Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * postmaster.c
4 : * This program acts as a clearing house for requests to the
5 : * POSTGRES system. Frontend programs send a startup message
6 : * to the Postmaster and the postmaster uses the info in the
7 : * message to setup a backend process.
8 : *
9 : * The postmaster also manages system-wide operations such as
10 : * startup and shutdown. The postmaster itself doesn't do those
11 : * operations, mind you --- it just forks off a subprocess to do them
12 : * at the right times. It also takes care of resetting the system
13 : * if a backend crashes.
14 : *
15 : * The postmaster process creates the shared memory and semaphore
16 : * pools during startup, but as a rule does not touch them itself.
17 : * In particular, it is not a member of the PGPROC array of backends
18 : * and so it cannot participate in lock-manager operations. Keeping
19 : * the postmaster away from shared memory operations makes it simpler
20 : * and more reliable. The postmaster is almost always able to recover
21 : * from crashes of individual backends by resetting shared memory;
22 : * if it did much with shared memory then it would be prone to crashing
23 : * along with the backends.
24 : *
25 : * When a request message is received, we now fork() immediately.
26 : * The child process performs authentication of the request, and
27 : * then becomes a backend if successful. This allows the auth code
28 : * to be written in a simple single-threaded style (as opposed to the
29 : * crufty "poor man's multitasking" code that used to be needed).
30 : * More importantly, it ensures that blockages in non-multithreaded
31 : * libraries like SSL or PAM cannot cause denial of service to other
32 : * clients.
33 : *
34 : *
35 : * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
36 : * Portions Copyright (c) 1994, Regents of the University of California
37 : *
38 : *
39 : * IDENTIFICATION
40 : * src/backend/postmaster/postmaster.c
41 : *
42 : * NOTES
43 : *
44 : * Initialization:
45 : * The Postmaster sets up shared memory data structures
46 : * for the backends.
47 : *
48 : * Synchronization:
49 : * The Postmaster shares memory with the backends but should avoid
50 : * touching shared memory, so as not to become stuck if a crashing
51 : * backend screws up locks or shared memory. Likewise, the Postmaster
52 : * should never block on messages from frontend clients.
53 : *
54 : * Garbage Collection:
55 : * The Postmaster cleans up after backends if they have an emergency
56 : * exit and/or core dump.
57 : *
58 : * Error Reporting:
59 : * Use write_stderr() only for reporting "interactive" errors
60 : * (essentially, bogus arguments on the command line). Once the
61 : * postmaster is launched, use ereport().
62 : *
63 : *-------------------------------------------------------------------------
64 : */
65 :
66 : #include "postgres.h"
67 :
68 : #include <unistd.h>
69 : #include <signal.h>
70 : #include <time.h>
71 : #include <sys/wait.h>
72 : #include <ctype.h>
73 : #include <sys/stat.h>
74 : #include <sys/socket.h>
75 : #include <fcntl.h>
76 : #include <sys/param.h>
77 : #include <netdb.h>
78 : #include <limits.h>
79 :
80 : #ifdef HAVE_SYS_SELECT_H
81 : #include <sys/select.h>
82 : #endif
83 :
84 : #ifdef USE_BONJOUR
85 : #include <dns_sd.h>
86 : #endif
87 :
88 : #ifdef USE_SYSTEMD
89 : #include <systemd/sd-daemon.h>
90 : #endif
91 :
92 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
93 : #include <pthread.h>
94 : #endif
95 :
96 : #include "access/transam.h"
97 : #include "access/xlog.h"
98 : #include "bootstrap/bootstrap.h"
99 : #include "catalog/pg_control.h"
100 : #include "common/file_perm.h"
101 : #include "common/ip.h"
102 : #include "common/string.h"
103 : #include "lib/ilist.h"
104 : #include "libpq/auth.h"
105 : #include "libpq/libpq.h"
106 : #include "libpq/pqformat.h"
107 : #include "libpq/pqsignal.h"
108 : #include "miscadmin.h"
109 : #include "pg_getopt.h"
110 : #include "pgstat.h"
111 : #include "port/pg_bswap.h"
112 : #include "postmaster/autovacuum.h"
113 : #include "postmaster/bgworker_internals.h"
114 : #include "postmaster/fork_process.h"
115 : #include "postmaster/pgarch.h"
116 : #include "postmaster/postmaster.h"
117 : #include "postmaster/syslogger.h"
118 : #include "replication/logicallauncher.h"
119 : #include "replication/walsender.h"
120 : #include "storage/fd.h"
121 : #include "storage/ipc.h"
122 : #include "storage/pg_shmem.h"
123 : #include "storage/pmsignal.h"
124 : #include "storage/proc.h"
125 : #include "tcop/tcopprot.h"
126 : #include "utils/builtins.h"
127 : #include "utils/datetime.h"
128 : #include "utils/memutils.h"
129 : #include "utils/pidfile.h"
130 : #include "utils/ps_status.h"
131 : #include "utils/timeout.h"
132 : #include "utils/timestamp.h"
133 : #include "utils/varlena.h"
134 :
135 : #ifdef EXEC_BACKEND
136 : #include "storage/spin.h"
137 : #endif
138 :
139 :
140 : /*
141 : * Possible types of a backend. Beyond being the possible bkend_type values in
142 : * struct bkend, these are OR-able request flag bits for SignalSomeChildren()
143 : * and CountChildren().
144 : */
145 : #define BACKEND_TYPE_NORMAL 0x0001 /* normal backend */
146 : #define BACKEND_TYPE_AUTOVAC 0x0002 /* autovacuum worker process */
147 : #define BACKEND_TYPE_WALSND 0x0004 /* walsender process */
148 : #define BACKEND_TYPE_BGWORKER 0x0008 /* bgworker process */
149 : #define BACKEND_TYPE_ALL 0x000F /* OR of all the above */
150 :
151 : #define BACKEND_TYPE_WORKER (BACKEND_TYPE_AUTOVAC | BACKEND_TYPE_BGWORKER)
152 :
153 : /*
154 : * List of active backends (or child processes anyway; we don't actually
155 : * know whether a given child has become a backend or is still in the
156 : * authorization phase). This is used mainly to keep track of how many
157 : * children we have and send them appropriate signals when necessary.
158 : *
159 : * "Special" children such as the startup, bgwriter and autovacuum launcher
160 : * tasks are not in this list. Autovacuum worker and walsender are in it.
161 : * Also, "dead_end" children are in it: these are children launched just for
162 : * the purpose of sending a friendly rejection message to a would-be client.
163 : * We must track them because they are attached to shared memory, but we know
164 : * they will never become live backends. dead_end children are not assigned a
165 : * PMChildSlot.
166 : *
167 : * Background workers are in this list, too.
168 : */
169 : typedef struct bkend
170 : {
171 : pid_t pid; /* process id of backend */
172 : int32 cancel_key; /* cancel key for cancels for this backend */
173 : int child_slot; /* PMChildSlot for this backend, if any */
174 :
175 : /*
176 : * Flavor of backend or auxiliary process. Note that BACKEND_TYPE_WALSND
177 : * backends initially announce themselves as BACKEND_TYPE_NORMAL, so if
178 : * bkend_type is normal, you should check for a recent transition.
179 : */
180 : int bkend_type;
181 : bool dead_end; /* is it going to send an error and quit? */
182 : bool bgworker_notify; /* gets bgworker start/stop notifications */
183 : dlist_node elem; /* list link in BackendList */
184 : } Backend;
185 :
186 : static dlist_head BackendList = DLIST_STATIC_INIT(BackendList);
187 :
188 : #ifdef EXEC_BACKEND
189 : static Backend *ShmemBackendArray;
190 : #endif
191 :
192 : BackgroundWorker *MyBgworkerEntry = NULL;
193 :
194 :
195 :
196 : /* The socket number we are listening for connections on */
197 : int PostPortNumber;
198 :
199 : /* The directory names for Unix socket(s) */
200 : char *Unix_socket_directories;
201 :
202 : /* The TCP listen address(es) */
203 : char *ListenAddresses;
204 :
205 : /*
206 : * ReservedBackends is the number of backends reserved for superuser use.
207 : * This number is taken out of the pool size given by MaxConnections so
208 : * number of backend slots available to non-superusers is
209 : * (MaxConnections - ReservedBackends). Note what this really means is
210 : * "if there are <= ReservedBackends connections available, only superusers
211 : * can make new connections" --- pre-existing superuser connections don't
212 : * count against the limit.
213 : */
214 : int ReservedBackends;
215 :
216 : /* The socket(s) we're listening to. */
217 : #define MAXLISTEN 64
218 : static pgsocket ListenSocket[MAXLISTEN];
219 :
220 : /*
221 : * Set by the -o option
222 : */
223 : static char ExtraOptions[MAXPGPATH];
224 :
225 : /*
226 : * These globals control the behavior of the postmaster in case some
227 : * backend dumps core. Normally, it kills all peers of the dead backend
228 : * and reinitializes shared memory. By specifying -s or -n, we can have
229 : * the postmaster stop (rather than kill) peers and not reinitialize
230 : * shared data structures. (Reinit is currently dead code, though.)
231 : */
232 : static bool Reinit = true;
233 : static int SendStop = false;
234 :
235 : /* still more option variables */
236 : bool EnableSSL = false;
237 :
238 : int PreAuthDelay = 0;
239 : int AuthenticationTimeout = 60;
240 :
241 : bool log_hostname; /* for ps display and logging */
242 : bool Log_connections = false;
243 : bool Db_user_namespace = false;
244 :
245 : bool enable_bonjour = false;
246 : char *bonjour_name;
247 : bool restart_after_crash = true;
248 :
249 : /* PIDs of special child processes; 0 when not running */
250 : static pid_t StartupPID = 0,
251 : BgWriterPID = 0,
252 : CheckpointerPID = 0,
253 : WalWriterPID = 0,
254 : WalReceiverPID = 0,
255 : AutoVacPID = 0,
256 : PgArchPID = 0,
257 : PgStatPID = 0,
258 : SysLoggerPID = 0;
259 :
260 : /* Startup process's status */
261 : typedef enum
262 : {
263 : STARTUP_NOT_RUNNING,
264 : STARTUP_RUNNING,
265 : STARTUP_SIGNALED, /* we sent it a SIGQUIT or SIGKILL */
266 : STARTUP_CRASHED
267 : } StartupStatusEnum;
268 :
269 : static StartupStatusEnum StartupStatus = STARTUP_NOT_RUNNING;
270 :
271 : /* Startup/shutdown state */
272 : #define NoShutdown 0
273 : #define SmartShutdown 1
274 : #define FastShutdown 2
275 : #define ImmediateShutdown 3
276 :
277 : static int Shutdown = NoShutdown;
278 :
279 : static bool FatalError = false; /* T if recovering from backend crash */
280 :
281 : /*
282 : * We use a simple state machine to control startup, shutdown, and
283 : * crash recovery (which is rather like shutdown followed by startup).
284 : *
285 : * After doing all the postmaster initialization work, we enter PM_STARTUP
286 : * state and the startup process is launched. The startup process begins by
287 : * reading the control file and other preliminary initialization steps.
288 : * In a normal startup, or after crash recovery, the startup process exits
289 : * with exit code 0 and we switch to PM_RUN state. However, archive recovery
290 : * is handled specially since it takes much longer and we would like to support
291 : * hot standby during archive recovery.
292 : *
293 : * When the startup process is ready to start archive recovery, it signals the
294 : * postmaster, and we switch to PM_RECOVERY state. The background writer and
295 : * checkpointer are launched, while the startup process continues applying WAL.
296 : * If Hot Standby is enabled, then, after reaching a consistent point in WAL
297 : * redo, startup process signals us again, and we switch to PM_HOT_STANDBY
298 : * state and begin accepting connections to perform read-only queries. When
299 : * archive recovery is finished, the startup process exits with exit code 0
300 : * and we switch to PM_RUN state.
301 : *
302 : * Normal child backends can only be launched when we are in PM_RUN or
303 : * PM_HOT_STANDBY state. (We also allow launch of normal
304 : * child backends in PM_WAIT_BACKUP state, but only for superusers.)
305 : * In other states we handle connection requests by launching "dead_end"
306 : * child processes, which will simply send the client an error message and
307 : * quit. (We track these in the BackendList so that we can know when they
308 : * are all gone; this is important because they're still connected to shared
309 : * memory, and would interfere with an attempt to destroy the shmem segment,
310 : * possibly leading to SHMALL failure when we try to make a new one.)
311 : * In PM_WAIT_DEAD_END state we are waiting for all the dead_end children
312 : * to drain out of the system, and therefore stop accepting connection
313 : * requests at all until the last existing child has quit (which hopefully
314 : * will not be very long).
315 : *
316 : * Notice that this state variable does not distinguish *why* we entered
317 : * states later than PM_RUN --- Shutdown and FatalError must be consulted
318 : * to find that out. FatalError is never true in PM_RECOVERY_* or PM_RUN
319 : * states, nor in PM_SHUTDOWN states (because we don't enter those states
320 : * when trying to recover from a crash). It can be true in PM_STARTUP state,
321 : * because we don't clear it until we've successfully started WAL redo.
322 : */
323 : typedef enum
324 : {
325 : PM_INIT, /* postmaster starting */
326 : PM_STARTUP, /* waiting for startup subprocess */
327 : PM_RECOVERY, /* in archive recovery mode */
328 : PM_HOT_STANDBY, /* in hot standby mode */
329 : PM_RUN, /* normal "database is alive" state */
330 : PM_WAIT_BACKUP, /* waiting for online backup mode to end */
331 : PM_WAIT_READONLY, /* waiting for read only backends to exit */
332 : PM_WAIT_BACKENDS, /* waiting for live backends to exit */
333 : PM_SHUTDOWN, /* waiting for checkpointer to do shutdown
334 : * ckpt */
335 : PM_SHUTDOWN_2, /* waiting for archiver and walsenders to
336 : * finish */
337 : PM_WAIT_DEAD_END, /* waiting for dead_end children to exit */
338 : PM_NO_CHILDREN /* all important children have exited */
339 : } PMState;
340 :
341 : static PMState pmState = PM_INIT;
342 :
343 : /* Start time of SIGKILL timeout during immediate shutdown or child crash */
344 : /* Zero means timeout is not running */
345 : static time_t AbortStartTime = 0;
346 :
347 : /* Length of said timeout */
348 : #define SIGKILL_CHILDREN_AFTER_SECS 5
349 :
350 : static bool ReachedNormalRunning = false; /* T if we've reached PM_RUN */
351 :
352 : bool ClientAuthInProgress = false; /* T during new-client
353 : * authentication */
354 :
355 : bool redirection_done = false; /* stderr redirected for syslogger? */
356 :
357 : /* received START_AUTOVAC_LAUNCHER signal */
358 : static volatile sig_atomic_t start_autovac_launcher = false;
359 :
360 : /* the launcher needs to be signalled to communicate some condition */
361 : static volatile bool avlauncher_needs_signal = false;
362 :
363 : /* received START_WALRECEIVER signal */
364 : static volatile sig_atomic_t WalReceiverRequested = false;
365 :
366 : /* set when there's a worker that needs to be started up */
367 : static volatile bool StartWorkerNeeded = true;
368 : static volatile bool HaveCrashedWorker = false;
369 :
370 : #ifdef USE_SSL
371 : /* Set when and if SSL has been initialized properly */
372 : static bool LoadedSSL = false;
373 : #endif
374 :
375 : #ifdef USE_BONJOUR
376 : static DNSServiceRef bonjour_sdref = NULL;
377 : #endif
378 :
379 : /*
380 : * postmaster.c - function prototypes
381 : */
382 : static void CloseServerPorts(int status, Datum arg);
383 : static void unlink_external_pid_file(int status, Datum arg);
384 : static void getInstallationPaths(const char *argv0);
385 : static void checkControlFile(void);
386 : static Port *ConnCreate(int serverFd);
387 : static void ConnFree(Port *port);
388 : static void reset_shared(void);
389 : static void SIGHUP_handler(SIGNAL_ARGS);
390 : static void pmdie(SIGNAL_ARGS);
391 : static void reaper(SIGNAL_ARGS);
392 : static void sigusr1_handler(SIGNAL_ARGS);
393 : static void startup_die(SIGNAL_ARGS);
394 : static void dummy_handler(SIGNAL_ARGS);
395 : static void StartupPacketTimeoutHandler(void);
396 : static void CleanupBackend(int pid, int exitstatus);
397 : static bool CleanupBackgroundWorker(int pid, int exitstatus);
398 : static void HandleChildCrash(int pid, int exitstatus, const char *procname);
399 : static void LogChildExit(int lev, const char *procname,
400 : int pid, int exitstatus);
401 : static void PostmasterStateMachine(void);
402 : static void BackendInitialize(Port *port);
403 : static void BackendRun(Port *port) pg_attribute_noreturn();
404 : static void ExitPostmaster(int status) pg_attribute_noreturn();
405 : static int ServerLoop(void);
406 : static int BackendStartup(Port *port);
407 : static int ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done);
408 : static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options);
409 : static void processCancelRequest(Port *port, void *pkt);
410 : static int initMasks(fd_set *rmask);
411 : static void report_fork_failure_to_client(Port *port, int errnum);
412 : static CAC_state canAcceptConnections(int backend_type);
413 : static bool RandomCancelKey(int32 *cancel_key);
414 : static void signal_child(pid_t pid, int signal);
415 : static bool SignalSomeChildren(int signal, int targets);
416 : static void TerminateChildren(int signal);
417 :
418 : #define SignalChildren(sig) SignalSomeChildren(sig, BACKEND_TYPE_ALL)
419 :
420 : static int CountChildren(int target);
421 : static bool assign_backendlist_entry(RegisteredBgWorker *rw);
422 : static void maybe_start_bgworkers(void);
423 : static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
424 : static pid_t StartChildProcess(AuxProcType type);
425 : static void StartAutovacuumWorker(void);
426 : static void MaybeStartWalReceiver(void);
427 : static void InitPostmasterDeathWatchHandle(void);
428 :
429 : /*
430 : * Archiver is allowed to start up at the current postmaster state?
431 : *
432 : * If WAL archiving is enabled always, we are allowed to start archiver
433 : * even during recovery.
434 : */
435 : #define PgArchStartupAllowed() \
436 : ((XLogArchivingActive() && pmState == PM_RUN) || \
437 : (XLogArchivingAlways() && \
438 : (pmState == PM_RECOVERY || pmState == PM_HOT_STANDBY)))
439 :
440 : #ifdef EXEC_BACKEND
441 :
442 : #ifdef WIN32
443 : #define WNOHANG 0 /* ignored, so any integer value will do */
444 :
445 : static pid_t waitpid(pid_t pid, int *exitstatus, int options);
446 : static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
447 :
448 : static HANDLE win32ChildQueue;
449 :
450 : typedef struct
451 : {
452 : HANDLE waitHandle;
453 : HANDLE procHandle;
454 : DWORD procId;
455 : } win32_deadchild_waitinfo;
456 : #endif /* WIN32 */
457 :
458 : static pid_t backend_forkexec(Port *port);
459 : static pid_t internal_forkexec(int argc, char *argv[], Port *port);
460 :
461 : /* Type for a socket that can be inherited to a client process */
462 : #ifdef WIN32
463 : typedef struct
464 : {
465 : SOCKET origsocket; /* Original socket value, or PGINVALID_SOCKET
466 : * if not a socket */
467 : WSAPROTOCOL_INFO wsainfo;
468 : } InheritableSocket;
469 : #else
470 : typedef int InheritableSocket;
471 : #endif
472 :
473 : /*
474 : * Structure contains all variables passed to exec:ed backends
475 : */
476 : typedef struct
477 : {
478 : Port port;
479 : InheritableSocket portsocket;
480 : char DataDir[MAXPGPATH];
481 : pgsocket ListenSocket[MAXLISTEN];
482 : int32 MyCancelKey;
483 : int MyPMChildSlot;
484 : #ifndef WIN32
485 : unsigned long UsedShmemSegID;
486 : #else
487 : void *ShmemProtectiveRegion;
488 : HANDLE UsedShmemSegID;
489 : #endif
490 : void *UsedShmemSegAddr;
491 : slock_t *ShmemLock;
492 : VariableCache ShmemVariableCache;
493 : Backend *ShmemBackendArray;
494 : #ifndef HAVE_SPINLOCKS
495 : PGSemaphore *SpinlockSemaArray;
496 : #endif
497 : int NamedLWLockTrancheRequests;
498 : NamedLWLockTranche *NamedLWLockTrancheArray;
499 : LWLockPadded *MainLWLockArray;
500 : slock_t *ProcStructLock;
501 : PROC_HDR *ProcGlobal;
502 : PGPROC *AuxiliaryProcs;
503 : PGPROC *PreparedXactProcs;
504 : PMSignalData *PMSignalState;
505 : InheritableSocket pgStatSock;
506 : pid_t PostmasterPid;
507 : TimestampTz PgStartTime;
508 : TimestampTz PgReloadTime;
509 : pg_time_t first_syslogger_file_time;
510 : bool redirection_done;
511 : bool IsBinaryUpgrade;
512 : int max_safe_fds;
513 : int MaxBackends;
514 : #ifdef WIN32
515 : HANDLE PostmasterHandle;
516 : HANDLE initial_signal_pipe;
517 : HANDLE syslogPipe[2];
518 : #else
519 : int postmaster_alive_fds[2];
520 : int syslogPipe[2];
521 : #endif
522 : char my_exec_path[MAXPGPATH];
523 : char pkglib_path[MAXPGPATH];
524 : char ExtraOptions[MAXPGPATH];
525 : } BackendParameters;
526 :
527 : static void read_backend_variables(char *id, Port *port);
528 : static void restore_backend_variables(BackendParameters *param, Port *port);
529 :
530 : #ifndef WIN32
531 : static bool save_backend_variables(BackendParameters *param, Port *port);
532 : #else
533 : static bool save_backend_variables(BackendParameters *param, Port *port,
534 : HANDLE childProcess, pid_t childPid);
535 : #endif
536 :
537 : static void ShmemBackendArrayAdd(Backend *bn);
538 : static void ShmemBackendArrayRemove(Backend *bn);
539 : #endif /* EXEC_BACKEND */
540 :
541 : #define StartupDataBase() StartChildProcess(StartupProcess)
542 : #define StartBackgroundWriter() StartChildProcess(BgWriterProcess)
543 : #define StartCheckpointer() StartChildProcess(CheckpointerProcess)
544 : #define StartWalWriter() StartChildProcess(WalWriterProcess)
545 : #define StartWalReceiver() StartChildProcess(WalReceiverProcess)
546 :
547 : /* Macros to check exit status of a child process */
548 : #define EXIT_STATUS_0(st) ((st) == 0)
549 : #define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
550 : #define EXIT_STATUS_3(st) (WIFEXITED(st) && WEXITSTATUS(st) == 3)
551 :
552 : #ifndef WIN32
553 : /*
554 : * File descriptors for pipe used to monitor if postmaster is alive.
555 : * First is POSTMASTER_FD_WATCH, second is POSTMASTER_FD_OWN.
556 : */
557 : int postmaster_alive_fds[2] = {-1, -1};
558 : #else
559 : /* Process handle of postmaster used for the same purpose on Windows */
560 : HANDLE PostmasterHandle;
561 : #endif
562 :
563 : /*
564 : * Postmaster main entry point
565 : */
566 : void
567 730 : PostmasterMain(int argc, char *argv[])
568 : {
569 : int opt;
570 : int status;
571 730 : char *userDoption = NULL;
572 730 : bool listen_addr_saved = false;
573 : int i;
574 730 : char *output_config_variable = NULL;
575 :
576 730 : InitProcessGlobals();
577 :
578 730 : PostmasterPid = MyProcPid;
579 :
580 730 : IsPostmasterEnvironment = true;
581 :
582 : /*
583 : * We should not be creating any files or directories before we check the
584 : * data directory (see checkDataDir()), but just in case set the umask to
585 : * the most restrictive (owner-only) permissions.
586 : *
587 : * checkDataDir() will reset the umask based on the data directory
588 : * permissions.
589 : */
590 730 : umask(PG_MODE_MASK_OWNER);
591 :
592 : /*
593 : * By default, palloc() requests in the postmaster will be allocated in
594 : * the PostmasterContext, which is space that can be recycled by backends.
595 : * Allocated data that needs to be available to backends should be
596 : * allocated in TopMemoryContext.
597 : */
598 730 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
599 : "Postmaster",
600 : ALLOCSET_DEFAULT_SIZES);
601 730 : MemoryContextSwitchTo(PostmasterContext);
602 :
603 : /* Initialize paths to installation files */
604 730 : getInstallationPaths(argv[0]);
605 :
606 : /*
607 : * Set up signal handlers for the postmaster process.
608 : *
609 : * In the postmaster, we use pqsignal_pm() rather than pqsignal() (which
610 : * is used by all child processes and client processes). That has a
611 : * couple of special behaviors:
612 : *
613 : * 1. Except on Windows, we tell sigaction() to block all signals for the
614 : * duration of the signal handler. This is faster than our old approach
615 : * of blocking/unblocking explicitly in the signal handler, and it should
616 : * also prevent excessive stack consumption if signals arrive quickly.
617 : *
618 : * 2. We do not set the SA_RESTART flag. This is because signals will be
619 : * blocked at all times except when ServerLoop is waiting for something to
620 : * happen, and during that window, we want signals to exit the select(2)
621 : * wait so that ServerLoop can respond if anything interesting happened.
622 : * On some platforms, signals marked SA_RESTART would not cause the
623 : * select() wait to end.
624 : *
625 : * Child processes will generally want SA_RESTART, so pqsignal() sets that
626 : * flag. We expect children to set up their own handlers before
627 : * unblocking signals.
628 : *
629 : * CAUTION: when changing this list, check for side-effects on the signal
630 : * handling setup of child processes. See tcop/postgres.c,
631 : * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
632 : * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/pgstat.c,
633 : * postmaster/syslogger.c, postmaster/bgworker.c and
634 : * postmaster/checkpointer.c.
635 : */
636 730 : pqinitmask();
637 730 : PG_SETMASK(&BlockSig);
638 :
639 730 : pqsignal_pm(SIGHUP, SIGHUP_handler); /* reread config file and have
640 : * children do same */
641 730 : pqsignal_pm(SIGINT, pmdie); /* send SIGTERM and shut down */
642 730 : pqsignal_pm(SIGQUIT, pmdie); /* send SIGQUIT and die */
643 730 : pqsignal_pm(SIGTERM, pmdie); /* wait for children and shut down */
644 730 : pqsignal_pm(SIGALRM, SIG_IGN); /* ignored */
645 730 : pqsignal_pm(SIGPIPE, SIG_IGN); /* ignored */
646 730 : pqsignal_pm(SIGUSR1, sigusr1_handler); /* message from child process */
647 730 : pqsignal_pm(SIGUSR2, dummy_handler); /* unused, reserve for children */
648 730 : pqsignal_pm(SIGCHLD, reaper); /* handle child termination */
649 :
650 : /*
651 : * No other place in Postgres should touch SIGTTIN/SIGTTOU handling. We
652 : * ignore those signals in a postmaster environment, so that there is no
653 : * risk of a child process freezing up due to writing to stderr. But for
654 : * a standalone backend, their default handling is reasonable. Hence, all
655 : * child processes should just allow the inherited settings to stand.
656 : */
657 : #ifdef SIGTTIN
658 730 : pqsignal_pm(SIGTTIN, SIG_IGN); /* ignored */
659 : #endif
660 : #ifdef SIGTTOU
661 730 : pqsignal_pm(SIGTTOU, SIG_IGN); /* ignored */
662 : #endif
663 :
664 : /* ignore SIGXFSZ, so that ulimit violations work like disk full */
665 : #ifdef SIGXFSZ
666 730 : pqsignal_pm(SIGXFSZ, SIG_IGN); /* ignored */
667 : #endif
668 :
669 : /*
670 : * Options setup
671 : */
672 730 : InitializeGUCOptions();
673 :
674 730 : opterr = 1;
675 :
676 : /*
677 : * Parse command-line options. CAUTION: keep this in sync with
678 : * tcop/postgres.c (the option sets should not conflict) and with the
679 : * common help() function in main/main.c.
680 : */
681 2484 : while ((opt = getopt(argc, argv, "B:bc:C:D:d:EeFf:h:ijk:lN:nOo:Pp:r:S:sTt:W:-:")) != -1)
682 : {
683 1754 : switch (opt)
684 : {
685 0 : case 'B':
686 0 : SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
687 0 : break;
688 :
689 8 : case 'b':
690 : /* Undocumented flag used for binary upgrades */
691 8 : IsBinaryUpgrade = true;
692 8 : break;
693 :
694 2 : case 'C':
695 2 : output_config_variable = strdup(optarg);
696 2 : break;
697 :
698 726 : case 'D':
699 726 : userDoption = strdup(optarg);
700 726 : break;
701 :
702 0 : case 'd':
703 0 : set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
704 0 : break;
705 :
706 0 : case 'E':
707 0 : SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
708 0 : break;
709 :
710 0 : case 'e':
711 0 : SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
712 0 : break;
713 :
714 136 : case 'F':
715 136 : SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
716 136 : break;
717 :
718 0 : case 'f':
719 0 : if (!set_plan_disabling_options(optarg, PGC_POSTMASTER, PGC_S_ARGV))
720 : {
721 0 : write_stderr("%s: invalid argument for option -f: \"%s\"\n",
722 : progname, optarg);
723 0 : ExitPostmaster(1);
724 : }
725 0 : break;
726 :
727 0 : case 'h':
728 0 : SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
729 0 : break;
730 :
731 0 : case 'i':
732 0 : SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
733 0 : break;
734 :
735 0 : case 'j':
736 : /* only used by interactive backend */
737 0 : break;
738 :
739 136 : case 'k':
740 136 : SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV);
741 136 : break;
742 :
743 0 : case 'l':
744 0 : SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
745 0 : break;
746 :
747 0 : case 'N':
748 0 : SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
749 0 : break;
750 :
751 0 : case 'n':
752 : /* Don't reinit shared mem after abnormal exit */
753 0 : Reinit = false;
754 0 : break;
755 :
756 0 : case 'O':
757 0 : SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
758 0 : break;
759 :
760 0 : case 'o':
761 : /* Other options to pass to the backend on the command line */
762 0 : snprintf(ExtraOptions + strlen(ExtraOptions),
763 0 : sizeof(ExtraOptions) - strlen(ExtraOptions),
764 : " %s", optarg);
765 0 : break;
766 :
767 0 : case 'P':
768 0 : SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
769 0 : break;
770 :
771 8 : case 'p':
772 8 : SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
773 8 : break;
774 :
775 0 : case 'r':
776 : /* only used by single-user backend */
777 0 : break;
778 :
779 0 : case 'S':
780 0 : SetConfigOption("work_mem", optarg, PGC_POSTMASTER, PGC_S_ARGV);
781 0 : break;
782 :
783 0 : case 's':
784 0 : SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
785 0 : break;
786 :
787 0 : case 'T':
788 :
789 : /*
790 : * In the event that some backend dumps core, send SIGSTOP,
791 : * rather than SIGQUIT, to all its peers. This lets the wily
792 : * post_hacker collect core dumps from everyone.
793 : */
794 0 : SendStop = true;
795 0 : break;
796 :
797 0 : case 't':
798 : {
799 0 : const char *tmp = get_stats_option_name(optarg);
800 :
801 0 : if (tmp)
802 : {
803 0 : SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
804 : }
805 : else
806 : {
807 0 : write_stderr("%s: invalid argument for option -t: \"%s\"\n",
808 : progname, optarg);
809 0 : ExitPostmaster(1);
810 : }
811 0 : break;
812 : }
813 :
814 0 : case 'W':
815 0 : SetConfigOption("post_auth_delay", optarg, PGC_POSTMASTER, PGC_S_ARGV);
816 0 : break;
817 :
818 738 : case 'c':
819 : case '-':
820 : {
821 : char *name,
822 : *value;
823 :
824 738 : ParseLongOption(optarg, &name, &value);
825 738 : if (!value)
826 : {
827 0 : if (opt == '-')
828 0 : ereport(ERROR,
829 : (errcode(ERRCODE_SYNTAX_ERROR),
830 : errmsg("--%s requires a value",
831 : optarg)));
832 : else
833 0 : ereport(ERROR,
834 : (errcode(ERRCODE_SYNTAX_ERROR),
835 : errmsg("-c %s requires a value",
836 : optarg)));
837 : }
838 :
839 738 : SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
840 738 : free(name);
841 738 : if (value)
842 738 : free(value);
843 738 : break;
844 : }
845 :
846 0 : default:
847 0 : write_stderr("Try \"%s --help\" for more information.\n",
848 : progname);
849 0 : ExitPostmaster(1);
850 : }
851 : }
852 :
853 : /*
854 : * Postmaster accepts no non-option switch arguments.
855 : */
856 730 : if (optind < argc)
857 : {
858 0 : write_stderr("%s: invalid argument: \"%s\"\n",
859 0 : progname, argv[optind]);
860 0 : write_stderr("Try \"%s --help\" for more information.\n",
861 : progname);
862 0 : ExitPostmaster(1);
863 : }
864 :
865 : /*
866 : * Locate the proper configuration files and data directory, and read
867 : * postgresql.conf for the first time.
868 : */
869 730 : if (!SelectConfigFiles(userDoption, progname))
870 0 : ExitPostmaster(2);
871 :
872 728 : if (output_config_variable != NULL)
873 : {
874 : /*
875 : * "-C guc" was specified, so print GUC's value and exit. No extra
876 : * permission check is needed because the user is reading inside the
877 : * data dir.
878 : */
879 2 : const char *config_val = GetConfigOption(output_config_variable,
880 : false, false);
881 :
882 2 : puts(config_val ? config_val : "");
883 2 : ExitPostmaster(0);
884 : }
885 :
886 : /* Verify that DataDir looks reasonable */
887 726 : checkDataDir();
888 :
889 : /* Check that pg_control exists */
890 726 : checkControlFile();
891 :
892 : /* And switch working directory into it */
893 726 : ChangeToDataDir();
894 :
895 : /*
896 : * Check for invalid combinations of GUC settings.
897 : */
898 726 : if (ReservedBackends >= MaxConnections)
899 : {
900 0 : write_stderr("%s: superuser_reserved_connections (%d) must be less than max_connections (%d)\n",
901 : progname,
902 : ReservedBackends, MaxConnections);
903 0 : ExitPostmaster(1);
904 : }
905 726 : if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)
906 0 : ereport(ERROR,
907 : (errmsg("WAL archival cannot be enabled when wal_level is \"minimal\"")));
908 726 : if (max_wal_senders > 0 && wal_level == WAL_LEVEL_MINIMAL)
909 0 : ereport(ERROR,
910 : (errmsg("WAL streaming (max_wal_senders > 0) requires wal_level \"replica\" or \"logical\"")));
911 :
912 : /*
913 : * Other one-time internal sanity checks can go here, if they are fast.
914 : * (Put any slow processing further down, after postmaster.pid creation.)
915 : */
916 726 : if (!CheckDateTokenTables())
917 : {
918 0 : write_stderr("%s: invalid datetoken tables, please fix\n", progname);
919 0 : ExitPostmaster(1);
920 : }
921 :
922 : /*
923 : * Now that we are done processing the postmaster arguments, reset
924 : * getopt(3) library so that it will work correctly in subprocesses.
925 : */
926 726 : optind = 1;
927 : #ifdef HAVE_INT_OPTRESET
928 : optreset = 1; /* some systems need this too */
929 : #endif
930 :
931 : /* For debugging: display postmaster environment */
932 : {
933 : extern char **environ;
934 : char **p;
935 :
936 726 : ereport(DEBUG3,
937 : (errmsg_internal("%s: PostmasterMain: initial environment dump:",
938 : progname)));
939 726 : ereport(DEBUG3,
940 : (errmsg_internal("-----------------------------------------")));
941 26144 : for (p = environ; *p; ++p)
942 25418 : ereport(DEBUG3,
943 : (errmsg_internal("\t%s", *p)));
944 726 : ereport(DEBUG3,
945 : (errmsg_internal("-----------------------------------------")));
946 : }
947 :
948 : /*
949 : * Create lockfile for data directory.
950 : *
951 : * We want to do this before we try to grab the input sockets, because the
952 : * data directory interlock is more reliable than the socket-file
953 : * interlock (thanks to whoever decided to put socket files in /tmp :-().
954 : * For the same reason, it's best to grab the TCP socket(s) before the
955 : * Unix socket(s).
956 : *
957 : * Also note that this internally sets up the on_proc_exit function that
958 : * is responsible for removing both data directory and socket lockfiles;
959 : * so it must happen before opening sockets so that at exit, the socket
960 : * lockfiles go away after CloseServerPorts runs.
961 : */
962 726 : CreateDataDirLockFile(true);
963 :
964 : /*
965 : * Read the control file (for error checking and config info).
966 : *
967 : * Since we verify the control file's CRC, this has a useful side effect
968 : * on machines where we need a run-time test for CRC support instructions.
969 : * The postmaster will do the test once at startup, and then its child
970 : * processes will inherit the correct function pointer and not need to
971 : * repeat the test.
972 : */
973 724 : LocalProcessControlFile(false);
974 :
975 : /*
976 : * Register the apply launcher. Since it registers a background worker,
977 : * it needs to be called before InitializeMaxBackends(), and it's probably
978 : * a good idea to call it before any modules had chance to take the
979 : * background worker slots.
980 : */
981 724 : ApplyLauncherRegister();
982 :
983 : /*
984 : * process any libraries that should be preloaded at postmaster start
985 : */
986 724 : process_shared_preload_libraries();
987 :
988 : /*
989 : * Initialize SSL library, if specified.
990 : */
991 : #ifdef USE_SSL
992 724 : if (EnableSSL)
993 : {
994 30 : (void) secure_initialize(true);
995 24 : LoadedSSL = true;
996 : }
997 : #endif
998 :
999 : /*
1000 : * Now that loadable modules have had their chance to register background
1001 : * workers, calculate MaxBackends.
1002 : */
1003 718 : InitializeMaxBackends();
1004 :
1005 : /*
1006 : * Set up shared memory and semaphores.
1007 : */
1008 718 : reset_shared();
1009 :
1010 : /*
1011 : * Estimate number of openable files. This must happen after setting up
1012 : * semaphores, because on some platforms semaphores count as open files.
1013 : */
1014 716 : set_max_safe_fds();
1015 :
1016 : /*
1017 : * Set reference point for stack-depth checking.
1018 : */
1019 716 : set_stack_base();
1020 :
1021 : /*
1022 : * Initialize pipe (or process handle on Windows) that allows children to
1023 : * wake up from sleep on postmaster death.
1024 : */
1025 716 : InitPostmasterDeathWatchHandle();
1026 :
1027 : #ifdef WIN32
1028 :
1029 : /*
1030 : * Initialize I/O completion port used to deliver list of dead children.
1031 : */
1032 : win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
1033 : if (win32ChildQueue == NULL)
1034 : ereport(FATAL,
1035 : (errmsg("could not create I/O completion port for child queue")));
1036 : #endif
1037 :
1038 : #ifdef EXEC_BACKEND
1039 : /* Write out nondefault GUC settings for child processes to use */
1040 : write_nondefault_variables(PGC_POSTMASTER);
1041 :
1042 : /*
1043 : * Clean out the temp directory used to transmit parameters to child
1044 : * processes (see internal_forkexec, below). We must do this before
1045 : * launching any child processes, else we have a race condition: we could
1046 : * remove a parameter file before the child can read it. It should be
1047 : * safe to do so now, because we verified earlier that there are no
1048 : * conflicting Postgres processes in this data directory.
1049 : */
1050 : RemovePgTempFilesInDir(PG_TEMP_FILES_DIR, true, false);
1051 : #endif
1052 :
1053 : /*
1054 : * Forcibly remove the files signaling a standby promotion request.
1055 : * Otherwise, the existence of those files triggers a promotion too early,
1056 : * whether a user wants that or not.
1057 : *
1058 : * This removal of files is usually unnecessary because they can exist
1059 : * only during a few moments during a standby promotion. However there is
1060 : * a race condition: if pg_ctl promote is executed and creates the files
1061 : * during a promotion, the files can stay around even after the server is
1062 : * brought up to new master. Then, if new standby starts by using the
1063 : * backup taken from that master, the files can exist at the server
1064 : * startup and should be removed in order to avoid an unexpected
1065 : * promotion.
1066 : *
1067 : * Note that promotion signal files need to be removed before the startup
1068 : * process is invoked. Because, after that, they can be used by
1069 : * postmaster's SIGUSR1 signal handler.
1070 : */
1071 716 : RemovePromoteSignalFiles();
1072 :
1073 : /* Do the same for logrotate signal file */
1074 716 : RemoveLogrotateSignalFiles();
1075 :
1076 : /* Remove any outdated file holding the current log filenames. */
1077 716 : if (unlink(LOG_METAINFO_DATAFILE) < 0 && errno != ENOENT)
1078 0 : ereport(LOG,
1079 : (errcode_for_file_access(),
1080 : errmsg("could not remove file \"%s\": %m",
1081 : LOG_METAINFO_DATAFILE)));
1082 :
1083 : /*
1084 : * If enabled, start up syslogger collection subprocess
1085 : */
1086 716 : SysLoggerPID = SysLogger_Start();
1087 :
1088 : /*
1089 : * Reset whereToSendOutput from DestDebug (its starting state) to
1090 : * DestNone. This stops ereport from sending log messages to stderr unless
1091 : * Log_destination permits. We don't do this until the postmaster is
1092 : * fully launched, since startup failures may as well be reported to
1093 : * stderr.
1094 : *
1095 : * If we are in fact disabling logging to stderr, first emit a log message
1096 : * saying so, to provide a breadcrumb trail for users who may not remember
1097 : * that their logging is configured to go somewhere else.
1098 : */
1099 716 : if (!(Log_destination & LOG_DESTINATION_STDERR))
1100 0 : ereport(LOG,
1101 : (errmsg("ending log output to stderr"),
1102 : errhint("Future log output will go to log destination \"%s\".",
1103 : Log_destination_string)));
1104 :
1105 716 : whereToSendOutput = DestNone;
1106 :
1107 : /*
1108 : * Report server startup in log. While we could emit this much earlier,
1109 : * it seems best to do so after starting the log collector, if we intend
1110 : * to use one.
1111 : */
1112 716 : ereport(LOG,
1113 : (errmsg("starting %s", PG_VERSION_STR)));
1114 :
1115 : /*
1116 : * Establish input sockets.
1117 : *
1118 : * First, mark them all closed, and set up an on_proc_exit function that's
1119 : * charged with closing the sockets again at postmaster shutdown.
1120 : */
1121 46540 : for (i = 0; i < MAXLISTEN; i++)
1122 45824 : ListenSocket[i] = PGINVALID_SOCKET;
1123 :
1124 716 : on_proc_exit(CloseServerPorts, 0);
1125 :
1126 716 : if (ListenAddresses)
1127 : {
1128 : char *rawstring;
1129 : List *elemlist;
1130 : ListCell *l;
1131 716 : int success = 0;
1132 :
1133 : /* Need a modifiable copy of ListenAddresses */
1134 716 : rawstring = pstrdup(ListenAddresses);
1135 :
1136 : /* Parse string into list of hostnames */
1137 716 : if (!SplitGUCList(rawstring, ',', &elemlist))
1138 : {
1139 : /* syntax error in list */
1140 0 : ereport(FATAL,
1141 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1142 : errmsg("invalid list syntax in parameter \"%s\"",
1143 : "listen_addresses")));
1144 : }
1145 :
1146 742 : foreach(l, elemlist)
1147 : {
1148 26 : char *curhost = (char *) lfirst(l);
1149 :
1150 26 : if (strcmp(curhost, "*") == 0)
1151 0 : status = StreamServerPort(AF_UNSPEC, NULL,
1152 0 : (unsigned short) PostPortNumber,
1153 : NULL,
1154 : ListenSocket, MAXLISTEN);
1155 : else
1156 26 : status = StreamServerPort(AF_UNSPEC, curhost,
1157 26 : (unsigned short) PostPortNumber,
1158 : NULL,
1159 : ListenSocket, MAXLISTEN);
1160 :
1161 26 : if (status == STATUS_OK)
1162 : {
1163 26 : success++;
1164 : /* record the first successful host addr in lockfile */
1165 26 : if (!listen_addr_saved)
1166 : {
1167 26 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, curhost);
1168 26 : listen_addr_saved = true;
1169 : }
1170 : }
1171 : else
1172 0 : ereport(WARNING,
1173 : (errmsg("could not create listen socket for \"%s\"",
1174 : curhost)));
1175 : }
1176 :
1177 716 : if (!success && elemlist != NIL)
1178 0 : ereport(FATAL,
1179 : (errmsg("could not create any TCP/IP sockets")));
1180 :
1181 716 : list_free(elemlist);
1182 716 : pfree(rawstring);
1183 : }
1184 :
1185 : #ifdef USE_BONJOUR
1186 : /* Register for Bonjour only if we opened TCP socket(s) */
1187 : if (enable_bonjour && ListenSocket[0] != PGINVALID_SOCKET)
1188 : {
1189 : DNSServiceErrorType err;
1190 :
1191 : /*
1192 : * We pass 0 for interface_index, which will result in registering on
1193 : * all "applicable" interfaces. It's not entirely clear from the
1194 : * DNS-SD docs whether this would be appropriate if we have bound to
1195 : * just a subset of the available network interfaces.
1196 : */
1197 : err = DNSServiceRegister(&bonjour_sdref,
1198 : 0,
1199 : 0,
1200 : bonjour_name,
1201 : "_postgresql._tcp.",
1202 : NULL,
1203 : NULL,
1204 : pg_hton16(PostPortNumber),
1205 : 0,
1206 : NULL,
1207 : NULL,
1208 : NULL);
1209 : if (err != kDNSServiceErr_NoError)
1210 : elog(LOG, "DNSServiceRegister() failed: error code %ld",
1211 : (long) err);
1212 :
1213 : /*
1214 : * We don't bother to read the mDNS daemon's reply, and we expect that
1215 : * it will automatically terminate our registration when the socket is
1216 : * closed at postmaster termination. So there's nothing more to be
1217 : * done here. However, the bonjour_sdref is kept around so that
1218 : * forked children can close their copies of the socket.
1219 : */
1220 : }
1221 : #endif
1222 :
1223 : #ifdef HAVE_UNIX_SOCKETS
1224 716 : if (Unix_socket_directories)
1225 : {
1226 : char *rawstring;
1227 : List *elemlist;
1228 : ListCell *l;
1229 716 : int success = 0;
1230 :
1231 : /* Need a modifiable copy of Unix_socket_directories */
1232 716 : rawstring = pstrdup(Unix_socket_directories);
1233 :
1234 : /* Parse string into list of directories */
1235 716 : if (!SplitDirectoriesString(rawstring, ',', &elemlist))
1236 : {
1237 : /* syntax error in list */
1238 0 : ereport(FATAL,
1239 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1240 : errmsg("invalid list syntax in parameter \"%s\"",
1241 : "unix_socket_directories")));
1242 : }
1243 :
1244 1430 : foreach(l, elemlist)
1245 : {
1246 714 : char *socketdir = (char *) lfirst(l);
1247 :
1248 714 : status = StreamServerPort(AF_UNIX, NULL,
1249 714 : (unsigned short) PostPortNumber,
1250 : socketdir,
1251 : ListenSocket, MAXLISTEN);
1252 :
1253 714 : if (status == STATUS_OK)
1254 : {
1255 714 : success++;
1256 : /* record the first successful Unix socket in lockfile */
1257 714 : if (success == 1)
1258 714 : AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
1259 : }
1260 : else
1261 0 : ereport(WARNING,
1262 : (errmsg("could not create Unix-domain socket in directory \"%s\"",
1263 : socketdir)));
1264 : }
1265 :
1266 716 : if (!success && elemlist != NIL)
1267 0 : ereport(FATAL,
1268 : (errmsg("could not create any Unix-domain sockets")));
1269 :
1270 716 : list_free_deep(elemlist);
1271 716 : pfree(rawstring);
1272 : }
1273 : #endif
1274 :
1275 : /*
1276 : * check that we have some socket to listen on
1277 : */
1278 716 : if (ListenSocket[0] == PGINVALID_SOCKET)
1279 0 : ereport(FATAL,
1280 : (errmsg("no socket created for listening")));
1281 :
1282 : /*
1283 : * If no valid TCP ports, write an empty line for listen address,
1284 : * indicating the Unix socket must be used. Note that this line is not
1285 : * added to the lock file until there is a socket backing it.
1286 : */
1287 716 : if (!listen_addr_saved)
1288 690 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, "");
1289 :
1290 : /*
1291 : * Record postmaster options. We delay this till now to avoid recording
1292 : * bogus options (eg, unusable port number).
1293 : */
1294 716 : if (!CreateOptsFile(argc, argv, my_exec_path))
1295 0 : ExitPostmaster(1);
1296 :
1297 : /*
1298 : * Write the external PID file if requested
1299 : */
1300 716 : if (external_pid_file)
1301 : {
1302 0 : FILE *fpidfile = fopen(external_pid_file, "w");
1303 :
1304 0 : if (fpidfile)
1305 : {
1306 0 : fprintf(fpidfile, "%d\n", MyProcPid);
1307 0 : fclose(fpidfile);
1308 :
1309 : /* Make PID file world readable */
1310 0 : if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
1311 0 : write_stderr("%s: could not change permissions of external PID file \"%s\": %s\n",
1312 0 : progname, external_pid_file, strerror(errno));
1313 : }
1314 : else
1315 0 : write_stderr("%s: could not write external PID file \"%s\": %s\n",
1316 0 : progname, external_pid_file, strerror(errno));
1317 :
1318 0 : on_proc_exit(unlink_external_pid_file, 0);
1319 : }
1320 :
1321 : /*
1322 : * Remove old temporary files. At this point there can be no other
1323 : * Postgres processes running in this directory, so this should be safe.
1324 : */
1325 716 : RemovePgTempFiles();
1326 :
1327 : /*
1328 : * Initialize stats collection subsystem (this does NOT start the
1329 : * collector process!)
1330 : */
1331 716 : pgstat_init();
1332 :
1333 : /*
1334 : * Initialize the autovacuum subsystem (again, no process start yet)
1335 : */
1336 716 : autovac_init();
1337 :
1338 : /*
1339 : * Load configuration files for client authentication.
1340 : */
1341 716 : if (!load_hba())
1342 : {
1343 : /*
1344 : * It makes no sense to continue if we fail to load the HBA file,
1345 : * since there is no way to connect to the database in this case.
1346 : */
1347 0 : ereport(FATAL,
1348 : (errmsg("could not load pg_hba.conf")));
1349 : }
1350 716 : if (!load_ident())
1351 : {
1352 : /*
1353 : * We can start up without the IDENT file, although it means that you
1354 : * cannot log in using any of the authentication methods that need a
1355 : * user name mapping. load_ident() already logged the details of error
1356 : * to the log.
1357 : */
1358 : }
1359 :
1360 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1361 :
1362 : /*
1363 : * On macOS, libintl replaces setlocale() with a version that calls
1364 : * CFLocaleCopyCurrent() when its second argument is "" and every relevant
1365 : * environment variable is unset or empty. CFLocaleCopyCurrent() makes
1366 : * the process multithreaded. The postmaster calls sigprocmask() and
1367 : * calls fork() without an immediate exec(), both of which have undefined
1368 : * behavior in a multithreaded program. A multithreaded postmaster is the
1369 : * normal case on Windows, which offers neither fork() nor sigprocmask().
1370 : */
1371 : if (pthread_is_threaded_np() != 0)
1372 : ereport(FATAL,
1373 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1374 : errmsg("postmaster became multithreaded during startup"),
1375 : errhint("Set the LC_ALL environment variable to a valid locale.")));
1376 : #endif
1377 :
1378 : /*
1379 : * Remember postmaster startup time
1380 : */
1381 716 : PgStartTime = GetCurrentTimestamp();
1382 :
1383 : /*
1384 : * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
1385 : * see what's happening.
1386 : */
1387 716 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STARTING);
1388 :
1389 : /*
1390 : * We're ready to rock and roll...
1391 : */
1392 716 : StartupPID = StartupDataBase();
1393 : Assert(StartupPID != 0);
1394 716 : StartupStatus = STARTUP_RUNNING;
1395 716 : pmState = PM_STARTUP;
1396 :
1397 : /* Some workers may be scheduled to start now */
1398 716 : maybe_start_bgworkers();
1399 :
1400 716 : status = ServerLoop();
1401 :
1402 : /*
1403 : * ServerLoop probably shouldn't ever return, but if it does, close down.
1404 : */
1405 0 : ExitPostmaster(status != STATUS_OK);
1406 :
1407 : abort(); /* not reached */
1408 : }
1409 :
1410 :
1411 : /*
1412 : * on_proc_exit callback to close server's listen sockets
1413 : */
1414 : static void
1415 710 : CloseServerPorts(int status, Datum arg)
1416 : {
1417 : int i;
1418 :
1419 : /*
1420 : * First, explicitly close all the socket FDs. We used to just let this
1421 : * happen implicitly at postmaster exit, but it's better to close them
1422 : * before we remove the postmaster.pid lockfile; otherwise there's a race
1423 : * condition if a new postmaster wants to re-use the TCP port number.
1424 : */
1425 46150 : for (i = 0; i < MAXLISTEN; i++)
1426 : {
1427 45440 : if (ListenSocket[i] != PGINVALID_SOCKET)
1428 : {
1429 736 : StreamClose(ListenSocket[i]);
1430 736 : ListenSocket[i] = PGINVALID_SOCKET;
1431 : }
1432 : }
1433 :
1434 : /*
1435 : * Next, remove any filesystem entries for Unix sockets. To avoid race
1436 : * conditions against incoming postmasters, this must happen after closing
1437 : * the sockets and before removing lock files.
1438 : */
1439 710 : RemoveSocketFiles();
1440 :
1441 : /*
1442 : * We don't do anything about socket lock files here; those will be
1443 : * removed in a later on_proc_exit callback.
1444 : */
1445 710 : }
1446 :
1447 : /*
1448 : * on_proc_exit callback to delete external_pid_file
1449 : */
1450 : static void
1451 0 : unlink_external_pid_file(int status, Datum arg)
1452 : {
1453 0 : if (external_pid_file)
1454 0 : unlink(external_pid_file);
1455 0 : }
1456 :
1457 :
1458 : /*
1459 : * Compute and check the directory paths to files that are part of the
1460 : * installation (as deduced from the postgres executable's own location)
1461 : */
1462 : static void
1463 730 : getInstallationPaths(const char *argv0)
1464 : {
1465 : DIR *pdir;
1466 :
1467 : /* Locate the postgres executable itself */
1468 730 : if (find_my_exec(argv0, my_exec_path) < 0)
1469 0 : elog(FATAL, "%s: could not locate my own executable path", argv0);
1470 :
1471 : #ifdef EXEC_BACKEND
1472 : /* Locate executable backend before we change working directory */
1473 : if (find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1474 : postgres_exec_path) < 0)
1475 : ereport(FATAL,
1476 : (errmsg("%s: could not locate matching postgres executable",
1477 : argv0)));
1478 : #endif
1479 :
1480 : /*
1481 : * Locate the pkglib directory --- this has to be set early in case we try
1482 : * to load any modules from it in response to postgresql.conf entries.
1483 : */
1484 730 : get_pkglib_path(my_exec_path, pkglib_path);
1485 :
1486 : /*
1487 : * Verify that there's a readable directory there; otherwise the Postgres
1488 : * installation is incomplete or corrupt. (A typical cause of this
1489 : * failure is that the postgres executable has been moved or hardlinked to
1490 : * some directory that's not a sibling of the installation lib/
1491 : * directory.)
1492 : */
1493 730 : pdir = AllocateDir(pkglib_path);
1494 730 : if (pdir == NULL)
1495 0 : ereport(ERROR,
1496 : (errcode_for_file_access(),
1497 : errmsg("could not open directory \"%s\": %m",
1498 : pkglib_path),
1499 : errhint("This may indicate an incomplete PostgreSQL installation, or that the file \"%s\" has been moved away from its proper location.",
1500 : my_exec_path)));
1501 730 : FreeDir(pdir);
1502 :
1503 : /*
1504 : * XXX is it worth similarly checking the share/ directory? If the lib/
1505 : * directory is there, then share/ probably is too.
1506 : */
1507 730 : }
1508 :
1509 : /*
1510 : * Check that pg_control exists in the correct location in the data directory.
1511 : *
1512 : * No attempt is made to validate the contents of pg_control here. This is
1513 : * just a sanity check to see if we are looking at a real data directory.
1514 : */
1515 : static void
1516 726 : checkControlFile(void)
1517 : {
1518 : char path[MAXPGPATH];
1519 : FILE *fp;
1520 :
1521 726 : snprintf(path, sizeof(path), "%s/global/pg_control", DataDir);
1522 :
1523 726 : fp = AllocateFile(path, PG_BINARY_R);
1524 726 : if (fp == NULL)
1525 : {
1526 0 : write_stderr("%s: could not find the database system\n"
1527 : "Expected to find it in the directory \"%s\",\n"
1528 : "but could not open file \"%s\": %s\n",
1529 0 : progname, DataDir, path, strerror(errno));
1530 0 : ExitPostmaster(2);
1531 : }
1532 726 : FreeFile(fp);
1533 726 : }
1534 :
1535 : /*
1536 : * Determine how long should we let ServerLoop sleep.
1537 : *
1538 : * In normal conditions we wait at most one minute, to ensure that the other
1539 : * background tasks handled by ServerLoop get done even when no requests are
1540 : * arriving. However, if there are background workers waiting to be started,
1541 : * we don't actually sleep so that they are quickly serviced. Other exception
1542 : * cases are as shown in the code.
1543 : */
1544 : static void
1545 19400 : DetermineSleepTime(struct timeval *timeout)
1546 : {
1547 19400 : TimestampTz next_wakeup = 0;
1548 :
1549 : /*
1550 : * Normal case: either there are no background workers at all, or we're in
1551 : * a shutdown sequence (during which we ignore bgworkers altogether).
1552 : */
1553 19400 : if (Shutdown > NoShutdown ||
1554 16512 : (!StartWorkerNeeded && !HaveCrashedWorker))
1555 : {
1556 19400 : if (AbortStartTime != 0)
1557 : {
1558 : /* time left to abort; clamp to 0 in case it already expired */
1559 774 : timeout->tv_sec = SIGKILL_CHILDREN_AFTER_SECS -
1560 774 : (time(NULL) - AbortStartTime);
1561 774 : timeout->tv_sec = Max(timeout->tv_sec, 0);
1562 774 : timeout->tv_usec = 0;
1563 : }
1564 : else
1565 : {
1566 18626 : timeout->tv_sec = 60;
1567 18626 : timeout->tv_usec = 0;
1568 : }
1569 19400 : return;
1570 : }
1571 :
1572 0 : if (StartWorkerNeeded)
1573 : {
1574 0 : timeout->tv_sec = 0;
1575 0 : timeout->tv_usec = 0;
1576 0 : return;
1577 : }
1578 :
1579 0 : if (HaveCrashedWorker)
1580 : {
1581 : slist_mutable_iter siter;
1582 :
1583 : /*
1584 : * When there are crashed bgworkers, we sleep just long enough that
1585 : * they are restarted when they request to be. Scan the list to
1586 : * determine the minimum of all wakeup times according to most recent
1587 : * crash time and requested restart interval.
1588 : */
1589 0 : slist_foreach_modify(siter, &BackgroundWorkerList)
1590 : {
1591 : RegisteredBgWorker *rw;
1592 : TimestampTz this_wakeup;
1593 :
1594 0 : rw = slist_container(RegisteredBgWorker, rw_lnode, siter.cur);
1595 :
1596 0 : if (rw->rw_crashed_at == 0)
1597 0 : continue;
1598 :
1599 0 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART
1600 0 : || rw->rw_terminate)
1601 : {
1602 0 : ForgetBackgroundWorker(&siter);
1603 0 : continue;
1604 : }
1605 :
1606 0 : this_wakeup = TimestampTzPlusMilliseconds(rw->rw_crashed_at,
1607 : 1000L * rw->rw_worker.bgw_restart_time);
1608 0 : if (next_wakeup == 0 || this_wakeup < next_wakeup)
1609 0 : next_wakeup = this_wakeup;
1610 : }
1611 : }
1612 :
1613 0 : if (next_wakeup != 0)
1614 : {
1615 : long secs;
1616 : int microsecs;
1617 :
1618 0 : TimestampDifference(GetCurrentTimestamp(), next_wakeup,
1619 : &secs, µsecs);
1620 0 : timeout->tv_sec = secs;
1621 0 : timeout->tv_usec = microsecs;
1622 :
1623 : /* Ensure we don't exceed one minute */
1624 0 : if (timeout->tv_sec > 60)
1625 : {
1626 0 : timeout->tv_sec = 60;
1627 0 : timeout->tv_usec = 0;
1628 : }
1629 : }
1630 : else
1631 : {
1632 0 : timeout->tv_sec = 60;
1633 0 : timeout->tv_usec = 0;
1634 : }
1635 : }
1636 :
1637 : /*
1638 : * Main idle loop of postmaster
1639 : *
1640 : * NB: Needs to be called with signals blocked
1641 : */
1642 : static int
1643 716 : ServerLoop(void)
1644 : {
1645 : fd_set readmask;
1646 : int nSockets;
1647 : time_t last_lockfile_recheck_time,
1648 : last_touch_time;
1649 :
1650 716 : last_lockfile_recheck_time = last_touch_time = time(NULL);
1651 :
1652 716 : nSockets = initMasks(&readmask);
1653 :
1654 : for (;;)
1655 19416 : {
1656 : fd_set rmask;
1657 : int selres;
1658 : time_t now;
1659 :
1660 : /*
1661 : * Wait for a connection request to arrive.
1662 : *
1663 : * We block all signals except while sleeping. That makes it safe for
1664 : * signal handlers, which again block all signals while executing, to
1665 : * do nontrivial work.
1666 : *
1667 : * If we are in PM_WAIT_DEAD_END state, then we don't want to accept
1668 : * any new connections, so we don't call select(), and just sleep.
1669 : */
1670 20132 : memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
1671 :
1672 20132 : if (pmState == PM_WAIT_DEAD_END)
1673 : {
1674 732 : PG_SETMASK(&UnBlockSig);
1675 :
1676 732 : pg_usleep(100000L); /* 100 msec seems reasonable */
1677 50 : selres = 0;
1678 :
1679 50 : PG_SETMASK(&BlockSig);
1680 : }
1681 : else
1682 : {
1683 : /* must set timeout each time; some OSes change it! */
1684 : struct timeval timeout;
1685 :
1686 : /* Needs to run with blocked signals! */
1687 19400 : DetermineSleepTime(&timeout);
1688 :
1689 19400 : PG_SETMASK(&UnBlockSig);
1690 :
1691 19400 : selres = select(nSockets, &rmask, NULL, NULL, &timeout);
1692 :
1693 19368 : PG_SETMASK(&BlockSig);
1694 : }
1695 :
1696 : /* Now check the select() result */
1697 19418 : if (selres < 0)
1698 : {
1699 11290 : if (errno != EINTR && errno != EWOULDBLOCK)
1700 : {
1701 0 : ereport(LOG,
1702 : (errcode_for_socket_access(),
1703 : errmsg("select() failed in postmaster: %m")));
1704 0 : return STATUS_ERROR;
1705 : }
1706 : }
1707 :
1708 : /*
1709 : * New connection pending on any of our sockets? If so, fork a child
1710 : * process to deal with it.
1711 : */
1712 19418 : if (selres > 0)
1713 : {
1714 : int i;
1715 :
1716 16558 : for (i = 0; i < MAXLISTEN; i++)
1717 : {
1718 16558 : if (ListenSocket[i] == PGINVALID_SOCKET)
1719 8076 : break;
1720 8482 : if (FD_ISSET(ListenSocket[i], &rmask))
1721 : {
1722 : Port *port;
1723 :
1724 8078 : port = ConnCreate(ListenSocket[i]);
1725 8078 : if (port)
1726 : {
1727 8078 : BackendStartup(port);
1728 :
1729 : /*
1730 : * We no longer need the open socket or port structure
1731 : * in this process
1732 : */
1733 8076 : StreamClose(port->sock);
1734 8076 : ConnFree(port);
1735 : }
1736 : }
1737 : }
1738 : }
1739 :
1740 : /* If we have lost the log collector, try to start a new one */
1741 19416 : if (SysLoggerPID == 0 && Logging_collector)
1742 0 : SysLoggerPID = SysLogger_Start();
1743 :
1744 : /*
1745 : * If no background writer process is running, and we are not in a
1746 : * state that prevents it, start one. It doesn't matter if this
1747 : * fails, we'll just try again later. Likewise for the checkpointer.
1748 : */
1749 19416 : if (pmState == PM_RUN || pmState == PM_RECOVERY ||
1750 4638 : pmState == PM_HOT_STANDBY)
1751 : {
1752 15726 : if (CheckpointerPID == 0)
1753 0 : CheckpointerPID = StartCheckpointer();
1754 15726 : if (BgWriterPID == 0)
1755 0 : BgWriterPID = StartBackgroundWriter();
1756 : }
1757 :
1758 : /*
1759 : * Likewise, if we have lost the walwriter process, try to start a new
1760 : * one. But this is needed only in normal operation (else we cannot
1761 : * be writing any new WAL).
1762 : */
1763 19416 : if (WalWriterPID == 0 && pmState == PM_RUN)
1764 0 : WalWriterPID = StartWalWriter();
1765 :
1766 : /*
1767 : * If we have lost the autovacuum launcher, try to start a new one. We
1768 : * don't want autovacuum to run in binary upgrade mode because
1769 : * autovacuum might update relfrozenxid for empty tables before the
1770 : * physical files are put in place.
1771 : */
1772 22704 : if (!IsBinaryUpgrade && AutoVacPID == 0 &&
1773 3658 : (AutoVacuumingActive() || start_autovac_launcher) &&
1774 2918 : pmState == PM_RUN)
1775 : {
1776 0 : AutoVacPID = StartAutoVacLauncher();
1777 0 : if (AutoVacPID != 0)
1778 0 : start_autovac_launcher = false; /* signal processed */
1779 : }
1780 :
1781 : /* If we have lost the stats collector, try to start a new one */
1782 19416 : if (PgStatPID == 0 &&
1783 98 : (pmState == PM_RUN || pmState == PM_HOT_STANDBY))
1784 0 : PgStatPID = pgstat_start();
1785 :
1786 : /* If we have lost the archiver, try to start a new one. */
1787 19416 : if (PgArchPID == 0 && PgArchStartupAllowed())
1788 0 : PgArchPID = pgarch_start();
1789 :
1790 : /* If we need to signal the autovacuum launcher, do so now */
1791 19416 : if (avlauncher_needs_signal)
1792 : {
1793 0 : avlauncher_needs_signal = false;
1794 0 : if (AutoVacPID != 0)
1795 0 : kill(AutoVacPID, SIGUSR2);
1796 : }
1797 :
1798 : /* If we need to start a WAL receiver, try to do that now */
1799 19416 : if (WalReceiverRequested)
1800 216 : MaybeStartWalReceiver();
1801 :
1802 : /* Get other worker processes running, if needed */
1803 19416 : if (StartWorkerNeeded || HaveCrashedWorker)
1804 3506 : maybe_start_bgworkers();
1805 :
1806 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1807 :
1808 : /*
1809 : * With assertions enabled, check regularly for appearance of
1810 : * additional threads. All builds check at start and exit.
1811 : */
1812 : Assert(pthread_is_threaded_np() == 0);
1813 : #endif
1814 :
1815 : /*
1816 : * Lastly, check to see if it's time to do some things that we don't
1817 : * want to do every single time through the loop, because they're a
1818 : * bit expensive. Note that there's up to a minute of slop in when
1819 : * these tasks will be performed, since DetermineSleepTime() will let
1820 : * us sleep at most that long; except for SIGKILL timeout which has
1821 : * special-case logic there.
1822 : */
1823 19416 : now = time(NULL);
1824 :
1825 : /*
1826 : * If we already sent SIGQUIT to children and they are slow to shut
1827 : * down, it's time to send them SIGKILL. This doesn't happen
1828 : * normally, but under certain conditions backends can get stuck while
1829 : * shutting down. This is a last measure to get them unwedged.
1830 : *
1831 : * Note we also do this during recovery from a process crash.
1832 : */
1833 19416 : if ((Shutdown >= ImmediateShutdown || (FatalError && !SendStop)) &&
1834 1134 : AbortStartTime != 0 &&
1835 1126 : (now - AbortStartTime) >= SIGKILL_CHILDREN_AFTER_SECS)
1836 : {
1837 : /* We were gentle with them before. Not anymore */
1838 0 : TerminateChildren(SIGKILL);
1839 : /* reset flag so we don't SIGKILL again */
1840 0 : AbortStartTime = 0;
1841 : }
1842 :
1843 : /*
1844 : * Once a minute, verify that postmaster.pid hasn't been removed or
1845 : * overwritten. If it has, we force a shutdown. This avoids having
1846 : * postmasters and child processes hanging around after their database
1847 : * is gone, and maybe causing problems if a new database cluster is
1848 : * created in the same place. It also provides some protection
1849 : * against a DBA foolishly removing postmaster.pid and manually
1850 : * starting a new postmaster. Data corruption is likely to ensue from
1851 : * that anyway, but we can minimize the damage by aborting ASAP.
1852 : */
1853 19416 : if (now - last_lockfile_recheck_time >= 1 * SECS_PER_MINUTE)
1854 : {
1855 10 : if (!RecheckDataDirLockFile())
1856 : {
1857 0 : ereport(LOG,
1858 : (errmsg("performing immediate shutdown because data directory lock file is invalid")));
1859 0 : kill(MyProcPid, SIGQUIT);
1860 : }
1861 10 : last_lockfile_recheck_time = now;
1862 : }
1863 :
1864 : /*
1865 : * Touch Unix socket and lock files every 58 minutes, to ensure that
1866 : * they are not removed by overzealous /tmp-cleaning tasks. We assume
1867 : * no one runs cleaners with cutoff times of less than an hour ...
1868 : */
1869 19416 : if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
1870 : {
1871 0 : TouchSocketFiles();
1872 0 : TouchSocketLockFiles();
1873 0 : last_touch_time = now;
1874 : }
1875 : }
1876 : }
1877 :
1878 : /*
1879 : * Initialise the masks for select() for the ports we are listening on.
1880 : * Return the number of sockets to listen on.
1881 : */
1882 : static int
1883 716 : initMasks(fd_set *rmask)
1884 : {
1885 716 : int maxsock = -1;
1886 : int i;
1887 :
1888 716 : FD_ZERO(rmask);
1889 :
1890 1458 : for (i = 0; i < MAXLISTEN; i++)
1891 : {
1892 1458 : int fd = ListenSocket[i];
1893 :
1894 1458 : if (fd == PGINVALID_SOCKET)
1895 716 : break;
1896 742 : FD_SET(fd, rmask);
1897 :
1898 742 : if (fd > maxsock)
1899 742 : maxsock = fd;
1900 : }
1901 :
1902 716 : return maxsock + 1;
1903 : }
1904 :
1905 :
1906 : /*
1907 : * Read a client's startup packet and do something according to it.
1908 : *
1909 : * Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
1910 : * not return at all.
1911 : *
1912 : * (Note that ereport(FATAL) stuff is sent to the client, so only use it
1913 : * if that's what you want. Return STATUS_ERROR if you don't want to
1914 : * send anything to the client, which would typically be appropriate
1915 : * if we detect a communications failure.)
1916 : *
1917 : * Set ssl_done and/or gss_done when negotiation of an encrypted layer
1918 : * (currently, TLS or GSSAPI) is completed. A successful negotiation of either
1919 : * encryption layer sets both flags, but a rejected negotiation sets only the
1920 : * flag for that layer, since the client may wish to try the other one. We
1921 : * should make no assumption here about the order in which the client may make
1922 : * requests.
1923 : */
1924 : static int
1925 8262 : ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
1926 : {
1927 : int32 len;
1928 : void *buf;
1929 : ProtocolVersion proto;
1930 : MemoryContext oldcontext;
1931 :
1932 8262 : pq_startmsgread();
1933 :
1934 : /*
1935 : * Grab the first byte of the length word separately, so that we can tell
1936 : * whether we have no data at all or an incomplete packet. (This might
1937 : * sound inefficient, but it's not really, because of buffering in
1938 : * pqcomm.c.)
1939 : */
1940 8262 : if (pq_getbytes((char *) &len, 1) == EOF)
1941 : {
1942 : /*
1943 : * If we get no data at all, don't clutter the log with a complaint;
1944 : * such cases often occur for legitimate reasons. An example is that
1945 : * we might be here after responding to NEGOTIATE_SSL_CODE, and if the
1946 : * client didn't like our response, it'll probably just drop the
1947 : * connection. Service-monitoring software also often just opens and
1948 : * closes a connection without sending anything. (So do port
1949 : * scanners, which may be less benign, but it's not really our job to
1950 : * notice those.)
1951 : */
1952 6 : return STATUS_ERROR;
1953 : }
1954 :
1955 8256 : if (pq_getbytes(((char *) &len) + 1, 3) == EOF)
1956 : {
1957 : /* Got a partial length word, so bleat about that */
1958 0 : if (!ssl_done && !gss_done)
1959 0 : ereport(COMMERROR,
1960 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1961 : errmsg("incomplete startup packet")));
1962 0 : return STATUS_ERROR;
1963 : }
1964 :
1965 8256 : len = pg_ntoh32(len);
1966 8256 : len -= 4;
1967 :
1968 8256 : if (len < (int32) sizeof(ProtocolVersion) ||
1969 8256 : len > MAX_STARTUP_PACKET_LENGTH)
1970 : {
1971 0 : ereport(COMMERROR,
1972 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1973 : errmsg("invalid length of startup packet")));
1974 0 : return STATUS_ERROR;
1975 : }
1976 :
1977 : /*
1978 : * Allocate at least the size of an old-style startup packet, plus one
1979 : * extra byte, and make sure all are zeroes. This ensures we will have
1980 : * null termination of all strings, in both fixed- and variable-length
1981 : * packet layouts.
1982 : */
1983 8256 : if (len <= (int32) sizeof(StartupPacket))
1984 8256 : buf = palloc0(sizeof(StartupPacket) + 1);
1985 : else
1986 0 : buf = palloc0(len + 1);
1987 :
1988 8256 : if (pq_getbytes(buf, len) == EOF)
1989 : {
1990 0 : ereport(COMMERROR,
1991 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1992 : errmsg("incomplete startup packet")));
1993 0 : return STATUS_ERROR;
1994 : }
1995 8256 : pq_endmsgread();
1996 :
1997 : /*
1998 : * The first field is either a protocol version number or a special
1999 : * request code.
2000 : */
2001 8256 : port->proto = proto = pg_ntoh32(*((ProtocolVersion *) buf));
2002 :
2003 8256 : if (proto == CANCEL_REQUEST_CODE)
2004 : {
2005 2 : processCancelRequest(port, buf);
2006 : /* Not really an error, but we don't want to proceed further */
2007 2 : return STATUS_ERROR;
2008 : }
2009 :
2010 8254 : if (proto == NEGOTIATE_SSL_CODE && !ssl_done)
2011 : {
2012 : char SSLok;
2013 :
2014 : #ifdef USE_SSL
2015 : /* No SSL when disabled or on Unix sockets */
2016 390 : if (!LoadedSSL || IS_AF_UNIX(port->laddr.addr.ss_family))
2017 292 : SSLok = 'N';
2018 : else
2019 98 : SSLok = 'S'; /* Support for SSL */
2020 : #else
2021 : SSLok = 'N'; /* No support for SSL */
2022 : #endif
2023 :
2024 390 : retry1:
2025 390 : if (send(port->sock, &SSLok, 1, 0) != 1)
2026 : {
2027 0 : if (errno == EINTR)
2028 0 : goto retry1; /* if interrupted, just retry */
2029 0 : ereport(COMMERROR,
2030 : (errcode_for_socket_access(),
2031 : errmsg("failed to send SSL negotiation response: %m")));
2032 0 : return STATUS_ERROR; /* close the connection */
2033 : }
2034 :
2035 : #ifdef USE_SSL
2036 390 : if (SSLok == 'S' && secure_open_server(port) == -1)
2037 22 : return STATUS_ERROR;
2038 : #endif
2039 :
2040 : /*
2041 : * regular startup packet, cancel, etc packet should follow, but not
2042 : * another SSL negotiation request, and a GSS request should only
2043 : * follow if SSL was rejected (client may negotiate in either order)
2044 : */
2045 368 : return ProcessStartupPacket(port, true, SSLok == 'S');
2046 : }
2047 7864 : else if (proto == NEGOTIATE_GSS_CODE && !gss_done)
2048 : {
2049 0 : char GSSok = 'N';
2050 : #ifdef ENABLE_GSS
2051 : /* No GSSAPI encryption when on Unix socket */
2052 : if (!IS_AF_UNIX(port->laddr.addr.ss_family))
2053 : GSSok = 'G';
2054 : #endif
2055 :
2056 0 : while (send(port->sock, &GSSok, 1, 0) != 1)
2057 : {
2058 0 : if (errno == EINTR)
2059 0 : continue;
2060 0 : ereport(COMMERROR,
2061 : (errcode_for_socket_access(),
2062 : errmsg("failed to send GSSAPI negotiation response: %m")));
2063 0 : return STATUS_ERROR; /* close the connection */
2064 : }
2065 :
2066 : #ifdef ENABLE_GSS
2067 : if (GSSok == 'G' && secure_open_gssapi(port) == -1)
2068 : return STATUS_ERROR;
2069 : #endif
2070 :
2071 : /*
2072 : * regular startup packet, cancel, etc packet should follow, but not
2073 : * another GSS negotiation request, and an SSL request should only
2074 : * follow if GSS was rejected (client may negotiate in either order)
2075 : */
2076 0 : return ProcessStartupPacket(port, GSSok == 'G', true);
2077 : }
2078 :
2079 : /* Could add additional special packet types here */
2080 :
2081 : /*
2082 : * Set FrontendProtocol now so that ereport() knows what format to send if
2083 : * we fail during startup.
2084 : */
2085 7864 : FrontendProtocol = proto;
2086 :
2087 : /* Check that the major protocol version is in range. */
2088 7864 : if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
2089 7864 : PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST))
2090 0 : ereport(FATAL,
2091 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
2092 : errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
2093 : PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
2094 : PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
2095 : PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
2096 : PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));
2097 :
2098 : /*
2099 : * Now fetch parameters out of startup packet and save them into the Port
2100 : * structure. All data structures attached to the Port struct must be
2101 : * allocated in TopMemoryContext so that they will remain available in a
2102 : * running backend (even after PostmasterContext is destroyed). We need
2103 : * not worry about leaking this storage on failure, since we aren't in the
2104 : * postmaster process anymore.
2105 : */
2106 7864 : oldcontext = MemoryContextSwitchTo(TopMemoryContext);
2107 :
2108 7864 : if (PG_PROTOCOL_MAJOR(proto) >= 3)
2109 : {
2110 7864 : int32 offset = sizeof(ProtocolVersion);
2111 7864 : List *unrecognized_protocol_options = NIL;
2112 :
2113 : /*
2114 : * Scan packet body for name/option pairs. We can assume any string
2115 : * beginning within the packet body is null-terminated, thanks to
2116 : * zeroing extra byte above.
2117 : */
2118 7864 : port->guc_options = NIL;
2119 :
2120 42766 : while (offset < len)
2121 : {
2122 42766 : char *nameptr = ((char *) buf) + offset;
2123 : int32 valoffset;
2124 : char *valptr;
2125 :
2126 42766 : if (*nameptr == '\0')
2127 7864 : break; /* found packet terminator */
2128 34902 : valoffset = offset + strlen(nameptr) + 1;
2129 34902 : if (valoffset >= len)
2130 0 : break; /* missing value, will complain below */
2131 34902 : valptr = ((char *) buf) + valoffset;
2132 :
2133 34902 : if (strcmp(nameptr, "database") == 0)
2134 7864 : port->database_name = pstrdup(valptr);
2135 27038 : else if (strcmp(nameptr, "user") == 0)
2136 7864 : port->user_name = pstrdup(valptr);
2137 19174 : else if (strcmp(nameptr, "options") == 0)
2138 3390 : port->cmdline_options = pstrdup(valptr);
2139 15784 : else if (strcmp(nameptr, "replication") == 0)
2140 : {
2141 : /*
2142 : * Due to backward compatibility concerns the replication
2143 : * parameter is a hybrid beast which allows the value to be
2144 : * either boolean or the string 'database'. The latter
2145 : * connects to a specific database which is e.g. required for
2146 : * logical decoding while.
2147 : */
2148 642 : if (strcmp(valptr, "database") == 0)
2149 : {
2150 226 : am_walsender = true;
2151 226 : am_db_walsender = true;
2152 : }
2153 416 : else if (!parse_bool(valptr, &am_walsender))
2154 0 : ereport(FATAL,
2155 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2156 : errmsg("invalid value for parameter \"%s\": \"%s\"",
2157 : "replication",
2158 : valptr),
2159 : errhint("Valid values are: \"false\", 0, \"true\", 1, \"database\".")));
2160 : }
2161 15142 : else if (strncmp(nameptr, "_pq_.", 5) == 0)
2162 : {
2163 : /*
2164 : * Any option beginning with _pq_. is reserved for use as a
2165 : * protocol-level option, but at present no such options are
2166 : * defined.
2167 : */
2168 : unrecognized_protocol_options =
2169 0 : lappend(unrecognized_protocol_options, pstrdup(nameptr));
2170 : }
2171 : else
2172 : {
2173 : /* Assume it's a generic GUC option */
2174 15142 : port->guc_options = lappend(port->guc_options,
2175 15142 : pstrdup(nameptr));
2176 15142 : port->guc_options = lappend(port->guc_options,
2177 15142 : pstrdup(valptr));
2178 :
2179 : /*
2180 : * Copy application_name to port if we come across it. This
2181 : * is done so we can log the application_name in the
2182 : * connection authorization message. Note that the GUC would
2183 : * be used but we haven't gone through GUC setup yet.
2184 : */
2185 15142 : if (strcmp(nameptr, "application_name") == 0)
2186 : {
2187 7776 : char *tmp_app_name = pstrdup(valptr);
2188 :
2189 7776 : pg_clean_ascii(tmp_app_name);
2190 :
2191 7776 : port->application_name = tmp_app_name;
2192 : }
2193 : }
2194 34902 : offset = valoffset + strlen(valptr) + 1;
2195 : }
2196 :
2197 : /*
2198 : * If we didn't find a packet terminator exactly at the end of the
2199 : * given packet length, complain.
2200 : */
2201 7864 : if (offset != len - 1)
2202 0 : ereport(FATAL,
2203 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2204 : errmsg("invalid startup packet layout: expected terminator as last byte")));
2205 :
2206 : /*
2207 : * If the client requested a newer protocol version or if the client
2208 : * requested any protocol options we didn't recognize, let them know
2209 : * the newest minor protocol version we do support and the names of
2210 : * any unrecognized options.
2211 : */
2212 7864 : if (PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST) ||
2213 : unrecognized_protocol_options != NIL)
2214 0 : SendNegotiateProtocolVersion(unrecognized_protocol_options);
2215 : }
2216 : else
2217 : {
2218 : /*
2219 : * Get the parameters from the old-style, fixed-width-fields startup
2220 : * packet as C strings. The packet destination was cleared first so a
2221 : * short packet has zeros silently added. We have to be prepared to
2222 : * truncate the pstrdup result for oversize fields, though.
2223 : */
2224 0 : StartupPacket *packet = (StartupPacket *) buf;
2225 :
2226 0 : port->database_name = pstrdup(packet->database);
2227 0 : if (strlen(port->database_name) > sizeof(packet->database))
2228 0 : port->database_name[sizeof(packet->database)] = '\0';
2229 0 : port->user_name = pstrdup(packet->user);
2230 0 : if (strlen(port->user_name) > sizeof(packet->user))
2231 0 : port->user_name[sizeof(packet->user)] = '\0';
2232 0 : port->cmdline_options = pstrdup(packet->options);
2233 0 : if (strlen(port->cmdline_options) > sizeof(packet->options))
2234 0 : port->cmdline_options[sizeof(packet->options)] = '\0';
2235 0 : port->guc_options = NIL;
2236 : }
2237 :
2238 : /* Check a user name was given. */
2239 7864 : if (port->user_name == NULL || port->user_name[0] == '\0')
2240 0 : ereport(FATAL,
2241 : (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
2242 : errmsg("no PostgreSQL user name specified in startup packet")));
2243 :
2244 : /* The database defaults to the user name. */
2245 7864 : if (port->database_name == NULL || port->database_name[0] == '\0')
2246 0 : port->database_name = pstrdup(port->user_name);
2247 :
2248 7864 : if (Db_user_namespace)
2249 : {
2250 : /*
2251 : * If user@, it is a global user, remove '@'. We only want to do this
2252 : * if there is an '@' at the end and no earlier in the user string or
2253 : * they may fake as a local user of another database attaching to this
2254 : * database.
2255 : */
2256 0 : if (strchr(port->user_name, '@') ==
2257 0 : port->user_name + strlen(port->user_name) - 1)
2258 0 : *strchr(port->user_name, '@') = '\0';
2259 : else
2260 : {
2261 : /* Append '@' and dbname */
2262 0 : port->user_name = psprintf("%s@%s", port->user_name, port->database_name);
2263 : }
2264 : }
2265 :
2266 : /*
2267 : * Truncate given database and user names to length of a Postgres name.
2268 : * This avoids lookup failures when overlength names are given.
2269 : */
2270 7864 : if (strlen(port->database_name) >= NAMEDATALEN)
2271 0 : port->database_name[NAMEDATALEN - 1] = '\0';
2272 7864 : if (strlen(port->user_name) >= NAMEDATALEN)
2273 0 : port->user_name[NAMEDATALEN - 1] = '\0';
2274 :
2275 7864 : if (am_walsender)
2276 642 : MyBackendType = B_WAL_SENDER;
2277 : else
2278 7222 : MyBackendType = B_BACKEND;
2279 :
2280 : /*
2281 : * Normal walsender backends, e.g. for streaming replication, are not
2282 : * connected to a particular database. But walsenders used for logical
2283 : * replication need to connect to a specific database. We allow streaming
2284 : * replication commands to be issued even if connected to a database as it
2285 : * can make sense to first make a basebackup and then stream changes
2286 : * starting from that.
2287 : */
2288 7864 : if (am_walsender && !am_db_walsender)
2289 416 : port->database_name[0] = '\0';
2290 :
2291 : /*
2292 : * Done putting stuff in TopMemoryContext.
2293 : */
2294 7864 : MemoryContextSwitchTo(oldcontext);
2295 :
2296 : /*
2297 : * If we're going to reject the connection due to database state, say so
2298 : * now instead of wasting cycles on an authentication exchange. (This also
2299 : * allows a pg_ping utility to be written.)
2300 : */
2301 7864 : switch (port->canAcceptConnections)
2302 : {
2303 38 : case CAC_STARTUP:
2304 38 : ereport(FATAL,
2305 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2306 : errmsg("the database system is starting up")));
2307 : break;
2308 0 : case CAC_SHUTDOWN:
2309 0 : ereport(FATAL,
2310 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2311 : errmsg("the database system is shutting down")));
2312 : break;
2313 4 : case CAC_RECOVERY:
2314 4 : ereport(FATAL,
2315 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2316 : errmsg("the database system is in recovery mode")));
2317 : break;
2318 0 : case CAC_TOOMANY:
2319 0 : ereport(FATAL,
2320 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
2321 : errmsg("sorry, too many clients already")));
2322 : break;
2323 0 : case CAC_WAITBACKUP:
2324 : /* OK for now, will check in InitPostgres */
2325 0 : break;
2326 7822 : case CAC_OK:
2327 7822 : break;
2328 : }
2329 :
2330 7822 : return STATUS_OK;
2331 : }
2332 :
2333 : /*
2334 : * Send a NegotiateProtocolVersion to the client. This lets the client know
2335 : * that they have requested a newer minor protocol version than we are able
2336 : * to speak. We'll speak the highest version we know about; the client can,
2337 : * of course, abandon the connection if that's a problem.
2338 : *
2339 : * We also include in the response a list of protocol options we didn't
2340 : * understand. This allows clients to include optional parameters that might
2341 : * be present either in newer protocol versions or third-party protocol
2342 : * extensions without fear of having to reconnect if those options are not
2343 : * understood, while at the same time making certain that the client is aware
2344 : * of which options were actually accepted.
2345 : */
2346 : static void
2347 0 : SendNegotiateProtocolVersion(List *unrecognized_protocol_options)
2348 : {
2349 : StringInfoData buf;
2350 : ListCell *lc;
2351 :
2352 0 : pq_beginmessage(&buf, 'v'); /* NegotiateProtocolVersion */
2353 0 : pq_sendint32(&buf, PG_PROTOCOL_LATEST);
2354 0 : pq_sendint32(&buf, list_length(unrecognized_protocol_options));
2355 0 : foreach(lc, unrecognized_protocol_options)
2356 0 : pq_sendstring(&buf, lfirst(lc));
2357 0 : pq_endmessage(&buf);
2358 :
2359 : /* no need to flush, some other message will follow */
2360 0 : }
2361 :
2362 : /*
2363 : * The client has sent a cancel request packet, not a normal
2364 : * start-a-new-connection packet. Perform the necessary processing.
2365 : * Nothing is sent back to the client.
2366 : */
2367 : static void
2368 2 : processCancelRequest(Port *port, void *pkt)
2369 : {
2370 2 : CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
2371 : int backendPID;
2372 : int32 cancelAuthCode;
2373 : Backend *bp;
2374 :
2375 : #ifndef EXEC_BACKEND
2376 : dlist_iter iter;
2377 : #else
2378 : int i;
2379 : #endif
2380 :
2381 2 : backendPID = (int) pg_ntoh32(canc->backendPID);
2382 2 : cancelAuthCode = (int32) pg_ntoh32(canc->cancelAuthCode);
2383 :
2384 : /*
2385 : * See if we have a matching backend. In the EXEC_BACKEND case, we can no
2386 : * longer access the postmaster's own backend list, and must rely on the
2387 : * duplicate array in shared memory.
2388 : */
2389 : #ifndef EXEC_BACKEND
2390 2 : dlist_foreach(iter, &BackendList)
2391 : {
2392 2 : bp = dlist_container(Backend, elem, iter.cur);
2393 : #else
2394 : for (i = MaxLivePostmasterChildren() - 1; i >= 0; i--)
2395 : {
2396 : bp = (Backend *) &ShmemBackendArray[i];
2397 : #endif
2398 2 : if (bp->pid == backendPID)
2399 : {
2400 2 : if (bp->cancel_key == cancelAuthCode)
2401 : {
2402 : /* Found a match; signal that backend to cancel current op */
2403 2 : ereport(DEBUG2,
2404 : (errmsg_internal("processing cancel request: sending SIGINT to process %d",
2405 : backendPID)));
2406 2 : signal_child(bp->pid, SIGINT);
2407 : }
2408 : else
2409 : /* Right PID, wrong key: no way, Jose */
2410 0 : ereport(LOG,
2411 : (errmsg("wrong key in cancel request for process %d",
2412 : backendPID)));
2413 2 : return;
2414 : }
2415 : #ifndef EXEC_BACKEND /* make GNU Emacs 26.1 see brace balance */
2416 : }
2417 : #else
2418 : }
2419 : #endif
2420 :
2421 : /* No matching backend */
2422 0 : ereport(LOG,
2423 : (errmsg("PID %d in cancel request did not match any process",
2424 : backendPID)));
2425 : }
2426 :
2427 : /*
2428 : * canAcceptConnections --- check to see if database state allows connections
2429 : * of the specified type. backend_type can be BACKEND_TYPE_NORMAL,
2430 : * BACKEND_TYPE_AUTOVAC, or BACKEND_TYPE_BGWORKER. (Note that we don't yet
2431 : * know whether a NORMAL connection might turn into a walsender.)
2432 : */
2433 : static CAC_state
2434 10508 : canAcceptConnections(int backend_type)
2435 : {
2436 10508 : CAC_state result = CAC_OK;
2437 :
2438 : /*
2439 : * Can't start backends when in startup/shutdown/inconsistent recovery
2440 : * state. We treat autovac workers the same as user backends for this
2441 : * purpose. However, bgworkers are excluded from this test; we expect
2442 : * bgworker_should_start_now() decided whether the DB state allows them.
2443 : *
2444 : * In state PM_WAIT_BACKUP only superusers can connect (this must be
2445 : * allowed so that a superuser can end online backup mode); we return
2446 : * CAC_WAITBACKUP code to indicate that this must be checked later. Note
2447 : * that neither CAC_OK nor CAC_WAITBACKUP can safely be returned until we
2448 : * have checked for too many children.
2449 : */
2450 10508 : if (pmState != PM_RUN &&
2451 : backend_type != BACKEND_TYPE_BGWORKER)
2452 : {
2453 312 : if (pmState == PM_WAIT_BACKUP)
2454 0 : result = CAC_WAITBACKUP; /* allow superusers only */
2455 312 : else if (Shutdown > NoShutdown)
2456 0 : return CAC_SHUTDOWN; /* shutdown is pending */
2457 312 : else if (!FatalError &&
2458 308 : (pmState == PM_STARTUP ||
2459 270 : pmState == PM_RECOVERY))
2460 38 : return CAC_STARTUP; /* normal startup */
2461 274 : else if (!FatalError &&
2462 270 : pmState == PM_HOT_STANDBY)
2463 270 : result = CAC_OK; /* connection OK during hot standby */
2464 : else
2465 4 : return CAC_RECOVERY; /* else must be crash recovery */
2466 : }
2467 :
2468 : /*
2469 : * Don't start too many children.
2470 : *
2471 : * We allow more connections here than we can have backends because some
2472 : * might still be authenticating; they might fail auth, or some existing
2473 : * backend might exit before the auth cycle is completed. The exact
2474 : * MaxBackends limit is enforced when a new backend tries to join the
2475 : * shared-inval backend array.
2476 : *
2477 : * The limit here must match the sizes of the per-child-process arrays;
2478 : * see comments for MaxLivePostmasterChildren().
2479 : */
2480 10466 : if (CountChildren(BACKEND_TYPE_ALL) >= MaxLivePostmasterChildren())
2481 0 : result = CAC_TOOMANY;
2482 :
2483 10466 : return result;
2484 : }
2485 :
2486 :
2487 : /*
2488 : * ConnCreate -- create a local connection data structure
2489 : *
2490 : * Returns NULL on failure, other than out-of-memory which is fatal.
2491 : */
2492 : static Port *
2493 8078 : ConnCreate(int serverFd)
2494 : {
2495 : Port *port;
2496 :
2497 8078 : if (!(port = (Port *) calloc(1, sizeof(Port))))
2498 : {
2499 0 : ereport(LOG,
2500 : (errcode(ERRCODE_OUT_OF_MEMORY),
2501 : errmsg("out of memory")));
2502 0 : ExitPostmaster(1);
2503 : }
2504 :
2505 8078 : if (StreamConnection(serverFd, port) != STATUS_OK)
2506 : {
2507 0 : if (port->sock != PGINVALID_SOCKET)
2508 0 : StreamClose(port->sock);
2509 0 : ConnFree(port);
2510 0 : return NULL;
2511 : }
2512 :
2513 : /*
2514 : * Allocate GSSAPI specific state struct
2515 : */
2516 : #ifndef EXEC_BACKEND
2517 : #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
2518 : port->gss = (pg_gssinfo *) calloc(1, sizeof(pg_gssinfo));
2519 : if (!port->gss)
2520 : {
2521 : ereport(LOG,
2522 : (errcode(ERRCODE_OUT_OF_MEMORY),
2523 : errmsg("out of memory")));
2524 : ExitPostmaster(1);
2525 : }
2526 : #endif
2527 : #endif
2528 :
2529 8078 : return port;
2530 : }
2531 :
2532 :
2533 : /*
2534 : * ConnFree -- free a local connection data structure
2535 : */
2536 : static void
2537 8076 : ConnFree(Port *conn)
2538 : {
2539 : #ifdef USE_SSL
2540 8076 : secure_close(conn);
2541 : #endif
2542 8076 : if (conn->gss)
2543 0 : free(conn->gss);
2544 8076 : free(conn);
2545 8076 : }
2546 :
2547 :
2548 : /*
2549 : * ClosePostmasterPorts -- close all the postmaster's open sockets
2550 : *
2551 : * This is called during child process startup to release file descriptors
2552 : * that are not needed by that child process. The postmaster still has
2553 : * them open, of course.
2554 : *
2555 : * Note: we pass am_syslogger as a boolean because we don't want to set
2556 : * the global variable yet when this is called.
2557 : */
2558 : void
2559 13206 : ClosePostmasterPorts(bool am_syslogger)
2560 : {
2561 : int i;
2562 :
2563 : #ifndef WIN32
2564 :
2565 : /*
2566 : * Close the write end of postmaster death watch pipe. It's important to
2567 : * do this as early as possible, so that if postmaster dies, others won't
2568 : * think that it's still running because we're holding the pipe open.
2569 : */
2570 13206 : if (close(postmaster_alive_fds[POSTMASTER_FD_OWN]) != 0)
2571 0 : ereport(FATAL,
2572 : (errcode_for_file_access(),
2573 : errmsg_internal("could not close postmaster death monitoring pipe in child process: %m")));
2574 13206 : postmaster_alive_fds[POSTMASTER_FD_OWN] = -1;
2575 : /* Notify fd.c that we released one pipe FD. */
2576 13206 : ReleaseExternalFD();
2577 : #endif
2578 :
2579 : /*
2580 : * Close the postmaster's listen sockets. These aren't tracked by fd.c,
2581 : * so we don't call ReleaseExternalFD() here.
2582 : */
2583 858390 : for (i = 0; i < MAXLISTEN; i++)
2584 : {
2585 845184 : if (ListenSocket[i] != PGINVALID_SOCKET)
2586 : {
2587 13888 : StreamClose(ListenSocket[i]);
2588 13888 : ListenSocket[i] = PGINVALID_SOCKET;
2589 : }
2590 : }
2591 :
2592 : /*
2593 : * If using syslogger, close the read side of the pipe. We don't bother
2594 : * tracking this in fd.c, either.
2595 : */
2596 13206 : if (!am_syslogger)
2597 : {
2598 : #ifndef WIN32
2599 13204 : if (syslogPipe[0] >= 0)
2600 18 : close(syslogPipe[0]);
2601 13204 : syslogPipe[0] = -1;
2602 : #else
2603 : if (syslogPipe[0])
2604 : CloseHandle(syslogPipe[0]);
2605 : syslogPipe[0] = 0;
2606 : #endif
2607 : }
2608 :
2609 : #ifdef USE_BONJOUR
2610 : /* If using Bonjour, close the connection to the mDNS daemon */
2611 : if (bonjour_sdref)
2612 : close(DNSServiceRefSockFD(bonjour_sdref));
2613 : #endif
2614 13206 : }
2615 :
2616 :
2617 : /*
2618 : * InitProcessGlobals -- set MyProcPid, MyStartTime[stamp], random seeds
2619 : *
2620 : * Called early in the postmaster and every backend.
2621 : */
2622 : void
2623 15390 : InitProcessGlobals(void)
2624 : {
2625 : unsigned int rseed;
2626 :
2627 15390 : MyProcPid = getpid();
2628 15390 : MyStartTimestamp = GetCurrentTimestamp();
2629 15390 : MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
2630 :
2631 : /*
2632 : * Set a different seed for random() in every process. We want something
2633 : * unpredictable, so if possible, use high-quality random bits for the
2634 : * seed. Otherwise, fall back to a seed based on timestamp and PID.
2635 : */
2636 15390 : if (!pg_strong_random(&rseed, sizeof(rseed)))
2637 : {
2638 : /*
2639 : * Since PIDs and timestamps tend to change more frequently in their
2640 : * least significant bits, shift the timestamp left to allow a larger
2641 : * total number of seeds in a given time period. Since that would
2642 : * leave only 20 bits of the timestamp that cycle every ~1 second,
2643 : * also mix in some higher bits.
2644 : */
2645 0 : rseed = ((uint64) MyProcPid) ^
2646 0 : ((uint64) MyStartTimestamp << 12) ^
2647 0 : ((uint64) MyStartTimestamp >> 20);
2648 : }
2649 15390 : srandom(rseed);
2650 15390 : }
2651 :
2652 :
2653 : /*
2654 : * reset_shared -- reset shared memory and semaphores
2655 : */
2656 : static void
2657 722 : reset_shared(void)
2658 : {
2659 : /*
2660 : * Create or re-create shared memory and semaphores.
2661 : *
2662 : * Note: in each "cycle of life" we will normally assign the same IPC keys
2663 : * (if using SysV shmem and/or semas). This helps ensure that we will
2664 : * clean up dead IPC objects if the postmaster crashes and is restarted.
2665 : */
2666 722 : CreateSharedMemoryAndSemaphores();
2667 720 : }
2668 :
2669 :
2670 : /*
2671 : * SIGHUP -- reread config files, and tell children to do same
2672 : */
2673 : static void
2674 78 : SIGHUP_handler(SIGNAL_ARGS)
2675 : {
2676 78 : int save_errno = errno;
2677 :
2678 : /*
2679 : * We rely on the signal mechanism to have blocked all signals ... except
2680 : * on Windows, which lacks sigaction(), so we have to do it manually.
2681 : */
2682 : #ifdef WIN32
2683 : PG_SETMASK(&BlockSig);
2684 : #endif
2685 :
2686 78 : if (Shutdown <= SmartShutdown)
2687 : {
2688 78 : ereport(LOG,
2689 : (errmsg("received SIGHUP, reloading configuration files")));
2690 78 : ProcessConfigFile(PGC_SIGHUP);
2691 78 : SignalChildren(SIGHUP);
2692 78 : if (StartupPID != 0)
2693 16 : signal_child(StartupPID, SIGHUP);
2694 78 : if (BgWriterPID != 0)
2695 78 : signal_child(BgWriterPID, SIGHUP);
2696 78 : if (CheckpointerPID != 0)
2697 78 : signal_child(CheckpointerPID, SIGHUP);
2698 78 : if (WalWriterPID != 0)
2699 62 : signal_child(WalWriterPID, SIGHUP);
2700 78 : if (WalReceiverPID != 0)
2701 14 : signal_child(WalReceiverPID, SIGHUP);
2702 78 : if (AutoVacPID != 0)
2703 58 : signal_child(AutoVacPID, SIGHUP);
2704 78 : if (PgArchPID != 0)
2705 6 : signal_child(PgArchPID, SIGHUP);
2706 78 : if (SysLoggerPID != 0)
2707 0 : signal_child(SysLoggerPID, SIGHUP);
2708 78 : if (PgStatPID != 0)
2709 78 : signal_child(PgStatPID, SIGHUP);
2710 :
2711 : /* Reload authentication config files too */
2712 78 : if (!load_hba())
2713 0 : ereport(LOG,
2714 : /* translator: %s is a configuration file */
2715 : (errmsg("%s was not reloaded", "pg_hba.conf")));
2716 :
2717 78 : if (!load_ident())
2718 0 : ereport(LOG,
2719 : (errmsg("%s was not reloaded", "pg_ident.conf")));
2720 :
2721 : #ifdef USE_SSL
2722 : /* Reload SSL configuration as well */
2723 78 : if (EnableSSL)
2724 : {
2725 0 : if (secure_initialize(false) == 0)
2726 0 : LoadedSSL = true;
2727 : else
2728 0 : ereport(LOG,
2729 : (errmsg("SSL configuration was not reloaded")));
2730 : }
2731 : else
2732 : {
2733 78 : secure_destroy();
2734 78 : LoadedSSL = false;
2735 : }
2736 : #endif
2737 :
2738 : #ifdef EXEC_BACKEND
2739 : /* Update the starting-point file for future children */
2740 : write_nondefault_variables(PGC_SIGHUP);
2741 : #endif
2742 : }
2743 :
2744 : #ifdef WIN32
2745 : PG_SETMASK(&UnBlockSig);
2746 : #endif
2747 :
2748 78 : errno = save_errno;
2749 78 : }
2750 :
2751 :
2752 : /*
2753 : * pmdie -- signal handler for processing various postmaster signals.
2754 : */
2755 : static void
2756 708 : pmdie(SIGNAL_ARGS)
2757 : {
2758 708 : int save_errno = errno;
2759 :
2760 : /*
2761 : * We rely on the signal mechanism to have blocked all signals ... except
2762 : * on Windows, which lacks sigaction(), so we have to do it manually.
2763 : */
2764 : #ifdef WIN32
2765 : PG_SETMASK(&BlockSig);
2766 : #endif
2767 :
2768 708 : ereport(DEBUG2,
2769 : (errmsg_internal("postmaster received signal %d",
2770 : postgres_signal_arg)));
2771 :
2772 708 : switch (postgres_signal_arg)
2773 : {
2774 8 : case SIGTERM:
2775 :
2776 : /*
2777 : * Smart Shutdown:
2778 : *
2779 : * Wait for children to end their work, then shut down.
2780 : */
2781 8 : if (Shutdown >= SmartShutdown)
2782 0 : break;
2783 8 : Shutdown = SmartShutdown;
2784 8 : ereport(LOG,
2785 : (errmsg("received smart shutdown request")));
2786 :
2787 : /* Report status */
2788 8 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2789 : #ifdef USE_SYSTEMD
2790 : sd_notify(0, "STOPPING=1");
2791 : #endif
2792 :
2793 8 : if (pmState == PM_RUN || pmState == PM_RECOVERY ||
2794 0 : pmState == PM_HOT_STANDBY || pmState == PM_STARTUP)
2795 : {
2796 : /* autovac workers are told to shut down immediately */
2797 : /* and bgworkers too; does this need tweaking? */
2798 8 : SignalSomeChildren(SIGTERM,
2799 : BACKEND_TYPE_AUTOVAC | BACKEND_TYPE_BGWORKER);
2800 : /* and the autovac launcher too */
2801 8 : if (AutoVacPID != 0)
2802 0 : signal_child(AutoVacPID, SIGTERM);
2803 : /* and the bgwriter too */
2804 8 : if (BgWriterPID != 0)
2805 8 : signal_child(BgWriterPID, SIGTERM);
2806 : /* and the walwriter too */
2807 8 : if (WalWriterPID != 0)
2808 8 : signal_child(WalWriterPID, SIGTERM);
2809 :
2810 : /*
2811 : * If we're in recovery, we can't kill the startup process
2812 : * right away, because at present doing so does not release
2813 : * its locks. We might want to change this in a future
2814 : * release. For the time being, the PM_WAIT_READONLY state
2815 : * indicates that we're waiting for the regular (read only)
2816 : * backends to die off; once they do, we'll kill the startup
2817 : * and walreceiver processes.
2818 : */
2819 8 : pmState = (pmState == PM_RUN) ?
2820 8 : PM_WAIT_BACKUP : PM_WAIT_READONLY;
2821 : }
2822 :
2823 : /*
2824 : * Now wait for online backup mode to end and backends to exit. If
2825 : * that is already the case, PostmasterStateMachine will take the
2826 : * next step.
2827 : */
2828 8 : PostmasterStateMachine();
2829 8 : break;
2830 :
2831 384 : case SIGINT:
2832 :
2833 : /*
2834 : * Fast Shutdown:
2835 : *
2836 : * Abort all children with SIGTERM (rollback active transactions
2837 : * and exit) and shut down when they are gone.
2838 : */
2839 384 : if (Shutdown >= FastShutdown)
2840 0 : break;
2841 384 : Shutdown = FastShutdown;
2842 384 : ereport(LOG,
2843 : (errmsg("received fast shutdown request")));
2844 :
2845 : /* Report status */
2846 384 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2847 : #ifdef USE_SYSTEMD
2848 : sd_notify(0, "STOPPING=1");
2849 : #endif
2850 :
2851 384 : if (StartupPID != 0)
2852 32 : signal_child(StartupPID, SIGTERM);
2853 384 : if (BgWriterPID != 0)
2854 384 : signal_child(BgWriterPID, SIGTERM);
2855 384 : if (WalReceiverPID != 0)
2856 28 : signal_child(WalReceiverPID, SIGTERM);
2857 384 : if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2858 : {
2859 0 : SignalSomeChildren(SIGTERM, BACKEND_TYPE_BGWORKER);
2860 :
2861 : /*
2862 : * Only startup, bgwriter, walreceiver, possibly bgworkers,
2863 : * and/or checkpointer should be active in this state; we just
2864 : * signaled the first four, and we don't want to kill
2865 : * checkpointer yet.
2866 : */
2867 0 : pmState = PM_WAIT_BACKENDS;
2868 : }
2869 384 : else if (pmState == PM_RUN ||
2870 32 : pmState == PM_WAIT_BACKUP ||
2871 32 : pmState == PM_WAIT_READONLY ||
2872 32 : pmState == PM_WAIT_BACKENDS ||
2873 32 : pmState == PM_HOT_STANDBY)
2874 : {
2875 384 : ereport(LOG,
2876 : (errmsg("aborting any active transactions")));
2877 : /* shut down all backends and workers */
2878 384 : SignalSomeChildren(SIGTERM,
2879 : BACKEND_TYPE_NORMAL | BACKEND_TYPE_AUTOVAC |
2880 : BACKEND_TYPE_BGWORKER);
2881 : /* and the autovac launcher too */
2882 384 : if (AutoVacPID != 0)
2883 348 : signal_child(AutoVacPID, SIGTERM);
2884 : /* and the walwriter too */
2885 384 : if (WalWriterPID != 0)
2886 352 : signal_child(WalWriterPID, SIGTERM);
2887 384 : pmState = PM_WAIT_BACKENDS;
2888 : }
2889 :
2890 : /*
2891 : * Now wait for backends to exit. If there are none,
2892 : * PostmasterStateMachine will take the next step.
2893 : */
2894 384 : PostmasterStateMachine();
2895 384 : break;
2896 :
2897 316 : case SIGQUIT:
2898 :
2899 : /*
2900 : * Immediate Shutdown:
2901 : *
2902 : * abort all children with SIGQUIT, wait for them to exit,
2903 : * terminate remaining ones with SIGKILL, then exit without
2904 : * attempt to properly shut down the data base system.
2905 : */
2906 316 : if (Shutdown >= ImmediateShutdown)
2907 0 : break;
2908 316 : Shutdown = ImmediateShutdown;
2909 316 : ereport(LOG,
2910 : (errmsg("received immediate shutdown request")));
2911 :
2912 : /* Report status */
2913 316 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2914 : #ifdef USE_SYSTEMD
2915 : sd_notify(0, "STOPPING=1");
2916 : #endif
2917 :
2918 316 : TerminateChildren(SIGQUIT);
2919 316 : pmState = PM_WAIT_BACKENDS;
2920 :
2921 : /* set stopwatch for them to die */
2922 316 : AbortStartTime = time(NULL);
2923 :
2924 : /*
2925 : * Now wait for backends to exit. If there are none,
2926 : * PostmasterStateMachine will take the next step.
2927 : */
2928 316 : PostmasterStateMachine();
2929 316 : break;
2930 : }
2931 :
2932 : #ifdef WIN32
2933 : PG_SETMASK(&UnBlockSig);
2934 : #endif
2935 :
2936 708 : errno = save_errno;
2937 708 : }
2938 :
2939 : /*
2940 : * Reaper -- signal handler to cleanup after a child process dies.
2941 : */
2942 : static void
2943 13288 : reaper(SIGNAL_ARGS)
2944 : {
2945 13288 : int save_errno = errno;
2946 : int pid; /* process id of dead child process */
2947 : int exitstatus; /* its exit status */
2948 :
2949 : /*
2950 : * We rely on the signal mechanism to have blocked all signals ... except
2951 : * on Windows, which lacks sigaction(), so we have to do it manually.
2952 : */
2953 : #ifdef WIN32
2954 : PG_SETMASK(&BlockSig);
2955 : #endif
2956 :
2957 13288 : ereport(DEBUG4,
2958 : (errmsg_internal("reaping dead processes")));
2959 :
2960 28116 : while ((pid = waitpid(-1, &exitstatus, WNOHANG)) > 0)
2961 : {
2962 : /*
2963 : * Check if this child was a startup process.
2964 : */
2965 14832 : if (pid == StartupPID)
2966 : {
2967 720 : StartupPID = 0;
2968 :
2969 : /*
2970 : * Startup process exited in response to a shutdown request (or it
2971 : * completed normally regardless of the shutdown request).
2972 : */
2973 720 : if (Shutdown > NoShutdown &&
2974 96 : (EXIT_STATUS_0(exitstatus) || EXIT_STATUS_1(exitstatus)))
2975 : {
2976 32 : StartupStatus = STARTUP_NOT_RUNNING;
2977 32 : pmState = PM_WAIT_BACKENDS;
2978 : /* PostmasterStateMachine logic does the rest */
2979 32 : continue;
2980 : }
2981 :
2982 688 : if (EXIT_STATUS_3(exitstatus))
2983 : {
2984 0 : ereport(LOG,
2985 : (errmsg("shutdown at recovery target")));
2986 0 : StartupStatus = STARTUP_NOT_RUNNING;
2987 0 : Shutdown = SmartShutdown;
2988 0 : TerminateChildren(SIGTERM);
2989 0 : pmState = PM_WAIT_BACKENDS;
2990 : /* PostmasterStateMachine logic does the rest */
2991 0 : continue;
2992 : }
2993 :
2994 : /*
2995 : * Unexpected exit of startup process (including FATAL exit)
2996 : * during PM_STARTUP is treated as catastrophic. There are no
2997 : * other processes running yet, so we can just exit.
2998 : */
2999 688 : if (pmState == PM_STARTUP &&
3000 574 : StartupStatus != STARTUP_SIGNALED &&
3001 574 : !EXIT_STATUS_0(exitstatus))
3002 : {
3003 0 : LogChildExit(LOG, _("startup process"),
3004 : pid, exitstatus);
3005 0 : ereport(LOG,
3006 : (errmsg("aborting startup due to startup process failure")));
3007 0 : ExitPostmaster(1);
3008 : }
3009 :
3010 : /*
3011 : * After PM_STARTUP, any unexpected exit (including FATAL exit) of
3012 : * the startup process is catastrophic, so kill other children,
3013 : * and set StartupStatus so we don't try to reinitialize after
3014 : * they're gone. Exception: if StartupStatus is STARTUP_SIGNALED,
3015 : * then we previously sent the startup process a SIGQUIT; so
3016 : * that's probably the reason it died, and we do want to try to
3017 : * restart in that case.
3018 : *
3019 : * This stanza also handles the case where we sent a SIGQUIT
3020 : * during PM_STARTUP due to some dead_end child crashing: in that
3021 : * situation, if the startup process dies on the SIGQUIT, we need
3022 : * to transition to PM_WAIT_BACKENDS state which will allow
3023 : * PostmasterStateMachine to restart the startup process. (On the
3024 : * other hand, the startup process might complete normally, if we
3025 : * were too late with the SIGQUIT. In that case we'll fall
3026 : * through and commence normal operations.)
3027 : */
3028 688 : if (!EXIT_STATUS_0(exitstatus))
3029 : {
3030 66 : if (StartupStatus == STARTUP_SIGNALED)
3031 : {
3032 64 : StartupStatus = STARTUP_NOT_RUNNING;
3033 64 : if (pmState == PM_STARTUP)
3034 0 : pmState = PM_WAIT_BACKENDS;
3035 : }
3036 : else
3037 2 : StartupStatus = STARTUP_CRASHED;
3038 66 : HandleChildCrash(pid, exitstatus,
3039 66 : _("startup process"));
3040 66 : continue;
3041 : }
3042 :
3043 : /*
3044 : * Startup succeeded, commence normal operations
3045 : */
3046 622 : StartupStatus = STARTUP_NOT_RUNNING;
3047 622 : FatalError = false;
3048 622 : AbortStartTime = 0;
3049 622 : ReachedNormalRunning = true;
3050 622 : pmState = PM_RUN;
3051 :
3052 : /*
3053 : * Crank up the background tasks, if we didn't do that already
3054 : * when we entered consistent recovery state. It doesn't matter
3055 : * if this fails, we'll just try again later.
3056 : */
3057 622 : if (CheckpointerPID == 0)
3058 574 : CheckpointerPID = StartCheckpointer();
3059 622 : if (BgWriterPID == 0)
3060 574 : BgWriterPID = StartBackgroundWriter();
3061 622 : if (WalWriterPID == 0)
3062 622 : WalWriterPID = StartWalWriter();
3063 :
3064 : /*
3065 : * Likewise, start other special children as needed. In a restart
3066 : * situation, some of them may be alive already.
3067 : */
3068 622 : if (!IsBinaryUpgrade && AutoVacuumingActive() && AutoVacPID == 0)
3069 600 : AutoVacPID = StartAutoVacLauncher();
3070 622 : if (PgArchStartupAllowed() && PgArchPID == 0)
3071 18 : PgArchPID = pgarch_start();
3072 622 : if (PgStatPID == 0)
3073 574 : PgStatPID = pgstat_start();
3074 :
3075 : /* workers may be scheduled to start now */
3076 622 : maybe_start_bgworkers();
3077 :
3078 : /* at this point we are really open for business */
3079 618 : ereport(LOG,
3080 : (errmsg("database system is ready to accept connections")));
3081 :
3082 : /* Report status */
3083 618 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
3084 : #ifdef USE_SYSTEMD
3085 : sd_notify(0, "READY=1");
3086 : #endif
3087 :
3088 618 : continue;
3089 : }
3090 :
3091 : /*
3092 : * Was it the bgwriter? Normal exit can be ignored; we'll start a new
3093 : * one at the next iteration of the postmaster's main loop, if
3094 : * necessary. Any other exit condition is treated as a crash.
3095 : */
3096 14112 : if (pid == BgWriterPID)
3097 : {
3098 714 : BgWriterPID = 0;
3099 714 : if (!EXIT_STATUS_0(exitstatus))
3100 322 : HandleChildCrash(pid, exitstatus,
3101 322 : _("background writer process"));
3102 714 : continue;
3103 : }
3104 :
3105 : /*
3106 : * Was it the checkpointer?
3107 : */
3108 13398 : if (pid == CheckpointerPID)
3109 : {
3110 714 : CheckpointerPID = 0;
3111 714 : if (EXIT_STATUS_0(exitstatus) && pmState == PM_SHUTDOWN)
3112 : {
3113 : /*
3114 : * OK, we saw normal exit of the checkpointer after it's been
3115 : * told to shut down. We expect that it wrote a shutdown
3116 : * checkpoint. (If for some reason it didn't, recovery will
3117 : * occur on next postmaster start.)
3118 : *
3119 : * At this point we should have no normal backend children
3120 : * left (else we'd not be in PM_SHUTDOWN state) but we might
3121 : * have dead_end children to wait for.
3122 : *
3123 : * If we have an archiver subprocess, tell it to do a last
3124 : * archive cycle and quit. Likewise, if we have walsender
3125 : * processes, tell them to send any remaining WAL and quit.
3126 : */
3127 : Assert(Shutdown > NoShutdown);
3128 :
3129 : /* Waken archiver for the last time */
3130 392 : if (PgArchPID != 0)
3131 0 : signal_child(PgArchPID, SIGUSR2);
3132 :
3133 : /*
3134 : * Waken walsenders for the last time. No regular backends
3135 : * should be around anymore.
3136 : */
3137 392 : SignalChildren(SIGUSR2);
3138 :
3139 392 : pmState = PM_SHUTDOWN_2;
3140 :
3141 : /*
3142 : * We can also shut down the stats collector now; there's
3143 : * nothing left for it to do.
3144 : */
3145 784 : if (PgStatPID != 0)
3146 392 : signal_child(PgStatPID, SIGQUIT);
3147 : }
3148 : else
3149 : {
3150 : /*
3151 : * Any unexpected exit of the checkpointer (including FATAL
3152 : * exit) is treated as a crash.
3153 : */
3154 322 : HandleChildCrash(pid, exitstatus,
3155 322 : _("checkpointer process"));
3156 : }
3157 :
3158 714 : continue;
3159 : }
3160 :
3161 : /*
3162 : * Was it the wal writer? Normal exit can be ignored; we'll start a
3163 : * new one at the next iteration of the postmaster's main loop, if
3164 : * necessary. Any other exit condition is treated as a crash.
3165 : */
3166 12684 : if (pid == WalWriterPID)
3167 : {
3168 616 : WalWriterPID = 0;
3169 616 : if (!EXIT_STATUS_0(exitstatus))
3170 256 : HandleChildCrash(pid, exitstatus,
3171 256 : _("WAL writer process"));
3172 616 : continue;
3173 : }
3174 :
3175 : /*
3176 : * Was it the wal receiver? If exit status is zero (normal) or one
3177 : * (FATAL exit), we assume everything is all right just like normal
3178 : * backends. (If we need a new wal receiver, we'll start one at the
3179 : * next iteration of the postmaster's main loop.)
3180 : */
3181 12068 : if (pid == WalReceiverPID)
3182 : {
3183 242 : WalReceiverPID = 0;
3184 242 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3185 26 : HandleChildCrash(pid, exitstatus,
3186 26 : _("WAL receiver process"));
3187 242 : continue;
3188 : }
3189 :
3190 : /*
3191 : * Was it the autovacuum launcher? Normal exit can be ignored; we'll
3192 : * start a new one at the next iteration of the postmaster's main
3193 : * loop, if necessary. Any other exit condition is treated as a
3194 : * crash.
3195 : */
3196 11826 : if (pid == AutoVacPID)
3197 : {
3198 594 : AutoVacPID = 0;
3199 594 : if (!EXIT_STATUS_0(exitstatus))
3200 246 : HandleChildCrash(pid, exitstatus,
3201 246 : _("autovacuum launcher process"));
3202 594 : continue;
3203 : }
3204 :
3205 : /*
3206 : * Was it the archiver? If so, just try to start a new one; no need
3207 : * to force reset of the rest of the system. (If fail, we'll try
3208 : * again in future cycles of the main loop.). Unless we were waiting
3209 : * for it to shut down; don't restart it in that case, and
3210 : * PostmasterStateMachine() will advance to the next shutdown step.
3211 : */
3212 11232 : if (pid == PgArchPID)
3213 : {
3214 22 : PgArchPID = 0;
3215 22 : if (!EXIT_STATUS_0(exitstatus))
3216 22 : LogChildExit(LOG, _("archiver process"),
3217 : pid, exitstatus);
3218 22 : if (PgArchStartupAllowed())
3219 0 : PgArchPID = pgarch_start();
3220 22 : continue;
3221 : }
3222 :
3223 : /*
3224 : * Was it the statistics collector? If so, just try to start a new
3225 : * one; no need to force reset of the rest of the system. (If fail,
3226 : * we'll try again in future cycles of the main loop.)
3227 : */
3228 11210 : if (pid == PgStatPID)
3229 : {
3230 714 : PgStatPID = 0;
3231 714 : if (!EXIT_STATUS_0(exitstatus))
3232 0 : LogChildExit(LOG, _("statistics collector process"),
3233 : pid, exitstatus);
3234 714 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
3235 0 : PgStatPID = pgstat_start();
3236 714 : continue;
3237 : }
3238 :
3239 : /* Was it the system logger? If so, try to start a new one */
3240 10496 : if (pid == SysLoggerPID)
3241 : {
3242 0 : SysLoggerPID = 0;
3243 : /* for safety's sake, launch new logger *first* */
3244 0 : SysLoggerPID = SysLogger_Start();
3245 0 : if (!EXIT_STATUS_0(exitstatus))
3246 0 : LogChildExit(LOG, _("system logger process"),
3247 : pid, exitstatus);
3248 0 : continue;
3249 : }
3250 :
3251 : /* Was it one of our background workers? */
3252 10496 : if (CleanupBackgroundWorker(pid, exitstatus))
3253 : {
3254 : /* have it be restarted */
3255 2364 : HaveCrashedWorker = true;
3256 2364 : continue;
3257 : }
3258 :
3259 : /*
3260 : * Else do standard backend child cleanup.
3261 : */
3262 8132 : CleanupBackend(pid, exitstatus);
3263 : } /* loop over pending child-death reports */
3264 :
3265 : /*
3266 : * After cleaning out the SIGCHLD queue, see if we have any state changes
3267 : * or actions to make.
3268 : */
3269 13284 : PostmasterStateMachine();
3270 :
3271 : /* Done with signal handler */
3272 : #ifdef WIN32
3273 : PG_SETMASK(&UnBlockSig);
3274 : #endif
3275 :
3276 12574 : errno = save_errno;
3277 12574 : }
3278 :
3279 : /*
3280 : * Scan the bgworkers list and see if the given PID (which has just stopped
3281 : * or crashed) is in it. Handle its shutdown if so, and return true. If not a
3282 : * bgworker, return false.
3283 : *
3284 : * This is heavily based on CleanupBackend. One important difference is that
3285 : * we don't know yet that the dying process is a bgworker, so we must be silent
3286 : * until we're sure it is.
3287 : */
3288 : static bool
3289 10496 : CleanupBackgroundWorker(int pid,
3290 : int exitstatus) /* child's exit status */
3291 : {
3292 : char namebuf[MAXPGPATH];
3293 : slist_mutable_iter iter;
3294 :
3295 20172 : slist_foreach_modify(iter, &BackgroundWorkerList)
3296 : {
3297 : RegisteredBgWorker *rw;
3298 :
3299 12040 : rw = slist_container(RegisteredBgWorker, rw_lnode, iter.cur);
3300 :
3301 12040 : if (rw->rw_pid != pid)
3302 9676 : continue;
3303 :
3304 : #ifdef WIN32
3305 : /* see CleanupBackend */
3306 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
3307 : exitstatus = 0;
3308 : #endif
3309 :
3310 2364 : snprintf(namebuf, MAXPGPATH, _("background worker \"%s\""),
3311 2364 : rw->rw_worker.bgw_type);
3312 :
3313 :
3314 2364 : if (!EXIT_STATUS_0(exitstatus))
3315 : {
3316 : /* Record timestamp, so we know when to restart the worker. */
3317 696 : rw->rw_crashed_at = GetCurrentTimestamp();
3318 : }
3319 : else
3320 : {
3321 : /* Zero exit status means terminate */
3322 1668 : rw->rw_crashed_at = 0;
3323 1668 : rw->rw_terminate = true;
3324 : }
3325 :
3326 : /*
3327 : * Additionally, for shared-memory-connected workers, just like a
3328 : * backend, any exit status other than 0 or 1 is considered a crash
3329 : * and causes a system-wide restart.
3330 : */
3331 2364 : if ((rw->rw_worker.bgw_flags & BGWORKER_SHMEM_ACCESS) != 0)
3332 : {
3333 2364 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3334 : {
3335 256 : HandleChildCrash(pid, exitstatus, namebuf);
3336 256 : return true;
3337 : }
3338 : }
3339 :
3340 : /*
3341 : * We must release the postmaster child slot whether this worker is
3342 : * connected to shared memory or not, but we only treat it as a crash
3343 : * if it is in fact connected.
3344 : */
3345 2108 : if (!ReleasePostmasterChildSlot(rw->rw_child_slot) &&
3346 0 : (rw->rw_worker.bgw_flags & BGWORKER_SHMEM_ACCESS) != 0)
3347 : {
3348 0 : HandleChildCrash(pid, exitstatus, namebuf);
3349 0 : return true;
3350 : }
3351 :
3352 : /* Get it out of the BackendList and clear out remaining data */
3353 2108 : dlist_delete(&rw->rw_backend->elem);
3354 : #ifdef EXEC_BACKEND
3355 : ShmemBackendArrayRemove(rw->rw_backend);
3356 : #endif
3357 :
3358 : /*
3359 : * It's possible that this background worker started some OTHER
3360 : * background worker and asked to be notified when that worker started
3361 : * or stopped. If so, cancel any notifications destined for the
3362 : * now-dead backend.
3363 : */
3364 2108 : if (rw->rw_backend->bgworker_notify)
3365 54 : BackgroundWorkerStopNotifications(rw->rw_pid);
3366 2108 : free(rw->rw_backend);
3367 2108 : rw->rw_backend = NULL;
3368 2108 : rw->rw_pid = 0;
3369 2108 : rw->rw_child_slot = 0;
3370 2108 : ReportBackgroundWorkerExit(&iter); /* report child death */
3371 :
3372 2108 : LogChildExit(EXIT_STATUS_0(exitstatus) ? DEBUG1 : LOG,
3373 : namebuf, pid, exitstatus);
3374 :
3375 2108 : return true;
3376 : }
3377 :
3378 8132 : return false;
3379 : }
3380 :
3381 : /*
3382 : * CleanupBackend -- cleanup after terminated backend.
3383 : *
3384 : * Remove all local state associated with backend.
3385 : *
3386 : * If you change this, see also CleanupBackgroundWorker.
3387 : */
3388 : static void
3389 8132 : CleanupBackend(int pid,
3390 : int exitstatus) /* child's exit status. */
3391 : {
3392 : dlist_mutable_iter iter;
3393 :
3394 8132 : LogChildExit(DEBUG2, _("server process"), pid, exitstatus);
3395 :
3396 : /*
3397 : * If a backend dies in an ugly way then we must signal all other backends
3398 : * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
3399 : * assume everything is all right and proceed to remove the backend from
3400 : * the active backend list.
3401 : */
3402 :
3403 : #ifdef WIN32
3404 :
3405 : /*
3406 : * On win32, also treat ERROR_WAIT_NO_CHILDREN (128) as nonfatal case,
3407 : * since that sometimes happens under load when the process fails to start
3408 : * properly (long before it starts using shared memory). Microsoft reports
3409 : * it is related to mutex failure:
3410 : * http://archives.postgresql.org/pgsql-hackers/2010-09/msg00790.php
3411 : */
3412 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
3413 : {
3414 : LogChildExit(LOG, _("server process"), pid, exitstatus);
3415 : exitstatus = 0;
3416 : }
3417 : #endif
3418 :
3419 8132 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3420 : {
3421 194 : HandleChildCrash(pid, exitstatus, _("server process"));
3422 194 : return;
3423 : }
3424 :
3425 17228 : dlist_foreach_modify(iter, &BackendList)
3426 : {
3427 17228 : Backend *bp = dlist_container(Backend, elem, iter.cur);
3428 :
3429 17228 : if (bp->pid == pid)
3430 : {
3431 7938 : if (!bp->dead_end)
3432 : {
3433 7896 : if (!ReleasePostmasterChildSlot(bp->child_slot))
3434 : {
3435 : /*
3436 : * Uh-oh, the child failed to clean itself up. Treat as a
3437 : * crash after all.
3438 : */
3439 0 : HandleChildCrash(pid, exitstatus, _("server process"));
3440 0 : return;
3441 : }
3442 : #ifdef EXEC_BACKEND
3443 : ShmemBackendArrayRemove(bp);
3444 : #endif
3445 : }
3446 7938 : if (bp->bgworker_notify)
3447 : {
3448 : /*
3449 : * This backend may have been slated to receive SIGUSR1 when
3450 : * some background worker started or stopped. Cancel those
3451 : * notifications, as we don't want to signal PIDs that are not
3452 : * PostgreSQL backends. This gets skipped in the (probably
3453 : * very common) case where the backend has never requested any
3454 : * such notifications.
3455 : */
3456 64 : BackgroundWorkerStopNotifications(bp->pid);
3457 : }
3458 7938 : dlist_delete(iter.cur);
3459 7938 : free(bp);
3460 7938 : break;
3461 : }
3462 : }
3463 : }
3464 :
3465 : /*
3466 : * HandleChildCrash -- cleanup after failed backend, bgwriter, checkpointer,
3467 : * walwriter, autovacuum, or background worker.
3468 : *
3469 : * The objectives here are to clean up our local state about the child
3470 : * process, and to signal all other remaining children to quickdie.
3471 : */
3472 : static void
3473 1688 : HandleChildCrash(int pid, int exitstatus, const char *procname)
3474 : {
3475 : dlist_mutable_iter iter;
3476 : slist_iter siter;
3477 : Backend *bp;
3478 : bool take_action;
3479 :
3480 : /*
3481 : * We only log messages and send signals if this is the first process
3482 : * crash and we're not doing an immediate shutdown; otherwise, we're only
3483 : * here to update postmaster's idea of live processes. If we have already
3484 : * signalled children, nonzero exit status is to be expected, so don't
3485 : * clutter log.
3486 : */
3487 1688 : take_action = !FatalError && Shutdown != ImmediateShutdown;
3488 :
3489 1688 : if (take_action)
3490 : {
3491 6 : LogChildExit(LOG, procname, pid, exitstatus);
3492 6 : ereport(LOG,
3493 : (errmsg("terminating any other active server processes")));
3494 : }
3495 :
3496 : /* Process background workers. */
3497 3376 : slist_foreach(siter, &BackgroundWorkerList)
3498 : {
3499 : RegisteredBgWorker *rw;
3500 :
3501 1688 : rw = slist_container(RegisteredBgWorker, rw_lnode, siter.cur);
3502 1688 : if (rw->rw_pid == 0)
3503 686 : continue; /* not running */
3504 1002 : if (rw->rw_pid == pid)
3505 : {
3506 : /*
3507 : * Found entry for freshly-dead worker, so remove it.
3508 : */
3509 256 : (void) ReleasePostmasterChildSlot(rw->rw_child_slot);
3510 256 : dlist_delete(&rw->rw_backend->elem);
3511 : #ifdef EXEC_BACKEND
3512 : ShmemBackendArrayRemove(rw->rw_backend);
3513 : #endif
3514 256 : free(rw->rw_backend);
3515 256 : rw->rw_backend = NULL;
3516 256 : rw->rw_pid = 0;
3517 256 : rw->rw_child_slot = 0;
3518 : /* don't reset crashed_at */
3519 : /* don't report child stop, either */
3520 : /* Keep looping so we can signal remaining workers */
3521 : }
3522 : else
3523 : {
3524 : /*
3525 : * This worker is still alive. Unless we did so already, tell it
3526 : * to commit hara-kiri.
3527 : *
3528 : * SIGQUIT is the special signal that says exit without proc_exit
3529 : * and let the user know what's going on. But if SendStop is set
3530 : * (-s on command line), then we send SIGSTOP instead, so that we
3531 : * can get core dumps from all backends by hand.
3532 : */
3533 746 : if (take_action)
3534 : {
3535 4 : ereport(DEBUG2,
3536 : (errmsg_internal("sending %s to process %d",
3537 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3538 : (int) rw->rw_pid)));
3539 4 : signal_child(rw->rw_pid, (SendStop ? SIGSTOP : SIGQUIT));
3540 : }
3541 : }
3542 : }
3543 :
3544 : /* Process regular backends */
3545 3578 : dlist_foreach_modify(iter, &BackendList)
3546 : {
3547 1890 : bp = dlist_container(Backend, elem, iter.cur);
3548 :
3549 1890 : if (bp->pid == pid)
3550 : {
3551 : /*
3552 : * Found entry for freshly-dead backend, so remove it.
3553 : */
3554 194 : if (!bp->dead_end)
3555 : {
3556 194 : (void) ReleasePostmasterChildSlot(bp->child_slot);
3557 : #ifdef EXEC_BACKEND
3558 : ShmemBackendArrayRemove(bp);
3559 : #endif
3560 : }
3561 194 : dlist_delete(iter.cur);
3562 194 : free(bp);
3563 : /* Keep looping so we can signal remaining backends */
3564 : }
3565 : else
3566 : {
3567 : /*
3568 : * This backend is still alive. Unless we did so already, tell it
3569 : * to commit hara-kiri.
3570 : *
3571 : * SIGQUIT is the special signal that says exit without proc_exit
3572 : * and let the user know what's going on. But if SendStop is set
3573 : * (-s on command line), then we send SIGSTOP instead, so that we
3574 : * can get core dumps from all backends by hand.
3575 : *
3576 : * We could exclude dead_end children here, but at least in the
3577 : * SIGSTOP case it seems better to include them.
3578 : *
3579 : * Background workers were already processed above; ignore them
3580 : * here.
3581 : */
3582 1696 : if (bp->bkend_type == BACKEND_TYPE_BGWORKER)
3583 746 : continue;
3584 :
3585 950 : if (take_action)
3586 : {
3587 4 : ereport(DEBUG2,
3588 : (errmsg_internal("sending %s to process %d",
3589 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3590 : (int) bp->pid)));
3591 4 : signal_child(bp->pid, (SendStop ? SIGSTOP : SIGQUIT));
3592 : }
3593 : }
3594 : }
3595 :
3596 : /* Take care of the startup process too */
3597 1688 : if (pid == StartupPID)
3598 : {
3599 0 : StartupPID = 0;
3600 : /* Caller adjusts StartupStatus, so don't touch it here */
3601 : }
3602 1688 : else if (StartupPID != 0 && take_action)
3603 : {
3604 0 : ereport(DEBUG2,
3605 : (errmsg_internal("sending %s to process %d",
3606 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3607 : (int) StartupPID)));
3608 0 : signal_child(StartupPID, (SendStop ? SIGSTOP : SIGQUIT));
3609 0 : StartupStatus = STARTUP_SIGNALED;
3610 : }
3611 :
3612 : /* Take care of the bgwriter too */
3613 1688 : if (pid == BgWriterPID)
3614 0 : BgWriterPID = 0;
3615 1688 : else if (BgWriterPID != 0 && take_action)
3616 : {
3617 6 : ereport(DEBUG2,
3618 : (errmsg_internal("sending %s to process %d",
3619 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3620 : (int) BgWriterPID)));
3621 6 : signal_child(BgWriterPID, (SendStop ? SIGSTOP : SIGQUIT));
3622 : }
3623 :
3624 : /* Take care of the checkpointer too */
3625 1688 : if (pid == CheckpointerPID)
3626 0 : CheckpointerPID = 0;
3627 1688 : else if (CheckpointerPID != 0 && take_action)
3628 : {
3629 6 : ereport(DEBUG2,
3630 : (errmsg_internal("sending %s to process %d",
3631 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3632 : (int) CheckpointerPID)));
3633 6 : signal_child(CheckpointerPID, (SendStop ? SIGSTOP : SIGQUIT));
3634 : }
3635 :
3636 : /* Take care of the walwriter too */
3637 1688 : if (pid == WalWriterPID)
3638 0 : WalWriterPID = 0;
3639 1688 : else if (WalWriterPID != 0 && take_action)
3640 : {
3641 4 : ereport(DEBUG2,
3642 : (errmsg_internal("sending %s to process %d",
3643 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3644 : (int) WalWriterPID)));
3645 4 : signal_child(WalWriterPID, (SendStop ? SIGSTOP : SIGQUIT));
3646 : }
3647 :
3648 : /* Take care of the walreceiver too */
3649 1688 : if (pid == WalReceiverPID)
3650 0 : WalReceiverPID = 0;
3651 1688 : else if (WalReceiverPID != 0 && take_action)
3652 : {
3653 0 : ereport(DEBUG2,
3654 : (errmsg_internal("sending %s to process %d",
3655 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3656 : (int) WalReceiverPID)));
3657 0 : signal_child(WalReceiverPID, (SendStop ? SIGSTOP : SIGQUIT));
3658 : }
3659 :
3660 : /* Take care of the autovacuum launcher too */
3661 1688 : if (pid == AutoVacPID)
3662 0 : AutoVacPID = 0;
3663 1688 : else if (AutoVacPID != 0 && take_action)
3664 : {
3665 4 : ereport(DEBUG2,
3666 : (errmsg_internal("sending %s to process %d",
3667 : (SendStop ? "SIGSTOP" : "SIGQUIT"),
3668 : (int) AutoVacPID)));
3669 4 : signal_child(AutoVacPID, (SendStop ? SIGSTOP : SIGQUIT));
3670 : }
3671 :
3672 : /*
3673 : * Force a power-cycle of the pgarch process too. (This isn't absolutely
3674 : * necessary, but it seems like a good idea for robustness, and it
3675 : * simplifies the state-machine logic in the case where a shutdown request
3676 : * arrives during crash processing.)
3677 : */
3678 1688 : if (PgArchPID != 0 && take_action)
3679 : {
3680 0 : ereport(DEBUG2,
3681 : (errmsg_internal("sending %s to process %d",
3682 : "SIGQUIT",
3683 : (int) PgArchPID)));
3684 0 : signal_child(PgArchPID, SIGQUIT);
3685 : }
3686 :
3687 : /*
3688 : * Force a power-cycle of the pgstat process too. (This isn't absolutely
3689 : * necessary, but it seems like a good idea for robustness, and it
3690 : * simplifies the state-machine logic in the case where a shutdown request
3691 : * arrives during crash processing.)
3692 : */
3693 1688 : if (PgStatPID != 0 && take_action)
3694 : {
3695 6 : ereport(DEBUG2,
3696 : (errmsg_internal("sending %s to process %d",
3697 : "SIGQUIT",
3698 : (int) PgStatPID)));
3699 6 : signal_child(PgStatPID, SIGQUIT);
3700 6 : allow_immediate_pgstat_restart();
3701 : }
3702 :
3703 : /* We do NOT restart the syslogger */
3704 :
3705 1688 : if (Shutdown != ImmediateShutdown)
3706 34 : FatalError = true;
3707 :
3708 : /* We now transit into a state of waiting for children to die */
3709 1688 : if (pmState == PM_RECOVERY ||
3710 1688 : pmState == PM_HOT_STANDBY ||
3711 1686 : pmState == PM_RUN ||
3712 1682 : pmState == PM_WAIT_BACKUP ||
3713 1682 : pmState == PM_WAIT_READONLY ||
3714 1682 : pmState == PM_SHUTDOWN)
3715 6 : pmState = PM_WAIT_BACKENDS;
3716 :
3717 : /*
3718 : * .. and if this doesn't happen quickly enough, now the clock is ticking
3719 : * for us to kill them without mercy.
3720 : */
3721 1688 : if (AbortStartTime == 0)
3722 6 : AbortStartTime = time(NULL);
3723 1688 : }
3724 :
3725 : /*
3726 : * Log the death of a child process.
3727 : */
3728 : static void
3729 10268 : LogChildExit(int lev, const char *procname, int pid, int exitstatus)
3730 : {
3731 : /*
3732 : * size of activity_buffer is arbitrary, but set equal to default
3733 : * track_activity_query_size
3734 : */
3735 : char activity_buffer[1024];
3736 10268 : const char *activity = NULL;
3737 :
3738 10268 : if (!EXIT_STATUS_0(exitstatus))
3739 820 : activity = pgstat_get_crashed_backend_activity(pid,
3740 : activity_buffer,
3741 : sizeof(activity_buffer));
3742 :
3743 10268 : if (WIFEXITED(exitstatus))
3744 10264 : ereport(lev,
3745 :
3746 : /*------
3747 : translator: %s is a noun phrase describing a child process, such as
3748 : "server process" */
3749 : (errmsg("%s (PID %d) exited with exit code %d",
3750 : procname, pid, WEXITSTATUS(exitstatus)),
3751 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3752 4 : else if (WIFSIGNALED(exitstatus))
3753 : {
3754 : #if defined(WIN32)
3755 : ereport(lev,
3756 :
3757 : /*------
3758 : translator: %s is a noun phrase describing a child process, such as
3759 : "server process" */
3760 : (errmsg("%s (PID %d) was terminated by exception 0x%X",
3761 : procname, pid, WTERMSIG(exitstatus)),
3762 : errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
3763 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3764 : #else
3765 4 : ereport(lev,
3766 :
3767 : /*------
3768 : translator: %s is a noun phrase describing a child process, such as
3769 : "server process" */
3770 : (errmsg("%s (PID %d) was terminated by signal %d: %s",
3771 : procname, pid, WTERMSIG(exitstatus),
3772 : pg_strsignal(WTERMSIG(exitstatus))),
3773 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3774 : #endif
3775 : }
3776 : else
3777 0 : ereport(lev,
3778 :
3779 : /*------
3780 : translator: %s is a noun phrase describing a child process, such as
3781 : "server process" */
3782 : (errmsg("%s (PID %d) exited with unrecognized status %d",
3783 : procname, pid, exitstatus),
3784 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3785 10268 : }
3786 :
3787 : /*
3788 : * Advance the postmaster's state machine and take actions as appropriate
3789 : *
3790 : * This is common code for pmdie(), reaper() and sigusr1_handler(), which
3791 : * receive the signals that might mean we need to change state.
3792 : */
3793 : static void
3794 14662 : PostmasterStateMachine(void)
3795 : {
3796 14662 : if (pmState == PM_WAIT_BACKUP)
3797 : {
3798 : /*
3799 : * PM_WAIT_BACKUP state ends when online backup mode is not active.
3800 : */
3801 8 : if (!BackupInProgress())
3802 8 : pmState = PM_WAIT_BACKENDS;
3803 : }
3804 :
3805 14662 : if (pmState == PM_WAIT_READONLY)
3806 : {
3807 : /*
3808 : * PM_WAIT_READONLY state ends when we have no regular backends that
3809 : * have been started during recovery. We kill the startup and
3810 : * walreceiver processes and transition to PM_WAIT_BACKENDS. Ideally,
3811 : * we might like to kill these processes first and then wait for
3812 : * backends to die off, but that doesn't work at present because
3813 : * killing the startup process doesn't release its locks.
3814 : */
3815 0 : if (CountChildren(BACKEND_TYPE_NORMAL) == 0)
3816 : {
3817 0 : if (StartupPID != 0)
3818 0 : signal_child(StartupPID, SIGTERM);
3819 0 : if (WalReceiverPID != 0)
3820 0 : signal_child(WalReceiverPID, SIGTERM);
3821 0 : pmState = PM_WAIT_BACKENDS;
3822 : }
3823 : }
3824 :
3825 : /*
3826 : * If we are in a state-machine state that implies waiting for backends to
3827 : * exit, see if they're all gone, and change state if so.
3828 : */
3829 14662 : if (pmState == PM_WAIT_BACKENDS)
3830 : {
3831 : /*
3832 : * PM_WAIT_BACKENDS state ends when we have no regular backends
3833 : * (including autovac workers), no bgworkers (including unconnected
3834 : * ones), and no walwriter, autovac launcher or bgwriter. If we are
3835 : * doing crash recovery or an immediate shutdown then we expect the
3836 : * checkpointer to exit as well, otherwise not. The archiver, stats,
3837 : * and syslogger processes are disregarded since they are not
3838 : * connected to shared memory; we also disregard dead_end children
3839 : * here. Walsenders are also disregarded, they will be terminated
3840 : * later after writing the checkpoint record, like the archiver
3841 : * process.
3842 : */
3843 3290 : if (CountChildren(BACKEND_TYPE_NORMAL | BACKEND_TYPE_WORKER) == 0 &&
3844 1586 : StartupPID == 0 &&
3845 1478 : WalReceiverPID == 0 &&
3846 1436 : BgWriterPID == 0 &&
3847 1030 : (CheckpointerPID == 0 ||
3848 632 : (!FatalError && Shutdown < ImmediateShutdown)) &&
3849 1006 : WalWriterPID == 0 &&
3850 844 : AutoVacPID == 0)
3851 : {
3852 714 : if (Shutdown >= ImmediateShutdown || FatalError)
3853 : {
3854 : /*
3855 : * Start waiting for dead_end children to die. This state
3856 : * change causes ServerLoop to stop creating new ones.
3857 : */
3858 322 : pmState = PM_WAIT_DEAD_END;
3859 :
3860 : /*
3861 : * We already SIGQUIT'd the archiver and stats processes, if
3862 : * any, when we started immediate shutdown or entered
3863 : * FatalError state.
3864 : */
3865 : }
3866 : else
3867 : {
3868 : /*
3869 : * If we get here, we are proceeding with normal shutdown. All
3870 : * the regular children are gone, and it's time to tell the
3871 : * checkpointer to do a shutdown checkpoint.
3872 : */
3873 : Assert(Shutdown > NoShutdown);
3874 : /* Start the checkpointer if not running */
3875 392 : if (CheckpointerPID == 0)
3876 0 : CheckpointerPID = StartCheckpointer();
3877 : /* And tell it to shut down */
3878 392 : if (CheckpointerPID != 0)
3879 : {
3880 392 : signal_child(CheckpointerPID, SIGUSR2);
3881 392 : pmState = PM_SHUTDOWN;
3882 : }
3883 : else
3884 : {
3885 : /*
3886 : * If we failed to fork a checkpointer, just shut down.
3887 : * Any required cleanup will happen at next restart. We
3888 : * set FatalError so that an "abnormal shutdown" message
3889 : * gets logged when we exit.
3890 : */
3891 0 : FatalError = true;
3892 0 : pmState = PM_WAIT_DEAD_END;
3893 :
3894 : /* Kill the walsenders, archiver and stats collector too */
3895 0 : SignalChildren(SIGQUIT);
3896 0 : if (PgArchPID != 0)
3897 0 : signal_child(PgArchPID, SIGQUIT);
3898 0 : if (PgStatPID != 0)
3899 0 : signal_child(PgStatPID, SIGQUIT);
3900 : }
3901 : }
3902 : }
3903 : }
3904 :
3905 14662 : if (pmState == PM_SHUTDOWN_2)
3906 : {
3907 : /*
3908 : * PM_SHUTDOWN_2 state ends when there's no other children than
3909 : * dead_end children left. There shouldn't be any regular backends
3910 : * left by now anyway; what we're really waiting for is walsenders and
3911 : * archiver.
3912 : */
3913 450 : if (PgArchPID == 0 && CountChildren(BACKEND_TYPE_ALL) == 0)
3914 : {
3915 392 : pmState = PM_WAIT_DEAD_END;
3916 : }
3917 : }
3918 :
3919 14662 : if (pmState == PM_WAIT_DEAD_END)
3920 : {
3921 : /*
3922 : * PM_WAIT_DEAD_END state ends when the BackendList is entirely empty
3923 : * (ie, no dead_end children remain), and the archiver and stats
3924 : * collector are gone too.
3925 : *
3926 : * The reason we wait for those two is to protect them against a new
3927 : * postmaster starting conflicting subprocesses; this isn't an
3928 : * ironclad protection, but it at least helps in the
3929 : * shutdown-and-immediately-restart scenario. Note that they have
3930 : * already been sent appropriate shutdown signals, either during a
3931 : * normal state transition leading up to PM_WAIT_DEAD_END, or during
3932 : * FatalError processing.
3933 : */
3934 1438 : if (dlist_is_empty(&BackendList) &&
3935 1432 : PgArchPID == 0 && PgStatPID == 0)
3936 : {
3937 : /* These other guys should be dead already */
3938 : Assert(StartupPID == 0);
3939 : Assert(WalReceiverPID == 0);
3940 : Assert(BgWriterPID == 0);
3941 : Assert(CheckpointerPID == 0);
3942 : Assert(WalWriterPID == 0);
3943 : Assert(AutoVacPID == 0);
3944 : /* syslogger is not considered here */
3945 714 : pmState = PM_NO_CHILDREN;
3946 : }
3947 : }
3948 :
3949 : /*
3950 : * If we've been told to shut down, we exit as soon as there are no
3951 : * remaining children. If there was a crash, cleanup will occur at the
3952 : * next startup. (Before PostgreSQL 8.3, we tried to recover from the
3953 : * crash before exiting, but that seems unwise if we are quitting because
3954 : * we got SIGTERM from init --- there may well not be time for recovery
3955 : * before init decides to SIGKILL us.)
3956 : *
3957 : * Note that the syslogger continues to run. It will exit when it sees
3958 : * EOF on its input pipe, which happens when there are no more upstream
3959 : * processes.
3960 : */
3961 14662 : if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
3962 : {
3963 708 : if (FatalError)
3964 : {
3965 0 : ereport(LOG, (errmsg("abnormal database system shutdown")));
3966 0 : ExitPostmaster(1);
3967 : }
3968 : else
3969 : {
3970 : /*
3971 : * Terminate exclusive backup mode to avoid recovery after a clean
3972 : * fast shutdown. Since an exclusive backup can only be taken
3973 : * during normal running (and not, for example, while running
3974 : * under Hot Standby) it only makes sense to do this if we reached
3975 : * normal running. If we're still in recovery, the backup file is
3976 : * one we're recovering *from*, and we must keep it around so that
3977 : * recovery restarts from the right place.
3978 : */
3979 708 : if (ReachedNormalRunning)
3980 612 : CancelBackup();
3981 :
3982 : /* Normal exit from the postmaster is here */
3983 708 : ExitPostmaster(0);
3984 : }
3985 : }
3986 :
3987 : /*
3988 : * If the startup process failed, or the user does not want an automatic
3989 : * restart after backend crashes, wait for all non-syslogger children to
3990 : * exit, and then exit postmaster. We don't try to reinitialize when the
3991 : * startup process fails, because more than likely it will just fail again
3992 : * and we will keep trying forever.
3993 : */
3994 13954 : if (pmState == PM_NO_CHILDREN &&
3995 6 : (StartupStatus == STARTUP_CRASHED || !restart_after_crash))
3996 2 : ExitPostmaster(1);
3997 :
3998 : /*
3999 : * If we need to recover from a crash, wait for all non-syslogger children
4000 : * to exit, then reset shmem and StartupDataBase.
4001 : */
4002 13952 : if (FatalError && pmState == PM_NO_CHILDREN)
4003 : {
4004 4 : ereport(LOG,
4005 : (errmsg("all server processes terminated; reinitializing")));
4006 :
4007 : /* allow background workers to immediately restart */
4008 4 : ResetBackgroundWorkerCrashTimes();
4009 :
4010 4 : shmem_exit(1);
4011 :
4012 : /* re-read control file into local memory */
4013 4 : LocalProcessControlFile(true);
4014 :
4015 4 : reset_shared();
4016 :
4017 4 : StartupPID = StartupDataBase();
4018 : Assert(StartupPID != 0);
4019 4 : StartupStatus = STARTUP_RUNNING;
4020 4 : pmState = PM_STARTUP;
4021 : /* crash recovery started, reset SIGKILL flag */
4022 4 : AbortStartTime = 0;
4023 : }
4024 13952 : }
4025 :
4026 :
4027 : /*
4028 : * Send a signal to a postmaster child process
4029 : *
4030 : * On systems that have setsid(), each child process sets itself up as a
4031 : * process group leader. For signals that are generally interpreted in the
4032 : * appropriate fashion, we signal the entire process group not just the
4033 : * direct child process. This allows us to, for example, SIGQUIT a blocked
4034 : * archive_recovery script, or SIGINT a script being run by a backend via
4035 : * system().
4036 : *
4037 : * There is a race condition for recently-forked children: they might not
4038 : * have executed setsid() yet. So we signal the child directly as well as
4039 : * the group. We assume such a child will handle the signal before trying
4040 : * to spawn any grandchild processes. We also assume that signaling the
4041 : * child twice will not cause any problems.
4042 : */
4043 : static void
4044 5284 : signal_child(pid_t pid, int signal)
4045 : {
4046 5284 : if (kill(pid, signal) < 0)
4047 0 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
4048 : #ifdef HAVE_SETSID
4049 5284 : switch (signal)
4050 : {
4051 4190 : case SIGINT:
4052 : case SIGTERM:
4053 : case SIGQUIT:
4054 : case SIGSTOP:
4055 : case SIGKILL:
4056 4190 : if (kill(-pid, signal) < 0)
4057 12 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
4058 4190 : break;
4059 1094 : default:
4060 1094 : break;
4061 : }
4062 : #endif
4063 5284 : }
4064 :
4065 : /*
4066 : * Send a signal to the targeted children (but NOT special children;
4067 : * dead_end children are never signaled, either).
4068 : */
4069 : static bool
4070 1178 : SignalSomeChildren(int signal, int target)
4071 : {
4072 : dlist_iter iter;
4073 1178 : bool signaled = false;
4074 :
4075 2504 : dlist_foreach(iter, &BackendList)
4076 : {
4077 1326 : Backend *bp = dlist_container(Backend, elem, iter.cur);
4078 :
4079 1326 : if (bp->dead_end)
4080 0 : continue;
4081 :
4082 : /*
4083 : * Since target == BACKEND_TYPE_ALL is the most common case, we test
4084 : * it first and avoid touching shared memory for every child.
4085 : */
4086 1326 : if (target != BACKEND_TYPE_ALL)
4087 : {
4088 : /*
4089 : * Assign bkend_type for any recently announced WAL Sender
4090 : * processes.
4091 : */
4092 912 : if (bp->bkend_type == BACKEND_TYPE_NORMAL &&
4093 266 : IsPostmasterChildWalSender(bp->child_slot))
4094 36 : bp->bkend_type = BACKEND_TYPE_WALSND;
4095 :
4096 646 : if (!(target & bp->bkend_type))
4097 44 : continue;
4098 : }
4099 :
4100 1282 : ereport(DEBUG4,
4101 : (errmsg_internal("sending signal %d to process %d",
4102 : signal, (int) bp->pid)));
4103 1282 : signal_child(bp->pid, signal);
4104 1282 : signaled = true;
4105 : }
4106 1178 : return signaled;
4107 : }
4108 :
4109 : /*
4110 : * Send a termination signal to children. This considers all of our children
4111 : * processes, except syslogger and dead_end backends.
4112 : */
4113 : static void
4114 316 : TerminateChildren(int signal)
4115 : {
4116 316 : SignalChildren(signal);
4117 316 : if (StartupPID != 0)
4118 : {
4119 64 : signal_child(StartupPID, signal);
4120 64 : if (signal == SIGQUIT || signal == SIGKILL)
4121 64 : StartupStatus = STARTUP_SIGNALED;
4122 : }
4123 316 : if (BgWriterPID != 0)
4124 316 : signal_child(BgWriterPID, signal);
4125 316 : if (CheckpointerPID != 0)
4126 316 : signal_child(CheckpointerPID, signal);
4127 316 : if (WalWriterPID != 0)
4128 252 : signal_child(WalWriterPID, signal);
4129 316 : if (WalReceiverPID != 0)
4130 26 : signal_child(WalReceiverPID, signal);
4131 316 : if (AutoVacPID != 0)
4132 242 : signal_child(AutoVacPID, signal);
4133 316 : if (PgArchPID != 0)
4134 22 : signal_child(PgArchPID, signal);
4135 316 : if (PgStatPID != 0)
4136 316 : signal_child(PgStatPID, signal);
4137 316 : }
4138 :
4139 : /*
4140 : * BackendStartup -- start backend process
4141 : *
4142 : * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
4143 : *
4144 : * Note: if you change this code, also consider StartAutovacuumWorker.
4145 : */
4146 : static int
4147 8078 : BackendStartup(Port *port)
4148 : {
4149 : Backend *bn; /* for backend cleanup */
4150 : pid_t pid;
4151 :
4152 : /*
4153 : * Create backend data structure. Better before the fork() so we can
4154 : * handle failure cleanly.
4155 : */
4156 8078 : bn = (Backend *) malloc(sizeof(Backend));
4157 8078 : if (!bn)
4158 : {
4159 0 : ereport(LOG,
4160 : (errcode(ERRCODE_OUT_OF_MEMORY),
4161 : errmsg("out of memory")));
4162 0 : return STATUS_ERROR;
4163 : }
4164 :
4165 : /*
4166 : * Compute the cancel key that will be assigned to this backend. The
4167 : * backend will have its own copy in the forked-off process' value of
4168 : * MyCancelKey, so that it can transmit the key to the frontend.
4169 : */
4170 8078 : if (!RandomCancelKey(&MyCancelKey))
4171 : {
4172 0 : free(bn);
4173 0 : ereport(LOG,
4174 : (errcode(ERRCODE_INTERNAL_ERROR),
4175 : errmsg("could not generate random cancel key")));
4176 0 : return STATUS_ERROR;
4177 : }
4178 :
4179 8078 : bn->cancel_key = MyCancelKey;
4180 :
4181 : /* Pass down canAcceptConnections state */
4182 8078 : port->canAcceptConnections = canAcceptConnections(BACKEND_TYPE_NORMAL);
4183 8120 : bn->dead_end = (port->canAcceptConnections != CAC_OK &&
4184 42 : port->canAcceptConnections != CAC_WAITBACKUP);
4185 :
4186 : /*
4187 : * Unless it's a dead_end child, assign it a child slot number
4188 : */
4189 8078 : if (!bn->dead_end)
4190 8036 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
4191 : else
4192 42 : bn->child_slot = 0;
4193 :
4194 : /* Hasn't asked to be notified about any bgworkers yet */
4195 8078 : bn->bgworker_notify = false;
4196 :
4197 : #ifdef EXEC_BACKEND
4198 : pid = backend_forkexec(port);
4199 : #else /* !EXEC_BACKEND */
4200 8078 : pid = fork_process();
4201 15974 : if (pid == 0) /* child */
4202 : {
4203 7898 : free(bn);
4204 :
4205 : /* Detangle from postmaster */
4206 7898 : InitPostmasterChild();
4207 :
4208 : /* Close the postmaster's sockets */
4209 7898 : ClosePostmasterPorts(false);
4210 :
4211 : /* Perform additional initialization and collect startup packet */
4212 7898 : BackendInitialize(port);
4213 :
4214 : /* And run the backend */
4215 7822 : BackendRun(port);
4216 : }
4217 : #endif /* EXEC_BACKEND */
4218 :
4219 8076 : if (pid < 0)
4220 : {
4221 : /* in parent, fork failed */
4222 0 : int save_errno = errno;
4223 :
4224 0 : if (!bn->dead_end)
4225 0 : (void) ReleasePostmasterChildSlot(bn->child_slot);
4226 0 : free(bn);
4227 0 : errno = save_errno;
4228 0 : ereport(LOG,
4229 : (errmsg("could not fork new process for connection: %m")));
4230 0 : report_fork_failure_to_client(port, save_errno);
4231 0 : return STATUS_ERROR;
4232 : }
4233 :
4234 : /* in parent, successful fork */
4235 8076 : ereport(DEBUG2,
4236 : (errmsg_internal("forked new backend, pid=%d socket=%d",
4237 : (int) pid, (int) port->sock)));
4238 :
4239 : /*
4240 : * Everything's been successful, it's safe to add this backend to our list
4241 : * of backends.
4242 : */
4243 8076 : bn->pid = pid;
4244 8076 : bn->bkend_type = BACKEND_TYPE_NORMAL; /* Can change later to WALSND */
4245 8076 : dlist_push_head(&BackendList, &bn->elem);
4246 :
4247 : #ifdef EXEC_BACKEND
4248 : if (!bn->dead_end)
4249 : ShmemBackendArrayAdd(bn);
4250 : #endif
4251 :
4252 8076 : return STATUS_OK;
4253 : }
4254 :
4255 : /*
4256 : * Try to report backend fork() failure to client before we close the
4257 : * connection. Since we do not care to risk blocking the postmaster on
4258 : * this connection, we set the connection to non-blocking and try only once.
4259 : *
4260 : * This is grungy special-purpose code; we cannot use backend libpq since
4261 : * it's not up and running.
4262 : */
4263 : static void
4264 0 : report_fork_failure_to_client(Port *port, int errnum)
4265 : {
4266 : char buffer[1000];
4267 : int rc;
4268 :
4269 : /* Format the error message packet (always V2 protocol) */
4270 0 : snprintf(buffer, sizeof(buffer), "E%s%s\n",
4271 : _("could not fork new process for connection: "),
4272 : strerror(errnum));
4273 :
4274 : /* Set port to non-blocking. Don't do send() if this fails */
4275 0 : if (!pg_set_noblock(port->sock))
4276 0 : return;
4277 :
4278 : /* We'll retry after EINTR, but ignore all other failures */
4279 : do
4280 : {
4281 0 : rc = send(port->sock, buffer, strlen(buffer) + 1, 0);
4282 0 : } while (rc < 0 && errno == EINTR);
4283 : }
4284 :
4285 :
4286 : /*
4287 : * BackendInitialize -- initialize an interactive (postmaster-child)
4288 : * backend process, and collect the client's startup packet.
4289 : *
4290 : * returns: nothing. Will not return at all if there's any failure.
4291 : *
4292 : * Note: this code does not depend on having any access to shared memory.
4293 : * In the EXEC_BACKEND case, we are physically attached to shared memory
4294 : * but have not yet set up most of our local pointers to shmem structures.
4295 : */
4296 : static void
4297 7898 : BackendInitialize(Port *port)
4298 : {
4299 : int status;
4300 : int ret;
4301 : char remote_host[NI_MAXHOST];
4302 : char remote_port[NI_MAXSERV];
4303 : StringInfoData ps_data;
4304 :
4305 : /* Save port etc. for ps status */
4306 7898 : MyProcPort = port;
4307 :
4308 : /* Tell fd.c about the long-lived FD associated with the port */
4309 7898 : ReserveExternalFD();
4310 :
4311 : /*
4312 : * PreAuthDelay is a debugging aid for investigating problems in the
4313 : * authentication cycle: it can be set in postgresql.conf to allow time to
4314 : * attach to the newly-forked backend with a debugger. (See also
4315 : * PostAuthDelay, which we allow clients to pass through PGOPTIONS, but it
4316 : * is not honored until after authentication.)
4317 : */
4318 7898 : if (PreAuthDelay > 0)
4319 0 : pg_usleep(PreAuthDelay * 1000000L);
4320 :
4321 : /* This flag will remain set until InitPostgres finishes authentication */
4322 7898 : ClientAuthInProgress = true; /* limit visibility of log messages */
4323 :
4324 : /* set these to empty in case they are needed before we set them up */
4325 7898 : port->remote_host = "";
4326 7898 : port->remote_port = "";
4327 :
4328 : /*
4329 : * Initialize libpq and enable reporting of ereport errors to the client.
4330 : * Must do this now because authentication uses libpq to send messages.
4331 : */
4332 7898 : pq_init(); /* initialize libpq to talk to client */
4333 7898 : whereToSendOutput = DestRemote; /* now safe to ereport to client */
4334 :
4335 : /*
4336 : * We arrange for a simple exit(1) if we receive SIGTERM or SIGQUIT or
4337 : * timeout while trying to collect the startup packet. Otherwise the
4338 : * postmaster cannot shutdown the database FAST or IMMED cleanly if a
4339 : * buggy client fails to send the packet promptly. XXX it follows that
4340 : * the remainder of this function must tolerate losing control at any
4341 : * instant. Likewise, any pg_on_exit_callback registered before or during
4342 : * this function must be prepared to execute at any instant between here
4343 : * and the end of this function. Furthermore, affected callbacks execute
4344 : * partially or not at all when a second exit-inducing signal arrives
4345 : * after proc_exit_prepare() decrements on_proc_exit_index. (Thanks to
4346 : * that mechanic, callbacks need not anticipate more than one call.) This
4347 : * is fragile; it ought to instead follow the norm of handling interrupts
4348 : * at selected, safe opportunities.
4349 : */
4350 7898 : pqsignal(SIGTERM, startup_die);
4351 7898 : pqsignal(SIGQUIT, startup_die);
4352 7898 : InitializeTimeouts(); /* establishes SIGALRM handler */
4353 7898 : PG_SETMASK(&StartupBlockSig);
4354 :
4355 : /*
4356 : * Get the remote host name and port for logging and status display.
4357 : */
4358 7894 : remote_host[0] = '\0';
4359 7894 : remote_port[0] = '\0';
4360 7894 : if ((ret = pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
4361 : remote_host, sizeof(remote_host),
4362 : remote_port, sizeof(remote_port),
4363 : (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV)) != 0)
4364 0 : ereport(WARNING,
4365 : (errmsg_internal("pg_getnameinfo_all() failed: %s",
4366 : gai_strerror(ret))));
4367 :
4368 : /*
4369 : * Save remote_host and remote_port in port structure (after this, they
4370 : * will appear in log_line_prefix data for log messages).
4371 : */
4372 7894 : port->remote_host = strdup(remote_host);
4373 7894 : port->remote_port = strdup(remote_port);
4374 :
4375 : /* And now we can issue the Log_connections message, if wanted */
4376 7894 : if (Log_connections)
4377 : {
4378 120 : if (remote_port[0])
4379 100 : ereport(LOG,
4380 : (errmsg("connection received: host=%s port=%s",
4381 : remote_host,
4382 : remote_port)));
4383 : else
4384 20 : ereport(LOG,
4385 : (errmsg("connection received: host=%s",
4386 : remote_host)));
4387 : }
4388 :
4389 : /*
4390 : * If we did a reverse lookup to name, we might as well save the results
4391 : * rather than possibly repeating the lookup during authentication.
4392 : *
4393 : * Note that we don't want to specify NI_NAMEREQD above, because then we'd
4394 : * get nothing useful for a client without an rDNS entry. Therefore, we
4395 : * must check whether we got a numeric IPv4 or IPv6 address, and not save
4396 : * it into remote_hostname if so. (This test is conservative and might
4397 : * sometimes classify a hostname as numeric, but an error in that
4398 : * direction is safe; it only results in a possible extra lookup.)
4399 : */
4400 7894 : if (log_hostname &&
4401 100 : ret == 0 &&
4402 100 : strspn(remote_host, "0123456789.") < strlen(remote_host) &&
4403 100 : strspn(remote_host, "0123456789ABCDEFabcdef:") < strlen(remote_host))
4404 100 : port->remote_hostname = strdup(remote_host);
4405 :
4406 : /*
4407 : * Ready to begin client interaction. We will give up and exit(1) after a
4408 : * time delay, so that a broken client can't hog a connection
4409 : * indefinitely. PreAuthDelay and any DNS interactions above don't count
4410 : * against the time limit.
4411 : *
4412 : * Note: AuthenticationTimeout is applied here while waiting for the
4413 : * startup packet, and then again in InitPostgres for the duration of any
4414 : * authentication operations. So a hostile client could tie up the
4415 : * process for nearly twice AuthenticationTimeout before we kick him off.
4416 : *
4417 : * Note: because PostgresMain will call InitializeTimeouts again, the
4418 : * registration of STARTUP_PACKET_TIMEOUT will be lost. This is okay
4419 : * since we never use it again after this function.
4420 : */
4421 7894 : RegisterTimeout(STARTUP_PACKET_TIMEOUT, StartupPacketTimeoutHandler);
4422 7894 : enable_timeout_after(STARTUP_PACKET_TIMEOUT, AuthenticationTimeout * 1000);
4423 :
4424 : /*
4425 : * Receive the startup packet (which might turn out to be a cancel request
4426 : * packet).
4427 : */
4428 7894 : status = ProcessStartupPacket(port, false, false);
4429 :
4430 : /*
4431 : * Stop here if it was bad or a cancel packet. ProcessStartupPacket
4432 : * already did any appropriate error reporting.
4433 : */
4434 7852 : if (status != STATUS_OK)
4435 30 : proc_exit(0);
4436 :
4437 : /*
4438 : * Now that we have the user and database name, we can set the process
4439 : * title for ps. It's good to do this as early as possible in startup.
4440 : */
4441 7822 : initStringInfo(&ps_data);
4442 7822 : if (am_walsender)
4443 630 : appendStringInfo(&ps_data, "%s ", GetBackendTypeDesc(B_WAL_SENDER));
4444 7822 : appendStringInfo(&ps_data, "%s ", port->user_name);
4445 7822 : if (!am_walsender)
4446 7192 : appendStringInfo(&ps_data, "%s ", port->database_name);
4447 7822 : appendStringInfo(&ps_data, "%s", port->remote_host);
4448 7822 : if (port->remote_port[0] != '\0')
4449 364 : appendStringInfo(&ps_data, "(%s)", port->remote_port);
4450 :
4451 7822 : init_ps_display(ps_data.data);
4452 7822 : pfree(ps_data.data);
4453 :
4454 7822 : set_ps_display("initializing");
4455 :
4456 : /*
4457 : * Disable the timeout, and prevent SIGTERM/SIGQUIT again.
4458 : */
4459 7822 : disable_timeout(STARTUP_PACKET_TIMEOUT, false);
4460 7822 : PG_SETMASK(&BlockSig);
4461 7822 : }
4462 :
4463 :
4464 : /*
4465 : * BackendRun -- set up the backend's argument list and invoke PostgresMain()
4466 : *
4467 : * returns:
4468 : * Shouldn't return at all.
4469 : * If PostgresMain() fails, return status.
4470 : */
4471 : static void
4472 7822 : BackendRun(Port *port)
4473 : {
4474 : char **av;
4475 : int maxac;
4476 : int ac;
4477 : int i;
4478 :
4479 : /*
4480 : * Now, build the argv vector that will be given to PostgresMain.
4481 : *
4482 : * The maximum possible number of commandline arguments that could come
4483 : * from ExtraOptions is (strlen(ExtraOptions) + 1) / 2; see
4484 : * pg_split_opts().
4485 : */
4486 7822 : maxac = 2; /* for fixed args supplied below */
4487 7822 : maxac += (strlen(ExtraOptions) + 1) / 2;
4488 :
4489 7822 : av = (char **) MemoryContextAlloc(TopMemoryContext,
4490 : maxac * sizeof(char *));
4491 7822 : ac = 0;
4492 :
4493 7822 : av[ac++] = "postgres";
4494 :
4495 : /*
4496 : * Pass any backend switches specified with -o on the postmaster's own
4497 : * command line. We assume these are secure.
4498 : */
4499 7822 : pg_split_opts(av, &ac, ExtraOptions);
4500 :
4501 7822 : av[ac] = NULL;
4502 :
4503 : Assert(ac < maxac);
4504 :
4505 : /*
4506 : * Debug: print arguments being passed to backend
4507 : */
4508 7822 : ereport(DEBUG3,
4509 : (errmsg_internal("%s child[%d]: starting with (",
4510 : progname, (int) getpid())));
4511 15644 : for (i = 0; i < ac; ++i)
4512 7822 : ereport(DEBUG3,
4513 : (errmsg_internal("\t%s", av[i])));
4514 7822 : ereport(DEBUG3,
4515 : (errmsg_internal(")")));
4516 :
4517 : /*
4518 : * Make sure we aren't in PostmasterContext anymore. (We can't delete it
4519 : * just yet, though, because InitPostgres will need the HBA data.)
4520 : */
4521 7822 : MemoryContextSwitchTo(TopMemoryContext);
4522 :
4523 7822 : PostgresMain(ac, av, port->database_name, port->user_name);
4524 : }
4525 :
4526 :
4527 : #ifdef EXEC_BACKEND
4528 :
4529 : /*
4530 : * postmaster_forkexec -- fork and exec a postmaster subprocess
4531 : *
4532 : * The caller must have set up the argv array already, except for argv[2]
4533 : * which will be filled with the name of the temp variable file.
4534 : *
4535 : * Returns the child process PID, or -1 on fork failure (a suitable error
4536 : * message has been logged on failure).
4537 : *
4538 : * All uses of this routine will dispatch to SubPostmasterMain in the
4539 : * child process.
4540 : */
4541 : pid_t
4542 : postmaster_forkexec(int argc, char *argv[])
4543 : {
4544 : Port port;
4545 :
4546 : /* This entry point passes dummy values for the Port variables */
4547 : memset(&port, 0, sizeof(port));
4548 : return internal_forkexec(argc, argv, &port);
4549 : }
4550 :
4551 : /*
4552 : * backend_forkexec -- fork/exec off a backend process
4553 : *
4554 : * Some operating systems (WIN32) don't have fork() so we have to simulate
4555 : * it by storing parameters that need to be passed to the child and
4556 : * then create a new child process.
4557 : *
4558 : * returns the pid of the fork/exec'd process, or -1 on failure
4559 : */
4560 : static pid_t
4561 : backend_forkexec(Port *port)
4562 : {
4563 : char *av[4];
4564 : int ac = 0;
4565 :
4566 : av[ac++] = "postgres";
4567 : av[ac++] = "--forkbackend";
4568 : av[ac++] = NULL; /* filled in by internal_forkexec */
4569 :
4570 : av[ac] = NULL;
4571 : Assert(ac < lengthof(av));
4572 :
4573 : return internal_forkexec(ac, av, port);
4574 : }
4575 :
4576 : #ifndef WIN32
4577 :
4578 : /*
4579 : * internal_forkexec non-win32 implementation
4580 : *
4581 : * - writes out backend variables to the parameter file
4582 : * - fork():s, and then exec():s the child process
4583 : */
4584 : static pid_t
4585 : internal_forkexec(int argc, char *argv[], Port *port)
4586 : {
4587 : static unsigned long tmpBackendFileNum = 0;
4588 : pid_t pid;
4589 : char tmpfilename[MAXPGPATH];
4590 : BackendParameters param;
4591 : FILE *fp;
4592 :
4593 : if (!save_backend_variables(¶m, port))
4594 : return -1; /* log made by save_backend_variables */
4595 :
4596 : /* Calculate name for temp file */
4597 : snprintf(tmpfilename, MAXPGPATH, "%s/%s.backend_var.%d.%lu",
4598 : PG_TEMP_FILES_DIR, PG_TEMP_FILE_PREFIX,
4599 : MyProcPid, ++tmpBackendFileNum);
4600 :
4601 : /* Open file */
4602 : fp = AllocateFile(tmpfilename, PG_BINARY_W);
4603 : if (!fp)
4604 : {
4605 : /*
4606 : * As in OpenTemporaryFileInTablespace, try to make the temp-file
4607 : * directory, ignoring errors.
4608 : */
4609 : (void) MakePGDirectory(PG_TEMP_FILES_DIR);
4610 :
4611 : fp = AllocateFile(tmpfilename, PG_BINARY_W);
4612 : if (!fp)
4613 : {
4614 : ereport(LOG,
4615 : (errcode_for_file_access(),
4616 : errmsg("could not create file \"%s\": %m",
4617 : tmpfilename)));
4618 : return -1;
4619 : }
4620 : }
4621 :
4622 : if (fwrite(¶m, sizeof(param), 1, fp) != 1)
4623 : {
4624 : ereport(LOG,
4625 : (errcode_for_file_access(),
4626 : errmsg("could not write to file \"%s\": %m", tmpfilename)));
4627 : FreeFile(fp);
4628 : return -1;
4629 : }
4630 :
4631 : /* Release file */
4632 : if (FreeFile(fp))
4633 : {
4634 : ereport(LOG,
4635 : (errcode_for_file_access(),
4636 : errmsg("could not write to file \"%s\": %m", tmpfilename)));
4637 : return -1;
4638 : }
4639 :
4640 : /* Make sure caller set up argv properly */
4641 : Assert(argc >= 3);
4642 : Assert(argv[argc] == NULL);
4643 : Assert(strncmp(argv[1], "--fork", 6) == 0);
4644 : Assert(argv[2] == NULL);
4645 :
4646 : /* Insert temp file name after --fork argument */
4647 : argv[2] = tmpfilename;
4648 :
4649 : /* Fire off execv in child */
4650 : if ((pid = fork_process()) == 0)
4651 : {
4652 : if (execv(postgres_exec_path, argv) < 0)
4653 : {
4654 : ereport(LOG,
4655 : (errmsg("could not execute server process \"%s\": %m",
4656 : postgres_exec_path)));
4657 : /* We're already in the child process here, can't return */
4658 : exit(1);
4659 : }
4660 : }
4661 :
4662 : return pid; /* Parent returns pid, or -1 on fork failure */
4663 : }
4664 : #else /* WIN32 */
4665 :
4666 : /*
4667 : * internal_forkexec win32 implementation
4668 : *
4669 : * - starts backend using CreateProcess(), in suspended state
4670 : * - writes out backend variables to the parameter file
4671 : * - during this, duplicates handles and sockets required for
4672 : * inheritance into the new process
4673 : * - resumes execution of the new process once the backend parameter
4674 : * file is complete.
4675 : */
4676 : static pid_t
4677 : internal_forkexec(int argc, char *argv[], Port *port)
4678 : {
4679 : int retry_count = 0;
4680 : STARTUPINFO si;
4681 : PROCESS_INFORMATION pi;
4682 : int i;
4683 : int j;
4684 : char cmdLine[MAXPGPATH * 2];
4685 : HANDLE paramHandle;
4686 : BackendParameters *param;
4687 : SECURITY_ATTRIBUTES sa;
4688 : char paramHandleStr[32];
4689 : win32_deadchild_waitinfo *childinfo;
4690 :
4691 : /* Make sure caller set up argv properly */
4692 : Assert(argc >= 3);
4693 : Assert(argv[argc] == NULL);
4694 : Assert(strncmp(argv[1], "--fork", 6) == 0);
4695 : Assert(argv[2] == NULL);
4696 :
4697 : /* Resume here if we need to retry */
4698 : retry:
4699 :
4700 : /* Set up shared memory for parameter passing */
4701 : ZeroMemory(&sa, sizeof(sa));
4702 : sa.nLength = sizeof(sa);
4703 : sa.bInheritHandle = TRUE;
4704 : paramHandle = CreateFileMapping(INVALID_HANDLE_VALUE,
4705 : &sa,
4706 : PAGE_READWRITE,
4707 : 0,
4708 : sizeof(BackendParameters),
4709 : NULL);
4710 : if (paramHandle == INVALID_HANDLE_VALUE)
4711 : {
4712 : elog(LOG, "could not create backend parameter file mapping: error code %lu",
4713 : GetLastError());
4714 : return -1;
4715 : }
4716 :
4717 : param = MapViewOfFile(paramHandle, FILE_MAP_WRITE, 0, 0, sizeof(BackendParameters));
4718 : if (!param)
4719 : {
4720 : elog(LOG, "could not map backend parameter memory: error code %lu",
4721 : GetLastError());
4722 : CloseHandle(paramHandle);
4723 : return -1;
4724 : }
4725 :
4726 : /* Insert temp file name after --fork argument */
4727 : #ifdef _WIN64
4728 : sprintf(paramHandleStr, "%llu", (LONG_PTR) paramHandle);
4729 : #else
4730 : sprintf(paramHandleStr, "%lu", (DWORD) paramHandle);
4731 : #endif
4732 : argv[2] = paramHandleStr;
4733 :
4734 : /* Format the cmd line */
4735 : cmdLine[sizeof(cmdLine) - 1] = '\0';
4736 : cmdLine[sizeof(cmdLine) - 2] = '\0';
4737 : snprintf(cmdLine, sizeof(cmdLine) - 1, "\"%s\"", postgres_exec_path);
4738 : i = 0;
4739 : while (argv[++i] != NULL)
4740 : {
4741 : j = strlen(cmdLine);
4742 : snprintf(cmdLine + j, sizeof(cmdLine) - 1 - j, " \"%s\"", argv[i]);
4743 : }
4744 : if (cmdLine[sizeof(cmdLine) - 2] != '\0')
4745 : {
4746 : elog(LOG, "subprocess command line too long");
4747 : UnmapViewOfFile(param);
4748 : CloseHandle(paramHandle);
4749 : return -1;
4750 : }
4751 :
4752 : memset(&pi, 0, sizeof(pi));
4753 : memset(&si, 0, sizeof(si));
4754 : si.cb = sizeof(si);
4755 :
4756 : /*
4757 : * Create the subprocess in a suspended state. This will be resumed later,
4758 : * once we have written out the parameter file.
4759 : */
4760 : if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED,
4761 : NULL, NULL, &si, &pi))
4762 : {
4763 : elog(LOG, "CreateProcess call failed: %m (error code %lu)",
4764 : GetLastError());
4765 : UnmapViewOfFile(param);
4766 : CloseHandle(paramHandle);
4767 : return -1;
4768 : }
4769 :
4770 : if (!save_backend_variables(param, port, pi.hProcess, pi.dwProcessId))
4771 : {
4772 : /*
4773 : * log made by save_backend_variables, but we have to clean up the
4774 : * mess with the half-started process
4775 : */
4776 : if (!TerminateProcess(pi.hProcess, 255))
4777 : ereport(LOG,
4778 : (errmsg_internal("could not terminate unstarted process: error code %lu",
4779 : GetLastError())));
4780 : CloseHandle(pi.hProcess);
4781 : CloseHandle(pi.hThread);
4782 : UnmapViewOfFile(param);
4783 : CloseHandle(paramHandle);
4784 : return -1; /* log made by save_backend_variables */
4785 : }
4786 :
4787 : /* Drop the parameter shared memory that is now inherited to the backend */
4788 : if (!UnmapViewOfFile(param))
4789 : elog(LOG, "could not unmap view of backend parameter file: error code %lu",
4790 : GetLastError());
4791 : if (!CloseHandle(paramHandle))
4792 : elog(LOG, "could not close handle to backend parameter file: error code %lu",
4793 : GetLastError());
4794 :
4795 : /*
4796 : * Reserve the memory region used by our main shared memory segment before
4797 : * we resume the child process. Normally this should succeed, but if ASLR
4798 : * is active then it might sometimes fail due to the stack or heap having
4799 : * gotten mapped into that range. In that case, just terminate the
4800 : * process and retry.
4801 : */
4802 : if (!pgwin32_ReserveSharedMemoryRegion(pi.hProcess))
4803 : {
4804 : /* pgwin32_ReserveSharedMemoryRegion already made a log entry */
4805 : if (!TerminateProcess(pi.hProcess, 255))
4806 : ereport(LOG,
4807 : (errmsg_internal("could not terminate process that failed to reserve memory: error code %lu",
4808 : GetLastError())));
4809 : CloseHandle(pi.hProcess);
4810 : CloseHandle(pi.hThread);
4811 : if (++retry_count < 100)
4812 : goto retry;
4813 : ereport(LOG,
4814 : (errmsg("giving up after too many tries to reserve shared memory"),
4815 : errhint("This might be caused by ASLR or antivirus software.")));
4816 : return -1;
4817 : }
4818 :
4819 : /*
4820 : * Now that the backend variables are written out, we start the child
4821 : * thread so it can start initializing while we set up the rest of the
4822 : * parent state.
4823 : */
4824 : if (ResumeThread(pi.hThread) == -1)
4825 : {
4826 : if (!TerminateProcess(pi.hProcess, 255))
4827 : {
4828 : ereport(LOG,
4829 : (errmsg_internal("could not terminate unstartable process: error code %lu",
4830 : GetLastError())));
4831 : CloseHandle(pi.hProcess);
4832 : CloseHandle(pi.hThread);
4833 : return -1;
4834 : }
4835 : CloseHandle(pi.hProcess);
4836 : CloseHandle(pi.hThread);
4837 : ereport(LOG,
4838 : (errmsg_internal("could not resume thread of unstarted process: error code %lu",
4839 : GetLastError())));
4840 : return -1;
4841 : }
4842 :
4843 : /*
4844 : * Queue a waiter to signal when this child dies. The wait will be handled
4845 : * automatically by an operating system thread pool.
4846 : *
4847 : * Note: use malloc instead of palloc, since it needs to be thread-safe.
4848 : * Struct will be free():d from the callback function that runs on a
4849 : * different thread.
4850 : */
4851 : childinfo = malloc(sizeof(win32_deadchild_waitinfo));
4852 : if (!childinfo)
4853 : ereport(FATAL,
4854 : (errcode(ERRCODE_OUT_OF_MEMORY),
4855 : errmsg("out of memory")));
4856 :
4857 : childinfo->procHandle = pi.hProcess;
4858 : childinfo->procId = pi.dwProcessId;
4859 :
4860 : if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
4861 : pi.hProcess,
4862 : pgwin32_deadchild_callback,
4863 : childinfo,
4864 : INFINITE,
4865 : WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
4866 : ereport(FATAL,
4867 : (errmsg_internal("could not register process for wait: error code %lu",
4868 : GetLastError())));
4869 :
4870 : /* Don't close pi.hProcess here - the wait thread needs access to it */
4871 :
4872 : CloseHandle(pi.hThread);
4873 :
4874 : return pi.dwProcessId;
4875 : }
4876 : #endif /* WIN32 */
4877 :
4878 :
4879 : /*
4880 : * SubPostmasterMain -- Get the fork/exec'd process into a state equivalent
4881 : * to what it would be if we'd simply forked on Unix, and then
4882 : * dispatch to the appropriate place.
4883 : *
4884 : * The first two command line arguments are expected to be "--forkFOO"
4885 : * (where FOO indicates which postmaster child we are to become), and
4886 : * the name of a variables file that we can read to load data that would
4887 : * have been inherited by fork() on Unix. Remaining arguments go to the
4888 : * subprocess FooMain() routine.
4889 : */
4890 : void
4891 : SubPostmasterMain(int argc, char *argv[])
4892 : {
4893 : Port port;
4894 :
4895 : /* In EXEC_BACKEND case we will not have inherited these settings */
4896 : IsPostmasterEnvironment = true;
4897 : whereToSendOutput = DestNone;
4898 :
4899 : /* Setup as postmaster child */
4900 : InitPostmasterChild();
4901 :
4902 : /* Setup essential subsystems (to ensure elog() behaves sanely) */
4903 : InitializeGUCOptions();
4904 :
4905 : /* Check we got appropriate args */
4906 : if (argc < 3)
4907 : elog(FATAL, "invalid subpostmaster invocation");
4908 :
4909 : /* Read in the variables file */
4910 : memset(&port, 0, sizeof(Port));
4911 : read_backend_variables(argv[2], &port);
4912 :
4913 : /* Close the postmaster's sockets (as soon as we know them) */
4914 : ClosePostmasterPorts(strcmp(argv[1], "--forklog") == 0);
4915 :
4916 : /*
4917 : * Set up memory area for GSS information. Mirrors the code in ConnCreate
4918 : * for the non-exec case.
4919 : */
4920 : #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
4921 : port.gss = (pg_gssinfo *) calloc(1, sizeof(pg_gssinfo));
4922 : if (!port.gss)
4923 : ereport(FATAL,
4924 : (errcode(ERRCODE_OUT_OF_MEMORY),
4925 : errmsg("out of memory")));
4926 : #endif
4927 :
4928 : /*
4929 : * If appropriate, physically re-attach to shared memory segment. We want
4930 : * to do this before going any further to ensure that we can attach at the
4931 : * same address the postmaster used. On the other hand, if we choose not
4932 : * to re-attach, we may have other cleanup to do.
4933 : *
4934 : * If testing EXEC_BACKEND on Linux, you should run this as root before
4935 : * starting the postmaster:
4936 : *
4937 : * echo 0 >/proc/sys/kernel/randomize_va_space
4938 : *
4939 : * This prevents using randomized stack and code addresses that cause the
4940 : * child process's memory map to be different from the parent's, making it
4941 : * sometimes impossible to attach to shared memory at the desired address.
4942 : * Return the setting to its old value (usually '1' or '2') when finished.
4943 : */
4944 : if (strcmp(argv[1], "--forkbackend") == 0 ||
4945 : strcmp(argv[1], "--forkavlauncher") == 0 ||
4946 : strcmp(argv[1], "--forkavworker") == 0 ||
4947 : strcmp(argv[1], "--forkboot") == 0 ||
4948 : strncmp(argv[1], "--forkbgworker=", 15) == 0)
4949 : PGSharedMemoryReAttach();
4950 : else
4951 : PGSharedMemoryNoReAttach();
4952 :
4953 : /* autovacuum needs this set before calling InitProcess */
4954 : if (strcmp(argv[1], "--forkavlauncher") == 0)
4955 : AutovacuumLauncherIAm();
4956 : if (strcmp(argv[1], "--forkavworker") == 0)
4957 : AutovacuumWorkerIAm();
4958 :
4959 : /*
4960 : * Start our win32 signal implementation. This has to be done after we
4961 : * read the backend variables, because we need to pick up the signal pipe
4962 : * from the parent process.
4963 : */
4964 : #ifdef WIN32
4965 : pgwin32_signal_initialize();
4966 : #endif
4967 :
4968 : /* In EXEC_BACKEND case we will not have inherited these settings */
4969 : pqinitmask();
4970 : PG_SETMASK(&BlockSig);
4971 :
4972 : /* Read in remaining GUC variables */
4973 : read_nondefault_variables();
4974 :
4975 : /*
4976 : * Check that the data directory looks valid, which will also check the
4977 : * privileges on the data directory and update our umask and file/group
4978 : * variables for creating files later. Note: this should really be done
4979 : * before we create any files or directories.
4980 : */
4981 : checkDataDir();
4982 :
4983 : /*
4984 : * (re-)read control file, as it contains config. The postmaster will
4985 : * already have read this, but this process doesn't know about that.
4986 : */
4987 : LocalProcessControlFile(false);
4988 :
4989 : /*
4990 : * Reload any libraries that were preloaded by the postmaster. Since we
4991 : * exec'd this process, those libraries didn't come along with us; but we
4992 : * should load them into all child processes to be consistent with the
4993 : * non-EXEC_BACKEND behavior.
4994 : */
4995 : process_shared_preload_libraries();
4996 :
4997 : /* Run backend or appropriate child */
4998 : if (strcmp(argv[1], "--forkbackend") == 0)
4999 : {
5000 : Assert(argc == 3); /* shouldn't be any more args */
5001 :
5002 : /*
5003 : * Need to reinitialize the SSL library in the backend, since the
5004 : * context structures contain function pointers and cannot be passed
5005 : * through the parameter file.
5006 : *
5007 : * If for some reason reload fails (maybe the user installed broken
5008 : * key files), soldier on without SSL; that's better than all
5009 : * connections becoming impossible.
5010 : *
5011 : * XXX should we do this in all child processes? For the moment it's
5012 : * enough to do it in backend children.
5013 : */
5014 : #ifdef USE_SSL
5015 : if (EnableSSL)
5016 : {
5017 : if (secure_initialize(false) == 0)
5018 : LoadedSSL = true;
5019 : else
5020 : ereport(LOG,
5021 : (errmsg("SSL configuration could not be loaded in child process")));
5022 : }
5023 : #endif
5024 :
5025 : /*
5026 : * Perform additional initialization and collect startup packet.
5027 : *
5028 : * We want to do this before InitProcess() for a couple of reasons: 1.
5029 : * so that we aren't eating up a PGPROC slot while waiting on the
5030 : * client. 2. so that if InitProcess() fails due to being out of
5031 : * PGPROC slots, we have already initialized libpq and are able to
5032 : * report the error to the client.
5033 : */
5034 : BackendInitialize(&port);
5035 :
5036 : /* Restore basic shared memory pointers */
5037 : InitShmemAccess(UsedShmemSegAddr);
5038 :
5039 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5040 : InitProcess();
5041 :
5042 : /* Attach process to shared data structures */
5043 : CreateSharedMemoryAndSemaphores();
5044 :
5045 : /* And run the backend */
5046 : BackendRun(&port); /* does not return */
5047 : }
5048 : if (strcmp(argv[1], "--forkboot") == 0)
5049 : {
5050 : /* Restore basic shared memory pointers */
5051 : InitShmemAccess(UsedShmemSegAddr);
5052 :
5053 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5054 : InitAuxiliaryProcess();
5055 :
5056 : /* Attach process to shared data structures */
5057 : CreateSharedMemoryAndSemaphores();
5058 :
5059 : AuxiliaryProcessMain(argc - 2, argv + 2); /* does not return */
5060 : }
5061 : if (strcmp(argv[1], "--forkavlauncher") == 0)
5062 : {
5063 : /* Restore basic shared memory pointers */
5064 : InitShmemAccess(UsedShmemSegAddr);
5065 :
5066 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5067 : InitProcess();
5068 :
5069 : /* Attach process to shared data structures */
5070 : CreateSharedMemoryAndSemaphores();
5071 :
5072 : AutoVacLauncherMain(argc - 2, argv + 2); /* does not return */
5073 : }
5074 : if (strcmp(argv[1], "--forkavworker") == 0)
5075 : {
5076 : /* Restore basic shared memory pointers */
5077 : InitShmemAccess(UsedShmemSegAddr);
5078 :
5079 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5080 : InitProcess();
5081 :
5082 : /* Attach process to shared data structures */
5083 : CreateSharedMemoryAndSemaphores();
5084 :
5085 : AutoVacWorkerMain(argc - 2, argv + 2); /* does not return */
5086 : }
5087 : if (strncmp(argv[1], "--forkbgworker=", 15) == 0)
5088 : {
5089 : int shmem_slot;
5090 :
5091 : /* do this as early as possible; in particular, before InitProcess() */
5092 : IsBackgroundWorker = true;
5093 :
5094 : /* Restore basic shared memory pointers */
5095 : InitShmemAccess(UsedShmemSegAddr);
5096 :
5097 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5098 : InitProcess();
5099 :
5100 : /* Attach process to shared data structures */
5101 : CreateSharedMemoryAndSemaphores();
5102 :
5103 : /* Fetch MyBgworkerEntry from shared memory */
5104 : shmem_slot = atoi(argv[1] + 15);
5105 : MyBgworkerEntry = BackgroundWorkerEntry(shmem_slot);
5106 :
5107 : StartBackgroundWorker();
5108 : }
5109 : if (strcmp(argv[1], "--forkarch") == 0)
5110 : {
5111 : /* Do not want to attach to shared memory */
5112 :
5113 : PgArchiverMain(argc, argv); /* does not return */
5114 : }
5115 : if (strcmp(argv[1], "--forkcol") == 0)
5116 : {
5117 : /* Do not want to attach to shared memory */
5118 :
5119 : PgstatCollectorMain(argc, argv); /* does not return */
5120 : }
5121 : if (strcmp(argv[1], "--forklog") == 0)
5122 : {
5123 : /* Do not want to attach to shared memory */
5124 :
5125 : SysLoggerMain(argc, argv); /* does not return */
5126 : }
5127 :
5128 : abort(); /* shouldn't get here */
5129 : }
5130 : #endif /* EXEC_BACKEND */
5131 :
5132 :
5133 : /*
5134 : * ExitPostmaster -- cleanup
5135 : *
5136 : * Do NOT call exit() directly --- always go through here!
5137 : */
5138 : static void
5139 712 : ExitPostmaster(int status)
5140 : {
5141 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
5142 :
5143 : /*
5144 : * There is no known cause for a postmaster to become multithreaded after
5145 : * startup. Recheck to account for the possibility of unknown causes.
5146 : * This message uses LOG level, because an unclean shutdown at this point
5147 : * would usually not look much different from a clean shutdown.
5148 : */
5149 : if (pthread_is_threaded_np() != 0)
5150 : ereport(LOG,
5151 : (errcode(ERRCODE_INTERNAL_ERROR),
5152 : errmsg_internal("postmaster became multithreaded"),
5153 : errdetail("Please report this to <%s>.", PACKAGE_BUGREPORT)));
5154 : #endif
5155 :
5156 : /* should cleanup shared memory and kill all backends */
5157 :
5158 : /*
5159 : * Not sure of the semantics here. When the Postmaster dies, should the
5160 : * backends all be killed? probably not.
5161 : *
5162 : * MUST -- vadim 05-10-1999
5163 : */
5164 :
5165 712 : proc_exit(status);
5166 : }
5167 :
5168 : /*
5169 : * sigusr1_handler - handle signal conditions from child processes
5170 : */
5171 : static void
5172 2102 : sigusr1_handler(SIGNAL_ARGS)
5173 : {
5174 2102 : int save_errno = errno;
5175 :
5176 : /*
5177 : * We rely on the signal mechanism to have blocked all signals ... except
5178 : * on Windows, which lacks sigaction(), so we have to do it manually.
5179 : */
5180 : #ifdef WIN32
5181 : PG_SETMASK(&BlockSig);
5182 : #endif
5183 :
5184 : /* Process background worker state change. */
5185 2102 : if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))
5186 : {
5187 872 : BackgroundWorkerStateChange();
5188 872 : StartWorkerNeeded = true;
5189 : }
5190 :
5191 : /*
5192 : * RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in
5193 : * unexpected states. If the startup process quickly starts up, completes
5194 : * recovery, exits, we might process the death of the startup process
5195 : * first. We don't want to go back to recovery in that case.
5196 : */
5197 2102 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_STARTED) &&
5198 146 : pmState == PM_STARTUP && Shutdown == NoShutdown)
5199 : {
5200 : /* WAL redo has started. We're out of reinitialization. */
5201 146 : FatalError = false;
5202 146 : AbortStartTime = 0;
5203 :
5204 : /*
5205 : * Crank up the background tasks. It doesn't matter if this fails,
5206 : * we'll just try again later.
5207 : */
5208 : Assert(CheckpointerPID == 0);
5209 146 : CheckpointerPID = StartCheckpointer();
5210 : Assert(BgWriterPID == 0);
5211 146 : BgWriterPID = StartBackgroundWriter();
5212 :
5213 : /*
5214 : * Start the archiver if we're responsible for (re-)archiving received
5215 : * files.
5216 : */
5217 : Assert(PgArchPID == 0);
5218 146 : if (XLogArchivingAlways())
5219 4 : PgArchPID = pgarch_start();
5220 :
5221 : /*
5222 : * If we aren't planning to enter hot standby mode later, treat
5223 : * RECOVERY_STARTED as meaning we're out of startup, and report status
5224 : * accordingly.
5225 : */
5226 146 : if (!EnableHotStandby)
5227 : {
5228 0 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STANDBY);
5229 : #ifdef USE_SYSTEMD
5230 : sd_notify(0, "READY=1");
5231 : #endif
5232 : }
5233 :
5234 146 : pmState = PM_RECOVERY;
5235 : }
5236 2102 : if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY) &&
5237 146 : pmState == PM_RECOVERY && Shutdown == NoShutdown)
5238 : {
5239 : /*
5240 : * Likewise, start other special children as needed.
5241 : */
5242 : Assert(PgStatPID == 0);
5243 146 : PgStatPID = pgstat_start();
5244 :
5245 146 : ereport(LOG,
5246 : (errmsg("database system is ready to accept read only connections")));
5247 :
5248 : /* Report status */
5249 146 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
5250 : #ifdef USE_SYSTEMD
5251 : sd_notify(0, "READY=1");
5252 : #endif
5253 :
5254 146 : pmState = PM_HOT_STANDBY;
5255 : /* Some workers may be scheduled to start now */
5256 146 : StartWorkerNeeded = true;
5257 : }
5258 :
5259 2102 : if (StartWorkerNeeded || HaveCrashedWorker)
5260 1018 : maybe_start_bgworkers();
5261 :
5262 2102 : if (CheckPostmasterSignal(PMSIGNAL_WAKEN_ARCHIVER) &&
5263 38 : PgArchPID != 0)
5264 : {
5265 : /*
5266 : * Send SIGUSR1 to archiver process, to wake it up and begin archiving
5267 : * next WAL file.
5268 : */
5269 28 : signal_child(PgArchPID, SIGUSR1);
5270 : }
5271 :
5272 : /* Tell syslogger to rotate logfile if requested */
5273 2102 : if (SysLoggerPID != 0)
5274 : {
5275 2 : if (CheckLogrotateSignal())
5276 : {
5277 2 : signal_child(SysLoggerPID, SIGUSR1);
5278 2 : RemoveLogrotateSignalFiles();
5279 : }
5280 0 : else if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE))
5281 : {
5282 0 : signal_child(SysLoggerPID, SIGUSR1);
5283 : }
5284 : }
5285 :
5286 2102 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER) &&
5287 6 : Shutdown == NoShutdown)
5288 : {
5289 : /*
5290 : * Start one iteration of the autovacuum daemon, even if autovacuuming
5291 : * is nominally not enabled. This is so we can have an active defense
5292 : * against transaction ID wraparound. We set a flag for the main loop
5293 : * to do it rather than trying to do it here --- this is because the
5294 : * autovac process itself may send the signal, and we want to handle
5295 : * that by launching another iteration as soon as the current one
5296 : * completes.
5297 : */
5298 6 : start_autovac_launcher = true;
5299 : }
5300 :
5301 2102 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER) &&
5302 60 : Shutdown == NoShutdown)
5303 : {
5304 : /* The autovacuum launcher wants us to start a worker process. */
5305 60 : StartAutovacuumWorker();
5306 : }
5307 :
5308 2102 : if (CheckPostmasterSignal(PMSIGNAL_START_WALRECEIVER))
5309 : {
5310 : /* Startup Process wants us to start the walreceiver process. */
5311 : /* Start immediately if possible, else remember request for later. */
5312 252 : WalReceiverRequested = true;
5313 252 : MaybeStartWalReceiver();
5314 : }
5315 :
5316 : /*
5317 : * Try to advance postmaster's state machine, if a child requests it.
5318 : *
5319 : * Be careful about the order of this action relative to sigusr1_handler's
5320 : * other actions. Generally, this should be after other actions, in case
5321 : * they have effects PostmasterStateMachine would need to know about.
5322 : * However, we should do it before the CheckPromoteSignal step, which
5323 : * cannot have any (immediate) effect on the state machine, but does
5324 : * depend on what state we're in now.
5325 : */
5326 2102 : if (CheckPostmasterSignal(PMSIGNAL_ADVANCE_STATE_MACHINE))
5327 : {
5328 670 : PostmasterStateMachine();
5329 : }
5330 :
5331 2102 : if (StartupPID != 0 &&
5332 486 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
5333 948 : pmState == PM_HOT_STANDBY || pmState == PM_WAIT_READONLY) &&
5334 480 : CheckPromoteSignal())
5335 : {
5336 : /* Tell startup process to finish recovery */
5337 48 : signal_child(StartupPID, SIGUSR2);
5338 : }
5339 :
5340 : #ifdef WIN32
5341 : PG_SETMASK(&UnBlockSig);
5342 : #endif
5343 :
5344 2102 : errno = save_errno;
5345 2102 : }
5346 :
5347 : /*
5348 : * SIGTERM or SIGQUIT while processing startup packet.
5349 : * Clean up and exit(1).
5350 : *
5351 : * XXX: possible future improvement: try to send a message indicating
5352 : * why we are disconnecting. Problem is to be sure we don't block while
5353 : * doing so, nor mess up SSL initialization. In practice, if the client
5354 : * has wedged here, it probably couldn't do anything with the message anyway.
5355 : */
5356 : static void
5357 4 : startup_die(SIGNAL_ARGS)
5358 : {
5359 4 : proc_exit(1);
5360 : }
5361 :
5362 : /*
5363 : * Dummy signal handler
5364 : *
5365 : * We use this for signals that we don't actually use in the postmaster,
5366 : * but we do use in backends. If we were to SIG_IGN such signals in the
5367 : * postmaster, then a newly started backend might drop a signal that arrives
5368 : * before it's able to reconfigure its signal processing. (See notes in
5369 : * tcop/postgres.c.)
5370 : */
5371 : static void
5372 0 : dummy_handler(SIGNAL_ARGS)
5373 : {
5374 0 : }
5375 :
5376 : /*
5377 : * Timeout while processing startup packet.
5378 : * As for startup_die(), we clean up and exit(1).
5379 : */
5380 : static void
5381 0 : StartupPacketTimeoutHandler(void)
5382 : {
5383 0 : proc_exit(1);
5384 : }
5385 :
5386 :
5387 : /*
5388 : * Generate a random cancel key.
5389 : */
5390 : static bool
5391 10508 : RandomCancelKey(int32 *cancel_key)
5392 : {
5393 10508 : return pg_strong_random(cancel_key, sizeof(int32));
5394 : }
5395 :
5396 : /*
5397 : * Count up number of child processes of specified types (dead_end children
5398 : * are always excluded).
5399 : */
5400 : static int
5401 14206 : CountChildren(int target)
5402 : {
5403 : dlist_iter iter;
5404 14206 : int cnt = 0;
5405 :
5406 45934 : dlist_foreach(iter, &BackendList)
5407 : {
5408 31728 : Backend *bp = dlist_container(Backend, elem, iter.cur);
5409 :
5410 31728 : if (bp->dead_end)
5411 40 : continue;
5412 :
5413 : /*
5414 : * Since target == BACKEND_TYPE_ALL is the most common case, we test
5415 : * it first and avoid touching shared memory for every child.
5416 : */
5417 31688 : if (target != BACKEND_TYPE_ALL)
5418 : {
5419 : /*
5420 : * Assign bkend_type for any recently announced WAL Sender
5421 : * processes.
5422 : */
5423 3560 : if (bp->bkend_type == BACKEND_TYPE_NORMAL &&
5424 946 : IsPostmasterChildWalSender(bp->child_slot))
5425 44 : bp->bkend_type = BACKEND_TYPE_WALSND;
5426 :
5427 2614 : if (!(target & bp->bkend_type))
5428 264 : continue;
5429 : }
5430 :
5431 31424 : cnt++;
5432 : }
5433 14206 : return cnt;
5434 : }
5435 :
5436 :
5437 : /*
5438 : * StartChildProcess -- start an auxiliary process for the postmaster
5439 : *
5440 : * "type" determines what kind of child will be started. All child types
5441 : * initially go to AuxiliaryProcessMain, which will handle common setup.
5442 : *
5443 : * Return value of StartChildProcess is subprocess' PID, or 0 if failed
5444 : * to start subprocess.
5445 : */
5446 : static pid_t
5447 3024 : StartChildProcess(AuxProcType type)
5448 : {
5449 : pid_t pid;
5450 : char *av[10];
5451 3024 : int ac = 0;
5452 : char typebuf[32];
5453 :
5454 : /*
5455 : * Set up command-line arguments for subprocess
5456 : */
5457 3024 : av[ac++] = "postgres";
5458 :
5459 : #ifdef EXEC_BACKEND
5460 : av[ac++] = "--forkboot";
5461 : av[ac++] = NULL; /* filled in by postmaster_forkexec */
5462 : #endif
5463 :
5464 3024 : snprintf(typebuf, sizeof(typebuf), "-x%d", type);
5465 3024 : av[ac++] = typebuf;
5466 :
5467 3024 : av[ac] = NULL;
5468 : Assert(ac < lengthof(av));
5469 :
5470 : #ifdef EXEC_BACKEND
5471 : pid = postmaster_forkexec(ac, av);
5472 : #else /* !EXEC_BACKEND */
5473 3024 : pid = fork_process();
5474 :
5475 5060 : if (pid == 0) /* child */
5476 : {
5477 2036 : InitPostmasterChild();
5478 :
5479 : /* Close the postmaster's sockets */
5480 2036 : ClosePostmasterPorts(false);
5481 :
5482 : /* Release postmaster's working memory context */
5483 2036 : MemoryContextSwitchTo(TopMemoryContext);
5484 2036 : MemoryContextDelete(PostmasterContext);
5485 2036 : PostmasterContext = NULL;
5486 :
5487 2036 : AuxiliaryProcessMain(ac, av);
5488 : ExitPostmaster(0);
5489 : }
5490 : #endif /* EXEC_BACKEND */
5491 :
5492 3024 : if (pid < 0)
5493 : {
5494 : /* in parent, fork failed */
5495 0 : int save_errno = errno;
5496 :
5497 0 : errno = save_errno;
5498 0 : switch (type)
5499 : {
5500 0 : case StartupProcess:
5501 0 : ereport(LOG,
5502 : (errmsg("could not fork startup process: %m")));
5503 0 : break;
5504 0 : case BgWriterProcess:
5505 0 : ereport(LOG,
5506 : (errmsg("could not fork background writer process: %m")));
5507 0 : break;
5508 0 : case CheckpointerProcess:
5509 0 : ereport(LOG,
5510 : (errmsg("could not fork checkpointer process: %m")));
5511 0 : break;
5512 0 : case WalWriterProcess:
5513 0 : ereport(LOG,
5514 : (errmsg("could not fork WAL writer process: %m")));
5515 0 : break;
5516 0 : case WalReceiverProcess:
5517 0 : ereport(LOG,
5518 : (errmsg("could not fork WAL receiver process: %m")));
5519 0 : break;
5520 0 : default:
5521 0 : ereport(LOG,
5522 : (errmsg("could not fork process: %m")));
5523 0 : break;
5524 : }
5525 :
5526 : /*
5527 : * fork failure is fatal during startup, but there's no need to choke
5528 : * immediately if starting other child types fails.
5529 : */
5530 0 : if (type == StartupProcess)
5531 0 : ExitPostmaster(1);
5532 0 : return 0;
5533 : }
5534 :
5535 : /*
5536 : * in parent, successful fork
5537 : */
5538 3024 : return pid;
5539 : }
5540 :
5541 : /*
5542 : * StartAutovacuumWorker
5543 : * Start an autovac worker process.
5544 : *
5545 : * This function is here because it enters the resulting PID into the
5546 : * postmaster's private backends list.
5547 : *
5548 : * NB -- this code very roughly matches BackendStartup.
5549 : */
5550 : static void
5551 60 : StartAutovacuumWorker(void)
5552 : {
5553 : Backend *bn;
5554 :
5555 : /*
5556 : * If not in condition to run a process, don't try, but handle it like a
5557 : * fork failure. This does not normally happen, since the signal is only
5558 : * supposed to be sent by autovacuum launcher when it's OK to do it, but
5559 : * we have to check to avoid race-condition problems during DB state
5560 : * changes.
5561 : */
5562 60 : if (canAcceptConnections(BACKEND_TYPE_AUTOVAC) == CAC_OK)
5563 : {
5564 : /*
5565 : * Compute the cancel key that will be assigned to this session. We
5566 : * probably don't need cancel keys for autovac workers, but we'd
5567 : * better have something random in the field to prevent unfriendly
5568 : * people from sending cancels to them.
5569 : */
5570 60 : if (!RandomCancelKey(&MyCancelKey))
5571 : {
5572 0 : ereport(LOG,
5573 : (errcode(ERRCODE_INTERNAL_ERROR),
5574 : errmsg("could not generate random cancel key")));
5575 0 : return;
5576 : }
5577 :
5578 60 : bn = (Backend *) malloc(sizeof(Backend));
5579 60 : if (bn)
5580 : {
5581 60 : bn->cancel_key = MyCancelKey;
5582 :
5583 : /* Autovac workers are not dead_end and need a child slot */
5584 60 : bn->dead_end = false;
5585 60 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
5586 60 : bn->bgworker_notify = false;
5587 :
5588 60 : bn->pid = StartAutoVacWorker();
5589 60 : if (bn->pid > 0)
5590 : {
5591 60 : bn->bkend_type = BACKEND_TYPE_AUTOVAC;
5592 60 : dlist_push_head(&BackendList, &bn->elem);
5593 : #ifdef EXEC_BACKEND
5594 : ShmemBackendArrayAdd(bn);
5595 : #endif
5596 : /* all OK */
5597 60 : return;
5598 : }
5599 :
5600 : /*
5601 : * fork failed, fall through to report -- actual error message was
5602 : * logged by StartAutoVacWorker
5603 : */
5604 0 : (void) ReleasePostmasterChildSlot(bn->child_slot);
5605 0 : free(bn);
5606 : }
5607 : else
5608 0 : ereport(LOG,
5609 : (errcode(ERRCODE_OUT_OF_MEMORY),
5610 : errmsg("out of memory")));
5611 : }
5612 :
5613 : /*
5614 : * Report the failure to the launcher, if it's running. (If it's not, we
5615 : * might not even be connected to shared memory, so don't try to call
5616 : * AutoVacWorkerFailed.) Note that we also need to signal it so that it
5617 : * responds to the condition, but we don't do that here, instead waiting
5618 : * for ServerLoop to do it. This way we avoid a ping-pong signalling in
5619 : * quick succession between the autovac launcher and postmaster in case
5620 : * things get ugly.
5621 : */
5622 0 : if (AutoVacPID != 0)
5623 : {
5624 0 : AutoVacWorkerFailed();
5625 0 : avlauncher_needs_signal = true;
5626 : }
5627 : }
5628 :
5629 : /*
5630 : * MaybeStartWalReceiver
5631 : * Start the WAL receiver process, if not running and our state allows.
5632 : *
5633 : * Note: if WalReceiverPID is already nonzero, it might seem that we should
5634 : * clear WalReceiverRequested. However, there's a race condition if the
5635 : * walreceiver terminates and the startup process immediately requests a new
5636 : * one: it's quite possible to get the signal for the request before reaping
5637 : * the dead walreceiver process. Better to risk launching an extra
5638 : * walreceiver than to miss launching one we need. (The walreceiver code
5639 : * has logic to recognize that it should go away if not needed.)
5640 : */
5641 : static void
5642 468 : MaybeStartWalReceiver(void)
5643 : {
5644 468 : if (WalReceiverPID == 0 &&
5645 274 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
5646 268 : pmState == PM_HOT_STANDBY || pmState == PM_WAIT_READONLY) &&
5647 242 : Shutdown == NoShutdown)
5648 : {
5649 242 : WalReceiverPID = StartWalReceiver();
5650 242 : if (WalReceiverPID != 0)
5651 242 : WalReceiverRequested = false;
5652 : /* else leave the flag set, so we'll try again later */
5653 : }
5654 468 : }
5655 :
5656 :
5657 : /*
5658 : * Create the opts file
5659 : */
5660 : static bool
5661 716 : CreateOptsFile(int argc, char *argv[], char *fullprogname)
5662 : {
5663 : FILE *fp;
5664 : int i;
5665 :
5666 : #define OPTS_FILE "postmaster.opts"
5667 :
5668 716 : if ((fp = fopen(OPTS_FILE, "w")) == NULL)
5669 : {
5670 0 : elog(LOG, "could not create file \"%s\": %m", OPTS_FILE);
5671 0 : return false;
5672 : }
5673 :
5674 716 : fprintf(fp, "%s", fullprogname);
5675 3482 : for (i = 1; i < argc; i++)
5676 2766 : fprintf(fp, " \"%s\"", argv[i]);
5677 716 : fputs("\n", fp);
5678 :
5679 716 : if (fclose(fp))
5680 : {
5681 0 : elog(LOG, "could not write file \"%s\": %m", OPTS_FILE);
5682 0 : return false;
5683 : }
5684 :
5685 716 : return true;
5686 : }
5687 :
5688 :
5689 : /*
5690 : * MaxLivePostmasterChildren
5691 : *
5692 : * This reports the number of entries needed in per-child-process arrays
5693 : * (the PMChildFlags array, and if EXEC_BACKEND the ShmemBackendArray).
5694 : * These arrays include regular backends, autovac workers, walsenders
5695 : * and background workers, but not special children nor dead_end children.
5696 : * This allows the arrays to have a fixed maximum size, to wit the same
5697 : * too-many-children limit enforced by canAcceptConnections(). The exact value
5698 : * isn't too critical as long as it's more than MaxBackends.
5699 : */
5700 : int
5701 19150 : MaxLivePostmasterChildren(void)
5702 : {
5703 57450 : return 2 * (MaxConnections + autovacuum_max_workers + 1 +
5704 19150 : max_wal_senders + max_worker_processes);
5705 : }
5706 :
5707 : /*
5708 : * Connect background worker to a database.
5709 : */
5710 : void
5711 372 : BackgroundWorkerInitializeConnection(const char *dbname, const char *username, uint32 flags)
5712 : {
5713 372 : BackgroundWorker *worker = MyBgworkerEntry;
5714 :
5715 : /* XXX is this the right errcode? */
5716 372 : if (!(worker->bgw_flags & BGWORKER_BACKEND_DATABASE_CONNECTION))
5717 0 : ereport(FATAL,
5718 : (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
5719 : errmsg("database connection requirement not indicated during registration")));
5720 :
5721 372 : InitPostgres(dbname, InvalidOid, username, InvalidOid, NULL, (flags & BGWORKER_BYPASS_ALLOWCONN) != 0);
5722 :
5723 : /* it had better not gotten out of "init" mode yet */
5724 368 : if (!IsInitProcessingMode())
5725 0 : ereport(ERROR,
5726 : (errmsg("invalid processing mode in background worker")));
5727 368 : SetProcessingMode(NormalProcessing);
5728 368 : }
5729 :
5730 : /*
5731 : * Connect background worker to a database using OIDs.
5732 : */
5733 : void
5734 1728 : BackgroundWorkerInitializeConnectionByOid(Oid dboid, Oid useroid, uint32 flags)
5735 : {
5736 1728 : BackgroundWorker *worker = MyBgworkerEntry;
5737 :
5738 : /* XXX is this the right errcode? */
5739 1728 : if (!(worker->bgw_flags & BGWORKER_BACKEND_DATABASE_CONNECTION))
5740 0 : ereport(FATAL,
5741 : (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
5742 : errmsg("database connection requirement not indicated during registration")));
5743 :
5744 1728 : InitPostgres(NULL, dboid, NULL, useroid, NULL, (flags & BGWORKER_BYPASS_ALLOWCONN) != 0);
5745 :
5746 : /* it had better not gotten out of "init" mode yet */
5747 1728 : if (!IsInitProcessingMode())
5748 0 : ereport(ERROR,
5749 : (errmsg("invalid processing mode in background worker")));
5750 1728 : SetProcessingMode(NormalProcessing);
5751 1728 : }
5752 :
5753 : /*
5754 : * Block/unblock signals in a background worker
5755 : */
5756 : void
5757 0 : BackgroundWorkerBlockSignals(void)
5758 : {
5759 0 : PG_SETMASK(&BlockSig);
5760 0 : }
5761 :
5762 : void
5763 2114 : BackgroundWorkerUnblockSignals(void)
5764 : {
5765 2114 : PG_SETMASK(&UnBlockSig);
5766 2114 : }
5767 :
5768 : #ifdef EXEC_BACKEND
5769 : static pid_t
5770 : bgworker_forkexec(int shmem_slot)
5771 : {
5772 : char *av[10];
5773 : int ac = 0;
5774 : char forkav[MAXPGPATH];
5775 :
5776 : snprintf(forkav, MAXPGPATH, "--forkbgworker=%d", shmem_slot);
5777 :
5778 : av[ac++] = "postgres";
5779 : av[ac++] = forkav;
5780 : av[ac++] = NULL; /* filled in by postmaster_forkexec */
5781 : av[ac] = NULL;
5782 :
5783 : Assert(ac < lengthof(av));
5784 :
5785 : return postmaster_forkexec(ac, av);
5786 : }
5787 : #endif
5788 :
5789 : /*
5790 : * Start a new bgworker.
5791 : * Starting time conditions must have been checked already.
5792 : *
5793 : * Returns true on success, false on failure.
5794 : * In either case, update the RegisteredBgWorker's state appropriately.
5795 : *
5796 : * This code is heavily based on autovacuum.c, q.v.
5797 : */
5798 : static bool
5799 2370 : do_start_bgworker(RegisteredBgWorker *rw)
5800 : {
5801 : pid_t worker_pid;
5802 :
5803 : Assert(rw->rw_pid == 0);
5804 :
5805 : /*
5806 : * Allocate and assign the Backend element. Note we must do this before
5807 : * forking, so that we can handle failures (out of memory or child-process
5808 : * slots) cleanly.
5809 : *
5810 : * Treat failure as though the worker had crashed. That way, the
5811 : * postmaster will wait a bit before attempting to start it again; if we
5812 : * tried again right away, most likely we'd find ourselves hitting the
5813 : * same resource-exhaustion condition.
5814 : */
5815 2370 : if (!assign_backendlist_entry(rw))
5816 : {
5817 0 : rw->rw_crashed_at = GetCurrentTimestamp();
5818 0 : return false;
5819 : }
5820 :
5821 2370 : ereport(DEBUG1,
5822 : (errmsg("starting background worker process \"%s\"",
5823 : rw->rw_worker.bgw_name)));
5824 :
5825 : #ifdef EXEC_BACKEND
5826 : switch ((worker_pid = bgworker_forkexec(rw->rw_shmem_slot)))
5827 : #else
5828 2370 : switch ((worker_pid = fork_process()))
5829 : #endif
5830 : {
5831 0 : case -1:
5832 : /* in postmaster, fork failed ... */
5833 0 : ereport(LOG,
5834 : (errmsg("could not fork worker process: %m")));
5835 : /* undo what assign_backendlist_entry did */
5836 0 : ReleasePostmasterChildSlot(rw->rw_child_slot);
5837 0 : rw->rw_child_slot = 0;
5838 0 : free(rw->rw_backend);
5839 0 : rw->rw_backend = NULL;
5840 : /* mark entry as crashed, so we'll try again later */
5841 0 : rw->rw_crashed_at = GetCurrentTimestamp();
5842 0 : break;
5843 :
5844 : #ifndef EXEC_BACKEND
5845 2114 : case 0:
5846 : /* in postmaster child ... */
5847 2114 : InitPostmasterChild();
5848 :
5849 : /* Close the postmaster's sockets */
5850 2114 : ClosePostmasterPorts(false);
5851 :
5852 : /*
5853 : * Before blowing away PostmasterContext, save this bgworker's
5854 : * data where it can find it.
5855 : */
5856 2114 : MyBgworkerEntry = (BackgroundWorker *)
5857 2114 : MemoryContextAlloc(TopMemoryContext, sizeof(BackgroundWorker));
5858 2114 : memcpy(MyBgworkerEntry, &rw->rw_worker, sizeof(BackgroundWorker));
5859 :
5860 : /* Release postmaster's working memory context */
5861 2114 : MemoryContextSwitchTo(TopMemoryContext);
5862 2114 : MemoryContextDelete(PostmasterContext);
5863 2114 : PostmasterContext = NULL;
5864 :
5865 2114 : StartBackgroundWorker();
5866 :
5867 : exit(1); /* should not get here */
5868 : break;
5869 : #endif
5870 2366 : default:
5871 : /* in postmaster, fork successful ... */
5872 2366 : rw->rw_pid = worker_pid;
5873 2366 : rw->rw_backend->pid = rw->rw_pid;
5874 2366 : ReportBackgroundWorkerPID(rw);
5875 : /* add new worker to lists of backends */
5876 2366 : dlist_push_head(&BackendList, &rw->rw_backend->elem);
5877 : #ifdef EXEC_BACKEND
5878 : ShmemBackendArrayAdd(rw->rw_backend);
5879 : #endif
5880 2366 : return true;
5881 : }
5882 :
5883 0 : return false;
5884 : }
5885 :
5886 : /*
5887 : * Does the current postmaster state require starting a worker with the
5888 : * specified start_time?
5889 : */
5890 : static bool
5891 3236 : bgworker_should_start_now(BgWorkerStartTime start_time)
5892 : {
5893 3236 : switch (pmState)
5894 : {
5895 0 : case PM_NO_CHILDREN:
5896 : case PM_WAIT_DEAD_END:
5897 : case PM_SHUTDOWN_2:
5898 : case PM_SHUTDOWN:
5899 : case PM_WAIT_BACKENDS:
5900 : case PM_WAIT_READONLY:
5901 : case PM_WAIT_BACKUP:
5902 0 : break;
5903 :
5904 2370 : case PM_RUN:
5905 2370 : if (start_time == BgWorkerStart_RecoveryFinished)
5906 788 : return true;
5907 : /* fall through */
5908 :
5909 : case PM_HOT_STANDBY:
5910 1728 : if (start_time == BgWorkerStart_ConsistentState)
5911 1582 : return true;
5912 : /* fall through */
5913 :
5914 : case PM_RECOVERY:
5915 : case PM_STARTUP:
5916 : case PM_INIT:
5917 866 : if (start_time == BgWorkerStart_PostmasterStart)
5918 0 : return true;
5919 : /* fall through */
5920 :
5921 : }
5922 :
5923 866 : return false;
5924 : }
5925 :
5926 : /*
5927 : * Allocate the Backend struct for a connected background worker, but don't
5928 : * add it to the list of backends just yet.
5929 : *
5930 : * On failure, return false without changing any worker state.
5931 : *
5932 : * Some info from the Backend is copied into the passed rw.
5933 : */
5934 : static bool
5935 2370 : assign_backendlist_entry(RegisteredBgWorker *rw)
5936 : {
5937 : Backend *bn;
5938 :
5939 : /*
5940 : * Check that database state allows another connection. Currently the
5941 : * only possible failure is CAC_TOOMANY, so we just log an error message
5942 : * based on that rather than checking the error code precisely.
5943 : */
5944 2370 : if (canAcceptConnections(BACKEND_TYPE_BGWORKER) != CAC_OK)
5945 : {
5946 0 : ereport(LOG,
5947 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
5948 : errmsg("no slot available for new worker process")));
5949 0 : return false;
5950 : }
5951 :
5952 : /*
5953 : * Compute the cancel key that will be assigned to this session. We
5954 : * probably don't need cancel keys for background workers, but we'd better
5955 : * have something random in the field to prevent unfriendly people from
5956 : * sending cancels to them.
5957 : */
5958 2370 : if (!RandomCancelKey(&MyCancelKey))
5959 : {
5960 0 : ereport(LOG,
5961 : (errcode(ERRCODE_INTERNAL_ERROR),
5962 : errmsg("could not generate random cancel key")));
5963 0 : return false;
5964 : }
5965 :
5966 2370 : bn = malloc(sizeof(Backend));
5967 2370 : if (bn == NULL)
5968 : {
5969 0 : ereport(LOG,
5970 : (errcode(ERRCODE_OUT_OF_MEMORY),
5971 : errmsg("out of memory")));
5972 0 : return false;
5973 : }
5974 :
5975 2370 : bn->cancel_key = MyCancelKey;
5976 2370 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
5977 2370 : bn->bkend_type = BACKEND_TYPE_BGWORKER;
5978 2370 : bn->dead_end = false;
5979 2370 : bn->bgworker_notify = false;
5980 :
5981 2370 : rw->rw_backend = bn;
5982 2370 : rw->rw_child_slot = bn->child_slot;
5983 :
5984 2370 : return true;
5985 : }
5986 :
5987 : /*
5988 : * If the time is right, start background worker(s).
5989 : *
5990 : * As a side effect, the bgworker control variables are set or reset
5991 : * depending on whether more workers may need to be started.
5992 : *
5993 : * We limit the number of workers started per call, to avoid consuming the
5994 : * postmaster's attention for too long when many such requests are pending.
5995 : * As long as StartWorkerNeeded is true, ServerLoop will not block and will
5996 : * call this function again after dealing with any other issues.
5997 : */
5998 : static void
5999 5862 : maybe_start_bgworkers(void)
6000 : {
6001 : #define MAX_BGWORKERS_TO_LAUNCH 100
6002 5862 : int num_launched = 0;
6003 5862 : TimestampTz now = 0;
6004 : slist_mutable_iter iter;
6005 :
6006 : /*
6007 : * During crash recovery, we have no need to be called until the state
6008 : * transition out of recovery.
6009 : */
6010 5862 : if (FatalError)
6011 : {
6012 4 : StartWorkerNeeded = false;
6013 4 : HaveCrashedWorker = false;
6014 4 : return;
6015 : }
6016 :
6017 : /* Don't need to be called again unless we find a reason for it below */
6018 5858 : StartWorkerNeeded = false;
6019 5858 : HaveCrashedWorker = false;
6020 :
6021 15640 : slist_foreach_modify(iter, &BackgroundWorkerList)
6022 : {
6023 : RegisteredBgWorker *rw;
6024 :
6025 9786 : rw = slist_container(RegisteredBgWorker, rw_lnode, iter.cur);
6026 :
6027 : /* ignore if already running */
6028 9786 : if (rw->rw_pid != 0)
6029 4620 : continue;
6030 :
6031 : /* if marked for death, clean up and remove from list */
6032 5166 : if (rw->rw_terminate)
6033 : {
6034 0 : ForgetBackgroundWorker(&iter);
6035 0 : continue;
6036 : }
6037 :
6038 : /*
6039 : * If this worker has crashed previously, maybe it needs to be
6040 : * restarted (unless on registration it specified it doesn't want to
6041 : * be restarted at all). Check how long ago did a crash last happen.
6042 : * If the last crash is too recent, don't start it right away; let it
6043 : * be restarted once enough time has passed.
6044 : */
6045 5166 : if (rw->rw_crashed_at != 0)
6046 : {
6047 1930 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
6048 : {
6049 : int notify_pid;
6050 :
6051 0 : notify_pid = rw->rw_worker.bgw_notify_pid;
6052 :
6053 0 : ForgetBackgroundWorker(&iter);
6054 :
6055 : /* Report worker is gone now. */
6056 0 : if (notify_pid != 0)
6057 0 : kill(notify_pid, SIGUSR1);
6058 :
6059 0 : continue;
6060 : }
6061 :
6062 : /* read system time only when needed */
6063 1930 : if (now == 0)
6064 1930 : now = GetCurrentTimestamp();
6065 :
6066 1930 : if (!TimestampDifferenceExceeds(rw->rw_crashed_at, now,
6067 1930 : rw->rw_worker.bgw_restart_time * 1000))
6068 : {
6069 : /* Set flag to remember that we have workers to start later */
6070 1930 : HaveCrashedWorker = true;
6071 1930 : continue;
6072 : }
6073 : }
6074 :
6075 3236 : if (bgworker_should_start_now(rw->rw_worker.bgw_start_time))
6076 : {
6077 : /* reset crash time before trying to start worker */
6078 2370 : rw->rw_crashed_at = 0;
6079 :
6080 : /*
6081 : * Try to start the worker.
6082 : *
6083 : * On failure, give up processing workers for now, but set
6084 : * StartWorkerNeeded so we'll come back here on the next iteration
6085 : * of ServerLoop to try again. (We don't want to wait, because
6086 : * there might be additional ready-to-run workers.) We could set
6087 : * HaveCrashedWorker as well, since this worker is now marked
6088 : * crashed, but there's no need because the next run of this
6089 : * function will do that.
6090 : */
6091 2370 : if (!do_start_bgworker(rw))
6092 : {
6093 0 : StartWorkerNeeded = true;
6094 0 : return;
6095 : }
6096 :
6097 : /*
6098 : * If we've launched as many workers as allowed, quit, but have
6099 : * ServerLoop call us again to look for additional ready-to-run
6100 : * workers. There might not be any, but we'll find out the next
6101 : * time we run.
6102 : */
6103 2366 : if (++num_launched >= MAX_BGWORKERS_TO_LAUNCH)
6104 : {
6105 0 : StartWorkerNeeded = true;
6106 0 : return;
6107 : }
6108 : }
6109 : }
6110 : }
6111 :
6112 : /*
6113 : * When a backend asks to be notified about worker state changes, we
6114 : * set a flag in its backend entry. The background worker machinery needs
6115 : * to know when such backends exit.
6116 : */
6117 : bool
6118 1744 : PostmasterMarkPIDForWorkerNotify(int pid)
6119 : {
6120 : dlist_iter iter;
6121 : Backend *bp;
6122 :
6123 3160 : dlist_foreach(iter, &BackendList)
6124 : {
6125 3160 : bp = dlist_container(Backend, elem, iter.cur);
6126 3160 : if (bp->pid == pid)
6127 : {
6128 1744 : bp->bgworker_notify = true;
6129 1744 : return true;
6130 : }
6131 : }
6132 0 : return false;
6133 : }
6134 :
6135 : #ifdef EXEC_BACKEND
6136 :
6137 : /*
6138 : * The following need to be available to the save/restore_backend_variables
6139 : * functions. They are marked NON_EXEC_STATIC in their home modules.
6140 : */
6141 : extern slock_t *ShmemLock;
6142 : extern slock_t *ProcStructLock;
6143 : extern PGPROC *AuxiliaryProcs;
6144 : extern PMSignalData *PMSignalState;
6145 : extern pgsocket pgStatSock;
6146 : extern pg_time_t first_syslogger_file_time;
6147 :
6148 : #ifndef WIN32
6149 : #define write_inheritable_socket(dest, src, childpid) ((*(dest) = (src)), true)
6150 : #define read_inheritable_socket(dest, src) (*(dest) = *(src))
6151 : #else
6152 : static bool write_duplicated_handle(HANDLE *dest, HANDLE src, HANDLE child);
6153 : static bool write_inheritable_socket(InheritableSocket *dest, SOCKET src,
6154 : pid_t childPid);
6155 : static void read_inheritable_socket(SOCKET *dest, InheritableSocket *src);
6156 : #endif
6157 :
6158 :
6159 : /* Save critical backend variables into the BackendParameters struct */
6160 : #ifndef WIN32
6161 : static bool
6162 : save_backend_variables(BackendParameters *param, Port *port)
6163 : #else
6164 : static bool
6165 : save_backend_variables(BackendParameters *param, Port *port,
6166 : HANDLE childProcess, pid_t childPid)
6167 : #endif
6168 : {
6169 : memcpy(¶m->port, port, sizeof(Port));
6170 : if (!write_inheritable_socket(¶m->portsocket, port->sock, childPid))
6171 : return false;
6172 :
6173 : strlcpy(param->DataDir, DataDir, MAXPGPATH);
6174 :
6175 : memcpy(¶m->ListenSocket, &ListenSocket, sizeof(ListenSocket));
6176 :
6177 : param->MyCancelKey = MyCancelKey;
6178 : param->MyPMChildSlot = MyPMChildSlot;
6179 :
6180 : #ifdef WIN32
6181 : param->ShmemProtectiveRegion = ShmemProtectiveRegion;
6182 : #endif
6183 : param->UsedShmemSegID = UsedShmemSegID;
6184 : param->UsedShmemSegAddr = UsedShmemSegAddr;
6185 :
6186 : param->ShmemLock = ShmemLock;
6187 : param->ShmemVariableCache = ShmemVariableCache;
6188 : param->ShmemBackendArray = ShmemBackendArray;
6189 :
6190 : #ifndef HAVE_SPINLOCKS
6191 : param->SpinlockSemaArray = SpinlockSemaArray;
6192 : #endif
6193 : param->NamedLWLockTrancheRequests = NamedLWLockTrancheRequests;
6194 : param->NamedLWLockTrancheArray = NamedLWLockTrancheArray;
6195 : param->MainLWLockArray = MainLWLockArray;
6196 : param->ProcStructLock = ProcStructLock;
6197 : param->ProcGlobal = ProcGlobal;
6198 : param->AuxiliaryProcs = AuxiliaryProcs;
6199 : param->PreparedXactProcs = PreparedXactProcs;
6200 : param->PMSignalState = PMSignalState;
6201 : if (!write_inheritable_socket(¶m->pgStatSock, pgStatSock, childPid))
6202 : return false;
6203 :
6204 : param->PostmasterPid = PostmasterPid;
6205 : param->PgStartTime = PgStartTime;
6206 : param->PgReloadTime = PgReloadTime;
6207 : param->first_syslogger_file_time = first_syslogger_file_time;
6208 :
6209 : param->redirection_done = redirection_done;
6210 : param->IsBinaryUpgrade = IsBinaryUpgrade;
6211 : param->max_safe_fds = max_safe_fds;
6212 :
6213 : param->MaxBackends = MaxBackends;
6214 :
6215 : #ifdef WIN32
6216 : param->PostmasterHandle = PostmasterHandle;
6217 : if (!write_duplicated_handle(¶m->initial_signal_pipe,
6218 : pgwin32_create_signal_listener(childPid),
6219 : childProcess))
6220 : return false;
6221 : #else
6222 : memcpy(¶m->postmaster_alive_fds, &postmaster_alive_fds,
6223 : sizeof(postmaster_alive_fds));
6224 : #endif
6225 :
6226 : memcpy(¶m->syslogPipe, &syslogPipe, sizeof(syslogPipe));
6227 :
6228 : strlcpy(param->my_exec_path, my_exec_path, MAXPGPATH);
6229 :
6230 : strlcpy(param->pkglib_path, pkglib_path, MAXPGPATH);
6231 :
6232 : strlcpy(param->ExtraOptions, ExtraOptions, MAXPGPATH);
6233 :
6234 : return true;
6235 : }
6236 :
6237 :
6238 : #ifdef WIN32
6239 : /*
6240 : * Duplicate a handle for usage in a child process, and write the child
6241 : * process instance of the handle to the parameter file.
6242 : */
6243 : static bool
6244 : write_duplicated_handle(HANDLE *dest, HANDLE src, HANDLE childProcess)
6245 : {
6246 : HANDLE hChild = INVALID_HANDLE_VALUE;
6247 :
6248 : if (!DuplicateHandle(GetCurrentProcess(),
6249 : src,
6250 : childProcess,
6251 : &hChild,
6252 : 0,
6253 : TRUE,
6254 : DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS))
6255 : {
6256 : ereport(LOG,
6257 : (errmsg_internal("could not duplicate handle to be written to backend parameter file: error code %lu",
6258 : GetLastError())));
6259 : return false;
6260 : }
6261 :
6262 : *dest = hChild;
6263 : return true;
6264 : }
6265 :
6266 : /*
6267 : * Duplicate a socket for usage in a child process, and write the resulting
6268 : * structure to the parameter file.
6269 : * This is required because a number of LSPs (Layered Service Providers) very
6270 : * common on Windows (antivirus, firewalls, download managers etc) break
6271 : * straight socket inheritance.
6272 : */
6273 : static bool
6274 : write_inheritable_socket(InheritableSocket *dest, SOCKET src, pid_t childpid)
6275 : {
6276 : dest->origsocket = src;
6277 : if (src != 0 && src != PGINVALID_SOCKET)
6278 : {
6279 : /* Actual socket */
6280 : if (WSADuplicateSocket(src, childpid, &dest->wsainfo) != 0)
6281 : {
6282 : ereport(LOG,
6283 : (errmsg("could not duplicate socket %d for use in backend: error code %d",
6284 : (int) src, WSAGetLastError())));
6285 : return false;
6286 : }
6287 : }
6288 : return true;
6289 : }
6290 :
6291 : /*
6292 : * Read a duplicate socket structure back, and get the socket descriptor.
6293 : */
6294 : static void
6295 : read_inheritable_socket(SOCKET *dest, InheritableSocket *src)
6296 : {
6297 : SOCKET s;
6298 :
6299 : if (src->origsocket == PGINVALID_SOCKET || src->origsocket == 0)
6300 : {
6301 : /* Not a real socket! */
6302 : *dest = src->origsocket;
6303 : }
6304 : else
6305 : {
6306 : /* Actual socket, so create from structure */
6307 : s = WSASocket(FROM_PROTOCOL_INFO,
6308 : FROM_PROTOCOL_INFO,
6309 : FROM_PROTOCOL_INFO,
6310 : &src->wsainfo,
6311 : 0,
6312 : 0);
6313 : if (s == INVALID_SOCKET)
6314 : {
6315 : write_stderr("could not create inherited socket: error code %d\n",
6316 : WSAGetLastError());
6317 : exit(1);
6318 : }
6319 : *dest = s;
6320 :
6321 : /*
6322 : * To make sure we don't get two references to the same socket, close
6323 : * the original one. (This would happen when inheritance actually
6324 : * works..
6325 : */
6326 : closesocket(src->origsocket);
6327 : }
6328 : }
6329 : #endif
6330 :
6331 : static void
6332 : read_backend_variables(char *id, Port *port)
6333 : {
6334 : BackendParameters param;
6335 :
6336 : #ifndef WIN32
6337 : /* Non-win32 implementation reads from file */
6338 : FILE *fp;
6339 :
6340 : /* Open file */
6341 : fp = AllocateFile(id, PG_BINARY_R);
6342 : if (!fp)
6343 : {
6344 : write_stderr("could not open backend variables file \"%s\": %s\n",
6345 : id, strerror(errno));
6346 : exit(1);
6347 : }
6348 :
6349 : if (fread(¶m, sizeof(param), 1, fp) != 1)
6350 : {
6351 : write_stderr("could not read from backend variables file \"%s\": %s\n",
6352 : id, strerror(errno));
6353 : exit(1);
6354 : }
6355 :
6356 : /* Release file */
6357 : FreeFile(fp);
6358 : if (unlink(id) != 0)
6359 : {
6360 : write_stderr("could not remove file \"%s\": %s\n",
6361 : id, strerror(errno));
6362 : exit(1);
6363 : }
6364 : #else
6365 : /* Win32 version uses mapped file */
6366 : HANDLE paramHandle;
6367 : BackendParameters *paramp;
6368 :
6369 : #ifdef _WIN64
6370 : paramHandle = (HANDLE) _atoi64(id);
6371 : #else
6372 : paramHandle = (HANDLE) atol(id);
6373 : #endif
6374 : paramp = MapViewOfFile(paramHandle, FILE_MAP_READ, 0, 0, 0);
6375 : if (!paramp)
6376 : {
6377 : write_stderr("could not map view of backend variables: error code %lu\n",
6378 : GetLastError());
6379 : exit(1);
6380 : }
6381 :
6382 : memcpy(¶m, paramp, sizeof(BackendParameters));
6383 :
6384 : if (!UnmapViewOfFile(paramp))
6385 : {
6386 : write_stderr("could not unmap view of backend variables: error code %lu\n",
6387 : GetLastError());
6388 : exit(1);
6389 : }
6390 :
6391 : if (!CloseHandle(paramHandle))
6392 : {
6393 : write_stderr("could not close handle to backend parameter variables: error code %lu\n",
6394 : GetLastError());
6395 : exit(1);
6396 : }
6397 : #endif
6398 :
6399 : restore_backend_variables(¶m, port);
6400 : }
6401 :
6402 : /* Restore critical backend variables from the BackendParameters struct */
6403 : static void
6404 : restore_backend_variables(BackendParameters *param, Port *port)
6405 : {
6406 : memcpy(port, ¶m->port, sizeof(Port));
6407 : read_inheritable_socket(&port->sock, ¶m->portsocket);
6408 :
6409 : SetDataDir(param->DataDir);
6410 :
6411 : memcpy(&ListenSocket, ¶m->ListenSocket, sizeof(ListenSocket));
6412 :
6413 : MyCancelKey = param->MyCancelKey;
6414 : MyPMChildSlot = param->MyPMChildSlot;
6415 :
6416 : #ifdef WIN32
6417 : ShmemProtectiveRegion = param->ShmemProtectiveRegion;
6418 : #endif
6419 : UsedShmemSegID = param->UsedShmemSegID;
6420 : UsedShmemSegAddr = param->UsedShmemSegAddr;
6421 :
6422 : ShmemLock = param->ShmemLock;
6423 : ShmemVariableCache = param->ShmemVariableCache;
6424 : ShmemBackendArray = param->ShmemBackendArray;
6425 :
6426 : #ifndef HAVE_SPINLOCKS
6427 : SpinlockSemaArray = param->SpinlockSemaArray;
6428 : #endif
6429 : NamedLWLockTrancheRequests = param->NamedLWLockTrancheRequests;
6430 : NamedLWLockTrancheArray = param->NamedLWLockTrancheArray;
6431 : MainLWLockArray = param->MainLWLockArray;
6432 : ProcStructLock = param->ProcStructLock;
6433 : ProcGlobal = param->ProcGlobal;
6434 : AuxiliaryProcs = param->AuxiliaryProcs;
6435 : PreparedXactProcs = param->PreparedXactProcs;
6436 : PMSignalState = param->PMSignalState;
6437 : read_inheritable_socket(&pgStatSock, ¶m->pgStatSock);
6438 :
6439 : PostmasterPid = param->PostmasterPid;
6440 : PgStartTime = param->PgStartTime;
6441 : PgReloadTime = param->PgReloadTime;
6442 : first_syslogger_file_time = param->first_syslogger_file_time;
6443 :
6444 : redirection_done = param->redirection_done;
6445 : IsBinaryUpgrade = param->IsBinaryUpgrade;
6446 : max_safe_fds = param->max_safe_fds;
6447 :
6448 : MaxBackends = param->MaxBackends;
6449 :
6450 : #ifdef WIN32
6451 : PostmasterHandle = param->PostmasterHandle;
6452 : pgwin32_initial_signal_pipe = param->initial_signal_pipe;
6453 : #else
6454 : memcpy(&postmaster_alive_fds, ¶m->postmaster_alive_fds,
6455 : sizeof(postmaster_alive_fds));
6456 : #endif
6457 :
6458 : memcpy(&syslogPipe, ¶m->syslogPipe, sizeof(syslogPipe));
6459 :
6460 : strlcpy(my_exec_path, param->my_exec_path, MAXPGPATH);
6461 :
6462 : strlcpy(pkglib_path, param->pkglib_path, MAXPGPATH);
6463 :
6464 : strlcpy(ExtraOptions, param->ExtraOptions, MAXPGPATH);
6465 :
6466 : /*
6467 : * We need to restore fd.c's counts of externally-opened FDs; to avoid
6468 : * confusion, be sure to do this after restoring max_safe_fds. (Note:
6469 : * BackendInitialize will handle this for port->sock.)
6470 : */
6471 : #ifndef WIN32
6472 : if (postmaster_alive_fds[0] >= 0)
6473 : ReserveExternalFD();
6474 : if (postmaster_alive_fds[1] >= 0)
6475 : ReserveExternalFD();
6476 : #endif
6477 : if (pgStatSock != PGINVALID_SOCKET)
6478 : ReserveExternalFD();
6479 : }
6480 :
6481 :
6482 : Size
6483 : ShmemBackendArraySize(void)
6484 : {
6485 : return mul_size(MaxLivePostmasterChildren(), sizeof(Backend));
6486 : }
6487 :
6488 : void
6489 : ShmemBackendArrayAllocation(void)
6490 : {
6491 : Size size = ShmemBackendArraySize();
6492 :
6493 : ShmemBackendArray = (Backend *) ShmemAlloc(size);
6494 : /* Mark all slots as empty */
6495 : memset(ShmemBackendArray, 0, size);
6496 : }
6497 :
6498 : static void
6499 : ShmemBackendArrayAdd(Backend *bn)
6500 : {
6501 : /* The array slot corresponding to my PMChildSlot should be free */
6502 : int i = bn->child_slot - 1;
6503 :
6504 : Assert(ShmemBackendArray[i].pid == 0);
6505 : ShmemBackendArray[i] = *bn;
6506 : }
6507 :
6508 : static void
6509 : ShmemBackendArrayRemove(Backend *bn)
6510 : {
6511 : int i = bn->child_slot - 1;
6512 :
6513 : Assert(ShmemBackendArray[i].pid == bn->pid);
6514 : /* Mark the slot as empty */
6515 : ShmemBackendArray[i].pid = 0;
6516 : }
6517 : #endif /* EXEC_BACKEND */
6518 :
6519 :
6520 : #ifdef WIN32
6521 :
6522 : /*
6523 : * Subset implementation of waitpid() for Windows. We assume pid is -1
6524 : * (that is, check all child processes) and options is WNOHANG (don't wait).
6525 : */
6526 : static pid_t
6527 : waitpid(pid_t pid, int *exitstatus, int options)
6528 : {
6529 : DWORD dwd;
6530 : ULONG_PTR key;
6531 : OVERLAPPED *ovl;
6532 :
6533 : /*
6534 : * Check if there are any dead children. If there are, return the pid of
6535 : * the first one that died.
6536 : */
6537 : if (GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
6538 : {
6539 : *exitstatus = (int) key;
6540 : return dwd;
6541 : }
6542 :
6543 : return -1;
6544 : }
6545 :
6546 : /*
6547 : * Note! Code below executes on a thread pool! All operations must
6548 : * be thread safe! Note that elog() and friends must *not* be used.
6549 : */
6550 : static void WINAPI
6551 : pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
6552 : {
6553 : win32_deadchild_waitinfo *childinfo = (win32_deadchild_waitinfo *) lpParameter;
6554 : DWORD exitcode;
6555 :
6556 : if (TimerOrWaitFired)
6557 : return; /* timeout. Should never happen, since we use
6558 : * INFINITE as timeout value. */
6559 :
6560 : /*
6561 : * Remove handle from wait - required even though it's set to wait only
6562 : * once
6563 : */
6564 : UnregisterWaitEx(childinfo->waitHandle, NULL);
6565 :
6566 : if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
6567 : {
6568 : /*
6569 : * Should never happen. Inform user and set a fixed exitcode.
6570 : */
6571 : write_stderr("could not read exit code for process\n");
6572 : exitcode = 255;
6573 : }
6574 :
6575 : if (!PostQueuedCompletionStatus(win32ChildQueue, childinfo->procId, (ULONG_PTR) exitcode, NULL))
6576 : write_stderr("could not post child completion status\n");
6577 :
6578 : /*
6579 : * Handle is per-process, so we close it here instead of in the
6580 : * originating thread
6581 : */
6582 : CloseHandle(childinfo->procHandle);
6583 :
6584 : /*
6585 : * Free struct that was allocated before the call to
6586 : * RegisterWaitForSingleObject()
6587 : */
6588 : free(childinfo);
6589 :
6590 : /* Queue SIGCHLD signal */
6591 : pg_queue_signal(SIGCHLD);
6592 : }
6593 : #endif /* WIN32 */
6594 :
6595 : /*
6596 : * Initialize one and only handle for monitoring postmaster death.
6597 : *
6598 : * Called once in the postmaster, so that child processes can subsequently
6599 : * monitor if their parent is dead.
6600 : */
6601 : static void
6602 716 : InitPostmasterDeathWatchHandle(void)
6603 : {
6604 : #ifndef WIN32
6605 :
6606 : /*
6607 : * Create a pipe. Postmaster holds the write end of the pipe open
6608 : * (POSTMASTER_FD_OWN), and children hold the read end. Children can pass
6609 : * the read file descriptor to select() to wake up in case postmaster
6610 : * dies, or check for postmaster death with a (read() == 0). Children must
6611 : * close the write end as soon as possible after forking, because EOF
6612 : * won't be signaled in the read end until all processes have closed the
6613 : * write fd. That is taken care of in ClosePostmasterPorts().
6614 : */
6615 : Assert(MyProcPid == PostmasterPid);
6616 716 : if (pipe(postmaster_alive_fds) < 0)
6617 0 : ereport(FATAL,
6618 : (errcode_for_file_access(),
6619 : errmsg_internal("could not create pipe to monitor postmaster death: %m")));
6620 :
6621 : /* Notify fd.c that we've eaten two FDs for the pipe. */
6622 716 : ReserveExternalFD();
6623 716 : ReserveExternalFD();
6624 :
6625 : /*
6626 : * Set O_NONBLOCK to allow testing for the fd's presence with a read()
6627 : * call.
6628 : */
6629 716 : if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFL, O_NONBLOCK) == -1)
6630 0 : ereport(FATAL,
6631 : (errcode_for_socket_access(),
6632 : errmsg_internal("could not set postmaster death monitoring pipe to nonblocking mode: %m")));
6633 : #else
6634 :
6635 : /*
6636 : * On Windows, we use a process handle for the same purpose.
6637 : */
6638 : if (DuplicateHandle(GetCurrentProcess(),
6639 : GetCurrentProcess(),
6640 : GetCurrentProcess(),
6641 : &PostmasterHandle,
6642 : 0,
6643 : TRUE,
6644 : DUPLICATE_SAME_ACCESS) == 0)
6645 : ereport(FATAL,
6646 : (errmsg_internal("could not duplicate postmaster handle: error code %lu",
6647 : GetLastError())));
6648 : #endif /* WIN32 */
6649 716 : }
|
