LCOV - code coverage report
Current view: top level - src/backend/postmaster - postmaster.c (source / functions) Hit Total Coverage
Test: PostgreSQL 17devel Lines: 1090 1460 74.7 %
Date: 2023-12-11 15:11:28 Functions: 51 58 87.9 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * postmaster.c
       4             :  *    This program acts as a clearing house for requests to the
       5             :  *    POSTGRES system.  Frontend programs send a startup message
       6             :  *    to the Postmaster and the postmaster uses the info in the
       7             :  *    message to setup a backend process.
       8             :  *
       9             :  *    The postmaster also manages system-wide operations such as
      10             :  *    startup and shutdown. The postmaster itself doesn't do those
      11             :  *    operations, mind you --- it just forks off a subprocess to do them
      12             :  *    at the right times.  It also takes care of resetting the system
      13             :  *    if a backend crashes.
      14             :  *
      15             :  *    The postmaster process creates the shared memory and semaphore
      16             :  *    pools during startup, but as a rule does not touch them itself.
      17             :  *    In particular, it is not a member of the PGPROC array of backends
      18             :  *    and so it cannot participate in lock-manager operations.  Keeping
      19             :  *    the postmaster away from shared memory operations makes it simpler
      20             :  *    and more reliable.  The postmaster is almost always able to recover
      21             :  *    from crashes of individual backends by resetting shared memory;
      22             :  *    if it did much with shared memory then it would be prone to crashing
      23             :  *    along with the backends.
      24             :  *
      25             :  *    When a request message is received, we now fork() immediately.
      26             :  *    The child process performs authentication of the request, and
      27             :  *    then becomes a backend if successful.  This allows the auth code
      28             :  *    to be written in a simple single-threaded style (as opposed to the
      29             :  *    crufty "poor man's multitasking" code that used to be needed).
      30             :  *    More importantly, it ensures that blockages in non-multithreaded
      31             :  *    libraries like SSL or PAM cannot cause denial of service to other
      32             :  *    clients.
      33             :  *
      34             :  *
      35             :  * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
      36             :  * Portions Copyright (c) 1994, Regents of the University of California
      37             :  *
      38             :  *
      39             :  * IDENTIFICATION
      40             :  *    src/backend/postmaster/postmaster.c
      41             :  *
      42             :  * NOTES
      43             :  *
      44             :  * Initialization:
      45             :  *      The Postmaster sets up shared memory data structures
      46             :  *      for the backends.
      47             :  *
      48             :  * Synchronization:
      49             :  *      The Postmaster shares memory with the backends but should avoid
      50             :  *      touching shared memory, so as not to become stuck if a crashing
      51             :  *      backend screws up locks or shared memory.  Likewise, the Postmaster
      52             :  *      should never block on messages from frontend clients.
      53             :  *
      54             :  * Garbage Collection:
      55             :  *      The Postmaster cleans up after backends if they have an emergency
      56             :  *      exit and/or core dump.
      57             :  *
      58             :  * Error Reporting:
      59             :  *      Use write_stderr() only for reporting "interactive" errors
      60             :  *      (essentially, bogus arguments on the command line).  Once the
      61             :  *      postmaster is launched, use ereport().
      62             :  *
      63             :  *-------------------------------------------------------------------------
      64             :  */
      65             : 
      66             : #include "postgres.h"
      67             : 
      68             : #include <unistd.h>
      69             : #include <signal.h>
      70             : #include <time.h>
      71             : #include <sys/wait.h>
      72             : #include <ctype.h>
      73             : #include <sys/stat.h>
      74             : #include <sys/socket.h>
      75             : #include <fcntl.h>
      76             : #include <sys/param.h>
      77             : #include <netdb.h>
      78             : #include <limits.h>
      79             : 
      80             : #ifdef USE_BONJOUR
      81             : #include <dns_sd.h>
      82             : #endif
      83             : 
      84             : #ifdef USE_SYSTEMD
      85             : #include <systemd/sd-daemon.h>
      86             : #endif
      87             : 
      88             : #ifdef HAVE_PTHREAD_IS_THREADED_NP
      89             : #include <pthread.h>
      90             : #endif
      91             : 
      92             : #include "access/xlog.h"
      93             : #include "access/xlogrecovery.h"
      94             : #include "catalog/pg_control.h"
      95             : #include "common/file_perm.h"
      96             : #include "common/file_utils.h"
      97             : #include "common/ip.h"
      98             : #include "common/pg_prng.h"
      99             : #include "common/string.h"
     100             : #include "lib/ilist.h"
     101             : #include "libpq/auth.h"
     102             : #include "libpq/libpq.h"
     103             : #include "libpq/pqformat.h"
     104             : #include "libpq/pqsignal.h"
     105             : #include "nodes/queryjumble.h"
     106             : #include "pg_getopt.h"
     107             : #include "pgstat.h"
     108             : #include "port/pg_bswap.h"
     109             : #include "postmaster/autovacuum.h"
     110             : #include "postmaster/auxprocess.h"
     111             : #include "postmaster/bgworker_internals.h"
     112             : #include "postmaster/fork_process.h"
     113             : #include "postmaster/pgarch.h"
     114             : #include "postmaster/postmaster.h"
     115             : #include "postmaster/syslogger.h"
     116             : #include "replication/logicallauncher.h"
     117             : #include "replication/walsender.h"
     118             : #include "storage/fd.h"
     119             : #include "storage/ipc.h"
     120             : #include "storage/pg_shmem.h"
     121             : #include "storage/pmsignal.h"
     122             : #include "storage/proc.h"
     123             : #include "tcop/tcopprot.h"
     124             : #include "utils/builtins.h"
     125             : #include "utils/datetime.h"
     126             : #include "utils/memutils.h"
     127             : #include "utils/pidfile.h"
     128             : #include "utils/ps_status.h"
     129             : #include "utils/timeout.h"
     130             : #include "utils/timestamp.h"
     131             : #include "utils/varlena.h"
     132             : 
     133             : #ifdef EXEC_BACKEND
     134             : #include "storage/spin.h"
     135             : #endif
     136             : 
     137             : 
     138             : /*
     139             :  * Possible types of a backend. Beyond being the possible bkend_type values in
     140             :  * struct bkend, these are OR-able request flag bits for SignalSomeChildren()
     141             :  * and CountChildren().
     142             :  */
     143             : #define BACKEND_TYPE_NORMAL     0x0001  /* normal backend */
     144             : #define BACKEND_TYPE_AUTOVAC    0x0002  /* autovacuum worker process */
     145             : #define BACKEND_TYPE_WALSND     0x0004  /* walsender process */
     146             : #define BACKEND_TYPE_BGWORKER   0x0008  /* bgworker process */
     147             : #define BACKEND_TYPE_ALL        0x000F  /* OR of all the above */
     148             : 
     149             : /*
     150             :  * List of active backends (or child processes anyway; we don't actually
     151             :  * know whether a given child has become a backend or is still in the
     152             :  * authorization phase).  This is used mainly to keep track of how many
     153             :  * children we have and send them appropriate signals when necessary.
     154             :  *
     155             :  * As shown in the above set of backend types, this list includes not only
     156             :  * "normal" client sessions, but also autovacuum workers, walsenders, and
     157             :  * background workers.  (Note that at the time of launch, walsenders are
     158             :  * labeled BACKEND_TYPE_NORMAL; we relabel them to BACKEND_TYPE_WALSND
     159             :  * upon noticing they've changed their PMChildFlags entry.  Hence that check
     160             :  * must be done before any operation that needs to distinguish walsenders
     161             :  * from normal backends.)
     162             :  *
     163             :  * Also, "dead_end" children are in it: these are children launched just for
     164             :  * the purpose of sending a friendly rejection message to a would-be client.
     165             :  * We must track them because they are attached to shared memory, but we know
     166             :  * they will never become live backends.  dead_end children are not assigned a
     167             :  * PMChildSlot.  dead_end children have bkend_type NORMAL.
     168             :  *
     169             :  * "Special" children such as the startup, bgwriter and autovacuum launcher
     170             :  * tasks are not in this list.  They are tracked via StartupPID and other
     171             :  * pid_t variables below.  (Thus, there can't be more than one of any given
     172             :  * "special" child process type.  We use BackendList entries for any child
     173             :  * process there can be more than one of.)
     174             :  */
     175             : typedef struct bkend
     176             : {
     177             :     pid_t       pid;            /* process id of backend */
     178             :     int32       cancel_key;     /* cancel key for cancels for this backend */
     179             :     int         child_slot;     /* PMChildSlot for this backend, if any */
     180             :     int         bkend_type;     /* child process flavor, see above */
     181             :     bool        dead_end;       /* is it going to send an error and quit? */
     182             :     bool        bgworker_notify;    /* gets bgworker start/stop notifications */
     183             :     dlist_node  elem;           /* list link in BackendList */
     184             : } Backend;
     185             : 
     186             : static dlist_head BackendList = DLIST_STATIC_INIT(BackendList);
     187             : 
     188             : #ifdef EXEC_BACKEND
     189             : static Backend *ShmemBackendArray;
     190             : #endif
     191             : 
     192             : BackgroundWorker *MyBgworkerEntry = NULL;
     193             : 
     194             : 
     195             : 
     196             : /* The socket number we are listening for connections on */
     197             : int         PostPortNumber = DEF_PGPORT;
     198             : 
     199             : /* The directory names for Unix socket(s) */
     200             : char       *Unix_socket_directories;
     201             : 
     202             : /* The TCP listen address(es) */
     203             : char       *ListenAddresses;
     204             : 
     205             : /*
     206             :  * SuperuserReservedConnections is the number of backends reserved for
     207             :  * superuser use, and ReservedConnections is the number of backends reserved
     208             :  * for use by roles with privileges of the pg_use_reserved_connections
     209             :  * predefined role.  These are taken out of the pool of MaxConnections backend
     210             :  * slots, so the number of backend slots available for roles that are neither
     211             :  * superuser nor have privileges of pg_use_reserved_connections is
     212             :  * (MaxConnections - SuperuserReservedConnections - ReservedConnections).
     213             :  *
     214             :  * If the number of remaining slots is less than or equal to
     215             :  * SuperuserReservedConnections, only superusers can make new connections.  If
     216             :  * the number of remaining slots is greater than SuperuserReservedConnections
     217             :  * but less than or equal to
     218             :  * (SuperuserReservedConnections + ReservedConnections), only superusers and
     219             :  * roles with privileges of pg_use_reserved_connections can make new
     220             :  * connections.  Note that pre-existing superuser and
     221             :  * pg_use_reserved_connections connections don't count against the limits.
     222             :  */
     223             : int         SuperuserReservedConnections;
     224             : int         ReservedConnections;
     225             : 
     226             : /* The socket(s) we're listening to. */
     227             : #define MAXLISTEN   64
     228             : static int  NumListenSockets = 0;
     229             : static pgsocket *ListenSockets = NULL;
     230             : 
     231             : /* still more option variables */
     232             : bool        EnableSSL = false;
     233             : 
     234             : int         PreAuthDelay = 0;
     235             : int         AuthenticationTimeout = 60;
     236             : 
     237             : bool        log_hostname;       /* for ps display and logging */
     238             : bool        Log_connections = false;
     239             : 
     240             : bool        enable_bonjour = false;
     241             : char       *bonjour_name;
     242             : bool        restart_after_crash = true;
     243             : bool        remove_temp_files_after_crash = true;
     244             : bool        send_abort_for_crash = false;
     245             : bool        send_abort_for_kill = false;
     246             : 
     247             : /* PIDs of special child processes; 0 when not running */
     248             : static pid_t StartupPID = 0,
     249             :             BgWriterPID = 0,
     250             :             CheckpointerPID = 0,
     251             :             WalWriterPID = 0,
     252             :             WalReceiverPID = 0,
     253             :             AutoVacPID = 0,
     254             :             PgArchPID = 0,
     255             :             SysLoggerPID = 0;
     256             : 
     257             : /* Startup process's status */
     258             : typedef enum
     259             : {
     260             :     STARTUP_NOT_RUNNING,
     261             :     STARTUP_RUNNING,
     262             :     STARTUP_SIGNALED,           /* we sent it a SIGQUIT or SIGKILL */
     263             :     STARTUP_CRASHED,
     264             : } StartupStatusEnum;
     265             : 
     266             : static StartupStatusEnum StartupStatus = STARTUP_NOT_RUNNING;
     267             : 
     268             : /* Startup/shutdown state */
     269             : #define         NoShutdown      0
     270             : #define         SmartShutdown   1
     271             : #define         FastShutdown    2
     272             : #define         ImmediateShutdown   3
     273             : 
     274             : static int  Shutdown = NoShutdown;
     275             : 
     276             : static bool FatalError = false; /* T if recovering from backend crash */
     277             : 
     278             : /*
     279             :  * We use a simple state machine to control startup, shutdown, and
     280             :  * crash recovery (which is rather like shutdown followed by startup).
     281             :  *
     282             :  * After doing all the postmaster initialization work, we enter PM_STARTUP
     283             :  * state and the startup process is launched. The startup process begins by
     284             :  * reading the control file and other preliminary initialization steps.
     285             :  * In a normal startup, or after crash recovery, the startup process exits
     286             :  * with exit code 0 and we switch to PM_RUN state.  However, archive recovery
     287             :  * is handled specially since it takes much longer and we would like to support
     288             :  * hot standby during archive recovery.
     289             :  *
     290             :  * When the startup process is ready to start archive recovery, it signals the
     291             :  * postmaster, and we switch to PM_RECOVERY state. The background writer and
     292             :  * checkpointer are launched, while the startup process continues applying WAL.
     293             :  * If Hot Standby is enabled, then, after reaching a consistent point in WAL
     294             :  * redo, startup process signals us again, and we switch to PM_HOT_STANDBY
     295             :  * state and begin accepting connections to perform read-only queries.  When
     296             :  * archive recovery is finished, the startup process exits with exit code 0
     297             :  * and we switch to PM_RUN state.
     298             :  *
     299             :  * Normal child backends can only be launched when we are in PM_RUN or
     300             :  * PM_HOT_STANDBY state.  (connsAllowed can also restrict launching.)
     301             :  * In other states we handle connection requests by launching "dead_end"
     302             :  * child processes, which will simply send the client an error message and
     303             :  * quit.  (We track these in the BackendList so that we can know when they
     304             :  * are all gone; this is important because they're still connected to shared
     305             :  * memory, and would interfere with an attempt to destroy the shmem segment,
     306             :  * possibly leading to SHMALL failure when we try to make a new one.)
     307             :  * In PM_WAIT_DEAD_END state we are waiting for all the dead_end children
     308             :  * to drain out of the system, and therefore stop accepting connection
     309             :  * requests at all until the last existing child has quit (which hopefully
     310             :  * will not be very long).
     311             :  *
     312             :  * Notice that this state variable does not distinguish *why* we entered
     313             :  * states later than PM_RUN --- Shutdown and FatalError must be consulted
     314             :  * to find that out.  FatalError is never true in PM_RECOVERY, PM_HOT_STANDBY,
     315             :  * or PM_RUN states, nor in PM_SHUTDOWN states (because we don't enter those
     316             :  * states when trying to recover from a crash).  It can be true in PM_STARTUP
     317             :  * state, because we don't clear it until we've successfully started WAL redo.
     318             :  */
     319             : typedef enum
     320             : {
     321             :     PM_INIT,                    /* postmaster starting */
     322             :     PM_STARTUP,                 /* waiting for startup subprocess */
     323             :     PM_RECOVERY,                /* in archive recovery mode */
     324             :     PM_HOT_STANDBY,             /* in hot standby mode */
     325             :     PM_RUN,                     /* normal "database is alive" state */
     326             :     PM_STOP_BACKENDS,           /* need to stop remaining backends */
     327             :     PM_WAIT_BACKENDS,           /* waiting for live backends to exit */
     328             :     PM_SHUTDOWN,                /* waiting for checkpointer to do shutdown
     329             :                                  * ckpt */
     330             :     PM_SHUTDOWN_2,              /* waiting for archiver and walsenders to
     331             :                                  * finish */
     332             :     PM_WAIT_DEAD_END,           /* waiting for dead_end children to exit */
     333             :     PM_NO_CHILDREN,             /* all important children have exited */
     334             : } PMState;
     335             : 
     336             : static PMState pmState = PM_INIT;
     337             : 
     338             : /*
     339             :  * While performing a "smart shutdown", we restrict new connections but stay
     340             :  * in PM_RUN or PM_HOT_STANDBY state until all the client backends are gone.
     341             :  * connsAllowed is a sub-state indicator showing the active restriction.
     342             :  * It is of no interest unless pmState is PM_RUN or PM_HOT_STANDBY.
     343             :  */
     344             : static bool connsAllowed = true;
     345             : 
     346             : /* Start time of SIGKILL timeout during immediate shutdown or child crash */
     347             : /* Zero means timeout is not running */
     348             : static time_t AbortStartTime = 0;
     349             : 
     350             : /* Length of said timeout */
     351             : #define SIGKILL_CHILDREN_AFTER_SECS     5
     352             : 
     353             : static bool ReachedNormalRunning = false;   /* T if we've reached PM_RUN */
     354             : 
     355             : bool        ClientAuthInProgress = false;   /* T during new-client
     356             :                                              * authentication */
     357             : 
     358             : bool        redirection_done = false;   /* stderr redirected for syslogger? */
     359             : 
     360             : /* received START_AUTOVAC_LAUNCHER signal */
     361             : static bool start_autovac_launcher = false;
     362             : 
     363             : /* the launcher needs to be signaled to communicate some condition */
     364             : static bool avlauncher_needs_signal = false;
     365             : 
     366             : /* received START_WALRECEIVER signal */
     367             : static bool WalReceiverRequested = false;
     368             : 
     369             : /* set when there's a worker that needs to be started up */
     370             : static bool StartWorkerNeeded = true;
     371             : static bool HaveCrashedWorker = false;
     372             : 
     373             : /* set when signals arrive */
     374             : static volatile sig_atomic_t pending_pm_pmsignal;
     375             : static volatile sig_atomic_t pending_pm_child_exit;
     376             : static volatile sig_atomic_t pending_pm_reload_request;
     377             : static volatile sig_atomic_t pending_pm_shutdown_request;
     378             : static volatile sig_atomic_t pending_pm_fast_shutdown_request;
     379             : static volatile sig_atomic_t pending_pm_immediate_shutdown_request;
     380             : 
     381             : /* event multiplexing object */
     382             : static WaitEventSet *pm_wait_set;
     383             : 
     384             : #ifdef USE_SSL
     385             : /* Set when and if SSL has been initialized properly */
     386             : static bool LoadedSSL = false;
     387             : #endif
     388             : 
     389             : #ifdef USE_BONJOUR
     390             : static DNSServiceRef bonjour_sdref = NULL;
     391             : #endif
     392             : 
     393             : /*
     394             :  * postmaster.c - function prototypes
     395             :  */
     396             : static void CloseServerPorts(int status, Datum arg);
     397             : static void unlink_external_pid_file(int status, Datum arg);
     398             : static void getInstallationPaths(const char *argv0);
     399             : static void checkControlFile(void);
     400             : static Port *ConnCreate(int serverFd);
     401             : static void ConnFree(Port *port);
     402             : static void handle_pm_pmsignal_signal(SIGNAL_ARGS);
     403             : static void handle_pm_child_exit_signal(SIGNAL_ARGS);
     404             : static void handle_pm_reload_request_signal(SIGNAL_ARGS);
     405             : static void handle_pm_shutdown_request_signal(SIGNAL_ARGS);
     406             : static void process_pm_pmsignal(void);
     407             : static void process_pm_child_exit(void);
     408             : static void process_pm_reload_request(void);
     409             : static void process_pm_shutdown_request(void);
     410             : static void process_startup_packet_die(SIGNAL_ARGS);
     411             : static void dummy_handler(SIGNAL_ARGS);
     412             : static void StartupPacketTimeoutHandler(void);
     413             : static void CleanupBackend(int pid, int exitstatus);
     414             : static bool CleanupBackgroundWorker(int pid, int exitstatus);
     415             : static void HandleChildCrash(int pid, int exitstatus, const char *procname);
     416             : static void LogChildExit(int lev, const char *procname,
     417             :                          int pid, int exitstatus);
     418             : static void PostmasterStateMachine(void);
     419             : static void BackendInitialize(Port *port);
     420             : static void BackendRun(Port *port) pg_attribute_noreturn();
     421             : static void ExitPostmaster(int status) pg_attribute_noreturn();
     422             : static int  ServerLoop(void);
     423             : static int  BackendStartup(Port *port);
     424             : static int  ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done);
     425             : static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options);
     426             : static void processCancelRequest(Port *port, void *pkt);
     427             : static void report_fork_failure_to_client(Port *port, int errnum);
     428             : static CAC_state canAcceptConnections(int backend_type);
     429             : static bool RandomCancelKey(int32 *cancel_key);
     430             : static void signal_child(pid_t pid, int signal);
     431             : static void sigquit_child(pid_t pid);
     432             : static bool SignalSomeChildren(int signal, int target);
     433             : static void TerminateChildren(int signal);
     434             : 
     435             : #define SignalChildren(sig)            SignalSomeChildren(sig, BACKEND_TYPE_ALL)
     436             : 
     437             : static int  CountChildren(int target);
     438             : static bool assign_backendlist_entry(RegisteredBgWorker *rw);
     439             : static void maybe_start_bgworkers(void);
     440             : static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
     441             : static pid_t StartChildProcess(AuxProcType type);
     442             : static void StartAutovacuumWorker(void);
     443             : static void MaybeStartWalReceiver(void);
     444             : static void InitPostmasterDeathWatchHandle(void);
     445             : 
     446             : /*
     447             :  * Archiver is allowed to start up at the current postmaster state?
     448             :  *
     449             :  * If WAL archiving is enabled always, we are allowed to start archiver
     450             :  * even during recovery.
     451             :  */
     452             : #define PgArchStartupAllowed()  \
     453             :     (((XLogArchivingActive() && pmState == PM_RUN) ||           \
     454             :       (XLogArchivingAlways() &&                                   \
     455             :        (pmState == PM_RECOVERY || pmState == PM_HOT_STANDBY))) && \
     456             :      PgArchCanRestart())
     457             : 
     458             : #ifdef EXEC_BACKEND
     459             : 
     460             : #ifdef WIN32
     461             : #define WNOHANG 0               /* ignored, so any integer value will do */
     462             : 
     463             : static pid_t waitpid(pid_t pid, int *exitstatus, int options);
     464             : static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
     465             : 
     466             : static HANDLE win32ChildQueue;
     467             : 
     468             : typedef struct
     469             : {
     470             :     HANDLE      waitHandle;
     471             :     HANDLE      procHandle;
     472             :     DWORD       procId;
     473             : } win32_deadchild_waitinfo;
     474             : #endif                          /* WIN32 */
     475             : 
     476             : static pid_t backend_forkexec(Port *port);
     477             : static pid_t internal_forkexec(int argc, char *argv[], Port *port, BackgroundWorker *worker);
     478             : 
     479             : /* Type for a socket that can be inherited to a client process */
     480             : #ifdef WIN32
     481             : typedef struct
     482             : {
     483             :     SOCKET      origsocket;     /* Original socket value, or PGINVALID_SOCKET
     484             :                                  * if not a socket */
     485             :     WSAPROTOCOL_INFO wsainfo;
     486             : } InheritableSocket;
     487             : #else
     488             : typedef int InheritableSocket;
     489             : #endif
     490             : 
     491             : /*
     492             :  * Structure contains all variables passed to exec:ed backends
     493             :  */
     494             : typedef struct
     495             : {
     496             :     bool        has_port;
     497             :     Port        port;
     498             :     InheritableSocket portsocket;
     499             : 
     500             :     bool        has_bgworker;
     501             :     BackgroundWorker bgworker;
     502             : 
     503             :     char        DataDir[MAXPGPATH];
     504             :     int32       MyCancelKey;
     505             :     int         MyPMChildSlot;
     506             : #ifndef WIN32
     507             :     unsigned long UsedShmemSegID;
     508             : #else
     509             :     void       *ShmemProtectiveRegion;
     510             :     HANDLE      UsedShmemSegID;
     511             : #endif
     512             :     void       *UsedShmemSegAddr;
     513             :     slock_t    *ShmemLock;
     514             :     Backend    *ShmemBackendArray;
     515             : #ifndef HAVE_SPINLOCKS
     516             :     PGSemaphore *SpinlockSemaArray;
     517             : #endif
     518             :     int         NamedLWLockTrancheRequests;
     519             :     NamedLWLockTranche *NamedLWLockTrancheArray;
     520             :     LWLockPadded *MainLWLockArray;
     521             :     slock_t    *ProcStructLock;
     522             :     PROC_HDR   *ProcGlobal;
     523             :     PGPROC     *AuxiliaryProcs;
     524             :     PGPROC     *PreparedXactProcs;
     525             :     PMSignalData *PMSignalState;
     526             :     pid_t       PostmasterPid;
     527             :     TimestampTz PgStartTime;
     528             :     TimestampTz PgReloadTime;
     529             :     pg_time_t   first_syslogger_file_time;
     530             :     bool        redirection_done;
     531             :     bool        IsBinaryUpgrade;
     532             :     bool        query_id_enabled;
     533             :     int         max_safe_fds;
     534             :     int         MaxBackends;
     535             : #ifdef WIN32
     536             :     HANDLE      PostmasterHandle;
     537             :     HANDLE      initial_signal_pipe;
     538             :     HANDLE      syslogPipe[2];
     539             : #else
     540             :     int         postmaster_alive_fds[2];
     541             :     int         syslogPipe[2];
     542             : #endif
     543             :     char        my_exec_path[MAXPGPATH];
     544             :     char        pkglib_path[MAXPGPATH];
     545             : } BackendParameters;
     546             : 
     547             : static void read_backend_variables(char *id, Port **port, BackgroundWorker **worker);
     548             : static void restore_backend_variables(BackendParameters *param, Port **port, BackgroundWorker **worker);
     549             : 
     550             : #ifndef WIN32
     551             : static bool save_backend_variables(BackendParameters *param, Port *port, BackgroundWorker *worker);
     552             : #else
     553             : static bool save_backend_variables(BackendParameters *param, Port *port, BackgroundWorker *worker,
     554             :                                    HANDLE childProcess, pid_t childPid);
     555             : #endif
     556             : 
     557             : static void ShmemBackendArrayAdd(Backend *bn);
     558             : static void ShmemBackendArrayRemove(Backend *bn);
     559             : #endif                          /* EXEC_BACKEND */
     560             : 
     561             : #define StartupDataBase()       StartChildProcess(StartupProcess)
     562             : #define StartArchiver()         StartChildProcess(ArchiverProcess)
     563             : #define StartBackgroundWriter() StartChildProcess(BgWriterProcess)
     564             : #define StartCheckpointer()     StartChildProcess(CheckpointerProcess)
     565             : #define StartWalWriter()        StartChildProcess(WalWriterProcess)
     566             : #define StartWalReceiver()      StartChildProcess(WalReceiverProcess)
     567             : 
     568             : /* Macros to check exit status of a child process */
     569             : #define EXIT_STATUS_0(st)  ((st) == 0)
     570             : #define EXIT_STATUS_1(st)  (WIFEXITED(st) && WEXITSTATUS(st) == 1)
     571             : #define EXIT_STATUS_3(st)  (WIFEXITED(st) && WEXITSTATUS(st) == 3)
     572             : 
     573             : #ifndef WIN32
     574             : /*
     575             :  * File descriptors for pipe used to monitor if postmaster is alive.
     576             :  * First is POSTMASTER_FD_WATCH, second is POSTMASTER_FD_OWN.
     577             :  */
     578             : int         postmaster_alive_fds[2] = {-1, -1};
     579             : #else
     580             : /* Process handle of postmaster used for the same purpose on Windows */
     581             : HANDLE      PostmasterHandle;
     582             : #endif
     583             : 
     584             : /*
     585             :  * Postmaster main entry point
     586             :  */
     587             : void
     588        1296 : PostmasterMain(int argc, char *argv[])
     589             : {
     590             :     int         opt;
     591             :     int         status;
     592        1296 :     char       *userDoption = NULL;
     593        1296 :     bool        listen_addr_saved = false;
     594        1296 :     char       *output_config_variable = NULL;
     595             : 
     596        1296 :     InitProcessGlobals();
     597             : 
     598        1296 :     PostmasterPid = MyProcPid;
     599             : 
     600        1296 :     IsPostmasterEnvironment = true;
     601             : 
     602             :     /*
     603             :      * Start our win32 signal implementation
     604             :      */
     605             : #ifdef WIN32
     606             :     pgwin32_signal_initialize();
     607             : #endif
     608             : 
     609             :     /*
     610             :      * We should not be creating any files or directories before we check the
     611             :      * data directory (see checkDataDir()), but just in case set the umask to
     612             :      * the most restrictive (owner-only) permissions.
     613             :      *
     614             :      * checkDataDir() will reset the umask based on the data directory
     615             :      * permissions.
     616             :      */
     617        1296 :     umask(PG_MODE_MASK_OWNER);
     618             : 
     619             :     /*
     620             :      * By default, palloc() requests in the postmaster will be allocated in
     621             :      * the PostmasterContext, which is space that can be recycled by backends.
     622             :      * Allocated data that needs to be available to backends should be
     623             :      * allocated in TopMemoryContext.
     624             :      */
     625        1296 :     PostmasterContext = AllocSetContextCreate(TopMemoryContext,
     626             :                                               "Postmaster",
     627             :                                               ALLOCSET_DEFAULT_SIZES);
     628        1296 :     MemoryContextSwitchTo(PostmasterContext);
     629             : 
     630             :     /* Initialize paths to installation files */
     631        1296 :     getInstallationPaths(argv[0]);
     632             : 
     633             :     /*
     634             :      * Set up signal handlers for the postmaster process.
     635             :      *
     636             :      * CAUTION: when changing this list, check for side-effects on the signal
     637             :      * handling setup of child processes.  See tcop/postgres.c,
     638             :      * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
     639             :      * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/syslogger.c,
     640             :      * postmaster/bgworker.c and postmaster/checkpointer.c.
     641             :      */
     642        1296 :     pqinitmask();
     643        1296 :     sigprocmask(SIG_SETMASK, &BlockSig, NULL);
     644             : 
     645        1296 :     pqsignal(SIGHUP, handle_pm_reload_request_signal);
     646        1296 :     pqsignal(SIGINT, handle_pm_shutdown_request_signal);
     647        1296 :     pqsignal(SIGQUIT, handle_pm_shutdown_request_signal);
     648        1296 :     pqsignal(SIGTERM, handle_pm_shutdown_request_signal);
     649        1296 :     pqsignal(SIGALRM, SIG_IGN); /* ignored */
     650        1296 :     pqsignal(SIGPIPE, SIG_IGN); /* ignored */
     651        1296 :     pqsignal(SIGUSR1, handle_pm_pmsignal_signal);
     652        1296 :     pqsignal(SIGUSR2, dummy_handler);   /* unused, reserve for children */
     653        1296 :     pqsignal(SIGCHLD, handle_pm_child_exit_signal);
     654             : 
     655             :     /* This may configure SIGURG, depending on platform. */
     656        1296 :     InitializeLatchSupport();
     657        1296 :     InitProcessLocalLatch();
     658             : 
     659             :     /*
     660             :      * No other place in Postgres should touch SIGTTIN/SIGTTOU handling.  We
     661             :      * ignore those signals in a postmaster environment, so that there is no
     662             :      * risk of a child process freezing up due to writing to stderr.  But for
     663             :      * a standalone backend, their default handling is reasonable.  Hence, all
     664             :      * child processes should just allow the inherited settings to stand.
     665             :      */
     666             : #ifdef SIGTTIN
     667        1296 :     pqsignal(SIGTTIN, SIG_IGN); /* ignored */
     668             : #endif
     669             : #ifdef SIGTTOU
     670        1296 :     pqsignal(SIGTTOU, SIG_IGN); /* ignored */
     671             : #endif
     672             : 
     673             :     /* ignore SIGXFSZ, so that ulimit violations work like disk full */
     674             : #ifdef SIGXFSZ
     675        1296 :     pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
     676             : #endif
     677             : 
     678             :     /* Begin accepting signals. */
     679        1296 :     sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
     680             : 
     681             :     /*
     682             :      * Options setup
     683             :      */
     684        1296 :     InitializeGUCOptions();
     685             : 
     686        1296 :     opterr = 1;
     687             : 
     688             :     /*
     689             :      * Parse command-line options.  CAUTION: keep this in sync with
     690             :      * tcop/postgres.c (the option sets should not conflict) and with the
     691             :      * common help() function in main/main.c.
     692             :      */
     693        4428 :     while ((opt = getopt(argc, argv, "B:bC:c:D:d:EeFf:h:ijk:lN:OPp:r:S:sTt:W:-:")) != -1)
     694             :     {
     695        3132 :         switch (opt)
     696             :         {
     697           0 :             case 'B':
     698           0 :                 SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
     699           0 :                 break;
     700             : 
     701          30 :             case 'b':
     702             :                 /* Undocumented flag used for binary upgrades */
     703          30 :                 IsBinaryUpgrade = true;
     704          30 :                 break;
     705             : 
     706           4 :             case 'C':
     707           4 :                 output_config_variable = strdup(optarg);
     708           4 :                 break;
     709             : 
     710        1448 :             case 'c':
     711             :             case '-':
     712             :                 {
     713             :                     char       *name,
     714             :                                *value;
     715             : 
     716        1448 :                     ParseLongOption(optarg, &name, &value);
     717        1448 :                     if (!value)
     718             :                     {
     719           0 :                         if (opt == '-')
     720           0 :                             ereport(ERROR,
     721             :                                     (errcode(ERRCODE_SYNTAX_ERROR),
     722             :                                      errmsg("--%s requires a value",
     723             :                                             optarg)));
     724             :                         else
     725           0 :                             ereport(ERROR,
     726             :                                     (errcode(ERRCODE_SYNTAX_ERROR),
     727             :                                      errmsg("-c %s requires a value",
     728             :                                             optarg)));
     729             :                     }
     730             : 
     731        1448 :                     SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
     732        1448 :                     pfree(name);
     733        1448 :                     pfree(value);
     734        1448 :                     break;
     735             :                 }
     736             : 
     737        1296 :             case 'D':
     738        1296 :                 userDoption = strdup(optarg);
     739        1296 :                 break;
     740             : 
     741           0 :             case 'd':
     742           0 :                 set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
     743           0 :                 break;
     744             : 
     745           0 :             case 'E':
     746           0 :                 SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
     747           0 :                 break;
     748             : 
     749           0 :             case 'e':
     750           0 :                 SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
     751           0 :                 break;
     752             : 
     753         162 :             case 'F':
     754         162 :                 SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
     755         162 :                 break;
     756             : 
     757           0 :             case 'f':
     758           0 :                 if (!set_plan_disabling_options(optarg, PGC_POSTMASTER, PGC_S_ARGV))
     759             :                 {
     760           0 :                     write_stderr("%s: invalid argument for option -f: \"%s\"\n",
     761             :                                  progname, optarg);
     762           0 :                     ExitPostmaster(1);
     763             :                 }
     764           0 :                 break;
     765             : 
     766           0 :             case 'h':
     767           0 :                 SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
     768           0 :                 break;
     769             : 
     770           0 :             case 'i':
     771           0 :                 SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
     772           0 :                 break;
     773             : 
     774           0 :             case 'j':
     775             :                 /* only used by interactive backend */
     776           0 :                 break;
     777             : 
     778         162 :             case 'k':
     779         162 :                 SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV);
     780         162 :                 break;
     781             : 
     782           0 :             case 'l':
     783           0 :                 SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
     784           0 :                 break;
     785             : 
     786           0 :             case 'N':
     787           0 :                 SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
     788           0 :                 break;
     789             : 
     790           0 :             case 'O':
     791           0 :                 SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
     792           0 :                 break;
     793             : 
     794           0 :             case 'P':
     795           0 :                 SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
     796           0 :                 break;
     797             : 
     798          30 :             case 'p':
     799          30 :                 SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
     800          30 :                 break;
     801             : 
     802           0 :             case 'r':
     803             :                 /* only used by single-user backend */
     804           0 :                 break;
     805             : 
     806           0 :             case 'S':
     807           0 :                 SetConfigOption("work_mem", optarg, PGC_POSTMASTER, PGC_S_ARGV);
     808           0 :                 break;
     809             : 
     810           0 :             case 's':
     811           0 :                 SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
     812           0 :                 break;
     813             : 
     814           0 :             case 'T':
     815             : 
     816             :                 /*
     817             :                  * This option used to be defined as sending SIGSTOP after a
     818             :                  * backend crash, but sending SIGABRT seems more useful.
     819             :                  */
     820           0 :                 SetConfigOption("send_abort_for_crash", "true", PGC_POSTMASTER, PGC_S_ARGV);
     821           0 :                 break;
     822             : 
     823           0 :             case 't':
     824             :                 {
     825           0 :                     const char *tmp = get_stats_option_name(optarg);
     826             : 
     827           0 :                     if (tmp)
     828             :                     {
     829           0 :                         SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
     830             :                     }
     831             :                     else
     832             :                     {
     833           0 :                         write_stderr("%s: invalid argument for option -t: \"%s\"\n",
     834             :                                      progname, optarg);
     835           0 :                         ExitPostmaster(1);
     836             :                     }
     837           0 :                     break;
     838             :                 }
     839             : 
     840           0 :             case 'W':
     841           0 :                 SetConfigOption("post_auth_delay", optarg, PGC_POSTMASTER, PGC_S_ARGV);
     842           0 :                 break;
     843             : 
     844           0 :             default:
     845           0 :                 write_stderr("Try \"%s --help\" for more information.\n",
     846             :                              progname);
     847           0 :                 ExitPostmaster(1);
     848             :         }
     849             :     }
     850             : 
     851             :     /*
     852             :      * Postmaster accepts no non-option switch arguments.
     853             :      */
     854        1296 :     if (optind < argc)
     855             :     {
     856           0 :         write_stderr("%s: invalid argument: \"%s\"\n",
     857           0 :                      progname, argv[optind]);
     858           0 :         write_stderr("Try \"%s --help\" for more information.\n",
     859             :                      progname);
     860           0 :         ExitPostmaster(1);
     861             :     }
     862             : 
     863             :     /*
     864             :      * Locate the proper configuration files and data directory, and read
     865             :      * postgresql.conf for the first time.
     866             :      */
     867        1296 :     if (!SelectConfigFiles(userDoption, progname))
     868           0 :         ExitPostmaster(2);
     869             : 
     870        1294 :     if (output_config_variable != NULL)
     871             :     {
     872             :         /*
     873             :          * If this is a runtime-computed GUC, it hasn't yet been initialized,
     874             :          * and the present value is not useful.  However, this is a convenient
     875             :          * place to print the value for most GUCs because it is safe to run
     876             :          * postmaster startup to this point even if the server is already
     877             :          * running.  For the handful of runtime-computed GUCs that we cannot
     878             :          * provide meaningful values for yet, we wait until later in
     879             :          * postmaster startup to print the value.  We won't be able to use -C
     880             :          * on running servers for those GUCs, but using this option now would
     881             :          * lead to incorrect results for them.
     882             :          */
     883           4 :         int         flags = GetConfigOptionFlags(output_config_variable, true);
     884             : 
     885           4 :         if ((flags & GUC_RUNTIME_COMPUTED) == 0)
     886             :         {
     887             :             /*
     888             :              * "-C guc" was specified, so print GUC's value and exit.  No
     889             :              * extra permission check is needed because the user is reading
     890             :              * inside the data dir.
     891             :              */
     892           2 :             const char *config_val = GetConfigOption(output_config_variable,
     893             :                                                      false, false);
     894             : 
     895           2 :             puts(config_val ? config_val : "");
     896           2 :             ExitPostmaster(0);
     897             :         }
     898             : 
     899             :         /*
     900             :          * A runtime-computed GUC will be printed later on.  As we initialize
     901             :          * a server startup sequence, silence any log messages that may show
     902             :          * up in the output generated.  FATAL and more severe messages are
     903             :          * useful to show, even if one would only expect at least PANIC.  LOG
     904             :          * entries are hidden.
     905             :          */
     906           2 :         SetConfigOption("log_min_messages", "FATAL", PGC_SUSET,
     907             :                         PGC_S_OVERRIDE);
     908             :     }
     909             : 
     910             :     /* Verify that DataDir looks reasonable */
     911        1292 :     checkDataDir();
     912             : 
     913             :     /* Check that pg_control exists */
     914        1292 :     checkControlFile();
     915             : 
     916             :     /* And switch working directory into it */
     917        1292 :     ChangeToDataDir();
     918             : 
     919             :     /*
     920             :      * Check for invalid combinations of GUC settings.
     921             :      */
     922        1292 :     if (SuperuserReservedConnections + ReservedConnections >= MaxConnections)
     923             :     {
     924           0 :         write_stderr("%s: superuser_reserved_connections (%d) plus reserved_connections (%d) must be less than max_connections (%d)\n",
     925             :                      progname,
     926             :                      SuperuserReservedConnections, ReservedConnections,
     927             :                      MaxConnections);
     928           0 :         ExitPostmaster(1);
     929             :     }
     930        1292 :     if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)
     931           0 :         ereport(ERROR,
     932             :                 (errmsg("WAL archival cannot be enabled when wal_level is \"minimal\"")));
     933        1292 :     if (max_wal_senders > 0 && wal_level == WAL_LEVEL_MINIMAL)
     934           0 :         ereport(ERROR,
     935             :                 (errmsg("WAL streaming (max_wal_senders > 0) requires wal_level \"replica\" or \"logical\"")));
     936             : 
     937             :     /*
     938             :      * Other one-time internal sanity checks can go here, if they are fast.
     939             :      * (Put any slow processing further down, after postmaster.pid creation.)
     940             :      */
     941        1292 :     if (!CheckDateTokenTables())
     942             :     {
     943           0 :         write_stderr("%s: invalid datetoken tables, please fix\n", progname);
     944           0 :         ExitPostmaster(1);
     945             :     }
     946             : 
     947             :     /*
     948             :      * Now that we are done processing the postmaster arguments, reset
     949             :      * getopt(3) library so that it will work correctly in subprocesses.
     950             :      */
     951        1292 :     optind = 1;
     952             : #ifdef HAVE_INT_OPTRESET
     953             :     optreset = 1;               /* some systems need this too */
     954             : #endif
     955             : 
     956             :     /* For debugging: display postmaster environment */
     957             :     {
     958             :         extern char **environ;
     959             :         char      **p;
     960             : 
     961        1292 :         ereport(DEBUG3,
     962             :                 (errmsg_internal("%s: PostmasterMain: initial environment dump:",
     963             :                                  progname)));
     964        1292 :         ereport(DEBUG3,
     965             :                 (errmsg_internal("-----------------------------------------")));
     966       52090 :         for (p = environ; *p; ++p)
     967       50798 :             ereport(DEBUG3,
     968             :                     (errmsg_internal("\t%s", *p)));
     969        1292 :         ereport(DEBUG3,
     970             :                 (errmsg_internal("-----------------------------------------")));
     971             :     }
     972             : 
     973             :     /*
     974             :      * Create lockfile for data directory.
     975             :      *
     976             :      * We want to do this before we try to grab the input sockets, because the
     977             :      * data directory interlock is more reliable than the socket-file
     978             :      * interlock (thanks to whoever decided to put socket files in /tmp :-().
     979             :      * For the same reason, it's best to grab the TCP socket(s) before the
     980             :      * Unix socket(s).
     981             :      *
     982             :      * Also note that this internally sets up the on_proc_exit function that
     983             :      * is responsible for removing both data directory and socket lockfiles;
     984             :      * so it must happen before opening sockets so that at exit, the socket
     985             :      * lockfiles go away after CloseServerPorts runs.
     986             :      */
     987        1292 :     CreateDataDirLockFile(true);
     988             : 
     989             :     /*
     990             :      * Read the control file (for error checking and config info).
     991             :      *
     992             :      * Since we verify the control file's CRC, this has a useful side effect
     993             :      * on machines where we need a run-time test for CRC support instructions.
     994             :      * The postmaster will do the test once at startup, and then its child
     995             :      * processes will inherit the correct function pointer and not need to
     996             :      * repeat the test.
     997             :      */
     998        1290 :     LocalProcessControlFile(false);
     999             : 
    1000             :     /*
    1001             :      * Register the apply launcher.  It's probably a good idea to call this
    1002             :      * before any modules had a chance to take the background worker slots.
    1003             :      */
    1004        1290 :     ApplyLauncherRegister();
    1005             : 
    1006             :     /*
    1007             :      * process any libraries that should be preloaded at postmaster start
    1008             :      */
    1009        1290 :     process_shared_preload_libraries();
    1010             : 
    1011             :     /*
    1012             :      * Initialize SSL library, if specified.
    1013             :      */
    1014             : #ifdef USE_SSL
    1015        1290 :     if (EnableSSL)
    1016             :     {
    1017          52 :         (void) secure_initialize(true);
    1018          46 :         LoadedSSL = true;
    1019             :     }
    1020             : #endif
    1021             : 
    1022             :     /*
    1023             :      * Now that loadable modules have had their chance to alter any GUCs,
    1024             :      * calculate MaxBackends.
    1025             :      */
    1026        1284 :     InitializeMaxBackends();
    1027             : 
    1028             :     /*
    1029             :      * Give preloaded libraries a chance to request additional shared memory.
    1030             :      */
    1031        1284 :     process_shmem_requests();
    1032             : 
    1033             :     /*
    1034             :      * Now that loadable modules have had their chance to request additional
    1035             :      * shared memory, determine the value of any runtime-computed GUCs that
    1036             :      * depend on the amount of shared memory required.
    1037             :      */
    1038        1284 :     InitializeShmemGUCs();
    1039             : 
    1040             :     /*
    1041             :      * Now that modules have been loaded, we can process any custom resource
    1042             :      * managers specified in the wal_consistency_checking GUC.
    1043             :      */
    1044        1284 :     InitializeWalConsistencyChecking();
    1045             : 
    1046             :     /*
    1047             :      * If -C was specified with a runtime-computed GUC, we held off printing
    1048             :      * the value earlier, as the GUC was not yet initialized.  We handle -C
    1049             :      * for most GUCs before we lock the data directory so that the option may
    1050             :      * be used on a running server.  However, a handful of GUCs are runtime-
    1051             :      * computed and do not have meaningful values until after locking the data
    1052             :      * directory, and we cannot safely calculate their values earlier on a
    1053             :      * running server.  At this point, such GUCs should be properly
    1054             :      * initialized, and we haven't yet set up shared memory, so this is a good
    1055             :      * time to handle the -C option for these special GUCs.
    1056             :      */
    1057        1284 :     if (output_config_variable != NULL)
    1058             :     {
    1059           2 :         const char *config_val = GetConfigOption(output_config_variable,
    1060             :                                                  false, false);
    1061             : 
    1062           2 :         puts(config_val ? config_val : "");
    1063           2 :         ExitPostmaster(0);
    1064             :     }
    1065             : 
    1066             :     /*
    1067             :      * Set up shared memory and semaphores.
    1068             :      *
    1069             :      * Note: if using SysV shmem and/or semas, each postmaster startup will
    1070             :      * normally choose the same IPC keys.  This helps ensure that we will
    1071             :      * clean up dead IPC objects if the postmaster crashes and is restarted.
    1072             :      */
    1073        1282 :     CreateSharedMemoryAndSemaphores();
    1074             : 
    1075             :     /*
    1076             :      * Estimate number of openable files.  This must happen after setting up
    1077             :      * semaphores, because on some platforms semaphores count as open files.
    1078             :      */
    1079        1280 :     set_max_safe_fds();
    1080             : 
    1081             :     /*
    1082             :      * Set reference point for stack-depth checking.
    1083             :      */
    1084        1280 :     (void) set_stack_base();
    1085             : 
    1086             :     /*
    1087             :      * Initialize pipe (or process handle on Windows) that allows children to
    1088             :      * wake up from sleep on postmaster death.
    1089             :      */
    1090        1280 :     InitPostmasterDeathWatchHandle();
    1091             : 
    1092             : #ifdef WIN32
    1093             : 
    1094             :     /*
    1095             :      * Initialize I/O completion port used to deliver list of dead children.
    1096             :      */
    1097             :     win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
    1098             :     if (win32ChildQueue == NULL)
    1099             :         ereport(FATAL,
    1100             :                 (errmsg("could not create I/O completion port for child queue")));
    1101             : #endif
    1102             : 
    1103             : #ifdef EXEC_BACKEND
    1104             :     /* Write out nondefault GUC settings for child processes to use */
    1105             :     write_nondefault_variables(PGC_POSTMASTER);
    1106             : 
    1107             :     /*
    1108             :      * Clean out the temp directory used to transmit parameters to child
    1109             :      * processes (see internal_forkexec, below).  We must do this before
    1110             :      * launching any child processes, else we have a race condition: we could
    1111             :      * remove a parameter file before the child can read it.  It should be
    1112             :      * safe to do so now, because we verified earlier that there are no
    1113             :      * conflicting Postgres processes in this data directory.
    1114             :      */
    1115             :     RemovePgTempFilesInDir(PG_TEMP_FILES_DIR, true, false);
    1116             : #endif
    1117             : 
    1118             :     /*
    1119             :      * Forcibly remove the files signaling a standby promotion request.
    1120             :      * Otherwise, the existence of those files triggers a promotion too early,
    1121             :      * whether a user wants that or not.
    1122             :      *
    1123             :      * This removal of files is usually unnecessary because they can exist
    1124             :      * only during a few moments during a standby promotion. However there is
    1125             :      * a race condition: if pg_ctl promote is executed and creates the files
    1126             :      * during a promotion, the files can stay around even after the server is
    1127             :      * brought up to be the primary.  Then, if a new standby starts by using
    1128             :      * the backup taken from the new primary, the files can exist at server
    1129             :      * startup and must be removed in order to avoid an unexpected promotion.
    1130             :      *
    1131             :      * Note that promotion signal files need to be removed before the startup
    1132             :      * process is invoked. Because, after that, they can be used by
    1133             :      * postmaster's SIGUSR1 signal handler.
    1134             :      */
    1135        1280 :     RemovePromoteSignalFiles();
    1136             : 
    1137             :     /* Do the same for logrotate signal file */
    1138        1280 :     RemoveLogrotateSignalFiles();
    1139             : 
    1140             :     /* Remove any outdated file holding the current log filenames. */
    1141        1280 :     if (unlink(LOG_METAINFO_DATAFILE) < 0 && errno != ENOENT)
    1142           0 :         ereport(LOG,
    1143             :                 (errcode_for_file_access(),
    1144             :                  errmsg("could not remove file \"%s\": %m",
    1145             :                         LOG_METAINFO_DATAFILE)));
    1146             : 
    1147             :     /*
    1148             :      * If enabled, start up syslogger collection subprocess
    1149             :      */
    1150        1280 :     SysLoggerPID = SysLogger_Start();
    1151             : 
    1152             :     /*
    1153             :      * Reset whereToSendOutput from DestDebug (its starting state) to
    1154             :      * DestNone. This stops ereport from sending log messages to stderr unless
    1155             :      * Log_destination permits.  We don't do this until the postmaster is
    1156             :      * fully launched, since startup failures may as well be reported to
    1157             :      * stderr.
    1158             :      *
    1159             :      * If we are in fact disabling logging to stderr, first emit a log message
    1160             :      * saying so, to provide a breadcrumb trail for users who may not remember
    1161             :      * that their logging is configured to go somewhere else.
    1162             :      */
    1163        1280 :     if (!(Log_destination & LOG_DESTINATION_STDERR))
    1164           0 :         ereport(LOG,
    1165             :                 (errmsg("ending log output to stderr"),
    1166             :                  errhint("Future log output will go to log destination \"%s\".",
    1167             :                          Log_destination_string)));
    1168             : 
    1169        1280 :     whereToSendOutput = DestNone;
    1170             : 
    1171             :     /*
    1172             :      * Report server startup in log.  While we could emit this much earlier,
    1173             :      * it seems best to do so after starting the log collector, if we intend
    1174             :      * to use one.
    1175             :      */
    1176        1280 :     ereport(LOG,
    1177             :             (errmsg("starting %s", PG_VERSION_STR)));
    1178             : 
    1179             :     /*
    1180             :      * Establish input sockets.
    1181             :      *
    1182             :      * First set up an on_proc_exit function that's charged with closing the
    1183             :      * sockets again at postmaster shutdown.
    1184             :      */
    1185        1280 :     ListenSockets = palloc(MAXLISTEN * sizeof(pgsocket));
    1186        1280 :     on_proc_exit(CloseServerPorts, 0);
    1187             : 
    1188        1280 :     if (ListenAddresses)
    1189             :     {
    1190             :         char       *rawstring;
    1191             :         List       *elemlist;
    1192             :         ListCell   *l;
    1193        1280 :         int         success = 0;
    1194             : 
    1195             :         /* Need a modifiable copy of ListenAddresses */
    1196        1280 :         rawstring = pstrdup(ListenAddresses);
    1197             : 
    1198             :         /* Parse string into list of hostnames */
    1199        1280 :         if (!SplitGUCList(rawstring, ',', &elemlist))
    1200             :         {
    1201             :             /* syntax error in list */
    1202           0 :             ereport(FATAL,
    1203             :                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    1204             :                      errmsg("invalid list syntax in parameter \"%s\"",
    1205             :                             "listen_addresses")));
    1206             :         }
    1207             : 
    1208        1330 :         foreach(l, elemlist)
    1209             :         {
    1210          50 :             char       *curhost = (char *) lfirst(l);
    1211             : 
    1212          50 :             if (strcmp(curhost, "*") == 0)
    1213           0 :                 status = StreamServerPort(AF_UNSPEC, NULL,
    1214           0 :                                           (unsigned short) PostPortNumber,
    1215             :                                           NULL,
    1216             :                                           ListenSockets,
    1217             :                                           &NumListenSockets,
    1218             :                                           MAXLISTEN);
    1219             :             else
    1220          50 :                 status = StreamServerPort(AF_UNSPEC, curhost,
    1221          50 :                                           (unsigned short) PostPortNumber,
    1222             :                                           NULL,
    1223             :                                           ListenSockets,
    1224             :                                           &NumListenSockets,
    1225             :                                           MAXLISTEN);
    1226             : 
    1227          50 :             if (status == STATUS_OK)
    1228             :             {
    1229          50 :                 success++;
    1230             :                 /* record the first successful host addr in lockfile */
    1231          50 :                 if (!listen_addr_saved)
    1232             :                 {
    1233          50 :                     AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, curhost);
    1234          50 :                     listen_addr_saved = true;
    1235             :                 }
    1236             :             }
    1237             :             else
    1238           0 :                 ereport(WARNING,
    1239             :                         (errmsg("could not create listen socket for \"%s\"",
    1240             :                                 curhost)));
    1241             :         }
    1242             : 
    1243        1280 :         if (!success && elemlist != NIL)
    1244           0 :             ereport(FATAL,
    1245             :                     (errmsg("could not create any TCP/IP sockets")));
    1246             : 
    1247        1280 :         list_free(elemlist);
    1248        1280 :         pfree(rawstring);
    1249             :     }
    1250             : 
    1251             : #ifdef USE_BONJOUR
    1252             :     /* Register for Bonjour only if we opened TCP socket(s) */
    1253             :     if (enable_bonjour && NumListenSockets > 0)
    1254             :     {
    1255             :         DNSServiceErrorType err;
    1256             : 
    1257             :         /*
    1258             :          * We pass 0 for interface_index, which will result in registering on
    1259             :          * all "applicable" interfaces.  It's not entirely clear from the
    1260             :          * DNS-SD docs whether this would be appropriate if we have bound to
    1261             :          * just a subset of the available network interfaces.
    1262             :          */
    1263             :         err = DNSServiceRegister(&bonjour_sdref,
    1264             :                                  0,
    1265             :                                  0,
    1266             :                                  bonjour_name,
    1267             :                                  "_postgresql._tcp.",
    1268             :                                  NULL,
    1269             :                                  NULL,
    1270             :                                  pg_hton16(PostPortNumber),
    1271             :                                  0,
    1272             :                                  NULL,
    1273             :                                  NULL,
    1274             :                                  NULL);
    1275             :         if (err != kDNSServiceErr_NoError)
    1276             :             ereport(LOG,
    1277             :                     (errmsg("DNSServiceRegister() failed: error code %ld",
    1278             :                             (long) err)));
    1279             : 
    1280             :         /*
    1281             :          * We don't bother to read the mDNS daemon's reply, and we expect that
    1282             :          * it will automatically terminate our registration when the socket is
    1283             :          * closed at postmaster termination.  So there's nothing more to be
    1284             :          * done here.  However, the bonjour_sdref is kept around so that
    1285             :          * forked children can close their copies of the socket.
    1286             :          */
    1287             :     }
    1288             : #endif
    1289             : 
    1290        1280 :     if (Unix_socket_directories)
    1291             :     {
    1292             :         char       *rawstring;
    1293             :         List       *elemlist;
    1294             :         ListCell   *l;
    1295        1280 :         int         success = 0;
    1296             : 
    1297             :         /* Need a modifiable copy of Unix_socket_directories */
    1298        1280 :         rawstring = pstrdup(Unix_socket_directories);
    1299             : 
    1300             :         /* Parse string into list of directories */
    1301        1280 :         if (!SplitDirectoriesString(rawstring, ',', &elemlist))
    1302             :         {
    1303             :             /* syntax error in list */
    1304           0 :             ereport(FATAL,
    1305             :                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    1306             :                      errmsg("invalid list syntax in parameter \"%s\"",
    1307             :                             "unix_socket_directories")));
    1308             :         }
    1309             : 
    1310        2558 :         foreach(l, elemlist)
    1311             :         {
    1312        1278 :             char       *socketdir = (char *) lfirst(l);
    1313             : 
    1314        1278 :             status = StreamServerPort(AF_UNIX, NULL,
    1315        1278 :                                       (unsigned short) PostPortNumber,
    1316             :                                       socketdir,
    1317             :                                       ListenSockets,
    1318             :                                       &NumListenSockets,
    1319             :                                       MAXLISTEN);
    1320             : 
    1321        1278 :             if (status == STATUS_OK)
    1322             :             {
    1323        1278 :                 success++;
    1324             :                 /* record the first successful Unix socket in lockfile */
    1325        1278 :                 if (success == 1)
    1326        1278 :                     AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
    1327             :             }
    1328             :             else
    1329           0 :                 ereport(WARNING,
    1330             :                         (errmsg("could not create Unix-domain socket in directory \"%s\"",
    1331             :                                 socketdir)));
    1332             :         }
    1333             : 
    1334        1280 :         if (!success && elemlist != NIL)
    1335           0 :             ereport(FATAL,
    1336             :                     (errmsg("could not create any Unix-domain sockets")));
    1337             : 
    1338        1280 :         list_free_deep(elemlist);
    1339        1280 :         pfree(rawstring);
    1340             :     }
    1341             : 
    1342             :     /*
    1343             :      * check that we have some socket to listen on
    1344             :      */
    1345        1280 :     if (NumListenSockets == 0)
    1346           0 :         ereport(FATAL,
    1347             :                 (errmsg("no socket created for listening")));
    1348             : 
    1349             :     /*
    1350             :      * If no valid TCP ports, write an empty line for listen address,
    1351             :      * indicating the Unix socket must be used.  Note that this line is not
    1352             :      * added to the lock file until there is a socket backing it.
    1353             :      */
    1354        1280 :     if (!listen_addr_saved)
    1355        1230 :         AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, "");
    1356             : 
    1357             :     /*
    1358             :      * Record postmaster options.  We delay this till now to avoid recording
    1359             :      * bogus options (eg, unusable port number).
    1360             :      */
    1361        1280 :     if (!CreateOptsFile(argc, argv, my_exec_path))
    1362           0 :         ExitPostmaster(1);
    1363             : 
    1364             :     /*
    1365             :      * Write the external PID file if requested
    1366             :      */
    1367        1280 :     if (external_pid_file)
    1368             :     {
    1369           0 :         FILE       *fpidfile = fopen(external_pid_file, "w");
    1370             : 
    1371           0 :         if (fpidfile)
    1372             :         {
    1373           0 :             fprintf(fpidfile, "%d\n", MyProcPid);
    1374           0 :             fclose(fpidfile);
    1375             : 
    1376             :             /* Make PID file world readable */
    1377           0 :             if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
    1378           0 :                 write_stderr("%s: could not change permissions of external PID file \"%s\": %s\n",
    1379           0 :                              progname, external_pid_file, strerror(errno));
    1380             :         }
    1381             :         else
    1382           0 :             write_stderr("%s: could not write external PID file \"%s\": %s\n",
    1383           0 :                          progname, external_pid_file, strerror(errno));
    1384             : 
    1385           0 :         on_proc_exit(unlink_external_pid_file, 0);
    1386             :     }
    1387             : 
    1388             :     /*
    1389             :      * Remove old temporary files.  At this point there can be no other
    1390             :      * Postgres processes running in this directory, so this should be safe.
    1391             :      */
    1392        1280 :     RemovePgTempFiles();
    1393             : 
    1394             :     /*
    1395             :      * Initialize the autovacuum subsystem (again, no process start yet)
    1396             :      */
    1397        1280 :     autovac_init();
    1398             : 
    1399             :     /*
    1400             :      * Load configuration files for client authentication.
    1401             :      */
    1402        1280 :     if (!load_hba())
    1403             :     {
    1404             :         /*
    1405             :          * It makes no sense to continue if we fail to load the HBA file,
    1406             :          * since there is no way to connect to the database in this case.
    1407             :          */
    1408           0 :         ereport(FATAL,
    1409             :         /* translator: %s is a configuration file */
    1410             :                 (errmsg("could not load %s", HbaFileName)));
    1411             :     }
    1412        1280 :     if (!load_ident())
    1413             :     {
    1414             :         /*
    1415             :          * We can start up without the IDENT file, although it means that you
    1416             :          * cannot log in using any of the authentication methods that need a
    1417             :          * user name mapping. load_ident() already logged the details of error
    1418             :          * to the log.
    1419             :          */
    1420             :     }
    1421             : 
    1422             : #ifdef HAVE_PTHREAD_IS_THREADED_NP
    1423             : 
    1424             :     /*
    1425             :      * On macOS, libintl replaces setlocale() with a version that calls
    1426             :      * CFLocaleCopyCurrent() when its second argument is "" and every relevant
    1427             :      * environment variable is unset or empty.  CFLocaleCopyCurrent() makes
    1428             :      * the process multithreaded.  The postmaster calls sigprocmask() and
    1429             :      * calls fork() without an immediate exec(), both of which have undefined
    1430             :      * behavior in a multithreaded program.  A multithreaded postmaster is the
    1431             :      * normal case on Windows, which offers neither fork() nor sigprocmask().
    1432             :      */
    1433             :     if (pthread_is_threaded_np() != 0)
    1434             :         ereport(FATAL,
    1435             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    1436             :                  errmsg("postmaster became multithreaded during startup"),
    1437             :                  errhint("Set the LC_ALL environment variable to a valid locale.")));
    1438             : #endif
    1439             : 
    1440             :     /*
    1441             :      * Remember postmaster startup time
    1442             :      */
    1443        1280 :     PgStartTime = GetCurrentTimestamp();
    1444             : 
    1445             :     /*
    1446             :      * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
    1447             :      * see what's happening.
    1448             :      */
    1449        1280 :     AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STARTING);
    1450             : 
    1451             :     /* Start bgwriter and checkpointer so they can help with recovery */
    1452        1280 :     if (CheckpointerPID == 0)
    1453        1280 :         CheckpointerPID = StartCheckpointer();
    1454        1280 :     if (BgWriterPID == 0)
    1455        1280 :         BgWriterPID = StartBackgroundWriter();
    1456             : 
    1457             :     /*
    1458             :      * We're ready to rock and roll...
    1459             :      */
    1460        1280 :     StartupPID = StartupDataBase();
    1461             :     Assert(StartupPID != 0);
    1462        1280 :     StartupStatus = STARTUP_RUNNING;
    1463        1280 :     pmState = PM_STARTUP;
    1464             : 
    1465             :     /* Some workers may be scheduled to start now */
    1466        1280 :     maybe_start_bgworkers();
    1467             : 
    1468        1280 :     status = ServerLoop();
    1469             : 
    1470             :     /*
    1471             :      * ServerLoop probably shouldn't ever return, but if it does, close down.
    1472             :      */
    1473           0 :     ExitPostmaster(status != STATUS_OK);
    1474             : 
    1475             :     abort();                    /* not reached */
    1476             : }
    1477             : 
    1478             : 
    1479             : /*
    1480             :  * on_proc_exit callback to close server's listen sockets
    1481             :  */
    1482             : static void
    1483        1274 : CloseServerPorts(int status, Datum arg)
    1484             : {
    1485             :     int         i;
    1486             : 
    1487             :     /*
    1488             :      * First, explicitly close all the socket FDs.  We used to just let this
    1489             :      * happen implicitly at postmaster exit, but it's better to close them
    1490             :      * before we remove the postmaster.pid lockfile; otherwise there's a race
    1491             :      * condition if a new postmaster wants to re-use the TCP port number.
    1492             :      */
    1493        2598 :     for (i = 0; i < NumListenSockets; i++)
    1494        1324 :         StreamClose(ListenSockets[i]);
    1495        1274 :     NumListenSockets = 0;
    1496             : 
    1497             :     /*
    1498             :      * Next, remove any filesystem entries for Unix sockets.  To avoid race
    1499             :      * conditions against incoming postmasters, this must happen after closing
    1500             :      * the sockets and before removing lock files.
    1501             :      */
    1502        1274 :     RemoveSocketFiles();
    1503             : 
    1504             :     /*
    1505             :      * We don't do anything about socket lock files here; those will be
    1506             :      * removed in a later on_proc_exit callback.
    1507             :      */
    1508        1274 : }
    1509             : 
    1510             : /*
    1511             :  * on_proc_exit callback to delete external_pid_file
    1512             :  */
    1513             : static void
    1514           0 : unlink_external_pid_file(int status, Datum arg)
    1515             : {
    1516           0 :     if (external_pid_file)
    1517           0 :         unlink(external_pid_file);
    1518           0 : }
    1519             : 
    1520             : 
    1521             : /*
    1522             :  * Compute and check the directory paths to files that are part of the
    1523             :  * installation (as deduced from the postgres executable's own location)
    1524             :  */
    1525             : static void
    1526        1296 : getInstallationPaths(const char *argv0)
    1527             : {
    1528             :     DIR        *pdir;
    1529             : 
    1530             :     /* Locate the postgres executable itself */
    1531        1296 :     if (find_my_exec(argv0, my_exec_path) < 0)
    1532           0 :         ereport(FATAL,
    1533             :                 (errmsg("%s: could not locate my own executable path", argv0)));
    1534             : 
    1535             : #ifdef EXEC_BACKEND
    1536             :     /* Locate executable backend before we change working directory */
    1537             :     if (find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
    1538             :                         postgres_exec_path) < 0)
    1539             :         ereport(FATAL,
    1540             :                 (errmsg("%s: could not locate matching postgres executable",
    1541             :                         argv0)));
    1542             : #endif
    1543             : 
    1544             :     /*
    1545             :      * Locate the pkglib directory --- this has to be set early in case we try
    1546             :      * to load any modules from it in response to postgresql.conf entries.
    1547             :      */
    1548        1296 :     get_pkglib_path(my_exec_path, pkglib_path);
    1549             : 
    1550             :     /*
    1551             :      * Verify that there's a readable directory there; otherwise the Postgres
    1552             :      * installation is incomplete or corrupt.  (A typical cause of this
    1553             :      * failure is that the postgres executable has been moved or hardlinked to
    1554             :      * some directory that's not a sibling of the installation lib/
    1555             :      * directory.)
    1556             :      */
    1557        1296 :     pdir = AllocateDir(pkglib_path);
    1558        1296 :     if (pdir == NULL)
    1559           0 :         ereport(ERROR,
    1560             :                 (errcode_for_file_access(),
    1561             :                  errmsg("could not open directory \"%s\": %m",
    1562             :                         pkglib_path),
    1563             :                  errhint("This may indicate an incomplete PostgreSQL installation, or that the file \"%s\" has been moved away from its proper location.",
    1564             :                          my_exec_path)));
    1565        1296 :     FreeDir(pdir);
    1566             : 
    1567             :     /*
    1568             :      * It's not worth checking the share/ directory.  If the lib/ directory is
    1569             :      * there, then share/ probably is too.
    1570             :      */
    1571        1296 : }
    1572             : 
    1573             : /*
    1574             :  * Check that pg_control exists in the correct location in the data directory.
    1575             :  *
    1576             :  * No attempt is made to validate the contents of pg_control here.  This is
    1577             :  * just a sanity check to see if we are looking at a real data directory.
    1578             :  */
    1579             : static void
    1580        1292 : checkControlFile(void)
    1581             : {
    1582             :     char        path[MAXPGPATH];
    1583             :     FILE       *fp;
    1584             : 
    1585        1292 :     snprintf(path, sizeof(path), "%s/global/pg_control", DataDir);
    1586             : 
    1587        1292 :     fp = AllocateFile(path, PG_BINARY_R);
    1588        1292 :     if (fp == NULL)
    1589             :     {
    1590           0 :         write_stderr("%s: could not find the database system\n"
    1591             :                      "Expected to find it in the directory \"%s\",\n"
    1592             :                      "but could not open file \"%s\": %s\n",
    1593           0 :                      progname, DataDir, path, strerror(errno));
    1594           0 :         ExitPostmaster(2);
    1595             :     }
    1596        1292 :     FreeFile(fp);
    1597        1292 : }
    1598             : 
    1599             : /*
    1600             :  * Determine how long should we let ServerLoop sleep, in milliseconds.
    1601             :  *
    1602             :  * In normal conditions we wait at most one minute, to ensure that the other
    1603             :  * background tasks handled by ServerLoop get done even when no requests are
    1604             :  * arriving.  However, if there are background workers waiting to be started,
    1605             :  * we don't actually sleep so that they are quickly serviced.  Other exception
    1606             :  * cases are as shown in the code.
    1607             :  */
    1608             : static int
    1609       54866 : DetermineSleepTime(void)
    1610             : {
    1611       54866 :     TimestampTz next_wakeup = 0;
    1612             : 
    1613             :     /*
    1614             :      * Normal case: either there are no background workers at all, or we're in
    1615             :      * a shutdown sequence (during which we ignore bgworkers altogether).
    1616             :      */
    1617       54866 :     if (Shutdown > NoShutdown ||
    1618       48944 :         (!StartWorkerNeeded && !HaveCrashedWorker))
    1619             :     {
    1620       54866 :         if (AbortStartTime != 0)
    1621             :         {
    1622             :             int         seconds;
    1623             : 
    1624             :             /* time left to abort; clamp to 0 in case it already expired */
    1625        2018 :             seconds = SIGKILL_CHILDREN_AFTER_SECS -
    1626        2018 :                 (time(NULL) - AbortStartTime);
    1627             : 
    1628        2018 :             return Max(seconds * 1000, 0);
    1629             :         }
    1630             :         else
    1631       52848 :             return 60 * 1000;
    1632             :     }
    1633             : 
    1634           0 :     if (StartWorkerNeeded)
    1635           0 :         return 0;
    1636             : 
    1637           0 :     if (HaveCrashedWorker)
    1638             :     {
    1639             :         slist_mutable_iter siter;
    1640             : 
    1641             :         /*
    1642             :          * When there are crashed bgworkers, we sleep just long enough that
    1643             :          * they are restarted when they request to be.  Scan the list to
    1644             :          * determine the minimum of all wakeup times according to most recent
    1645             :          * crash time and requested restart interval.
    1646             :          */
    1647           0 :         slist_foreach_modify(siter, &BackgroundWorkerList)
    1648             :         {
    1649             :             RegisteredBgWorker *rw;
    1650             :             TimestampTz this_wakeup;
    1651             : 
    1652           0 :             rw = slist_container(RegisteredBgWorker, rw_lnode, siter.cur);
    1653             : 
    1654           0 :             if (rw->rw_crashed_at == 0)
    1655           0 :                 continue;
    1656             : 
    1657           0 :             if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART
    1658           0 :                 || rw->rw_terminate)
    1659             :             {
    1660           0 :                 ForgetBackgroundWorker(&siter);
    1661           0 :                 continue;
    1662             :             }
    1663             : 
    1664           0 :             this_wakeup = TimestampTzPlusMilliseconds(rw->rw_crashed_at,
    1665             :                                                       1000L * rw->rw_worker.bgw_restart_time);
    1666           0 :             if (next_wakeup == 0 || this_wakeup < next_wakeup)
    1667           0 :                 next_wakeup = this_wakeup;
    1668             :         }
    1669             :     }
    1670             : 
    1671           0 :     if (next_wakeup != 0)
    1672             :     {
    1673             :         int         ms;
    1674             : 
    1675             :         /* result of TimestampDifferenceMilliseconds is in [0, INT_MAX] */
    1676           0 :         ms = (int) TimestampDifferenceMilliseconds(GetCurrentTimestamp(),
    1677             :                                                    next_wakeup);
    1678           0 :         return Min(60 * 1000, ms);
    1679             :     }
    1680             : 
    1681           0 :     return 60 * 1000;
    1682             : }
    1683             : 
    1684             : /*
    1685             :  * Activate or deactivate notifications of server socket events.  Since we
    1686             :  * don't currently have a way to remove events from an existing WaitEventSet,
    1687             :  * we'll just destroy and recreate the whole thing.  This is called during
    1688             :  * shutdown so we can wait for backends to exit without accepting new
    1689             :  * connections, and during crash reinitialization when we need to start
    1690             :  * listening for new connections again.  The WaitEventSet will be freed in fork
    1691             :  * children by ClosePostmasterPorts().
    1692             :  */
    1693             : static void
    1694        2588 : ConfigurePostmasterWaitSet(bool accept_connections)
    1695             : {
    1696        2588 :     if (pm_wait_set)
    1697        1308 :         FreeWaitEventSet(pm_wait_set);
    1698        2588 :     pm_wait_set = NULL;
    1699             : 
    1700        3876 :     pm_wait_set = CreateWaitEventSet(NULL,
    1701        1288 :                                      accept_connections ? (1 + NumListenSockets) : 1);
    1702        2588 :     AddWaitEventToSet(pm_wait_set, WL_LATCH_SET, PGINVALID_SOCKET, MyLatch,
    1703             :                       NULL);
    1704             : 
    1705        2588 :     if (accept_connections)
    1706             :     {
    1707        2626 :         for (int i = 0; i < NumListenSockets; i++)
    1708        1338 :             AddWaitEventToSet(pm_wait_set, WL_SOCKET_ACCEPT, ListenSockets[i],
    1709             :                               NULL, NULL);
    1710             :     }
    1711        2588 : }
    1712             : 
    1713             : /*
    1714             :  * Main idle loop of postmaster
    1715             :  */
    1716             : static int
    1717        1280 : ServerLoop(void)
    1718             : {
    1719             :     time_t      last_lockfile_recheck_time,
    1720             :                 last_touch_time;
    1721             :     WaitEvent   events[MAXLISTEN];
    1722             :     int         nevents;
    1723             : 
    1724        1280 :     ConfigurePostmasterWaitSet(true);
    1725        1280 :     last_lockfile_recheck_time = last_touch_time = time(NULL);
    1726             : 
    1727             :     for (;;)
    1728       53586 :     {
    1729             :         time_t      now;
    1730             : 
    1731       54866 :         nevents = WaitEventSetWait(pm_wait_set,
    1732       54866 :                                    DetermineSleepTime(),
    1733             :                                    events,
    1734             :                                    lengthof(events),
    1735             :                                    0 /* postmaster posts no wait_events */ );
    1736             : 
    1737             :         /*
    1738             :          * Latch set by signal handler, or new connection pending on any of
    1739             :          * our sockets? If the latter, fork a child process to deal with it.
    1740             :          */
    1741      108452 :         for (int i = 0; i < nevents; i++)
    1742             :         {
    1743       54866 :             if (events[i].events & WL_LATCH_SET)
    1744       34940 :                 ResetLatch(MyLatch);
    1745             : 
    1746             :             /*
    1747             :              * The following requests are handled unconditionally, even if we
    1748             :              * didn't see WL_LATCH_SET.  This gives high priority to shutdown
    1749             :              * and reload requests where the latch happens to appear later in
    1750             :              * events[] or will be reported by a later call to
    1751             :              * WaitEventSetWait().
    1752             :              */
    1753       54866 :             if (pending_pm_shutdown_request)
    1754        1268 :                 process_pm_shutdown_request();
    1755       54866 :             if (pending_pm_reload_request)
    1756         208 :                 process_pm_reload_request();
    1757       54866 :             if (pending_pm_child_exit)
    1758       28856 :                 process_pm_child_exit();
    1759       53588 :             if (pending_pm_pmsignal)
    1760        4756 :                 process_pm_pmsignal();
    1761             : 
    1762       53588 :             if (events[i].events & WL_SOCKET_ACCEPT)
    1763             :             {
    1764             :                 Port       *port;
    1765             : 
    1766       19926 :                 port = ConnCreate(events[i].fd);
    1767       19926 :                 if (port)
    1768             :                 {
    1769       19926 :                     BackendStartup(port);
    1770             : 
    1771             :                     /*
    1772             :                      * We no longer need the open socket or port structure in
    1773             :                      * this process
    1774             :                      */
    1775       19924 :                     StreamClose(port->sock);
    1776       19924 :                     ConnFree(port);
    1777             :                 }
    1778             :             }
    1779             :         }
    1780             : 
    1781             :         /* If we have lost the log collector, try to start a new one */
    1782       53586 :         if (SysLoggerPID == 0 && Logging_collector)
    1783           0 :             SysLoggerPID = SysLogger_Start();
    1784             : 
    1785             :         /*
    1786             :          * If no background writer process is running, and we are not in a
    1787             :          * state that prevents it, start one.  It doesn't matter if this
    1788             :          * fails, we'll just try again later.  Likewise for the checkpointer.
    1789             :          */
    1790       53586 :         if (pmState == PM_RUN || pmState == PM_RECOVERY ||
    1791        8942 :             pmState == PM_HOT_STANDBY || pmState == PM_STARTUP)
    1792             :         {
    1793       47634 :             if (CheckpointerPID == 0)
    1794           8 :                 CheckpointerPID = StartCheckpointer();
    1795       47634 :             if (BgWriterPID == 0)
    1796           8 :                 BgWriterPID = StartBackgroundWriter();
    1797             :         }
    1798             : 
    1799             :         /*
    1800             :          * Likewise, if we have lost the walwriter process, try to start a new
    1801             :          * one.  But this is needed only in normal operation (else we cannot
    1802             :          * be writing any new WAL).
    1803             :          */
    1804       53586 :         if (WalWriterPID == 0 && pmState == PM_RUN)
    1805           0 :             WalWriterPID = StartWalWriter();
    1806             : 
    1807             :         /*
    1808             :          * If we have lost the autovacuum launcher, try to start a new one. We
    1809             :          * don't want autovacuum to run in binary upgrade mode because
    1810             :          * autovacuum might update relfrozenxid for empty tables before the
    1811             :          * physical files are put in place.
    1812             :          */
    1813       62738 :         if (!IsBinaryUpgrade && AutoVacPID == 0 &&
    1814       12386 :             (AutoVacuumingActive() || start_autovac_launcher) &&
    1815        5918 :             pmState == PM_RUN)
    1816             :         {
    1817           0 :             AutoVacPID = StartAutoVacLauncher();
    1818           0 :             if (AutoVacPID != 0)
    1819           0 :                 start_autovac_launcher = false; /* signal processed */
    1820             :         }
    1821             : 
    1822             :         /* If we have lost the archiver, try to start a new one. */
    1823       53586 :         if (PgArchPID == 0 && PgArchStartupAllowed())
    1824           0 :             PgArchPID = StartArchiver();
    1825             : 
    1826             :         /* If we need to signal the autovacuum launcher, do so now */
    1827       53586 :         if (avlauncher_needs_signal)
    1828             :         {
    1829           0 :             avlauncher_needs_signal = false;
    1830           0 :             if (AutoVacPID != 0)
    1831           0 :                 kill(AutoVacPID, SIGUSR2);
    1832             :         }
    1833             : 
    1834             :         /* If we need to start a WAL receiver, try to do that now */
    1835       53586 :         if (WalReceiverRequested)
    1836         324 :             MaybeStartWalReceiver();
    1837             : 
    1838             :         /* Get other worker processes running, if needed */
    1839       53586 :         if (StartWorkerNeeded || HaveCrashedWorker)
    1840        5704 :             maybe_start_bgworkers();
    1841             : 
    1842             : #ifdef HAVE_PTHREAD_IS_THREADED_NP
    1843             : 
    1844             :         /*
    1845             :          * With assertions enabled, check regularly for appearance of
    1846             :          * additional threads.  All builds check at start and exit.
    1847             :          */
    1848             :         Assert(pthread_is_threaded_np() == 0);
    1849             : #endif
    1850             : 
    1851             :         /*
    1852             :          * Lastly, check to see if it's time to do some things that we don't
    1853             :          * want to do every single time through the loop, because they're a
    1854             :          * bit expensive.  Note that there's up to a minute of slop in when
    1855             :          * these tasks will be performed, since DetermineSleepTime() will let
    1856             :          * us sleep at most that long; except for SIGKILL timeout which has
    1857             :          * special-case logic there.
    1858             :          */
    1859       53586 :         now = time(NULL);
    1860             : 
    1861             :         /*
    1862             :          * If we already sent SIGQUIT to children and they are slow to shut
    1863             :          * down, it's time to send them SIGKILL (or SIGABRT if requested).
    1864             :          * This doesn't happen normally, but under certain conditions backends
    1865             :          * can get stuck while shutting down.  This is a last measure to get
    1866             :          * them unwedged.
    1867             :          *
    1868             :          * Note we also do this during recovery from a process crash.
    1869             :          */
    1870       53586 :         if ((Shutdown >= ImmediateShutdown || FatalError) &&
    1871        2026 :             AbortStartTime != 0 &&
    1872        2018 :             (now - AbortStartTime) >= SIGKILL_CHILDREN_AFTER_SECS)
    1873             :         {
    1874             :             /* We were gentle with them before. Not anymore */
    1875           0 :             ereport(LOG,
    1876             :             /* translator: %s is SIGKILL or SIGABRT */
    1877             :                     (errmsg("issuing %s to recalcitrant children",
    1878             :                             send_abort_for_kill ? "SIGABRT" : "SIGKILL")));
    1879           0 :             TerminateChildren(send_abort_for_kill ? SIGABRT : SIGKILL);
    1880             :             /* reset flag so we don't SIGKILL again */
    1881           0 :             AbortStartTime = 0;
    1882             :         }
    1883             : 
    1884             :         /*
    1885             :          * Once a minute, verify that postmaster.pid hasn't been removed or
    1886             :          * overwritten.  If it has, we force a shutdown.  This avoids having
    1887             :          * postmasters and child processes hanging around after their database
    1888             :          * is gone, and maybe causing problems if a new database cluster is
    1889             :          * created in the same place.  It also provides some protection
    1890             :          * against a DBA foolishly removing postmaster.pid and manually
    1891             :          * starting a new postmaster.  Data corruption is likely to ensue from
    1892             :          * that anyway, but we can minimize the damage by aborting ASAP.
    1893             :          */
    1894       53586 :         if (now - last_lockfile_recheck_time >= 1 * SECS_PER_MINUTE)
    1895             :         {
    1896          10 :             if (!RecheckDataDirLockFile())
    1897             :             {
    1898           0 :                 ereport(LOG,
    1899             :                         (errmsg("performing immediate shutdown because data directory lock file is invalid")));
    1900           0 :                 kill(MyProcPid, SIGQUIT);
    1901             :             }
    1902          10 :             last_lockfile_recheck_time = now;
    1903             :         }
    1904             : 
    1905             :         /*
    1906             :          * Touch Unix socket and lock files every 58 minutes, to ensure that
    1907             :          * they are not removed by overzealous /tmp-cleaning tasks.  We assume
    1908             :          * no one runs cleaners with cutoff times of less than an hour ...
    1909             :          */
    1910       53586 :         if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
    1911             :         {
    1912           0 :             TouchSocketFiles();
    1913           0 :             TouchSocketLockFiles();
    1914           0 :             last_touch_time = now;
    1915             :         }
    1916             :     }
    1917             : }
    1918             : 
    1919             : /*
    1920             :  * Read a client's startup packet and do something according to it.
    1921             :  *
    1922             :  * Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
    1923             :  * not return at all.
    1924             :  *
    1925             :  * (Note that ereport(FATAL) stuff is sent to the client, so only use it
    1926             :  * if that's what you want.  Return STATUS_ERROR if you don't want to
    1927             :  * send anything to the client, which would typically be appropriate
    1928             :  * if we detect a communications failure.)
    1929             :  *
    1930             :  * Set ssl_done and/or gss_done when negotiation of an encrypted layer
    1931             :  * (currently, TLS or GSSAPI) is completed. A successful negotiation of either
    1932             :  * encryption layer sets both flags, but a rejected negotiation sets only the
    1933             :  * flag for that layer, since the client may wish to try the other one. We
    1934             :  * should make no assumption here about the order in which the client may make
    1935             :  * requests.
    1936             :  */
    1937             : static int
    1938       20086 : ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
    1939             : {
    1940             :     int32       len;
    1941             :     char       *buf;
    1942             :     ProtocolVersion proto;
    1943             :     MemoryContext oldcontext;
    1944             : 
    1945       20086 :     pq_startmsgread();
    1946             : 
    1947             :     /*
    1948             :      * Grab the first byte of the length word separately, so that we can tell
    1949             :      * whether we have no data at all or an incomplete packet.  (This might
    1950             :      * sound inefficient, but it's not really, because of buffering in
    1951             :      * pqcomm.c.)
    1952             :      */
    1953       20086 :     if (pq_getbytes((char *) &len, 1) == EOF)
    1954             :     {
    1955             :         /*
    1956             :          * If we get no data at all, don't clutter the log with a complaint;
    1957             :          * such cases often occur for legitimate reasons.  An example is that
    1958             :          * we might be here after responding to NEGOTIATE_SSL_CODE, and if the
    1959             :          * client didn't like our response, it'll probably just drop the
    1960             :          * connection.  Service-monitoring software also often just opens and
    1961             :          * closes a connection without sending anything.  (So do port
    1962             :          * scanners, which may be less benign, but it's not really our job to
    1963             :          * notice those.)
    1964             :          */
    1965          26 :         return STATUS_ERROR;
    1966             :     }
    1967             : 
    1968       20060 :     if (pq_getbytes(((char *) &len) + 1, 3) == EOF)
    1969             :     {
    1970             :         /* Got a partial length word, so bleat about that */
    1971           0 :         if (!ssl_done && !gss_done)
    1972           0 :             ereport(COMMERROR,
    1973             :                     (errcode(ERRCODE_PROTOCOL_VIOLATION),
    1974             :                      errmsg("incomplete startup packet")));
    1975           0 :         return STATUS_ERROR;
    1976             :     }
    1977             : 
    1978       20060 :     len = pg_ntoh32(len);
    1979       20060 :     len -= 4;
    1980             : 
    1981       20060 :     if (len < (int32) sizeof(ProtocolVersion) ||
    1982       20060 :         len > MAX_STARTUP_PACKET_LENGTH)
    1983             :     {
    1984           0 :         ereport(COMMERROR,
    1985             :                 (errcode(ERRCODE_PROTOCOL_VIOLATION),
    1986             :                  errmsg("invalid length of startup packet")));
    1987           0 :         return STATUS_ERROR;
    1988             :     }
    1989             : 
    1990             :     /*
    1991             :      * Allocate space to hold the startup packet, plus one extra byte that's
    1992             :      * initialized to be zero.  This ensures we will have null termination of
    1993             :      * all strings inside the packet.
    1994             :      */
    1995       20060 :     buf = palloc(len + 1);
    1996       20060 :     buf[len] = '\0';
    1997             : 
    1998       20060 :     if (pq_getbytes(buf, len) == EOF)
    1999             :     {
    2000           0 :         ereport(COMMERROR,
    2001             :                 (errcode(ERRCODE_PROTOCOL_VIOLATION),
    2002             :                  errmsg("incomplete startup packet")));
    2003           0 :         return STATUS_ERROR;
    2004             :     }
    2005       20060 :     pq_endmsgread();
    2006             : 
    2007             :     /*
    2008             :      * The first field is either a protocol version number or a special
    2009             :      * request code.
    2010             :      */
    2011       20060 :     port->proto = proto = pg_ntoh32(*((ProtocolVersion *) buf));
    2012             : 
    2013       20060 :     if (proto == CANCEL_REQUEST_CODE)
    2014             :     {
    2015           6 :         if (len != sizeof(CancelRequestPacket))
    2016             :         {
    2017           0 :             ereport(COMMERROR,
    2018             :                     (errcode(ERRCODE_PROTOCOL_VIOLATION),
    2019             :                      errmsg("invalid length of startup packet")));
    2020           0 :             return STATUS_ERROR;
    2021             :         }
    2022           6 :         processCancelRequest(port, buf);
    2023             :         /* Not really an error, but we don't want to proceed further */
    2024           6 :         return STATUS_ERROR;
    2025             :     }
    2026             : 
    2027       20054 :     if (proto == NEGOTIATE_SSL_CODE && !ssl_done)
    2028             :     {
    2029             :         char        SSLok;
    2030             : 
    2031             : #ifdef USE_SSL
    2032             :         /* No SSL when disabled or on Unix sockets */
    2033         514 :         if (!LoadedSSL || port->laddr.addr.ss_family == AF_UNIX)
    2034         286 :             SSLok = 'N';
    2035             :         else
    2036         228 :             SSLok = 'S';        /* Support for SSL */
    2037             : #else
    2038             :         SSLok = 'N';            /* No support for SSL */
    2039             : #endif
    2040             : 
    2041         514 : retry1:
    2042         514 :         if (send(port->sock, &SSLok, 1, 0) != 1)
    2043             :         {
    2044           0 :             if (errno == EINTR)
    2045           0 :                 goto retry1;    /* if interrupted, just retry */
    2046           0 :             ereport(COMMERROR,
    2047             :                     (errcode_for_socket_access(),
    2048             :                      errmsg("failed to send SSL negotiation response: %m")));
    2049           0 :             return STATUS_ERROR;    /* close the connection */
    2050             :         }
    2051             : 
    2052             : #ifdef USE_SSL
    2053         514 :         if (SSLok == 'S' && secure_open_server(port) == -1)
    2054          36 :             return STATUS_ERROR;
    2055             : #endif
    2056             : 
    2057             :         /*
    2058             :          * At this point we should have no data already buffered.  If we do,
    2059             :          * it was received before we performed the SSL handshake, so it wasn't
    2060             :          * encrypted and indeed may have been injected by a man-in-the-middle.
    2061             :          * We report this case to the client.
    2062             :          */
    2063         478 :         if (pq_buffer_has_data())
    2064           0 :             ereport(FATAL,
    2065             :                     (errcode(ERRCODE_PROTOCOL_VIOLATION),
    2066             :                      errmsg("received unencrypted data after SSL request"),
    2067             :                      errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
    2068             : 
    2069             :         /*
    2070             :          * regular startup packet, cancel, etc packet should follow, but not
    2071             :          * another SSL negotiation request, and a GSS request should only
    2072             :          * follow if SSL was rejected (client may negotiate in either order)
    2073             :          */
    2074         478 :         return ProcessStartupPacket(port, true, SSLok == 'S');
    2075             :     }
    2076       19540 :     else if (proto == NEGOTIATE_GSS_CODE && !gss_done)
    2077             :     {
    2078           0 :         char        GSSok = 'N';
    2079             : 
    2080             : #ifdef ENABLE_GSS
    2081             :         /* No GSSAPI encryption when on Unix socket */
    2082             :         if (port->laddr.addr.ss_family != AF_UNIX)
    2083             :             GSSok = 'G';
    2084             : #endif
    2085             : 
    2086           0 :         while (send(port->sock, &GSSok, 1, 0) != 1)
    2087             :         {
    2088           0 :             if (errno == EINTR)
    2089           0 :                 continue;
    2090           0 :             ereport(COMMERROR,
    2091             :                     (errcode_for_socket_access(),
    2092             :                      errmsg("failed to send GSSAPI negotiation response: %m")));
    2093           0 :             return STATUS_ERROR;    /* close the connection */
    2094             :         }
    2095             : 
    2096             : #ifdef ENABLE_GSS
    2097             :         if (GSSok == 'G' && secure_open_gssapi(port) == -1)
    2098             :             return STATUS_ERROR;
    2099             : #endif
    2100             : 
    2101             :         /*
    2102             :          * At this point we should have no data already buffered.  If we do,
    2103             :          * it was received before we performed the GSS handshake, so it wasn't
    2104             :          * encrypted and indeed may have been injected by a man-in-the-middle.
    2105             :          * We report this case to the client.
    2106             :          */
    2107           0 :         if (pq_buffer_has_data())
    2108           0 :             ereport(FATAL,
    2109             :                     (errcode(ERRCODE_PROTOCOL_VIOLATION),
    2110             :                      errmsg("received unencrypted data after GSSAPI encryption request"),
    2111             :                      errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
    2112             : 
    2113             :         /*
    2114             :          * regular startup packet, cancel, etc packet should follow, but not
    2115             :          * another GSS negotiation request, and an SSL request should only
    2116             :          * follow if GSS was rejected (client may negotiate in either order)
    2117             :          */
    2118           0 :         return ProcessStartupPacket(port, GSSok == 'G', true);
    2119             :     }
    2120             : 
    2121             :     /* Could add additional special packet types here */
    2122             : 
    2123             :     /*
    2124             :      * Set FrontendProtocol now so that ereport() knows what format to send if
    2125             :      * we fail during startup.
    2126             :      */
    2127       19540 :     FrontendProtocol = proto;
    2128             : 
    2129             :     /* Check that the major protocol version is in range. */
    2130       19540 :     if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
    2131       19540 :         PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST))
    2132           0 :         ereport(FATAL,
    2133             :                 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
    2134             :                  errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
    2135             :                         PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
    2136             :                         PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
    2137             :                         PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
    2138             :                         PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));
    2139             : 
    2140             :     /*
    2141             :      * Now fetch parameters out of startup packet and save them into the Port
    2142             :      * structure.  All data structures attached to the Port struct must be
    2143             :      * allocated in TopMemoryContext so that they will remain available in a
    2144             :      * running backend (even after PostmasterContext is destroyed).  We need
    2145             :      * not worry about leaking this storage on failure, since we aren't in the
    2146             :      * postmaster process anymore.
    2147             :      */
    2148       19540 :     oldcontext = MemoryContextSwitchTo(TopMemoryContext);
    2149             : 
    2150             :     /* Handle protocol version 3 startup packet */
    2151             :     {
    2152       19540 :         int32       offset = sizeof(ProtocolVersion);
    2153       19540 :         List       *unrecognized_protocol_options = NIL;
    2154             : 
    2155             :         /*
    2156             :          * Scan packet body for name/option pairs.  We can assume any string
    2157             :          * beginning within the packet body is null-terminated, thanks to
    2158             :          * zeroing extra byte above.
    2159             :          */
    2160       19540 :         port->guc_options = NIL;
    2161             : 
    2162       95358 :         while (offset < len)
    2163             :         {
    2164       95358 :             char       *nameptr = buf + offset;
    2165             :             int32       valoffset;
    2166             :             char       *valptr;
    2167             : 
    2168       95358 :             if (*nameptr == '\0')
    2169       19540 :                 break;          /* found packet terminator */
    2170       75818 :             valoffset = offset + strlen(nameptr) + 1;
    2171       75818 :             if (valoffset >= len)
    2172           0 :                 break;          /* missing value, will complain below */
    2173       75818 :             valptr = buf + valoffset;
    2174             : 
    2175       75818 :             if (strcmp(nameptr, "database") == 0)
    2176       19540 :                 port->database_name = pstrdup(valptr);
    2177       56278 :             else if (strcmp(nameptr, "user") == 0)
    2178       19540 :                 port->user_name = pstrdup(valptr);
    2179       36738 :             else if (strcmp(nameptr, "options") == 0)
    2180        5798 :                 port->cmdline_options = pstrdup(valptr);
    2181       30940 :             else if (strcmp(nameptr, "replication") == 0)
    2182             :             {
    2183             :                 /*
    2184             :                  * Due to backward compatibility concerns the replication
    2185             :                  * parameter is a hybrid beast which allows the value to be
    2186             :                  * either boolean or the string 'database'. The latter
    2187             :                  * connects to a specific database which is e.g. required for
    2188             :                  * logical decoding while.
    2189             :                  */
    2190        1732 :                 if (strcmp(valptr, "database") == 0)
    2191             :                 {
    2192        1030 :                     am_walsender = true;
    2193        1030 :                     am_db_walsender = true;
    2194             :                 }
    2195         702 :                 else if (!parse_bool(valptr, &am_walsender))
    2196           0 :                     ereport(FATAL,
    2197             :                             (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    2198             :                              errmsg("invalid value for parameter \"%s\": \"%s\"",
    2199             :                                     "replication",
    2200             :                                     valptr),
    2201             :                              errhint("Valid values are: \"false\", 0, \"true\", 1, \"database\".")));
    2202             :             }
    2203       29208 :             else if (strncmp(nameptr, "_pq_.", 5) == 0)
    2204             :             {
    2205             :                 /*
    2206             :                  * Any option beginning with _pq_. is reserved for use as a
    2207             :                  * protocol-level option, but at present no such options are
    2208             :                  * defined.
    2209             :                  */
    2210             :                 unrecognized_protocol_options =
    2211           0 :                     lappend(unrecognized_protocol_options, pstrdup(nameptr));
    2212             :             }
    2213             :             else
    2214             :             {
    2215             :                 /* Assume it's a generic GUC option */
    2216       29208 :                 port->guc_options = lappend(port->guc_options,
    2217       29208 :                                             pstrdup(nameptr));
    2218       29208 :                 port->guc_options = lappend(port->guc_options,
    2219       29208 :                                             pstrdup(valptr));
    2220             : 
    2221             :                 /*
    2222             :                  * Copy application_name to port if we come across it.  This
    2223             :                  * is done so we can log the application_name in the
    2224             :                  * connection authorization message.  Note that the GUC would
    2225             :                  * be used but we haven't gone through GUC setup yet.
    2226             :                  */
    2227       29208 :                 if (strcmp(nameptr, "application_name") == 0)
    2228             :                 {
    2229       19538 :                     port->application_name = pg_clean_ascii(valptr, 0);
    2230             :                 }
    2231             :             }
    2232       75818 :             offset = valoffset + strlen(valptr) + 1;
    2233             :         }
    2234             : 
    2235             :         /*
    2236             :          * If we didn't find a packet terminator exactly at the end of the
    2237             :          * given packet length, complain.
    2238             :          */
    2239       19540 :         if (offset != len - 1)
    2240           0 :             ereport(FATAL,
    2241             :                     (errcode(ERRCODE_PROTOCOL_VIOLATION),
    2242             :                      errmsg("invalid startup packet layout: expected terminator as last byte")));
    2243             : 
    2244             :         /*
    2245             :          * If the client requested a newer protocol version or if the client
    2246             :          * requested any protocol options we didn't recognize, let them know
    2247             :          * the newest minor protocol version we do support and the names of
    2248             :          * any unrecognized options.
    2249             :          */
    2250       19540 :         if (PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST) ||
    2251             :             unrecognized_protocol_options != NIL)
    2252           0 :             SendNegotiateProtocolVersion(unrecognized_protocol_options);
    2253             :     }
    2254             : 
    2255             :     /* Check a user name was given. */
    2256       19540 :     if (port->user_name == NULL || port->user_name[0] == '\0')
    2257           0 :         ereport(FATAL,
    2258             :                 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
    2259             :                  errmsg("no PostgreSQL user name specified in startup packet")));
    2260             : 
    2261             :     /* The database defaults to the user name. */
    2262       19540 :     if (port->database_name == NULL || port->database_name[0] == '\0')
    2263           0 :         port->database_name = pstrdup(port->user_name);
    2264             : 
    2265       19540 :     if (am_walsender)
    2266        1732 :         MyBackendType = B_WAL_SENDER;
    2267             :     else
    2268       17808 :         MyBackendType = B_BACKEND;
    2269             : 
    2270             :     /*
    2271             :      * Normal walsender backends, e.g. for streaming replication, are not
    2272             :      * connected to a particular database. But walsenders used for logical
    2273             :      * replication need to connect to a specific database. We allow streaming
    2274             :      * replication commands to be issued even if connected to a database as it
    2275             :      * can make sense to first make a basebackup and then stream changes
    2276             :      * starting from that.
    2277             :      */
    2278       19540 :     if (am_walsender && !am_db_walsender)
    2279         702 :         port->database_name[0] = '\0';
    2280             : 
    2281             :     /*
    2282             :      * Done putting stuff in TopMemoryContext.
    2283             :      */
    2284       19540 :     MemoryContextSwitchTo(oldcontext);
    2285             : 
    2286       19540 :     return STATUS_OK;
    2287             : }
    2288             : 
    2289             : /*
    2290             :  * Send a NegotiateProtocolVersion to the client.  This lets the client know
    2291             :  * that they have requested a newer minor protocol version than we are able
    2292             :  * to speak.  We'll speak the highest version we know about; the client can,
    2293             :  * of course, abandon the connection if that's a problem.
    2294             :  *
    2295             :  * We also include in the response a list of protocol options we didn't
    2296             :  * understand.  This allows clients to include optional parameters that might
    2297             :  * be present either in newer protocol versions or third-party protocol
    2298             :  * extensions without fear of having to reconnect if those options are not
    2299             :  * understood, while at the same time making certain that the client is aware
    2300             :  * of which options were actually accepted.
    2301             :  */
    2302             : static void
    2303           0 : SendNegotiateProtocolVersion(List *unrecognized_protocol_options)
    2304             : {
    2305             :     StringInfoData buf;
    2306             :     ListCell   *lc;
    2307             : 
    2308           0 :     pq_beginmessage(&buf, PqMsg_NegotiateProtocolVersion);
    2309           0 :     pq_sendint32(&buf, PG_PROTOCOL_LATEST);
    2310           0 :     pq_sendint32(&buf, list_length(unrecognized_protocol_options));
    2311           0 :     foreach(lc, unrecognized_protocol_options)
    2312           0 :         pq_sendstring(&buf, lfirst(lc));
    2313           0 :     pq_endmessage(&buf);
    2314             : 
    2315             :     /* no need to flush, some other message will follow */
    2316           0 : }
    2317             : 
    2318             : /*
    2319             :  * The client has sent a cancel request packet, not a normal
    2320             :  * start-a-new-connection packet.  Perform the necessary processing.
    2321             :  * Nothing is sent back to the client.
    2322             :  */
    2323             : static void
    2324           6 : processCancelRequest(Port *port, void *pkt)
    2325             : {
    2326           6 :     CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
    2327             :     int         backendPID;
    2328             :     int32       cancelAuthCode;
    2329             :     Backend    *bp;
    2330             : 
    2331             : #ifndef EXEC_BACKEND
    2332             :     dlist_iter  iter;
    2333             : #else
    2334             :     int         i;
    2335             : #endif
    2336             : 
    2337           6 :     backendPID = (int) pg_ntoh32(canc->backendPID);
    2338           6 :     cancelAuthCode = (int32) pg_ntoh32(canc->cancelAuthCode);
    2339             : 
    2340             :     /*
    2341             :      * See if we have a matching backend.  In the EXEC_BACKEND case, we can no
    2342             :      * longer access the postmaster's own backend list, and must rely on the
    2343             :      * duplicate array in shared memory.
    2344             :      */
    2345             : #ifndef EXEC_BACKEND
    2346           8 :     dlist_foreach(iter, &BackendList)
    2347             :     {
    2348           8 :         bp = dlist_container(Backend, elem, iter.cur);
    2349             : #else
    2350             :     for (i = MaxLivePostmasterChildren() - 1; i >= 0; i--)
    2351             :     {
    2352             :         bp = (Backend *) &ShmemBackendArray[i];
    2353             : #endif
    2354           8 :         if (bp->pid == backendPID)
    2355             :         {
    2356           6 :             if (bp->cancel_key == cancelAuthCode)
    2357             :             {
    2358             :                 /* Found a match; signal that backend to cancel current op */
    2359           6 :                 ereport(DEBUG2,
    2360             :                         (errmsg_internal("processing cancel request: sending SIGINT to process %d",
    2361             :                                          backendPID)));
    2362           6 :                 signal_child(bp->pid, SIGINT);
    2363             :             }
    2364             :             else
    2365             :                 /* Right PID, wrong key: no way, Jose */
    2366           0 :                 ereport(LOG,
    2367             :                         (errmsg("wrong key in cancel request for process %d",
    2368             :                                 backendPID)));
    2369           6 :             return;
    2370             :         }
    2371             : #ifndef EXEC_BACKEND            /* make GNU Emacs 26.1 see brace balance */
    2372             :     }
    2373             : #else
    2374             :     }
    2375             : #endif
    2376             : 
    2377             :     /* No matching backend */
    2378           0 :     ereport(LOG,
    2379             :             (errmsg("PID %d in cancel request did not match any process",
    2380             :                     backendPID)));
    2381             : }
    2382             : 
    2383             : /*
    2384             :  * canAcceptConnections --- check to see if database state allows connections
    2385             :  * of the specified type.  backend_type can be BACKEND_TYPE_NORMAL,
    2386             :  * BACKEND_TYPE_AUTOVAC, or BACKEND_TYPE_BGWORKER.  (Note that we don't yet
    2387             :  * know whether a NORMAL connection might turn into a walsender.)
    2388             :  */
    2389             : static CAC_state
    2390       24384 : canAcceptConnections(int backend_type)
    2391             : {
    2392       24384 :     CAC_state   result = CAC_OK;
    2393             : 
    2394             :     /*
    2395             :      * Can't start backends when in startup/shutdown/inconsistent recovery
    2396             :      * state.  We treat autovac workers the same as user backends for this
    2397             :      * purpose.  However, bgworkers are excluded from this test; we expect
    2398             :      * bgworker_should_start_now() decided whether the DB state allows them.
    2399             :      */
    2400       24384 :     if (pmState != PM_RUN && pmState != PM_HOT_STANDBY &&
    2401             :         backend_type != BACKEND_TYPE_BGWORKER)
    2402             :     {
    2403         194 :         if (Shutdown > NoShutdown)
    2404           2 :             return CAC_SHUTDOWN;    /* shutdown is pending */
    2405         192 :         else if (!FatalError && pmState == PM_STARTUP)
    2406         184 :             return CAC_STARTUP; /* normal startup */
    2407           8 :         else if (!FatalError && pmState == PM_RECOVERY)
    2408           8 :             return CAC_NOTCONSISTENT;   /* not yet at consistent recovery
    2409             :                                          * state */
    2410             :         else
    2411           0 :             return CAC_RECOVERY;    /* else must be crash recovery */
    2412             :     }
    2413             : 
    2414             :     /*
    2415             :      * "Smart shutdown" restrictions are applied only to normal connections,
    2416             :      * not to autovac workers or bgworkers.
    2417             :      */
    2418       24190 :     if (!connsAllowed && backend_type == BACKEND_TYPE_NORMAL)
    2419           0 :         return CAC_SHUTDOWN;    /* shutdown is pending */
    2420             : 
    2421             :     /*
    2422             :      * Don't start too many children.
    2423             :      *
    2424             :      * We allow more connections here than we can have backends because some
    2425             :      * might still be authenticating; they might fail auth, or some existing
    2426             :      * backend might exit before the auth cycle is completed.  The exact
    2427             :      * MaxBackends limit is enforced when a new backend tries to join the
    2428             :      * shared-inval backend array.
    2429             :      *
    2430             :      * The limit here must match the sizes of the per-child-process arrays;
    2431             :      * see comments for MaxLivePostmasterChildren().
    2432             :      */
    2433       24190 :     if (CountChildren(BACKEND_TYPE_ALL) >= MaxLivePostmasterChildren())
    2434           0 :         result = CAC_TOOMANY;
    2435             : 
    2436       24190 :     return result;
    2437             : }
    2438             : 
    2439             : 
    2440             : /*
    2441             :  * ConnCreate -- create a local connection data structure
    2442             :  *
    2443             :  * Returns NULL on failure, other than out-of-memory which is fatal.
    2444             :  */
    2445             : static Port *
    2446       19926 : ConnCreate(int serverFd)
    2447             : {
    2448             :     Port       *port;
    2449             : 
    2450       19926 :     if (!(port = (Port *) calloc(1, sizeof(Port))))
    2451             :     {
    2452           0 :         ereport(LOG,
    2453             :                 (errcode(ERRCODE_OUT_OF_MEMORY),
    2454             :                  errmsg("out of memory")));
    2455           0 :         ExitPostmaster(1);
    2456             :     }
    2457             : 
    2458       19926 :     if (StreamConnection(serverFd, port) != STATUS_OK)
    2459             :     {
    2460           0 :         if (port->sock != PGINVALID_SOCKET)
    2461           0 :             StreamClose(port->sock);
    2462           0 :         ConnFree(port);
    2463           0 :         return NULL;
    2464             :     }
    2465             : 
    2466       19926 :     return port;
    2467             : }
    2468             : 
    2469             : 
    2470             : /*
    2471             :  * ConnFree -- free a local connection data structure
    2472             :  *
    2473             :  * Caller has already closed the socket if any, so there's not much
    2474             :  * to do here.
    2475             :  */
    2476             : static void
    2477       19924 : ConnFree(Port *port)
    2478             : {
    2479       19924 :     free(port);
    2480       19924 : }
    2481             : 
    2482             : 
    2483             : /*
    2484             :  * ClosePostmasterPorts -- close all the postmaster's open sockets
    2485             :  *
    2486             :  * This is called during child process startup to release file descriptors
    2487             :  * that are not needed by that child process.  The postmaster still has
    2488             :  * them open, of course.
    2489             :  *
    2490             :  * Note: we pass am_syslogger as a boolean because we don't want to set
    2491             :  * the global variable yet when this is called.
    2492             :  */
    2493             : void
    2494       27910 : ClosePostmasterPorts(bool am_syslogger)
    2495             : {
    2496             :     /* Release resources held by the postmaster's WaitEventSet. */
    2497       27910 :     if (pm_wait_set)
    2498             :     {
    2499       25242 :         FreeWaitEventSetAfterFork(pm_wait_set);
    2500       25242 :         pm_wait_set = NULL;
    2501             :     }
    2502             : 
    2503             : #ifndef WIN32
    2504             : 
    2505             :     /*
    2506             :      * Close the write end of postmaster death watch pipe. It's important to
    2507             :      * do this as early as possible, so that if postmaster dies, others won't
    2508             :      * think that it's still running because we're holding the pipe open.
    2509             :      */
    2510       27910 :     if (close(postmaster_alive_fds[POSTMASTER_FD_OWN]) != 0)
    2511           0 :         ereport(FATAL,
    2512             :                 (errcode_for_file_access(),
    2513             :                  errmsg_internal("could not close postmaster death monitoring pipe in child process: %m")));
    2514       27910 :     postmaster_alive_fds[POSTMASTER_FD_OWN] = -1;
    2515             :     /* Notify fd.c that we released one pipe FD. */
    2516       27910 :     ReleaseExternalFD();
    2517             : #endif
    2518             : 
    2519             :     /*
    2520             :      * Close the postmaster's listen sockets.  These aren't tracked by fd.c,
    2521             :      * so we don't call ReleaseExternalFD() here.
    2522             :      *
    2523             :      * The listen sockets are marked as FD_CLOEXEC, so this isn't needed in
    2524             :      * EXEC_BACKEND mode.
    2525             :      */
    2526             : #ifndef EXEC_BACKEND
    2527       27910 :     if (ListenSockets)
    2528             :     {
    2529       56602 :         for (int i = 0; i < NumListenSockets; i++)
    2530       28694 :             StreamClose(ListenSockets[i]);
    2531       27908 :         pfree(ListenSockets);
    2532             :     }
    2533       27910 :     NumListenSockets = 0;
    2534       27910 :     ListenSockets = NULL;
    2535             : #endif
    2536             : 
    2537             :     /*
    2538             :      * If using syslogger, close the read side of the pipe.  We don't bother
    2539             :      * tracking this in fd.c, either.
    2540             :      */
    2541       27910 :     if (!am_syslogger)
    2542             :     {
    2543             : #ifndef WIN32
    2544       27908 :         if (syslogPipe[0] >= 0)
    2545          28 :             close(syslogPipe[0]);
    2546       27908 :         syslogPipe[0] = -1;
    2547             : #else
    2548             :         if (syslogPipe[0])
    2549             :             CloseHandle(syslogPipe[0]);
    2550             :         syslogPipe[0] = 0;
    2551             : #endif
    2552             :     }
    2553             : 
    2554             : #ifdef USE_BONJOUR
    2555             :     /* If using Bonjour, close the connection to the mDNS daemon */
    2556             :     if (bonjour_sdref)
    2557             :         close(DNSServiceRefSockFD(bonjour_sdref));
    2558             : #endif
    2559       27910 : }
    2560             : 
    2561             : 
    2562             : /*
    2563             :  * InitProcessGlobals -- set MyProcPid, MyStartTime[stamp], random seeds
    2564             :  *
    2565             :  * Called early in the postmaster and every backend.
    2566             :  */
    2567             : void
    2568       29534 : InitProcessGlobals(void)
    2569             : {
    2570       29534 :     MyProcPid = getpid();
    2571       29534 :     MyStartTimestamp = GetCurrentTimestamp();
    2572       29534 :     MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
    2573             : 
    2574             :     /*
    2575             :      * Set a different global seed in every process.  We want something
    2576             :      * unpredictable, so if possible, use high-quality random bits for the
    2577             :      * seed.  Otherwise, fall back to a seed based on timestamp and PID.
    2578             :      */
    2579       29534 :     if (unlikely(!pg_prng_strong_seed(&pg_global_prng_state)))
    2580             :     {
    2581             :         uint64      rseed;
    2582             : 
    2583             :         /*
    2584             :          * Since PIDs and timestamps tend to change more frequently in their
    2585             :          * least significant bits, shift the timestamp left to allow a larger
    2586             :          * total number of seeds in a given time period.  Since that would
    2587             :          * leave only 20 bits of the timestamp that cycle every ~1 second,
    2588             :          * also mix in some higher bits.
    2589             :          */
    2590           0 :         rseed = ((uint64) MyProcPid) ^
    2591           0 :             ((uint64) MyStartTimestamp << 12) ^
    2592           0 :             ((uint64) MyStartTimestamp >> 20);
    2593             : 
    2594           0 :         pg_prng_seed(&pg_global_prng_state, rseed);
    2595             :     }
    2596             : 
    2597             :     /*
    2598             :      * Also make sure that we've set a good seed for random(3).  Use of that
    2599             :      * is deprecated in core Postgres, but extensions might use it.
    2600             :      */
    2601             : #ifndef WIN32
    2602       29534 :     srandom(pg_prng_uint32(&pg_global_prng_state));
    2603             : #endif
    2604       29534 : }
    2605             : 
    2606             : /*
    2607             :  * Child processes use SIGUSR1 to notify us of 'pmsignals'.  pg_ctl uses
    2608             :  * SIGUSR1 to ask postmaster to check for logrotate and promote files.
    2609             :  */
    2610             : static void
    2611        4930 : handle_pm_pmsignal_signal(SIGNAL_ARGS)
    2612             : {
    2613        4930 :     int         save_errno = errno;
    2614             : 
    2615        4930 :     pending_pm_pmsignal = true;
    2616        4930 :     SetLatch(MyLatch);
    2617             : 
    2618        4930 :     errno = save_errno;
    2619        4930 : }
    2620             : 
    2621             : /*
    2622             :  * pg_ctl uses SIGHUP to request a reload of the configuration files.
    2623             :  */
    2624             : static void
    2625         208 : handle_pm_reload_request_signal(SIGNAL_ARGS)
    2626             : {
    2627         208 :     int         save_errno = errno;
    2628             : 
    2629         208 :     pending_pm_reload_request = true;
    2630         208 :     SetLatch(MyLatch);
    2631             : 
    2632         208 :     errno = save_errno;
    2633         208 : }
    2634             : 
    2635             : /*
    2636             :  * Re-read config files, and tell children to do same.
    2637             :  */
    2638             : static void
    2639         208 : process_pm_reload_request(void)
    2640             : {
    2641         208 :     pending_pm_reload_request = false;
    2642             : 
    2643         208 :     ereport(DEBUG2,
    2644             :             (errmsg_internal("postmaster received reload request signal")));
    2645             : 
    2646         208 :     if (Shutdown <= SmartShutdown)
    2647             :     {
    2648         208 :         ereport(LOG,
    2649             :                 (errmsg("received SIGHUP, reloading configuration files")));
    2650         208 :         ProcessConfigFile(PGC_SIGHUP);
    2651         208 :         SignalChildren(SIGHUP);
    2652         208 :         if (StartupPID != 0)
    2653          36 :             signal_child(StartupPID, SIGHUP);
    2654         208 :         if (BgWriterPID != 0)
    2655         208 :             signal_child(BgWriterPID, SIGHUP);
    2656         208 :         if (CheckpointerPID != 0)
    2657         208 :             signal_child(CheckpointerPID, SIGHUP);
    2658         208 :         if (WalWriterPID != 0)
    2659         172 :             signal_child(WalWriterPID, SIGHUP);
    2660         208 :         if (WalReceiverPID != 0)
    2661          32 :             signal_child(WalReceiverPID, SIGHUP);
    2662         208 :         if (AutoVacPID != 0)
    2663         168 :             signal_child(AutoVacPID, SIGHUP);
    2664         208 :         if (PgArchPID != 0)
    2665           8 :             signal_child(PgArchPID, SIGHUP);
    2666         208 :         if (SysLoggerPID != 0)
    2667           0 :             signal_child(SysLoggerPID, SIGHUP);
    2668             : 
    2669             :         /* Reload authentication config files too */
    2670         208 :         if (!load_hba())
    2671           0 :             ereport(LOG,
    2672             :             /* translator: %s is a configuration file */
    2673             :                     (errmsg("%s was not reloaded", HbaFileName)));
    2674             : 
    2675         208 :         if (!load_ident())
    2676           0 :             ereport(LOG,
    2677             :                     (errmsg("%s was not reloaded", IdentFileName)));
    2678             : 
    2679             : #ifdef USE_SSL
    2680             :         /* Reload SSL configuration as well */
    2681         208 :         if (EnableSSL)
    2682             :         {
    2683           0 :             if (secure_initialize(false) == 0)
    2684           0 :                 LoadedSSL = true;
    2685             :             else
    2686           0 :                 ereport(LOG,
    2687             :                         (errmsg("SSL configuration was not reloaded")));
    2688             :         }
    2689             :         else
    2690             :         {
    2691         208 :             secure_destroy();
    2692         208 :             LoadedSSL = false;
    2693             :         }
    2694             : #endif
    2695             : 
    2696             : #ifdef EXEC_BACKEND
    2697             :         /* Update the starting-point file for future children */
    2698             :         write_nondefault_variables(PGC_SIGHUP);
    2699             : #endif
    2700             :     }
    2701         208 : }
    2702             : 
    2703             : /*
    2704             :  * pg_ctl uses SIGTERM, SIGINT and SIGQUIT to request different types of
    2705             :  * shutdown.
    2706             :  */
    2707             : static void
    2708        1268 : handle_pm_shutdown_request_signal(SIGNAL_ARGS)
    2709             : {
    2710        1268 :     int         save_errno = errno;
    2711             : 
    2712        1268 :     switch (postgres_signal_arg)
    2713             :     {
    2714          24 :         case SIGTERM:
    2715             :             /* smart is implied if the other two flags aren't set */
    2716          24 :             pending_pm_shutdown_request = true;
    2717          24 :             break;
    2718         710 :         case SIGINT:
    2719         710 :             pending_pm_fast_shutdown_request = true;
    2720         710 :             pending_pm_shutdown_request = true;
    2721         710 :             break;
    2722         534 :         case SIGQUIT:
    2723         534 :             pending_pm_immediate_shutdown_request = true;
    2724         534 :             pending_pm_shutdown_request = true;
    2725         534 :             break;
    2726             :     }
    2727        1268 :     SetLatch(MyLatch);
    2728             : 
    2729        1268 :     errno = save_errno;
    2730        1268 : }
    2731             : 
    2732             : /*
    2733             :  * Process shutdown request.
    2734             :  */
    2735             : static void
    2736        1268 : process_pm_shutdown_request(void)
    2737             : {
    2738             :     int         mode;
    2739             : 
    2740        1268 :     ereport(DEBUG2,
    2741             :             (errmsg_internal("postmaster received shutdown request signal")));
    2742             : 
    2743        1268 :     pending_pm_shutdown_request = false;
    2744             : 
    2745             :     /*
    2746             :      * If more than one shutdown request signal arrived since the last server
    2747             :      * loop, take the one that is the most immediate.  That matches the
    2748             :      * priority that would apply if we processed them one by one in any order.
    2749             :      */
    2750        1268 :     if (pending_pm_immediate_shutdown_request)
    2751             :     {
    2752         534 :         pending_pm_immediate_shutdown_request = false;
    2753         534 :         pending_pm_fast_shutdown_request = false;
    2754         534 :         mode = ImmediateShutdown;
    2755             :     }
    2756         734 :     else if (pending_pm_fast_shutdown_request)
    2757             :     {
    2758         710 :         pending_pm_fast_shutdown_request = false;
    2759         710 :         mode = FastShutdown;
    2760             :     }
    2761             :     else
    2762          24 :         mode = SmartShutdown;
    2763             : 
    2764        1268 :     switch (mode)
    2765             :     {
    2766          24 :         case SmartShutdown:
    2767             : 
    2768             :             /*
    2769             :              * Smart Shutdown:
    2770             :              *
    2771             :              * Wait for children to end their work, then shut down.
    2772             :              */
    2773          24 :             if (Shutdown >= SmartShutdown)
    2774           0 :                 break;
    2775          24 :             Shutdown = SmartShutdown;
    2776          24 :             ereport(LOG,
    2777             :                     (errmsg("received smart shutdown request")));
    2778             : 
    2779             :             /* Report status */
    2780          24 :             AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
    2781             : #ifdef USE_SYSTEMD
    2782             :             sd_notify(0, "STOPPING=1");
    2783             : #endif
    2784             : 
    2785             :             /*
    2786             :              * If we reached normal running, we go straight to waiting for
    2787             :              * client backends to exit.  If already in PM_STOP_BACKENDS or a
    2788             :              * later state, do not change it.
    2789             :              */
    2790          24 :             if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
    2791          24 :                 connsAllowed = false;
    2792           0 :             else if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
    2793             :             {
    2794             :                 /* There should be no clients, so proceed to stop children */
    2795           0 :                 pmState = PM_STOP_BACKENDS;
    2796             :             }
    2797             : 
    2798             :             /*
    2799             :              * Now wait for online backup mode to end and backends to exit. If
    2800             :              * that is already the case, PostmasterStateMachine will take the
    2801             :              * next step.
    2802             :              */
    2803          24 :             PostmasterStateMachine();
    2804          24 :             break;
    2805             : 
    2806         710 :         case FastShutdown:
    2807             : 
    2808             :             /*
    2809             :              * Fast Shutdown:
    2810             :              *
    2811             :              * Abort all children with SIGTERM (rollback active transactions
    2812             :              * and exit) and shut down when they are gone.
    2813             :              */
    2814         710 :             if (Shutdown >= FastShutdown)
    2815           0 :                 break;
    2816         710 :             Shutdown = FastShutdown;
    2817         710 :             ereport(LOG,
    2818             :                     (errmsg("received fast shutdown request")));
    2819             : 
    2820             :             /* Report status */
    2821         710 :             AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
    2822             : #ifdef USE_SYSTEMD
    2823             :             sd_notify(0, "STOPPING=1");
    2824             : #endif
    2825             : 
    2826         710 :             if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
    2827             :             {
    2828             :                 /* Just shut down background processes silently */
    2829           0 :                 pmState = PM_STOP_BACKENDS;
    2830             :             }
    2831         710 :             else if (pmState == PM_RUN ||
    2832          62 :                      pmState == PM_HOT_STANDBY)
    2833             :             {
    2834             :                 /* Report that we're about to zap live client sessions */
    2835         710 :                 ereport(LOG,
    2836             :                         (errmsg("aborting any active transactions")));
    2837         710 :                 pmState = PM_STOP_BACKENDS;
    2838             :             }
    2839             : 
    2840             :             /*
    2841             :              * PostmasterStateMachine will issue any necessary signals, or
    2842             :              * take the next step if no child processes need to be killed.
    2843             :              */
    2844         710 :             PostmasterStateMachine();
    2845         710 :             break;
    2846             : 
    2847         534 :         case ImmediateShutdown:
    2848             : 
    2849             :             /*
    2850             :              * Immediate Shutdown:
    2851             :              *
    2852             :              * abort all children with SIGQUIT, wait for them to exit,
    2853             :              * terminate remaining ones with SIGKILL, then exit without
    2854             :              * attempt to properly shut down the data base system.
    2855             :              */
    2856         534 :             if (Shutdown >= ImmediateShutdown)
    2857           0 :                 break;
    2858         534 :             Shutdown = ImmediateShutdown;
    2859         534 :             ereport(LOG,
    2860             :                     (errmsg("received immediate shutdown request")));
    2861             : 
    2862             :             /* Report status */
    2863         534 :             AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
    2864             : #ifdef USE_SYSTEMD
    2865             :             sd_notify(0, "STOPPING=1");
    2866             : #endif
    2867             : 
    2868             :             /* tell children to shut down ASAP */
    2869             :             /* (note we don't apply send_abort_for_crash here) */
    2870         534 :             SetQuitSignalReason(PMQUIT_FOR_STOP);
    2871         534 :             TerminateChildren(SIGQUIT);
    2872         534 :             pmState = PM_WAIT_BACKENDS;
    2873             : 
    2874             :             /* set stopwatch for them to die */
    2875         534 :             AbortStartTime = time(NULL);
    2876             : 
    2877             :             /*
    2878             :              * Now wait for backends to exit.  If there are none,
    2879             :              * PostmasterStateMachine will take the next step.
    2880             :              */
    2881         534 :             PostmasterStateMachine();
    2882         534 :             break;
    2883             :     }
    2884        1268 : }
    2885             : 
    2886             : static void
    2887       29046 : handle_pm_child_exit_signal(SIGNAL_ARGS)
    2888             : {
    2889       29046 :     int         save_errno = errno;
    2890             : 
    2891       29046 :     pending_pm_child_exit = true;
    2892       29046 :     SetLatch(MyLatch);
    2893             : 
    2894       29046 :     errno = save_errno;
    2895       29046 : }
    2896             : 
    2897             : /*
    2898             :  * Cleanup after a child process dies.
    2899             :  */
    2900             : static void
    2901       28856 : process_pm_child_exit(void)
    2902             : {
    2903             :     int         pid;            /* process id of dead child process */
    2904             :     int         exitstatus;     /* its exit status */
    2905             : 
    2906       28856 :     pending_pm_child_exit = false;
    2907             : 
    2908       28856 :     ereport(DEBUG4,
    2909             :             (errmsg_internal("reaping dead processes")));
    2910             : 
    2911       59636 :     while ((pid = waitpid(-1, &exitstatus, WNOHANG)) > 0)
    2912             :     {
    2913             :         /*
    2914             :          * Check if this child was a startup process.
    2915             :          */
    2916       30784 :         if (pid == StartupPID)
    2917             :         {
    2918        1288 :             StartupPID = 0;
    2919             : 
    2920             :             /*
    2921             :              * Startup process exited in response to a shutdown request (or it
    2922             :              * completed normally regardless of the shutdown request).
    2923             :              */
    2924        1288 :             if (Shutdown > NoShutdown &&
    2925         148 :                 (EXIT_STATUS_0(exitstatus) || EXIT_STATUS_1(exitstatus)))
    2926             :             {
    2927          62 :                 StartupStatus = STARTUP_NOT_RUNNING;
    2928          62 :                 pmState = PM_WAIT_BACKENDS;
    2929             :                 /* PostmasterStateMachine logic does the rest */
    2930          62 :                 continue;
    2931             :             }
    2932             : 
    2933        1226 :             if (EXIT_STATUS_3(exitstatus))
    2934             :             {
    2935           0 :                 ereport(LOG,
    2936             :                         (errmsg("shutdown at recovery target")));
    2937           0 :                 StartupStatus = STARTUP_NOT_RUNNING;
    2938           0 :                 Shutdown = Max(Shutdown, SmartShutdown);
    2939           0 :                 TerminateChildren(SIGTERM);
    2940           0 :                 pmState = PM_WAIT_BACKENDS;
    2941             :                 /* PostmasterStateMachine logic does the rest */
    2942           0 :                 continue;
    2943             :             }
    2944             : 
    2945             :             /*
    2946             :              * Unexpected exit of startup process (including FATAL exit)
    2947             :              * during PM_STARTUP is treated as catastrophic. There are no
    2948             :              * other processes running yet, so we can just exit.
    2949             :              */
    2950        1226 :             if (pmState == PM_STARTUP &&
    2951         878 :                 StartupStatus != STARTUP_SIGNALED &&
    2952         878 :                 !EXIT_STATUS_0(exitstatus))
    2953             :             {
    2954           0 :                 LogChildExit(LOG, _("startup process"),
    2955             :                              pid, exitstatus);
    2956           0 :                 ereport(LOG,
    2957             :                         (errmsg("aborting startup due to startup process failure")));
    2958           0 :                 ExitPostmaster(1);
    2959             :             }
    2960             : 
    2961             :             /*
    2962             :              * After PM_STARTUP, any unexpected exit (including FATAL exit) of
    2963             :              * the startup process is catastrophic, so kill other children,
    2964             :              * and set StartupStatus so we don't try to reinitialize after
    2965             :              * they're gone.  Exception: if StartupStatus is STARTUP_SIGNALED,
    2966             :              * then we previously sent the startup process a SIGQUIT; so
    2967             :              * that's probably the reason it died, and we do want to try to
    2968             :              * restart in that case.
    2969             :              *
    2970             :              * This stanza also handles the case where we sent a SIGQUIT
    2971             :              * during PM_STARTUP due to some dead_end child crashing: in that
    2972             :              * situation, if the startup process dies on the SIGQUIT, we need
    2973             :              * to transition to PM_WAIT_BACKENDS state which will allow
    2974             :              * PostmasterStateMachine to restart the startup process.  (On the
    2975             :              * other hand, the startup process might complete normally, if we
    2976             :              * were too late with the SIGQUIT.  In that case we'll fall
    2977             :              * through and commence normal operations.)
    2978             :              */
    2979        1226 :             if (!EXIT_STATUS_0(exitstatus))
    2980             :             {
    2981          92 :                 if (StartupStatus == STARTUP_SIGNALED)
    2982             :                 {
    2983          86 :                     StartupStatus = STARTUP_NOT_RUNNING;
    2984          86 :                     if (pmState == PM_STARTUP)
    2985           0 :                         pmState = PM_WAIT_BACKENDS;
    2986             :                 }
    2987             :                 else
    2988           6 :                     StartupStatus = STARTUP_CRASHED;
    2989          92 :                 HandleChildCrash(pid, exitstatus,
    2990          92 :                                  _("startup process"));
    2991          92 :                 continue;
    2992             :             }
    2993             : 
    2994             :             /*
    2995             :              * Startup succeeded, commence normal operations
    2996             :              */
    2997        1134 :             StartupStatus = STARTUP_NOT_RUNNING;
    2998        1134 :             FatalError = false;
    2999        1134 :             AbortStartTime = 0;
    3000        1134 :             ReachedNormalRunning = true;
    3001        1134 :             pmState = PM_RUN;
    3002        1134 :             connsAllowed = true;
    3003             : 
    3004             :             /*
    3005             :              * Crank up the background tasks, if we didn't do that already
    3006             :              * when we entered consistent recovery state.  It doesn't matter
    3007             :              * if this fails, we'll just try again later.
    3008             :              */
    3009        1134 :             if (CheckpointerPID == 0)
    3010           0 :                 CheckpointerPID = StartCheckpointer();
    3011        1134 :             if (BgWriterPID == 0)
    3012           0 :                 BgWriterPID = StartBackgroundWriter();
    3013        1134 :             if (WalWriterPID == 0)
    3014        1134 :                 WalWriterPID = StartWalWriter();
    3015             : 
    3016             :             /*
    3017             :              * Likewise, start other special children as needed.  In a restart
    3018             :              * situation, some of them may be alive already.
    3019             :              */
    3020        1134 :             if (!IsBinaryUpgrade && AutoVacuumingActive() && AutoVacPID == 0)
    3021        1004 :                 AutoVacPID = StartAutoVacLauncher();
    3022        1134 :             if (PgArchStartupAllowed() && PgArchPID == 0)
    3023          60 :                 PgArchPID = StartArchiver();
    3024             : 
    3025             :             /* workers may be scheduled to start now */
    3026        1134 :             maybe_start_bgworkers();
    3027             : 
    3028             :             /* at this point we are really open for business */
    3029        1130 :             ereport(LOG,
    3030             :                     (errmsg("database system is ready to accept connections")));
    3031             : 
    3032             :             /* Report status */
    3033        1130 :             AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
    3034             : #ifdef USE_SYSTEMD
    3035             :             sd_notify(0, "READY=1");
    3036             : #endif
    3037             : 
    3038        1130 :             continue;
    3039             :         }
    3040             : 
    3041             :         /*
    3042             :          * Was it the bgwriter?  Normal exit can be ignored; we'll start a new
    3043             :          * one at the next iteration of the postmaster's main loop, if
    3044             :          * necessary.  Any other exit condition is treated as a crash.
    3045             :          */
    3046       29496 :         if (pid == BgWriterPID)
    3047             :         {
    3048        1282 :             BgWriterPID = 0;
    3049        1282 :             if (!EXIT_STATUS_0(exitstatus))
    3050         548 :                 HandleChildCrash(pid, exitstatus,
    3051         548 :                                  _("background writer process"));
    3052        1282 :             continue;
    3053             :         }
    3054             : 
    3055             :         /*
    3056             :          * Was it the checkpointer?
    3057             :          */
    3058       28214 :         if (pid == CheckpointerPID)
    3059             :         {
    3060        1282 :             CheckpointerPID = 0;
    3061        1282 :             if (EXIT_STATUS_0(exitstatus) && pmState == PM_SHUTDOWN)
    3062             :             {
    3063             :                 /*
    3064             :                  * OK, we saw normal exit of the checkpointer after it's been
    3065             :                  * told to shut down.  We expect that it wrote a shutdown
    3066             :                  * checkpoint.  (If for some reason it didn't, recovery will
    3067             :                  * occur on next postmaster start.)
    3068             :                  *
    3069             :                  * At this point we should have no normal backend children
    3070             :                  * left (else we'd not be in PM_SHUTDOWN state) but we might
    3071             :                  * have dead_end children to wait for.
    3072             :                  *
    3073             :                  * If we have an archiver subprocess, tell it to do a last
    3074             :                  * archive cycle and quit. Likewise, if we have walsender
    3075             :                  * processes, tell them to send any remaining WAL and quit.
    3076             :                  */
    3077             :                 Assert(Shutdown > NoShutdown);
    3078             : 
    3079             :                 /* Waken archiver for the last time */
    3080         734 :                 if (PgArchPID != 0)
    3081          24 :                     signal_child(PgArchPID, SIGUSR2);
    3082             : 
    3083             :                 /*
    3084             :                  * Waken walsenders for the last time. No regular backends
    3085             :                  * should be around anymore.
    3086             :                  */
    3087         734 :                 SignalChildren(SIGUSR2);
    3088             : 
    3089         734 :                 pmState = PM_SHUTDOWN_2;
    3090             :             }
    3091             :             else
    3092             :             {
    3093             :                 /*
    3094             :                  * Any unexpected exit of the checkpointer (including FATAL
    3095             :                  * exit) is treated as a crash.
    3096             :                  */
    3097         548 :                 HandleChildCrash(pid, exitstatus,
    3098         548 :                                  _("checkpointer process"));
    3099             :             }
    3100             : 
    3101        1282 :             continue;
    3102             :         }
    3103             : 
    3104             :         /*
    3105             :          * Was it the wal writer?  Normal exit can be ignored; we'll start a
    3106             :          * new one at the next iteration of the postmaster's main loop, if
    3107             :          * necessary.  Any other exit condition is treated as a crash.
    3108             :          */
    3109       26932 :         if (pid == WalWriterPID)
    3110             :         {
    3111        1128 :             WalWriterPID = 0;
    3112        1128 :             if (!EXIT_STATUS_0(exitstatus))
    3113         456 :                 HandleChildCrash(pid, exitstatus,
    3114         456 :                                  _("WAL writer process"));
    3115        1128 :             continue;
    3116             :         }
    3117             : 
    3118             :         /*
    3119             :          * Was it the wal receiver?  If exit status is zero (normal) or one
    3120             :          * (FATAL exit), we assume everything is all right just like normal
    3121             :          * backends.  (If we need a new wal receiver, we'll start one at the
    3122             :          * next iteration of the postmaster's main loop.)
    3123             :          */
    3124       25804 :         if (pid == WalReceiverPID)
    3125             :         {
    3126         368 :             WalReceiverPID = 0;
    3127         368 :             if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
    3128          42 :                 HandleChildCrash(pid, exitstatus,
    3129          42 :                                  _("WAL receiver process"));
    3130         368 :             continue;
    3131             :         }
    3132             : 
    3133             :         /*
    3134             :          * Was it the autovacuum launcher?  Normal exit can be ignored; we'll
    3135             :          * start a new one at the next iteration of the postmaster's main
    3136             :          * loop, if necessary.  Any other exit condition is treated as a
    3137             :          * crash.
    3138             :          */
    3139       25436 :         if (pid == AutoVacPID)
    3140             :         {
    3141         998 :             AutoVacPID = 0;
    3142         998 :             if (!EXIT_STATUS_0(exitstatus))
    3143         390 :                 HandleChildCrash(pid, exitstatus,
    3144         390 :                                  _("autovacuum launcher process"));
    3145         998 :             continue;
    3146             :         }
    3147             : 
    3148             :         /*
    3149             :          * Was it the archiver?  If exit status is zero (normal) or one (FATAL
    3150             :          * exit), we assume everything is all right just like normal backends
    3151             :          * and just try to restart a new one so that we immediately retry
    3152             :          * archiving remaining files. (If fail, we'll try again in future
    3153             :          * cycles of the postmaster's main loop.) Unless we were waiting for
    3154             :          * it to shut down; don't restart it in that case, and
    3155             :          * PostmasterStateMachine() will advance to the next shutdown step.
    3156             :          */
    3157       24438 :         if (pid == PgArchPID)
    3158             :         {
    3159          66 :             PgArchPID = 0;
    3160          66 :             if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
    3161          42 :                 HandleChildCrash(pid, exitstatus,
    3162          42 :                                  _("archiver process"));
    3163          66 :             if (PgArchStartupAllowed())
    3164           0 :                 PgArchPID = StartArchiver();
    3165          66 :             continue;
    3166             :         }
    3167             : 
    3168             :         /* Was it the system logger?  If so, try to start a new one */
    3169       24372 :         if (pid == SysLoggerPID)
    3170             :         {
    3171           0 :             SysLoggerPID = 0;
    3172             :             /* for safety's sake, launch new logger *first* */
    3173           0 :             SysLoggerPID = SysLogger_Start();
    3174           0 :             if (!EXIT_STATUS_0(exitstatus))
    3175           0 :                 LogChildExit(LOG, _("system logger process"),
    3176             :                              pid, exitstatus);
    3177           0 :             continue;
    3178             :         }
    3179             : 
    3180             :         /* Was it one of our background workers? */
    3181       24372 :         if (CleanupBackgroundWorker(pid, exitstatus))
    3182             :         {
    3183             :             /* have it be restarted */
    3184        4430 :             HaveCrashedWorker = true;
    3185        4430 :             continue;
    3186             :         }
    3187             : 
    3188             :         /*
    3189             :          * Else do standard backend child cleanup.
    3190             :          */
    3191       19942 :         CleanupBackend(pid, exitstatus);
    3192             :     }                           /* loop over pending child-death reports */
    3193             : 
    3194             :     /*
    3195             :      * After cleaning out the SIGCHLD queue, see if we have any state changes
    3196             :      * or actions to make.
    3197             :      */
    3198       28852 :     PostmasterStateMachine();
    3199       27578 : }
    3200             : 
    3201             : /*
    3202             :  * Scan the bgworkers list and see if the given PID (which has just stopped
    3203             :  * or crashed) is in it.  Handle its shutdown if so, and return true.  If not a
    3204             :  * bgworker, return false.
    3205             :  *
    3206             :  * This is heavily based on CleanupBackend.  One important difference is that
    3207             :  * we don't know yet that the dying process is a bgworker, so we must be silent
    3208             :  * until we're sure it is.
    3209             :  */
    3210             : static bool
    3211       24372 : CleanupBackgroundWorker(int pid,
    3212             :                         int exitstatus) /* child's exit status */
    3213             : {
    3214             :     char        namebuf[MAXPGPATH];
    3215             :     slist_mutable_iter iter;
    3216             : 
    3217       47990 :     slist_foreach_modify(iter, &BackgroundWorkerList)
    3218             :     {
    3219             :         RegisteredBgWorker *rw;
    3220             : 
    3221       28048 :         rw = slist_container(RegisteredBgWorker, rw_lnode, iter.cur);
    3222             : 
    3223       28048 :         if (rw->rw_pid != pid)
    3224       23618 :             continue;
    3225             : 
    3226             : #ifdef WIN32
    3227             :         /* see CleanupBackend */
    3228             :         if (exitstatus == ERROR_WAIT_NO_CHILDREN)
    3229             :             exitstatus = 0;
    3230             : #endif
    3231             : 
    3232        4430 :         snprintf(namebuf, MAXPGPATH, _("background worker \"%s\""),
    3233        4430 :                  rw->rw_worker.bgw_type);
    3234             : 
    3235             : 
    3236        4430 :         if (!EXIT_STATUS_0(exitstatus))
    3237             :         {
    3238             :             /* Record timestamp, so we know when to restart the worker. */
    3239        1420 :             rw->rw_crashed_at = GetCurrentTimestamp();
    3240             :         }
    3241             :         else
    3242             :         {
    3243             :             /* Zero exit status means terminate */
    3244        3010 :             rw->rw_crashed_at = 0;
    3245        3010 :             rw->rw_terminate = true;
    3246             :         }
    3247             : 
    3248             :         /*
    3249             :          * Additionally, just like a backend, any exit status other than 0 or
    3250             :          * 1 is considered a crash and causes a system-wide restart.
    3251             :          */
    3252        4430 :         if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
    3253             :         {
    3254         488 :             HandleChildCrash(pid, exitstatus, namebuf);
    3255         488 :             return true;
    3256             :         }
    3257             : 
    3258             :         /*
    3259             :          * We must release the postmaster child slot. If the worker failed to
    3260             :          * do so, it did not clean up after itself, requiring a crash-restart
    3261             :          * cycle.
    3262             :          */
    3263        3942 :         if (!ReleasePostmasterChildSlot(rw->rw_child_slot))
    3264             :         {
    3265           0 :             HandleChildCrash(pid, exitstatus, namebuf);
    3266           0 :             return true;
    3267             :         }
    3268             : 
    3269             :         /* Get it out of the BackendList and clear out remaining data */
    3270        3942 :         dlist_delete(&rw->rw_backend->elem);
    3271             : #ifdef EXEC_BACKEND
    3272             :         ShmemBackendArrayRemove(rw->rw_backend);
    3273             : #endif
    3274             : 
    3275             :         /*
    3276             :          * It's possible that this background worker started some OTHER
    3277             :          * background worker and asked to be notified when that worker started
    3278             :          * or stopped.  If so, cancel any notifications destined for the
    3279             :          * now-dead backend.
    3280             :          */
    3281        3942 :         if (rw->rw_backend->bgworker_notify)
    3282         272 :             BackgroundWorkerStopNotifications(rw->rw_pid);
    3283        3942 :         pfree(rw->rw_backend);
    3284        3942 :         rw->rw_backend = NULL;
    3285        3942 :         rw->rw_pid = 0;
    3286        3942 :         rw->rw_child_slot = 0;
    3287        3942 :         ReportBackgroundWorkerExit(&iter);  /* report child death */
    3288             : 
    3289        3942 :         LogChildExit(EXIT_STATUS_0(exitstatus) ? DEBUG1 : LOG,
    3290             :                      namebuf, pid, exitstatus);
    3291             : 
    3292        3942 :         return true;
    3293             :     }
    3294             : 
    3295       19942 :     return false;
    3296             : }
    3297             : 
    3298             : /*
    3299             :  * CleanupBackend -- cleanup after terminated backend.
    3300             :  *
    3301             :  * Remove all local state associated with backend.
    3302             :  *
    3303             :  * If you change this, see also CleanupBackgroundWorker.
    3304             :  */
    3305             : static void
    3306       19942 : CleanupBackend(int pid,
    3307             :                int exitstatus)  /* child's exit status. */
    3308             : {
    3309             :     dlist_mutable_iter iter;
    3310             : 
    3311       19942 :     LogChildExit(DEBUG2, _("server process"), pid, exitstatus);
    3312             : 
    3313             :     /*
    3314             :      * If a backend dies in an ugly way then we must signal all other backends
    3315             :      * to quickdie.  If exit status is zero (normal) or one (FATAL exit), we
    3316             :      * assume everything is all right and proceed to remove the backend from
    3317             :      * the active backend list.
    3318             :      */
    3319             : 
    3320             : #ifdef WIN32
    3321             : 
    3322             :     /*
    3323             :      * On win32, also treat ERROR_WAIT_NO_CHILDREN (128) as nonfatal case,
    3324             :      * since that sometimes happens under load when the process fails to start
    3325             :      * properly (long before it starts using shared memory). Microsoft reports
    3326             :      * it is related to mutex failure:
    3327             :      * http://archives.postgresql.org/pgsql-hackers/2010-09/msg00790.php
    3328             :      */
    3329             :     if (exitstatus == ERROR_WAIT_NO_CHILDREN)
    3330             :     {
    3331             :         LogChildExit(LOG, _("server process"), pid, exitstatus);
    3332             :         exitstatus = 0;
    3333             :     }
    3334             : #endif
    3335             : 
    3336       19942 :     if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
    3337             :     {
    3338         364 :         HandleChildCrash(pid, exitstatus, _("server process"));
    3339         364 :         return;
    3340             :     }
    3341             : 
    3342       38242 :     dlist_foreach_modify(iter, &BackendList)
    3343             :     {
    3344       38242 :         Backend    *bp = dlist_container(Backend, elem, iter.cur);
    3345             : 
    3346       38242 :         if (bp->pid == pid)
    3347             :         {
    3348       19578 :             if (!bp->dead_end)
    3349             :             {
    3350       19384 :                 if (!ReleasePostmasterChildSlot(bp->child_slot))
    3351             :                 {
    3352             :                     /*
    3353             :                      * Uh-oh, the child failed to clean itself up.  Treat as a
    3354             :                      * crash after all.
    3355             :                      */
    3356           0 :                     HandleChildCrash(pid, exitstatus, _("server process"));
    3357           0 :                     return;
    3358             :                 }
    3359             : #ifdef EXEC_BACKEND
    3360             :                 ShmemBackendArrayRemove(bp);
    3361             : #endif
    3362             :             }
    3363       19578 :             if (bp->bgworker_notify)
    3364             :             {
    3365             :                 /*
    3366             :                  * This backend may have been slated to receive SIGUSR1 when
    3367             :                  * some background worker started or stopped.  Cancel those
    3368             :                  * notifications, as we don't want to signal PIDs that are not
    3369             :                  * PostgreSQL backends.  This gets skipped in the (probably
    3370             :                  * very common) case where the backend has never requested any
    3371             :                  * such notifications.
    3372             :                  */
    3373         124 :                 BackgroundWorkerStopNotifications(bp->pid);
    3374             :             }
    3375       19578 :             dlist_delete(iter.cur);
    3376       19578 :             pfree(bp);
    3377       19578 :             break;
    3378             :         }
    3379             :     }
    3380             : }
    3381             : 
    3382             : /*
    3383             :  * HandleChildCrash -- cleanup after failed backend, bgwriter, checkpointer,
    3384             :  * walwriter, autovacuum, archiver or background worker.
    3385             :  *
    3386             :  * The objectives here are to clean up our local state about the child
    3387             :  * process, and to signal all other remaining children to quickdie.
    3388             :  */
    3389             : static void
    3390        2970 : HandleChildCrash(int pid, int exitstatus, const char *procname)
    3391             : {
    3392             :     dlist_mutable_iter iter;
    3393             :     slist_iter  siter;
    3394             :     Backend    *bp;
    3395             :     bool        take_action;
    3396             : 
    3397             :     /*
    3398             :      * We only log messages and send signals if this is the first process
    3399             :      * crash and we're not doing an immediate shutdown; otherwise, we're only
    3400             :      * here to update postmaster's idea of live processes.  If we have already
    3401             :      * signaled children, nonzero exit status is to be expected, so don't
    3402             :      * clutter log.
    3403             :      */
    3404        2970 :     take_action = !FatalError && Shutdown != ImmediateShutdown;
    3405             : 
    3406        2970 :     if (take_action)
    3407             :     {
    3408          14 :         LogChildExit(LOG, procname, pid, exitstatus);
    3409          14 :         ereport(LOG,
    3410             :                 (errmsg("terminating any other active server processes")));
    3411          14 :         SetQuitSignalReason(PMQUIT_FOR_CRASH);
    3412             :     }
    3413             : 
    3414             :     /* Process background workers. */
    3415        6212 :     slist_foreach(siter, &BackgroundWorkerList)
    3416             :     {
    3417             :         RegisteredBgWorker *rw;
    3418             : 
    3419        3242 :         rw = slist_container(RegisteredBgWorker, rw_lnode, siter.cur);
    3420        3242 :         if (rw->rw_pid == 0)
    3421        1342 :             continue;           /* not running */
    3422        1900 :         if (rw->rw_pid == pid)
    3423             :         {
    3424             :             /*
    3425             :              * Found entry for freshly-dead worker, so remove it.
    3426             :              */
    3427         488 :             (void) ReleasePostmasterChildSlot(rw->rw_child_slot);
    3428         488 :             dlist_delete(&rw->rw_backend->elem);
    3429             : #ifdef EXEC_BACKEND
    3430             :             ShmemBackendArrayRemove(rw->rw_backend);
    3431             : #endif
    3432         488 :             pfree(rw->rw_backend);
    3433         488 :             rw->rw_backend = NULL;
    3434         488 :             rw->rw_pid = 0;
    3435         488 :             rw->rw_child_slot = 0;
    3436             :             /* don't reset crashed_at */
    3437             :             /* don't report child stop, either */
    3438             :             /* Keep looping so we can signal remaining workers */
    3439             :         }
    3440             :         else
    3441             :         {
    3442             :             /*
    3443             :              * This worker is still alive.  Unless we did so already, tell it
    3444             :              * to commit hara-kiri.
    3445             :              */
    3446        1412 :             if (take_action)
    3447           8 :                 sigquit_child(rw->rw_pid);
    3448             :         }
    3449             :     }
    3450             : 
    3451             :     /* Process regular backends */
    3452        6248 :     dlist_foreach_modify(iter, &BackendList)
    3453             :     {
    3454        3278 :         bp = dlist_container(Backend, elem, iter.cur);
    3455             : 
    3456        3278 :         if (bp->pid == pid)
    3457             :         {
    3458             :             /*
    3459             :              * Found entry for freshly-dead backend, so remove it.
    3460             :              */
    3461         364 :             if (!bp->dead_end)
    3462             :             {
    3463         364 :                 (void) ReleasePostmasterChildSlot(bp->child_slot);
    3464             : #ifdef EXEC_BACKEND
    3465             :                 ShmemBackendArrayRemove(bp);
    3466             : #endif
    3467             :             }
    3468         364 :             dlist_delete(iter.cur);
    3469         364 :             pfree(bp);
    3470             :             /* Keep looping so we can signal remaining backends */
    3471             :         }
    3472             :         else
    3473             :         {
    3474             :             /*
    3475             :              * This backend is still alive.  Unless we did so already, tell it
    3476             :              * to commit hara-kiri.
    3477             :              *
    3478             :              * We could exclude dead_end children here, but at least when
    3479             :              * sending SIGABRT it seems better to include them.
    3480             :              *
    3481             :              * Background workers were already processed above; ignore them
    3482             :              * here.
    3483             :              */
    3484        2914 :             if (bp->bkend_type == BACKEND_TYPE_BGWORKER)
    3485        1412 :                 continue;
    3486             : 
    3487        1502 :             if (take_action)
    3488           8 :                 sigquit_child(bp->pid);
    3489             :         }
    3490             :     }
    3491             : 
    3492             :     /* Take care of the startup process too */
    3493        2970 :     if (pid == StartupPID)
    3494             :     {
    3495           0 :         StartupPID = 0;
    3496             :         /* Caller adjusts StartupStatus, so don't touch it here */
    3497             :     }
    3498        2970 :     else if (StartupPID != 0 && take_action)
    3499             :     {
    3500           0 :         sigquit_child(StartupPID);
    3501           0 :         StartupStatus = STARTUP_SIGNALED;
    3502             :     }
    3503             : 
    3504             :     /* Take care of the bgwriter too */
    3505        2970 :     if (pid == BgWriterPID)
    3506           0 :         BgWriterPID = 0;
    3507        2970 :     else if (BgWriterPID != 0 && take_action)
    3508          14 :         sigquit_child(BgWriterPID);
    3509             : 
    3510             :     /* Take care of the checkpointer too */
    3511        2970 :     if (pid == CheckpointerPID)
    3512           0 :         CheckpointerPID = 0;
    3513        2970 :     else if (CheckpointerPID != 0 && take_action)
    3514          14 :         sigquit_child(CheckpointerPID);
    3515             : 
    3516             :     /* Take care of the walwriter too */
    3517        2970 :     if (pid == WalWriterPID)
    3518           0 :         WalWriterPID = 0;
    3519        2970 :     else if (WalWriterPID != 0 && take_action)
    3520           8 :         sigquit_child(WalWriterPID);
    3521             : 
    3522             :     /* Take care of the walreceiver too */
    3523        2970 :     if (pid == WalReceiverPID)
    3524           0 :         WalReceiverPID = 0;
    3525        2970 :     else if (WalReceiverPID != 0 && take_action)
    3526           0 :         sigquit_child(WalReceiverPID);
    3527             : 
    3528             :     /* Take care of the autovacuum launcher too */
    3529        2970 :     if (pid == AutoVacPID)
    3530           0 :         AutoVacPID = 0;
    3531        2970 :     else if (AutoVacPID != 0 && take_action)
    3532           8 :         sigquit_child(AutoVacPID);
    3533             : 
    3534             :     /* Take care of the archiver too */
    3535        2970 :     if (pid == PgArchPID)
    3536           0 :         PgArchPID = 0;
    3537        2970 :     else if (PgArchPID != 0 && take_action)
    3538           0 :         sigquit_child(PgArchPID);
    3539             : 
    3540             :     /* We do NOT restart the syslogger */
    3541             : 
    3542        2970 :     if (Shutdown != ImmediateShutdown)
    3543          74 :         FatalError = true;
    3544             : 
    3545             :     /* We now transit into a state of waiting for children to die */
    3546        2970 :     if (pmState == PM_RECOVERY ||
    3547        2966 :         pmState == PM_HOT_STANDBY ||
    3548        2964 :         pmState == PM_RUN ||
    3549        2956 :         pmState == PM_STOP_BACKENDS ||
    3550        2956 :         pmState == PM_SHUTDOWN)
    3551          14 :         pmState = PM_WAIT_BACKENDS;
    3552             : 
    3553             :     /*
    3554             :      * .. and if this doesn't happen quickly enough, now the clock is ticking
    3555             :      * for us to kill them without mercy.
    3556             :      */
    3557        2970 :     if (AbortStartTime == 0)
    3558          14 :         AbortStartTime = time(NULL);
    3559        2970 : }
    3560             : 
    3561             : /*
    3562             :  * Log the death of a child process.
    3563             :  */
    3564             : static void
    3565       23898 : LogChildExit(int lev, const char *procname, int pid, int exitstatus)
    3566             : {
    3567             :     /*
    3568             :      * size of activity_buffer is arbitrary, but set equal to default
    3569             :      * track_activity_query_size
    3570             :      */
    3571             :     char        activity_buffer[1024];
    3572       23898 :     const char *activity = NULL;
    3573             : 
    3574       23898 :     if (!EXIT_STATUS_0(exitstatus))
    3575        1694 :         activity = pgstat_get_crashed_backend_activity(pid,
    3576             :                                                        activity_buffer,
    3577             :                                                        sizeof(activity_buffer));
    3578             : 
    3579       23898 :     if (WIFEXITED(exitstatus))
    3580       23886 :         ereport(lev,
    3581             : 
    3582             :         /*------
    3583             :           translator: %s is a noun phrase describing a child process, such as
    3584             :           "server process" */
    3585             :                 (errmsg("%s (PID %d) exited with exit code %d",
    3586             :                         procname, pid, WEXITSTATUS(exitstatus)),
    3587             :                  activity ? errdetail("Failed process was running: %s", activity) : 0));
    3588          12 :     else if (WIFSIGNALED(exitstatus))
    3589             :     {
    3590             : #if defined(WIN32)
    3591             :         ereport(lev,
    3592             : 
    3593             :         /*------
    3594             :           translator: %s is a noun phrase describing a child process, such as
    3595             :           "server process" */
    3596             :                 (errmsg("%s (PID %d) was terminated by exception 0x%X",
    3597             :                         procname, pid, WTERMSIG(exitstatus)),
    3598             :                  errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
    3599             :                  activity ? errdetail("Failed process was running: %s", activity) : 0));
    3600             : #else
    3601          12 :         ereport(lev,
    3602             : 
    3603             :         /*------
    3604             :           translator: %s is a noun phrase describing a child process, such as
    3605             :           "server process" */
    3606             :                 (errmsg("%s (PID %d) was terminated by signal %d: %s",
    3607             :                         procname, pid, WTERMSIG(exitstatus),
    3608             :                         pg_strsignal(WTERMSIG(exitstatus))),
    3609             :                  activity ? errdetail("Failed process was running: %s", activity) : 0));
    3610             : #endif
    3611             :     }
    3612             :     else
    3613           0 :         ereport(lev,
    3614             : 
    3615             :         /*------
    3616             :           translator: %s is a noun phrase describing a child process, such as
    3617             :           "server process" */
    3618             :                 (errmsg("%s (PID %d) exited with unrecognized status %d",
    3619             :                         procname, pid, exitstatus),
    3620             :                  activity ? errdetail("Failed process was running: %s", activity) : 0));
    3621       23898 : }
    3622             : 
    3623             : /*
    3624             :  * Advance the postmaster's state machine and take actions as appropriate
    3625             :  *
    3626             :  * This is common code for process_pm_shutdown_request(),
    3627             :  * process_pm_child_exit() and process_pm_pmsignal(), which process the signals
    3628             :  * that might mean we need to change state.
    3629             :  */
    3630             : static void
    3631       31922 : PostmasterStateMachine(void)
    3632             : {
    3633             :     /* If we're doing a smart shutdown, try to advance that state. */
    3634       31922 :     if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
    3635             :     {
    3636       24676 :         if (!connsAllowed)
    3637             :         {
    3638             :             /*
    3639             :              * This state ends when we have no normal client backends running.
    3640             :              * Then we're ready to stop other children.
    3641             :              */
    3642          48 :             if (CountChildren(BACKEND_TYPE_NORMAL) == 0)
    3643          24 :                 pmState = PM_STOP_BACKENDS;
    3644             :         }
    3645             :     }
    3646             : 
    3647             :     /*
    3648             :      * If we're ready to do so, signal child processes to shut down.  (This
    3649             :      * isn't a persistent state, but treating it as a distinct pmState allows
    3650             :      * us to share this code across multiple shutdown code paths.)
    3651             :      */
    3652       31922 :     if (pmState == PM_STOP_BACKENDS)
    3653             :     {
    3654             :         /*
    3655             :          * Forget any pending requests for background workers, since we're no
    3656             :          * longer willing to launch any new workers.  (If additional requests
    3657             :          * arrive, BackgroundWorkerStateChange will reject them.)
    3658             :          */
    3659         734 :         ForgetUnstartedBackgroundWorkers();
    3660             : 
    3661             :         /* Signal all backend children except walsenders */
    3662         734 :         SignalSomeChildren(SIGTERM,
    3663             :                            BACKEND_TYPE_ALL - BACKEND_TYPE_WALSND);
    3664             :         /* and the autovac launcher too */
    3665         734 :         if (AutoVacPID != 0)
    3666         608 :             signal_child(AutoVacPID, SIGTERM);
    3667             :         /* and the bgwriter too */
    3668         734 :         if (BgWriterPID != 0)
    3669         734 :             signal_child(BgWriterPID, SIGTERM);
    3670             :         /* and the walwriter too */
    3671         734 :         if (WalWriterPID != 0)
    3672         672 :             signal_child(WalWriterPID, SIGTERM);
    3673             :         /* If we're in recovery, also stop startup and walreceiver procs */
    3674         734 :         if (StartupPID != 0)
    3675          62 :             signal_child(StartupPID, SIGTERM);
    3676         734 :         if (WalReceiverPID != 0)
    3677          48 :             signal_child(WalReceiverPID, SIGTERM);
    3678             :         /* checkpointer, archiver, stats, and syslogger may continue for now */
    3679             : 
    3680             :         /* Now transition to PM_WAIT_BACKENDS state to wait for them to die */
    3681         734 :         pmState = PM_WAIT_BACKENDS;
    3682             :     }
    3683             : 
    3684             :     /*
    3685             :      * If we are in a state-machine state that implies waiting for backends to
    3686             :      * exit, see if they're all gone, and change state if so.
    3687             :      */
    3688       31922 :     if (pmState == PM_WAIT_BACKENDS)
    3689             :     {
    3690             :         /*
    3691             :          * PM_WAIT_BACKENDS state ends when we have no regular backends
    3692             :          * (including autovac workers), no bgworkers (including unconnected
    3693             :          * ones), and no walwriter, autovac launcher or bgwriter.  If we are
    3694             :          * doing crash recovery or an immediate shutdown then we expect the
    3695             :          * checkpointer to exit as well, otherwise not. The stats and
    3696             :          * syslogger processes are disregarded since they are not connected to
    3697             :          * shared memory; we also disregard dead_end children here. Walsenders
    3698             :          * and archiver are also disregarded, they will be terminated later
    3699             :          * after writing the checkpoint record.
    3700             :          */
    3701        6364 :         if (CountChildren(BACKEND_TYPE_ALL - BACKEND_TYPE_WALSND) == 0 &&
    3702        2960 :             StartupPID == 0 &&
    3703        2728 :             WalReceiverPID == 0 &&
    3704        2666 :             BgWriterPID == 0 &&
    3705        1866 :             (CheckpointerPID == 0 ||
    3706        1208 :              (!FatalError && Shutdown < ImmediateShutdown)) &&
    3707        1746 :             WalWriterPID == 0 &&
    3708        1436 :             AutoVacPID == 0)
    3709             :         {
    3710        1282 :             if (Shutdown >= ImmediateShutdown || FatalError)
    3711             :             {
    3712             :                 /*
    3713             :                  * Start waiting for dead_end children to die.  This state
    3714             :                  * change causes ServerLoop to stop creating new ones.
    3715             :                  */
    3716         548 :                 pmState = PM_WAIT_DEAD_END;
    3717             : 
    3718             :                 /*
    3719             :                  * We already SIGQUIT'd the archiver and stats processes, if
    3720             :                  * any, when we started immediate shutdown or entered
    3721             :                  * FatalError state.
    3722             :                  */
    3723             :             }
    3724             :             else
    3725             :             {
    3726             :                 /*
    3727             :                  * If we get here, we are proceeding with normal shutdown. All
    3728             :                  * the regular children are gone, and it's time to tell the
    3729             :                  * checkpointer to do a shutdown checkpoint.
    3730             :                  */
    3731             :                 Assert(Shutdown > NoShutdown);
    3732             :                 /* Start the checkpointer if not running */
    3733         734 :                 if (CheckpointerPID == 0)
    3734           0 :                     CheckpointerPID = StartCheckpointer();
    3735             :                 /* And tell it to shut down */
    3736         734 :                 if (CheckpointerPID != 0)
    3737             :                 {
    3738         734 :                     signal_child(CheckpointerPID, SIGUSR2);
    3739         734 :                     pmState = PM_SHUTDOWN;
    3740             :                 }
    3741             :                 else
    3742             :                 {
    3743             :                     /*
    3744             :                      * If we failed to fork a checkpointer, just shut down.
    3745             :                      * Any required cleanup will happen at next restart. We
    3746             :                      * set FatalError so that an "abnormal shutdown" message
    3747             :                      * gets logged when we exit.
    3748             :                      *
    3749             :                      * We don't consult send_abort_for_crash here, as it's
    3750             :                      * unlikely that dumping cores would illuminate the reason
    3751             :                      * for checkpointer fork failure.
    3752             :                      */
    3753           0 :                     FatalError = true;
    3754           0 :                     pmState = PM_WAIT_DEAD_END;
    3755             : 
    3756             :                     /* Kill the walsenders and archiver too */
    3757           0 :                     SignalChildren(SIGQUIT);
    3758           0 :                     if (PgArchPID != 0)
    3759           0 :                         signal_child(PgArchPID, SIGQUIT);
    3760             :                 }
    3761             :             }
    3762             :         }
    3763             :     }
    3764             : 
    3765       31922 :     if (pmState == PM_SHUTDOWN_2)
    3766             :     {
    3767             :         /*
    3768             :          * PM_SHUTDOWN_2 state ends when there's no other children than
    3769             :          * dead_end children left. There shouldn't be any regular backends
    3770             :          * left by now anyway; what we're really waiting for is walsenders and
    3771             :          * archiver.
    3772             :          */
    3773         800 :         if (PgArchPID == 0 && CountChildren(BACKEND_TYPE_ALL) == 0)
    3774             :         {
    3775         734 :             pmState = PM_WAIT_DEAD_END;
    3776             :         }
    3777             :     }
    3778             : 
    3779       31922 :     if (pmState == PM_WAIT_DEAD_END)
    3780             :     {
    3781             :         /* Don't allow any new socket connection events. */
    3782        1300 :         ConfigurePostmasterWaitSet(false);
    3783             : 
    3784             :         /*
    3785             :          * PM_WAIT_DEAD_END state ends when the BackendList is entirely empty
    3786             :          * (ie, no dead_end children remain), and the archiver is gone too.
    3787             :          *
    3788             :          * The reason we wait for those two is to protect them against a new
    3789             :          * postmaster starting conflicting subprocesses; this isn't an
    3790             :          * ironclad protection, but it at least helps in the
    3791             :          * shutdown-and-immediately-restart scenario.  Note that they have
    3792             :          * already been sent appropriate shutdown signals, either during a
    3793             :          * normal state transition leading up to PM_WAIT_DEAD_END, or during
    3794             :          * FatalError processing.
    3795             :          */
    3796        1300 :         if (dlist_is_empty(&BackendList) && PgArchPID == 0)
    3797             :         {
    3798             :             /* These other guys should be dead already */
    3799             :             Assert(StartupPID == 0);
    3800             :             Assert(WalReceiverPID == 0);
    3801             :             Assert(BgWriterPID == 0);
    3802             :             Assert(CheckpointerPID == 0);
    3803             :             Assert(WalWriterPID == 0);
    3804             :             Assert(AutoVacPID == 0);
    3805             :             /* syslogger is not considered here */
    3806        1282 :             pmState = PM_NO_CHILDREN;
    3807             :         }
    3808             :     }
    3809             : 
    3810             :     /*
    3811             :      * If we've been told to shut down, we exit as soon as there are no
    3812             :      * remaining children.  If there was a crash, cleanup will occur at the
    3813             :      * next startup.  (Before PostgreSQL 8.3, we tried to recover from the
    3814             :      * crash before exiting, but that seems unwise if we are quitting because
    3815             :      * we got SIGTERM from init --- there may well not be time for recovery
    3816             :      * before init decides to SIGKILL us.)
    3817             :      *
    3818             :      * Note that the syslogger continues to run.  It will exit when it sees
    3819             :      * EOF on its input pipe, which happens when there are no more upstream
    3820             :      * processes.
    3821             :      */
    3822       31922 :     if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
    3823             :     {
    3824        1268 :         if (FatalError)
    3825             :         {
    3826           0 :             ereport(LOG, (errmsg("abnormal database system shutdown")));
    3827           0 :             ExitPostmaster(1);
    3828             :         }
    3829             :         else
    3830             :         {
    3831             :             /*
    3832             :              * Normal exit from the postmaster is here.  We don't need to log
    3833             :              * anything here, since the UnlinkLockFiles proc_exit callback
    3834             :              * will do so, and that should be the last user-visible action.
    3835             :              */
    3836        1268 :             ExitPostmaster(0);
    3837             :         }
    3838             :     }
    3839             : 
    3840             :     /*
    3841             :      * If the startup process failed, or the user does not want an automatic
    3842             :      * restart after backend crashes, wait for all non-syslogger children to
    3843             :      * exit, and then exit postmaster.  We don't try to reinitialize when the
    3844             :      * startup process fails, because more than likely it will just fail again
    3845             :      * and we will keep trying forever.
    3846             :      */
    3847       30654 :     if (pmState == PM_NO_CHILDREN)
    3848             :     {
    3849          14 :         if (StartupStatus == STARTUP_CRASHED)
    3850             :         {
    3851           6 :             ereport(LOG,
    3852             :                     (errmsg("shutting down due to startup process failure")));
    3853           6 :             ExitPostmaster(1);
    3854             :         }
    3855           8 :         if (!restart_after_crash)
    3856             :         {
    3857           0 :             ereport(LOG,
    3858             :                     (errmsg("shutting down because restart_after_crash is off")));
    3859           0 :             ExitPostmaster(1);
    3860             :         }
    3861             :     }
    3862             : 
    3863             :     /*
    3864             :      * If we need to recover from a crash, wait for all non-syslogger children
    3865             :      * to exit, then reset shmem and StartupDataBase.
    3866             :      */
    3867       30648 :     if (FatalError && pmState == PM_NO_CHILDREN)
    3868             :     {
    3869           8 :         ereport(LOG,
    3870             :                 (errmsg("all server processes terminated; reinitializing")));
    3871             : 
    3872             :         /* remove leftover temporary files after a crash */
    3873           8 :         if (remove_temp_files_after_crash)
    3874           6 :             RemovePgTempFiles();
    3875             : 
    3876             :         /* allow background workers to immediately restart */
    3877           8 :         ResetBackgroundWorkerCrashTimes();
    3878             : 
    3879           8 :         shmem_exit(1);
    3880             : 
    3881             :         /* re-read control file into local memory */
    3882           8 :         LocalProcessControlFile(true);
    3883             : 
    3884             :         /* re-create shared memory and semaphores */
    3885           8 :         CreateSharedMemoryAndSemaphores();
    3886             : 
    3887           8 :         StartupPID = StartupDataBase();
    3888             :         Assert(StartupPID != 0);
    3889           8 :         StartupStatus = STARTUP_RUNNING;
    3890           8 :         pmState = PM_STARTUP;
    3891             :         /* crash recovery started, reset SIGKILL flag */
    3892           8 :         AbortStartTime = 0;
    3893             : 
    3894             :         /* start accepting server socket connection events again */
    3895           8 :         ConfigurePostmasterWaitSet(true);
    3896             :     }
    3897       30648 : }
    3898             : 
    3899             : 
    3900             : /*
    3901             :  * Send a signal to a postmaster child process
    3902             :  *
    3903             :  * On systems that have setsid(), each child process sets itself up as a
    3904             :  * process group leader.  For signals that are generally interpreted in the
    3905             :  * appropriate fashion, we signal the entire process group not just the
    3906             :  * direct child process.  This allows us to, for example, SIGQUIT a blocked
    3907             :  * archive_recovery script, or SIGINT a script being run by a backend via
    3908             :  * system().
    3909             :  *
    3910             :  * There is a race condition for recently-forked children: they might not
    3911             :  * have executed setsid() yet.  So we signal the child directly as well as
    3912             :  * the group.  We assume such a child will handle the signal before trying
    3913             :  * to spawn any grandchild processes.  We also assume that signaling the
    3914             :  * child twice will not cause any problems.
    3915             :  */
    3916             : static void
    3917        8368 : signal_child(pid_t pid, int signal)
    3918             : {
    3919        8368 :     if (kill(pid, signal) < 0)
    3920           0 :         elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
    3921             : #ifdef HAVE_SETSID
    3922        8368 :     switch (signal)
    3923             :     {
    3924        6198 :         case SIGINT:
    3925             :         case SIGTERM:
    3926             :         case SIGQUIT:
    3927             :         case SIGKILL:
    3928             :         case SIGABRT:
    3929        6198 :             if (kill(-pid, signal) < 0)
    3930          22 :                 elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
    3931        6198 :             break;
    3932        2170 :         default:
    3933        2170 :             break;
    3934             :     }
    3935             : #endif
    3936        8368 : }
    3937             : 
    3938             : /*
    3939             :  * Convenience function for killing a child process after a crash of some
    3940             :  * other child process.  We log the action at a higher level than we would
    3941             :  * otherwise do, and we apply send_abort_for_crash to decide which signal
    3942             :  * to send.  Normally it's SIGQUIT -- and most other comments in this file
    3943             :  * are written on the assumption that it is -- but developers might prefer
    3944             :  * to use SIGABRT to collect per-child core dumps.
    3945             :  */
    3946             : static void
    3947          60 : sigquit_child(pid_t pid)
    3948             : {
    3949          60 :     ereport(DEBUG2,
    3950             :             (errmsg_internal("sending %s to process %d",
    3951             :                              (send_abort_for_crash ? "SIGABRT" : "SIGQUIT"),
    3952             :                              (int) pid)));
    3953          60 :     signal_child(pid, (send_abort_for_crash ? SIGABRT : SIGQUIT));
    3954          60 : }
    3955             : 
    3956             : /*
    3957             :  * Send a signal to the targeted children (but NOT special children;
    3958             :  * dead_end children are never signaled, either).
    3959             :  */
    3960             : static bool
    3961        2210 : SignalSomeChildren(int signal, int target)
    3962             : {
    3963             :     dlist_iter  iter;
    3964        2210 :     bool        signaled = false;
    3965             : 
    3966        4712 :     dlist_foreach(iter, &BackendList)
    3967             :     {
    3968        2502 :         Backend    *bp = dlist_container(Backend, elem, iter.cur);
    3969             : 
    3970        2502 :         if (bp->dead_end)
    3971           2 :             continue;
    3972             : 
    3973             :         /*
    3974             :          * Since target == BACKEND_TYPE_ALL is the most common case, we test
    3975             :          * it first and avoid touching shared memory for every child.
    3976             :          */
    3977        2500 :         if (target != BACKEND_TYPE_ALL)
    3978             :         {
    3979             :             /*
    3980             :              * Assign bkend_type for any recently announced WAL Sender
    3981             :              * processes.
    3982             :              */
    3983        1618 :             if (bp->bkend_type == BACKEND_TYPE_NORMAL &&
    3984         458 :                 IsPostmasterChildWalSender(bp->child_slot))
    3985          56 :                 bp->bkend_type = BACKEND_TYPE_WALSND;
    3986             : 
    3987        1160 :             if (!(target & bp->bkend_type))
    3988          56 :                 continue;
    3989             :         }
    3990             : 
    3991        2444 :         ereport(DEBUG4,
    3992             :                 (errmsg_internal("sending signal %d to process %d",
    3993             :                                  signal, (int) bp->pid)));
    3994        2444 :         signal_child(bp->pid, signal);
    3995        2444 :         signaled = true;
    3996             :     }
    3997        2210 :     return signaled;
    3998             : }
    3999             : 
    4000             : /*
    4001             :  * Send a termination signal to children.  This considers all of our children
    4002             :  * processes, except syslogger and dead_end backends.
    4003             :  */
    4004             : static void
    4005         534 : TerminateChildren(int signal)
    4006             : {
    4007         534 :     SignalChildren(signal);
    4008         534 :     if (StartupPID != 0)
    4009             :     {
    4010          86 :         signal_child(StartupPID, signal);
    4011          86 :         if (signal == SIGQUIT || signal == SIGKILL || signal == SIGABRT)
    4012          86 :             StartupStatus = STARTUP_SIGNALED;
    4013             :     }
    4014         534 :     if (BgWriterPID != 0)
    4015         534 :         signal_child(BgWriterPID, signal);
    4016         534 :     if (CheckpointerPID != 0)
    4017         534 :         signal_child(CheckpointerPID, signal);
    4018         534 :     if (WalWriterPID != 0)
    4019         448 :         signal_child(WalWriterPID, signal);
    4020         534 :     if (WalReceiverPID != 0)
    4021          42 :         signal_child(WalReceiverPID, signal);
    4022         534 :     if (AutoVacPID != 0)
    4023         382 :         signal_child(AutoVacPID, signal);
    4024         534 :     if (PgArchPID != 0)
    4025          42 :         signal_child(PgArchPID, signal);
    4026         534 : }
    4027             : 
    4028             : /*
    4029             :  * BackendStartup -- start backend process
    4030             :  *
    4031             :  * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
    4032             :  *
    4033             :  * Note: if you change this code, also consider StartAutovacuumWorker.
    4034             :  */
    4035             : static int
    4036       19926 : BackendStartup(Port *port)
    4037             : {
    4038             :     Backend    *bn;             /* for backend cleanup */
    4039             :     pid_t       pid;
    4040             : 
    4041             :     /*
    4042             :      * Create backend data structure.  Better before the fork() so we can
    4043             :      * handle failure cleanly.
    4044             :      */
    4045       19926 :     bn = (Backend *) palloc_extended(sizeof(Backend), MCXT_ALLOC_NO_OOM);
    4046       19926 :     if (!bn)
    4047             :     {
    4048           0 :         ereport(LOG,
    4049             :                 (errcode(ERRCODE_OUT_OF_MEMORY),
    4050             :                  errmsg("out of memory")));
    4051           0 :         return STATUS_ERROR;
    4052             :     }
    4053             : 
    4054             :     /*
    4055             :      * Compute the cancel key that will be assigned to this backend. The
    4056             :      * backend will have its own copy in the forked-off process' value of
    4057             :      * MyCancelKey, so that it can transmit the key to the frontend.
    4058             :      */
    4059       19926 :     if (!RandomCancelKey(&MyCancelKey))
    4060             :     {
    4061           0 :         pfree(bn);
    4062           0 :         ereport(LOG,
    4063             :                 (errcode(ERRCODE_INTERNAL_ERROR),
    4064             :                  errmsg("could not generate random cancel key")));
    4065           0 :         return STATUS_ERROR;
    4066             :     }
    4067             : 
    4068       19926 :     bn->cancel_key = MyCancelKey;
    4069             : 
    4070             :     /* Pass down canAcceptConnections state */
    4071       19926 :     port->canAcceptConnections = canAcceptConnections(BACKEND_TYPE_NORMAL);
    4072       19926 :     bn->dead_end = (port->canAcceptConnections != CAC_OK);
    4073             : 
    4074             :     /*
    4075             :      * Unless it's a dead_end child, assign it a child slot number
    4076             :      */
    4077       19926 :     if (!bn->dead_end)
    4078       19732 :         bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
    4079             :     else
    4080         194 :         bn->child_slot = 0;
    4081             : 
    4082             :     /* Hasn't asked to be notified about any bgworkers yet */
    4083       19926 :     bn->bgworker_notify = false;
    4084             : 
    4085             : #ifdef EXEC_BACKEND
    4086             :     pid = backend_forkexec(port);
    4087             : #else                           /* !EXEC_BACKEND */
    4088       19926 :     pid = fork_process();
    4089       39532 :     if (pid == 0)               /* child */
    4090             :     {
    4091             :         /* Detangle from postmaster */
    4092       19608 :         InitPostmasterChild();
    4093             : 
    4094             :         /* Close the postmaster's sockets */
    4095       19608 :         ClosePostmasterPorts(false);
    4096             : 
    4097             :         /* Perform additional initialization and collect startup packet */
    4098       19608 :         BackendInitialize(port);
    4099             : 
    4100             :         /* And run the backend */
    4101       19346 :         BackendRun(port);
    4102             :     }
    4103             : #endif                          /* EXEC_BACKEND */
    4104             : 
    4105       19924 :     if (pid < 0)
    4106             :     {
    4107             :         /* in parent, fork failed */
    4108           0 :         int         save_errno = errno;
    4109             : 
    4110           0 :         if (!bn->dead_end)
    4111           0 :             (void) ReleasePostmasterChildSlot(bn->child_slot);
    4112           0 :         pfree(bn);
    4113           0 :         errno = save_errno;
    4114           0 :         ereport(LOG,
    4115             :                 (errmsg("could not fork new process for connection: %m")));
    4116           0 :         report_fork_failure_to_client(port, save_errno);
    4117           0 :         return STATUS_ERROR;
    4118             :     }
    4119             : 
    4120             :     /* in parent, successful fork */
    4121       19924 :     ereport(DEBUG2,
    4122             :             (errmsg_internal("forked new backend, pid=%d socket=%d",
    4123             :                              (int) pid, (int) port->sock)));
    4124             : 
    4125             :     /*
    4126             :      * Everything's been successful, it's safe to add this backend to our list
    4127             :      * of backends.
    4128             :      */
    4129       19924 :     bn->pid = pid;
    4130       19924 :     bn->bkend_type = BACKEND_TYPE_NORMAL;    /* Can change later to WALSND */
    4131       19924 :     dlist_push_head(&BackendList, &bn->elem);
    4132             : 
    4133             : #ifdef EXEC_BACKEND
    4134             :     if (!bn->dead_end)
    4135             :         ShmemBackendArrayAdd(bn);
    4136             : #endif
    4137             : 
    4138       19924 :     return STATUS_OK;
    4139             : }
    4140             : 
    4141             : /*
    4142             :  * Try to report backend fork() failure to client before we close the
    4143             :  * connection.  Since we do not care to risk blocking the postmaster on
    4144             :  * this connection, we set the connection to non-blocking and try only once.
    4145             :  *
    4146             :  * This is grungy special-purpose code; we cannot use backend libpq since
    4147             :  * it's not up and running.
    4148             :  */
    4149             : static void
    4150           0 : report_fork_failure_to_client(Port *port, int errnum)
    4151             : {
    4152             :     char        buffer[1000];
    4153             :     int         rc;
    4154             : 
    4155             :     /* Format the error message packet (always V2 protocol) */
    4156           0 :     snprintf(buffer, sizeof(buffer), "E%s%s\n",
    4157             :              _("could not fork new process for connection: "),
    4158             :              strerror(errnum));
    4159             : 
    4160             :     /* Set port to non-blocking.  Don't do send() if this fails */
    4161           0 :     if (!pg_set_noblock(port->sock))
    4162           0 :         return;
    4163             : 
    4164             :     /* We'll retry after EINTR, but ignore all other failures */
    4165             :     do
    4166             :     {
    4167           0 :         rc = send(port->sock, buffer, strlen(buffer) + 1, 0);
    4168           0 :     } while (rc < 0 && errno == EINTR);
    4169             : }
    4170             : 
    4171             : 
    4172             : /*
    4173             :  * BackendInitialize -- initialize an interactive (postmaster-child)
    4174             :  *              backend process, and collect the client's startup packet.
    4175             :  *
    4176             :  * returns: nothing.  Will not return at all if there's any failure.
    4177             :  *
    4178             :  * Note: this code does not depend on having any access to shared memory.
    4179             :  * Indeed, our approach to SIGTERM/timeout handling *requires* that
    4180             :  * shared memory not have been touched yet; see comments within.
    4181             :  * In the EXEC_BACKEND case, we are physically attached to shared memory
    4182             :  * but have not yet set up most of our local pointers to shmem structures.
    4183             :  */
    4184             : static void
    4185       19608 : BackendInitialize(Port *port)
    4186             : {
    4187             :     int         status;
    4188             :     int         ret;
    4189             :     char        remote_host[NI_MAXHOST];
    4190             :     char        remote_port[NI_MAXSERV];
    4191             :     StringInfoData ps_data;
    4192             : 
    4193             :     /* Save port etc. for ps status */
    4194       19608 :     MyProcPort = port;
    4195             : 
    4196             :     /* Tell fd.c about the long-lived FD associated with the port */
    4197       19608 :     ReserveExternalFD();
    4198             : 
    4199             :     /*
    4200             :      * PreAuthDelay is a debugging aid for investigating problems in the
    4201             :      * authentication cycle: it can be set in postgresql.conf to allow time to
    4202             :      * attach to the newly-forked backend with a debugger.  (See also
    4203             :      * PostAuthDelay, which we allow clients to pass through PGOPTIONS, but it
    4204             :      * is not honored until after authentication.)
    4205             :      */
    4206       19608 :     if (PreAuthDelay > 0)
    4207           0 :         pg_usleep(PreAuthDelay * 1000000L);
    4208             : 
    4209             :     /* This flag will remain set until InitPostgres finishes authentication */
    4210       19608 :     ClientAuthInProgress = true;    /* limit visibility of log messages */
    4211             : 
    4212             :     /* set these to empty in case they are needed before we set them up */
    4213       19608 :     port->remote_host = "";
    4214       19608 :     port->remote_port = "";
    4215             : 
    4216             :     /*
    4217             :      * Initialize libpq and enable reporting of ereport errors to the client.
    4218             :      * Must do this now because authentication uses libpq to send messages.
    4219             :      */
    4220       19608 :     pq_init();                  /* initialize libpq to talk to client */
    4221       19608 :     whereToSendOutput = DestRemote; /* now safe to ereport to client */
    4222             : 
    4223             :     /*
    4224             :      * We arrange to do _exit(1) if we receive SIGTERM or timeout while trying
    4225             :      * to collect the startup packet; while SIGQUIT results in _exit(2).
    4226             :      * Otherwise the postmaster cannot shutdown the database FAST or IMMED
    4227             :      * cleanly if a buggy client fails to send the packet promptly.
    4228             :      *
    4229             :      * Exiting with _exit(1) is only possible because we have not yet touched
    4230             :      * shared memory; therefore no outside-the-process state needs to get
    4231             :      * cleaned up.
    4232             :      */
    4233       19608 :     pqsignal(SIGTERM, process_startup_packet_die);
    4234             :     /* SIGQUIT handler was already set up by InitPostmasterChild */
    4235       19608 :     InitializeTimeouts();       /* establishes SIGALRM handler */
    4236       19608 :     sigprocmask(SIG_SETMASK, &StartupBlockSig, NULL);
    4237             : 
    4238             :     /*
    4239             :      * Get the remote host name and port for logging and status display.
    4240             :      */
    4241       19608 :     remote_host[0] = '\0';
    4242       19608 :     remote_port[0] = '\0';
    4243       19608 :     if ((ret = pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
    4244             :                                   remote_host, sizeof(remote_host),
    4245             :                                   remote_port, sizeof(remote_port),
    4246             :                                   (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV)) != 0)
    4247           0 :         ereport(WARNING,
    4248             :                 (errmsg_internal("pg_getnameinfo_all() failed: %s",
    4249             :                                  gai_strerror(ret))));
    4250             : 
    4251             :     /*
    4252             :      * Save remote_host and remote_port in port structure (after this, they
    4253             :      * will appear in log_line_prefix data for log messages).
    4254             :      */
    4255       19608 :     port->remote_host = strdup(remote_host);
    4256       19608 :     port->remote_port = strdup(remote_port);
    4257             : 
    4258             :     /* And now we can issue the Log_connections message, if wanted */
    4259       19608 :     if (Log_connections)
    4260             :     {
    4261         688 :         if (remote_port[0])
    4262         230 :             ereport(LOG,
    4263             :                     (errmsg("connection received: host=%s port=%s",
    4264             :                             remote_host,
    4265             :                             remote_port)));
    4266             :         else
    4267         458 :             ereport(LOG,
    4268             :                     (errmsg("connection received: host=%s",
    4269             :                             remote_host)));
    4270             :     }
    4271             : 
    4272             :     /*
    4273             :      * If we did a reverse lookup to name, we might as well save the results
    4274             :      * rather than possibly repeating the lookup during authentication.
    4275             :      *
    4276             :      * Note that we don't want to specify NI_NAMEREQD above, because then we'd
    4277             :      * get nothing useful for a client without an rDNS entry.  Therefore, we
    4278             :      * must check whether we got a numeric IPv4 or IPv6 address, and not save
    4279             :      * it into remote_hostname if so.  (This test is conservative and might
    4280             :      * sometimes classify a hostname as numeric, but an error in that
    4281             :      * direction is safe; it only results in a possible extra lookup.)
    4282             :      */
    4283       19608 :     if (log_hostname &&
    4284         230 :         ret == 0 &&
    4285         230 :         strspn(remote_host, "0123456789.") < strlen(remote_host) &&
    4286         230 :         strspn(remote_host, "0123456789ABCDEFabcdef:") < strlen(remote_host))
    4287         230 :         port->remote_hostname = strdup(remote_host);
    4288             : 
    4289             :     /*
    4290             :      * Ready to begin client interaction.  We will give up and _exit(1) after
    4291             :      * a time delay, so that a broken client can't hog a connection
    4292             :      * indefinitely.  PreAuthDelay and any DNS interactions above don't count
    4293             :      * against the time limit.
    4294             :      *
    4295             :      * Note: AuthenticationTimeout is applied here while waiting for the
    4296             :      * startup packet, and then again in InitPostgres for the duration of any
    4297             :      * authentication operations.  So a hostile client could tie up the
    4298             :      * process for nearly twice AuthenticationTimeout before we kick him off.
    4299             :      *
    4300             :      * Note: because PostgresMain will call InitializeTimeouts again, the
    4301             :      * registration of STARTUP_PACKET_TIMEOUT will be lost.  This is okay
    4302             :      * since we never use it again after this function.
    4303             :      */
    4304       19608 :     RegisterTimeout(STARTUP_PACKET_TIMEOUT, StartupPacketTimeoutHandler);
    4305       19608 :     enable_timeout_after(STARTUP_PACKET_TIMEOUT, AuthenticationTimeout * 1000);
    4306             : 
    4307             :     /*
    4308             :      * Receive the startup packet (which might turn out to be a cancel request
    4309             :      * packet).
    4310             :      */
    4311       19608 :     status = ProcessStartupPacket(port, false, false);
    4312             : 
    4313             :     /*
    4314             :      * If we're going to reject the connection due to database state, say so
    4315             :      * now instead of wasting cycles on an authentication exchange. (This also
    4316             :      * allows a pg_ping utility to be written.)
    4317             :      */
    4318       19608 :     switch (port->canAcceptConnections)
    4319             :     {
    4320         184 :         case CAC_STARTUP:
    4321         184 :             ereport(FATAL,
    4322             :                     (errcode(ERRCODE_CANNOT_CONNECT_NOW),
    4323             :                      errmsg("the database system is starting up")));
    4324             :             break;
    4325           8 :         case CAC_NOTCONSISTENT:
    4326           8 :             if (EnableHotStandby)
    4327           8 :                 ereport(FATAL,
    4328             :                         (errcode(ERRCODE_CANNOT_CONNECT_NOW),
    4329             :                          errmsg("the database system is not yet accepting connections"),
    4330             :                          errdetail("Consistent recovery state has not been yet reached.")));
    4331             :             else
    4332           0 :                 ereport(FATAL,
    4333             :                         (errcode(ERRCODE_CANNOT_CONNECT_NOW),
    4334             :                          errmsg("the database system is not accepting connections"),
    4335             :                          errdetail("Hot standby mode is disabled.")));
    4336             :             break;
    4337           2 :         case CAC_SHUTDOWN:
    4338           2 :             ereport(FATAL,
    4339             :                     (errcode(ERRCODE_CANNOT_CONNECT_NOW),
    4340             :                      errmsg("the database system is shutting down")));
    4341             :             break;
    4342           0 :         case CAC_RECOVERY:
    4343           0 :             ereport(FATAL,
    4344             :                     (errcode(ERRCODE_CANNOT_CONNECT_NOW),
    4345             :                      errmsg("the database system is in recovery mode")));
    4346             :             break;
    4347           0 :         case CAC_TOOMANY:
    4348           0 :             ereport(FATAL,
    4349             :                     (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
    4350             :                      errmsg("sorry, too many clients already")));
    4351             :             break;
    4352       19414 :         case CAC_OK:
    4353       19414 :             break;
    4354             :     }
    4355             : 
    4356             :     /*
    4357             :      * Disable the timeout, and prevent SIGTERM again.
    4358             :      */
    4359       19414 :     disable_timeout(STARTUP_PACKET_TIMEOUT, false);
    4360       19414 :     sigprocmask(SIG_SETMASK, &BlockSig, NULL);
    4361             : 
    4362             :     /*
    4363             :      * As a safety check that nothing in startup has yet performed
    4364             :      * shared-memory modifications that would need to be undone if we had
    4365             :      * exited through SIGTERM or timeout above, check that no on_shmem_exit
    4366             :      * handlers have been registered yet.  (This isn't terribly bulletproof,
    4367             :      * since someone might misuse an on_proc_exit handler for shmem cleanup,
    4368             :      * but it's a cheap and helpful check.  We cannot disallow on_proc_exit
    4369             :      * handlers unfortunately, since pq_init() already registered one.)
    4370             :      */
    4371       19414 :     check_on_shmem_exit_lists_are_empty();
    4372             : 
    4373             :     /*
    4374             :      * Stop here if it was bad or a cancel packet.  ProcessStartupPacket
    4375             :      * already did any appropriate error reporting.
    4376             :      */
    4377       19414 :     if (status != STATUS_OK)
    4378          68 :         proc_exit(0);
    4379             : 
    4380             :     /*
    4381             :      * Now that we have the user and database name, we can set the process
    4382             :      * title for ps.  It's good to do this as early as possible in startup.
    4383             :      */
    4384       19346 :     initStringInfo(&ps_data);
    4385       19346 :     if (am_walsender)
    4386        1720 :         appendStringInfo(&ps_data, "%s ", GetBackendTypeDesc(B_WAL_SENDER));
    4387       19346 :     appendStringInfo(&ps_data, "%s ", port->user_name);
    4388       19346 :     if (port->database_name[0] != '\0')
    4389       18656 :         appendStringInfo(&ps_data, "%s ", port->database_name);
    4390       19346 :     appendStringInfoString(&ps_data, port->remote_host);
    4391       19346 :     if (port->remote_port[0] != '\0')
    4392         452 :         appendStringInfo(&ps_data, "(%s)", port->remote_port);
    4393             : 
    4394       19346 :     init_ps_display(ps_data.data);
    4395       19346 :     pfree(ps_data.data);
    4396             : 
    4397       19346 :     set_ps_display("initializing");
    4398       19346 : }
    4399             : 
    4400             : 
    4401             : /*
    4402             :  * BackendRun -- set up the backend's argument list and invoke PostgresMain()
    4403             :  *
    4404             :  * returns:
    4405             :  *      Doesn't return at all.
    4406             :  */
    4407             : static void
    4408       19346 : BackendRun(Port *port)
    4409             : {
    4410             :     /*
    4411             :      * Create a per-backend PGPROC struct in shared memory.  We must do this
    4412             :      * before we can use LWLocks or access any shared memory.
    4413             :      */
    4414       19346 :     InitProcess();
    4415             : 
    4416             :     /*
    4417             :      * Make sure we aren't in PostmasterContext anymore.  (We can't delete it
    4418             :      * just yet, though, because InitPostgres will need the HBA data.)
    4419             :      */
    4420       19342 :     MemoryContextSwitchTo(TopMemoryContext);
    4421             : 
    4422       19342 :     PostgresMain(port->database_name, port->user_name);
    4423             : }
    4424             : 
    4425             : 
    4426             : #ifdef EXEC_BACKEND
    4427             : 
    4428             : /*
    4429             :  * postmaster_forkexec -- fork and exec a postmaster subprocess
    4430             :  *
    4431             :  * The caller must have set up the argv array already, except for argv[2]
    4432             :  * which will be filled with the name of the temp variable file.
    4433             :  *
    4434             :  * Returns the child process PID, or -1 on fork failure (a suitable error
    4435             :  * message has been logged on failure).
    4436             :  *
    4437             :  * All uses of this routine will dispatch to SubPostmasterMain in the
    4438             :  * child process.
    4439             :  */
    4440             : pid_t
    4441             : postmaster_forkexec(int argc, char *argv[])
    4442             : {
    4443             :     return internal_forkexec(argc, argv, NULL, NULL);
    4444             : }
    4445             : 
    4446             : /*
    4447             :  * backend_forkexec -- fork/exec off a backend process
    4448             :  *
    4449             :  * Some operating systems (WIN32) don't have fork() so we have to simulate
    4450             :  * it by storing parameters that need to be passed to the child and
    4451             :  * then create a new child process.
    4452             :  *
    4453             :  * returns the pid of the fork/exec'd process, or -1 on failure
    4454             :  */
    4455             : static pid_t
    4456             : backend_forkexec(Port *port)
    4457             : {
    4458             :     char       *av[4];
    4459             :     int         ac = 0;
    4460             : 
    4461             :     av[ac++] = "postgres";
    4462             :     av[ac++] = "--forkbackend";
    4463             :     av[ac++] = NULL;            /* filled in by internal_forkexec */
    4464             : 
    4465             :     av[ac] = NULL;
    4466             :     Assert(ac < lengthof(av));
    4467             : 
    4468             :     return internal_forkexec(ac, av, port, NULL);
    4469             : }
    4470             : 
    4471             : #ifndef WIN32
    4472             : 
    4473             : /*
    4474             :  * internal_forkexec non-win32 implementation
    4475             :  *
    4476             :  * - writes out backend variables to the parameter file
    4477             :  * - fork():s, and then exec():s the child process
    4478             :  */
    4479             : static pid_t
    4480             : internal_forkexec(int argc, char *argv[], Port *port, BackgroundWorker *worker)
    4481             : {
    4482             :     static unsigned long tmpBackendFileNum = 0;
    4483             :     pid_t       pid;
    4484             :     char        tmpfilename[MAXPGPATH];
    4485             :     BackendParameters param;
    4486             :     FILE       *fp;
    4487             : 
    4488             :     /*
    4489             :      * Make sure padding bytes are initialized, to prevent Valgrind from
    4490             :      * complaining about writing uninitialized bytes to the file.  This isn't
    4491             :      * performance critical, and the win32 implementation initializes the
    4492             :      * padding bytes to zeros, so do it even when not using Valgrind.
    4493             :      */
    4494             :     memset(&param, 0, sizeof(BackendParameters));
    4495             : 
    4496             :     if (!save_backend_variables(&param, port, worker))
    4497             :         return -1;              /* log made by save_backend_variables */
    4498             : 
    4499             :     /* Calculate name for temp file */
    4500             :     snprintf(tmpfilename, MAXPGPATH, "%s/%s.backend_var.%d.%lu",
    4501             :              PG_TEMP_FILES_DIR, PG_TEMP_FILE_PREFIX,
    4502             :              MyProcPid, ++tmpBackendFileNum);
    4503             : 
    4504             :     /* Open file */
    4505             :     fp = AllocateFile(tmpfilename, PG_BINARY_W);
    4506             :     if (!fp)
    4507             :     {
    4508             :         /*
    4509             :          * As in OpenTemporaryFileInTablespace, try to make the temp-file
    4510             :          * directory, ignoring errors.
    4511             :          */
    4512             :         (void) MakePGDirectory(PG_TEMP_FILES_DIR);
    4513             : 
    4514             :         fp = AllocateFile(tmpfilename, PG_BINARY_W);
    4515             :         if (!fp)
    4516             :         {
    4517             :             ereport(LOG,
    4518             :                     (errcode_for_file_access(),
    4519             :                      errmsg("could not create file \"%s\": %m",
    4520             :                             tmpfilename)));
    4521             :             return -1;
    4522             :         }
    4523             :     }
    4524             : 
    4525             :     if (fwrite(&param, sizeof(param), 1, fp) != 1)
    4526             :     {
    4527             :         ereport(LOG,
    4528             :                 (errcode_for_file_access(),
    4529             :                  errmsg("could not write to file \"%s\": %m", tmpfilename)));
    4530             :         FreeFile(fp);
    4531             :         return -1;
    4532             :     }
    4533             : 
    4534             :     /* Release file */
    4535             :     if (FreeFile(fp))
    4536             :     {
    4537             :         ereport(LOG,
    4538             :                 (errcode_for_file_access(),
    4539             :                  errmsg("could not write to file \"%s\": %m", tmpfilename)));
    4540             :         return -1;
    4541             :     }
    4542             : 
    4543             :     /* Make sure caller set up argv properly */
    4544             :     Assert(argc >= 3);
    4545             :     Assert(argv[argc] == NULL);
    4546             :     Assert(strncmp(argv[1], "--fork", 6) == 0);
    4547             :     Assert(argv[2] == NULL);
    4548             : 
    4549             :     /* Insert temp file name after --fork argument */
    4550             :     argv[2] = tmpfilename;
    4551             : 
    4552             :     /* Fire off execv in child */
    4553             :     if ((pid = fork_process()) == 0)
    4554             :     {
    4555             :         if (execv(postgres_exec_path, argv) < 0)
    4556             :         {
    4557             :             ereport(LOG,
    4558             :                     (errmsg("could not execute server process \"%s\": %m",
    4559             :                             postgres_exec_path)));
    4560             :             /* We're already in the child process here, can't return */
    4561             :             exit(1);
    4562             :         }
    4563             :     }
    4564             : 
    4565             :     return pid;                 /* Parent returns pid, or -1 on fork failure */
    4566             : }
    4567             : #else                           /* WIN32 */
    4568             : 
    4569             : /*
    4570             :  * internal_forkexec win32 implementation
    4571             :  *
    4572             :  * - starts backend using CreateProcess(), in suspended state
    4573             :  * - writes out backend variables to the parameter file
    4574             :  *  - during this, duplicates handles and sockets required for
    4575             :  *    inheritance into the new process
    4576             :  * - resumes execution of the new process once the backend parameter
    4577             :  *   file is complete.
    4578             :  */
    4579             : static pid_t
    4580             : internal_forkexec(int argc, char *argv[], Port *port, BackgroundWorker *worker)
    4581             : {
    4582             :     int         retry_count = 0;
    4583             :     STARTUPINFO si;
    4584             :     PROCESS_INFORMATION pi;
    4585             :     int         i;
    4586             :     int         j;
    4587             :     char        cmdLine[MAXPGPATH * 2];
    4588             :     HANDLE      paramHandle;
    4589             :     BackendParameters *param;
    4590             :     SECURITY_ATTRIBUTES sa;
    4591             :     char        paramHandleStr[32];
    4592             :     win32_deadchild_waitinfo *childinfo;
    4593             : 
    4594             :     /* Make sure caller set up argv properly */
    4595             :     Assert(argc >= 3);
    4596             :     Assert(argv[argc] == NULL);
    4597             :     Assert(strncmp(argv[1], "--fork", 6) == 0);
    4598             :     Assert(argv[2] == NULL);
    4599             : 
    4600             :     /* Resume here if we need to retry */
    4601             : retry:
    4602             : 
    4603             :     /* Set up shared memory for parameter passing */
    4604             :     ZeroMemory(&sa, sizeof(sa));
    4605             :     sa.nLength = sizeof(sa);
    4606             :     sa.bInheritHandle = TRUE;
    4607             :     paramHandle = CreateFileMapping(INVALID_HANDLE_VALUE,
    4608             :                                     &sa,
    4609             :                                     PAGE_READWRITE,
    4610             :                                     0,
    4611             :                                     sizeof(BackendParameters),
    4612             :                                     NULL);
    4613             :     if (paramHandle == INVALID_HANDLE_VALUE)
    4614             :     {
    4615             :         ereport(LOG,
    4616             :                 (errmsg("could not create backend parameter file mapping: error code %lu",
    4617             :                         GetLastError())));
    4618             :         return -1;
    4619             :     }
    4620             : 
    4621             :     param = MapViewOfFile(paramHandle, FILE_MAP_WRITE, 0, 0, sizeof(BackendParameters));
    4622             :     if (!param)
    4623             :     {
    4624             :         ereport(LOG,
    4625             :                 (errmsg("could not map backend parameter memory: error code %lu",
    4626             :                         GetLastError())));
    4627             :         CloseHandle(paramHandle);
    4628             :         return -1;
    4629             :     }
    4630             : 
    4631             :     /* Insert temp file name after --fork argument */
    4632             : #ifdef _WIN64
    4633             :     sprintf(paramHandleStr, "%llu", (LONG_PTR) paramHandle);
    4634             : #else
    4635             :     sprintf(paramHandleStr, "%lu", (DWORD) paramHandle);
    4636             : #endif
    4637             :     argv[2] = paramHandleStr;
    4638             : 
    4639             :     /* Format the cmd line */
    4640             :     cmdLine[sizeof(cmdLine) - 1] = '\0';
    4641             :     cmdLine[sizeof(cmdLine) - 2] = '\0';
    4642             :     snprintf(cmdLine, sizeof(cmdLine) - 1, "\"%s\"", postgres_exec_path);
    4643             :     i = 0;
    4644             :     while (argv[++i] != NULL)
    4645             :     {
    4646             :         j = strlen(cmdLine);
    4647             :         snprintf(cmdLine + j, sizeof(cmdLine) - 1 - j, " \"%s\"", argv[i]);
    4648             :     }
    4649             :     if (cmdLine[sizeof(cmdLine) - 2] != '\0')
    4650             :     {
    4651             :         ereport(LOG,
    4652             :                 (errmsg("subprocess command line too long")));
    4653             :         UnmapViewOfFile(param);
    4654             :         CloseHandle(paramHandle);
    4655             :         return -1;
    4656             :     }
    4657             : 
    4658             :     memset(&pi, 0, sizeof(pi));
    4659             :     memset(&si, 0, sizeof(si));
    4660             :     si.cb = sizeof(si);
    4661             : 
    4662             :     /*
    4663             :      * Create the subprocess in a suspended state. This will be resumed later,
    4664             :      * once we have written out the parameter file.
    4665             :      */
    4666             :     if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED,
    4667             :                        NULL, NULL, &si, &pi))
    4668             :     {
    4669             :         ereport(LOG,
    4670             :                 (errmsg("CreateProcess() call failed: %m (error code %lu)",
    4671             :                         GetLastError())));
    4672             :         UnmapViewOfFile(param);
    4673             :         CloseHandle(paramHandle);
    4674             :         return -1;
    4675             :     }
    4676             : 
    4677             :     if (!save_backend_variables(param, port, worker, pi.hProcess, pi.dwProcessId))
    4678             :     {
    4679             :         /*
    4680             :          * log made by save_backend_variables, but we have to clean up the
    4681             :          * mess with the half-started process
    4682             :          */
    4683             :         if (!TerminateProcess(pi.hProcess, 255))
    4684             :             ereport(LOG,
    4685             :                     (errmsg_internal("could not terminate unstarted process: error code %lu",
    4686             :                                      GetLastError())));
    4687             :         CloseHandle(pi.hProcess);
    4688             :         CloseHandle(pi.hThread);
    4689             :         UnmapViewOfFile(param);
    4690             :         CloseHandle(paramHandle);
    4691             :         return -1;              /* log made by save_backend_variables */
    4692             :     }
    4693             : 
    4694             :     /* Drop the parameter shared memory that is now inherited to the backend */
    4695             :     if (!UnmapViewOfFile(param))
    4696             :         ereport(LOG,
    4697             :                 (errmsg("could not unmap view of backend parameter file: error code %lu",
    4698             :                         GetLastError())));
    4699             :     if (!CloseHandle(paramHandle))
    4700             :         ereport(LOG,
    4701             :                 (errmsg("could not close handle to backend parameter file: error code %lu",
    4702             :                         GetLastError())));
    4703             : 
    4704             :     /*
    4705             :      * Reserve the memory region used by our main shared memory segment before
    4706             :      * we resume the child process.  Normally this should succeed, but if ASLR
    4707             :      * is active then it might sometimes fail due to the stack or heap having
    4708             :      * gotten mapped into that range.  In that case, just terminate the
    4709             :      * process and retry.
    4710             :      */
    4711             :     if (!pgwin32_ReserveSharedMemoryRegion(pi.hProcess))
    4712             :     {
    4713             :         /* pgwin32_ReserveSharedMemoryRegion already made a log entry */
    4714             :         if (!TerminateProcess(pi.hProcess, 255))
    4715             :             ereport(LOG,
    4716             :                     (errmsg_internal("could not terminate process that failed to reserve memory: error code %lu",
    4717             :                                      GetLastError())));
    4718             :         CloseHandle(pi.hProcess);
    4719             :         CloseHandle(pi.hThread);
    4720             :         if (++retry_count < 100)
    4721             :             goto retry;
    4722             :         ereport(LOG,
    4723             :                 (errmsg("giving up after too many tries to reserve shared memory"),
    4724             :                  errhint("This might be caused by ASLR or antivirus software.")));
    4725             :         return -1;
    4726             :     }
    4727             : 
    4728             :     /*
    4729             :      * Now that the backend variables are written out, we start the child
    4730             :      * thread so it can start initializing while we set up the rest of the
    4731             :      * parent state.
    4732             :      */
    4733             :     if (ResumeThread(pi.hThread) == -1)
    4734             :     {
    4735             :         if (!TerminateProcess(pi.hProcess, 255))
    4736             :         {
    4737             :             ereport(LOG,
    4738             :                     (errmsg_internal("could not terminate unstartable process: error code %lu",
    4739             :                                      GetLastError())));
    4740             :             CloseHandle(pi.hProcess);
    4741             :             CloseHandle(pi.hThread);
    4742             :             return -1;
    4743             :         }
    4744             :         CloseHandle(pi.hProcess);
    4745             :         CloseHandle(pi.hThread);
    4746             :         ereport(LOG,
    4747             :                 (errmsg_internal("could not resume thread of unstarted process: error code %lu",
    4748             :                                  GetLastError())));
    4749             :         return -1;
    4750             :     }
    4751             : 
    4752             :     /*
    4753             :      * Queue a waiter to signal when this child dies. The wait will be handled
    4754             :      * automatically by an operating system thread pool.  The memory will be
    4755             :      * freed by a later call to waitpid().
    4756             :      */
    4757             :     childinfo = palloc(sizeof(win32_deadchild_waitinfo));
    4758             :     childinfo->procHandle = pi.hProcess;
    4759             :     childinfo->procId = pi.dwProcessId;
    4760             : 
    4761             :     if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
    4762             :                                      pi.hProcess,
    4763             :                                      pgwin32_deadchild_callback,
    4764             :                                      childinfo,
    4765             :                                      INFINITE,
    4766             :                                      WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
    4767             :         ereport(FATAL,
    4768             :                 (errmsg_internal("could not register process for wait: error code %lu",
    4769             :                                  GetLastError())));
    4770             : 
    4771             :     /* Don't close pi.hProcess here - waitpid() needs access to it */
    4772             : 
    4773             :     CloseHandle(pi.hThread);
    4774             : 
    4775             :     return pi.dwProcessId;
    4776             : }
    4777             : #endif                          /* WIN32 */
    4778             : 
    4779             : 
    4780             : /*
    4781             :  * SubPostmasterMain -- Get the fork/exec'd process into a state equivalent
    4782             :  *          to what it would be if we'd simply forked on Unix, and then
    4783             :  *          dispatch to the appropriate place.
    4784             :  *
    4785             :  * The first two command line arguments are expected to be "--forkFOO"
    4786             :  * (where FOO indicates which postmaster child we are to become), and
    4787             :  * the name of a variables file that we can read to load data that would
    4788             :  * have been inherited by fork() on Unix.  Remaining arguments go to the
    4789             :  * subprocess FooMain() routine.
    4790             :  */
    4791             : void
    4792             : SubPostmasterMain(int argc, char *argv[])
    4793             : {
    4794             :     Port       *port;
    4795             :     BackgroundWorker *worker;
    4796             : 
    4797             :     /* In EXEC_BACKEND case we will not have inherited these settings */
    4798             :     IsPostmasterEnvironment = true;
    4799             :     whereToSendOutput = DestNone;
    4800             : 
    4801             :     /* Setup essential subsystems (to ensure elog() behaves sanely) */
    4802             :     InitializeGUCOptions();
    4803             : 
    4804             :     /* Check we got appropriate args */
    4805             :     if (argc < 3)
    4806             :         elog(FATAL, "invalid subpostmaster invocation");
    4807             : 
    4808             :     /* Read in the variables file */
    4809             :     read_backend_variables(argv[2], &port, &worker);
    4810             : 
    4811             :     /* Close the postmaster's sockets (as soon as we know them) */
    4812             :     ClosePostmasterPorts(strcmp(argv[1], "--forklog") == 0);
    4813             : 
    4814             :     /* Setup as postmaster child */
    4815             :     InitPostmasterChild();
    4816             : 
    4817             :     /*
    4818             :      * If appropriate, physically re-attach to shared memory segment. We want
    4819             :      * to do this before going any further to ensure that we can attach at the
    4820             :      * same address the postmaster used.  On the other hand, if we choose not
    4821             :      * to re-attach, we may have other cleanup to do.
    4822             :      *
    4823             :      * If testing EXEC_BACKEND on Linux, you should run this as root before
    4824             :      * starting the postmaster:
    4825             :      *
    4826             :      * sysctl -w kernel.randomize_va_space=0
    4827             :      *
    4828             :      * This prevents using randomized stack and code addresses that cause the
    4829             :      * child process's memory map to be different from the parent's, making it
    4830             :      * sometimes impossible to attach to shared memory at the desired address.
    4831             :      * Return the setting to its old value (usually '1' or '2') when finished.
    4832             :      */
    4833             :     if (strcmp(argv[1], "--forkbackend") == 0 ||
    4834             :         strcmp(argv[1], "--forkavlauncher") == 0 ||
    4835             :         strcmp(argv[1], "--forkavworker") == 0 ||
    4836             :         strcmp(argv[1], "--forkaux") == 0 ||
    4837             :         strcmp(argv[1], "--forkbgworker") == 0)
    4838             :         PGSharedMemoryReAttach();
    4839             :     else
    4840             :         PGSharedMemoryNoReAttach();
    4841             : 
    4842             :     /* Read in remaining GUC variables */
    4843             :     read_nondefault_variables();
    4844             : 
    4845             :     /*
    4846             :      * Check that the data directory looks valid, which will also check the
    4847             :      * privileges on the data directory and update our umask and file/group
    4848             :      * variables for creating files later.  Note: this should really be done
    4849             :      * before we create any files or directories.
    4850             :      */
    4851             :     checkDataDir();
    4852             : 
    4853             :     /*
    4854             :      * (re-)read control file, as it contains config. The postmaster will
    4855             :      * already have read this, but this process doesn't know about that.
    4856             :      */
    4857             :     LocalProcessControlFile(false);
    4858             : 
    4859             :     /*
    4860             :      * Reload any libraries that were preloaded by the postmaster.  Since we
    4861             :      * exec'd this process, those libraries didn't come along with us; but we
    4862             :      * should load them into all child processes to be consistent with the
    4863             :      * non-EXEC_BACKEND behavior.
    4864             :      */
    4865             :     process_shared_preload_libraries();
    4866             : 
    4867             :     /* Run backend or appropriate child */
    4868             :     if (strcmp(argv[1], "--forkbackend") == 0)
    4869             :     {
    4870             :         Assert(argc == 3);      /* shouldn't be any more args */
    4871             : 
    4872             :         /*
    4873             :          * Need to reinitialize the SSL library in the backend, since the
    4874             :          * context structures contain function pointers and cannot be passed
    4875             :          * through the parameter file.
    4876             :          *
    4877             :          * If for some reason reload fails (maybe the user installed broken
    4878             :          * key files), soldier on without SSL; that's better than all
    4879             :          * connections becoming impossible.
    4880             :          *
    4881             :          * XXX should we do this in all child processes?  For the moment it's
    4882             :          * enough to do it in backend children.
    4883             :          */
    4884             : #ifdef USE_SSL
    4885             :         if (EnableSSL)
    4886             :         {
    4887             :             if (secure_initialize(false) == 0)
    4888             :                 LoadedSSL = true;
    4889             :             else
    4890             :                 ereport(LOG,
    4891             :                         (errmsg("SSL configuration could not be loaded in child process")));
    4892             :         }
    4893             : #endif
    4894             : 
    4895             :         /*
    4896             :          * Perform additional initialization and collect startup packet.
    4897             :          *
    4898             :          * We want to do this before InitProcess() for a couple of reasons: 1.
    4899             :          * so that we aren't eating up a PGPROC slot while waiting on the
    4900             :          * client. 2. so that if InitProcess() fails due to being out of
    4901             :          * PGPROC slots, we have already initialized libpq and are able to
    4902             :          * report the error to the client.
    4903             :          */
    4904             :         BackendInitialize(port);
    4905             : 
    4906             :         /* Restore basic shared memory pointers */
    4907             :         InitShmemAccess(UsedShmemSegAddr);
    4908             : 
    4909             :         /* And run the backend */
    4910             :         BackendRun(port);       /* does not return */
    4911             :     }
    4912             :     if (strcmp(argv[1], "--forkaux") == 0)
    4913             :     {
    4914             :         AuxProcType auxtype;
    4915             : 
    4916             :         Assert(argc == 4);
    4917             : 
    4918             :         /* Restore basic shared memory pointers */
    4919             :         InitShmemAccess(UsedShmemSegAddr);
    4920             : 
    4921             :         auxtype = atoi(argv[3]);
    4922             :         AuxiliaryProcessMain(auxtype);  /* does not return */
    4923             :     }
    4924             :     if (strcmp(argv[1], "--forkavlauncher") == 0)
    4925             :     {
    4926             :         /* Restore basic shared memory pointers */
    4927             :         InitShmemAccess(UsedShmemSegAddr);
    4928             : 
    4929             :         AutoVacLauncherMain(argc - 2, argv + 2);    /* does not return */
    4930             :     }
    4931             :     if (strcmp(argv[1], "--forkavworker") == 0)
    4932             :     {
    4933             :         /* Restore basic shared memory pointers */
    4934             :         InitShmemAccess(UsedShmemSegAddr);
    4935             : 
    4936             :         AutoVacWorkerMain(argc - 2, argv + 2);  /* does not return */
    4937             :     }
    4938             :     if (strcmp(argv[1], "--forkbgworker") == 0)
    4939             :     {
    4940             :         /* do this as early as possible; in particular, before InitProcess() */
    4941             :         IsBackgroundWorker = true;
    4942             : 
    4943             :         /* Restore basic shared memory pointers */
    4944             :         InitShmemAccess(UsedShmemSegAddr);
    4945             : 
    4946             :         MyBgworkerEntry = worker;
    4947             :         BackgroundWorkerMain();
    4948             :     }
    4949             :     if (strcmp(argv[1], "--forklog") == 0)
    4950             :     {
    4951             :         /* Do not want to attach to shared memory */
    4952             : 
    4953             :         SysLoggerMain(argc, argv);  /* does not return */
    4954             :     }
    4955             : 
    4956             :     abort();                    /* shouldn't get here */
    4957             : }
    4958             : #endif                          /* EXEC_BACKEND */
    4959             : 
    4960             : 
    4961             : /*
    4962             :  * ExitPostmaster -- cleanup
    4963             :  *
    4964             :  * Do NOT call exit() directly --- always go through here!
    4965             :  */
    4966             : static void
    4967        1278 : ExitPostmaster(int status)
    4968             : {
    4969             : #ifdef HAVE_PTHREAD_IS_THREADED_NP
    4970             : 
    4971             :     /*
    4972             :      * There is no known cause for a postmaster to become multithreaded after
    4973             :      * startup.  Recheck to account for the possibility of unknown causes.
    4974             :      * This message uses LOG level, because an unclean shutdown at this point
    4975             :      * would usually not look much different from a clean shutdown.
    4976             :      */
    4977             :     if (pthread_is_threaded_np() != 0)
    4978             :         ereport(LOG,
    4979             :                 (errcode(ERRCODE_INTERNAL_ERROR),
    4980             :                  errmsg_internal("postmaster became multithreaded"),
    4981             :                  errdetail("Please report this to <%s>.", PACKAGE_BUGREPORT)));
    4982             : #endif
    4983             : 
    4984             :     /* should cleanup shared memory and kill all backends */
    4985             : 
    4986             :     /*
    4987             :      * Not sure of the semantics here.  When the Postmaster dies, should the
    4988             :      * backends all be killed? probably not.
    4989             :      *
    4990             :      * MUST     -- vadim 05-10-1999
    4991             :      */
    4992             : 
    4993        1278 :     proc_exit(status);
    4994             : }
    4995             : 
    4996             : /*
    4997             :  * Handle pmsignal conditions representing requests from backends,
    4998             :  * and check for promote and logrotate requests from pg_ctl.
    4999             :  */
    5000             : static void
    5001        4756 : process_pm_pmsignal(void)
    5002             : {
    5003        4756 :     pending_pm_pmsignal = false;
    5004             : 
    5005        4756 :     ereport(DEBUG2,
    5006             :             (errmsg_internal("postmaster received pmsignal signal")));
    5007             : 
    5008             :     /*
    5009             :      * RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in
    5010             :      * unexpected states. If the startup process quickly starts up, completes
    5011             :      * recovery, exits, we might process the death of the startup process
    5012             :      * first. We don't want to go back to recovery in that case.
    5013             :      */
    5014        4756 :     if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_STARTED) &&
    5015         410 :         pmState == PM_STARTUP && Shutdown == NoShutdown)
    5016             :     {
    5017             :         /* WAL redo has started. We're out of reinitialization. */
    5018         410 :         FatalError = false;
    5019         410 :         AbortStartTime = 0;
    5020             : 
    5021             :         /*
    5022             :          * Start the archiver if we're responsible for (re-)archiving received
    5023             :          * files.
    5024             :          */
    5025             :         Assert(PgArchPID == 0);
    5026         410 :         if (XLogArchivingAlways())
    5027           6 :             PgArchPID = StartArchiver();
    5028             : 
    5029             :         /*
    5030             :          * If we aren't planning to enter hot standby mode later, treat
    5031             :          * RECOVERY_STARTED as meaning we're out of startup, and report status
    5032             :          * accordingly.
    5033             :          */
    5034         410 :         if (!EnableHotStandby)
    5035             :         {
    5036           4 :             AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STANDBY);
    5037             : #ifdef USE_SYSTEMD
    5038             :             sd_notify(0, "READY=1");
    5039             : #endif
    5040             :         }
    5041             : 
    5042         410 :         pmState = PM_RECOVERY;
    5043             :     }
    5044             : 
    5045        4756 :     if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY) &&
    5046         230 :         pmState == PM_RECOVERY && Shutdown == NoShutdown)
    5047             :     {
    5048         230 :         ereport(LOG,
    5049             :                 (errmsg("database system is ready to accept read-only connections")));
    5050             : 
    5051             :         /* Report status */
    5052         230 :         AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
    5053             : #ifdef USE_SYSTEMD
    5054             :         sd_notify(0, "READY=1");
    5055             : #endif
    5056             : 
    5057         230 :         pmState = PM_HOT_STANDBY;
    5058         230 :         connsAllowed = true;
    5059             : 
    5060             :         /* Some workers may be scheduled to start now */
    5061         230 :         StartWorkerNeeded = true;
    5062             :     }
    5063             : 
    5064             :     /* Process background worker state changes. */
    5065        4756 :     if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))
    5066             :     {
    5067             :         /* Accept new worker requests only if not stopping. */
    5068        1900 :         BackgroundWorkerStateChange(pmState < PM_STOP_BACKENDS);
    5069        1900 :         StartWorkerNeeded = true;
    5070             :     }
    5071             : 
    5072        4756 :     if (StartWorkerNeeded || HaveCrashedWorker)
    5073        2134 :         maybe_start_bgworkers();
    5074             : 
    5075             :     /* Tell syslogger to rotate logfile if requested */
    5076        4756 :     if (SysLoggerPID != 0)
    5077             :     {
    5078           2 :         if (CheckLogrotateSignal())
    5079             :         {
    5080           2 :             signal_child(SysLoggerPID, SIGUSR1);
    5081           2 :             RemoveLogrotateSignalFiles();
    5082             :         }
    5083           0 :         else if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE))
    5084             :         {
    5085           0 :             signal_child(SysLoggerPID, SIGUSR1);
    5086             :         }
    5087             :     }
    5088             : 
    5089        4756 :     if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER) &&
    5090           0 :         Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
    5091             :     {
    5092             :         /*
    5093             :          * Start one iteration of the autovacuum daemon, even if autovacuuming
    5094             :          * is nominally not enabled.  This is so we can have an active defense
    5095             :          * against transaction ID wraparound.  We set a flag for the main loop
    5096             :          * to do it rather than trying to do it here --- this is because the
    5097             :          * autovac process itself may send the signal, and we want to handle
    5098             :          * that by launching another iteration as soon as the current one
    5099             :          * completes.
    5100             :          */
    5101           0 :         start_autovac_launcher = true;
    5102             :     }
    5103             : 
    5104        4756 :     if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER) &&
    5105          22 :         Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
    5106             :     {
    5107             :         /* The autovacuum launcher wants us to start a worker process. */
    5108          22 :         StartAutovacuumWorker();
    5109             :     }
    5110             : 
    5111        4756 :     if (CheckPostmasterSignal(PMSIGNAL_START_WALRECEIVER))
    5112             :     {
    5113             :         /* Startup Process wants us to start the walreceiver process. */
    5114             :         /* Start immediately if possible, else remember request for later. */
    5115         374 :         WalReceiverRequested = true;
    5116         374 :         MaybeStartWalReceiver();
    5117             :     }
    5118             : 
    5119             :     /*
    5120             :      * Try to advance postmaster's state machine, if a child requests it.
    5121             :      *
    5122             :      * Be careful about the order of this action relative to this function's
    5123             :      * other actions.  Generally, this should be after other actions, in case
    5124             :      * they have effects PostmasterStateMachine would need to know about.
    5125             :      * However, we should do it before the CheckPromoteSignal step, which
    5126             :      * cannot have any (immediate) effect on the state machine, but does
    5127             :      * depend on what state we're in now.
    5128             :      */
    5129        4756 :     if (CheckPostmasterSignal(PMSIGNAL_ADVANCE_STATE_MACHINE))
    5130             :     {
    5131        1802 :         PostmasterStateMachine();
    5132             :     }
    5133             : 
    5134        4756 :     if (StartupPID != 0 &&
    5135        1142 :         (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
    5136        1912 :          pmState == PM_HOT_STANDBY) &&
    5137        1142 :         CheckPromoteSignal())
    5138             :     {
    5139             :         /*
    5140             :          * Tell startup process to finish recovery.
    5141             :          *
    5142             :          * Leave the promote signal file in place and let the Startup process
    5143             :          * do the unlink.
    5144             :          */
    5145          74 :         signal_child(StartupPID, SIGUSR2);
    5146             :     }
    5147        4756 : }
    5148             : 
    5149             : /*
    5150             :  * SIGTERM while processing startup packet.
    5151             :  *
    5152             :  * Running proc_exit() from a signal handler would be quite unsafe.
    5153             :  * However, since we have not yet touched shared memory, we can just
    5154             :  * pull the plug and exit without running any atexit handlers.
    5155             :  *
    5156             :  * One might be tempted to try to send a message, or log one, indicating
    5157             :  * why we are disconnecting.  However, that would be quite unsafe in itself.
    5158             :  * Also, it seems undesirable to provide clues about the database's state
    5159             :  * to a client that has not yet completed authentication, or even sent us
    5160             :  * a startup packet.
    5161             :  */
    5162             : static void
    5163           0 : process_startup_packet_die(SIGNAL_ARGS)
    5164             : {
    5165           0 :     _exit(1);
    5166             : }
    5167             : 
    5168             : /*
    5169             :  * Dummy signal handler
    5170             :  *
    5171             :  * We use this for signals that we don't actually use in the postmaster,
    5172             :  * but we do use in backends.  If we were to SIG_IGN such signals in the
    5173             :  * postmaster, then a newly started backend might drop a signal that arrives
    5174             :  * before it's able to reconfigure its signal processing.  (See notes in
    5175             :  * tcop/postgres.c.)
    5176             :  */
    5177             : static void
    5178           0 : dummy_handler(SIGNAL_ARGS)
    5179             : {
    5180           0 : }
    5181             : 
    5182             : /*
    5183             :  * Timeout while processing startup packet.
    5184             :  * As for process_startup_packet_die(), we exit via _exit(1).
    5185             :  */
    5186             : static void
    5187           0 : StartupPacketTimeoutHandler(void)
    5188             : {
    5189           0 :     _exit(1);
    5190             : }
    5191             : 
    5192             : 
    5193             : /*
    5194             :  * Generate a random cancel key.
    5195             :  */
    5196             : static bool
    5197       24384 : RandomCancelKey(int32 *cancel_key)
    5198             : {
    5199       24384 :     return pg_strong_random(cancel_key, sizeof(int32));
    5200             : }
    5201             : 
    5202             : /*
    5203             :  * Count up number of child processes of specified types (dead_end children
    5204             :  * are always excluded).
    5205             :  */
    5206             : static int
    5207       31374 : CountChildren(int target)
    5208             : {
    5209             :     dlist_iter  iter;
    5210       31374 :     int         cnt = 0;
    5211             : 
    5212      102174 :     dlist_foreach(iter, &BackendList)
    5213             :     {
    5214       70800 :         Backend    *bp = dlist_container(Backend, elem, iter.cur);
    5215             : 
    5216       70800 :         if (bp->dead_end)
    5217         176 :             continue;
    5218             : 
    5219             :         /*
    5220             :          * Since target == BACKEND_TYPE_ALL is the most common case, we test
    5221             :          * it first and avoid touching shared memory for every child.
    5222             :          */
    5223       70624 :         if (target != BACKEND_TYPE_ALL)
    5224             :         {
    5225             :             /*
    5226             :              * Assign bkend_type for any recently announced WAL Sender
    5227             :              * processes.
    5228             :              */
    5229        6932 :             if (bp->bkend_type == BACKEND_TYPE_NORMAL &&
    5230        1726 :                 IsPostmasterChildWalSender(bp->child_slot))
    5231          82 :                 bp->bkend_type = BACKEND_TYPE_WALSND;
    5232             : 
    5233        5206 :             if (!(target & bp->bkend_type))
    5234         522 :                 continue;
    5235             :         }
    5236             : 
    5237       70102 :         cnt++;
    5238             :     }
    5239       31374 :     return cnt;
    5240             : }
    5241             : 
    5242             : 
    5243             : /*
    5244             :  * StartChildProcess -- start an auxiliary process for the postmaster
    5245             :  *
    5246             :  * "type" determines what kind of child will be started.  All child types
    5247             :  * initially go to AuxiliaryProcessMain, which will handle common setup.
    5248             :  *
    5249             :  * Return value of StartChildProcess is subprocess' PID, or 0 if failed
    5250             :  * to start subprocess.
    5251             :  */
    5252             : static pid_t
    5253        5432 : StartChildProcess(AuxProcType type)
    5254             : {
    5255             :     pid_t       pid;
    5256             : 
    5257             : #ifdef EXEC_BACKEND
    5258             :     {
    5259             :         char       *av[10];
    5260             :         int         ac = 0;
    5261             :         char        typebuf[32];
    5262             : 
    5263             :         /*
    5264             :          * Set up command-line arguments for subprocess
    5265             :          */
    5266             :         av[ac++] = "postgres";
    5267             :         av[ac++] = "--forkaux";
    5268             :         av[ac++] = NULL;        /* filled in by postmaster_forkexec */
    5269             : 
    5270             :         snprintf(typebuf, sizeof(typebuf), "%d", type);
    5271             :         av[ac++] = typebuf;
    5272             : 
    5273             :         av[ac] = NULL;
    5274             :         Assert(ac < lengthof(av));
    5275             : 
    5276             :         pid = postmaster_forkexec(ac, av);
    5277             :     }
    5278             : #else                           /* !EXEC_BACKEND */
    5279        5432 :     pid = fork_process();
    5280             : 
    5281        9146 :     if (pid == 0)               /* child */
    5282             :     {
    5283        3714 :         InitPostmasterChild();
    5284             : 
    5285             :         /* Close the postmaster's sockets */
    5286        3714 :         ClosePostmasterPorts(false);
    5287             : 
    5288             :         /* Release postmaster's working memory context */
    5289        3714 :         MemoryContextSwitchTo(TopMemoryContext);
    5290        3714 :         MemoryContextDelete(PostmasterContext);
    5291        3714 :         PostmasterContext = NULL;
    5292             : 
    5293        3714 :         AuxiliaryProcessMain(type); /* does not return */
    5294             :     }
    5295             : #endif                          /* EXEC_BACKEND */
    5296             : 
    5297        5432 :     if (pid < 0)
    5298             :     {
    5299             :         /* in parent, fork failed */
    5300           0 :         int         save_errno = errno;
    5301             : 
    5302           0 :         errno = save_errno;
    5303           0 :         switch (type)
    5304             :         {
    5305           0 :             case StartupProcess:
    5306           0 :                 ereport(LOG,
    5307             :                         (errmsg("could not fork startup process: %m")));
    5308           0 :                 break;
    5309           0 :             case ArchiverProcess:
    5310           0 :                 ereport(LOG,
    5311             :                         (errmsg("could not fork archiver process: %m")));
    5312           0 :                 break;
    5313           0 :             case BgWriterProcess:
    5314           0 :                 ereport(LOG,
    5315             :                         (errmsg("could not fork background writer process: %m")));
    5316           0 :                 break;
    5317           0 :             case CheckpointerProcess:
    5318           0 :                 ereport(LOG,
    5319             :                         (errmsg("could not fork checkpointer process: %m")));
    5320           0 :                 break;
    5321           0 :             case WalWriterProcess:
    5322           0 :                 ereport(LOG,
    5323             :                         (errmsg("could not fork WAL writer process: %m")));
    5324           0 :                 break;
    5325           0 :             case WalReceiverProcess:
    5326           0 :                 ereport(LOG,
    5327             :                         (errmsg("could not fork WAL receiver process: %m")));
    5328           0 :                 break;
    5329           0 :             default:
    5330           0 :                 ereport(LOG,
    5331             :                         (errmsg("could not fork process: %m")));
    5332           0 :                 break;
    5333             :         }
    5334             : 
    5335             :         /*
    5336             :          * fork failure is fatal during startup, but there's no need to choke
    5337             :          * immediately if starting other child types fails.
    5338             :          */
    5339           0 :         if (type == StartupProcess)
    5340           0 :             ExitPostmaster(1);
    5341           0 :         return 0;
    5342             :     }
    5343             : 
    5344             :     /*
    5345             :      * in parent, successful fork
    5346             :      */
    5347        5432 :     return pid;
    5348             : }
    5349             : 
    5350             : /*
    5351             :  * StartAutovacuumWorker
    5352             :  *      Start an autovac worker process.
    5353             :  *
    5354             :  * This function is here because it enters the resulting PID into the
    5355             :  * postmaster's private backends list.
    5356             :  *
    5357             :  * NB -- this code very roughly matches BackendStartup.
    5358             :  */
    5359             : static void
    5360          22 : StartAutovacuumWorker(void)
    5361             : {
    5362             :     Backend    *bn;
    5363             : 
    5364             :     /*
    5365             :      * If not in condition to run a process, don't try, but handle it like a
    5366             :      * fork failure.  This does not normally happen, since the signal is only
    5367             :      * supposed to be sent by autovacuum launcher when it's OK to do it, but
    5368             :      * we have to check to avoid race-condition problems during DB state
    5369             :      * changes.
    5370             :      */
    5371          22 :     if (canAcceptConnections(BACKEND_TYPE_AUTOVAC) == CAC_OK)
    5372             :     {
    5373             :         /*
    5374             :          * Compute the cancel key that will be assigned to this session. We
    5375             :          * probably don't need cancel keys for autovac workers, but we'd
    5376             :          * better have something random in the field to prevent unfriendly
    5377             :          * people from sending cancels to them.
    5378             :          */
    5379          22 :         if (!RandomCancelKey(&MyCancelKey))
    5380             :         {
    5381           0 :             ereport(LOG,
    5382             :                     (errcode(ERRCODE_INTERNAL_ERROR),
    5383             :                      errmsg("could not generate random cancel key")));
    5384           0 :             return;
    5385             :         }
    5386             : 
    5387          22 :         bn = (Backend *) palloc_extended(sizeof(Backend), MCXT_ALLOC_NO_OOM);
    5388          22 :         if (bn)
    5389             :         {
    5390          22 :             bn->cancel_key = MyCancelKey;
    5391             : 
    5392             :             /* Autovac workers are not dead_end and need a child slot */
    5393          22 :             bn->dead_end = false;
    5394          22 :             bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
    5395          22 :             bn->bgworker_notify = false;
    5396             : 
    5397          22 :             bn->pid = StartAutoVacWorker();
    5398          22 :             if (bn->pid > 0)
    5399             :             {
    5400          22 :                 bn->bkend_type = BACKEND_TYPE_AUTOVAC;
    5401          22 :                 dlist_push_head(&BackendList, &bn->elem);
    5402             : #ifdef EXEC_BACKEND
    5403             :                 ShmemBackendArrayAdd(bn);
    5404             : #endif
    5405             :                 /* all OK */
    5406          22 :                 return;
    5407             :             }
    5408             : 
    5409             :             /*
    5410             :              * fork failed, fall through to report -- actual error message was
    5411             :              * logged by StartAutoVacWorker
    5412             :              */
    5413           0 :             (void) ReleasePostmasterChildSlot(bn->child_slot);
    5414           0 :             pfree(bn);
    5415             :         }
    5416             :         else
    5417           0 :             ereport(LOG,
    5418             :                     (errcode(ERRCODE_OUT_OF_MEMORY),
    5419             :                      errmsg("out of memory")));
    5420             :     }
    5421             : 
    5422             :     /*
    5423             :      * Report the failure to the launcher, if it's running.  (If it's not, we
    5424             :      * might not even be connected to shared memory, so don't try to call
    5425             :      * AutoVacWorkerFailed.)  Note that we also need to signal it so that it
    5426             :      * responds to the condition, but we don't do that here, instead waiting
    5427             :      * for ServerLoop to do it.  This way we avoid a ping-pong signaling in
    5428             :      * quick succession between the autovac launcher and postmaster in case
    5429             :      * things get ugly.
    5430             :      */
    5431           0 :     if (AutoVacPID != 0)
    5432             :     {
    5433           0 :         AutoVacWorkerFailed();
    5434           0 :         avlauncher_needs_signal = true;
    5435             :     }
    5436             : }
    5437             : 
    5438             : /*
    5439             :  * MaybeStartWalReceiver
    5440             :  *      Start the WAL receiver process, if not running and our state allows.
    5441             :  *
    5442             :  * Note: if WalReceiverPID is already nonzero, it might seem that we should
    5443             :  * clear WalReceiverRequested.  However, there's a race condition if the
    5444             :  * walreceiver terminates and the startup process immediately requests a new
    5445             :  * one: it's quite possible to get the signal for the request before reaping
    5446             :  * the dead walreceiver process.  Better to risk launching an extra
    5447             :  * walreceiver than to miss launching one we need.  (The walreceiver code
    5448             :  * has logic to recognize that it should go away if not needed.)
    5449             :  */
    5450             : static void
    5451         698 : MaybeStartWalReceiver(void)
    5452             : {
    5453         698 :     if (WalReceiverPID == 0 &&
    5454         368 :         (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
    5455         366 :          pmState == PM_HOT_STANDBY) &&
    5456         368 :         Shutdown <= SmartShutdown)
    5457             :     {
    5458         368 :         WalReceiverPID = StartWalReceiver();
    5459         368 :         if (WalReceiverPID != 0)
    5460         368 :             WalReceiverRequested = false;
    5461             :         /* else leave the flag set, so we'll try again later */
    5462             :     }
    5463         698 : }
    5464             : 
    5465             : 
    5466             : /*
    5467             :  * Create the opts file
    5468             :  */
    5469             : static bool
    5470        1280 : CreateOptsFile(int argc, char *argv[], char *fullprogname)
    5471             : {
    5472             :     FILE       *fp;
    5473             :     int         i;
    5474             : 
    5475             : #define OPTS_FILE   "postmaster.opts"
    5476             : 
    5477        1280 :     if ((fp = fopen(OPTS_FILE, "w")) == NULL)
    5478             :     {
    5479           0 :         ereport(LOG,
    5480             :                 (errcode_for_file_access(),
    5481             :                  errmsg("could not create file \"%s\": %m", OPTS_FILE)));
    5482           0 :         return false;
    5483             :     }
    5484             : 
    5485        1280 :     fprintf(fp, "%s", fullprogname);
    5486        6220 :     for (i = 1; i < argc; i++)
    5487        4940 :         fprintf(fp, " \"%s\"", argv[i]);
    5488        1280 :     fputs("\n", fp);
    5489             : 
    5490        1280 :     if (fclose(fp))
    5491             :     {
    5492           0 :         ereport(LOG,
    5493             :                 (errcode_for_file_access(),
    5494             :                  errmsg("could not write file \"%s\": %m", OPTS_FILE)));
    5495           0 :         return false;
    5496             :     }
    5497             : 
    5498        1280 :     return true;
    5499             : }
    5500             : 
    5501             : 
    5502             : /*
    5503             :  * MaxLivePostmasterChildren
    5504             :  *
    5505             :  * This reports the number of entries needed in per-child-process arrays
    5506             :  * (the PMChildFlags array, and if EXEC_BACKEND the ShmemBackendArray).
    5507             :  * These arrays include regular backends, autovac workers, walsenders
    5508             :  * and background workers, but not special children nor dead_end children.
    5509             :  * This allows the arrays to have a fixed maximum size, to wit the same
    5510             :  * too-many-children limit enforced by canAcceptConnections().  The exact value
    5511             :  * isn't too critical as long as it's more than MaxBackends.
    5512             :  */
    5513             : int
    5514       31810 : MaxLivePostmasterChildren(void)
    5515             : {
    5516       63620 :     return 2 * (MaxConnections + autovacuum_max_workers + 1 +
    5517       31810 :                 max_wal_senders + max_worker_processes);
    5518             : }
    5519             : 
    5520             : /*
    5521             :  * Connect background worker to a database.
    5522             :  */
    5523             : void
    5524         648 : BackgroundWorkerInitializeConnection(const char *dbname, const char *username, uint32 flags)
    5525             : {
    5526         648 :     BackgroundWorker *worker = MyBgworkerEntry;
    5527         648 :     bits32      init_flags = 0; /* never honor session_preload_libraries */
    5528             : 
    5529             :     /* ignore datallowconn? */
    5530         648 :     if (flags & BGWORKER_BYPASS_ALLOWCONN)
    5531           0 :         init_flags |= INIT_PG_OVERRIDE_ALLOW_CONNS;
    5532             :     /* ignore rolcanlogin? */
    5533         648 :     if (flags & BGWORKER_BYPASS_ROLELOGINCHECK)
    5534           0 :         init_flags |= INIT_PG_OVERRIDE_ROLE_LOGIN;
    5535             : 
    5536             :     /* XXX is this the right errcode? */
    5537         648 :     if (!(worker->bgw_flags & BGWORKER_BACKEND_DATABASE_CONNECTION))
    5538           0 :         ereport(FATAL,
    5539             :                 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
    5540             :                  errmsg("database connection requirement not indicated during registration")));
    5541             : 
    5542         648 :     InitPostgres(dbname, InvalidOid,    /* database to connect to */
    5543             :                  username, InvalidOid,  /* role to connect as */
    5544             :                  init_flags,
    5545             :                  NULL);         /* no out_dbname */
    5546             : 
    5547             :     /* it had better not gotten out of "init" mode yet */
    5548         648 :     if (!IsInitProcessingMode())
    5549           0 :         ereport(ERROR,
    5550             :                 (errmsg("invalid processing mode in background worker")));
    5551         648 :     SetProcessingMode(NormalProcessing);
    5552         648 : }
    5553             : 
    5554             : /*
    5555             :  * Connect background worker to a database using OIDs.
    5556             :  */
    5557             : void
    5558        3284 : BackgroundWorkerInitializeConnectionByOid(Oid dboid, Oid useroid, uint32 flags)
    5559             : {
    5560        3284 :     BackgroundWorker *worker = MyBgworkerEntry;
    5561        3284 :     bits32      init_flags = 0; /* never honor session_preload_libraries */
    5562             : 
    5563             :     /* ignore datallowconn? */
    5564        3284 :     if (flags & BGWORKER_BYPASS_ALLOWCONN)
    5565           0 :         init_flags |= INIT_PG_OVERRIDE_ALLOW_CONNS;
    5566             :     /* ignore rolcanlogin? */
    5567        3284 :     if (flags & BGWORKER_BYPASS_ROLELOGINCHECK)
    5568           0 :         init_flags |= INIT_PG_OVERRIDE_ROLE_LOGIN;
    5569             : 
    5570             :     /* XXX is this the right errcode? */
    5571        3284 :     if (!(worker->bgw_flags & BGWORKER_BACKEND_DATABASE_CONNECTION))
    5572           0 :         ereport(FATAL,
    5573             :                 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
    5574             :                  errmsg("database connection requirement not indicated during registration")));
    5575             : 
    5576        3284 :     InitPostgres(NULL, dboid,   /* database to connect to */
    5577             :                  NULL, useroid, /* role to connect as */
    5578             :                  init_flags,
    5579             :                  NULL);         /* no out_dbname */
    5580             : 
    5581             :     /* it had better not gotten out of "init" mode yet */
    5582        3272 :     if (!IsInitProcessingMode())
    5583           0 :         ereport(ERROR,
    5584             :                 (errmsg("invalid processing mode in background worker")));
    5585        3272 :     SetProcessingMode(NormalProcessing);
    5586        3272 : }
    5587             : 
    5588             : /*
    5589             :  * Block/unblock signals in a background worker
    5590             :  */
    5591             : void
    5592           0 : BackgroundWorkerBlockSignals(void)
    5593             : {
    5594           0 :     sigprocmask(SIG_SETMASK, &BlockSig, NULL);
    5595           0 : }
    5596             : 
    5597             : void
    5598        4086 : BackgroundWorkerUnblockSignals(void)
    5599             : {
    5600        4086 :     sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
    5601        4086 : }
    5602             : 
    5603             : #ifdef EXEC_BACKEND
    5604             : static pid_t
    5605             : bgworker_forkexec(BackgroundWorker *worker)
    5606             : {
    5607             :     char       *av[10];
    5608             :     int         ac = 0;
    5609             : 
    5610             :     av[ac++] = "postgres";
    5611             :     av[ac++] = "--forkbgworker";
    5612             :     av[ac++] = NULL;            /* filled in by internal_forkexec */
    5613             :     av[ac] = NULL;
    5614             : 
    5615             :     Assert(ac < lengthof(av));
    5616             : 
    5617             :     return internal_forkexec(ac, av, NULL, worker);
    5618             : }
    5619             : #endif
    5620             : 
    5621             : /*
    5622             :  * Start a new bgworker.
    5623             :  * Starting time conditions must have been checked already.
    5624             :  *
    5625             :  * Returns true on success, false on failure.
    5626             :  * In either case, update the RegisteredBgWorker's state appropriately.
    5627             :  *
    5628             :  * This code is heavily based on autovacuum.c, q.v.
    5629             :  */
    5630             : static bool
    5631        4436 : do_start_bgworker(RegisteredBgWorker *rw)
    5632             : {
    5633             :     pid_t       worker_pid;
    5634             : 
    5635             :     Assert(rw->rw_pid == 0);
    5636             : 
    5637             :     /*
    5638             :      * Allocate and assign the Backend element.  Note we must do this before
    5639             :      * forking, so that we can handle failures (out of memory or child-process
    5640             :      * slots) cleanly.
    5641             :      *
    5642             :      * Treat failure as though the worker had crashed.  That way, the
    5643             :      * postmaster will wait a bit before attempting to start it again; if we
    5644             :      * tried again right away, most likely we'd find ourselves hitting the
    5645             :      * same resource-exhaustion condition.
    5646             :      */
    5647        4436 :     if (!assign_backendlist_entry(rw))
    5648             :     {
    5649           0 :         rw->rw_crashed_at = GetCurrentTimestamp();
    5650           0 :         return false;
    5651             :     }
    5652             : 
    5653        4436 :     ereport(DEBUG1,
    5654             :             (errmsg_internal("starting background worker process \"%s\"",
    5655             :                              rw->rw_worker.bgw_name)));
    5656             : 
    5657             : #ifdef EXEC_BACKEND
    5658             :     switch ((worker_pid = bgworker_forkexec(&rw->rw_worker)))
    5659             : #else
    5660        4436 :     switch ((worker_pid = fork_process()))
    5661             : #endif
    5662             :     {
    5663           0 :         case -1:
    5664             :             /* in postmaster, fork failed ... */
    5665           0 :             ereport(LOG,
    5666             :                     (errmsg("could not fork worker process: %m")));
    5667             :             /* undo what assign_backendlist_entry did */
    5668           0 :             ReleasePostmasterChildSlot(rw->rw_child_slot);
    5669           0 :             rw->rw_child_slot = 0;
    5670           0 :             pfree(rw->rw_backend);
    5671           0 :             rw->rw_backend = NULL;
    5672             :             /* mark entry as crashed, so we'll try again later */
    5673           0 :             rw->rw_crashed_at = GetCurrentTimestamp();
    5674           0 :             break;
    5675             : 
    5676             : #ifndef EXEC_BACKEND
    5677        3950 :         case 0:
    5678             :             /* in postmaster child ... */
    5679        3950 :             InitPostmasterChild();
    5680             : 
    5681             :             /* Close the postmaster's sockets */
    5682        3950 :             ClosePostmasterPorts(false);
    5683             : 
    5684             :             /*
    5685             :              * Before blowing away PostmasterContext, save this bgworker's
    5686             :              * data where it can find it.
    5687             :              */
    5688        3950 :             MyBgworkerEntry = (BackgroundWorker *)
    5689        3950 :                 MemoryContextAlloc(TopMemoryContext, sizeof(BackgroundWorker));
    5690        3950 :             memcpy(MyBgworkerEntry, &rw->rw_worker, sizeof(BackgroundWorker));
    5691             : 
    5692             :             /* Release postmaster's working memory context */
    5693        3950 :             MemoryContextSwitchTo(TopMemoryContext);
    5694        3950 :             MemoryContextDelete(PostmasterContext);
    5695        3950 :             PostmasterContext = NULL;
    5696             : 
    5697        3950 :             BackgroundWorkerMain();
    5698             : 
    5699             :             exit(1);            /* should not get here */
    5700             :             break;
    5701             : #endif
    5702        4432 :         default:
    5703             :             /* in postmaster, fork successful ... */
    5704        4432 :             rw->rw_pid = worker_pid;
    5705        4432 :             rw->rw_backend->pid = rw->rw_pid;
    5706        4432 :             ReportBackgroundWorkerPID(rw);
    5707             :             /* add new worker to lists of backends */
    5708        4432 :             dlist_push_head(&BackendList, &rw->rw_backend->elem);
    5709             : #ifdef EXEC_BACKEND
    5710             :             ShmemBackendArrayAdd(rw->rw_backend);
    5711             : #endif
    5712        4432 :             return true;
    5713             :     }
    5714             : 
    5715           0 :     return false;
    5716             : }
    5717             : 
    5718             : /*
    5719             :  * Does the current postmaster state require starting a worker with the
    5720             :  * specified start_time?
    5721             :  */
    5722             : static bool
    5723        5926 : bgworker_should_start_now(BgWorkerStartTime start_time)
    5724             : {
    5725        5926 :     switch (pmState)
    5726             :     {
    5727           0 :         case PM_NO_CHILDREN:
    5728             :         case PM_WAIT_DEAD_END:
    5729             :         case PM_SHUTDOWN_2:
    5730             :         case PM_SHUTDOWN:
    5731             :         case PM_WAIT_BACKENDS:
    5732             :         case PM_STOP_BACKENDS:
    5733           0 :             break;
    5734             : 
    5735        4436 :         case PM_RUN:
    5736        4436 :             if (start_time == BgWorkerStart_RecoveryFinished)
    5737        1822 :                 return true;
    5738             :             /* fall through */
    5739             : 
    5740             :         case PM_HOT_STANDBY:
    5741        2844 :             if (start_time == BgWorkerStart_ConsistentState)
    5742        2614 :                 return true;
    5743             :             /* fall through */
    5744             : 
    5745             :         case PM_RECOVERY:
    5746             :         case PM_STARTUP:
    5747             :         case PM_INIT:
    5748        1490 :             if (start_time == BgWorkerStart_PostmasterStart)
    5749           0 :                 return true;
    5750             :             /* fall through */
    5751             :     }
    5752             : 
    5753        1490 :     return false;
    5754             : }
    5755             : 
    5756             : /*
    5757             :  * Allocate the Backend struct for a connected background worker, but don't
    5758             :  * add it to the list of backends just yet.
    5759             :  *
    5760             :  * On failure, return false without changing any worker state.
    5761             :  *
    5762             :  * Some info from the Backend is copied into the passed rw.
    5763             :  */
    5764             : static bool
    5765        4436 : assign_backendlist_entry(RegisteredBgWorker *rw)
    5766             : {
    5767             :     Backend    *bn;
    5768             : 
    5769             :     /*
    5770             :      * Check that database state allows another connection.  Currently the
    5771             :      * only possible failure is CAC_TOOMANY, so we just log an error message
    5772             :      * based on that rather than checking the error code precisely.
    5773             :      */
    5774        4436 :     if (canAcceptConnections(BACKEND_TYPE_BGWORKER) != CAC_OK)
    5775             :     {
    5776           0 :         ereport(LOG,
    5777             :                 (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
    5778             :                  errmsg("no slot available for new worker process")));
    5779           0 :         return false;
    5780             :     }
    5781             : 
    5782             :     /*
    5783             :      * Compute the cancel key that will be assigned to this session. We
    5784             :      * probably don't need cancel keys for background workers, but we'd better
    5785             :      * have something random in the field to prevent unfriendly people from
    5786             :      * sending cancels to them.
    5787             :      */
    5788        4436 :     if (!RandomCancelKey(&MyCancelKey))
    5789             :     {
    5790           0 :         ereport(LOG,
    5791             :                 (errcode(ERRCODE_INTERNAL_ERROR),
    5792             :                  errmsg("could not generate random cancel key")));
    5793           0 :         return false;
    5794             :     }
    5795             : 
    5796        4436 :     bn = palloc_extended(sizeof(Backend), MCXT_ALLOC_NO_OOM);
    5797        4436 :     if (bn == NULL)
    5798             :     {
    5799           0 :         ereport(LOG,
    5800             :                 (errcode(ERRCODE_OUT_OF_MEMORY),
    5801             :                  errmsg("out of memory")));
    5802           0 :         return false;
    5803             :     }
    5804             : 
    5805        4436 :     bn->cancel_key = MyCancelKey;
    5806        4436 :     bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
    5807        4436 :     bn->bkend_type = BACKEND_TYPE_BGWORKER;
    5808        4436 :     bn->dead_end = false;
    5809        4436 :     bn->bgworker_notify = false;
    5810             : 
    5811        4436 :     rw->rw_backend = bn;
    5812        4436 :     rw->rw_child_slot = bn->child_slot;
    5813             : 
    5814        4436 :     return true;
    5815             : }
    5816             : 
    5817             : /*
    5818             :  * If the time is right, start background worker(s).
    5819             :  *
    5820             :  * As a side effect, the bgworker control variables are set or reset
    5821             :  * depending on whether more workers may need to be started.
    5822             :  *
    5823             :  * We limit the number of workers started per call, to avoid consuming the
    5824             :  * postmaster's attention for too long when many such requests are pending.
    5825             :  * As long as StartWorkerNeeded is true, ServerLoop will not block and will
    5826             :  * call this function again after dealing with any other issues.
    5827             :  */
    5828             : static void
    5829       10252 : maybe_start_bgworkers(void)
    5830             : {
    5831             : #define MAX_BGWORKERS_TO_LAUNCH 100
    5832       10252 :     int         num_launched = 0;
    5833       10252 :     TimestampTz now = 0;
    5834             :     slist_mutable_iter iter;
    5835             : 
    5836             :     /*
    5837             :      * During crash recovery, we have no need to be called until the state
    5838             :      * transition out of recovery.
    5839             :      */
    5840       10252 :     if (FatalError)
    5841             :     {
    5842           8 :         StartWorkerNeeded = false;
    5843           8 :         HaveCrashedWorker = false;
    5844           8 :         return;
    5845             :     }
    5846             : 
    5847             :     /* Don't need to be called again unless we find a reason for it below */
    5848       10244 :     StartWorkerNeeded = false;
    5849       10244 :     HaveCrashedWorker = false;
    5850             : 
    5851       28372 :     slist_foreach_modify(iter, &BackgroundWorkerList)
    5852             :     {
    5853             :         RegisteredBgWorker *rw;
    5854             : 
    5855       18132 :         rw = slist_container(RegisteredBgWorker, rw_lnode, iter.cur);
    5856             : 
    5857             :         /* ignore if already running */
    5858       18132 :         if (rw->rw_pid != 0)
    5859        9580 :             continue;
    5860             : 
    5861             :         /* if marked for death, clean up and remove from list */
    5862        8552 :         if (rw->rw_terminate)
    5863             :         {
    5864           0 :             ForgetBackgroundWorker(&iter);
    5865           0 :             continue;
    5866             :         }
    5867             : 
    5868             :         /*
    5869             :          * If this worker has crashed previously, maybe it needs to be
    5870             :          * restarted (unless on registration it specified it doesn't want to
    5871             :          * be restarted at all).  Check how long ago did a crash last happen.
    5872             :          * If the last crash is too recent, don't start it right away; let it
    5873             :          * be restarted once enough time has passed.
    5874             :          */
    5875        8552 :         if (rw->rw_crashed_at != 0)
    5876             :         {
    5877        2626 :             if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
    5878             :             {
    5879             :                 int         notify_pid;
    5880             : 
    5881          18 :                 notify_pid = rw->rw_worker.bgw_notify_pid;
    5882             : 
    5883          18 :                 ForgetBackgroundWorker(&iter);
    5884             : 
    5885             :                 /* Report worker is gone now. */
    5886          18 :                 if (notify_pid != 0)
    5887           4 :                     kill(notify_pid, SIGUSR1);
    5888             : 
    5889          18 :                 continue;
    5890             :             }
    5891             : 
    5892             :             /* read system time only when needed */
    5893        2608 :             if (now == 0)
    5894        2608 :                 now = GetCurrentTimestamp();
    5895             : 
    5896        2608 :             if (!TimestampDifferenceExceeds(rw->rw_crashed_at, now,
    5897        2608 :                                             rw->rw_worker.bgw_restart_time * 1000))
    5898             :             {
    5899             :                 /* Set flag to remember that we have workers to start later */
    5900        2608 :                 HaveCrashedWorker = true;
    5901        2608 :                 continue;
    5902             :             }
    5903             :         }
    5904             : 
    5905        5926 :         if (bgworker_should_start_now(rw->rw_worker.bgw_start_time))
    5906             :         {
    5907             :             /* reset crash time before trying to start worker */
    5908        4436 :             rw->rw_crashed_at = 0;
    5909             : 
    5910             :             /*
    5911             :              * Try to start the worker.
    5912             :              *
    5913             :              * On failure, give up processing workers for now, but set
    5914             :              * StartWorkerNeeded so we'll come back here on the next iteration
    5915             :              * of ServerLoop to try again.  (We don't want to wait, because
    5916             :              * there might be additional ready-to-run workers.)  We could set
    5917             :              * HaveCrashedWorker as well, since this worker is now marked
    5918             :              * crashed, but there's no need because the next run of this
    5919             :              * function will do that.
    5920             :              */
    5921        4436 :             if (!do_start_bgworker(rw))
    5922             :             {
    5923           0 :                 StartWorkerNeeded = true;
    5924           0 :                 return;
    5925             :             }
    5926             : 
    5927             :             /*
    5928             :              * If we've launched as many workers as allowed, quit, but have
    5929             :              * ServerLoop call us again to look for additional ready-to-run
    5930             :              * workers.  There might not be any, but we'll find out the next
    5931             :              * time we run.
    5932             :              */
    5933        4432 :             if (++num_launched >= MAX_BGWORKERS_TO_LAUNCH)
    5934             :             {
    5935           0 :                 StartWorkerNeeded = true;
    5936           0 :                 return;
    5937             :             }
    5938             :         }
    5939             :     }
    5940             : }
    5941             : 
    5942             : /*
    5943             :  * When a backend asks to be notified about worker state changes, we
    5944             :  * set a flag in its backend entry.  The background worker machinery needs
    5945             :  * to know when such backends exit.
    5946             :  */
    5947             : bool
    5948        3322 : PostmasterMarkPIDForWorkerNotify(int pid)
    5949             : {
    5950             :     dlist_iter  iter;
    5951             :     Backend    *bp;
    5952             : 
    5953        7026 :     dlist_foreach(iter, &BackendList)
    5954             :     {
    5955        7026 :         bp = dlist_container(Backend, elem, iter.cur);
    5956        7026 :         if (bp->pid == pid)
    5957             :         {
    5958        3322 :             bp->bgworker_notify = true;
    5959        3322 :             return true;
    5960             :         }
    5961             :     }
    5962           0 :     return false;
    5963             : }
    5964             : 
    5965             : #ifdef EXEC_BACKEND
    5966             : 
    5967             : /*
    5968             :  * The following need to be available to the save/restore_backend_variables
    5969             :  * functions.  They are marked NON_EXEC_STATIC in their home modules.
    5970             :  */
    5971             : extern slock_t *ShmemLock;
    5972             : extern slock_t *ProcStructLock;
    5973             : extern PGPROC *AuxiliaryProcs;
    5974             : extern PMSignalData *PMSignalState;
    5975             : extern pg_time_t first_syslogger_file_time;
    5976             : 
    5977             : #ifndef WIN32
    5978             : #define write_inheritable_socket(dest, src, childpid) ((*(dest) = (src)), true)
    5979             : #define read_inheritable_socket(dest, src) (*(dest) = *(src))
    5980             : #else
    5981             : static bool write_duplicated_handle(HANDLE *dest, HANDLE src, HANDLE child);
    5982             : static bool write_inheritable_socket(InheritableSocket *dest, SOCKET src,
    5983             :                                      pid_t childPid);
    5984             : static void read_inheritable_socket(SOCKET *dest, InheritableSocket *src);
    5985             : #endif
    5986             : 
    5987             : 
    5988             : /* Save critical backend variables into the BackendParameters struct */
    5989             : #ifndef WIN32
    5990             : static bool
    5991             : save_backend_variables(BackendParameters *param, Port *port, BackgroundWorker *worker)
    5992             : #else
    5993             : static bool
    5994             : save_backend_variables(BackendParameters *param, Port *port, BackgroundWorker *worker,
    5995             :                        HANDLE childProcess, pid_t childPid)
    5996             : #endif
    5997             : {
    5998             :     if (port)
    5999             :     {
    6000             :         memcpy(&param->port, port, sizeof(Port));
    6001             :         if (!write_inheritable_socket(&param->portsocket, port->sock, childPid))
    6002             :             return false;
    6003             :         param->has_port = true;
    6004             :     }
    6005             :     else
    6006             :     {
    6007             :         memset(&param->port, 0, sizeof(Port));
    6008             :         param->has_port = false;
    6009             :     }
    6010             : 
    6011             :     if (worker)
    6012             :     {
    6013             :         memcpy(&param->bgworker, worker, sizeof(BackgroundWorker));
    6014             :         param->has_bgworker = true;
    6015             :     }
    6016             :     else
    6017             :     {
    6018             :         memset(&param->bgworker, 0, sizeof(BackgroundWorker));
    6019             :         param->has_bgworker = false;
    6020             :     }
    6021             : 
    6022             :     strlcpy(param->DataDir, DataDir, MAXPGPATH);
    6023             : 
    6024             :     param->MyCancelKey = MyCancelKey;
    6025             :     param->MyPMChildSlot = MyPMChildSlot;
    6026             : 
    6027             : #ifdef WIN32
    6028             :     param->ShmemProtectiveRegion = ShmemProtectiveRegion;
    6029             : #endif
    6030             :     param->UsedShmemSegID = UsedShmemSegID;
    6031             :     param->UsedShmemSegAddr = UsedShmemSegAddr;
    6032             : 
    6033             :     param->ShmemLock = ShmemLock;
    6034             :     param->ShmemBackendArray = ShmemBackendArray;
    6035             : 
    6036             : #ifndef HAVE_SPINLOCKS
    6037             :     param->SpinlockSemaArray = SpinlockSemaArray;
    6038             : #endif
    6039             :     param->NamedLWLockTrancheRequests = NamedLWLockTrancheRequests;
    6040             :     param->NamedLWLockTrancheArray = NamedLWLockTrancheArray;
    6041             :     param->MainLWLockArray = MainLWLockArray;
    6042             :     param->ProcStructLock = ProcStructLock;
    6043             :     param->ProcGlobal = ProcGlobal;
    6044             :     param->AuxiliaryProcs = AuxiliaryProcs;
    6045             :     param->PreparedXactProcs = PreparedXactProcs;
    6046             :     param->PMSignalState = PMSignalState;
    6047             : 
    6048             :     param->PostmasterPid = PostmasterPid;
    6049             :     param->PgStartTime = PgStartTime;
    6050             :     param->PgReloadTime = PgReloadTime;
    6051             :     param->first_syslogger_file_time = first_syslogger_file_time;
    6052             : 
    6053             :     param->redirection_done = redirection_done;
    6054             :     param->IsBinaryUpgrade = IsBinaryUpgrade;
    6055             :     param->query_id_enabled = query_id_enabled;
    6056             :     param->max_safe_fds = max_safe_fds;
    6057             : 
    6058             :     param->MaxBackends = MaxBackends;
    6059             : 
    6060             : #ifdef WIN32
    6061             :     param->PostmasterHandle = PostmasterHandle;
    6062             :     if (!write_duplicated_handle(&param->initial_signal_pipe,
    6063             :                                  pgwin32_create_signal_listener(childPid),
    6064             :                                  childProcess))
    6065             :         return false;
    6066             : #else
    6067             :     memcpy(&param->postmaster_alive_fds, &postmaster_alive_fds,
    6068             :            sizeof(postmaster_alive_fds));
    6069             : #endif
    6070             : 
    6071             :     memcpy(&param->syslogPipe, &syslogPipe, sizeof(syslogPipe));
    6072             : 
    6073             :     strlcpy(param->my_exec_path, my_exec_path, MAXPGPATH);
    6074             : 
    6075             :     strlcpy(param->pkglib_path, pkglib_path, MAXPGPATH);
    6076             : 
    6077             :     return true;
    6078             : }
    6079             : 
    6080             : 
    6081             : #ifdef WIN32
    6082             : /*
    6083             :  * Duplicate a handle for usage in a child process, and write the child
    6084             :  * process instance of the handle to the parameter file.
    6085             :  */
    6086             : static bool
    6087             : write_duplicated_handle(HANDLE *dest, HANDLE src, HANDLE childProcess)
    6088             : {
    6089             :     HANDLE      hChild = INVALID_HANDLE_VALUE;
    6090             : 
    6091             :     if (!DuplicateHandle(GetCurrentProcess(),
    6092             :                          src,
    6093             :                          childProcess,
    6094             :                          &hChild,
    6095             :                          0,
    6096             :                          TRUE,
    6097             :                          DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS))
    6098             :     {
    6099             :         ereport(LOG,
    6100             :                 (errmsg_internal("could not duplicate handle to be written to backend parameter file: error code %lu",
    6101             :                                  GetLastError())));
    6102             :         return false;
    6103             :     }
    6104             : 
    6105             :     *dest = hChild;
    6106             :     return true;
    6107             : }
    6108             : 
    6109             : /*
    6110             :  * Duplicate a socket for usage in a child process, and write the resulting
    6111             :  * structure to the parameter file.
    6112             :  * This is required because a number of LSPs (Layered Service Providers) very
    6113             :  * common on Windows (antivirus, firewalls, download managers etc) break
    6114             :  * straight socket inheritance.
    6115             :  */
    6116             : static bool
    6117             : write_inheritable_socket(InheritableSocket *dest, SOCKET src, pid_t childpid)
    6118             : {
    6119             :     dest->origsocket = src;
    6120             :     if (src != 0 && src != PGINVALID_SOCKET)
    6121             :     {
    6122             :         /* Actual socket */
    6123             :         if (WSADuplicateSocket(src, childpid, &dest->wsainfo) != 0)
    6124             :         {
    6125             :             ereport(LOG,
    6126             :                     (errmsg("could not duplicate socket %d for use in backend: error code %d",
    6127             :                             (int) src, WSAGetLastError())));
    6128             :             return false;
    6129             :         }
    6130             :     }
    6131             :     return true;
    6132             : }
    6133             : 
    6134             : /*
    6135             :  * Read a duplicate socket structure back, and get the socket descriptor.
    6136             :  */
    6137             : static void
    6138             : read_inheritable_socket(SOCKET *dest, InheritableSocket *src)
    6139             : {
    6140             :     SOCKET      s;
    6141             : 
    6142             :     if (src->origsocket == PGINVALID_SOCKET || src->origsocket == 0)
    6143             :     {
    6144             :         /* Not a real socket! */
    6145             :         *dest = src->origsocket;
    6146             :     }
    6147             :     else
    6148             :     {
    6149             :         /* Actual socket, so create from structure */
    6150             :         s = WSASocket(FROM_PROTOCOL_INFO,
    6151             :                       FROM_PROTOCOL_INFO,
    6152             :                       FROM_PROTOCOL_INFO,
    6153             :                       &src->wsainfo,
    6154             :                       0,
    6155             :                       0);
    6156             :         if (s == INVALID_SOCKET)
    6157             :         {
    6158             :             write_stderr("could not create inherited socket: error code %d\n",
    6159             :                          WSAGetLastError());
    6160             :             exit(1);
    6161             :         }
    6162             :         *dest = s;
    6163             : 
    6164             :         /*
    6165             :          * To make sure we don't get two references to the same socket, close
    6166             :          * the original one. (This would happen when inheritance actually
    6167             :          * works..
    6168             :          */
    6169             :         closesocket(src->origsocket);
    6170             :     }
    6171             : }
    6172             : #endif
    6173             : 
    6174             : static void
    6175             : read_backend_variables(char *id, Port **port, BackgroundWorker **worker)
    6176             : {
    6177             :     BackendParameters param;
    6178             : 
    6179             : #ifndef WIN32
    6180             :     /* Non-win32 implementation reads from file */
    6181             :     FILE       *fp;
    6182             : 
    6183             :     /* Open file */
    6184             :     fp = AllocateFile(id, PG_BINARY_R);
    6185             :     if (!fp)
    6186             :     {
    6187             :         write_stderr("could not open backend variables file \"%s\": %s\n",
    6188             :                      id, strerror(errno));
    6189             :         exit(1);
    6190             :     }
    6191             : 
    6192             :     if (fread(&param, sizeof(param), 1, fp) != 1)
    6193             :     {
    6194             :         write_stderr("could not read from backend variables file \"%s\": %s\n",
    6195             :                      id, strerror(errno));
    6196             :         exit(1);
    6197             :     }
    6198             : 
    6199             :     /* Release file */
    6200             :     FreeFile(fp);
    6201             :     if (unlink(id) != 0)
    6202             :     {
    6203             :         write_stderr("could not remove file \"%s\": %s\n",
    6204             :                      id, strerror(errno));
    6205             :         exit(1);
    6206             :     }
    6207             : #else
    6208             :     /* Win32 version uses mapped file */
    6209             :     HANDLE      paramHandle;
    6210             :     BackendParameters *paramp;
    6211             : 
    6212             : #ifdef _WIN64
    6213             :     paramHandle = (HANDLE) _atoi64(id);
    6214             : #else
    6215             :     paramHandle = (HANDLE) atol(id);
    6216             : #endif
    6217             :     paramp = MapViewOfFile(paramHandle, FILE_MAP_READ, 0, 0, 0);
    6218             :     if (!paramp)
    6219             :     {
    6220             :         write_stderr("could not map view of backend variables: error code %lu\n",
    6221             :                      GetLastError());
    6222             :         exit(1);
    6223             :     }
    6224             : 
    6225             :     memcpy(&param, paramp, sizeof(BackendParameters));
    6226             : 
    6227             :     if (!UnmapViewOfFile(paramp))
    6228             :     {
    6229             :         write_stderr("could not unmap view of backend variables: error code %lu\n",
    6230             :                      GetLastError());
    6231             :         exit(1);
    6232             :     }
    6233             : 
    6234             :     if (!CloseHandle(paramHandle))
    6235             :     {
    6236             :         write_stderr("could not close handle to backend parameter variables: error code %lu\n",
    6237             :                      GetLastError());
    6238             :         exit(1);
    6239             :     }
    6240             : #endif
    6241             : 
    6242             :     restore_backend_variables(&param, port, worker);
    6243             : }
    6244             : 
    6245             : /* Restore critical backend variables from the BackendParameters struct */
    6246             : static void
    6247             : restore_backend_variables(BackendParameters *param, Port **port, BackgroundWorker **worker)
    6248             : {
    6249             :     if (param->has_port)
    6250             :     {
    6251             :         *port = (Port *) MemoryContextAlloc(TopMemoryContext, sizeof(Port));
    6252             :         memcpy(*port, &param->port, sizeof(Port));
    6253             :         read_inheritable_socket(&(*port)->sock, &param->portsocket);
    6254             :     }
    6255             :     else
    6256             :         *port = NULL;
    6257             : 
    6258             :     if (param->has_bgworker)
    6259             :     {
    6260             :         *worker = (BackgroundWorker *)
    6261             :             MemoryContextAlloc(TopMemoryContext, sizeof(BackgroundWorker));
    6262             :         memcpy(*worker, &param->bgworker, sizeof(BackgroundWorker));
    6263             :     }
    6264             :     else
    6265             :         *worker = NULL;
    6266             : 
    6267             :     SetDataDir(param->DataDir);
    6268             : 
    6269             :     MyCancelKey = param->MyCancelKey;
    6270             :     MyPMChildSlot = param->MyPMChildSlot;
    6271             : 
    6272             : #ifdef WIN32
    6273             :     ShmemProtectiveRegion = param->ShmemProtectiveRegion;
    6274             : #endif
    6275             :     UsedShmemSegID = param->UsedShmemSegID;
    6276             :     UsedShmemSegAddr = param->UsedShmemSegAddr;
    6277             : 
    6278             :     ShmemLock = param->ShmemLock;
    6279             :     ShmemBackendArray = param->ShmemBackendArray;
    6280             : 
    6281             : #ifndef HAVE_SPINLOCKS
    6282             :     SpinlockSemaArray = param->SpinlockSemaArray;
    6283             : #endif
    6284             :     NamedLWLockTrancheRequests = param->NamedLWLockTrancheRequests;
    6285             :     NamedLWLockTrancheArray = param->NamedLWLockTrancheArray;
    6286             :     MainLWLockArray = param->MainLWLockArray;
    6287             :     ProcStructLock = param->ProcStructLock;
    6288             :     ProcGlobal = param->ProcGlobal;
    6289             :     AuxiliaryProcs = param->AuxiliaryProcs;
    6290             :     PreparedXactProcs = param->PreparedXactProcs;
    6291             :     PMSignalState = param->PMSignalState;
    6292             : 
    6293             :     PostmasterPid = param->PostmasterPid;
    6294             :     PgStartTime = param->PgStartTime;
    6295             :     PgReloadTime = param->PgReloadTime;
    6296             :     first_syslogger_file_time = param->first_syslogger_file_time;
    6297             : 
    6298             :     redirection_done = param->redirection_done;
    6299             :     IsBinaryUpgrade = param->IsBinaryUpgrade;
    6300             :     query_id_enabled = param->query_id_enabled;
    6301             :     max_safe_fds = param->max_safe_fds;
    6302             : 
    6303             :     MaxBackends = param->MaxBackends;
    6304             : 
    6305             : #ifdef WIN32
    6306             :     PostmasterHandle = param->PostmasterHandle;
    6307             :     pgwin32_initial_signal_pipe = param->initial_signal_pipe;
    6308             : #else
    6309             :     memcpy(&postmaster_alive_fds, &param->postmaster_alive_fds,
    6310             :            sizeof(postmaster_alive_fds));
    6311             : #endif
    6312             : 
    6313             :     memcpy(&syslogPipe, &param->syslogPipe, sizeof(syslogPipe));
    6314             : 
    6315             :     strlcpy(my_exec_path, param->my_exec_path, MAXPGPATH);
    6316             : 
    6317             :     strlcpy(pkglib_path, param->pkglib_path, MAXPGPATH);
    6318             : 
    6319             :     /*
    6320             :      * We need to restore fd.c's counts of externally-opened FDs; to avoid
    6321             :      * confusion, be sure to do this after restoring max_safe_fds.  (Note:
    6322             :      * BackendInitialize will handle this for port->sock.)
    6323             :      */
    6324             : #ifndef WIN32
    6325             :     if (postmaster_alive_fds[0] >= 0)
    6326             :         ReserveExternalFD();
    6327             :     if (postmaster_alive_fds[1] >= 0)
    6328             :         ReserveExternalFD();
    6329             : #endif
    6330             : }
    6331             : 
    6332             : 
    6333             : Size
    6334             : ShmemBackendArraySize(void)
    6335             : {
    6336             :     return mul_size(MaxLivePostmasterChildren(), sizeof(Backend));
    6337             : }
    6338             : 
    6339             : void
    6340             : ShmemBackendArrayAllocation(void)
    6341             : {
    6342             :     Size        size = ShmemBackendArraySize();
    6343             : 
    6344             :     ShmemBackendArray = (Backend *) ShmemAlloc(size);
    6345             :     /* Mark all slots as empty */
    6346             :     memset(ShmemBackendArray, 0, size);
    6347             : }
    6348             : 
    6349             : static void
    6350             : ShmemBackendArrayAdd(Backend *bn)
    6351             : {
    6352             :     /* The array slot corresponding to my PMChildSlot should be free */
    6353             :     int         i = bn->child_slot - 1;
    6354             : 
    6355             :     Assert(ShmemBackendArray[i].pid == 0);
    6356             :     ShmemBackendArray[i] = *bn;
    6357             : }
    6358             : 
    6359             : static void
    6360             : ShmemBackendArrayRemove(Backend *bn)
    6361             : {
    6362             :     int         i = bn->child_slot - 1;
    6363             : 
    6364             :     Assert(ShmemBackendArray[i].pid == bn->pid);
    6365             :     /* Mark the slot as empty */
    6366             :     ShmemBackendArray[i].pid = 0;
    6367             : }
    6368             : #endif                          /* EXEC_BACKEND */
    6369             : 
    6370             : 
    6371             : #ifdef WIN32
    6372             : 
    6373             : /*
    6374             :  * Subset implementation of waitpid() for Windows.  We assume pid is -1
    6375             :  * (that is, check all child processes) and options is WNOHANG (don't wait).
    6376             :  */
    6377             : static pid_t
    6378             : waitpid(pid_t pid, int *exitstatus, int options)
    6379             : {
    6380             :     win32_deadchild_waitinfo *childinfo;
    6381             :     DWORD       exitcode;
    6382             :     DWORD       dwd;
    6383             :     ULONG_PTR   key;
    6384             :     OVERLAPPED *ovl;
    6385             : 
    6386             :     /* Try to consume one win32_deadchild_waitinfo from the queue. */
    6387             :     if (!GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
    6388             :     {
    6389             :         errno = EAGAIN;
    6390             :         return -1;
    6391             :     }
    6392             : 
    6393             :     childinfo = (win32_deadchild_waitinfo *) key;
    6394             :     pid = childinfo->procId;
    6395             : 
    6396             :     /*
    6397             :      * Remove handle from wait - required even though it's set to wait only
    6398             :      * once
    6399             :      */
    6400             :     UnregisterWaitEx(childinfo->waitHandle, NULL);
    6401             : 
    6402             :     if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
    6403             :     {
    6404             :         /*
    6405             :          * Should never happen. Inform user and set a fixed exitcode.
    6406             :          */
    6407             :         write_stderr("could not read exit code for process\n");
    6408             :         exitcode = 255;
    6409             :     }
    6410             :     *exitstatus = exitcode;
    6411             : 
    6412             :     /*
    6413             :      * Close the process handle.  Only after this point can the PID can be
    6414             :      * recycled by the kernel.
    6415             :      */
    6416             :     CloseHandle(childinfo->procHandle);
    6417             : 
    6418             :     /*
    6419             :      * Free struct that was allocated before the call to
    6420             :      * RegisterWaitForSingleObject()
    6421             :      */
    6422             :     pfree(childinfo);
    6423             : 
    6424             :     return pid;
    6425             : }
    6426             : 
    6427             : /*
    6428             :  * Note! Code below executes on a thread pool! All operations must
    6429             :  * be thread safe! Note that elog() and friends must *not* be used.
    6430             :  */
    6431             : static void WINAPI
    6432             : pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
    6433             : {
    6434             :     /* Should never happen, since we use INFINITE as timeout value. */
    6435             :     if (TimerOrWaitFired)
    6436             :         return;
    6437             : 
    6438             :     /*
    6439             :      * Post the win32_deadchild_waitinfo object for waitpid() to deal with. If
    6440             :      * that fails, we leak the object, but we also leak a whole process and
    6441             :      * get into an unrecoverable state, so there's not much point in worrying
    6442             :      * about that.  We'd like to panic, but we can't use that infrastructure
    6443             :      * from this thread.
    6444             :      */
    6445             :     if (!PostQueuedCompletionStatus(win32ChildQueue,
    6446             :                                     0,
    6447             :                                     (ULONG_PTR) lpParameter,
    6448             :                                     NULL))
    6449             :         write_stderr("could not post child completion status\n");
    6450             : 
    6451             :     /* Queue SIGCHLD signal. */
    6452             :     pg_queue_signal(SIGCHLD);
    6453             : }
    6454             : #endif                          /* WIN32 */
    6455             : 
    6456             : /*
    6457             :  * Initialize one and only handle for monitoring postmaster death.
    6458             :  *
    6459             :  * Called once in the postmaster, so that child processes can subsequently
    6460             :  * monitor if their parent is dead.
    6461             :  */
    6462             : static void
    6463        1280 : InitPostmasterDeathWatchHandle(void)
    6464             : {
    6465             : #ifndef WIN32
    6466             : 
    6467             :     /*
    6468             :      * Create a pipe. Postmaster holds the write end of the pipe open
    6469             :      * (POSTMASTER_FD_OWN), and children hold the read end. Children can pass
    6470             :      * the read file descriptor to select() to wake up in case postmaster
    6471             :      * dies, or check for postmaster death with a (read() == 0). Children must
    6472             :      * close the write end as soon as possible after forking, because EOF
    6473             :      * won't be signaled in the read end until all processes have closed the
    6474             :      * write fd. That is taken care of in ClosePostmasterPorts().
    6475             :      */
    6476             :     Assert(MyProcPid == PostmasterPid);
    6477        1280 :     if (pipe(postmaster_alive_fds) < 0)
    6478           0 :         ereport(FATAL,
    6479             :                 (errcode_for_file_access(),
    6480             :                  errmsg_internal("could not create pipe to monitor postmaster death: %m")));
    6481             : 
    6482             :     /* Notify fd.c that we've eaten two FDs for the pipe. */
    6483        1280 :     ReserveExternalFD();
    6484        1280 :     ReserveExternalFD();
    6485             : 
    6486             :     /*
    6487             :      * Set O_NONBLOCK to allow testing for the fd's presence with a read()
    6488             :      * call.
    6489             :      */
    6490        1280 :     if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFL, O_NONBLOCK) == -1)
    6491           0 :         ereport(FATAL,
    6492             :                 (errcode_for_socket_access(),
    6493             :                  errmsg_internal("could not set postmaster death monitoring pipe to nonblocking mode: %m")));
    6494             : #else
    6495             : 
    6496             :     /*
    6497             :      * On Windows, we use a process handle for the same purpose.
    6498             :      */
    6499             :     if (DuplicateHandle(GetCurrentProcess(),
    6500             :                         GetCurrentProcess(),
    6501             :                         GetCurrentProcess(),
    6502             :                         &PostmasterHandle,
    6503             :                         0,
    6504             :                         TRUE,
    6505             :                         DUPLICATE_SAME_ACCESS) == 0)
    6506             :         ereport(FATAL,
    6507             :                 (errmsg_internal("could not duplicate postmaster handle: error code %lu",
    6508             :                                  GetLastError())));
    6509             : #endif                          /* WIN32 */
    6510        1280 : }

Generated by: LCOV version 1.14