTMASTER);
1034 :
1035 : /*
1036 : * Clean out the temp directory used to transmit parameters to child
1037 : * processes (see internal_forkexec). We must do this before launching
1038 : * any child processes, else we have a race condition: we could remove a
1039 : * parameter file before the child can read it. It should be safe to do
1040 : * so now, because we verified earlier that there are no conflicting
1041 : * Postgres processes in this data directory.
1042 : */
1043 : RemovePgTempFilesInDir(PG_TEMP_FILES_DIR, true, false);
1044 : #endif
1045 :
1046 : /*
1047 : * Forcibly remove the files signaling a standby promotion request.
1048 : * Otherwise, the existence of those files triggers a promotion too early,
1049 : * whether a user wants that or not.
1050 : *
1051 : * This removal of files is usually unnecessary because they can exist
1052 : * only during a few moments during a standby promotion. However there is
1053 : * a race condition: if pg_ctl promote is executed and creates the files
1054 : * during a promotion, the files can stay around even after the server is
1055 : * brought up to be the primary. Then, if a new standby starts by using
1056 : * the backup taken from the new primary, the files can exist at server
1057 : * startup and must be removed in order to avoid an unexpected promotion.
1058 : *
1059 : * Note that promotion signal files need to be removed before the startup
1060 : * process is invoked. Because, after that, they can be used by
1061 : * postmaster's SIGUSR1 signal handler.
1062 : */
1063 1704 : RemovePromoteSignalFiles();
1064 :
1065 : /* Do the same for logrotate signal file */
1066 1704 : RemoveLogrotateSignalFiles();
1067 :
1068 : /* Remove any outdated file holding the current log filenames. */
1069 1704 : if (unlink(LOG_METAINFO_DATAFILE) < 0 && errno != ENOENT)
1070 0 : ereport(LOG,
1071 : (errcode_for_file_access(),
1072 : errmsg("could not remove file \"%s\": %m",
1073 : LOG_METAINFO_DATAFILE)));
1074 :
1075 : /*
1076 : * If enabled, start up syslogger collection subprocess
1077 : */
1078 1704 : if (Logging_collector)
1079 2 : StartSysLogger();
1080 :
1081 : /*
1082 : * Reset whereToSendOutput from DestDebug (its starting state) to
1083 : * DestNone. This stops ereport from sending log messages to stderr unless
1084 : * Log_destination permits. We don't do this until the postmaster is
1085 : * fully launched, since startup failures may as well be reported to
1086 : * stderr.
1087 : *
1088 : * If we are in fact disabling logging to stderr, first emit a log message
1089 : * saying so, to provide a breadcrumb trail for users who may not remember
1090 : * that their logging is configured to go somewhere else.
1091 : */
1092 1704 : if (!(Log_destination & LOG_DESTINATION_STDERR))
1093 0 : ereport(LOG,
1094 : (errmsg("ending log output to stderr"),
1095 : errhint("Future log output will go to log destination \"%s\".",
1096 : Log_destination_string)));
1097 :
1098 1704 : whereToSendOutput = DestNone;
1099 :
1100 : /*
1101 : * Report server startup in log. While we could emit this much earlier,
1102 : * it seems best to do so after starting the log collector, if we intend
1103 : * to use one.
1104 : */
1105 1704 : ereport(LOG,
1106 : (errmsg("starting %s", PG_VERSION_STR)));
1107 :
1108 : /*
1109 : * Establish input sockets.
1110 : *
1111 : * First set up an on_proc_exit function that's charged with closing the
1112 : * sockets again at postmaster shutdown.
1113 : */
1114 1704 : ListenSockets = palloc(MAXLISTEN * sizeof(pgsocket));
1115 1704 : on_proc_exit(CloseServerPorts, 0);
1116 :
1117 1704 : if (ListenAddresses)
1118 : {
1119 : char *rawstring;
1120 : List *elemlist;
1121 : ListCell *l;
1122 1704 : int success = 0;
1123 :
1124 : /* Need a modifiable copy of ListenAddresses */
1125 1704 : rawstring = pstrdup(ListenAddresses);
1126 :
1127 : /* Parse string into list of hostnames */
1128 1704 : if (!SplitGUCList(rawstring, ',', &elemlist))
1129 : {
1130 : /* syntax error in list */
1131 0 : ereport(FATAL,
1132 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1133 : errmsg("invalid list syntax in parameter \"%s\"",
1134 : "listen_addresses")));
1135 : }
1136 :
1137 1762 : foreach(l, elemlist)
1138 : {
1139 58 : char *curhost = (char *) lfirst(l);
1140 :
1141 58 : if (strcmp(curhost, "*") == 0)
1142 0 : status = ListenServerPort(AF_UNSPEC, NULL,
1143 0 : (unsigned short) PostPortNumber,
1144 : NULL,
1145 : ListenSockets,
1146 : &NumListenSockets,
1147 : MAXLISTEN);
1148 : else
1149 58 : status = ListenServerPort(AF_UNSPEC, curhost,
1150 58 : (unsigned short) PostPortNumber,
1151 : NULL,
1152 : ListenSockets,
1153 : &NumListenSockets,
1154 : MAXLISTEN);
1155 :
1156 58 : if (status == STATUS_OK)
1157 : {
1158 58 : success++;
1159 : /* record the first successful host addr in lockfile */
1160 58 : if (!listen_addr_saved)
1161 : {
1162 58 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, curhost);
1163 58 : listen_addr_saved = true;
1164 : }
1165 : }
1166 : else
1167 0 : ereport(WARNING,
1168 : (errmsg("could not create listen socket for \"%s\"",
1169 : curhost)));
1170 : }
1171 :
1172 1704 : if (!success && elemlist != NIL)
1173 0 : ereport(FATAL,
1174 : (errmsg("could not create any TCP/IP sockets")));
1175 :
1176 1704 : list_free(elemlist);
1177 1704 : pfree(rawstring);
1178 : }
1179 :
1180 : #ifdef USE_BONJOUR
1181 : /* Register for Bonjour only if we opened TCP socket(s) */
1182 : if (enable_bonjour && NumListenSockets > 0)
1183 : {
1184 : DNSServiceErrorType err;
1185 :
1186 : /*
1187 : * We pass 0 for interface_index, which will result in registering on
1188 : * all "applicable" interfaces. It's not entirely clear from the
1189 : * DNS-SD docs whether this would be appropriate if we have bound to
1190 : * just a subset of the available network interfaces.
1191 : */
1192 : err = DNSServiceRegister(&bonjour_sdref,
1193 : 0,
1194 : 0,
1195 : bonjour_name,
1196 : "_postgresql._tcp.",
1197 : NULL,
1198 : NULL,
1199 : pg_hton16(PostPortNumber),
1200 : 0,
1201 : NULL,
1202 : NULL,
1203 : NULL);
1204 : if (err != kDNSServiceErr_NoError)
1205 : ereport(LOG,
1206 : (errmsg("DNSServiceRegister() failed: error code %ld",
1207 : (long) err)));
1208 :
1209 : /*
1210 : * We don't bother to read the mDNS daemon's reply, and we expect that
1211 : * it will automatically terminate our registration when the socket is
1212 : * closed at postmaster termination. So there's nothing more to be
1213 : * done here. However, the bonjour_sdref is kept around so that
1214 : * forked children can close their copies of the socket.
1215 : */
1216 : }
1217 : #endif
1218 :
1219 1704 : if (Unix_socket_directories)
1220 : {
1221 : char *rawstring;
1222 : List *elemlist;
1223 : ListCell *l;
1224 1704 : int success = 0;
1225 :
1226 : /* Need a modifiable copy of Unix_socket_directories */
1227 1704 : rawstring = pstrdup(Unix_socket_directories);
1228 :
1229 : /* Parse string into list of directories */
1230 1704 : if (!SplitDirectoriesString(rawstring, ',', &elemlist))
1231 : {
1232 : /* syntax error in list */
1233 0 : ereport(FATAL,
1234 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1235 : errmsg("invalid list syntax in parameter \"%s\"",
1236 : "unix_socket_directories")));
1237 : }
1238 :
1239 3406 : foreach(l, elemlist)
1240 : {
1241 1702 : char *socketdir = (char *) lfirst(l);
1242 :
1243 1702 : status = ListenServerPort(AF_UNIX, NULL,
1244 1702 : (unsigned short) PostPortNumber,
1245 : socketdir,
1246 : ListenSockets,
1247 : &NumListenSockets,
1248 : MAXLISTEN);
1249 :
1250 1702 : if (status == STATUS_OK)
1251 : {
1252 1702 : success++;
1253 : /* record the first successful Unix socket in lockfile */
1254 1702 : if (success == 1)
1255 1702 : AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
1256 : }
1257 : else
1258 0 : ereport(WARNING,
1259 : (errmsg("could not create Unix-domain socket in directory \"%s\"",
1260 : socketdir)));
1261 : }
1262 :
1263 1704 : if (!success && elemlist != NIL)
1264 0 : ereport(FATAL,
1265 : (errmsg("could not create any Unix-domain sockets")));
1266 :
1267 1704 : list_free_deep(elemlist);
1268 1704 : pfree(rawstring);
1269 : }
1270 :
1271 : /*
1272 : * check that we have some socket to listen on
1273 : */
1274 1704 : if (NumListenSockets == 0)
1275 0 : ereport(FATAL,
1276 : (errmsg("no socket created for listening")));
1277 :
1278 : /*
1279 : * If no valid TCP ports, write an empty line for listen address,
1280 : * indicating the Unix socket must be used. Note that this line is not
1281 : * added to the lock file until there is a socket backing it.
1282 : */
1283 1704 : if (!listen_addr_saved)
1284 1646 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, "");
1285 :
1286 : /*
1287 : * Record postmaster options. We delay this till now to avoid recording
1288 : * bogus options (eg, unusable port number).
1289 : */
1290 1704 : if (!CreateOptsFile(argc, argv, my_exec_path))
1291 0 : ExitPostmaster(1);
1292 :
1293 : /*
1294 : * Write the external PID file if requested
1295 : */
1296 1704 : if (external_pid_file)
1297 : {
1298 0 : FILE *fpidfile = fopen(external_pid_file, "w");
1299 :
1300 0 : if (fpidfile)
1301 : {
1302 0 : fprintf(fpidfile, "%d\n", MyProcPid);
1303 0 : fclose(fpidfile);
1304 :
1305 : /* Make PID file world readable */
1306 0 : if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
1307 0 : write_stderr("%s: could not change permissions of external PID file \"%s\": %m\n",
1308 : progname, external_pid_file);
1309 : }
1310 : else
1311 0 : write_stderr("%s: could not write external PID file \"%s\": %m\n",
1312 : progname, external_pid_file);
1313 :
1314 0 : on_proc_exit(unlink_external_pid_file, 0);
1315 : }
1316 :
1317 : /*
1318 : * Remove old temporary files. At this point there can be no other
1319 : * Postgres processes running in this directory, so this should be safe.
1320 : */
1321 1704 : RemovePgTempFiles();
1322 :
1323 : /*
1324 : * Initialize the autovacuum subsystem (again, no process start yet)
1325 : */
1326 1704 : autovac_init();
1327 :
1328 : /*
1329 : * Load configuration files for client authentication.
1330 : */
1331 1704 : if (!load_hba())
1332 : {
1333 : /*
1334 : * It makes no sense to continue if we fail to load the HBA file,
1335 : * since there is no way to connect to the database in this case.
1336 : */
1337 0 : ereport(FATAL,
1338 : /* translator: %s is a configuration file */
1339 : (errmsg("could not load %s", HbaFileName)));
1340 : }
1341 1704 : if (!load_ident())
1342 : {
1343 : /*
1344 : * We can start up without the IDENT file, although it means that you
1345 : * cannot log in using any of the authentication methods that need a
1346 : * user name mapping. load_ident() already logged the details of error
1347 : * to the log.
1348 : */
1349 : }
1350 :
1351 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1352 :
1353 : /*
1354 : * On macOS, libintl replaces setlocale() with a version that calls
1355 : * CFLocaleCopyCurrent() when its second argument is "" and every relevant
1356 : * environment variable is unset or empty. CFLocaleCopyCurrent() makes
1357 : * the process multithreaded. The postmaster calls sigprocmask() and
1358 : * calls fork() without an immediate exec(), both of which have undefined
1359 : * behavior in a multithreaded program. A multithreaded postmaster is the
1360 : * normal case on Windows, which offers neither fork() nor sigprocmask().
1361 : * Currently, macOS is the only platform having pthread_is_threaded_np(),
1362 : * so we need not worry whether this HINT is appropriate elsewhere.
1363 : */
1364 : if (pthread_is_threaded_np() != 0)
1365 : ereport(FATAL,
1366 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1367 : errmsg("postmaster became multithreaded during startup"),
1368 : errhint("Set the LC_ALL environment variable to a valid locale.")));
1369 : #endif
1370 :
1371 : /*
1372 : * Remember postmaster startup time
1373 : */
1374 1704 : PgStartTime = GetCurrentTimestamp();
1375 :
1376 : /*
1377 : * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
1378 : * see what's happening.
1379 : */
1380 1704 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STARTING);
1381 :
1382 1704 : UpdatePMState(PM_STARTUP);
1383 :
1384 : /* Make sure we can perform I/O while starting up. */
1385 1704 : maybe_adjust_io_workers();
1386 :
1387 : /* Start bgwriter and checkpointer so they can help with recovery */
1388 1704 : if (CheckpointerPMChild == NULL)
1389 1704 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
1390 1704 : if (BgWriterPMChild == NULL)
1391 1704 : BgWriterPMChild = StartChildProcess(B_BG_WRITER);
1392 :
1393 : /*
1394 : * We're ready to rock and roll...
1395 : */
1396 1704 : StartupPMChild = StartChildProcess(B_STARTUP);
1397 : Assert(StartupPMChild != NULL);
1398 1704 : StartupStatus = STARTUP_RUNNING;
1399 :
1400 : /* Some workers may be scheduled to start now */
1401 1704 : maybe_start_bgworkers();
1402 :
1403 1704 : status = ServerLoop();
1404 :
1405 : /*
1406 : * ServerLoop probably shouldn't ever return, but if it does, close down.
1407 : */
1408 0 : ExitPostmaster(status != STATUS_OK);
1409 :
1410 : abort(); /* not reached */
1411 : }
1412 :
1413 :
1414 : /*
1415 : * on_proc_exit callback to close server's listen sockets
1416 : */
1417 : static void
1418 1704 : CloseServerPorts(int status, Datum arg)
1419 : {
1420 : int i;
1421 :
1422 : /*
1423 : * First, explicitly close all the socket FDs. We used to just let this
1424 : * happen implicitly at postmaster exit, but it's better to close them
1425 : * before we remove the postmaster.pid lockfile; otherwise there's a race
1426 : * condition if a new postmaster wants to re-use the TCP port number.
1427 : */
1428 3466 : for (i = 0; i < NumListenSockets; i++)
1429 : {
1430 1762 : if (closesocket(ListenSockets[i]) != 0)
1431 0 : elog(LOG, "could not close listen socket: %m");
1432 : }
1433 1704 : NumListenSockets = 0;
1434 :
1435 : /*
1436 : * Next, remove any filesystem entries for Unix sockets. To avoid race
1437 : * conditions against incoming postmasters, this must happen after closing
1438 : * the sockets and before removing lock files.
1439 : */
1440 1704 : RemoveSocketFiles();
1441 :
1442 : /*
1443 : * We don't do anything about socket lock files here; those will be
1444 : * removed in a later on_proc_exit callback.
1445 : */
1446 1704 : }
1447 :
1448 : /*
1449 : * on_proc_exit callback to delete external_pid_file
1450 : */
1451 : static void
1452 0 : unlink_external_pid_file(int status, Datum arg)
1453 : {
1454 0 : if (external_pid_file)
1455 0 : unlink(external_pid_file);
1456 0 : }
1457 :
1458 :
1459 : /*
1460 : * Compute and check the directory paths to files that are part of the
1461 : * installation (as deduced from the postgres executable's own location)
1462 : */
1463 : static void
1464 1736 : getInstallationPaths(const char *argv0)
1465 : {
1466 : DIR *pdir;
1467 :
1468 : /* Locate the postgres executable itself */
1469 1736 : if (find_my_exec(argv0, my_exec_path) < 0)
1470 0 : ereport(FATAL,
1471 : (errmsg("%s: could not locate my own executable path", argv0)));
1472 :
1473 : #ifdef EXEC_BACKEND
1474 : /* Locate executable backend before we change working directory */
1475 : if (find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1476 : postgres_exec_path) < 0)
1477 : ereport(FATAL,
1478 : (errmsg("%s: could not locate matching postgres executable",
1479 : argv0)));
1480 : #endif
1481 :
1482 : /*
1483 : * Locate the pkglib directory --- this has to be set early in case we try
1484 : * to load any modules from it in response to postgresql.conf entries.
1485 : */
1486 1736 : get_pkglib_path(my_exec_path, pkglib_path);
1487 :
1488 : /*
1489 : * Verify that there's a readable directory there; otherwise the Postgres
1490 : * installation is incomplete or corrupt. (A typical cause of this
1491 : * failure is that the postgres executable has been moved or hardlinked to
1492 : * some directory that's not a sibling of the installation lib/
1493 : * directory.)
1494 : */
1495 1736 : pdir = AllocateDir(pkglib_path);
1496 1736 : if (pdir == NULL)
1497 0 : ereport(ERROR,
1498 : (errcode_for_file_access(),
1499 : errmsg("could not open directory \"%s\": %m",
1500 : pkglib_path),
1501 : errhint("This may indicate an incomplete PostgreSQL installation, or that the file \"%s\" has been moved away from its proper location.",
1502 : my_exec_path)));
1503 1736 : FreeDir(pdir);
1504 :
1505 : /*
1506 : * It's not worth checking the share/ directory. If the lib/ directory is
1507 : * there, then share/ probably is too.
1508 : */
1509 1736 : }
1510 :
1511 : /*
1512 : * Check that pg_control exists in the correct location in the data directory.
1513 : *
1514 : * No attempt is made to validate the contents of pg_control here. This is
1515 : * just a sanity check to see if we are looking at a real data directory.
1516 : */
1517 : static void
1518 1722 : checkControlFile(void)
1519 : {
1520 : char path[MAXPGPATH];
1521 : FILE *fp;
1522 :
1523 1722 : snprintf(path, sizeof(path), "%s/%s", DataDir, XLOG_CONTROL_FILE);
1524 :
1525 1722 : fp = AllocateFile(path, PG_BINARY_R);
1526 1722 : if (fp == NULL)
1527 : {
1528 0 : write_stderr("%s: could not find the database system\n"
1529 : "Expected to find it in the directory \"%s\",\n"
1530 : "but could not open file \"%s\": %m\n",
1531 : progname, DataDir, path);
1532 0 : ExitPostmaster(2);
1533 : }
1534 1722 : FreeFile(fp);
1535 1722 : }
1536 :
1537 : /*
1538 : * Determine how long should we let ServerLoop sleep, in milliseconds.
1539 : *
1540 : * In normal conditions we wait at most one minute, to ensure that the other
1541 : * background tasks handled by ServerLoop get done even when no requests are
1542 : * arriving. However, if there are background workers waiting to be started,
1543 : * we don't actually sleep so that they are quickly serviced. Other exception
1544 : * cases are as shown in the code.
1545 : */
1546 : static int
1547 260554 : DetermineSleepTime(void)
1548 : {
1549 260554 : TimestampTz next_wakeup = 0;
1550 :
1551 : /*
1552 : * Normal case: either there are no background workers at all, or we're in
1553 : * a shutdown sequence (during which we ignore bgworkers altogether).
1554 : */
1555 260554 : if (Shutdown > NoShutdown ||
1556 247414 : (!StartWorkerNeeded && !HaveCrashedWorker))
1557 : {
1558 260554 : if (AbortStartTime != 0)
1559 : {
1560 : int seconds;
1561 :
1562 : /* time left to abort; clamp to 0 in case it already expired */
1563 2478 : seconds = SIGKILL_CHILDREN_AFTER_SECS -
1564 2478 : (time(NULL) - AbortStartTime);
1565 :
1566 2478 : return Max(seconds * 1000, 0);
1567 : }
1568 : else
1569 258076 : return 60 * 1000;
1570 : }
1571 :
1572 0 : if (StartWorkerNeeded)
1573 0 : return 0;
1574 :
1575 0 : if (HaveCrashedWorker)
1576 : {
1577 : dlist_mutable_iter iter;
1578 :
1579 : /*
1580 : * When there are crashed bgworkers, we sleep just long enough that
1581 : * they are restarted when they request to be. Scan the list to
1582 : * determine the minimum of all wakeup times according to most recent
1583 : * crash time and requested restart interval.
1584 : */
1585 0 : dlist_foreach_modify(iter, &BackgroundWorkerList)
1586 : {
1587 : RegisteredBgWorker *rw;
1588 : TimestampTz this_wakeup;
1589 :
1590 0 : rw = dlist_container(RegisteredBgWorker, rw_lnode, iter.cur);
1591 :
1592 0 : if (rw->rw_crashed_at == 0)
1593 0 : continue;
1594 :
1595 0 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART
1596 0 : || rw->rw_terminate)
1597 : {
1598 0 : ForgetBackgroundWorker(rw);
1599 0 : continue;
1600 : }
1601 :
1602 0 : this_wakeup = TimestampTzPlusMilliseconds(rw->rw_crashed_at,
1603 : 1000L * rw->rw_worker.bgw_restart_time);
1604 0 : if (next_wakeup == 0 || this_wakeup < next_wakeup)
1605 0 : next_wakeup = this_wakeup;
1606 : }
1607 : }
1608 :
1609 0 : if (next_wakeup != 0)
1610 : {
1611 : int ms;
1612 :
1613 : /* result of TimestampDifferenceMilliseconds is in [0, INT_MAX] */
1614 0 : ms = (int) TimestampDifferenceMilliseconds(GetCurrentTimestamp(),
1615 : next_wakeup);
1616 0 : return Min(60 * 1000, ms);
1617 : }
1618 :
1619 0 : return 60 * 1000;
1620 : }
1621 :
1622 : /*
1623 : * Activate or deactivate notifications of server socket events. Since we
1624 : * don't currently have a way to remove events from an existing WaitEventSet,
1625 : * we'll just destroy and recreate the whole thing. This is called during
1626 : * shutdown so we can wait for backends to exit without accepting new
1627 : * connections, and during crash reinitialization when we need to start
1628 : * listening for new connections again. The WaitEventSet will be freed in fork
1629 : * children by ClosePostmasterPorts().
1630 : */
1631 : static void
1632 3426 : ConfigurePostmasterWaitSet(bool accept_connections)
1633 : {
1634 3426 : if (pm_wait_set)
1635 1722 : FreeWaitEventSet(pm_wait_set);
1636 3426 : pm_wait_set = NULL;
1637 :
1638 5140 : pm_wait_set = CreateWaitEventSet(NULL,
1639 1714 : accept_connections ? (1 + NumListenSockets) : 1);
1640 3426 : AddWaitEventToSet(pm_wait_set, WL_LATCH_SET, PGINVALID_SOCKET, MyLatch,
1641 : NULL);
1642 :
1643 3426 : if (accept_connections)
1644 : {
1645 3486 : for (int i = 0; i < NumListenSockets; i++)
1646 1772 : AddWaitEventToSet(pm_wait_set, WL_SOCKET_ACCEPT, ListenSockets[i],
1647 : NULL, NULL);
1648 : }
1649 3426 : }
1650 :
1651 : /*
1652 : * Main idle loop of postmaster
1653 : */
1654 : static int
1655 1704 : ServerLoop(void)
1656 : {
1657 : time_t last_lockfile_recheck_time,
1658 : last_touch_time;
1659 : WaitEvent events[MAXLISTEN];
1660 : int nevents;
1661 :
1662 1704 : ConfigurePostmasterWaitSet(true);
1663 1704 : last_lockfile_recheck_time = last_touch_time = time(NULL);
1664 :
1665 : for (;;)
1666 258850 : {
1667 : time_t now;
1668 :
1669 260554 : nevents = WaitEventSetWait(pm_wait_set,
1670 260554 : DetermineSleepTime(),
1671 : events,
1672 : lengthof(events),
1673 : 0 /* postmaster posts no wait_events */ );
1674 :
1675 : /*
1676 : * Latch set by signal handler, or new connection pending on any of
1677 : * our sockets? If the latter, fork a child process to deal with it.
1678 : */
1679 519402 : for (int i = 0; i < nevents; i++)
1680 : {
1681 260552 : if (events[i].events & WL_LATCH_SET)
1682 233564 : ResetLatch(MyLatch);
1683 :
1684 : /*
1685 : * The following requests are handled unconditionally, even if we
1686 : * didn't see WL_LATCH_SET. This gives high priority to shutdown
1687 : * and reload requests where the latch happens to appear later in
1688 : * events[] or will be reported by a later call to
1689 : * WaitEventSetWait().
1690 : */
1691 260552 : if (pending_pm_shutdown_request)
1692 1696 : process_pm_shutdown_request();
1693 260552 : if (pending_pm_reload_request)
1694 270 : process_pm_reload_request();
1695 260552 : if (pending_pm_child_exit)
1696 46622 : process_pm_child_exit();
1697 258848 : if (pending_pm_pmsignal)
1698 185026 : process_pm_pmsignal();
1699 :
1700 258848 : if (events[i].events & WL_SOCKET_ACCEPT)
1701 : {
1702 : ClientSocket s;
1703 :
1704 26988 : if (AcceptConnection(events[i].fd, &s) == STATUS_OK)
1705 26988 : BackendStartup(&s);
1706 :
1707 : /* We no longer need the open socket in this process */
1708 26988 : if (s.sock != PGINVALID_SOCKET)
1709 : {
1710 26988 : if (closesocket(s.sock) != 0)
1711 0 : elog(LOG, "could not close client socket: %m");
1712 : }
1713 : }
1714 : }
1715 :
1716 : /*
1717 : * If we need to launch any background processes after changing state
1718 : * or because some exited, do so now.
1719 : */
1720 258850 : LaunchMissingBackgroundProcesses();
1721 :
1722 : /* If we need to signal the autovacuum launcher, do so now */
1723 258850 : if (avlauncher_needs_signal)
1724 : {
1725 0 : avlauncher_needs_signal = false;
1726 0 : if (AutoVacLauncherPMChild != NULL)
1727 0 : signal_child(AutoVacLauncherPMChild, SIGUSR2);
1728 : }
1729 :
1730 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1731 :
1732 : /*
1733 : * With assertions enabled, check regularly for appearance of
1734 : * additional threads. All builds check at start and exit.
1735 : */
1736 : Assert(pthread_is_threaded_np() == 0);
1737 : #endif
1738 :
1739 : /*
1740 : * Lastly, check to see if it's time to do some things that we don't
1741 : * want to do every single time through the loop, because they're a
1742 : * bit expensive. Note that there's up to a minute of slop in when
1743 : * these tasks will be performed, since DetermineSleepTime() will let
1744 : * us sleep at most that long; except for SIGKILL timeout which has
1745 : * special-case logic there.
1746 : */
1747 258850 : now = time(NULL);
1748 :
1749 : /*
1750 : * If we already sent SIGQUIT to children and they are slow to shut
1751 : * down, it's time to send them SIGKILL (or SIGABRT if requested).
1752 : * This doesn't happen normally, but under certain conditions backends
1753 : * can get stuck while shutting down. This is a last measure to get
1754 : * them unwedged.
1755 : *
1756 : * Note we also do this during recovery from a process crash.
1757 : */
1758 258850 : if ((Shutdown >= ImmediateShutdown || FatalError) &&
1759 2494 : AbortStartTime != 0 &&
1760 2478 : (now - AbortStartTime) >= SIGKILL_CHILDREN_AFTER_SECS)
1761 : {
1762 : /* We were gentle with them before. Not anymore */
1763 0 : ereport(LOG,
1764 : /* translator: %s is SIGKILL or SIGABRT */
1765 : (errmsg("issuing %s to recalcitrant children",
1766 : send_abort_for_kill ? "SIGABRT" : "SIGKILL")));
1767 0 : TerminateChildren(send_abort_for_kill ? SIGABRT : SIGKILL);
1768 : /* reset flag so we don't SIGKILL again */
1769 0 : AbortStartTime = 0;
1770 : }
1771 :
1772 : /*
1773 : * Once a minute, verify that postmaster.pid hasn't been removed or
1774 : * overwritten. If it has, we force a shutdown. This avoids having
1775 : * postmasters and child processes hanging around after their database
1776 : * is gone, and maybe causing problems if a new database cluster is
1777 : * created in the same place. It also provides some protection
1778 : * against a DBA foolishly removing postmaster.pid and manually
1779 : * starting a new postmaster. Data corruption is likely to ensue from
1780 : * that anyway, but we can minimize the damage by aborting ASAP.
1781 : */
1782 258850 : if (now - last_lockfile_recheck_time >= 1 * SECS_PER_MINUTE)
1783 : {
1784 64 : if (!RecheckDataDirLockFile())
1785 : {
1786 0 : ereport(LOG,
1787 : (errmsg("performing immediate shutdown because data directory lock file is invalid")));
1788 0 : kill(MyProcPid, SIGQUIT);
1789 : }
1790 64 : last_lockfile_recheck_time = now;
1791 : }
1792 :
1793 : /*
1794 : * Touch Unix socket and lock files every 58 minutes, to ensure that
1795 : * they are not removed by overzealous /tmp-cleaning tasks. We assume
1796 : * no one runs cleaners with cutoff times of less than an hour ...
1797 : */
1798 258850 : if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
1799 : {
1800 0 : TouchSocketFiles();
1801 0 : TouchSocketLockFiles();
1802 0 : last_touch_time = now;
1803 : }
1804 : }
1805 : }
1806 :
1807 : /*
1808 : * canAcceptConnections --- check to see if database state allows connections
1809 : * of the specified type. backend_type can be B_BACKEND or B_AUTOVAC_WORKER.
1810 : * (Note that we don't yet know whether a normal B_BACKEND connection might
1811 : * turn into a walsender.)
1812 : */
1813 : static CAC_state
1814 31722 : canAcceptConnections(BackendType backend_type)
1815 : {
1816 31722 : CAC_state result = CAC_OK;
1817 :
1818 : Assert(backend_type == B_BACKEND || backend_type == B_AUTOVAC_WORKER);
1819 :
1820 : /*
1821 : * Can't start backends when in startup/shutdown/inconsistent recovery
1822 : * state. We treat autovac workers the same as user backends for this
1823 : * purpose.
1824 : */
1825 31722 : if (pmState != PM_RUN && pmState != PM_HOT_STANDBY)
1826 : {
1827 620 : if (Shutdown > NoShutdown)
1828 104 : return CAC_SHUTDOWN; /* shutdown is pending */
1829 516 : else if (!FatalError && pmState == PM_STARTUP)
1830 482 : return CAC_STARTUP; /* normal startup */
1831 34 : else if (!FatalError && pmState == PM_RECOVERY)
1832 28 : return CAC_NOTHOTSTANDBY; /* not yet ready for hot standby */
1833 : else
1834 6 : return CAC_RECOVERY; /* else must be crash recovery */
1835 : }
1836 :
1837 : /*
1838 : * "Smart shutdown" restrictions are applied only to normal connections,
1839 : * not to autovac workers.
1840 : */
1841 31102 : if (!connsAllowed && backend_type == B_BACKEND)
1842 0 : return CAC_SHUTDOWN; /* shutdown is pending */
1843 :
1844 31102 : return result;
1845 : }
1846 :
1847 : /*
1848 : * ClosePostmasterPorts -- close all the postmaster's open sockets
1849 : *
1850 : * This is called during child process startup to release file descriptors
1851 : * that are not needed by that child process. The postmaster still has
1852 : * them open, of course.
1853 : *
1854 : * Note: we pass am_syslogger as a boolean because we don't want to set
1855 : * the global variable yet when this is called.
1856 : */
1857 : void
1858 44812 : ClosePostmasterPorts(bool am_syslogger)
1859 : {
1860 : /* Release resources held by the postmaster's WaitEventSet. */
1861 44812 : if (pm_wait_set)
1862 : {
1863 38004 : FreeWaitEventSetAfterFork(pm_wait_set);
1864 38004 : pm_wait_set = NULL;
1865 : }
1866 :
1867 : #ifndef WIN32
1868 :
1869 : /*
1870 : * Close the write end of postmaster death watch pipe. It's important to
1871 : * do this as early as possible, so that if postmaster dies, others won't
1872 : * think that it's still running because we're holding the pipe open.
1873 : */
1874 44812 : if (close(postmaster_alive_fds[POSTMASTER_FD_OWN]) != 0)
1875 0 : ereport(FATAL,
1876 : (errcode_for_file_access(),
1877 : errmsg_internal("could not close postmaster death monitoring pipe in child process: %m")));
1878 44812 : postmaster_alive_fds[POSTMASTER_FD_OWN] = -1;
1879 : /* Notify fd.c that we released one pipe FD. */
1880 44812 : ReleaseExternalFD();
1881 : #endif
1882 :
1883 : /*
1884 : * Close the postmaster's listen sockets. These aren't tracked by fd.c,
1885 : * so we don't call ReleaseExternalFD() here.
1886 : *
1887 : * The listen sockets are marked as FD_CLOEXEC, so this isn't needed in
1888 : * EXEC_BACKEND mode.
1889 : */
1890 : #ifndef EXEC_BACKEND
1891 44812 : if (ListenSockets)
1892 : {
1893 90686 : for (int i = 0; i < NumListenSockets; i++)
1894 : {
1895 45876 : if (closesocket(ListenSockets[i]) != 0)
1896 0 : elog(LOG, "could not close listen socket: %m");
1897 : }
1898 44810 : pfree(ListenSockets);
1899 : }
1900 44812 : NumListenSockets = 0;
1901 44812 : ListenSockets = NULL;
1902 : #endif
1903 :
1904 : /*
1905 : * If using syslogger, close the read side of the pipe. We don't bother
1906 : * tracking this in fd.c, either.
1907 : */
1908 44812 : if (!am_syslogger)
1909 : {
1910 : #ifndef WIN32
1911 44810 : if (syslogPipe[0] >= 0)
1912 34 : close(syslogPipe[0]);
1913 44810 : syslogPipe[0] = -1;
1914 : #else
1915 : if (syslogPipe[0])
1916 : CloseHandle(syslogPipe[0]);
1917 : syslogPipe[0] = 0;
1918 : #endif
1919 : }
1920 :
1921 : #ifdef USE_BONJOUR
1922 : /* If using Bonjour, close the connection to the mDNS daemon */
1923 : if (bonjour_sdref)
1924 : close(DNSServiceRefSockFD(bonjour_sdref));
1925 : #endif
1926 44812 : }
1927 :
1928 :
1929 : /*
1930 : * InitProcessGlobals -- set MyStartTime[stamp], random seeds
1931 : *
1932 : * Called early in the postmaster and every backend.
1933 : */
1934 : void
1935 47040 : InitProcessGlobals(void)
1936 : {
1937 47040 : MyStartTimestamp = GetCurrentTimestamp();
1938 47040 : MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
1939 :
1940 : /*
1941 : * Set a different global seed in every process. We want something
1942 : * unpredictable, so if possible, use high-quality random bits for the
1943 : * seed. Otherwise, fall back to a seed based on timestamp and PID.
1944 : */
1945 47040 : if (unlikely(!pg_prng_strong_seed(&pg_global_prng_state)))
1946 : {
1947 : uint64 rseed;
1948 :
1949 : /*
1950 : * Since PIDs and timestamps tend to change more frequently in their
1951 : * least significant bits, shift the timestamp left to allow a larger
1952 : * total number of seeds in a given time period. Since that would
1953 : * leave only 20 bits of the timestamp that cycle every ~1 second,
1954 : * also mix in some higher bits.
1955 : */
1956 0 : rseed = ((uint64) MyProcPid) ^
1957 0 : ((uint64) MyStartTimestamp << 12) ^
1958 0 : ((uint64) MyStartTimestamp >> 20);
1959 :
1960 0 : pg_prng_seed(&pg_global_prng_state, rseed);
1961 : }
1962 :
1963 : /*
1964 : * Also make sure that we've set a good seed for random(3). Use of that
1965 : * is deprecated in core Postgres, but extensions might use it.
1966 : */
1967 : #ifndef WIN32
1968 47040 : srandom(pg_prng_uint32(&pg_global_prng_state));
1969 : #endif
1970 47040 : }
1971 :
1972 : /*
1973 : * Child processes use SIGUSR1 to notify us of 'pmsignals'. pg_ctl uses
1974 : * SIGUSR1 to ask postmaster to check for logrotate and promote files.
1975 : */
1976 : static void
1977 185552 : handle_pm_pmsignal_signal(SIGNAL_ARGS)
1978 : {
1979 185552 : pending_pm_pmsignal = true;
1980 185552 : SetLatch(MyLatch);
1981 185552 : }
1982 :
1983 : /*
1984 : * pg_ctl uses SIGHUP to request a reload of the configuration files.
1985 : */
1986 : static void
1987 270 : handle_pm_reload_request_signal(SIGNAL_ARGS)
1988 : {
1989 270 : pending_pm_reload_request = true;
1990 270 : SetLatch(MyLatch);
1991 270 : }
1992 :
1993 : /*
1994 : * Re-read config files, and tell children to do same.
1995 : */
1996 : static void
1997 270 : process_pm_reload_request(void)
1998 : {
1999 270 : pending_pm_reload_request = false;
2000 :
2001 270 : ereport(DEBUG2,
2002 : (errmsg_internal("postmaster received reload request signal")));
2003 :
2004 270 : if (Shutdown <= SmartShutdown)
2005 : {
2006 270 : ereport(LOG,
2007 : (errmsg("received SIGHUP, reloading configuration files")));
2008 270 : ProcessConfigFile(PGC_SIGHUP);
2009 270 : SignalChildren(SIGHUP, btmask_all_except(B_DEAD_END_BACKEND));
2010 :
2011 : /* Reload authentication config files too */
2012 270 : if (!load_hba())
2013 0 : ereport(LOG,
2014 : /* translator: %s is a configuration file */
2015 : (errmsg("%s was not reloaded", HbaFileName)));
2016 :
2017 270 : if (!load_ident())
2018 0 : ereport(LOG,
2019 : (errmsg("%s was not reloaded", IdentFileName)));
2020 :
2021 : #ifdef USE_SSL
2022 : /* Reload SSL configuration as well */
2023 270 : if (EnableSSL)
2024 : {
2025 2 : if (secure_initialize(false) == 0)
2026 2 : LoadedSSL = true;
2027 : else
2028 0 : ereport(LOG,
2029 : (errmsg("SSL configuration was not reloaded")));
2030 : }
2031 : else
2032 : {
2033 268 : secure_destroy();
2034 268 : LoadedSSL = false;
2035 : }
2036 : #endif
2037 :
2038 : #ifdef EXEC_BACKEND
2039 : /* Update the starting-point file for future children */
2040 : write_nondefault_variables(PGC_SIGHUP);
2041 : #endif
2042 : }
2043 270 : }
2044 :
2045 : /*
2046 : * pg_ctl uses SIGTERM, SIGINT and SIGQUIT to request different types of
2047 : * shutdown.
2048 : */
2049 : static void
2050 1696 : handle_pm_shutdown_request_signal(SIGNAL_ARGS)
2051 : {
2052 1696 : switch (postgres_signal_arg)
2053 : {
2054 80 : case SIGTERM:
2055 : /* smart is implied if the other two flags aren't set */
2056 80 : pending_pm_shutdown_request = true;
2057 80 : break;
2058 954 : case SIGINT:
2059 954 : pending_pm_fast_shutdown_request = true;
2060 954 : pending_pm_shutdown_request = true;
2061 954 : break;
2062 662 : case SIGQUIT:
2063 662 : pending_pm_immediate_shutdown_request = true;
2064 662 : pending_pm_shutdown_request = true;
2065 662 : break;
2066 : }
2067 1696 : SetLatch(MyLatch);
2068 1696 : }
2069 :
2070 : /*
2071 : * Process shutdown request.
2072 : */
2073 : static void
2074 1696 : process_pm_shutdown_request(void)
2075 : {
2076 : int mode;
2077 :
2078 1696 : ereport(DEBUG2,
2079 : (errmsg_internal("postmaster received shutdown request signal")));
2080 :
2081 1696 : pending_pm_shutdown_request = false;
2082 :
2083 : /*
2084 : * If more than one shutdown request signal arrived since the last server
2085 : * loop, take the one that is the most immediate. That matches the
2086 : * priority that would apply if we processed them one by one in any order.
2087 : */
2088 1696 : if (pending_pm_immediate_shutdown_request)
2089 : {
2090 662 : pending_pm_immediate_shutdown_request = false;
2091 662 : pending_pm_fast_shutdown_request = false;
2092 662 : mode = ImmediateShutdown;
2093 : }
2094 1034 : else if (pending_pm_fast_shutdown_request)
2095 : {
2096 954 : pending_pm_fast_shutdown_request = false;
2097 954 : mode = FastShutdown;
2098 : }
2099 : else
2100 80 : mode = SmartShutdown;
2101 :
2102 1696 : switch (mode)
2103 : {
2104 80 : case SmartShutdown:
2105 :
2106 : /*
2107 : * Smart Shutdown:
2108 : *
2109 : * Wait for children to end their work, then shut down.
2110 : */
2111 80 : if (Shutdown >= SmartShutdown)
2112 0 : break;
2113 80 : Shutdown = SmartShutdown;
2114 80 : ereport(LOG,
2115 : (errmsg("received smart shutdown request")));
2116 :
2117 : /* Report status */
2118 80 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2119 : #ifdef USE_SYSTEMD
2120 : sd_notify(0, "STOPPING=1");
2121 : #endif
2122 :
2123 : /*
2124 : * If we reached normal running, we go straight to waiting for
2125 : * client backends to exit. If already in PM_STOP_BACKENDS or a
2126 : * later state, do not change it.
2127 : */
2128 80 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2129 80 : connsAllowed = false;
2130 0 : else if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2131 : {
2132 : /* There should be no clients, so proceed to stop children */
2133 0 : UpdatePMState(PM_STOP_BACKENDS);
2134 : }
2135 :
2136 : /*
2137 : * Now wait for online backup mode to end and backends to exit. If
2138 : * that is already the case, PostmasterStateMachine will take the
2139 : * next step.
2140 : */
2141 80 : PostmasterStateMachine();
2142 80 : break;
2143 :
2144 954 : case FastShutdown:
2145 :
2146 : /*
2147 : * Fast Shutdown:
2148 : *
2149 : * Abort all children with SIGTERM (rollback active transactions
2150 : * and exit) and shut down when they are gone.
2151 : */
2152 954 : if (Shutdown >= FastShutdown)
2153 0 : break;
2154 954 : Shutdown = FastShutdown;
2155 954 : ereport(LOG,
2156 : (errmsg("received fast shutdown request")));
2157 :
2158 : /* Report status */
2159 954 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2160 : #ifdef USE_SYSTEMD
2161 : sd_notify(0, "STOPPING=1");
2162 : #endif
2163 :
2164 954 : if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2165 : {
2166 : /* Just shut down background processes silently */
2167 0 : UpdatePMState(PM_STOP_BACKENDS);
2168 : }
2169 954 : else if (pmState == PM_RUN ||
2170 114 : pmState == PM_HOT_STANDBY)
2171 : {
2172 : /* Report that we're about to zap live client sessions */
2173 954 : ereport(LOG,
2174 : (errmsg("aborting any active transactions")));
2175 954 : UpdatePMState(PM_STOP_BACKENDS);
2176 : }
2177 :
2178 : /*
2179 : * PostmasterStateMachine will issue any necessary signals, or
2180 : * take the next step if no child processes need to be killed.
2181 : */
2182 954 : PostmasterStateMachine();
2183 954 : break;
2184 :
2185 662 : case ImmediateShutdown:
2186 :
2187 : /*
2188 : * Immediate Shutdown:
2189 : *
2190 : * abort all children with SIGQUIT, wait for them to exit,
2191 : * terminate remaining ones with SIGKILL, then exit without
2192 : * attempt to properly shut down the data base system.
2193 : */
2194 662 : if (Shutdown >= ImmediateShutdown)
2195 0 : break;
2196 662 : Shutdown = ImmediateShutdown;
2197 662 : ereport(LOG,
2198 : (errmsg("received immediate shutdown request")));
2199 :
2200 : /* Report status */
2201 662 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2202 : #ifdef USE_SYSTEMD
2203 : sd_notify(0, "STOPPING=1");
2204 : #endif
2205 :
2206 : /* tell children to shut down ASAP */
2207 : /* (note we don't apply send_abort_for_crash here) */
2208 662 : SetQuitSignalReason(PMQUIT_FOR_STOP);
2209 662 : TerminateChildren(SIGQUIT);
2210 662 : UpdatePMState(PM_WAIT_BACKENDS);
2211 :
2212 : /* set stopwatch for them to die */
2213 662 : AbortStartTime = time(NULL);
2214 :
2215 : /*
2216 : * Now wait for backends to exit. If there are none,
2217 : * PostmasterStateMachine will take the next step.
2218 : */
2219 662 : PostmasterStateMachine();
2220 662 : break;
2221 : }
2222 1696 : }
2223 :
2224 : static void
2225 46748 : handle_pm_child_exit_signal(SIGNAL_ARGS)
2226 : {
2227 46748 : pending_pm_child_exit = true;
2228 46748 : SetLatch(MyLatch);
2229 46748 : }
2230 :
2231 : /*
2232 : * Cleanup after a child process dies.
2233 : */
2234 : static void
2235 46622 : process_pm_child_exit(void)
2236 : {
2237 : int pid; /* process id of dead child process */
2238 : int exitstatus; /* its exit status */
2239 :
2240 46622 : pending_pm_child_exit = false;
2241 :
2242 46622 : ereport(DEBUG4,
2243 : (errmsg_internal("reaping dead processes")));
2244 :
2245 97386 : while ((pid = waitpid(-1, &exitstatus, WNOHANG)) > 0)
2246 : {
2247 : PMChild *pmchild;
2248 :
2249 : /*
2250 : * Check if this child was a startup process.
2251 : */
2252 50766 : if (StartupPMChild && pid == StartupPMChild->pid)
2253 : {
2254 1714 : ReleasePostmasterChildSlot(StartupPMChild);
2255 1714 : StartupPMChild = NULL;
2256 :
2257 : /*
2258 : * Startup process exited in response to a shutdown request (or it
2259 : * completed normally regardless of the shutdown request).
2260 : */
2261 1714 : if (Shutdown > NoShutdown &&
2262 204 : (EXIT_STATUS_0(exitstatus) || EXIT_STATUS_1(exitstatus)))
2263 : {
2264 116 : StartupStatus = STARTUP_NOT_RUNNING;
2265 116 : UpdatePMState(PM_WAIT_BACKENDS);
2266 : /* PostmasterStateMachine logic does the rest */
2267 116 : continue;
2268 : }
2269 :
2270 1598 : if (EXIT_STATUS_3(exitstatus))
2271 : {
2272 0 : ereport(LOG,
2273 : (errmsg("shutdown at recovery target")));
2274 0 : StartupStatus = STARTUP_NOT_RUNNING;
2275 0 : Shutdown = Max(Shutdown, SmartShutdown);
2276 0 : TerminateChildren(SIGTERM);
2277 0 : UpdatePMState(PM_WAIT_BACKENDS);
2278 : /* PostmasterStateMachine logic does the rest */
2279 0 : continue;
2280 : }
2281 :
2282 : /*
2283 : * Unexpected exit of startup process (including FATAL exit)
2284 : * during PM_STARTUP is treated as catastrophic. There are no
2285 : * other processes running yet, so we can just exit.
2286 : */
2287 1598 : if (pmState == PM_STARTUP &&
2288 1218 : StartupStatus != STARTUP_SIGNALED &&
2289 1218 : !EXIT_STATUS_0(exitstatus))
2290 : {
2291 2 : LogChildExit(LOG, _("startup process"),
2292 : pid, exitstatus);
2293 2 : ereport(LOG,
2294 : (errmsg("aborting startup due to startup process failure")));
2295 2 : ExitPostmaster(1);
2296 : }
2297 :
2298 : /*
2299 : * After PM_STARTUP, any unexpected exit (including FATAL exit) of
2300 : * the startup process is catastrophic, so kill other children,
2301 : * and set StartupStatus so we don't try to reinitialize after
2302 : * they're gone. Exception: if StartupStatus is STARTUP_SIGNALED,
2303 : * then we previously sent the startup process a SIGQUIT; so
2304 : * that's probably the reason it died, and we do want to try to
2305 : * restart in that case.
2306 : *
2307 : * This stanza also handles the case where we sent a SIGQUIT
2308 : * during PM_STARTUP due to some dead-end child crashing: in that
2309 : * situation, if the startup process dies on the SIGQUIT, we need
2310 : * to transition to PM_WAIT_BACKENDS state which will allow
2311 : * PostmasterStateMachine to restart the startup process. (On the
2312 : * other hand, the startup process might complete normally, if we
2313 : * were too late with the SIGQUIT. In that case we'll fall
2314 : * through and commence normal operations.)
2315 : */
2316 1596 : if (!EXIT_STATUS_0(exitstatus))
2317 : {
2318 94 : if (StartupStatus == STARTUP_SIGNALED)
2319 : {
2320 88 : StartupStatus = STARTUP_NOT_RUNNING;
2321 88 : if (pmState == PM_STARTUP)
2322 0 : UpdatePMState(PM_WAIT_BACKENDS);
2323 : }
2324 : else
2325 6 : StartupStatus = STARTUP_CRASHED;
2326 94 : HandleChildCrash(pid, exitstatus,
2327 94 : _("startup process"));
2328 94 : continue;
2329 : }
2330 :
2331 : /*
2332 : * Startup succeeded, commence normal operations
2333 : */
2334 1502 : StartupStatus = STARTUP_NOT_RUNNING;
2335 1502 : FatalError = false;
2336 1502 : AbortStartTime = 0;
2337 1502 : ReachedNormalRunning = true;
2338 1502 : UpdatePMState(PM_RUN);
2339 1502 : connsAllowed = true;
2340 :
2341 : /*
2342 : * At the next iteration of the postmaster's main loop, we will
2343 : * crank up the background tasks like the autovacuum launcher and
2344 : * background workers that were not started earlier already.
2345 : */
2346 1502 : StartWorkerNeeded = true;
2347 :
2348 : /* at this point we are really open for business */
2349 1502 : ereport(LOG,
2350 : (errmsg("database system is ready to accept connections")));
2351 :
2352 : /* Report status */
2353 1502 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
2354 : #ifdef USE_SYSTEMD
2355 : sd_notify(0, "READY=1");
2356 : #endif
2357 :
2358 1502 : continue;
2359 : }
2360 :
2361 : /*
2362 : * Was it the bgwriter? Normal exit can be ignored; we'll start a new
2363 : * one at the next iteration of the postmaster's main loop, if
2364 : * necessary. Any other exit condition is treated as a crash.
2365 : */
2366 49052 : if (BgWriterPMChild && pid == BgWriterPMChild->pid)
2367 : {
2368 1712 : ReleasePostmasterChildSlot(BgWriterPMChild);
2369 1712 : BgWriterPMChild = NULL;
2370 1712 : if (!EXIT_STATUS_0(exitstatus))
2371 678 : HandleChildCrash(pid, exitstatus,
2372 678 : _("background writer process"));
2373 1712 : continue;
2374 : }
2375 :
2376 : /*
2377 : * Was it the checkpointer?
2378 : */
2379 47340 : if (CheckpointerPMChild && pid == CheckpointerPMChild->pid)
2380 : {
2381 1712 : ReleasePostmasterChildSlot(CheckpointerPMChild);
2382 1712 : CheckpointerPMChild = NULL;
2383 1712 : if (EXIT_STATUS_0(exitstatus) && pmState == PM_WAIT_CHECKPOINTER)
2384 1034 : {
2385 : /*
2386 : * OK, we saw normal exit of the checkpointer after it's been
2387 : * told to shut down. We know checkpointer wrote a shutdown
2388 : * checkpoint, otherwise we'd still be in
2389 : * PM_WAIT_XLOG_SHUTDOWN state.
2390 : *
2391 : * At this point only dead-end children and logger should be
2392 : * left.
2393 : */
2394 1034 : UpdatePMState(PM_WAIT_DEAD_END);
2395 1034 : ConfigurePostmasterWaitSet(false);
2396 1034 : SignalChildren(SIGTERM, btmask_all_except(B_LOGGER));
2397 : }
2398 : else
2399 : {
2400 : /*
2401 : * Any unexpected exit of the checkpointer (including FATAL
2402 : * exit) is treated as a crash.
2403 : */
2404 678 : HandleChildCrash(pid, exitstatus,
2405 678 : _("checkpointer process"));
2406 : }
2407 :
2408 1712 : continue;
2409 : }
2410 :
2411 : /*
2412 : * Was it the wal writer? Normal exit can be ignored; we'll start a
2413 : * new one at the next iteration of the postmaster's main loop, if
2414 : * necessary. Any other exit condition is treated as a crash.
2415 : */
2416 45628 : if (WalWriterPMChild && pid == WalWriterPMChild->pid)
2417 : {
2418 1502 : ReleasePostmasterChildSlot(WalWriterPMChild);
2419 1502 : WalWriterPMChild = NULL;
2420 1502 : if (!EXIT_STATUS_0(exitstatus))
2421 582 : HandleChildCrash(pid, exitstatus,
2422 582 : _("WAL writer process"));
2423 1502 : continue;
2424 : }
2425 :
2426 : /*
2427 : * Was it the wal receiver? If exit status is zero (normal) or one
2428 : * (FATAL exit), we assume everything is all right just like normal
2429 : * backends. (If we need a new wal receiver, we'll start one at the
2430 : * next iteration of the postmaster's main loop.)
2431 : */
2432 44126 : if (WalReceiverPMChild && pid == WalReceiverPMChild->pid)
2433 : {
2434 530 : ReleasePostmasterChildSlot(WalReceiverPMChild);
2435 530 : WalReceiverPMChild = NULL;
2436 530 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2437 58 : HandleChildCrash(pid, exitstatus,
2438 58 : _("WAL receiver process"));
2439 530 : continue;
2440 : }
2441 :
2442 : /*
2443 : * Was it the wal summarizer? Normal exit can be ignored; we'll start
2444 : * a new one at the next iteration of the postmaster's main loop, if
2445 : * necessary. Any other exit condition is treated as a crash.
2446 : */
2447 43596 : if (WalSummarizerPMChild && pid == WalSummarizerPMChild->pid)
2448 : {
2449 38 : ReleasePostmasterChildSlot(WalSummarizerPMChild);
2450 38 : WalSummarizerPMChild = NULL;
2451 38 : if (!EXIT_STATUS_0(exitstatus))
2452 36 : HandleChildCrash(pid, exitstatus,
2453 36 : _("WAL summarizer process"));
2454 38 : continue;
2455 : }
2456 :
2457 : /*
2458 : * Was it the autovacuum launcher? Normal exit can be ignored; we'll
2459 : * start a new one at the next iteration of the postmaster's main
2460 : * loop, if necessary. Any other exit condition is treated as a
2461 : * crash.
2462 : */
2463 43558 : if (AutoVacLauncherPMChild && pid == AutoVacLauncherPMChild->pid)
2464 : {
2465 1246 : ReleasePostmasterChildSlot(AutoVacLauncherPMChild);
2466 1246 : AutoVacLauncherPMChild = NULL;
2467 1246 : if (!EXIT_STATUS_0(exitstatus))
2468 492 : HandleChildCrash(pid, exitstatus,
2469 492 : _("autovacuum launcher process"));
2470 1246 : continue;
2471 : }
2472 :
2473 : /*
2474 : * Was it the archiver? If exit status is zero (normal) or one (FATAL
2475 : * exit), we assume everything is all right just like normal backends
2476 : * and just try to start a new one on the next cycle of the
2477 : * postmaster's main loop, to retry archiving remaining files.
2478 : */
2479 42312 : if (PgArchPMChild && pid == PgArchPMChild->pid)
2480 : {
2481 110 : ReleasePostmasterChildSlot(PgArchPMChild);
2482 110 : PgArchPMChild = NULL;
2483 110 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2484 80 : HandleChildCrash(pid, exitstatus,
2485 80 : _("archiver process"));
2486 110 : continue;
2487 : }
2488 :
2489 : /* Was it the system logger? If so, try to start a new one */
2490 42202 : if (SysLoggerPMChild && pid == SysLoggerPMChild->pid)
2491 : {
2492 0 : ReleasePostmasterChildSlot(SysLoggerPMChild);
2493 0 : SysLoggerPMChild = NULL;
2494 :
2495 : /* for safety's sake, launch new logger *first* */
2496 0 : if (Logging_collector)
2497 0 : StartSysLogger();
2498 :
2499 0 : if (!EXIT_STATUS_0(exitstatus))
2500 0 : LogChildExit(LOG, _("system logger process"),
2501 : pid, exitstatus);
2502 0 : continue;
2503 : }
2504 :
2505 : /*
2506 : * Was it the slot sync worker? Normal exit or FATAL exit can be
2507 : * ignored (FATAL can be caused by libpqwalreceiver on receiving
2508 : * shutdown request by the startup process during promotion); we'll
2509 : * start a new one at the next iteration of the postmaster's main
2510 : * loop, if necessary. Any other exit condition is treated as a crash.
2511 : */
2512 42202 : if (SlotSyncWorkerPMChild && pid == SlotSyncWorkerPMChild->pid)
2513 : {
2514 8 : ReleasePostmasterChildSlot(SlotSyncWorkerPMChild);
2515 8 : SlotSyncWorkerPMChild = NULL;
2516 8 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2517 0 : HandleChildCrash(pid, exitstatus,
2518 0 : _("slot sync worker process"));
2519 8 : continue;
2520 : }
2521 :
2522 : /* Was it an IO worker? */
2523 42194 : if (maybe_reap_io_worker(pid))
2524 : {
2525 5206 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2526 2034 : HandleChildCrash(pid, exitstatus, _("io worker"));
2527 :
2528 5206 : maybe_adjust_io_workers();
2529 5206 : continue;
2530 : }
2531 :
2532 : /*
2533 : * Was it a backend or a background worker?
2534 : */
2535 36988 : pmchild = FindPostmasterChildByPid(pid);
2536 36988 : if (pmchild)
2537 : {
2538 36988 : CleanupBackend(pmchild, exitstatus);
2539 : }
2540 :
2541 : /*
2542 : * We don't know anything about this child process. That's highly
2543 : * unexpected, as we do track all the child processes that we fork.
2544 : */
2545 : else
2546 : {
2547 0 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2548 0 : HandleChildCrash(pid, exitstatus, _("untracked child process"));
2549 : else
2550 0 : LogChildExit(LOG, _("untracked child process"), pid, exitstatus);
2551 : }
2552 : } /* loop over pending child-death reports */
2553 :
2554 : /*
2555 : * After cleaning out the SIGCHLD queue, see if we have any state changes
2556 : * or actions to make.
2557 : */
2558 46620 : PostmasterStateMachine();
2559 44918 : }
2560 :
2561 : /*
2562 : * CleanupBackend -- cleanup after terminated backend or background worker.
2563 : *
2564 : * Remove all local state associated with the child process and release its
2565 : * PMChild slot.
2566 : */
2567 : static void
2568 36988 : CleanupBackend(PMChild *bp,
2569 : int exitstatus) /* child's exit status. */
2570 : {
2571 : char namebuf[MAXPGPATH];
2572 : const char *procname;
2573 36988 : bool crashed = false;
2574 36988 : bool logged = false;
2575 : pid_t bp_pid;
2576 : bool bp_bgworker_notify;
2577 : BackendType bp_bkend_type;
2578 : RegisteredBgWorker *rw;
2579 :
2580 : /* Construct a process name for the log message */
2581 36988 : if (bp->bkend_type == B_BG_WORKER)
2582 : {
2583 5266 : snprintf(namebuf, MAXPGPATH, _("background worker \"%s\""),
2584 5266 : bp->rw->rw_worker.bgw_type);
2585 5266 : procname = namebuf;
2586 : }
2587 : else
2588 31722 : procname = _(GetBackendTypeDesc(bp->bkend_type));
2589 :
2590 : /*
2591 : * If a backend dies in an ugly way then we must signal all other backends
2592 : * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
2593 : * assume everything is all right and proceed to remove the backend from
2594 : * the active child list.
2595 : */
2596 36988 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2597 1646 : crashed = true;
2598 :
2599 : #ifdef WIN32
2600 :
2601 : /*
2602 : * On win32, also treat ERROR_WAIT_NO_CHILDREN (128) as nonfatal case,
2603 : * since that sometimes happens under load when the process fails to start
2604 : * properly (long before it starts using shared memory). Microsoft reports
2605 : * it is related to mutex failure:
2606 : * http://archives.postgresql.org/pgsql-hackers/2010-09/msg00790.php
2607 : */
2608 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
2609 : {
2610 : LogChildExit(LOG, procname, bp->pid, exitstatus);
2611 : logged = true;
2612 : crashed = false;
2613 : }
2614 : #endif
2615 :
2616 : /*
2617 : * Release the PMChild entry.
2618 : *
2619 : * If the process attached to shared memory, this also checks that it
2620 : * detached cleanly.
2621 : */
2622 36988 : bp_pid = bp->pid;
2623 36988 : bp_bgworker_notify = bp->bgworker_notify;
2624 36988 : bp_bkend_type = bp->bkend_type;
2625 36988 : rw = bp->rw;
2626 36988 : if (!ReleasePostmasterChildSlot(bp))
2627 : {
2628 : /*
2629 : * Uh-oh, the child failed to clean itself up. Treat as a crash after
2630 : * all.
2631 : */
2632 750 : crashed = true;
2633 : }
2634 36988 : bp = NULL;
2635 :
2636 : /*
2637 : * In a crash case, exit immediately without resetting background worker
2638 : * state. However, if restart_after_crash is enabled, the background
2639 : * worker state (e.g., rw_pid) still needs be reset so the worker can
2640 : * restart after crash recovery. This reset is handled in
2641 : * ResetBackgroundWorkerCrashTimes(), not here.
2642 : */
2643 36988 : if (crashed)
2644 : {
2645 1646 : HandleChildCrash(bp_pid, exitstatus, procname);
2646 1646 : return;
2647 : }
2648 :
2649 : /*
2650 : * This backend may have been slated to receive SIGUSR1 when some
2651 : * background worker started or stopped. Cancel those notifications, as
2652 : * we don't want to signal PIDs that are not PostgreSQL backends. This
2653 : * gets skipped in the (probably very common) case where the backend has
2654 : * never requested any such notifications.
2655 : */
2656 35342 : if (bp_bgworker_notify)
2657 482 : BackgroundWorkerStopNotifications(bp_pid);
2658 :
2659 : /*
2660 : * If it was a background worker, also update its RegisteredBgWorker
2661 : * entry.
2662 : */
2663 35342 : if (bp_bkend_type == B_BG_WORKER)
2664 : {
2665 4606 : if (!EXIT_STATUS_0(exitstatus))
2666 : {
2667 : /* Record timestamp, so we know when to restart the worker. */
2668 1280 : rw->rw_crashed_at = GetCurrentTimestamp();
2669 : }
2670 : else
2671 : {
2672 : /* Zero exit status means terminate */
2673 3326 : rw->rw_crashed_at = 0;
2674 3326 : rw->rw_terminate = true;
2675 : }
2676 :
2677 4606 : rw->rw_pid = 0;
2678 4606 : ReportBackgroundWorkerExit(rw); /* report child death */
2679 :
2680 4606 : if (!logged)
2681 : {
2682 4606 : LogChildExit(EXIT_STATUS_0(exitstatus) ? DEBUG1 : LOG,
2683 : procname, bp_pid, exitstatus);
2684 4606 : logged = true;
2685 : }
2686 :
2687 : /* have it be restarted */
2688 4606 : HaveCrashedWorker = true;
2689 : }
2690 :
2691 35342 : if (!logged)
2692 30736 : LogChildExit(DEBUG2, procname, bp_pid, exitstatus);
2693 : }
2694 :
2695 : /*
2696 : * Transition into FatalError state, in response to something bad having
2697 : * happened. Commonly the caller will have logged the reason for entering
2698 : * FatalError state.
2699 : *
2700 : * This should only be called when not already in FatalError or
2701 : * ImmediateShutdown state.
2702 : */
2703 : static void
2704 16 : HandleFatalError(QuitSignalReason reason, bool consider_sigabrt)
2705 : {
2706 : int sigtosend;
2707 :
2708 : Assert(!FatalError);
2709 : Assert(Shutdown != ImmediateShutdown);
2710 :
2711 16 : SetQuitSignalReason(reason);
2712 :
2713 16 : if (consider_sigabrt && send_abort_for_crash)
2714 0 : sigtosend = SIGABRT;
2715 : else
2716 16 : sigtosend = SIGQUIT;
2717 :
2718 : /*
2719 : * Signal all other child processes to exit.
2720 : *
2721 : * We could exclude dead-end children here, but at least when sending
2722 : * SIGABRT it seems better to include them.
2723 : */
2724 16 : TerminateChildren(sigtosend);
2725 :
2726 16 : FatalError = true;
2727 :
2728 : /*
2729 : * Choose the appropriate new state to react to the fatal error. Unless we
2730 : * were already in the process of shutting down, we go through
2731 : * PM_WAIT_BACKENDS. For errors during the shutdown sequence, we directly
2732 : * switch to PM_WAIT_DEAD_END.
2733 : */
2734 16 : switch (pmState)
2735 : {
2736 0 : case PM_INIT:
2737 : /* shouldn't have any children */
2738 : Assert(false);
2739 0 : break;
2740 0 : case PM_STARTUP:
2741 : /* should have been handled in process_pm_child_exit */
2742 : Assert(false);
2743 0 : break;
2744 :
2745 : /* wait for children to die */
2746 16 : case PM_RECOVERY:
2747 : case PM_HOT_STANDBY:
2748 : case PM_RUN:
2749 : case PM_STOP_BACKENDS:
2750 16 : UpdatePMState(PM_WAIT_BACKENDS);
2751 16 : break;
2752 :
2753 0 : case PM_WAIT_BACKENDS:
2754 : /* there might be more backends to wait for */
2755 0 : break;
2756 :
2757 0 : case PM_WAIT_XLOG_SHUTDOWN:
2758 : case PM_WAIT_XLOG_ARCHIVAL:
2759 : case PM_WAIT_CHECKPOINTER:
2760 : case PM_WAIT_IO_WORKERS:
2761 :
2762 : /*
2763 : * NB: Similar code exists in PostmasterStateMachine()'s handling
2764 : * of FatalError in PM_STOP_BACKENDS/PM_WAIT_BACKENDS states.
2765 : */
2766 0 : ConfigurePostmasterWaitSet(false);
2767 0 : UpdatePMState(PM_WAIT_DEAD_END);
2768 0 : break;
2769 :
2770 0 : case PM_WAIT_DEAD_END:
2771 : case PM_NO_CHILDREN:
2772 0 : break;
2773 : }
2774 :
2775 : /*
2776 : * .. and if this doesn't happen quickly enough, now the clock is ticking
2777 : * for us to kill them without mercy.
2778 : */
2779 16 : if (AbortStartTime == 0)
2780 16 : AbortStartTime = time(NULL);
2781 16 : }
2782 :
2783 : /*
2784 : * HandleChildCrash -- cleanup after failed backend, bgwriter, checkpointer,
2785 : * walwriter, autovacuum, archiver, slot sync worker, or background worker.
2786 : *
2787 : * The objectives here are to clean up our local state about the child
2788 : * process, and to signal all other remaining children to quickdie.
2789 : *
2790 : * The caller has already released its PMChild slot.
2791 : */
2792 : static void
2793 6378 : HandleChildCrash(int pid, int exitstatus, const char *procname)
2794 : {
2795 : /*
2796 : * We only log messages and send signals if this is the first process
2797 : * crash and we're not doing an immediate shutdown; otherwise, we're only
2798 : * here to update postmaster's idea of live processes. If we have already
2799 : * signaled children, nonzero exit status is to be expected, so don't
2800 : * clutter log.
2801 : */
2802 6378 : if (FatalError || Shutdown == ImmediateShutdown)
2803 6362 : return;
2804 :
2805 16 : LogChildExit(LOG, procname, pid, exitstatus);
2806 16 : ereport(LOG,
2807 : (errmsg("terminating any other active server processes")));
2808 :
2809 : /*
2810 : * Switch into error state. The crashed process has already been removed
2811 : * from ActiveChildList.
2812 : */
2813 16 : HandleFatalError(PMQUIT_FOR_CRASH, true);
2814 : }
2815 :
2816 : /*
2817 : * Log the death of a child process.
2818 : */
2819 : static void
2820 35360 : LogChildExit(int lev, const char *procname, int pid, int exitstatus)
2821 : {
2822 : /*
2823 : * size of activity_buffer is arbitrary, but set equal to default
2824 : * track_activity_query_size
2825 : */
2826 : char activity_buffer[1024];
2827 35360 : const char *activity = NULL;
2828 :
2829 35360 : if (!EXIT_STATUS_0(exitstatus))
2830 2220 : activity = pgstat_get_crashed_backend_activity(pid,
2831 : activity_buffer,
2832 : sizeof(activity_buffer));
2833 :
2834 35360 : if (WIFEXITED(exitstatus))
2835 35352 : ereport(lev,
2836 :
2837 : /*------
2838 : translator: %s is a noun phrase describing a child process, such as
2839 : "server process" */
2840 : (errmsg("%s (PID %d) exited with exit code %d",
2841 : procname, pid, WEXITSTATUS(exitstatus)),
2842 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2843 8 : else if (WIFSIGNALED(exitstatus))
2844 : {
2845 : #if defined(WIN32)
2846 : ereport(lev,
2847 :
2848 : /*------
2849 : translator: %s is a noun phrase describing a child process, such as
2850 : "server process" */
2851 : (errmsg("%s (PID %d) was terminated by exception 0x%X",
2852 : procname, pid, WTERMSIG(exitstatus)),
2853 : errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
2854 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2855 : #else
2856 8 : ereport(lev,
2857 :
2858 : /*------
2859 : translator: %s is a noun phrase describing a child process, such as
2860 : "server process" */
2861 : (errmsg("%s (PID %d) was terminated by signal %d: %s",
2862 : procname, pid, WTERMSIG(exitstatus),
2863 : pg_strsignal(WTERMSIG(exitstatus))),
2864 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2865 : #endif
2866 : }
2867 : else
2868 0 : ereport(lev,
2869 :
2870 : /*------
2871 : translator: %s is a noun phrase describing a child process, such as
2872 : "server process" */
2873 : (errmsg("%s (PID %d) exited with unrecognized status %d",
2874 : procname, pid, exitstatus),
2875 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2876 35360 : }
2877 :
2878 : /*
2879 : * Advance the postmaster's state machine and take actions as appropriate
2880 : *
2881 : * This is common code for process_pm_shutdown_request(),
2882 : * process_pm_child_exit() and process_pm_pmsignal(), which process the signals
2883 : * that might mean we need to change state.
2884 : */
2885 : static void
2886 51758 : PostmasterStateMachine(void)
2887 : {
2888 : /* If we're doing a smart shutdown, try to advance that state. */
2889 51758 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2890 : {
2891 37094 : if (!connsAllowed)
2892 : {
2893 : /*
2894 : * This state ends when we have no normal client backends running.
2895 : * Then we're ready to stop other children.
2896 : */
2897 224 : if (CountChildren(btmask(B_BACKEND)) == 0)
2898 80 : UpdatePMState(PM_STOP_BACKENDS);
2899 : }
2900 : }
2901 :
2902 : /*
2903 : * In the PM_WAIT_BACKENDS state, wait for all the regular backends and
2904 : * processes like autovacuum and background workers that are comparable to
2905 : * backends to exit.
2906 : *
2907 : * PM_STOP_BACKENDS is a transient state that means the same as
2908 : * PM_WAIT_BACKENDS, but we signal the processes first, before waiting for
2909 : * them. Treating it as a distinct pmState allows us to share this code
2910 : * across multiple shutdown code paths.
2911 : */
2912 51758 : if (pmState == PM_STOP_BACKENDS || pmState == PM_WAIT_BACKENDS)
2913 : {
2914 9262 : BackendTypeMask targetMask = BTYPE_MASK_NONE;
2915 :
2916 : /*
2917 : * PM_WAIT_BACKENDS state ends when we have no regular backends, no
2918 : * autovac launcher or workers, and no bgworkers (including
2919 : * unconnected ones).
2920 : */
2921 9262 : targetMask = btmask_add(targetMask,
2922 : B_BACKEND,
2923 : B_AUTOVAC_LAUNCHER,
2924 : B_AUTOVAC_WORKER,
2925 : B_BG_WORKER);
2926 :
2927 : /*
2928 : * No walwriter, bgwriter, slot sync worker, or WAL summarizer either.
2929 : */
2930 9262 : targetMask = btmask_add(targetMask,
2931 : B_WAL_WRITER,
2932 : B_BG_WRITER,
2933 : B_SLOTSYNC_WORKER,
2934 : B_WAL_SUMMARIZER);
2935 :
2936 : /* If we're in recovery, also stop startup and walreceiver procs */
2937 9262 : targetMask = btmask_add(targetMask,
2938 : B_STARTUP,
2939 : B_WAL_RECEIVER);
2940 :
2941 : /*
2942 : * If we are doing crash recovery or an immediate shutdown then we
2943 : * expect archiver, checkpointer, io workers and walsender to exit as
2944 : * well, otherwise not.
2945 : */
2946 9262 : if (FatalError || Shutdown >= ImmediateShutdown)
2947 3152 : targetMask = btmask_add(targetMask,
2948 : B_CHECKPOINTER,
2949 : B_ARCHIVER,
2950 : B_IO_WORKER,
2951 : B_WAL_SENDER);
2952 :
2953 : /*
2954 : * Normally archiver, checkpointer, IO workers and walsenders will
2955 : * continue running; they will be terminated later after writing the
2956 : * checkpoint record. We also let dead-end children to keep running
2957 : * for now. The syslogger process exits last.
2958 : *
2959 : * This assertion checks that we have covered all backend types,
2960 : * either by including them in targetMask, or by noting here that they
2961 : * are allowed to continue running.
2962 : */
2963 : #ifdef USE_ASSERT_CHECKING
2964 : {
2965 : BackendTypeMask remainMask = BTYPE_MASK_NONE;
2966 :
2967 : remainMask = btmask_add(remainMask,
2968 : B_DEAD_END_BACKEND,
2969 : B_LOGGER);
2970 :
2971 : /*
2972 : * Archiver, checkpointer, IO workers, and walsender may or may
2973 : * not be in targetMask already.
2974 : */
2975 : remainMask = btmask_add(remainMask,
2976 : B_ARCHIVER,
2977 : B_CHECKPOINTER,
2978 : B_IO_WORKER,
2979 : B_WAL_SENDER);
2980 :
2981 : /* these are not real postmaster children */
2982 : remainMask = btmask_add(remainMask,
2983 : B_INVALID,
2984 : B_STANDALONE_BACKEND);
2985 :
2986 : /* All types should be included in targetMask or remainMask */
2987 : Assert((remainMask.mask | targetMask.mask) == BTYPE_MASK_ALL.mask);
2988 : }
2989 : #endif
2990 :
2991 : /* If we had not yet signaled the processes to exit, do so now */
2992 9262 : if (pmState == PM_STOP_BACKENDS)
2993 : {
2994 : /*
2995 : * Forget any pending requests for background workers, since we're
2996 : * no longer willing to launch any new workers. (If additional
2997 : * requests arrive, BackgroundWorkerStateChange will reject them.)
2998 : */
2999 1034 : ForgetUnstartedBackgroundWorkers();
3000 :
3001 1034 : SignalChildren(SIGTERM, targetMask);
3002 :
3003 1034 : UpdatePMState(PM_WAIT_BACKENDS);
3004 : }
3005 :
3006 : /* Are any of the target processes still running? */
3007 9262 : if (CountChildren(targetMask) == 0)
3008 : {
3009 1712 : if (Shutdown >= ImmediateShutdown || FatalError)
3010 : {
3011 : /*
3012 : * Stop any dead-end children and stop creating new ones.
3013 : *
3014 : * NB: Similar code exists in HandleFatalError(), when the
3015 : * error happens in pmState > PM_WAIT_BACKENDS.
3016 : */
3017 678 : UpdatePMState(PM_WAIT_DEAD_END);
3018 678 : ConfigurePostmasterWaitSet(false);
3019 678 : SignalChildren(SIGQUIT, btmask(B_DEAD_END_BACKEND));
3020 :
3021 : /*
3022 : * We already SIGQUIT'd auxiliary processes (other than
3023 : * logger), if any, when we started immediate shutdown or
3024 : * entered FatalError state.
3025 : */
3026 : }
3027 : else
3028 : {
3029 : /*
3030 : * If we get here, we are proceeding with normal shutdown. All
3031 : * the regular children are gone, and it's time to tell the
3032 : * checkpointer to do a shutdown checkpoint.
3033 : */
3034 : Assert(Shutdown > NoShutdown);
3035 : /* Start the checkpointer if not running */
3036 1034 : if (CheckpointerPMChild == NULL)
3037 0 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
3038 : /* And tell it to write the shutdown checkpoint */
3039 1034 : if (CheckpointerPMChild != NULL)
3040 : {
3041 1034 : signal_child(CheckpointerPMChild, SIGINT);
3042 1034 : UpdatePMState(PM_WAIT_XLOG_SHUTDOWN);
3043 : }
3044 : else
3045 : {
3046 : /*
3047 : * If we failed to fork a checkpointer, just shut down.
3048 : * Any required cleanup will happen at next restart. We
3049 : * set FatalError so that an "abnormal shutdown" message
3050 : * gets logged when we exit.
3051 : *
3052 : * We don't consult send_abort_for_crash here, as it's
3053 : * unlikely that dumping cores would illuminate the reason
3054 : * for checkpointer fork failure.
3055 : *
3056 : * XXX: It may be worth to introduce a different PMQUIT
3057 : * value that signals that the cluster is in a bad state,
3058 : * without a process having crashed. But right now this
3059 : * path is very unlikely to be reached, so it isn't
3060 : * obviously worthwhile adding a distinct error message in
3061 : * quickdie().
3062 : */
3063 0 : HandleFatalError(PMQUIT_FOR_CRASH, false);
3064 : }
3065 : }
3066 : }
3067 : }
3068 :
3069 : /*
3070 : * The state transition from PM_WAIT_XLOG_SHUTDOWN to
3071 : * PM_WAIT_XLOG_ARCHIVAL is in process_pm_pmsignal(), in response to
3072 : * PMSIGNAL_XLOG_IS_SHUTDOWN.
3073 : */
3074 :
3075 51758 : if (pmState == PM_WAIT_XLOG_ARCHIVAL)
3076 : {
3077 : /*
3078 : * PM_WAIT_XLOG_ARCHIVAL state ends when there are no children other
3079 : * than checkpointer, io workers and dead-end children left. There
3080 : * shouldn't be any regular backends left by now anyway; what we're
3081 : * really waiting for is for walsenders and archiver to exit.
3082 : */
3083 1138 : if (CountChildren(btmask_all_except(B_CHECKPOINTER, B_IO_WORKER,
3084 : B_LOGGER, B_DEAD_END_BACKEND)) == 0)
3085 : {
3086 1034 : UpdatePMState(PM_WAIT_IO_WORKERS);
3087 1034 : SignalChildren(SIGUSR2, btmask(B_IO_WORKER));
3088 : }
3089 : }
3090 :
3091 51758 : if (pmState == PM_WAIT_IO_WORKERS)
3092 : {
3093 : /*
3094 : * PM_WAIT_IO_WORKERS state ends when there's only checkpointer and
3095 : * dead-end children left.
3096 : */
3097 4144 : if (io_worker_count == 0)
3098 : {
3099 1034 : UpdatePMState(PM_WAIT_CHECKPOINTER);
3100 :
3101 : /*
3102 : * Now that the processes mentioned above are gone, tell
3103 : * checkpointer to shut down too. That allows checkpointer to
3104 : * perform some last bits of cleanup without other processes
3105 : * interfering.
3106 : */
3107 1034 : if (CheckpointerPMChild != NULL)
3108 1034 : signal_child(CheckpointerPMChild, SIGUSR2);
3109 : }
3110 : }
3111 :
3112 : /*
3113 : * The state transition from PM_WAIT_CHECKPOINTER to PM_WAIT_DEAD_END is
3114 : * in process_pm_child_exit().
3115 : */
3116 :
3117 51758 : if (pmState == PM_WAIT_DEAD_END)
3118 : {
3119 : /*
3120 : * PM_WAIT_DEAD_END state ends when all other children are gone except
3121 : * for the logger. During normal shutdown, all that remains are
3122 : * dead-end backends, but in FatalError processing we jump straight
3123 : * here with more processes remaining. Note that they have already
3124 : * been sent appropriate shutdown signals, either during a normal
3125 : * state transition leading up to PM_WAIT_DEAD_END, or during
3126 : * FatalError processing.
3127 : *
3128 : * The reason we wait is to protect against a new postmaster starting
3129 : * conflicting subprocesses; this isn't an ironclad protection, but it
3130 : * at least helps in the shutdown-and-immediately-restart scenario.
3131 : */
3132 1770 : if (CountChildren(btmask_all_except(B_LOGGER)) == 0)
3133 : {
3134 : /* These other guys should be dead already */
3135 : Assert(StartupPMChild == NULL);
3136 : Assert(WalReceiverPMChild == NULL);
3137 : Assert(WalSummarizerPMChild == NULL);
3138 : Assert(BgWriterPMChild == NULL);
3139 : Assert(CheckpointerPMChild == NULL);
3140 : Assert(WalWriterPMChild == NULL);
3141 : Assert(AutoVacLauncherPMChild == NULL);
3142 : Assert(SlotSyncWorkerPMChild == NULL);
3143 : /* syslogger is not considered here */
3144 1712 : UpdatePMState(PM_NO_CHILDREN);
3145 : }
3146 : }
3147 :
3148 : /*
3149 : * If we've been told to shut down, we exit as soon as there are no
3150 : * remaining children. If there was a crash, cleanup will occur at the
3151 : * next startup. (Before PostgreSQL 8.3, we tried to recover from the
3152 : * crash before exiting, but that seems unwise if we are quitting because
3153 : * we got SIGTERM from init --- there may well not be time for recovery
3154 : * before init decides to SIGKILL us.)
3155 : *
3156 : * Note that the syslogger continues to run. It will exit when it sees
3157 : * EOF on its input pipe, which happens when there are no more upstream
3158 : * processes.
3159 : */
3160 51758 : if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
3161 : {
3162 1696 : if (FatalError)
3163 : {
3164 0 : ereport(LOG, (errmsg("abnormal database system shutdown")));
3165 0 : ExitPostmaster(1);
3166 : }
3167 : else
3168 : {
3169 : /*
3170 : * Normal exit from the postmaster is here. We don't need to log
3171 : * anything here, since the UnlinkLockFiles proc_exit callback
3172 : * will do so, and that should be the last user-visible action.
3173 : */
3174 1696 : ExitPostmaster(0);
3175 : }
3176 : }
3177 :
3178 : /*
3179 : * If the startup process failed, or the user does not want an automatic
3180 : * restart after backend crashes, wait for all non-syslogger children to
3181 : * exit, and then exit postmaster. We don't try to reinitialize when the
3182 : * startup process fails, because more than likely it will just fail again
3183 : * and we will keep trying forever.
3184 : */
3185 50062 : if (pmState == PM_NO_CHILDREN)
3186 : {
3187 16 : if (StartupStatus == STARTUP_CRASHED)
3188 : {
3189 6 : ereport(LOG,
3190 : (errmsg("shutting down due to startup process failure")));
3191 6 : ExitPostmaster(1);
3192 : }
3193 10 : if (!restart_after_crash)
3194 : {
3195 0 : ereport(LOG,
3196 : (errmsg("shutting down because \"restart_after_crash\" is off")));
3197 0 : ExitPostmaster(1);
3198 : }
3199 : }
3200 :
3201 : /*
3202 : * If we need to recover from a crash, wait for all non-syslogger children
3203 : * to exit, then reset shmem and start the startup process.
3204 : */
3205 50056 : if (FatalError && pmState == PM_NO_CHILDREN)
3206 : {
3207 10 : ereport(LOG,
3208 : (errmsg("all server processes terminated; reinitializing")));
3209 :
3210 : /* remove leftover temporary files after a crash */
3211 10 : if (remove_temp_files_after_crash)
3212 8 : RemovePgTempFiles();
3213 :
3214 : /* allow background workers to immediately restart */
3215 10 : ResetBackgroundWorkerCrashTimes();
3216 :
3217 10 : shmem_exit(1);
3218 :
3219 : /* re-read control file into local memory */
3220 10 : LocalProcessControlFile(true);
3221 :
3222 : /* re-create shared memory and semaphores */
3223 10 : CreateSharedMemoryAndSemaphores();
3224 :
3225 10 : UpdatePMState(PM_STARTUP);
3226 :
3227 : /* Make sure we can perform I/O while starting up. */
3228 10 : maybe_adjust_io_workers();
3229 :
3230 10 : StartupPMChild = StartChildProcess(B_STARTUP);
3231 : Assert(StartupPMChild != NULL);
3232 10 : StartupStatus = STARTUP_RUNNING;
3233 : /* crash recovery started, reset SIGKILL flag */
3234 10 : AbortStartTime = 0;
3235 :
3236 : /* start accepting server socket connection events again */
3237 10 : ConfigurePostmasterWaitSet(true);
3238 : }
3239 50056 : }
3240 :
3241 : static const char *
3242 1960 : pmstate_name(PMState state)
3243 : {
3244 : #define PM_TOSTR_CASE(sym) case sym: return #sym
3245 1960 : switch (state)
3246 : {
3247 110 : PM_TOSTR_CASE(PM_INIT);
3248 220 : PM_TOSTR_CASE(PM_STARTUP);
3249 32 : PM_TOSTR_CASE(PM_RECOVERY);
3250 24 : PM_TOSTR_CASE(PM_HOT_STANDBY);
3251 206 : PM_TOSTR_CASE(PM_RUN);
3252 160 : PM_TOSTR_CASE(PM_STOP_BACKENDS);
3253 232 : PM_TOSTR_CASE(PM_WAIT_BACKENDS);
3254 160 : PM_TOSTR_CASE(PM_WAIT_XLOG_SHUTDOWN);
3255 160 : PM_TOSTR_CASE(PM_WAIT_XLOG_ARCHIVAL);
3256 160 : PM_TOSTR_CASE(PM_WAIT_IO_WORKERS);
3257 224 : PM_TOSTR_CASE(PM_WAIT_DEAD_END);
3258 160 : PM_TOSTR_CASE(PM_WAIT_CHECKPOINTER);
3259 112 : PM_TOSTR_CASE(PM_NO_CHILDREN);
3260 : }
3261 : #undef PM_TOSTR_CASE
3262 :
3263 0 : pg_unreachable();
3264 : return ""; /* silence compiler */
3265 : }
3266 :
3267 : /*
3268 : * Simple wrapper for updating pmState. The main reason to have this wrapper
3269 : * is that it makes it easy to log all state transitions.
3270 : */
3271 : static void
3272 14434 : UpdatePMState(PMState newState)
3273 : {
3274 14434 : elog(DEBUG1, "updating PMState from %s to %s",
3275 : pmstate_name(pmState), pmstate_name(newState));
3276 14434 : pmState = newState;
3277 14434 : }
3278 :
3279 : /*
3280 : * Launch background processes after state change, or relaunch after an
3281 : * existing process has exited.
3282 : *
3283 : * Check the current pmState and the status of any background processes. If
3284 : * there are any background processes missing that should be running in the
3285 : * current state, but are not, launch them.
3286 : */
3287 : static void
3288 258850 : LaunchMissingBackgroundProcesses(void)
3289 : {
3290 : /* Syslogger is active in all states */
3291 258850 : if (SysLoggerPMChild == NULL && Logging_collector)
3292 0 : StartSysLogger();
3293 :
3294 : /*
3295 : * The number of configured workers might have changed, or a prior start
3296 : * of a worker might have failed. Check if we need to start/stop any
3297 : * workers.
3298 : *
3299 : * A config file change will always lead to this function being called, so
3300 : * we always will process the config change in a timely manner.
3301 : */
3302 258850 : maybe_adjust_io_workers();
3303 :
3304 : /*
3305 : * The checkpointer and the background writer are active from the start,
3306 : * until shutdown is initiated.
3307 : *
3308 : * (If the checkpointer is not running when we enter the
3309 : * PM_WAIT_XLOG_SHUTDOWN state, it is launched one more time to perform
3310 : * the shutdown checkpoint. That's done in PostmasterStateMachine(), not
3311 : * here.)
3312 : */
3313 258850 : if (pmState == PM_RUN || pmState == PM_RECOVERY ||
3314 17208 : pmState == PM_HOT_STANDBY || pmState == PM_STARTUP)
3315 : {
3316 245816 : if (CheckpointerPMChild == NULL)
3317 10 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
3318 245816 : if (BgWriterPMChild == NULL)
3319 10 : BgWriterPMChild = StartChildProcess(B_BG_WRITER);
3320 : }
3321 :
3322 : /*
3323 : * WAL writer is needed only in normal operation (else we cannot be
3324 : * writing any new WAL).
3325 : */
3326 258850 : if (WalWriterPMChild == NULL && pmState == PM_RUN)
3327 1502 : WalWriterPMChild = StartChildProcess(B_WAL_WRITER);
3328 :
3329 : /*
3330 : * We don't want autovacuum to run in binary upgrade mode because
3331 : * autovacuum might update relfrozenxid for empty tables before the
3332 : * physical files are put in place.
3333 : */
3334 278434 : if (!IsBinaryUpgrade && AutoVacLauncherPMChild == NULL &&
3335 27558 : (AutoVacuumingActive() || start_autovac_launcher) &&
3336 11610 : pmState == PM_RUN)
3337 : {
3338 1246 : AutoVacLauncherPMChild = StartChildProcess(B_AUTOVAC_LAUNCHER);
3339 1246 : if (AutoVacLauncherPMChild != NULL)
3340 1246 : start_autovac_launcher = false; /* signal processed */
3341 : }
3342 :
3343 : /*
3344 : * If WAL archiving is enabled always, we are allowed to start archiver
3345 : * even during recovery.
3346 : */
3347 258850 : if (PgArchPMChild == NULL &&
3348 256686 : ((XLogArchivingActive() && pmState == PM_RUN) ||
3349 256686 : (XLogArchivingAlways() && (pmState == PM_RECOVERY || pmState == PM_HOT_STANDBY))) &&
3350 104 : PgArchCanRestart())
3351 104 : PgArchPMChild = StartChildProcess(B_ARCHIVER);
3352 :
3353 : /*
3354 : * If we need to start a slot sync worker, try to do that now
3355 : *
3356 : * We allow to start the slot sync worker when we are on a hot standby,
3357 : * fast or immediate shutdown is not in progress, slot sync parameters are
3358 : * configured correctly, and it is the first time of worker's launch, or
3359 : * enough time has passed since the worker was launched last.
3360 : */
3361 258850 : if (SlotSyncWorkerPMChild == NULL && pmState == PM_HOT_STANDBY &&
3362 3554 : Shutdown <= SmartShutdown && sync_replication_slots &&
3363 22 : ValidateSlotSyncParams(LOG) && SlotSyncWorkerCanRestart())
3364 8 : SlotSyncWorkerPMChild = StartChildProcess(B_SLOTSYNC_WORKER);
3365 :
3366 : /*
3367 : * If we need to start a WAL receiver, try to do that now
3368 : *
3369 : * Note: if a walreceiver process is already running, it might seem that
3370 : * we should clear WalReceiverRequested. However, there's a race
3371 : * condition if the walreceiver terminates and the startup process
3372 : * immediately requests a new one: it's quite possible to get the signal
3373 : * for the request before reaping the dead walreceiver process. Better to
3374 : * risk launching an extra walreceiver than to miss launching one we need.
3375 : * (The walreceiver code has logic to recognize that it should go away if
3376 : * not needed.)
3377 : */
3378 258850 : if (WalReceiverRequested)
3379 : {
3380 948 : if (WalReceiverPMChild == NULL &&
3381 590 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
3382 588 : pmState == PM_HOT_STANDBY) &&
3383 530 : Shutdown <= SmartShutdown)
3384 : {
3385 530 : WalReceiverPMChild = StartChildProcess(B_WAL_RECEIVER);
3386 530 : if (WalReceiverPMChild != 0)
3387 530 : WalReceiverRequested = false;
3388 : /* else leave the flag set, so we'll try again later */
3389 : }
3390 : }
3391 :
3392 : /* If we need to start a WAL summarizer, try to do that now */
3393 258850 : if (summarize_wal && WalSummarizerPMChild == NULL &&
3394 110 : (pmState == PM_RUN || pmState == PM_HOT_STANDBY) &&
3395 38 : Shutdown <= SmartShutdown)
3396 38 : WalSummarizerPMChild = StartChildProcess(B_WAL_SUMMARIZER);
3397 :
3398 : /* Get other worker processes running, if needed */
3399 258850 : if (StartWorkerNeeded || HaveCrashedWorker)
3400 13924 : maybe_start_bgworkers();
3401 258850 : }
3402 :
3403 : /*
3404 : * Return string representation of signal.
3405 : *
3406 : * Because this is only implemented for signals we already rely on in this
3407 : * file we don't need to deal with unimplemented or same-numeric-value signals
3408 : * (as we'd e.g. have to for EWOULDBLOCK / EAGAIN).
3409 : */
3410 : static const char *
3411 36 : pm_signame(int signal)
3412 : {
3413 : #define PM_TOSTR_CASE(sym) case sym: return #sym
3414 36 : switch (signal)
3415 : {
3416 0 : PM_TOSTR_CASE(SIGABRT);
3417 0 : PM_TOSTR_CASE(SIGCHLD);
3418 0 : PM_TOSTR_CASE(SIGHUP);
3419 4 : PM_TOSTR_CASE(SIGINT);
3420 0 : PM_TOSTR_CASE(SIGKILL);
3421 0 : PM_TOSTR_CASE(SIGQUIT);
3422 22 : PM_TOSTR_CASE(SIGTERM);
3423 0 : PM_TOSTR_CASE(SIGUSR1);
3424 10 : PM_TOSTR_CASE(SIGUSR2);
3425 0 : default:
3426 : /* all signals sent by postmaster should be listed here */
3427 : Assert(false);
3428 0 : return "(unknown)";
3429 : }
3430 : #undef PM_TOSTR_CASE
3431 :
3432 : return ""; /* silence compiler */
3433 : }
3434 :
3435 : /*
3436 : * Send a signal to a postmaster child process
3437 : *
3438 : * On systems that have setsid(), each child process sets itself up as a
3439 : * process group leader. For signals that are generally interpreted in the
3440 : * appropriate fashion, we signal the entire process group not just the
3441 : * direct child process. This allows us to, for example, SIGQUIT a blocked
3442 : * archive_recovery script, or SIGINT a script being run by a backend via
3443 : * system().
3444 : *
3445 : * There is a race condition for recently-forked children: they might not
3446 : * have executed setsid() yet. So we signal the child directly as well as
3447 : * the group. We assume such a child will handle the signal before trying
3448 : * to spawn any grandchild processes. We also assume that signaling the
3449 : * child twice will not cause any problems.
3450 : */
3451 : static void
3452 19706 : signal_child(PMChild *pmchild, int signal)
3453 : {
3454 19706 : pid_t pid = pmchild->pid;
3455 :
3456 19706 : ereport(DEBUG3,
3457 : (errmsg_internal("sending signal %d/%s to %s process with pid %d",
3458 : signal, pm_signame(signal),
3459 : GetBackendTypeDesc(pmchild->bkend_type),
3460 : (int) pmchild->pid)));
3461 :
3462 19706 : if (kill(pid, signal) < 0)
3463 0 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
3464 : #ifdef HAVE_SETSID
3465 19706 : switch (signal)
3466 : {
3467 12624 : case SIGINT:
3468 : case SIGTERM:
3469 : case SIGQUIT:
3470 : case SIGKILL:
3471 : case SIGABRT:
3472 12624 : if (kill(-pid, signal) < 0)
3473 20 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
3474 12624 : break;
3475 7082 : default:
3476 7082 : break;
3477 : }
3478 : #endif
3479 19706 : }
3480 :
3481 : /*
3482 : * Send a signal to the targeted children.
3483 : */
3484 : static bool
3485 5762 : SignalChildren(int signal, BackendTypeMask targetMask)
3486 : {
3487 : dlist_iter iter;
3488 5762 : bool signaled = false;
3489 :
3490 32878 : dlist_foreach(iter, &ActiveChildList)
3491 : {
3492 27116 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
3493 :
3494 : /*
3495 : * If we need to distinguish between B_BACKEND and B_WAL_SENDER, check
3496 : * if any B_BACKEND backends have recently announced that they are
3497 : * actually WAL senders.
3498 : */
3499 27116 : if (btmask_contains(targetMask, B_WAL_SENDER) != btmask_contains(targetMask, B_BACKEND) &&
3500 13732 : bp->bkend_type == B_BACKEND)
3501 : {
3502 1374 : if (IsPostmasterChildWalSender(bp->child_slot))
3503 74 : bp->bkend_type = B_WAL_SENDER;
3504 : }
3505 :
3506 27116 : if (!btmask_contains(targetMask, bp->bkend_type))
3507 9594 : continue;
3508 :
3509 17522 : signal_child(bp, signal);
3510 17522 : signaled = true;
3511 : }
3512 5762 : return signaled;
3513 : }
3514 :
3515 : /*
3516 : * Send a termination signal to children. This considers all of our children
3517 : * processes, except syslogger.
3518 : */
3519 : static void
3520 678 : TerminateChildren(int signal)
3521 : {
3522 678 : SignalChildren(signal, btmask_all_except(B_LOGGER));
3523 678 : if (StartupPMChild != NULL)
3524 : {
3525 90 : if (signal == SIGQUIT || signal == SIGKILL || signal == SIGABRT)
3526 90 : StartupStatus = STARTUP_SIGNALED;
3527 : }
3528 678 : }
3529 :
3530 : /*
3531 : * BackendStartup -- start backend process
3532 : *
3533 : * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
3534 : *
3535 : * Note: if you change this code, also consider StartAutovacuumWorker and
3536 : * StartBackgroundWorker.
3537 : */
3538 : static int
3539 26988 : BackendStartup(ClientSocket *client_sock)
3540 : {
3541 26988 : PMChild *bn = NULL;
3542 : pid_t pid;
3543 : BackendStartupData startup_data;
3544 : CAC_state cac;
3545 :
3546 : /*
3547 : * Capture time that Postmaster got a socket from accept (for logging
3548 : * connection establishment and setup total duration).
3549 : */
3550 26988 : startup_data.socket_created = GetCurrentTimestamp();
3551 :
3552 : /*
3553 : * Allocate and assign the child slot. Note we must do this before
3554 : * forking, so that we can handle failures (out of memory or child-process
3555 : * slots) cleanly.
3556 : */
3557 26988 : cac = canAcceptConnections(B_BACKEND);
3558 26988 : if (cac == CAC_OK)
3559 : {
3560 : /* Can change later to B_WAL_SENDER */
3561 26368 : bn = AssignPostmasterChildSlot(B_BACKEND);
3562 26368 : if (!bn)
3563 : {
3564 : /*
3565 : * Too many regular child processes; launch a dead-end child
3566 : * process instead.
3567 : */
3568 56 : cac = CAC_TOOMANY;
3569 : }
3570 : }
3571 26988 : if (!bn)
3572 : {
3573 676 : bn = AllocDeadEndChild();
3574 676 : if (!bn)
3575 : {
3576 0 : ereport(LOG,
3577 : (errcode(ERRCODE_OUT_OF_MEMORY),
3578 : errmsg("out of memory")));
3579 0 : return STATUS_ERROR;
3580 : }
3581 : }
3582 :
3583 : /* Pass down canAcceptConnections state */
3584 26988 : startup_data.canAcceptConnections = cac;
3585 26988 : bn->rw = NULL;
3586 :
3587 : /* Hasn't asked to be notified about any bgworkers yet */
3588 26988 : bn->bgworker_notify = false;
3589 :
3590 26988 : pid = postmaster_child_launch(bn->bkend_type, bn->child_slot,
3591 : &startup_data, sizeof(startup_data),
3592 : client_sock);
3593 26988 : if (pid < 0)
3594 : {
3595 : /* in parent, fork failed */
3596 0 : int save_errno = errno;
3597 :
3598 0 : (void) ReleasePostmasterChildSlot(bn);
3599 0 : errno = save_errno;
3600 0 : ereport(LOG,
3601 : (errmsg("could not fork new process for connection: %m")));
3602 0 : report_fork_failure_to_client(client_sock, save_errno);
3603 0 : return STATUS_ERROR;
3604 : }
3605 :
3606 : /* in parent, successful fork */
3607 26988 : ereport(DEBUG2,
3608 : (errmsg_internal("forked new %s, pid=%d socket=%d",
3609 : GetBackendTypeDesc(bn->bkend_type),
3610 : (int) pid, (int) client_sock->sock)));
3611 :
3612 : /*
3613 : * Everything's been successful, it's safe to add this backend to our list
3614 : * of backends.
3615 : */
3616 26988 : bn->pid = pid;
3617 26988 : return STATUS_OK;
3618 : }
3619 :
3620 : /*
3621 : * Try to report backend fork() failure to client before we close the
3622 : * connection. Since we do not care to risk blocking the postmaster on
3623 : * this connection, we set the connection to non-blocking and try only once.
3624 : *
3625 : * This is grungy special-purpose code; we cannot use backend libpq since
3626 : * it's not up and running.
3627 : */
3628 : static void
3629 0 : report_fork_failure_to_client(ClientSocket *client_sock, int errnum)
3630 : {
3631 : char buffer[1000];
3632 : int rc;
3633 :
3634 : /* Format the error message packet (always V2 protocol) */
3635 0 : snprintf(buffer, sizeof(buffer), "E%s%s\n",
3636 : _("could not fork new process for connection: "),
3637 : strerror(errnum));
3638 :
3639 : /* Set port to non-blocking. Don't do send() if this fails */
3640 0 : if (!pg_set_noblock(client_sock->sock))
3641 0 : return;
3642 :
3643 : /* We'll retry after EINTR, but ignore all other failures */
3644 : do
3645 : {
3646 0 : rc = send(client_sock->sock, buffer, strlen(buffer) + 1, 0);
3647 0 : } while (rc < 0 && errno == EINTR);
3648 : }
3649 :
3650 : /*
3651 : * ExitPostmaster -- cleanup
3652 : *
3653 : * Do NOT call exit() directly --- always go through here!
3654 : */
3655 : static void
3656 1708 : ExitPostmaster(int status)
3657 : {
3658 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
3659 :
3660 : /*
3661 : * There is no known cause for a postmaster to become multithreaded after
3662 : * startup. However, we might reach here via an error exit before
3663 : * reaching the test in PostmasterMain, so provide the same hint as there.
3664 : * This message uses LOG level, because an unclean shutdown at this point
3665 : * would usually not look much different from a clean shutdown.
3666 : */
3667 : if (pthread_is_threaded_np() != 0)
3668 : ereport(LOG,
3669 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
3670 : errmsg("postmaster became multithreaded"),
3671 : errhint("Set the LC_ALL environment variable to a valid locale.")));
3672 : #endif
3673 :
3674 : /* should cleanup shared memory and kill all backends */
3675 :
3676 : /*
3677 : * Not sure of the semantics here. When the Postmaster dies, should the
3678 : * backends all be killed? probably not.
3679 : *
3680 : * MUST -- vadim 05-10-1999
3681 : */
3682 :
3683 1708 : proc_exit(status);
3684 : }
3685 :
3686 : /*
3687 : * Handle pmsignal conditions representing requests from backends,
3688 : * and check for promote and logrotate requests from pg_ctl.
3689 : */
3690 : static void
3691 185026 : process_pm_pmsignal(void)
3692 : {
3693 185026 : bool request_state_update = false;
3694 :
3695 185026 : pending_pm_pmsignal = false;
3696 :
3697 185026 : ereport(DEBUG2,
3698 : (errmsg_internal("postmaster received pmsignal signal")));
3699 :
3700 : /*
3701 : * RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in
3702 : * unexpected states. If the startup process quickly starts up, completes
3703 : * recovery, exits, we might process the death of the startup process
3704 : * first. We don't want to go back to recovery in that case.
3705 : */
3706 185026 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_STARTED) &&
3707 496 : pmState == PM_STARTUP && Shutdown == NoShutdown)
3708 : {
3709 : /* WAL redo has started. We're out of reinitialization. */
3710 496 : FatalError = false;
3711 496 : AbortStartTime = 0;
3712 496 : reachedConsistency = false;
3713 :
3714 : /*
3715 : * Start the archiver if we're responsible for (re-)archiving received
3716 : * files.
3717 : */
3718 : Assert(PgArchPMChild == NULL);
3719 496 : if (XLogArchivingAlways())
3720 6 : PgArchPMChild = StartChildProcess(B_ARCHIVER);
3721 :
3722 : /*
3723 : * If we aren't planning to enter hot standby mode later, treat
3724 : * RECOVERY_STARTED as meaning we're out of startup, and report status
3725 : * accordingly.
3726 : */
3727 496 : if (!EnableHotStandby)
3728 : {
3729 4 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STANDBY);
3730 : #ifdef USE_SYSTEMD
3731 : sd_notify(0, "READY=1");
3732 : #endif
3733 : }
3734 :
3735 496 : UpdatePMState(PM_RECOVERY);
3736 : }
3737 :
3738 185026 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_CONSISTENT) &&
3739 316 : pmState == PM_RECOVERY && Shutdown == NoShutdown)
3740 : {
3741 316 : reachedConsistency = true;
3742 : }
3743 :
3744 185026 : if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY) &&
3745 300 : (pmState == PM_RECOVERY && Shutdown == NoShutdown))
3746 : {
3747 300 : ereport(LOG,
3748 : (errmsg("database system is ready to accept read-only connections")));
3749 :
3750 : /* Report status */
3751 300 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
3752 : #ifdef USE_SYSTEMD
3753 : sd_notify(0, "READY=1");
3754 : #endif
3755 :
3756 300 : UpdatePMState(PM_HOT_STANDBY);
3757 300 : connsAllowed = true;
3758 :
3759 : /* Some workers may be scheduled to start now */
3760 300 : StartWorkerNeeded = true;
3761 : }
3762 :
3763 : /* Process background worker state changes. */
3764 185026 : if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))
3765 : {
3766 : /* Accept new worker requests only if not stopping. */
3767 2566 : BackgroundWorkerStateChange(pmState < PM_STOP_BACKENDS);
3768 2566 : StartWorkerNeeded = true;
3769 : }
3770 :
3771 : /* Tell syslogger to rotate logfile if requested */
3772 185026 : if (SysLoggerPMChild != NULL)
3773 : {
3774 4 : if (CheckLogrotateSignal())
3775 : {
3776 2 : signal_child(SysLoggerPMChild, SIGUSR1);
3777 2 : RemoveLogrotateSignalFiles();
3778 : }
3779 2 : else if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE))
3780 : {
3781 0 : signal_child(SysLoggerPMChild, SIGUSR1);
3782 : }
3783 : }
3784 :
3785 185026 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER) &&
3786 173212 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
3787 : {
3788 : /*
3789 : * Start one iteration of the autovacuum daemon, even if autovacuuming
3790 : * is nominally not enabled. This is so we can have an active defense
3791 : * against transaction ID wraparound. We set a flag for the main loop
3792 : * to do it rather than trying to do it here --- this is because the
3793 : * autovac process itself may send the signal, and we want to handle
3794 : * that by launching another iteration as soon as the current one
3795 : * completes.
3796 : */
3797 173212 : start_autovac_launcher = true;
3798 : }
3799 :
3800 185026 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER) &&
3801 4734 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
3802 : {
3803 : /* The autovacuum launcher wants us to start a worker process. */
3804 4734 : StartAutovacuumWorker();
3805 : }
3806 :
3807 185026 : if (CheckPostmasterSignal(PMSIGNAL_START_WALRECEIVER))
3808 : {
3809 : /* Startup Process wants us to start the walreceiver process. */
3810 556 : WalReceiverRequested = true;
3811 : }
3812 :
3813 185026 : if (CheckPostmasterSignal(PMSIGNAL_XLOG_IS_SHUTDOWN))
3814 : {
3815 : /* Checkpointer completed the shutdown checkpoint */
3816 1034 : if (pmState == PM_WAIT_XLOG_SHUTDOWN)
3817 : {
3818 : /*
3819 : * If we have an archiver subprocess, tell it to do a last archive
3820 : * cycle and quit. Likewise, if we have walsender processes, tell
3821 : * them to send any remaining WAL and quit.
3822 : */
3823 : Assert(Shutdown > NoShutdown);
3824 :
3825 : /* Waken archiver for the last time */
3826 1034 : if (PgArchPMChild != NULL)
3827 30 : signal_child(PgArchPMChild, SIGUSR2);
3828 :
3829 : /*
3830 : * Waken walsenders for the last time. No regular backends should
3831 : * be around anymore.
3832 : */
3833 1034 : SignalChildren(SIGUSR2, btmask(B_WAL_SENDER));
3834 :
3835 1034 : UpdatePMState(PM_WAIT_XLOG_ARCHIVAL);
3836 : }
3837 0 : else if (!FatalError && Shutdown != ImmediateShutdown)
3838 : {
3839 : /*
3840 : * Checkpointer only ought to perform the shutdown checkpoint
3841 : * during shutdown. If somehow checkpointer did so in another
3842 : * situation, we have no choice but to crash-restart.
3843 : *
3844 : * It's possible however that we get PMSIGNAL_XLOG_IS_SHUTDOWN
3845 : * outside of PM_WAIT_XLOG_SHUTDOWN if an orderly shutdown was
3846 : * "interrupted" by a crash or an immediate shutdown.
3847 : */
3848 0 : ereport(LOG,
3849 : (errmsg("WAL was shut down unexpectedly")));
3850 :
3851 : /*
3852 : * Doesn't seem likely to help to take send_abort_for_crash into
3853 : * account here.
3854 : */
3855 0 : HandleFatalError(PMQUIT_FOR_CRASH, false);
3856 : }
3857 :
3858 : /*
3859 : * Need to run PostmasterStateMachine() to check if we already can go
3860 : * to the next state.
3861 : */
3862 1034 : request_state_update = true;
3863 : }
3864 :
3865 : /*
3866 : * Try to advance postmaster's state machine, if a child requests it.
3867 : */
3868 185026 : if (CheckPostmasterSignal(PMSIGNAL_ADVANCE_STATE_MACHINE))
3869 : {
3870 2408 : request_state_update = true;
3871 : }
3872 :
3873 : /*
3874 : * Be careful about the order of this action relative to this function's
3875 : * other actions. Generally, this should be after other actions, in case
3876 : * they have effects PostmasterStateMachine would need to know about.
3877 : * However, we should do it before the CheckPromoteSignal step, which
3878 : * cannot have any (immediate) effect on the state machine, but does
3879 : * depend on what state we're in now.
3880 : */
3881 185026 : if (request_state_update)
3882 : {
3883 3442 : PostmasterStateMachine();
3884 : }
3885 :
3886 185026 : if (StartupPMChild != NULL &&
3887 1582 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
3888 2612 : pmState == PM_HOT_STANDBY) &&
3889 1582 : CheckPromoteSignal())
3890 : {
3891 : /*
3892 : * Tell startup process to finish recovery.
3893 : *
3894 : * Leave the promote signal file in place and let the Startup process
3895 : * do the unlink.
3896 : */
3897 84 : signal_child(StartupPMChild, SIGUSR2);
3898 : }
3899 185026 : }
3900 :
3901 : /*
3902 : * Dummy signal handler
3903 : *
3904 : * We use this for signals that we don't actually use in the postmaster,
3905 : * but we do use in backends. If we were to SIG_IGN such signals in the
3906 : * postmaster, then a newly started backend might drop a signal that arrives
3907 : * before it's able to reconfigure its signal processing. (See notes in
3908 : * tcop/postgres.c.)
3909 : */
3910 : static void
3911 0 : dummy_handler(SIGNAL_ARGS)
3912 : {
3913 0 : }
3914 :
3915 : /*
3916 : * Count up number of child processes of specified types.
3917 : */
3918 : static int
3919 12394 : CountChildren(BackendTypeMask targetMask)
3920 : {
3921 : dlist_iter iter;
3922 12394 : int cnt = 0;
3923 :
3924 73776 : dlist_foreach(iter, &ActiveChildList)
3925 : {
3926 61382 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
3927 :
3928 : /*
3929 : * If we need to distinguish between B_BACKEND and B_WAL_SENDER, check
3930 : * if any B_BACKEND backends have recently announced that they are
3931 : * actually WAL senders.
3932 : */
3933 61382 : if (btmask_contains(targetMask, B_WAL_SENDER) != btmask_contains(targetMask, B_BACKEND) &&
3934 43416 : bp->bkend_type == B_BACKEND)
3935 : {
3936 2882 : if (IsPostmasterChildWalSender(bp->child_slot))
3937 0 : bp->bkend_type = B_WAL_SENDER;
3938 : }
3939 :
3940 61382 : if (!btmask_contains(targetMask, bp->bkend_type))
3941 31514 : continue;
3942 :
3943 29868 : ereport(DEBUG4,
3944 : (errmsg_internal("%s process %d is still running",
3945 : GetBackendTypeDesc(bp->bkend_type), (int) bp->pid)));
3946 :
3947 29868 : cnt++;
3948 : }
3949 12394 : return cnt;
3950 : }
3951 :
3952 :
3953 : /*
3954 : * StartChildProcess -- start an auxiliary process for the postmaster
3955 : *
3956 : * "type" determines what kind of child will be started. All child types
3957 : * initially go to AuxiliaryProcessMain, which will handle common setup.
3958 : *
3959 : * Return value of StartChildProcess is subprocess' PMChild entry, or NULL on
3960 : * failure.
3961 : */
3962 : static PMChild *
3963 18522 : StartChildProcess(BackendType type)
3964 : {
3965 : PMChild *pmchild;
3966 : pid_t pid;
3967 :
3968 18522 : pmchild = AssignPostmasterChildSlot(type);
3969 18522 : if (!pmchild)
3970 : {
3971 0 : if (type == B_AUTOVAC_WORKER)
3972 0 : ereport(LOG,
3973 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
3974 : errmsg("no slot available for new autovacuum worker process")));
3975 : else
3976 : {
3977 : /* shouldn't happen because we allocate enough slots */
3978 0 : elog(LOG, "no postmaster child slot available for aux process");
3979 : }
3980 0 : return NULL;
3981 : }
3982 :
3983 18522 : pid = postmaster_child_launch(type, pmchild->child_slot, NULL, 0, NULL);
3984 18522 : if (pid < 0)
3985 : {
3986 : /* in parent, fork failed */
3987 0 : ReleasePostmasterChildSlot(pmchild);
3988 0 : ereport(LOG,
3989 : (errmsg("could not fork \"%s\" process: %m", PostmasterChildName(type))));
3990 :
3991 : /*
3992 : * fork failure is fatal during startup, but there's no need to choke
3993 : * immediately if starting other child types fails.
3994 : */
3995 0 : if (type == B_STARTUP)
3996 0 : ExitPostmaster(1);
3997 0 : return NULL;
3998 : }
3999 :
4000 : /* in parent, successful fork */
4001 18522 : pmchild->pid = pid;
4002 18522 : return pmchild;
4003 : }
4004 :
4005 : /*
4006 : * StartSysLogger -- start the syslogger process
4007 : */
4008 : void
4009 2 : StartSysLogger(void)
4010 : {
4011 : Assert(SysLoggerPMChild == NULL);
4012 :
4013 2 : SysLoggerPMChild = AssignPostmasterChildSlot(B_LOGGER);
4014 2 : if (!SysLoggerPMChild)
4015 0 : elog(PANIC, "no postmaster child slot available for syslogger");
4016 2 : SysLoggerPMChild->pid = SysLogger_Start(SysLoggerPMChild->child_slot);
4017 2 : if (SysLoggerPMChild->pid == 0)
4018 : {
4019 0 : ReleasePostmasterChildSlot(SysLoggerPMChild);
4020 0 : SysLoggerPMChild = NULL;
4021 : }
4022 2 : }
4023 :
4024 : /*
4025 : * StartAutovacuumWorker
4026 : * Start an autovac worker process.
4027 : *
4028 : * This function is here because it enters the resulting PID into the
4029 : * postmaster's private backends list.
4030 : *
4031 : * NB -- this code very roughly matches BackendStartup.
4032 : */
4033 : static void
4034 4734 : StartAutovacuumWorker(void)
4035 : {
4036 : PMChild *bn;
4037 :
4038 : /*
4039 : * If not in condition to run a process, don't try, but handle it like a
4040 : * fork failure. This does not normally happen, since the signal is only
4041 : * supposed to be sent by autovacuum launcher when it's OK to do it, but
4042 : * we have to check to avoid race-condition problems during DB state
4043 : * changes.
4044 : */
4045 4734 : if (canAcceptConnections(B_AUTOVAC_WORKER) == CAC_OK)
4046 : {
4047 4734 : bn = StartChildProcess(B_AUTOVAC_WORKER);
4048 4734 : if (bn)
4049 : {
4050 4734 : bn->bgworker_notify = false;
4051 4734 : bn->rw = NULL;
4052 4734 : return;
4053 : }
4054 : else
4055 : {
4056 : /*
4057 : * fork failed, fall through to report -- actual error message was
4058 : * logged by StartChildProcess
4059 : */
4060 : }
4061 : }
4062 :
4063 : /*
4064 : * Report the failure to the launcher, if it's running. (If it's not, we
4065 : * might not even be connected to shared memory, so don't try to call
4066 : * AutoVacWorkerFailed.) Note that we also need to signal it so that it
4067 : * responds to the condition, but we don't do that here, instead waiting
4068 : * for ServerLoop to do it. This way we avoid a ping-pong signaling in
4069 : * quick succession between the autovac launcher and postmaster in case
4070 : * things get ugly.
4071 : */
4072 0 : if (AutoVacLauncherPMChild != NULL)
4073 : {
4074 0 : AutoVacWorkerFailed();
4075 0 : avlauncher_needs_signal = true;
4076 : }
4077 : }
4078 :
4079 :
4080 : /*
4081 : * Create the opts file
4082 : */
4083 : static bool
4084 1704 : CreateOptsFile(int argc, char *argv[], char *fullprogname)
4085 : {
4086 : FILE *fp;
4087 : int i;
4088 :
4089 : #define OPTS_FILE "postmaster.opts"
4090 :
4091 1704 : if ((fp = fopen(OPTS_FILE, "w")) == NULL)
4092 : {
4093 0 : ereport(LOG,
4094 : (errcode_for_file_access(),
4095 : errmsg("could not create file \"%s\": %m", OPTS_FILE)));
4096 0 : return false;
4097 : }
4098 :
4099 1704 : fprintf(fp, "%s", fullprogname);
4100 8954 : for (i = 1; i < argc; i++)
4101 7250 : fprintf(fp, " \"%s\"", argv[i]);
4102 1704 : fputs("\n", fp);
4103 :
4104 1704 : if (fclose(fp))
4105 : {
4106 0 : ereport(LOG,
4107 : (errcode_for_file_access(),
4108 : errmsg("could not write file \"%s\": %m", OPTS_FILE)));
4109 0 : return false;
4110 : }
4111 :
4112 1704 : return true;
4113 : }
4114 :
4115 :
4116 : /*
4117 : * Start a new bgworker.
4118 : * Starting time conditions must have been checked already.
4119 : *
4120 : * Returns true on success, false on failure.
4121 : * In either case, update the RegisteredBgWorker's state appropriately.
4122 : *
4123 : * NB -- this code very roughly matches BackendStartup.
4124 : */
4125 : static bool
4126 5266 : StartBackgroundWorker(RegisteredBgWorker *rw)
4127 : {
4128 : PMChild *bn;
4129 : pid_t worker_pid;
4130 :
4131 : Assert(rw->rw_pid == 0);
4132 :
4133 : /*
4134 : * Allocate and assign the child slot. Note we must do this before
4135 : * forking, so that we can handle failures (out of memory or child-process
4136 : * slots) cleanly.
4137 : *
4138 : * Treat failure as though the worker had crashed. That way, the
4139 : * postmaster will wait a bit before attempting to start it again; if we
4140 : * tried again right away, most likely we'd find ourselves hitting the
4141 : * same resource-exhaustion condition.
4142 : */
4143 5266 : bn = AssignPostmasterChildSlot(B_BG_WORKER);
4144 5266 : if (bn == NULL)
4145 : {
4146 0 : ereport(LOG,
4147 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
4148 : errmsg("no slot available for new background worker process")));
4149 0 : rw->rw_crashed_at = GetCurrentTimestamp();
4150 0 : return false;
4151 : }
4152 5266 : bn->rw = rw;
4153 5266 : bn->bkend_type = B_BG_WORKER;
4154 5266 : bn->bgworker_notify = false;
4155 :
4156 5266 : ereport(DEBUG1,
4157 : (errmsg_internal("starting background worker process \"%s\"",
4158 : rw->rw_worker.bgw_name)));
4159 :
4160 5266 : worker_pid = postmaster_child_launch(B_BG_WORKER, bn->child_slot,
4161 5266 : &rw->rw_worker, sizeof(BackgroundWorker), NULL);
4162 5266 : if (worker_pid == -1)
4163 : {
4164 : /* in postmaster, fork failed ... */
4165 0 : ereport(LOG,
4166 : (errmsg("could not fork background worker process: %m")));
4167 : /* undo what AssignPostmasterChildSlot did */
4168 0 : ReleasePostmasterChildSlot(bn);
4169 :
4170 : /* mark entry as crashed, so we'll try again later */
4171 0 : rw->rw_crashed_at = GetCurrentTimestamp();
4172 0 : return false;
4173 : }
4174 :
4175 : /* in postmaster, fork successful ... */
4176 5266 : rw->rw_pid = worker_pid;
4177 5266 : bn->pid = rw->rw_pid;
4178 5266 : ReportBackgroundWorkerPID(rw);
4179 5266 : return true;
4180 : }
4181 :
4182 : /*
4183 : * Does the current postmaster state require starting a worker with the
4184 : * specified start_time?
4185 : */
4186 : static bool
4187 7166 : bgworker_should_start_now(BgWorkerStartTime start_time)
4188 : {
4189 7166 : switch (pmState)
4190 : {
4191 0 : case PM_NO_CHILDREN:
4192 : case PM_WAIT_CHECKPOINTER:
4193 : case PM_WAIT_DEAD_END:
4194 : case PM_WAIT_XLOG_ARCHIVAL:
4195 : case PM_WAIT_XLOG_SHUTDOWN:
4196 : case PM_WAIT_IO_WORKERS:
4197 : case PM_WAIT_BACKENDS:
4198 : case PM_STOP_BACKENDS:
4199 0 : break;
4200 :
4201 5266 : case PM_RUN:
4202 5266 : if (start_time == BgWorkerStart_RecoveryFinished)
4203 2510 : return true;
4204 : /* fall through */
4205 :
4206 : case PM_HOT_STANDBY:
4207 3048 : if (start_time == BgWorkerStart_ConsistentState)
4208 2756 : return true;
4209 : /* fall through */
4210 :
4211 : case PM_RECOVERY:
4212 : case PM_STARTUP:
4213 : case PM_INIT:
4214 1900 : if (start_time == BgWorkerStart_PostmasterStart)
4215 0 : return true;
4216 : /* fall through */
4217 : }
4218 :
4219 1900 : return false;
4220 : }
4221 :
4222 : /*
4223 : * If the time is right, start background worker(s).
4224 : *
4225 : * As a side effect, the bgworker control variables are set or reset
4226 : * depending on whether more workers may need to be started.
4227 : *
4228 : * We limit the number of workers started per call, to avoid consuming the
4229 : * postmaster's attention for too long when many such requests are pending.
4230 : * As long as StartWorkerNeeded is true, ServerLoop will not block and will
4231 : * call this function again after dealing with any other issues.
4232 : */
4233 : static void
4234 15628 : maybe_start_bgworkers(void)
4235 : {
4236 : #define MAX_BGWORKERS_TO_LAUNCH 100
4237 15628 : int num_launched = 0;
4238 15628 : TimestampTz now = 0;
4239 : dlist_mutable_iter iter;
4240 :
4241 : /*
4242 : * During crash recovery, we have no need to be called until the state
4243 : * transition out of recovery.
4244 : */
4245 15628 : if (FatalError)
4246 : {
4247 0 : StartWorkerNeeded = false;
4248 0 : HaveCrashedWorker = false;
4249 0 : return;
4250 : }
4251 :
4252 : /* Don't need to be called again unless we find a reason for it below */
4253 15628 : StartWorkerNeeded = false;
4254 15628 : HaveCrashedWorker = false;
4255 :
4256 41806 : dlist_foreach_modify(iter, &BackgroundWorkerList)
4257 : {
4258 : RegisteredBgWorker *rw;
4259 :
4260 26178 : rw = dlist_container(RegisteredBgWorker, rw_lnode, iter.cur);
4261 :
4262 : /* ignore if already running */
4263 26178 : if (rw->rw_pid != 0)
4264 13166 : continue;
4265 :
4266 : /* if marked for death, clean up and remove from list */
4267 13012 : if (rw->rw_terminate)
4268 : {
4269 0 : ForgetBackgroundWorker(rw);
4270 0 : continue;
4271 : }
4272 :
4273 : /*
4274 : * If this worker has crashed previously, maybe it needs to be
4275 : * restarted (unless on registration it specified it doesn't want to
4276 : * be restarted at all). Check how long ago did a crash last happen.
4277 : * If the last crash is too recent, don't start it right away; let it
4278 : * be restarted once enough time has passed.
4279 : */
4280 13012 : if (rw->rw_crashed_at != 0)
4281 : {
4282 5846 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
4283 0 : {
4284 : int notify_pid;
4285 :
4286 0 : notify_pid = rw->rw_worker.bgw_notify_pid;
4287 :
4288 0 : ForgetBackgroundWorker(rw);
4289 :
4290 : /* Report worker is gone now. */
4291 0 : if (notify_pid != 0)
4292 0 : kill(notify_pid, SIGUSR1);
4293 :
4294 0 : continue;
4295 : }
4296 :
4297 : /* read system time only when needed */
4298 5846 : if (now == 0)
4299 5846 : now = GetCurrentTimestamp();
4300 :
4301 5846 : if (!TimestampDifferenceExceeds(rw->rw_crashed_at, now,
4302 5846 : rw->rw_worker.bgw_restart_time * 1000))
4303 : {
4304 : /* Set flag to remember that we have workers to start later */
4305 5846 : HaveCrashedWorker = true;
4306 5846 : continue;
4307 : }
4308 : }
4309 :
4310 7166 : if (bgworker_should_start_now(rw->rw_worker.bgw_start_time))
4311 : {
4312 : /* reset crash time before trying to start worker */
4313 5266 : rw->rw_crashed_at = 0;
4314 :
4315 : /*
4316 : * Try to start the worker.
4317 : *
4318 : * On failure, give up processing workers for now, but set
4319 : * StartWorkerNeeded so we'll come back here on the next iteration
4320 : * of ServerLoop to try again. (We don't want to wait, because
4321 : * there might be additional ready-to-run workers.) We could set
4322 : * HaveCrashedWorker as well, since this worker is now marked
4323 : * crashed, but there's no need because the next run of this
4324 : * function will do that.
4325 : */
4326 5266 : if (!StartBackgroundWorker(rw))
4327 : {
4328 0 : StartWorkerNeeded = true;
4329 0 : return;
4330 : }
4331 :
4332 : /*
4333 : * If we've launched as many workers as allowed, quit, but have
4334 : * ServerLoop call us again to look for additional ready-to-run
4335 : * workers. There might not be any, but we'll find out the next
4336 : * time we run.
4337 : */
4338 5266 : if (++num_launched >= MAX_BGWORKERS_TO_LAUNCH)
4339 : {
4340 0 : StartWorkerNeeded = true;
4341 0 : return;
4342 : }
4343 : }
4344 : }
4345 : }
4346 :
4347 : static bool
4348 42194 : maybe_reap_io_worker(int pid)
4349 : {
4350 1232046 : for (int i = 0; i < MAX_IO_WORKERS; ++i)
4351 : {
4352 1195058 : if (io_worker_children[i] &&
4353 116314 : io_worker_children[i]->pid == pid)
4354 : {
4355 5206 : ReleasePostmasterChildSlot(io_worker_children[i]);
4356 :
4357 5206 : --io_worker_count;
4358 5206 : io_worker_children[i] = NULL;
4359 5206 : return true;
4360 : }
4361 : }
4362 36988 : return false;
4363 : }
4364 :
4365 : /*
4366 : * Start or stop IO workers, to close the gap between the number of running
4367 : * workers and the number of configured workers. Used to respond to change of
4368 : * the io_workers GUC (by increasing and decreasing the number of workers), as
4369 : * well as workers terminating in response to errors (by starting
4370 : * "replacement" workers).
4371 : */
4372 : static void
4373 265770 : maybe_adjust_io_workers(void)
4374 : {
4375 265770 : if (!pgaio_workers_enabled())
4376 110 : return;
4377 :
4378 : /*
4379 : * If we're in final shutting down state, then we're just waiting for all
4380 : * processes to exit.
4381 : */
4382 265660 : if (pmState >= PM_WAIT_IO_WORKERS)
4383 7444 : return;
4384 :
4385 : /* Don't start new workers during an immediate shutdown either. */
4386 258216 : if (Shutdown >= ImmediateShutdown)
4387 4424 : return;
4388 :
4389 : /*
4390 : * Don't start new workers if we're in the shutdown phase of a crash
4391 : * restart. But we *do* need to start if we're already starting up again.
4392 : */
4393 253792 : if (FatalError && pmState >= PM_STOP_BACKENDS)
4394 86 : return;
4395 :
4396 : Assert(pmState < PM_WAIT_IO_WORKERS);
4397 :
4398 : /* Not enough running? */
4399 258918 : while (io_worker_count < io_workers)
4400 : {
4401 : PMChild *child;
4402 : int i;
4403 :
4404 : /* find unused entry in io_worker_children array */
4405 11454 : for (i = 0; i < MAX_IO_WORKERS; ++i)
4406 : {
4407 11454 : if (io_worker_children[i] == NULL)
4408 5212 : break;
4409 : }
4410 5212 : if (i == MAX_IO_WORKERS)
4411 0 : elog(ERROR, "could not find a free IO worker slot");
4412 :
4413 : /* Try to launch one. */
4414 5212 : child = StartChildProcess(B_IO_WORKER);
4415 5212 : if (child != NULL)
4416 : {
4417 5212 : io_worker_children[i] = child;
4418 5212 : ++io_worker_count;
4419 : }
4420 : else
4421 0 : break; /* try again next time */
4422 : }
4423 :
4424 : /* Too many running? */
4425 253706 : if (io_worker_count > io_workers)
4426 : {
4427 : /* ask the IO worker in the highest slot to exit */
4428 1694 : for (int i = MAX_IO_WORKERS - 1; i >= 0; --i)
4429 : {
4430 1694 : if (io_worker_children[i] != NULL)
4431 : {
4432 144 : kill(io_worker_children[i]->pid, SIGUSR2);
4433 144 : break;
4434 : }
4435 : }
4436 : }
4437 : }
4438 :
4439 :
4440 : /*
4441 : * When a backend asks to be notified about worker state changes, we
4442 : * set a flag in its backend entry. The background worker machinery needs
4443 : * to know when such backends exit.
4444 : */
4445 : bool
4446 3854 : PostmasterMarkPIDForWorkerNotify(int pid)
4447 : {
4448 : dlist_iter iter;
4449 : PMChild *bp;
4450 :
4451 10142 : dlist_foreach(iter, &ActiveChildList)
4452 : {
4453 10142 : bp = dlist_container(PMChild, elem, iter.cur);
4454 10142 : if (bp->pid == pid)
4455 : {
4456 3854 : bp->bgworker_notify = true;
4457 3854 : return true;
4458 : }
4459 : }
4460 0 : return false;
4461 : }
4462 :
4463 : #ifdef WIN32
4464 :
4465 : /*
4466 : * Subset implementation of waitpid() for Windows. We assume pid is -1
4467 : * (that is, check all child processes) and options is WNOHANG (don't wait).
4468 : */
4469 : static pid_t
4470 : waitpid(pid_t pid, int *exitstatus, int options)
4471 : {
4472 : win32_deadchild_waitinfo *childinfo;
4473 : DWORD exitcode;
4474 : DWORD dwd;
4475 : ULONG_PTR key;
4476 : OVERLAPPED *ovl;
4477 :
4478 : /* Try to consume one win32_deadchild_waitinfo from the queue. */
4479 : if (!GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
4480 : {
4481 : errno = EAGAIN;
4482 : return -1;
4483 : }
4484 :
4485 : childinfo = (win32_deadchild_waitinfo *) key;
4486 : pid = childinfo->procId;
4487 :
4488 : /*
4489 : * Remove handle from wait - required even though it's set to wait only
4490 : * once
4491 : */
4492 : UnregisterWaitEx(childinfo->waitHandle, NULL);
4493 :
4494 : if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
4495 : {
4496 : /*
4497 : * Should never happen. Inform user and set a fixed exitcode.
4498 : */
4499 : write_stderr("could not read exit code for process\n");
4500 : exitcode = 255;
4501 : }
4502 : *exitstatus = exitcode;
4503 :
4504 : /*
4505 : * Close the process handle. Only after this point can the PID can be
4506 : * recycled by the kernel.
4507 : */
4508 : CloseHandle(childinfo->procHandle);
4509 :
4510 : /*
4511 : * Free struct that was allocated before the call to
4512 : * RegisterWaitForSingleObject()
4513 : */
4514 : pfree(childinfo);
4515 :
4516 : return pid;
4517 : }
4518 :
4519 : /*
4520 : * Note! Code below executes on a thread pool! All operations must
4521 : * be thread safe! Note that elog() and friends must *not* be used.
4522 : */
4523 : static void WINAPI
4524 : pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
4525 : {
4526 : /* Should never happen, since we use INFINITE as timeout value. */
4527 : if (TimerOrWaitFired)
4528 : return;
4529 :
4530 : /*
4531 : * Post the win32_deadchild_waitinfo object for waitpid() to deal with. If
4532 : * that fails, we leak the object, but we also leak a whole process and
4533 : * get into an unrecoverable state, so there's not much point in worrying
4534 : * about that. We'd like to panic, but we can't use that infrastructure
4535 : * from this thread.
4536 : */
4537 : if (!PostQueuedCompletionStatus(win32ChildQueue,
4538 : 0,
4539 : (ULONG_PTR) lpParameter,
4540 : NULL))
4541 : write_stderr("could not post child completion status\n");
4542 :
4543 : /* Queue SIGCHLD signal. */
4544 : pg_queue_signal(SIGCHLD);
4545 : }
4546 :
4547 : /*
4548 : * Queue a waiter to signal when this child dies. The wait will be handled
4549 : * automatically by an operating system thread pool. The memory and the
4550 : * process handle will be freed by a later call to waitpid().
4551 : */
4552 : void
4553 : pgwin32_register_deadchild_callback(HANDLE procHandle, DWORD procId)
4554 : {
4555 : win32_deadchild_waitinfo *childinfo;
4556 :
4557 : childinfo = palloc(sizeof(win32_deadchild_waitinfo));
4558 : childinfo->procHandle = procHandle;
4559 : childinfo->procId = procId;
4560 :
4561 : if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
4562 : procHandle,
4563 : pgwin32_deadchild_callback,
4564 : childinfo,
4565 : INFINITE,
4566 : WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
4567 : ereport(FATAL,
4568 : (errmsg_internal("could not register process for wait: error code %lu",
4569 : GetLastError())));
4570 : }
4571 :
4572 : #endif /* WIN32 */
4573 :
4574 : /*
4575 : * Initialize one and only handle for monitoring postmaster death.
4576 : *
4577 : * Called once in the postmaster, so that child processes can subsequently
4578 : * monitor if their parent is dead.
4579 : */
4580 : static void
4581 1704 : InitPostmasterDeathWatchHandle(void)
4582 : {
4583 : #ifndef WIN32
4584 :
4585 : /*
4586 : * Create a pipe. Postmaster holds the write end of the pipe open
4587 : * (POSTMASTER_FD_OWN), and children hold the read end. Children can pass
4588 : * the read file descriptor to select() to wake up in case postmaster
4589 : * dies, or check for postmaster death with a (read() == 0). Children must
4590 : * close the write end as soon as possible after forking, because EOF
4591 : * won't be signaled in the read end until all processes have closed the
4592 : * write fd. That is taken care of in ClosePostmasterPorts().
4593 : */
4594 : Assert(MyProcPid == PostmasterPid);
4595 1704 : if (pipe(postmaster_alive_fds) < 0)
4596 0 : ereport(FATAL,
4597 : (errcode_for_file_access(),
4598 : errmsg_internal("could not create pipe to monitor postmaster death: %m")));
4599 :
4600 : /* Notify fd.c that we've eaten two FDs for the pipe. */
4601 1704 : ReserveExternalFD();
4602 1704 : ReserveExternalFD();
4603 :
4604 : /*
4605 : * Set O_NONBLOCK to allow testing for the fd's presence with a read()
4606 : * call.
4607 : */
4608 1704 : if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFL, O_NONBLOCK) == -1)
4609 0 : ereport(FATAL,
4610 : (errcode_for_socket_access(),
4611 : errmsg_internal("could not set postmaster death monitoring pipe to nonblocking mode: %m")));
4612 : #else
4613 :
4614 : /*
4615 : * On Windows, we use a process handle for the same purpose.
4616 : */
4617 : if (DuplicateHandle(GetCurrentProcess(),
4618 : GetCurrentProcess(),
4619 : GetCurrentProcess(),
4620 : &PostmasterHandle,
4621 : 0,
4622 : TRUE,
4623 : DUPLICATE_SAME_ACCESS) == 0)
4624 : ereport(FATAL,
4625 : (errmsg_internal("could not duplicate postmaster handle: error code %lu",
4626 : GetLastError())));
4627 : #endif /* WIN32 */
4628 1704 : }
|
