Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * postmaster.c
4 : * This program acts as a clearing house for requests to the
5 : * POSTGRES system. Frontend programs connect to the Postmaster,
6 : * and postmaster forks a new backend process to handle the
7 : * connection.
8 : *
9 : * The postmaster also manages system-wide operations such as
10 : * startup and shutdown. The postmaster itself doesn't do those
11 : * operations, mind you --- it just forks off a subprocess to do them
12 : * at the right times. It also takes care of resetting the system
13 : * if a backend crashes.
14 : *
15 : * The postmaster process creates the shared memory and semaphore
16 : * pools during startup, but as a rule does not touch them itself.
17 : * In particular, it is not a member of the PGPROC array of backends
18 : * and so it cannot participate in lock-manager operations. Keeping
19 : * the postmaster away from shared memory operations makes it simpler
20 : * and more reliable. The postmaster is almost always able to recover
21 : * from crashes of individual backends by resetting shared memory;
22 : * if it did much with shared memory then it would be prone to crashing
23 : * along with the backends.
24 : *
25 : * When a request message is received, we now fork() immediately.
26 : * The child process performs authentication of the request, and
27 : * then becomes a backend if successful. This allows the auth code
28 : * to be written in a simple single-threaded style (as opposed to the
29 : * crufty "poor man's multitasking" code that used to be needed).
30 : * More importantly, it ensures that blockages in non-multithreaded
31 : * libraries like SSL or PAM cannot cause denial of service to other
32 : * clients.
33 : *
34 : *
35 : * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
36 : * Portions Copyright (c) 1994, Regents of the University of California
37 : *
38 : *
39 : * IDENTIFICATION
40 : * src/backend/postmaster/postmaster.c
41 : *
42 : * NOTES
43 : *
44 : * Initialization:
45 : * The Postmaster sets up shared memory data structures
46 : * for the backends.
47 : *
48 : * Synchronization:
49 : * The Postmaster shares memory with the backends but should avoid
50 : * touching shared memory, so as not to become stuck if a crashing
51 : * backend screws up locks or shared memory. Likewise, the Postmaster
52 : * should never block on messages from frontend clients.
53 : *
54 : * Garbage Collection:
55 : * The Postmaster cleans up after backends if they have an emergency
56 : * exit and/or core dump.
57 : *
58 : * Error Reporting:
59 : * Use write_stderr() only for reporting "interactive" errors
60 : * (essentially, bogus arguments on the command line). Once the
61 : * postmaster is launched, use ereport().
62 : *
63 : *-------------------------------------------------------------------------
64 : */
65 :
66 : #include "postgres.h"
67 :
68 : #include <unistd.h>
69 : #include <signal.h>
70 : #include <time.h>
71 : #include <sys/wait.h>
72 : #include <ctype.h>
73 : #include <sys/stat.h>
74 : #include <sys/socket.h>
75 : #include <fcntl.h>
76 : #include <sys/param.h>
77 : #include <netdb.h>
78 : #include <limits.h>
79 :
80 : #ifdef USE_BONJOUR
81 : #include <dns_sd.h>
82 : #endif
83 :
84 : #ifdef USE_SYSTEMD
85 : #include <systemd/sd-daemon.h>
86 : #endif
87 :
88 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
89 : #include <pthread.h>
90 : #endif
91 :
92 : #include "access/xlog.h"
93 : #include "access/xlog_internal.h"
94 : #include "access/xlogrecovery.h"
95 : #include "common/file_perm.h"
96 : #include "common/pg_prng.h"
97 : #include "lib/ilist.h"
98 : #include "libpq/libpq.h"
99 : #include "libpq/pqsignal.h"
100 : #include "pgstat.h"
101 : #include "port/pg_bswap.h"
102 : #include "port/pg_getopt_ctx.h"
103 : #include "postmaster/autovacuum.h"
104 : #include "postmaster/bgworker_internals.h"
105 : #include "postmaster/pgarch.h"
106 : #include "postmaster/postmaster.h"
107 : #include "postmaster/syslogger.h"
108 : #include "postmaster/walsummarizer.h"
109 : #include "replication/logicallauncher.h"
110 : #include "replication/slotsync.h"
111 : #include "replication/walsender.h"
112 : #include "storage/aio_subsys.h"
113 : #include "storage/fd.h"
114 : #include "storage/io_worker.h"
115 : #include "storage/ipc.h"
116 : #include "storage/pmsignal.h"
117 : #include "storage/proc.h"
118 : #include "storage/shmem_internal.h"
119 : #include "tcop/backend_startup.h"
120 : #include "tcop/tcopprot.h"
121 : #include "utils/datetime.h"
122 : #include "utils/memutils.h"
123 : #include "utils/pidfile.h"
124 : #include "utils/timestamp.h"
125 : #include "utils/varlena.h"
126 :
127 : #ifdef EXEC_BACKEND
128 : #include "common/file_utils.h"
129 : #include "storage/pg_shmem.h"
130 : #endif
131 :
132 :
133 : /*
134 : * CountChildren and SignalChildren take a bitmask argument to represent
135 : * BackendTypes to count or signal. Define a separate type and functions to
136 : * work with the bitmasks, to avoid accidentally passing a plain BackendType
137 : * in place of a bitmask or vice versa.
138 : */
139 : typedef struct
140 : {
141 : uint32 mask;
142 : } BackendTypeMask;
143 :
144 : StaticAssertDecl(BACKEND_NUM_TYPES < 32, "too many backend types for uint32");
145 :
146 : static const BackendTypeMask BTYPE_MASK_ALL = {(1 << BACKEND_NUM_TYPES) - 1};
147 : static const BackendTypeMask BTYPE_MASK_NONE = {0};
148 :
149 : static inline BackendTypeMask
150 1747 : btmask(BackendType t)
151 : {
152 1747 : BackendTypeMask mask = {.mask = 1 << t};
153 :
154 1747 : return mask;
155 : }
156 :
157 : static inline BackendTypeMask
158 17381 : btmask_add_n(BackendTypeMask mask, int nargs, BackendType *t)
159 : {
160 76575 : for (int i = 0; i < nargs; i++)
161 59194 : mask.mask |= 1 << t[i];
162 17381 : return mask;
163 : }
164 :
165 : #define btmask_add(mask, ...) \
166 : btmask_add_n(mask, \
167 : lengthof(((BackendType[]){__VA_ARGS__})), \
168 : (BackendType[]){__VA_ARGS__} \
169 : )
170 :
171 : static inline BackendTypeMask
172 4938 : btmask_del(BackendTypeMask mask, BackendType t)
173 : {
174 4938 : mask.mask &= ~(1 << t);
175 4938 : return mask;
176 : }
177 :
178 : static inline BackendTypeMask
179 2856 : btmask_all_except_n(int nargs, BackendType *t)
180 : {
181 2856 : BackendTypeMask mask = BTYPE_MASK_ALL;
182 :
183 7794 : for (int i = 0; i < nargs; i++)
184 4938 : mask = btmask_del(mask, t[i]);
185 2856 : return mask;
186 : }
187 :
188 : #define btmask_all_except(...) \
189 : btmask_all_except_n( \
190 : lengthof(((BackendType[]){__VA_ARGS__})), \
191 : (BackendType[]){__VA_ARGS__} \
192 : )
193 :
194 : static inline bool
195 123714 : btmask_contains(BackendTypeMask mask, BackendType t)
196 : {
197 123714 : return (mask.mask & (1 << t)) != 0;
198 : }
199 :
200 :
201 : BackgroundWorker *MyBgworkerEntry = NULL;
202 :
203 : /* The socket number we are listening for connections on */
204 : int PostPortNumber = DEF_PGPORT;
205 :
206 : /* The directory names for Unix socket(s) */
207 : char *Unix_socket_directories;
208 :
209 : /* The TCP listen address(es) */
210 : char *ListenAddresses;
211 :
212 : /*
213 : * SuperuserReservedConnections is the number of backends reserved for
214 : * superuser use, and ReservedConnections is the number of backends reserved
215 : * for use by roles with privileges of the pg_use_reserved_connections
216 : * predefined role. These are taken out of the pool of MaxConnections backend
217 : * slots, so the number of backend slots available for roles that are neither
218 : * superuser nor have privileges of pg_use_reserved_connections is
219 : * (MaxConnections - SuperuserReservedConnections - ReservedConnections).
220 : *
221 : * If the number of remaining slots is less than or equal to
222 : * SuperuserReservedConnections, only superusers can make new connections. If
223 : * the number of remaining slots is greater than SuperuserReservedConnections
224 : * but less than or equal to
225 : * (SuperuserReservedConnections + ReservedConnections), only superusers and
226 : * roles with privileges of pg_use_reserved_connections can make new
227 : * connections. Note that pre-existing superuser and
228 : * pg_use_reserved_connections connections don't count against the limits.
229 : */
230 : int SuperuserReservedConnections;
231 : int ReservedConnections;
232 :
233 : /* The socket(s) we're listening to. */
234 : #define MAXLISTEN 64
235 : static int NumListenSockets = 0;
236 : static pgsocket *ListenSockets = NULL;
237 :
238 : /* still more option variables */
239 : bool EnableSSL = false;
240 :
241 : int PreAuthDelay = 0;
242 : int AuthenticationTimeout = 60;
243 :
244 : bool log_hostname; /* for ps display and logging */
245 :
246 : bool enable_bonjour = false;
247 : char *bonjour_name;
248 : bool restart_after_crash = true;
249 : bool remove_temp_files_after_crash = true;
250 :
251 : /*
252 : * When terminating child processes after fatal errors, like a crash of a
253 : * child process, we normally send SIGQUIT -- and most other comments in this
254 : * file are written on the assumption that we do -- but developers might
255 : * prefer to use SIGABRT to collect per-child core dumps.
256 : */
257 : bool send_abort_for_crash = false;
258 : bool send_abort_for_kill = false;
259 :
260 : /* special child processes; NULL when not running */
261 : static PMChild *StartupPMChild = NULL,
262 : *BgWriterPMChild = NULL,
263 : *CheckpointerPMChild = NULL,
264 : *WalWriterPMChild = NULL,
265 : *WalReceiverPMChild = NULL,
266 : *WalSummarizerPMChild = NULL,
267 : *AutoVacLauncherPMChild = NULL,
268 : *PgArchPMChild = NULL,
269 : *SysLoggerPMChild = NULL,
270 : *SlotSyncWorkerPMChild = NULL;
271 :
272 : /* Startup process's status */
273 : typedef enum
274 : {
275 : STARTUP_NOT_RUNNING,
276 : STARTUP_RUNNING,
277 : STARTUP_SIGNALED, /* we sent it a SIGQUIT or SIGKILL */
278 : STARTUP_CRASHED,
279 : } StartupStatusEnum;
280 :
281 : static StartupStatusEnum StartupStatus = STARTUP_NOT_RUNNING;
282 :
283 : /* Startup/shutdown state */
284 : #define NoShutdown 0
285 : #define SmartShutdown 1
286 : #define FastShutdown 2
287 : #define ImmediateShutdown 3
288 :
289 : static int Shutdown = NoShutdown;
290 :
291 : static bool FatalError = false; /* T if recovering from backend crash */
292 :
293 : /*
294 : * We use a simple state machine to control startup, shutdown, and
295 : * crash recovery (which is rather like shutdown followed by startup).
296 : *
297 : * After doing all the postmaster initialization work, we enter PM_STARTUP
298 : * state and the startup process is launched. The startup process begins by
299 : * reading the control file and other preliminary initialization steps.
300 : * In a normal startup, or after crash recovery, the startup process exits
301 : * with exit code 0 and we switch to PM_RUN state. However, archive recovery
302 : * is handled specially since it takes much longer and we would like to support
303 : * hot standby during archive recovery.
304 : *
305 : * When the startup process is ready to start archive recovery, it signals the
306 : * postmaster, and we switch to PM_RECOVERY state. The background writer and
307 : * checkpointer are already running (as these are launched during PM_STARTUP),
308 : * and the startup process continues applying WAL. If Hot Standby is enabled,
309 : * then, after reaching a consistent point in WAL redo, startup process
310 : * signals us again, and we switch to PM_HOT_STANDBY state and begin accepting
311 : * connections to perform read-only queries. When archive recovery is
312 : * finished, the startup process exits with exit code 0 and we switch to
313 : * PM_RUN state.
314 : *
315 : * Normal child backends can only be launched when we are in PM_RUN or
316 : * PM_HOT_STANDBY state. (connsAllowed can also restrict launching.)
317 : * In other states we handle connection requests by launching "dead-end"
318 : * child processes, which will simply send the client an error message and
319 : * quit. (We track these in the ActiveChildList so that we can know when they
320 : * are all gone; this is important because they're still connected to shared
321 : * memory, and would interfere with an attempt to destroy the shmem segment,
322 : * possibly leading to SHMALL failure when we try to make a new one.)
323 : * In PM_WAIT_DEAD_END state we are waiting for all the dead-end children
324 : * to drain out of the system, and therefore stop accepting connection
325 : * requests at all until the last existing child has quit (which hopefully
326 : * will not be very long).
327 : *
328 : * Notice that this state variable does not distinguish *why* we entered
329 : * states later than PM_RUN --- Shutdown and FatalError must be consulted
330 : * to find that out. FatalError is never true in PM_RECOVERY, PM_HOT_STANDBY,
331 : * or PM_RUN states, nor in PM_WAIT_XLOG_SHUTDOWN states (because we don't
332 : * enter those states when trying to recover from a crash). It can be true in
333 : * PM_STARTUP state, because we don't clear it until we've successfully
334 : * started WAL redo.
335 : */
336 : typedef enum
337 : {
338 : PM_INIT, /* postmaster starting */
339 : PM_STARTUP, /* waiting for startup subprocess */
340 : PM_RECOVERY, /* in archive recovery mode */
341 : PM_HOT_STANDBY, /* in hot standby mode */
342 : PM_RUN, /* normal "database is alive" state */
343 : PM_STOP_BACKENDS, /* need to stop remaining backends */
344 : PM_WAIT_BACKENDS, /* waiting for live backends to exit */
345 : PM_WAIT_XLOG_SHUTDOWN, /* waiting for checkpointer to do shutdown
346 : * ckpt */
347 : PM_WAIT_XLOG_ARCHIVAL, /* waiting for archiver and walsenders to
348 : * finish */
349 : PM_WAIT_IO_WORKERS, /* waiting for io workers to exit */
350 : PM_WAIT_CHECKPOINTER, /* waiting for checkpointer to shut down */
351 : PM_WAIT_DEAD_END, /* waiting for dead-end children to exit */
352 : PM_NO_CHILDREN, /* all important children have exited */
353 : } PMState;
354 :
355 : static PMState pmState = PM_INIT;
356 :
357 : /*
358 : * While performing a "smart shutdown", we restrict new connections but stay
359 : * in PM_RUN or PM_HOT_STANDBY state until all the client backends are gone.
360 : * connsAllowed is a sub-state indicator showing the active restriction.
361 : * It is of no interest unless pmState is PM_RUN or PM_HOT_STANDBY.
362 : */
363 : static bool connsAllowed = true;
364 :
365 : /* Start time of SIGKILL timeout during immediate shutdown or child crash */
366 : /* Zero means timeout is not running */
367 : static time_t AbortStartTime = 0;
368 :
369 : /* Length of said timeout */
370 : #define SIGKILL_CHILDREN_AFTER_SECS 5
371 :
372 : static bool ReachedNormalRunning = false; /* T if we've reached PM_RUN */
373 :
374 : bool ClientAuthInProgress = false; /* T during new-client
375 : * authentication */
376 :
377 : bool redirection_done = false; /* stderr redirected for syslogger? */
378 :
379 : /* received START_AUTOVAC_LAUNCHER signal */
380 : static bool start_autovac_launcher = false;
381 :
382 : /* the launcher needs to be signaled to communicate some condition */
383 : static bool avlauncher_needs_signal = false;
384 :
385 : /* received START_WALRECEIVER signal */
386 : static bool WalReceiverRequested = false;
387 :
388 : /* set when there's a worker that needs to be started up */
389 : static bool StartWorkerNeeded = true;
390 : static bool HaveCrashedWorker = false;
391 :
392 : /* set when signals arrive */
393 : static volatile sig_atomic_t pending_pm_pmsignal;
394 : static volatile sig_atomic_t pending_pm_child_exit;
395 : static volatile sig_atomic_t pending_pm_reload_request;
396 : static volatile sig_atomic_t pending_pm_shutdown_request;
397 : static volatile sig_atomic_t pending_pm_fast_shutdown_request;
398 : static volatile sig_atomic_t pending_pm_immediate_shutdown_request;
399 :
400 : /* event multiplexing object */
401 : static WaitEventSet *pm_wait_set;
402 :
403 : #ifdef USE_SSL
404 : /* Set when and if SSL has been initialized properly */
405 : bool LoadedSSL = false;
406 : #endif
407 :
408 : #ifdef USE_BONJOUR
409 : static DNSServiceRef bonjour_sdref = NULL;
410 : #endif
411 :
412 : /* State for IO worker management. */
413 : static TimestampTz io_worker_launch_next_time = 0;
414 : static int io_worker_count = 0;
415 : static PMChild *io_worker_children[MAX_IO_WORKERS];
416 :
417 : /*
418 : * postmaster.c - function prototypes
419 : */
420 : static void CloseServerPorts(int status, Datum arg);
421 : static void unlink_external_pid_file(int status, Datum arg);
422 : static void getInstallationPaths(const char *argv0);
423 : static void checkControlFile(void);
424 : static void handle_pm_pmsignal_signal(SIGNAL_ARGS);
425 : static void handle_pm_child_exit_signal(SIGNAL_ARGS);
426 : static void handle_pm_reload_request_signal(SIGNAL_ARGS);
427 : static void handle_pm_shutdown_request_signal(SIGNAL_ARGS);
428 : static void process_pm_pmsignal(void);
429 : static void process_pm_child_exit(void);
430 : static void process_pm_reload_request(void);
431 : static void process_pm_shutdown_request(void);
432 : static void dummy_handler(SIGNAL_ARGS);
433 : static void CleanupBackend(PMChild *bp, int exitstatus);
434 : static void HandleChildCrash(int pid, int exitstatus, const char *procname);
435 : static void LogChildExit(int lev, const char *procname,
436 : int pid, int exitstatus);
437 : static void PostmasterStateMachine(void);
438 : static void UpdatePMState(PMState newState);
439 :
440 : pg_noreturn static void ExitPostmaster(int status);
441 : static int ServerLoop(void);
442 : static int BackendStartup(ClientSocket *client_sock);
443 : static void report_fork_failure_to_client(ClientSocket *client_sock, int errnum);
444 : static CAC_state canAcceptConnections(BackendType backend_type);
445 : static void signal_child(PMChild *pmchild, int signal);
446 : static bool SignalChildren(int signal, BackendTypeMask targetMask);
447 : static void TerminateChildren(int signal);
448 : static int CountChildren(BackendTypeMask targetMask);
449 : static void LaunchMissingBackgroundProcesses(void);
450 : static void maybe_start_bgworkers(void);
451 : static bool maybe_reap_io_worker(int pid);
452 : static void maybe_start_io_workers(void);
453 : static TimestampTz maybe_start_io_workers_scheduled_at(void);
454 : static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
455 : static PMChild *StartChildProcess(BackendType type);
456 : static void StartSysLogger(void);
457 : static void StartAutovacuumWorker(void);
458 : static bool StartBackgroundWorker(RegisteredBgWorker *rw);
459 : static void InitPostmasterDeathWatchHandle(void);
460 :
461 : #ifdef WIN32
462 : #define WNOHANG 0 /* ignored, so any integer value will do */
463 :
464 : static pid_t waitpid(pid_t pid, int *exitstatus, int options);
465 : static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
466 :
467 : static HANDLE win32ChildQueue;
468 :
469 : typedef struct
470 : {
471 : HANDLE waitHandle;
472 : HANDLE procHandle;
473 : DWORD procId;
474 : } win32_deadchild_waitinfo;
475 : #endif /* WIN32 */
476 :
477 : /* Macros to check exit status of a child process */
478 : #define EXIT_STATUS_0(st) ((st) == 0)
479 : #define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
480 : #define EXIT_STATUS_3(st) (WIFEXITED(st) && WEXITSTATUS(st) == 3)
481 :
482 : #ifndef WIN32
483 : /*
484 : * File descriptors for pipe used to monitor if postmaster is alive.
485 : * First is POSTMASTER_FD_WATCH, second is POSTMASTER_FD_OWN.
486 : */
487 : int postmaster_alive_fds[2] = {-1, -1};
488 : #else
489 : /* Process handle of postmaster used for the same purpose on Windows */
490 : HANDLE PostmasterHandle;
491 : #endif
492 :
493 : /*
494 : * Postmaster main entry point
495 : */
496 : void
497 1006 : PostmasterMain(int argc, char *argv[])
498 : {
499 : pg_getopt_ctx optctx;
500 : int opt;
501 : int status;
502 1006 : char *userDoption = NULL;
503 1006 : bool listen_addr_saved = false;
504 1006 : char *output_config_variable = NULL;
505 :
506 1006 : InitProcessGlobals();
507 :
508 1006 : PostmasterPid = MyProcPid;
509 :
510 1006 : IsPostmasterEnvironment = true;
511 :
512 : /*
513 : * Start our win32 signal implementation
514 : */
515 : #ifdef WIN32
516 : pgwin32_signal_initialize();
517 : #endif
518 :
519 : /*
520 : * We should not be creating any files or directories before we check the
521 : * data directory (see checkDataDir()), but just in case set the umask to
522 : * the most restrictive (owner-only) permissions.
523 : *
524 : * checkDataDir() will reset the umask based on the data directory
525 : * permissions.
526 : */
527 1006 : umask(PG_MODE_MASK_OWNER);
528 :
529 : /*
530 : * By default, palloc() requests in the postmaster will be allocated in
531 : * the PostmasterContext, which is space that can be recycled by backends.
532 : * Allocated data that needs to be available to backends should be
533 : * allocated in TopMemoryContext.
534 : */
535 1006 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
536 : "Postmaster",
537 : ALLOCSET_DEFAULT_SIZES);
538 1006 : MemoryContextSwitchTo(PostmasterContext);
539 :
540 : /* Initialize paths to installation files */
541 1006 : getInstallationPaths(argv[0]);
542 :
543 : /*
544 : * Set up signal handlers for the postmaster process.
545 : *
546 : * CAUTION: when changing this list, check for side-effects on the signal
547 : * handling setup of child processes. See tcop/postgres.c,
548 : * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
549 : * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/syslogger.c,
550 : * postmaster/bgworker.c and postmaster/checkpointer.c.
551 : */
552 1006 : pqinitmask();
553 1006 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
554 :
555 1006 : pqsignal(SIGHUP, handle_pm_reload_request_signal);
556 1006 : pqsignal(SIGINT, handle_pm_shutdown_request_signal);
557 1006 : pqsignal(SIGQUIT, handle_pm_shutdown_request_signal);
558 1006 : pqsignal(SIGTERM, handle_pm_shutdown_request_signal);
559 1006 : pqsignal(SIGALRM, PG_SIG_IGN); /* ignored */
560 1006 : pqsignal(SIGPIPE, PG_SIG_IGN); /* ignored */
561 1006 : pqsignal(SIGUSR1, handle_pm_pmsignal_signal);
562 1006 : pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
563 1006 : pqsignal(SIGCHLD, handle_pm_child_exit_signal);
564 :
565 : /* This may configure SIGURG, depending on platform. */
566 1006 : InitializeWaitEventSupport();
567 1006 : InitProcessLocalLatch();
568 :
569 : /*
570 : * No other place in Postgres should touch SIGTTIN/SIGTTOU handling. We
571 : * ignore those signals in a postmaster environment, so that there is no
572 : * risk of a child process freezing up due to writing to stderr. But for
573 : * a standalone backend, their default handling is reasonable. Hence, all
574 : * child processes should just allow the inherited settings to stand.
575 : */
576 : #ifdef SIGTTIN
577 1006 : pqsignal(SIGTTIN, PG_SIG_IGN); /* ignored */
578 : #endif
579 : #ifdef SIGTTOU
580 1006 : pqsignal(SIGTTOU, PG_SIG_IGN); /* ignored */
581 : #endif
582 :
583 : /* ignore SIGXFSZ, so that ulimit violations work like disk full */
584 : #ifdef SIGXFSZ
585 1006 : pqsignal(SIGXFSZ, PG_SIG_IGN); /* ignored */
586 : #endif
587 :
588 : /* Begin accepting signals. */
589 1006 : sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
590 :
591 : /*
592 : * Options setup
593 : */
594 1006 : InitializeGUCOptions();
595 :
596 : /*
597 : * Parse command-line options. CAUTION: keep this in sync with
598 : * tcop/postgres.c (the option sets should not conflict) and with the
599 : * common help() function in main/main.c.
600 : */
601 1006 : pg_getopt_start(&optctx, argc, argv, "B:bC:c:D:d:EeFf:h:ijk:lN:OPp:r:S:sTt:W:-:");
602 1006 : optctx.opterr = 1;
603 3601 : while ((opt = pg_getopt_next(&optctx)) != -1)
604 : {
605 2599 : switch (opt)
606 : {
607 0 : case 'B':
608 0 : SetConfigOption("shared_buffers", optctx.optarg, PGC_POSTMASTER, PGC_S_ARGV);
609 0 : break;
610 :
611 55 : case 'b':
612 : /* Undocumented flag used for binary upgrades */
613 55 : IsBinaryUpgrade = true;
614 55 : break;
615 :
616 5 : case 'C':
617 5 : output_config_variable = strdup(optctx.optarg);
618 5 : break;
619 :
620 816 : case '-':
621 :
622 : /*
623 : * Error if the user misplaced a special must-be-first option
624 : * for dispatching to a subprogram. parse_dispatch_option()
625 : * returns DISPATCH_POSTMASTER if it doesn't find a match, so
626 : * error for anything else.
627 : */
628 816 : if (parse_dispatch_option(optctx.optarg) != DISPATCH_POSTMASTER)
629 0 : ereport(ERROR,
630 : (errcode(ERRCODE_SYNTAX_ERROR),
631 : errmsg("--%s must be first argument", optctx.optarg)));
632 :
633 : pg_fallthrough;
634 : case 'c':
635 : {
636 : char *name,
637 : *value;
638 :
639 1264 : ParseLongOption(optctx.optarg, &name, &value);
640 1264 : if (!value)
641 : {
642 1 : if (opt == '-')
643 1 : ereport(ERROR,
644 : (errcode(ERRCODE_SYNTAX_ERROR),
645 : errmsg("--%s requires a value",
646 : optctx.optarg)));
647 : else
648 0 : ereport(ERROR,
649 : (errcode(ERRCODE_SYNTAX_ERROR),
650 : errmsg("-c %s requires a value",
651 : optctx.optarg)));
652 : }
653 :
654 1263 : SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
655 1260 : pfree(name);
656 1260 : pfree(value);
657 1260 : break;
658 : }
659 :
660 1002 : case 'D':
661 1002 : userDoption = strdup(optctx.optarg);
662 1002 : break;
663 :
664 0 : case 'd':
665 0 : set_debug_options(atoi(optctx.optarg), PGC_POSTMASTER, PGC_S_ARGV);
666 0 : break;
667 :
668 0 : case 'E':
669 0 : SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
670 0 : break;
671 :
672 0 : case 'e':
673 0 : SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
674 0 : break;
675 :
676 103 : case 'F':
677 103 : SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
678 103 : break;
679 :
680 0 : case 'f':
681 0 : if (!set_plan_disabling_options(optctx.optarg, PGC_POSTMASTER, PGC_S_ARGV))
682 : {
683 0 : write_stderr("%s: invalid argument for option -f: \"%s\"\n",
684 : progname, optctx.optarg);
685 0 : ExitPostmaster(1);
686 : }
687 0 : break;
688 :
689 0 : case 'h':
690 0 : SetConfigOption("listen_addresses", optctx.optarg, PGC_POSTMASTER, PGC_S_ARGV);
691 0 : break;
692 :
693 0 : case 'i':
694 0 : SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
695 0 : break;
696 :
697 0 : case 'j':
698 : /* only used by interactive backend */
699 0 : break;
700 :
701 103 : case 'k':
702 103 : SetConfigOption("unix_socket_directories", optctx.optarg, PGC_POSTMASTER, PGC_S_ARGV);
703 103 : break;
704 :
705 0 : case 'l':
706 0 : SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
707 0 : break;
708 :
709 0 : case 'N':
710 0 : SetConfigOption("max_connections", optctx.optarg, PGC_POSTMASTER, PGC_S_ARGV);
711 0 : break;
712 :
713 0 : case 'O':
714 0 : SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
715 0 : break;
716 :
717 0 : case 'P':
718 0 : SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
719 0 : break;
720 :
721 67 : case 'p':
722 67 : SetConfigOption("port", optctx.optarg, PGC_POSTMASTER, PGC_S_ARGV);
723 67 : break;
724 :
725 0 : case 'r':
726 : /* only used by single-user backend */
727 0 : break;
728 :
729 0 : case 'S':
730 0 : SetConfigOption("work_mem", optctx.optarg, PGC_POSTMASTER, PGC_S_ARGV);
731 0 : break;
732 :
733 0 : case 's':
734 0 : SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
735 0 : break;
736 :
737 0 : case 'T':
738 :
739 : /*
740 : * This option used to be defined as sending SIGSTOP after a
741 : * backend crash, but sending SIGABRT seems more useful.
742 : */
743 0 : SetConfigOption("send_abort_for_crash", "true", PGC_POSTMASTER, PGC_S_ARGV);
744 0 : break;
745 :
746 0 : case 't':
747 : {
748 0 : const char *tmp = get_stats_option_name(optctx.optarg);
749 :
750 0 : if (tmp)
751 : {
752 0 : SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
753 : }
754 : else
755 : {
756 0 : write_stderr("%s: invalid argument for option -t: \"%s\"\n",
757 : progname, optctx.optarg);
758 0 : ExitPostmaster(1);
759 : }
760 0 : break;
761 : }
762 :
763 0 : case 'W':
764 0 : SetConfigOption("post_auth_delay", optctx.optarg, PGC_POSTMASTER, PGC_S_ARGV);
765 0 : break;
766 :
767 0 : default:
768 0 : write_stderr("Try \"%s --help\" for more information.\n",
769 : progname);
770 0 : ExitPostmaster(1);
771 : }
772 : }
773 :
774 : /*
775 : * Postmaster accepts no non-option switch arguments.
776 : */
777 1002 : if (optctx.optind < argc)
778 : {
779 0 : write_stderr("%s: invalid argument: \"%s\"\n",
780 0 : progname, argv[optctx.optind]);
781 0 : write_stderr("Try \"%s --help\" for more information.\n",
782 : progname);
783 0 : ExitPostmaster(1);
784 : }
785 :
786 : /*
787 : * Locate the proper configuration files and data directory, and read
788 : * postgresql.conf for the first time.
789 : */
790 1002 : if (!SelectConfigFiles(userDoption, progname))
791 0 : ExitPostmaster(2);
792 :
793 1001 : if (output_config_variable != NULL)
794 : {
795 : /*
796 : * If this is a runtime-computed GUC, it hasn't yet been initialized,
797 : * and the present value is not useful. However, this is a convenient
798 : * place to print the value for most GUCs because it is safe to run
799 : * postmaster startup to this point even if the server is already
800 : * running. For the handful of runtime-computed GUCs that we cannot
801 : * provide meaningful values for yet, we wait until later in
802 : * postmaster startup to print the value. We won't be able to use -C
803 : * on running servers for those GUCs, but using this option now would
804 : * lead to incorrect results for them.
805 : */
806 2 : int flags = GetConfigOptionFlags(output_config_variable, true);
807 :
808 2 : if ((flags & GUC_RUNTIME_COMPUTED) == 0)
809 : {
810 : /*
811 : * "-C guc" was specified, so print GUC's value and exit. No
812 : * extra permission check is needed because the user is reading
813 : * inside the data dir.
814 : */
815 1 : const char *config_val = GetConfigOption(output_config_variable,
816 : false, false);
817 :
818 1 : puts(config_val ? config_val : "");
819 1 : ExitPostmaster(0);
820 : }
821 :
822 : /*
823 : * A runtime-computed GUC will be printed later on. As we initialize
824 : * a server startup sequence, silence any log messages that may show
825 : * up in the output generated. FATAL and more severe messages are
826 : * useful to show, even if one would only expect at least PANIC. LOG
827 : * entries are hidden.
828 : */
829 1 : SetConfigOption("log_min_messages", "FATAL", PGC_SUSET,
830 : PGC_S_OVERRIDE);
831 : }
832 :
833 : /* Verify that DataDir looks reasonable */
834 1000 : checkDataDir();
835 :
836 : /* Check that pg_control exists */
837 1000 : checkControlFile();
838 :
839 : /* And switch working directory into it */
840 1000 : ChangeToDataDir();
841 :
842 : /*
843 : * Check for invalid combinations of GUC settings.
844 : */
845 1000 : if (SuperuserReservedConnections + ReservedConnections >= MaxConnections)
846 : {
847 0 : write_stderr("%s: \"superuser_reserved_connections\" (%d) plus \"reserved_connections\" (%d) must be less than \"max_connections\" (%d)\n",
848 : progname,
849 : SuperuserReservedConnections, ReservedConnections,
850 : MaxConnections);
851 0 : ExitPostmaster(1);
852 : }
853 1000 : if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)
854 0 : ereport(ERROR,
855 : (errmsg("WAL archival cannot be enabled when \"wal_level\" is \"minimal\"")));
856 1000 : if (max_wal_senders > 0 && wal_level == WAL_LEVEL_MINIMAL)
857 0 : ereport(ERROR,
858 : (errmsg("WAL streaming (\"max_wal_senders\" > 0) requires \"wal_level\" to be \"replica\" or \"logical\"")));
859 1000 : if (summarize_wal && wal_level == WAL_LEVEL_MINIMAL)
860 0 : ereport(ERROR,
861 : (errmsg("WAL cannot be summarized when \"wal_level\" is \"minimal\"")));
862 1000 : if (sync_replication_slots && wal_level == WAL_LEVEL_MINIMAL)
863 0 : ereport(ERROR,
864 : (errmsg("replication slot synchronization (\"sync_replication_slots\" = on) requires \"wal_level\" to be \"replica\" or \"logical\"")));
865 :
866 : /*
867 : * Other one-time internal sanity checks can go here, if they are fast.
868 : * (Put any slow processing further down, after postmaster.pid creation.)
869 : */
870 1000 : if (!CheckDateTokenTables())
871 : {
872 0 : write_stderr("%s: invalid datetoken tables, please fix\n", progname);
873 0 : ExitPostmaster(1);
874 : }
875 :
876 : /* For debugging: display postmaster environment */
877 1000 : if (message_level_is_interesting(DEBUG3))
878 : {
879 : #if !defined(WIN32)
880 : extern char **environ;
881 : #endif
882 : char **p;
883 : StringInfoData si;
884 :
885 7 : initStringInfo(&si);
886 :
887 7 : appendStringInfoString(&si, "initial environment dump:");
888 296 : for (p = environ; *p; ++p)
889 289 : appendStringInfo(&si, "\n%s", *p);
890 :
891 7 : ereport(DEBUG3, errmsg_internal("%s", si.data));
892 7 : pfree(si.data);
893 : }
894 :
895 : /*
896 : * Create lockfile for data directory.
897 : *
898 : * We want to do this before we try to grab the input sockets, because the
899 : * data directory interlock is more reliable than the socket-file
900 : * interlock (thanks to whoever decided to put socket files in /tmp :-().
901 : * For the same reason, it's best to grab the TCP socket(s) before the
902 : * Unix socket(s).
903 : *
904 : * Also note that this internally sets up the on_proc_exit function that
905 : * is responsible for removing both data directory and socket lockfiles;
906 : * so it must happen before opening sockets so that at exit, the socket
907 : * lockfiles go away after CloseServerPorts runs.
908 : */
909 1000 : CreateDataDirLockFile(true);
910 :
911 : /*
912 : * Read the control file (for error checking and config info).
913 : *
914 : * Since we verify the control file's CRC, this has a useful side effect
915 : * on machines where we need a run-time test for CRC support instructions.
916 : * The postmaster will do the test once at startup, and then its child
917 : * processes will inherit the correct function pointer and not need to
918 : * repeat the test.
919 : */
920 999 : LocalProcessControlFile(false);
921 :
922 : /*
923 : * Register the apply launcher. It's probably a good idea to call this
924 : * before any modules had a chance to take the background worker slots.
925 : */
926 999 : ApplyLauncherRegister();
927 :
928 : /*
929 : * Register the shared memory needs of all core subsystems.
930 : */
931 999 : RegisterBuiltinShmemCallbacks();
932 :
933 : /*
934 : * process any libraries that should be preloaded at postmaster start
935 : */
936 999 : process_shared_preload_libraries();
937 :
938 : /*
939 : * Initialize SSL library, if specified.
940 : */
941 : #ifdef USE_SSL
942 999 : if (EnableSSL)
943 : {
944 51 : (void) secure_initialize(true);
945 38 : LoadedSSL = true;
946 : }
947 : #endif
948 :
949 : /*
950 : * Now that loadable modules have had their chance to alter any GUCs,
951 : * calculate MaxBackends and initialize the machinery to track child
952 : * processes.
953 : */
954 986 : InitializeMaxBackends();
955 986 : InitPostmasterChildSlots();
956 :
957 : /*
958 : * Calculate the size of the PGPROC fast-path lock arrays.
959 : */
960 986 : InitializeFastPathLocks();
961 :
962 : /*
963 : * Also call any legacy shmem request hooks that might've been installed
964 : * by preloaded libraries.
965 : *
966 : * Note: this must be done before ShmemCallRequestCallbacks(), because the
967 : * hooks may request LWLocks with RequestNamedLWLockTranche(), which in
968 : * turn affects the size of the LWLock array calculated in lwlock.c.
969 : */
970 986 : process_shmem_requests();
971 :
972 : /*
973 : * Ask all subsystems, including preloaded libraries, to register their
974 : * shared memory needs.
975 : */
976 986 : ShmemCallRequestCallbacks();
977 :
978 : /*
979 : * Now that loadable modules have had their chance to request additional
980 : * shared memory, determine the value of any runtime-computed GUCs that
981 : * depend on the amount of shared memory required.
982 : */
983 986 : InitializeShmemGUCs();
984 :
985 : /*
986 : * Now that modules have been loaded, we can process any custom resource
987 : * managers specified in the wal_consistency_checking GUC.
988 : */
989 986 : InitializeWalConsistencyChecking();
990 :
991 : /*
992 : * If -C was specified with a runtime-computed GUC, we held off printing
993 : * the value earlier, as the GUC was not yet initialized. We handle -C
994 : * for most GUCs before we lock the data directory so that the option may
995 : * be used on a running server. However, a handful of GUCs are runtime-
996 : * computed and do not have meaningful values until after locking the data
997 : * directory, and we cannot safely calculate their values earlier on a
998 : * running server. At this point, such GUCs should be properly
999 : * initialized, and we haven't yet set up shared memory, so this is a good
1000 : * time to handle the -C option for these special GUCs.
1001 : */
1002 986 : if (output_config_variable != NULL)
1003 : {
1004 1 : const char *config_val = GetConfigOption(output_config_variable,
1005 : false, false);
1006 :
1007 1 : puts(config_val ? config_val : "");
1008 1 : ExitPostmaster(0);
1009 : }
1010 :
1011 : /*
1012 : * Set up shared memory and semaphores.
1013 : *
1014 : * Note: if using SysV shmem and/or semas, each postmaster startup will
1015 : * normally choose the same IPC keys. This helps ensure that we will
1016 : * clean up dead IPC objects if the postmaster crashes and is restarted.
1017 : */
1018 985 : CreateSharedMemoryAndSemaphores();
1019 :
1020 : /*
1021 : * Estimate number of openable files. This must happen after setting up
1022 : * semaphores, because on some platforms semaphores count as open files.
1023 : */
1024 984 : set_max_safe_fds();
1025 :
1026 : /*
1027 : * Initialize pipe (or process handle on Windows) that allows children to
1028 : * wake up from sleep on postmaster death.
1029 : */
1030 984 : InitPostmasterDeathWatchHandle();
1031 :
1032 : #ifdef WIN32
1033 :
1034 : /*
1035 : * Initialize I/O completion port used to deliver list of dead children.
1036 : */
1037 : win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
1038 : if (win32ChildQueue == NULL)
1039 : ereport(FATAL,
1040 : (errmsg("could not create I/O completion port for child queue")));
1041 : #endif
1042 :
1043 : #ifdef EXEC_BACKEND
1044 : /* Write out nondefault GUC settings for child processes to use */
1045 : write_nondefault_variables(PGC_POSTMASTER);
1046 :
1047 : /*
1048 : * Clean out the temp directory used to transmit parameters to child
1049 : * processes (see internal_forkexec). We must do this before launching
1050 : * any child processes, else we have a race condition: we could remove a
1051 : * parameter file before the child can read it. It should be safe to do
1052 : * so now, because we verified earlier that there are no conflicting
1053 : * Postgres processes in this data directory.
1054 : */
1055 : RemovePgTempFilesInDir(PG_TEMP_FILES_DIR, true, false);
1056 : #endif
1057 :
1058 : /*
1059 : * Forcibly remove the files signaling a standby promotion request.
1060 : * Otherwise, the existence of those files triggers a promotion too early,
1061 : * whether a user wants that or not.
1062 : *
1063 : * This removal of files is usually unnecessary because they can exist
1064 : * only during a few moments during a standby promotion. However there is
1065 : * a race condition: if pg_ctl promote is executed and creates the files
1066 : * during a promotion, the files can stay around even after the server is
1067 : * brought up to be the primary. Then, if a new standby starts by using
1068 : * the backup taken from the new primary, the files can exist at server
1069 : * startup and must be removed in order to avoid an unexpected promotion.
1070 : *
1071 : * Note that promotion signal files need to be removed before the startup
1072 : * process is invoked. Because, after that, they can be used by
1073 : * postmaster's SIGUSR1 signal handler.
1074 : */
1075 984 : RemovePromoteSignalFiles();
1076 :
1077 : /* Do the same for logrotate signal file */
1078 984 : RemoveLogrotateSignalFiles();
1079 :
1080 : /* Remove any outdated file holding the current log filenames. */
1081 984 : if (unlink(LOG_METAINFO_DATAFILE) < 0 && errno != ENOENT)
1082 0 : ereport(LOG,
1083 : (errcode_for_file_access(),
1084 : errmsg("could not remove file \"%s\": %m",
1085 : LOG_METAINFO_DATAFILE)));
1086 :
1087 : /*
1088 : * If enabled, start up syslogger collection subprocess
1089 : */
1090 984 : if (Logging_collector)
1091 1 : StartSysLogger();
1092 :
1093 : /*
1094 : * Reset whereToSendOutput from DestDebug (its starting state) to
1095 : * DestNone. This stops ereport from sending log messages to stderr unless
1096 : * Log_destination permits. We don't do this until the postmaster is
1097 : * fully launched, since startup failures may as well be reported to
1098 : * stderr.
1099 : *
1100 : * If we are in fact disabling logging to stderr, first emit a log message
1101 : * saying so, to provide a breadcrumb trail for users who may not remember
1102 : * that their logging is configured to go somewhere else.
1103 : */
1104 984 : if (!(Log_destination & LOG_DESTINATION_STDERR))
1105 0 : ereport(LOG,
1106 : (errmsg("ending log output to stderr"),
1107 : errhint("Future log output will go to log destination \"%s\".",
1108 : Log_destination_string)));
1109 :
1110 984 : whereToSendOutput = DestNone;
1111 :
1112 : /*
1113 : * Report server startup in log. While we could emit this much earlier,
1114 : * it seems best to do so after starting the log collector, if we intend
1115 : * to use one.
1116 : */
1117 984 : ereport(LOG,
1118 : (errmsg("starting %s", PG_VERSION_STR)));
1119 :
1120 : /*
1121 : * Establish input sockets.
1122 : *
1123 : * First set up an on_proc_exit function that's charged with closing the
1124 : * sockets again at postmaster shutdown.
1125 : */
1126 984 : ListenSockets = palloc(MAXLISTEN * sizeof(pgsocket));
1127 984 : on_proc_exit(CloseServerPorts, 0);
1128 :
1129 984 : if (ListenAddresses)
1130 : {
1131 : char *rawstring;
1132 : List *elemlist;
1133 : ListCell *l;
1134 984 : int success = 0;
1135 :
1136 : /* Need a modifiable copy of ListenAddresses */
1137 984 : rawstring = pstrdup(ListenAddresses);
1138 :
1139 : /* Parse string into list of hostnames */
1140 984 : if (!SplitGUCList(rawstring, ',', &elemlist))
1141 : {
1142 : /* syntax error in list */
1143 0 : ereport(FATAL,
1144 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1145 : errmsg("invalid list syntax in parameter \"%s\"",
1146 : "listen_addresses")));
1147 : }
1148 :
1149 1025 : foreach(l, elemlist)
1150 : {
1151 41 : char *curhost = (char *) lfirst(l);
1152 :
1153 41 : if (strcmp(curhost, "*") == 0)
1154 0 : status = ListenServerPort(AF_UNSPEC, NULL,
1155 0 : (unsigned short) PostPortNumber,
1156 : NULL,
1157 : ListenSockets,
1158 : &NumListenSockets,
1159 : MAXLISTEN);
1160 : else
1161 41 : status = ListenServerPort(AF_UNSPEC, curhost,
1162 41 : (unsigned short) PostPortNumber,
1163 : NULL,
1164 : ListenSockets,
1165 : &NumListenSockets,
1166 : MAXLISTEN);
1167 :
1168 41 : if (status == STATUS_OK)
1169 : {
1170 41 : success++;
1171 : /* record the first successful host addr in lockfile */
1172 41 : if (!listen_addr_saved)
1173 : {
1174 41 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, curhost);
1175 41 : listen_addr_saved = true;
1176 : }
1177 : }
1178 : else
1179 0 : ereport(WARNING,
1180 : (errmsg("could not create listen socket for \"%s\"",
1181 : curhost)));
1182 : }
1183 :
1184 984 : if (!success && elemlist != NIL)
1185 0 : ereport(FATAL,
1186 : (errmsg("could not create any TCP/IP sockets")));
1187 :
1188 984 : list_free(elemlist);
1189 984 : pfree(rawstring);
1190 : }
1191 :
1192 : #ifdef USE_BONJOUR
1193 : /* Register for Bonjour only if we opened TCP socket(s) */
1194 : if (enable_bonjour && NumListenSockets > 0)
1195 : {
1196 : DNSServiceErrorType err;
1197 :
1198 : /*
1199 : * We pass 0 for interface_index, which will result in registering on
1200 : * all "applicable" interfaces. It's not entirely clear from the
1201 : * DNS-SD docs whether this would be appropriate if we have bound to
1202 : * just a subset of the available network interfaces.
1203 : */
1204 : err = DNSServiceRegister(&bonjour_sdref,
1205 : 0,
1206 : 0,
1207 : bonjour_name,
1208 : "_postgresql._tcp.",
1209 : NULL,
1210 : NULL,
1211 : pg_hton16(PostPortNumber),
1212 : 0,
1213 : NULL,
1214 : NULL,
1215 : NULL);
1216 : if (err != kDNSServiceErr_NoError)
1217 : ereport(LOG,
1218 : (errmsg("DNSServiceRegister() failed: error code %ld",
1219 : (long) err)));
1220 :
1221 : /*
1222 : * We don't bother to read the mDNS daemon's reply, and we expect that
1223 : * it will automatically terminate our registration when the socket is
1224 : * closed at postmaster termination. So there's nothing more to be
1225 : * done here. However, the bonjour_sdref is kept around so that
1226 : * forked children can close their copies of the socket.
1227 : */
1228 : }
1229 : #endif
1230 :
1231 984 : if (Unix_socket_directories)
1232 : {
1233 : char *rawstring;
1234 : List *elemlist;
1235 : ListCell *l;
1236 984 : int success = 0;
1237 :
1238 : /* Need a modifiable copy of Unix_socket_directories */
1239 984 : rawstring = pstrdup(Unix_socket_directories);
1240 :
1241 : /* Parse string into list of directories */
1242 984 : if (!SplitDirectoriesString(rawstring, ',', &elemlist))
1243 : {
1244 : /* syntax error in list */
1245 0 : ereport(FATAL,
1246 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1247 : errmsg("invalid list syntax in parameter \"%s\"",
1248 : "unix_socket_directories")));
1249 : }
1250 :
1251 1967 : foreach(l, elemlist)
1252 : {
1253 983 : char *socketdir = (char *) lfirst(l);
1254 :
1255 983 : status = ListenServerPort(AF_UNIX, NULL,
1256 983 : (unsigned short) PostPortNumber,
1257 : socketdir,
1258 : ListenSockets,
1259 : &NumListenSockets,
1260 : MAXLISTEN);
1261 :
1262 983 : if (status == STATUS_OK)
1263 : {
1264 983 : success++;
1265 : /* record the first successful Unix socket in lockfile */
1266 983 : if (success == 1)
1267 983 : AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
1268 : }
1269 : else
1270 0 : ereport(WARNING,
1271 : (errmsg("could not create Unix-domain socket in directory \"%s\"",
1272 : socketdir)));
1273 : }
1274 :
1275 984 : if (!success && elemlist != NIL)
1276 0 : ereport(FATAL,
1277 : (errmsg("could not create any Unix-domain sockets")));
1278 :
1279 984 : list_free_deep(elemlist);
1280 984 : pfree(rawstring);
1281 : }
1282 :
1283 : /*
1284 : * check that we have some socket to listen on
1285 : */
1286 984 : if (NumListenSockets == 0)
1287 0 : ereport(FATAL,
1288 : (errmsg("no socket created for listening")));
1289 :
1290 : /*
1291 : * If no valid TCP ports, write an empty line for listen address,
1292 : * indicating the Unix socket must be used. Note that this line is not
1293 : * added to the lock file until there is a socket backing it.
1294 : */
1295 984 : if (!listen_addr_saved)
1296 943 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, "");
1297 :
1298 : /*
1299 : * Record postmaster options. We delay this till now to avoid recording
1300 : * bogus options (eg, unusable port number).
1301 : */
1302 984 : if (!CreateOptsFile(argc, argv, my_exec_path))
1303 0 : ExitPostmaster(1);
1304 :
1305 : /*
1306 : * Write the external PID file if requested
1307 : */
1308 984 : if (external_pid_file)
1309 : {
1310 0 : FILE *fpidfile = fopen(external_pid_file, "w");
1311 :
1312 0 : if (fpidfile)
1313 : {
1314 0 : fprintf(fpidfile, "%d\n", MyProcPid);
1315 0 : fclose(fpidfile);
1316 :
1317 : /* Make PID file world readable */
1318 0 : if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
1319 0 : write_stderr("%s: could not change permissions of external PID file \"%s\": %m\n",
1320 : progname, external_pid_file);
1321 : }
1322 : else
1323 0 : write_stderr("%s: could not write external PID file \"%s\": %m\n",
1324 : progname, external_pid_file);
1325 :
1326 0 : on_proc_exit(unlink_external_pid_file, 0);
1327 : }
1328 :
1329 : /*
1330 : * Remove old temporary files. At this point there can be no other
1331 : * Postgres processes running in this directory, so this should be safe.
1332 : */
1333 984 : RemovePgTempFiles();
1334 :
1335 : /*
1336 : * Initialize the autovacuum subsystem (again, no process start yet)
1337 : */
1338 984 : autovac_init();
1339 :
1340 : /*
1341 : * Load configuration files for client authentication.
1342 : */
1343 984 : if (!load_hba())
1344 : {
1345 : /*
1346 : * It makes no sense to continue if we fail to load the HBA file,
1347 : * since there is no way to connect to the database in this case.
1348 : */
1349 0 : ereport(FATAL,
1350 : /* translator: %s is a configuration file */
1351 : (errmsg("could not load %s", HbaFileName)));
1352 : }
1353 984 : if (!load_ident())
1354 : {
1355 : /*
1356 : * We can start up without the IDENT file, although it means that you
1357 : * cannot log in using any of the authentication methods that need a
1358 : * user name mapping. load_ident() already logged the details of error
1359 : * to the log.
1360 : */
1361 : }
1362 :
1363 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1364 :
1365 : /*
1366 : * On macOS, libintl replaces setlocale() with a version that calls
1367 : * CFLocaleCopyCurrent() when its second argument is "" and every relevant
1368 : * environment variable is unset or empty. CFLocaleCopyCurrent() makes
1369 : * the process multithreaded. The postmaster calls sigprocmask() and
1370 : * calls fork() without an immediate exec(), both of which have undefined
1371 : * behavior in a multithreaded program. A multithreaded postmaster is the
1372 : * normal case on Windows, which offers neither fork() nor sigprocmask().
1373 : * Currently, macOS is the only platform having pthread_is_threaded_np(),
1374 : * so we need not worry whether this HINT is appropriate elsewhere.
1375 : */
1376 : if (pthread_is_threaded_np() != 0)
1377 : ereport(FATAL,
1378 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1379 : errmsg("postmaster became multithreaded during startup"),
1380 : errhint("Set the LC_ALL environment variable to a valid locale.")));
1381 : #endif
1382 :
1383 : /*
1384 : * Remember postmaster startup time
1385 : */
1386 984 : PgStartTime = GetCurrentTimestamp();
1387 :
1388 : /*
1389 : * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
1390 : * see what's happening.
1391 : */
1392 984 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STARTING);
1393 :
1394 984 : UpdatePMState(PM_STARTUP);
1395 :
1396 : /* Make sure we can perform I/O while starting up. */
1397 984 : maybe_start_io_workers();
1398 :
1399 : /* Start bgwriter and checkpointer so they can help with recovery */
1400 984 : if (CheckpointerPMChild == NULL)
1401 984 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
1402 984 : if (BgWriterPMChild == NULL)
1403 984 : BgWriterPMChild = StartChildProcess(B_BG_WRITER);
1404 :
1405 : /*
1406 : * We're ready to rock and roll...
1407 : */
1408 984 : StartupPMChild = StartChildProcess(B_STARTUP);
1409 : Assert(StartupPMChild != NULL);
1410 984 : StartupStatus = STARTUP_RUNNING;
1411 :
1412 : /* Some workers may be scheduled to start now */
1413 984 : maybe_start_bgworkers();
1414 :
1415 984 : status = ServerLoop();
1416 :
1417 : /*
1418 : * ServerLoop probably shouldn't ever return, but if it does, close down.
1419 : */
1420 0 : ExitPostmaster(status != STATUS_OK);
1421 :
1422 : abort(); /* not reached */
1423 : }
1424 :
1425 :
1426 : /*
1427 : * on_proc_exit callback to close server's listen sockets
1428 : */
1429 : static void
1430 984 : CloseServerPorts(int status, Datum arg)
1431 : {
1432 : int i;
1433 :
1434 : /*
1435 : * First, explicitly close all the socket FDs. We used to just let this
1436 : * happen implicitly at postmaster exit, but it's better to close them
1437 : * before we remove the postmaster.pid lockfile; otherwise there's a race
1438 : * condition if a new postmaster wants to re-use the TCP port number.
1439 : */
1440 2009 : for (i = 0; i < NumListenSockets; i++)
1441 : {
1442 1025 : if (closesocket(ListenSockets[i]) != 0)
1443 0 : elog(LOG, "could not close listen socket: %m");
1444 : }
1445 984 : NumListenSockets = 0;
1446 :
1447 : /*
1448 : * Next, remove any filesystem entries for Unix sockets. To avoid race
1449 : * conditions against incoming postmasters, this must happen after closing
1450 : * the sockets and before removing lock files.
1451 : */
1452 984 : RemoveSocketFiles();
1453 :
1454 : /*
1455 : * We don't do anything about socket lock files here; those will be
1456 : * removed in a later on_proc_exit callback.
1457 : */
1458 984 : }
1459 :
1460 : /*
1461 : * on_proc_exit callback to delete external_pid_file
1462 : */
1463 : static void
1464 0 : unlink_external_pid_file(int status, Datum arg)
1465 : {
1466 0 : if (external_pid_file)
1467 0 : unlink(external_pid_file);
1468 0 : }
1469 :
1470 :
1471 : /*
1472 : * Compute and check the directory paths to files that are part of the
1473 : * installation (as deduced from the postgres executable's own location)
1474 : */
1475 : static void
1476 1006 : getInstallationPaths(const char *argv0)
1477 : {
1478 : DIR *pdir;
1479 :
1480 : /* Locate the postgres executable itself */
1481 1006 : if (find_my_exec(argv0, my_exec_path) < 0)
1482 0 : ereport(FATAL,
1483 : (errmsg("%s: could not locate my own executable path", argv0)));
1484 :
1485 : #ifdef EXEC_BACKEND
1486 : /* Locate executable backend before we change working directory */
1487 : if (find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1488 : postgres_exec_path) < 0)
1489 : ereport(FATAL,
1490 : (errmsg("%s: could not locate matching postgres executable",
1491 : argv0)));
1492 : #endif
1493 :
1494 : /*
1495 : * Locate the pkglib directory --- this has to be set early in case we try
1496 : * to load any modules from it in response to postgresql.conf entries.
1497 : */
1498 1006 : get_pkglib_path(my_exec_path, pkglib_path);
1499 :
1500 : /*
1501 : * Verify that there's a readable directory there; otherwise the Postgres
1502 : * installation is incomplete or corrupt. (A typical cause of this
1503 : * failure is that the postgres executable has been moved or hardlinked to
1504 : * some directory that's not a sibling of the installation lib/
1505 : * directory.)
1506 : */
1507 1006 : pdir = AllocateDir(pkglib_path);
1508 1006 : if (pdir == NULL)
1509 0 : ereport(ERROR,
1510 : (errcode_for_file_access(),
1511 : errmsg("could not open directory \"%s\": %m",
1512 : pkglib_path),
1513 : errhint("This may indicate an incomplete PostgreSQL installation, or that the file \"%s\" has been moved away from its proper location.",
1514 : my_exec_path)));
1515 1006 : FreeDir(pdir);
1516 :
1517 : /*
1518 : * It's not worth checking the share/ directory. If the lib/ directory is
1519 : * there, then share/ probably is too.
1520 : */
1521 1006 : }
1522 :
1523 : /*
1524 : * Check that pg_control exists in the correct location in the data directory.
1525 : *
1526 : * No attempt is made to validate the contents of pg_control here. This is
1527 : * just a sanity check to see if we are looking at a real data directory.
1528 : */
1529 : static void
1530 1000 : checkControlFile(void)
1531 : {
1532 : char path[MAXPGPATH];
1533 : FILE *fp;
1534 :
1535 1000 : snprintf(path, sizeof(path), "%s/%s", DataDir, XLOG_CONTROL_FILE);
1536 :
1537 1000 : fp = AllocateFile(path, PG_BINARY_R);
1538 1000 : if (fp == NULL)
1539 : {
1540 0 : write_stderr("%s: could not find the database system\n"
1541 : "Expected to find it in the directory \"%s\",\n"
1542 : "but could not open file \"%s\": %m\n",
1543 : progname, DataDir, path);
1544 0 : ExitPostmaster(2);
1545 : }
1546 1000 : FreeFile(fp);
1547 1000 : }
1548 :
1549 : /*
1550 : * Determine how long should we let ServerLoop sleep, in milliseconds.
1551 : *
1552 : * In normal conditions we wait at most one minute, to ensure that the other
1553 : * background tasks handled by ServerLoop get done even when no requests are
1554 : * arriving. However, if there are background workers waiting to be started,
1555 : * we don't actually sleep so that they are quickly serviced. Other exception
1556 : * cases are as shown in the code.
1557 : */
1558 : static int
1559 171955 : DetermineSleepTime(void)
1560 : {
1561 : TimestampTz next_wakeup;
1562 :
1563 : /*
1564 : * If in ImmediateShutdown with a SIGKILL timeout, ignore everything else
1565 : * and wait for that.
1566 : *
1567 : * XXX Shouldn't this also test FatalError?
1568 : */
1569 171955 : if (Shutdown >= ImmediateShutdown)
1570 : {
1571 1478 : if (AbortStartTime != 0)
1572 : {
1573 1478 : time_t curtime = time(NULL);
1574 : int seconds;
1575 :
1576 : /*
1577 : * time left to abort; clamp to 0 if it already expired, or if
1578 : * time goes backwards
1579 : */
1580 1478 : if (curtime < AbortStartTime ||
1581 1478 : curtime - AbortStartTime >= SIGKILL_CHILDREN_AFTER_SECS)
1582 0 : seconds = 0;
1583 : else
1584 1478 : seconds = SIGKILL_CHILDREN_AFTER_SECS -
1585 : (curtime - AbortStartTime);
1586 :
1587 1478 : return seconds * 1000;
1588 : }
1589 : }
1590 :
1591 : /* Time of next maybe_start_io_workers() call, or 0 for none. */
1592 170477 : next_wakeup = maybe_start_io_workers_scheduled_at();
1593 :
1594 : /* Ignore bgworkers during shutdown. */
1595 170477 : if (StartWorkerNeeded && Shutdown == NoShutdown)
1596 0 : return 0;
1597 :
1598 170477 : if (HaveCrashedWorker && Shutdown == NoShutdown)
1599 : {
1600 : dlist_mutable_iter iter;
1601 :
1602 : /*
1603 : * When there are crashed bgworkers, we sleep just long enough that
1604 : * they are restarted when they request to be. Scan the list to
1605 : * determine the minimum of all wakeup times according to most recent
1606 : * crash time and requested restart interval.
1607 : */
1608 0 : dlist_foreach_modify(iter, &BackgroundWorkerList)
1609 : {
1610 : RegisteredBgWorker *rw;
1611 : TimestampTz this_wakeup;
1612 :
1613 0 : rw = dlist_container(RegisteredBgWorker, rw_lnode, iter.cur);
1614 :
1615 0 : if (rw->rw_crashed_at == 0)
1616 0 : continue;
1617 :
1618 0 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART
1619 0 : || rw->rw_terminate)
1620 : {
1621 0 : ForgetBackgroundWorker(rw);
1622 0 : continue;
1623 : }
1624 :
1625 0 : this_wakeup = TimestampTzPlusMilliseconds(rw->rw_crashed_at,
1626 : 1000L * rw->rw_worker.bgw_restart_time);
1627 0 : if (next_wakeup == 0 || this_wakeup < next_wakeup)
1628 0 : next_wakeup = this_wakeup;
1629 : }
1630 : }
1631 :
1632 170477 : if (next_wakeup != 0)
1633 : {
1634 : int ms;
1635 :
1636 : /* result of TimestampDifferenceMilliseconds is in [0, INT_MAX] */
1637 15 : ms = (int) TimestampDifferenceMilliseconds(GetCurrentTimestamp(),
1638 : next_wakeup);
1639 15 : return Min(60 * 1000, ms);
1640 : }
1641 :
1642 170462 : return 60 * 1000;
1643 : }
1644 :
1645 : /*
1646 : * Activate or deactivate notifications of server socket events. Since we
1647 : * don't currently have a way to remove events from an existing WaitEventSet,
1648 : * we'll just destroy and recreate the whole thing. This is called during
1649 : * shutdown so we can wait for backends to exit without accepting new
1650 : * connections, and during crash reinitialization when we need to start
1651 : * listening for new connections again. The WaitEventSet will be freed in fork
1652 : * children by ClosePostmasterPorts().
1653 : */
1654 : static void
1655 1978 : ConfigurePostmasterWaitSet(bool accept_connections)
1656 : {
1657 1978 : if (pm_wait_set)
1658 994 : FreeWaitEventSet(pm_wait_set);
1659 1978 : pm_wait_set = NULL;
1660 :
1661 3956 : pm_wait_set = CreateWaitEventSet(NULL,
1662 1978 : accept_connections ? (1 + NumListenSockets) : 1);
1663 1978 : AddWaitEventToSet(pm_wait_set, WL_LATCH_SET, PGINVALID_SOCKET, MyLatch,
1664 : NULL);
1665 :
1666 1978 : if (accept_connections)
1667 : {
1668 2019 : for (int i = 0; i < NumListenSockets; i++)
1669 1030 : AddWaitEventToSet(pm_wait_set, WL_SOCKET_ACCEPT, ListenSockets[i],
1670 : NULL, NULL);
1671 : }
1672 1978 : }
1673 :
1674 : /*
1675 : * Main idle loop of postmaster
1676 : */
1677 : static int
1678 984 : ServerLoop(void)
1679 : {
1680 : time_t last_lockfile_recheck_time,
1681 : last_touch_time;
1682 : WaitEvent events[MAXLISTEN];
1683 : int nevents;
1684 :
1685 984 : ConfigurePostmasterWaitSet(true);
1686 984 : last_lockfile_recheck_time = last_touch_time = time(NULL);
1687 :
1688 : for (;;)
1689 170971 : {
1690 : time_t now;
1691 :
1692 171955 : nevents = WaitEventSetWait(pm_wait_set,
1693 171955 : DetermineSleepTime(),
1694 : events,
1695 : lengthof(events),
1696 : 0 /* postmaster posts no wait_events */ );
1697 :
1698 : /*
1699 : * Latch set by signal handler, or new connection pending on any of
1700 : * our sockets? If the latter, fork a child process to deal with it.
1701 : */
1702 342921 : for (int i = 0; i < nevents; i++)
1703 : {
1704 171950 : if (events[i].events & WL_LATCH_SET)
1705 156863 : ResetLatch(MyLatch);
1706 :
1707 : /*
1708 : * The following requests are handled unconditionally, even if we
1709 : * didn't see WL_LATCH_SET. This gives high priority to shutdown
1710 : * and reload requests where the latch happens to appear later in
1711 : * events[] or will be reported by a later call to
1712 : * WaitEventSetWait().
1713 : */
1714 171950 : if (pending_pm_shutdown_request)
1715 977 : process_pm_shutdown_request();
1716 171950 : if (pending_pm_reload_request)
1717 163 : process_pm_reload_request();
1718 171950 : if (pending_pm_child_exit)
1719 25017 : process_pm_child_exit();
1720 170966 : if (pending_pm_pmsignal)
1721 130794 : process_pm_pmsignal();
1722 :
1723 170966 : if (events[i].events & WL_SOCKET_ACCEPT)
1724 : {
1725 : ClientSocket s;
1726 :
1727 15087 : if (AcceptConnection(events[i].fd, &s) == STATUS_OK)
1728 15087 : BackendStartup(&s);
1729 :
1730 : /* We no longer need the open socket in this process */
1731 15087 : if (s.sock != PGINVALID_SOCKET)
1732 : {
1733 15087 : if (closesocket(s.sock) != 0)
1734 0 : elog(LOG, "could not close client socket: %m");
1735 : }
1736 : }
1737 : }
1738 :
1739 : /*
1740 : * If we need to launch any background processes after changing state
1741 : * or because some exited, do so now.
1742 : */
1743 170971 : LaunchMissingBackgroundProcesses();
1744 :
1745 : /* If we need to signal the autovacuum launcher, do so now */
1746 170971 : if (avlauncher_needs_signal)
1747 : {
1748 0 : avlauncher_needs_signal = false;
1749 0 : if (AutoVacLauncherPMChild != NULL)
1750 0 : signal_child(AutoVacLauncherPMChild, SIGUSR2);
1751 : }
1752 :
1753 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1754 :
1755 : /*
1756 : * With assertions enabled, check regularly for appearance of
1757 : * additional threads. All builds check at start and exit.
1758 : */
1759 : Assert(pthread_is_threaded_np() == 0);
1760 : #endif
1761 :
1762 : /*
1763 : * Lastly, check to see if it's time to do some things that we don't
1764 : * want to do every single time through the loop, because they're a
1765 : * bit expensive. Note that there's up to a minute of slop in when
1766 : * these tasks will be performed, since DetermineSleepTime() will let
1767 : * us sleep at most that long; except for SIGKILL timeout which has
1768 : * special-case logic there.
1769 : */
1770 170971 : now = time(NULL);
1771 :
1772 : /*
1773 : * If we already sent SIGQUIT to children and they are slow to shut
1774 : * down, it's time to send them SIGKILL (or SIGABRT if requested).
1775 : * This doesn't happen normally, but under certain conditions backends
1776 : * can get stuck while shutting down. This is a last measure to get
1777 : * them unwedged.
1778 : *
1779 : * Note we also do this during recovery from a process crash.
1780 : */
1781 170971 : if ((Shutdown >= ImmediateShutdown || FatalError) &&
1782 1529 : AbortStartTime != 0 &&
1783 1521 : (now - AbortStartTime) >= SIGKILL_CHILDREN_AFTER_SECS)
1784 : {
1785 : /* We were gentle with them before. Not anymore */
1786 0 : ereport(LOG,
1787 : /* translator: %s is SIGKILL or SIGABRT */
1788 : (errmsg("issuing %s to recalcitrant children",
1789 : send_abort_for_kill ? "SIGABRT" : "SIGKILL")));
1790 0 : TerminateChildren(send_abort_for_kill ? SIGABRT : SIGKILL);
1791 : /* reset flag so we don't SIGKILL again */
1792 0 : AbortStartTime = 0;
1793 : }
1794 :
1795 : /*
1796 : * Once a minute, verify that postmaster.pid hasn't been removed or
1797 : * overwritten. If it has, we force a shutdown. This avoids having
1798 : * postmasters and child processes hanging around after their database
1799 : * is gone, and maybe causing problems if a new database cluster is
1800 : * created in the same place. It also provides some protection
1801 : * against a DBA foolishly removing postmaster.pid and manually
1802 : * starting a new postmaster. Data corruption is likely to ensue from
1803 : * that anyway, but we can minimize the damage by aborting ASAP.
1804 : */
1805 170971 : if (now - last_lockfile_recheck_time >= 1 * SECS_PER_MINUTE)
1806 : {
1807 25 : if (!RecheckDataDirLockFile())
1808 : {
1809 0 : ereport(LOG,
1810 : (errmsg("performing immediate shutdown because data directory lock file is invalid")));
1811 0 : kill(MyProcPid, SIGQUIT);
1812 : }
1813 25 : last_lockfile_recheck_time = now;
1814 : }
1815 :
1816 : /*
1817 : * Touch Unix socket and lock files every 58 minutes, to ensure that
1818 : * they are not removed by overzealous /tmp-cleaning tasks. We assume
1819 : * no one runs cleaners with cutoff times of less than an hour ...
1820 : */
1821 170971 : if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
1822 : {
1823 0 : TouchSocketFiles();
1824 0 : TouchSocketLockFiles();
1825 0 : last_touch_time = now;
1826 : }
1827 : }
1828 : }
1829 :
1830 : /*
1831 : * canAcceptConnections --- check to see if database state allows connections
1832 : * of the specified type. backend_type can be B_BACKEND or B_AUTOVAC_WORKER.
1833 : * (Note that we don't yet know whether a normal B_BACKEND connection might
1834 : * turn into a walsender.)
1835 : */
1836 : static CAC_state
1837 16527 : canAcceptConnections(BackendType backend_type)
1838 : {
1839 16527 : CAC_state result = CAC_OK;
1840 :
1841 : Assert(backend_type == B_BACKEND || backend_type == B_AUTOVAC_WORKER);
1842 :
1843 : /*
1844 : * Can't start backends when in startup/shutdown/inconsistent recovery
1845 : * state. We treat autovac workers the same as user backends for this
1846 : * purpose.
1847 : */
1848 16527 : if (pmState != PM_RUN && pmState != PM_HOT_STANDBY)
1849 : {
1850 208 : if (Shutdown > NoShutdown)
1851 48 : return CAC_SHUTDOWN; /* shutdown is pending */
1852 160 : else if (!FatalError && pmState == PM_STARTUP)
1853 154 : return CAC_STARTUP; /* normal startup */
1854 6 : else if (!FatalError && pmState == PM_RECOVERY)
1855 3 : return CAC_NOTHOTSTANDBY; /* not yet ready for hot standby */
1856 : else
1857 3 : return CAC_RECOVERY; /* else must be crash recovery */
1858 : }
1859 :
1860 : /*
1861 : * "Smart shutdown" restrictions are applied only to normal connections,
1862 : * not to autovac workers.
1863 : */
1864 16319 : if (!connsAllowed && backend_type == B_BACKEND)
1865 0 : return CAC_SHUTDOWN; /* shutdown is pending */
1866 :
1867 16319 : return result;
1868 : }
1869 :
1870 : /*
1871 : * ClosePostmasterPorts -- close all the postmaster's open sockets
1872 : *
1873 : * This is called during child process startup to release file descriptors
1874 : * that are not needed by that child process. The postmaster still has
1875 : * them open, of course.
1876 : *
1877 : * Note: we pass am_syslogger as a boolean because we don't want to set
1878 : * the global variable yet when this is called.
1879 : */
1880 : void
1881 24384 : ClosePostmasterPorts(bool am_syslogger)
1882 : {
1883 : /* Release resources held by the postmaster's WaitEventSet. */
1884 24384 : if (pm_wait_set)
1885 : {
1886 20919 : FreeWaitEventSetAfterFork(pm_wait_set);
1887 20919 : pm_wait_set = NULL;
1888 : }
1889 :
1890 : #ifndef WIN32
1891 :
1892 : /*
1893 : * Close the write end of postmaster death watch pipe. It's important to
1894 : * do this as early as possible, so that if postmaster dies, others won't
1895 : * think that it's still running because we're holding the pipe open.
1896 : */
1897 24384 : if (close(postmaster_alive_fds[POSTMASTER_FD_OWN]) != 0)
1898 0 : ereport(FATAL,
1899 : (errcode_for_file_access(),
1900 : errmsg_internal("could not close postmaster death monitoring pipe in child process: %m")));
1901 24384 : postmaster_alive_fds[POSTMASTER_FD_OWN] = -1;
1902 : /* Notify fd.c that we released one pipe FD. */
1903 24384 : ReleaseExternalFD();
1904 : #endif
1905 :
1906 : /*
1907 : * Close the postmaster's listen sockets. These aren't tracked by fd.c,
1908 : * so we don't call ReleaseExternalFD() here.
1909 : *
1910 : * The listen sockets are marked as FD_CLOEXEC, so this isn't needed in
1911 : * EXEC_BACKEND mode.
1912 : */
1913 : #ifndef EXEC_BACKEND
1914 24384 : if (ListenSockets)
1915 : {
1916 49416 : for (int i = 0; i < NumListenSockets; i++)
1917 : {
1918 25033 : if (closesocket(ListenSockets[i]) != 0)
1919 0 : elog(LOG, "could not close listen socket: %m");
1920 : }
1921 24383 : pfree(ListenSockets);
1922 : }
1923 24384 : NumListenSockets = 0;
1924 24384 : ListenSockets = NULL;
1925 : #endif
1926 :
1927 : /*
1928 : * If using syslogger, close the read side of the pipe. We don't bother
1929 : * tracking this in fd.c, either.
1930 : */
1931 24384 : if (!am_syslogger)
1932 : {
1933 : #ifndef WIN32
1934 24383 : if (syslogPipe[0] >= 0)
1935 16 : close(syslogPipe[0]);
1936 24383 : syslogPipe[0] = -1;
1937 : #else
1938 : if (syslogPipe[0])
1939 : CloseHandle(syslogPipe[0]);
1940 : syslogPipe[0] = 0;
1941 : #endif
1942 : }
1943 :
1944 : #ifdef USE_BONJOUR
1945 : /* If using Bonjour, close the connection to the mDNS daemon */
1946 : if (bonjour_sdref)
1947 : close(DNSServiceRefSockFD(bonjour_sdref));
1948 : #endif
1949 24384 : }
1950 :
1951 :
1952 : /*
1953 : * InitProcessGlobals -- set MyStartTime[stamp], random seeds
1954 : *
1955 : * Called early in the postmaster and every backend.
1956 : */
1957 : void
1958 25664 : InitProcessGlobals(void)
1959 : {
1960 25664 : MyStartTimestamp = GetCurrentTimestamp();
1961 25664 : MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
1962 :
1963 : /* initialize timing infrastructure (required for INSTR_* calls) */
1964 25664 : pg_initialize_timing();
1965 :
1966 : /*
1967 : * Set a different global seed in every process. We want something
1968 : * unpredictable, so if possible, use high-quality random bits for the
1969 : * seed. Otherwise, fall back to a seed based on timestamp and PID.
1970 : */
1971 25664 : if (unlikely(!pg_prng_strong_seed(&pg_global_prng_state)))
1972 : {
1973 : uint64 rseed;
1974 :
1975 : /*
1976 : * Since PIDs and timestamps tend to change more frequently in their
1977 : * least significant bits, shift the timestamp left to allow a larger
1978 : * total number of seeds in a given time period. Since that would
1979 : * leave only 20 bits of the timestamp that cycle every ~1 second,
1980 : * also mix in some higher bits.
1981 : */
1982 0 : rseed = ((uint64) MyProcPid) ^
1983 0 : ((uint64) MyStartTimestamp << 12) ^
1984 0 : ((uint64) MyStartTimestamp >> 20);
1985 :
1986 0 : pg_prng_seed(&pg_global_prng_state, rseed);
1987 : }
1988 :
1989 : /*
1990 : * Also make sure that we've set a good seed for random(3). Use of that
1991 : * is deprecated in core Postgres, but extensions might use it.
1992 : */
1993 : #ifndef WIN32
1994 25664 : srandom(pg_prng_uint32(&pg_global_prng_state));
1995 : #endif
1996 25664 : }
1997 :
1998 : /*
1999 : * Child processes use SIGUSR1 to notify us of 'pmsignals'. pg_ctl uses
2000 : * SIGUSR1 to ask postmaster to check for logrotate and promote files.
2001 : */
2002 : static void
2003 131077 : handle_pm_pmsignal_signal(SIGNAL_ARGS)
2004 : {
2005 131077 : pending_pm_pmsignal = true;
2006 131077 : SetLatch(MyLatch);
2007 131077 : }
2008 :
2009 : /*
2010 : * pg_ctl uses SIGHUP to request a reload of the configuration files.
2011 : */
2012 : static void
2013 163 : handle_pm_reload_request_signal(SIGNAL_ARGS)
2014 : {
2015 163 : pending_pm_reload_request = true;
2016 163 : SetLatch(MyLatch);
2017 163 : }
2018 :
2019 : /*
2020 : * Re-read config files, and tell children to do same.
2021 : */
2022 : static void
2023 163 : process_pm_reload_request(void)
2024 : {
2025 163 : pending_pm_reload_request = false;
2026 :
2027 163 : ereport(DEBUG2,
2028 : (errmsg_internal("postmaster received reload request signal")));
2029 :
2030 163 : if (Shutdown <= SmartShutdown)
2031 : {
2032 163 : ereport(LOG,
2033 : (errmsg("received SIGHUP, reloading configuration files")));
2034 163 : ProcessConfigFile(PGC_SIGHUP);
2035 163 : SignalChildren(SIGHUP, btmask_all_except(B_DEAD_END_BACKEND));
2036 :
2037 : /* Reload authentication config files too */
2038 163 : if (!load_hba())
2039 0 : ereport(LOG,
2040 : /* translator: %s is a configuration file */
2041 : (errmsg("%s was not reloaded", HbaFileName)));
2042 :
2043 163 : if (!load_ident())
2044 0 : ereport(LOG,
2045 : (errmsg("%s was not reloaded", IdentFileName)));
2046 :
2047 : #ifdef USE_SSL
2048 : /* Reload SSL configuration as well */
2049 163 : if (EnableSSL)
2050 : {
2051 14 : if (secure_initialize(false) == 0)
2052 12 : LoadedSSL = true;
2053 : else
2054 2 : ereport(LOG,
2055 : (errmsg("SSL configuration was not reloaded")));
2056 : }
2057 : else
2058 : {
2059 149 : secure_destroy();
2060 149 : LoadedSSL = false;
2061 : }
2062 : #endif
2063 :
2064 : #ifdef EXEC_BACKEND
2065 : /* Update the starting-point file for future children */
2066 : write_nondefault_variables(PGC_SIGHUP);
2067 : #endif
2068 : }
2069 163 : }
2070 :
2071 : /*
2072 : * pg_ctl uses SIGTERM, SIGINT and SIGQUIT to request different types of
2073 : * shutdown.
2074 : */
2075 : static void
2076 977 : handle_pm_shutdown_request_signal(SIGNAL_ARGS)
2077 : {
2078 977 : switch (postgres_signal_arg)
2079 : {
2080 48 : case SIGTERM:
2081 : /* smart is implied if the other two flags aren't set */
2082 48 : pending_pm_shutdown_request = true;
2083 48 : break;
2084 583 : case SIGINT:
2085 583 : pending_pm_fast_shutdown_request = true;
2086 583 : pending_pm_shutdown_request = true;
2087 583 : break;
2088 346 : case SIGQUIT:
2089 346 : pending_pm_immediate_shutdown_request = true;
2090 346 : pending_pm_shutdown_request = true;
2091 346 : break;
2092 : }
2093 977 : SetLatch(MyLatch);
2094 977 : }
2095 :
2096 : /*
2097 : * Process shutdown request.
2098 : */
2099 : static void
2100 977 : process_pm_shutdown_request(void)
2101 : {
2102 : int mode;
2103 :
2104 977 : ereport(DEBUG2,
2105 : (errmsg_internal("postmaster received shutdown request signal")));
2106 :
2107 977 : pending_pm_shutdown_request = false;
2108 :
2109 : /*
2110 : * If more than one shutdown request signal arrived since the last server
2111 : * loop, take the one that is the most immediate. That matches the
2112 : * priority that would apply if we processed them one by one in any order.
2113 : */
2114 977 : if (pending_pm_immediate_shutdown_request)
2115 : {
2116 346 : pending_pm_immediate_shutdown_request = false;
2117 346 : pending_pm_fast_shutdown_request = false;
2118 346 : mode = ImmediateShutdown;
2119 : }
2120 631 : else if (pending_pm_fast_shutdown_request)
2121 : {
2122 583 : pending_pm_fast_shutdown_request = false;
2123 583 : mode = FastShutdown;
2124 : }
2125 : else
2126 48 : mode = SmartShutdown;
2127 :
2128 977 : switch (mode)
2129 : {
2130 48 : case SmartShutdown:
2131 :
2132 : /*
2133 : * Smart Shutdown:
2134 : *
2135 : * Wait for children to end their work, then shut down.
2136 : */
2137 48 : if (Shutdown >= SmartShutdown)
2138 0 : break;
2139 48 : Shutdown = SmartShutdown;
2140 48 : ereport(LOG,
2141 : (errmsg("received smart shutdown request")));
2142 :
2143 : /* Report status */
2144 48 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2145 : #ifdef USE_SYSTEMD
2146 : sd_notify(0, "STOPPING=1");
2147 : #endif
2148 :
2149 : /*
2150 : * If we reached normal running, we go straight to waiting for
2151 : * client backends to exit. If already in PM_STOP_BACKENDS or a
2152 : * later state, do not change it.
2153 : */
2154 48 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2155 48 : connsAllowed = false;
2156 0 : else if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2157 : {
2158 : /* There should be no clients, so proceed to stop children */
2159 0 : UpdatePMState(PM_STOP_BACKENDS);
2160 : }
2161 :
2162 : /*
2163 : * Now wait for online backup mode to end and backends to exit. If
2164 : * that is already the case, PostmasterStateMachine will take the
2165 : * next step.
2166 : */
2167 48 : PostmasterStateMachine();
2168 48 : break;
2169 :
2170 583 : case FastShutdown:
2171 :
2172 : /*
2173 : * Fast Shutdown:
2174 : *
2175 : * Abort all children with SIGTERM (rollback active transactions
2176 : * and exit) and shut down when they are gone.
2177 : */
2178 583 : if (Shutdown >= FastShutdown)
2179 0 : break;
2180 583 : Shutdown = FastShutdown;
2181 583 : ereport(LOG,
2182 : (errmsg("received fast shutdown request")));
2183 :
2184 : /* Report status */
2185 583 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2186 : #ifdef USE_SYSTEMD
2187 : sd_notify(0, "STOPPING=1");
2188 : #endif
2189 :
2190 583 : if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2191 : {
2192 : /* Just shut down background processes silently */
2193 0 : UpdatePMState(PM_STOP_BACKENDS);
2194 : }
2195 583 : else if (pmState == PM_RUN ||
2196 61 : pmState == PM_HOT_STANDBY)
2197 : {
2198 : /* Report that we're about to zap live client sessions */
2199 583 : ereport(LOG,
2200 : (errmsg("aborting any active transactions")));
2201 583 : UpdatePMState(PM_STOP_BACKENDS);
2202 : }
2203 :
2204 : /*
2205 : * PostmasterStateMachine will issue any necessary signals, or
2206 : * take the next step if no child processes need to be killed.
2207 : */
2208 583 : PostmasterStateMachine();
2209 583 : break;
2210 :
2211 346 : case ImmediateShutdown:
2212 :
2213 : /*
2214 : * Immediate Shutdown:
2215 : *
2216 : * abort all children with SIGQUIT, wait for them to exit,
2217 : * terminate remaining ones with SIGKILL, then exit without
2218 : * attempt to properly shut down the data base system.
2219 : */
2220 346 : if (Shutdown >= ImmediateShutdown)
2221 0 : break;
2222 346 : Shutdown = ImmediateShutdown;
2223 346 : ereport(LOG,
2224 : (errmsg("received immediate shutdown request")));
2225 :
2226 : /* Report status */
2227 346 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2228 : #ifdef USE_SYSTEMD
2229 : sd_notify(0, "STOPPING=1");
2230 : #endif
2231 :
2232 : /* tell children to shut down ASAP */
2233 : /* (note we don't apply send_abort_for_crash here) */
2234 346 : SetQuitSignalReason(PMQUIT_FOR_STOP);
2235 346 : TerminateChildren(SIGQUIT);
2236 346 : UpdatePMState(PM_WAIT_BACKENDS);
2237 :
2238 : /* set stopwatch for them to die */
2239 346 : AbortStartTime = time(NULL);
2240 :
2241 : /*
2242 : * Now wait for backends to exit. If there are none,
2243 : * PostmasterStateMachine will take the next step.
2244 : */
2245 346 : PostmasterStateMachine();
2246 346 : break;
2247 : }
2248 977 : }
2249 :
2250 : static void
2251 25119 : handle_pm_child_exit_signal(SIGNAL_ARGS)
2252 : {
2253 25119 : pending_pm_child_exit = true;
2254 25119 : SetLatch(MyLatch);
2255 25119 : }
2256 :
2257 : /*
2258 : * Cleanup after a child process dies.
2259 : */
2260 : static void
2261 25017 : process_pm_child_exit(void)
2262 : {
2263 : int pid; /* process id of dead child process */
2264 : int exitstatus; /* its exit status */
2265 :
2266 25017 : pending_pm_child_exit = false;
2267 :
2268 25017 : ereport(DEBUG4,
2269 : (errmsg_internal("reaping dead processes")));
2270 :
2271 52023 : while ((pid = waitpid(-1, &exitstatus, WNOHANG)) > 0)
2272 : {
2273 : PMChild *pmchild;
2274 :
2275 : /*
2276 : * Check if this child was a startup process.
2277 : */
2278 27006 : if (StartupPMChild && pid == StartupPMChild->pid)
2279 : {
2280 989 : ReleasePostmasterChildSlot(StartupPMChild);
2281 989 : StartupPMChild = NULL;
2282 :
2283 : /*
2284 : * Startup process exited in response to a shutdown request (or it
2285 : * completed normally regardless of the shutdown request).
2286 : */
2287 989 : if (Shutdown > NoShutdown &&
2288 107 : (EXIT_STATUS_0(exitstatus) || EXIT_STATUS_1(exitstatus)))
2289 : {
2290 62 : StartupStatus = STARTUP_NOT_RUNNING;
2291 62 : UpdatePMState(PM_WAIT_BACKENDS);
2292 : /* PostmasterStateMachine logic does the rest */
2293 62 : continue;
2294 : }
2295 :
2296 927 : if (EXIT_STATUS_3(exitstatus))
2297 : {
2298 0 : ereport(LOG,
2299 : (errmsg("shutdown at recovery target")));
2300 0 : StartupStatus = STARTUP_NOT_RUNNING;
2301 0 : Shutdown = Max(Shutdown, SmartShutdown);
2302 0 : TerminateChildren(SIGTERM);
2303 0 : UpdatePMState(PM_WAIT_BACKENDS);
2304 : /* PostmasterStateMachine logic does the rest */
2305 0 : continue;
2306 : }
2307 :
2308 : /*
2309 : * Any unexpected exit (including FATAL exit) of the startup
2310 : * process is catastrophic, so kill other children, and set
2311 : * StartupStatus so we don't try to reinitialize after they're
2312 : * gone. Exception: if StartupStatus is STARTUP_SIGNALED, then we
2313 : * previously sent the startup process a SIGQUIT; so that's
2314 : * probably the reason it died, and we do want to try to restart
2315 : * in that case.
2316 : *
2317 : * This stanza also handles the case where we sent a SIGQUIT
2318 : * during PM_STARTUP due to some dead-end child crashing: in that
2319 : * situation, if the startup process dies on the SIGQUIT, we need
2320 : * to transition to PM_WAIT_BACKENDS state which will allow
2321 : * PostmasterStateMachine to restart the startup process. (On the
2322 : * other hand, the startup process might complete normally, if we
2323 : * were too late with the SIGQUIT. In that case we'll fall
2324 : * through and commence normal operations.)
2325 : */
2326 927 : if (!EXIT_STATUS_0(exitstatus))
2327 : {
2328 52 : if (StartupStatus == STARTUP_SIGNALED)
2329 : {
2330 45 : StartupStatus = STARTUP_NOT_RUNNING;
2331 45 : if (pmState == PM_STARTUP)
2332 0 : UpdatePMState(PM_WAIT_BACKENDS);
2333 : }
2334 : else
2335 7 : StartupStatus = STARTUP_CRASHED;
2336 52 : HandleChildCrash(pid, exitstatus,
2337 52 : _("startup process"));
2338 52 : continue;
2339 : }
2340 :
2341 : /*
2342 : * Startup succeeded, commence normal operations
2343 : */
2344 875 : StartupStatus = STARTUP_NOT_RUNNING;
2345 875 : FatalError = false;
2346 875 : AbortStartTime = 0;
2347 875 : ReachedNormalRunning = true;
2348 875 : UpdatePMState(PM_RUN);
2349 875 : connsAllowed = true;
2350 :
2351 : /*
2352 : * At the next iteration of the postmaster's main loop, we will
2353 : * crank up the background tasks like the autovacuum launcher and
2354 : * background workers that were not started earlier already.
2355 : */
2356 875 : StartWorkerNeeded = true;
2357 :
2358 : /* at this point we are really open for business */
2359 875 : ereport(LOG,
2360 : (errmsg("database system is ready to accept connections")));
2361 :
2362 : /* Report status */
2363 875 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
2364 : #ifdef USE_SYSTEMD
2365 : sd_notify(0, "READY=1");
2366 : #endif
2367 :
2368 875 : continue;
2369 : }
2370 :
2371 : /*
2372 : * Was it the bgwriter? Normal exit can be ignored; we'll start a new
2373 : * one at the next iteration of the postmaster's main loop, if
2374 : * necessary. Any other exit condition is treated as a crash.
2375 : */
2376 26017 : if (BgWriterPMChild && pid == BgWriterPMChild->pid)
2377 : {
2378 989 : ReleasePostmasterChildSlot(BgWriterPMChild);
2379 989 : BgWriterPMChild = NULL;
2380 989 : if (!EXIT_STATUS_0(exitstatus))
2381 358 : HandleChildCrash(pid, exitstatus,
2382 358 : _("background writer process"));
2383 989 : continue;
2384 : }
2385 :
2386 : /*
2387 : * Was it the checkpointer?
2388 : */
2389 25028 : if (CheckpointerPMChild && pid == CheckpointerPMChild->pid)
2390 : {
2391 989 : ReleasePostmasterChildSlot(CheckpointerPMChild);
2392 989 : CheckpointerPMChild = NULL;
2393 989 : if (EXIT_STATUS_0(exitstatus) && pmState == PM_WAIT_CHECKPOINTER)
2394 631 : {
2395 : /*
2396 : * OK, we saw normal exit of the checkpointer after it's been
2397 : * told to shut down. We know checkpointer wrote a shutdown
2398 : * checkpoint, otherwise we'd still be in
2399 : * PM_WAIT_XLOG_SHUTDOWN state.
2400 : *
2401 : * At this point only dead-end children and logger should be
2402 : * left.
2403 : */
2404 631 : UpdatePMState(PM_WAIT_DEAD_END);
2405 631 : ConfigurePostmasterWaitSet(false);
2406 631 : SignalChildren(SIGTERM, btmask_all_except(B_LOGGER));
2407 : }
2408 : else
2409 : {
2410 : /*
2411 : * Any unexpected exit of the checkpointer (including FATAL
2412 : * exit) is treated as a crash.
2413 : */
2414 358 : HandleChildCrash(pid, exitstatus,
2415 358 : _("checkpointer process"));
2416 : }
2417 :
2418 989 : continue;
2419 : }
2420 :
2421 : /*
2422 : * Was it the wal writer? Normal exit can be ignored; we'll start a
2423 : * new one at the next iteration of the postmaster's main loop, if
2424 : * necessary. Any other exit condition is treated as a crash.
2425 : */
2426 24039 : if (WalWriterPMChild && pid == WalWriterPMChild->pid)
2427 : {
2428 875 : ReleasePostmasterChildSlot(WalWriterPMChild);
2429 875 : WalWriterPMChild = NULL;
2430 875 : if (!EXIT_STATUS_0(exitstatus))
2431 305 : HandleChildCrash(pid, exitstatus,
2432 305 : _("WAL writer process"));
2433 875 : continue;
2434 : }
2435 :
2436 : /*
2437 : * Was it the wal receiver? If exit status is zero (normal) or one
2438 : * (FATAL exit), we assume everything is all right just like normal
2439 : * backends. (If we need a new wal receiver, we'll start one at the
2440 : * next iteration of the postmaster's main loop.)
2441 : */
2442 23164 : if (WalReceiverPMChild && pid == WalReceiverPMChild->pid)
2443 : {
2444 257 : ReleasePostmasterChildSlot(WalReceiverPMChild);
2445 257 : WalReceiverPMChild = NULL;
2446 257 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2447 18 : HandleChildCrash(pid, exitstatus,
2448 18 : _("WAL receiver process"));
2449 257 : continue;
2450 : }
2451 :
2452 : /*
2453 : * Was it the wal summarizer? Normal exit can be ignored; we'll start
2454 : * a new one at the next iteration of the postmaster's main loop, if
2455 : * necessary. Any other exit condition is treated as a crash.
2456 : */
2457 22907 : if (WalSummarizerPMChild && pid == WalSummarizerPMChild->pid)
2458 : {
2459 21 : ReleasePostmasterChildSlot(WalSummarizerPMChild);
2460 21 : WalSummarizerPMChild = NULL;
2461 21 : if (!EXIT_STATUS_0(exitstatus))
2462 18 : HandleChildCrash(pid, exitstatus,
2463 18 : _("WAL summarizer process"));
2464 21 : continue;
2465 : }
2466 :
2467 : /*
2468 : * Was it the autovacuum launcher? Normal exit can be ignored; we'll
2469 : * start a new one at the next iteration of the postmaster's main
2470 : * loop, if necessary. Any other exit condition is treated as a
2471 : * crash.
2472 : */
2473 22886 : if (AutoVacLauncherPMChild && pid == AutoVacLauncherPMChild->pid)
2474 : {
2475 738 : ReleasePostmasterChildSlot(AutoVacLauncherPMChild);
2476 738 : AutoVacLauncherPMChild = NULL;
2477 738 : if (!EXIT_STATUS_0(exitstatus))
2478 258 : HandleChildCrash(pid, exitstatus,
2479 258 : _("autovacuum launcher process"));
2480 738 : continue;
2481 : }
2482 :
2483 : /*
2484 : * Was it the archiver? If exit status is zero (normal) or one (FATAL
2485 : * exit), we assume everything is all right just like normal backends
2486 : * and just try to start a new one on the next cycle of the
2487 : * postmaster's main loop, to retry archiving remaining files.
2488 : */
2489 22148 : if (PgArchPMChild && pid == PgArchPMChild->pid)
2490 : {
2491 57 : ReleasePostmasterChildSlot(PgArchPMChild);
2492 57 : PgArchPMChild = NULL;
2493 57 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2494 40 : HandleChildCrash(pid, exitstatus,
2495 40 : _("archiver process"));
2496 57 : continue;
2497 : }
2498 :
2499 : /* Was it the system logger? If so, try to start a new one */
2500 22091 : if (SysLoggerPMChild && pid == SysLoggerPMChild->pid)
2501 : {
2502 0 : ReleasePostmasterChildSlot(SysLoggerPMChild);
2503 0 : SysLoggerPMChild = NULL;
2504 :
2505 : /* for safety's sake, launch new logger *first* */
2506 0 : if (Logging_collector)
2507 0 : StartSysLogger();
2508 :
2509 0 : if (!EXIT_STATUS_0(exitstatus))
2510 0 : LogChildExit(LOG, _("system logger process"),
2511 : pid, exitstatus);
2512 0 : continue;
2513 : }
2514 :
2515 : /*
2516 : * Was it the slot sync worker? Normal exit or FATAL exit can be
2517 : * ignored (FATAL can be caused by libpqwalreceiver on receiving
2518 : * shutdown request by the startup process during promotion); we'll
2519 : * start a new one at the next iteration of the postmaster's main
2520 : * loop, if necessary. Any other exit condition is treated as a crash.
2521 : */
2522 22091 : if (SlotSyncWorkerPMChild && pid == SlotSyncWorkerPMChild->pid)
2523 : {
2524 6 : ReleasePostmasterChildSlot(SlotSyncWorkerPMChild);
2525 6 : SlotSyncWorkerPMChild = NULL;
2526 6 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2527 0 : HandleChildCrash(pid, exitstatus,
2528 0 : _("slot sync worker process"));
2529 6 : continue;
2530 : }
2531 :
2532 : /* Was it an IO worker? */
2533 22085 : if (maybe_reap_io_worker(pid))
2534 : {
2535 2021 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2536 722 : HandleChildCrash(pid, exitstatus, _("io worker"));
2537 :
2538 : /*
2539 : * A worker that exited with an error might have brought the pool
2540 : * size below io_min_workers, or allowed the queue to grow to the
2541 : * point where another worker called for growth.
2542 : *
2543 : * In the common case that a worker timed out due to idleness, no
2544 : * replacement needs to be started. maybe_start_io_workers() will
2545 : * figure that out.
2546 : */
2547 2021 : maybe_start_io_workers();
2548 :
2549 2021 : continue;
2550 : }
2551 :
2552 : /*
2553 : * Was it a backend or a background worker?
2554 : */
2555 20064 : pmchild = FindPostmasterChildByPid(pid);
2556 20064 : if (pmchild)
2557 : {
2558 20064 : CleanupBackend(pmchild, exitstatus);
2559 : }
2560 :
2561 : /*
2562 : * We don't know anything about this child process. That's highly
2563 : * unexpected, as we do track all the child processes that we fork.
2564 : */
2565 : else
2566 : {
2567 0 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2568 0 : HandleChildCrash(pid, exitstatus, _("untracked child process"));
2569 : else
2570 0 : LogChildExit(LOG, _("untracked child process"), pid, exitstatus);
2571 : }
2572 : } /* loop over pending child-death reports */
2573 :
2574 : /*
2575 : * After cleaning out the SIGCHLD queue, see if we have any state changes
2576 : * or actions to make.
2577 : */
2578 25017 : PostmasterStateMachine();
2579 24033 : }
2580 :
2581 : /*
2582 : * CleanupBackend -- cleanup after terminated backend or background worker.
2583 : *
2584 : * Remove all local state associated with the child process and release its
2585 : * PMChild slot.
2586 : */
2587 : static void
2588 20064 : CleanupBackend(PMChild *bp,
2589 : int exitstatus) /* child's exit status. */
2590 : {
2591 : char namebuf[MAXPGPATH];
2592 : const char *procname;
2593 20064 : bool crashed = false;
2594 20064 : bool logged = false;
2595 : pid_t bp_pid;
2596 : bool bp_bgworker_notify;
2597 : BackendType bp_bkend_type;
2598 : RegisteredBgWorker *rw;
2599 :
2600 : /* Construct a process name for the log message */
2601 20064 : if (bp->bkend_type == B_BG_WORKER)
2602 : {
2603 3537 : snprintf(namebuf, MAXPGPATH, _("background worker \"%s\""),
2604 3537 : bp->rw->rw_worker.bgw_type);
2605 3537 : procname = namebuf;
2606 : }
2607 : else
2608 16527 : procname = _(GetBackendTypeDesc(bp->bkend_type));
2609 :
2610 : /*
2611 : * If a backend dies in an ugly way then we must signal all other backends
2612 : * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
2613 : * assume everything is all right and proceed to remove the backend from
2614 : * the active child list.
2615 : */
2616 20064 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2617 619 : crashed = true;
2618 :
2619 : #ifdef WIN32
2620 :
2621 : /*
2622 : * On win32, also treat ERROR_WAIT_NO_CHILDREN (128) as nonfatal case,
2623 : * since that sometimes happens under load when the process fails to start
2624 : * properly (long before it starts using shared memory). Microsoft reports
2625 : * it is related to mutex failure:
2626 : * http://archives.postgresql.org/pgsql-hackers/2010-09/msg00790.php
2627 : */
2628 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
2629 : {
2630 : LogChildExit(LOG, procname, bp->pid, exitstatus);
2631 : logged = true;
2632 : crashed = false;
2633 : }
2634 : #endif
2635 :
2636 : /*
2637 : * Release the PMChild entry.
2638 : *
2639 : * If the process attached to shared memory, this also checks that it
2640 : * detached cleanly.
2641 : */
2642 20064 : bp_pid = bp->pid;
2643 20064 : bp_bgworker_notify = bp->bgworker_notify;
2644 20064 : bp_bkend_type = bp->bkend_type;
2645 20064 : rw = bp->rw;
2646 20064 : if (!ReleasePostmasterChildSlot(bp))
2647 : {
2648 : /*
2649 : * Uh-oh, the child failed to clean itself up. Treat as a crash after
2650 : * all.
2651 : */
2652 386 : crashed = true;
2653 : }
2654 20064 : bp = NULL;
2655 :
2656 : /*
2657 : * In a crash case, exit immediately without resetting background worker
2658 : * state. However, if restart_after_crash is enabled, the background
2659 : * worker state (e.g., rw_pid) still needs be reset so the worker can
2660 : * restart after crash recovery. This reset is handled in
2661 : * ResetBackgroundWorkerCrashTimes(), not here.
2662 : */
2663 20064 : if (crashed)
2664 : {
2665 619 : HandleChildCrash(bp_pid, exitstatus, procname);
2666 619 : return;
2667 : }
2668 :
2669 : /*
2670 : * This backend may have been slated to receive SIGUSR1 when some
2671 : * background worker started or stopped. Cancel those notifications, as
2672 : * we don't want to signal PIDs that are not PostgreSQL backends. This
2673 : * gets skipped in the (probably very common) case where the backend has
2674 : * never requested any such notifications.
2675 : */
2676 19445 : if (bp_bgworker_notify)
2677 341 : BackgroundWorkerStopNotifications(bp_pid);
2678 :
2679 : /*
2680 : * If it was an autovacuum worker, wake up the launcher so that it can
2681 : * immediately launch a new worker or rebalance to cost limit setting of
2682 : * the remaining workers.
2683 : */
2684 19445 : if (bp_bkend_type == B_AUTOVAC_WORKER && AutoVacLauncherPMChild != NULL)
2685 1438 : signal_child(AutoVacLauncherPMChild, SIGUSR2);
2686 :
2687 : /*
2688 : * If it was a background worker, also update its RegisteredBgWorker
2689 : * entry.
2690 : */
2691 19445 : if (bp_bkend_type == B_BG_WORKER)
2692 : {
2693 3208 : if (!EXIT_STATUS_0(exitstatus))
2694 : {
2695 : /* Record timestamp, so we know when to restart the worker. */
2696 822 : rw->rw_crashed_at = GetCurrentTimestamp();
2697 : }
2698 : else
2699 : {
2700 : /* Zero exit status means terminate */
2701 2386 : rw->rw_crashed_at = 0;
2702 2386 : rw->rw_terminate = true;
2703 : }
2704 :
2705 3208 : rw->rw_pid = 0;
2706 3208 : ReportBackgroundWorkerExit(rw); /* report child death */
2707 :
2708 3208 : if (!logged)
2709 : {
2710 3208 : LogChildExit(EXIT_STATUS_0(exitstatus) ? DEBUG1 : LOG,
2711 : procname, bp_pid, exitstatus);
2712 3208 : logged = true;
2713 : }
2714 :
2715 : /* have it be restarted */
2716 3208 : HaveCrashedWorker = true;
2717 : }
2718 :
2719 19445 : if (!logged)
2720 16237 : LogChildExit(DEBUG2, procname, bp_pid, exitstatus);
2721 : }
2722 :
2723 : /*
2724 : * Transition into FatalError state, in response to something bad having
2725 : * happened. Commonly the caller will have logged the reason for entering
2726 : * FatalError state.
2727 : *
2728 : * This should only be called when not already in FatalError or
2729 : * ImmediateShutdown state.
2730 : */
2731 : static void
2732 12 : HandleFatalError(QuitSignalReason reason, bool consider_sigabrt)
2733 : {
2734 : int sigtosend;
2735 :
2736 : Assert(!FatalError);
2737 : Assert(Shutdown != ImmediateShutdown);
2738 :
2739 12 : SetQuitSignalReason(reason);
2740 :
2741 12 : if (consider_sigabrt && send_abort_for_crash)
2742 0 : sigtosend = SIGABRT;
2743 : else
2744 12 : sigtosend = SIGQUIT;
2745 :
2746 : /*
2747 : * Signal all other child processes to exit.
2748 : *
2749 : * We could exclude dead-end children here, but at least when sending
2750 : * SIGABRT it seems better to include them.
2751 : */
2752 12 : TerminateChildren(sigtosend);
2753 :
2754 12 : FatalError = true;
2755 :
2756 : /*
2757 : * Choose the appropriate new state to react to the fatal error. Unless we
2758 : * were already in the process of shutting down, we go through
2759 : * PM_WAIT_BACKENDS. For errors during the shutdown sequence, we directly
2760 : * switch to PM_WAIT_DEAD_END.
2761 : */
2762 12 : switch (pmState)
2763 : {
2764 0 : case PM_INIT:
2765 : /* shouldn't have any children */
2766 : Assert(false);
2767 0 : break;
2768 :
2769 : /* wait for children to die */
2770 12 : case PM_STARTUP:
2771 : case PM_RECOVERY:
2772 : case PM_HOT_STANDBY:
2773 : case PM_RUN:
2774 : case PM_STOP_BACKENDS:
2775 12 : UpdatePMState(PM_WAIT_BACKENDS);
2776 12 : break;
2777 :
2778 0 : case PM_WAIT_BACKENDS:
2779 : /* there might be more backends to wait for */
2780 0 : break;
2781 :
2782 0 : case PM_WAIT_XLOG_SHUTDOWN:
2783 : case PM_WAIT_XLOG_ARCHIVAL:
2784 : case PM_WAIT_CHECKPOINTER:
2785 : case PM_WAIT_IO_WORKERS:
2786 :
2787 : /*
2788 : * NB: Similar code exists in PostmasterStateMachine()'s handling
2789 : * of FatalError in PM_STOP_BACKENDS/PM_WAIT_BACKENDS states.
2790 : */
2791 0 : ConfigurePostmasterWaitSet(false);
2792 0 : UpdatePMState(PM_WAIT_DEAD_END);
2793 0 : break;
2794 :
2795 0 : case PM_WAIT_DEAD_END:
2796 : case PM_NO_CHILDREN:
2797 0 : break;
2798 : }
2799 :
2800 : /*
2801 : * .. and if this doesn't happen quickly enough, now the clock is ticking
2802 : * for us to kill them without mercy.
2803 : */
2804 12 : if (AbortStartTime == 0)
2805 12 : AbortStartTime = time(NULL);
2806 12 : }
2807 :
2808 : /*
2809 : * HandleChildCrash -- cleanup after failed backend, bgwriter, checkpointer,
2810 : * walwriter, autovacuum, archiver, slot sync worker, or background worker.
2811 : *
2812 : * The objectives here are to clean up our local state about the child
2813 : * process, and to signal all other remaining children to quickdie.
2814 : *
2815 : * The caller has already released its PMChild slot.
2816 : */
2817 : static void
2818 2748 : HandleChildCrash(int pid, int exitstatus, const char *procname)
2819 : {
2820 : /*
2821 : * We only log messages and send signals if this is the first process
2822 : * crash and we're not doing an immediate shutdown; otherwise, we're only
2823 : * here to update postmaster's idea of live processes. If we have already
2824 : * signaled children, nonzero exit status is to be expected, so don't
2825 : * clutter log.
2826 : */
2827 2748 : if (FatalError || Shutdown == ImmediateShutdown)
2828 2736 : return;
2829 :
2830 12 : LogChildExit(LOG, procname, pid, exitstatus);
2831 12 : ereport(LOG,
2832 : (errmsg("terminating any other active server processes")));
2833 :
2834 : /*
2835 : * Switch into error state. The crashed process has already been removed
2836 : * from ActiveChildList.
2837 : */
2838 12 : HandleFatalError(PMQUIT_FOR_CRASH, true);
2839 : }
2840 :
2841 : /*
2842 : * Log the death of a child process.
2843 : */
2844 : static void
2845 19457 : LogChildExit(int lev, const char *procname, int pid, int exitstatus)
2846 : {
2847 : /*
2848 : * size of activity_buffer is arbitrary, but set equal to default
2849 : * track_activity_query_size
2850 : */
2851 : char activity_buffer[1024];
2852 19457 : const char *activity = NULL;
2853 :
2854 19457 : if (!EXIT_STATUS_0(exitstatus))
2855 1183 : activity = pgstat_get_crashed_backend_activity(pid,
2856 : activity_buffer,
2857 : sizeof(activity_buffer));
2858 :
2859 19457 : if (WIFEXITED(exitstatus))
2860 19453 : ereport(lev,
2861 :
2862 : /*------
2863 : translator: %s is a noun phrase describing a child process, such as
2864 : "server process" */
2865 : (errmsg("%s (PID %d) exited with exit code %d",
2866 : procname, pid, WEXITSTATUS(exitstatus)),
2867 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2868 4 : else if (WIFSIGNALED(exitstatus))
2869 : {
2870 : #if defined(WIN32)
2871 : ereport(lev,
2872 :
2873 : /*------
2874 : translator: %s is a noun phrase describing a child process, such as
2875 : "server process" */
2876 : (errmsg("%s (PID %d) was terminated by exception 0x%X",
2877 : procname, pid, WTERMSIG(exitstatus)),
2878 : errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
2879 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2880 : #else
2881 4 : ereport(lev,
2882 :
2883 : /*------
2884 : translator: %s is a noun phrase describing a child process, such as
2885 : "server process" */
2886 : (errmsg("%s (PID %d) was terminated by signal %d: %s",
2887 : procname, pid, WTERMSIG(exitstatus),
2888 : pg_strsignal(WTERMSIG(exitstatus))),
2889 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2890 : #endif
2891 : }
2892 : else
2893 0 : ereport(lev,
2894 :
2895 : /*------
2896 : translator: %s is a noun phrase describing a child process, such as
2897 : "server process" */
2898 : (errmsg("%s (PID %d) exited with unrecognized status %d",
2899 : procname, pid, exitstatus),
2900 : activity ? errdetail("Failed process was running: %s", activity) : 0));
2901 19457 : }
2902 :
2903 : /*
2904 : * Advance the postmaster's state machine and take actions as appropriate
2905 : *
2906 : * This is common code for process_pm_shutdown_request(),
2907 : * process_pm_child_exit() and process_pm_pmsignal(), which process the signals
2908 : * that might mean we need to change state.
2909 : */
2910 : static void
2911 27961 : PostmasterStateMachine(void)
2912 : {
2913 : /* If we're doing a smart shutdown, try to advance that state. */
2914 27961 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2915 : {
2916 20232 : if (!connsAllowed)
2917 : {
2918 : /*
2919 : * This state ends when we have no normal client backends running.
2920 : * Then we're ready to stop other children.
2921 : */
2922 127 : if (CountChildren(btmask(B_BACKEND)) == 0)
2923 48 : UpdatePMState(PM_STOP_BACKENDS);
2924 : }
2925 : }
2926 :
2927 : /*
2928 : * In the PM_WAIT_BACKENDS state, wait for all the regular backends and
2929 : * processes like autovacuum and background workers that are comparable to
2930 : * backends to exit.
2931 : *
2932 : * PM_STOP_BACKENDS is a transient state that means the same as
2933 : * PM_WAIT_BACKENDS, but we signal the processes first, before waiting for
2934 : * them. Treating it as a distinct pmState allows us to share this code
2935 : * across multiple shutdown code paths.
2936 : */
2937 27961 : if (pmState == PM_STOP_BACKENDS || pmState == PM_WAIT_BACKENDS)
2938 : {
2939 5165 : BackendTypeMask targetMask = BTYPE_MASK_NONE;
2940 :
2941 : /*
2942 : * PM_WAIT_BACKENDS state ends when we have no regular backends, no
2943 : * autovac launcher or workers, and no bgworkers (including
2944 : * unconnected ones).
2945 : */
2946 5165 : targetMask = btmask_add(targetMask,
2947 : B_BACKEND,
2948 : B_AUTOVAC_LAUNCHER,
2949 : B_AUTOVAC_WORKER,
2950 : B_BG_WORKER);
2951 :
2952 : /*
2953 : * No walwriter, bgwriter, slot sync worker, or WAL summarizer either.
2954 : */
2955 5165 : targetMask = btmask_add(targetMask,
2956 : B_WAL_WRITER,
2957 : B_BG_WRITER,
2958 : B_SLOTSYNC_WORKER,
2959 : B_WAL_SUMMARIZER);
2960 :
2961 : /* If we're in recovery, also stop startup and walreceiver procs */
2962 5165 : targetMask = btmask_add(targetMask,
2963 : B_STARTUP,
2964 : B_WAL_RECEIVER);
2965 :
2966 : /*
2967 : * If we are doing crash recovery or an immediate shutdown then we
2968 : * expect archiver, checkpointer, io workers and walsender to exit as
2969 : * well, otherwise not.
2970 : */
2971 5165 : if (FatalError || Shutdown >= ImmediateShutdown)
2972 1886 : targetMask = btmask_add(targetMask,
2973 : B_CHECKPOINTER,
2974 : B_ARCHIVER,
2975 : B_IO_WORKER,
2976 : B_WAL_SENDER);
2977 :
2978 : /*
2979 : * Normally archiver, checkpointer, IO workers and walsenders will
2980 : * continue running; they will be terminated later after writing the
2981 : * checkpoint record. We also let dead-end children to keep running
2982 : * for now. The syslogger process exits last.
2983 : *
2984 : * This assertion checks that we have covered all backend types,
2985 : * either by including them in targetMask, or by noting here that they
2986 : * are allowed to continue running.
2987 : */
2988 : #ifdef USE_ASSERT_CHECKING
2989 : {
2990 : BackendTypeMask remainMask = BTYPE_MASK_NONE;
2991 :
2992 : remainMask = btmask_add(remainMask,
2993 : B_DEAD_END_BACKEND,
2994 : B_LOGGER);
2995 :
2996 : /*
2997 : * Archiver, checkpointer, IO workers, and walsender may or may
2998 : * not be in targetMask already.
2999 : */
3000 : remainMask = btmask_add(remainMask,
3001 : B_ARCHIVER,
3002 : B_CHECKPOINTER,
3003 : B_IO_WORKER,
3004 : B_WAL_SENDER);
3005 :
3006 : /* these are not real postmaster children */
3007 : remainMask = btmask_add(remainMask,
3008 : B_INVALID,
3009 : B_STANDALONE_BACKEND);
3010 :
3011 : /* also add data checksums processes */
3012 : remainMask = btmask_add(remainMask,
3013 : B_DATACHECKSUMSWORKER_LAUNCHER,
3014 : B_DATACHECKSUMSWORKER_WORKER);
3015 :
3016 : /* All types should be included in targetMask or remainMask */
3017 : Assert((remainMask.mask | targetMask.mask) == BTYPE_MASK_ALL.mask);
3018 : }
3019 : #endif
3020 :
3021 : /* If we had not yet signaled the processes to exit, do so now */
3022 5165 : if (pmState == PM_STOP_BACKENDS)
3023 : {
3024 : /*
3025 : * Forget any pending requests for background workers, since we're
3026 : * no longer willing to launch any new workers. (If additional
3027 : * requests arrive, BackgroundWorkerStateChange will reject them.)
3028 : */
3029 631 : ForgetUnstartedBackgroundWorkers();
3030 :
3031 631 : SignalChildren(SIGTERM, targetMask);
3032 :
3033 631 : UpdatePMState(PM_WAIT_BACKENDS);
3034 : }
3035 :
3036 : /* Are any of the target processes still running? */
3037 5165 : if (CountChildren(targetMask) == 0)
3038 : {
3039 989 : if (Shutdown >= ImmediateShutdown || FatalError)
3040 : {
3041 : /*
3042 : * Stop any dead-end children and stop creating new ones.
3043 : *
3044 : * NB: Similar code exists in HandleFatalError(), when the
3045 : * error happens in pmState > PM_WAIT_BACKENDS.
3046 : */
3047 358 : UpdatePMState(PM_WAIT_DEAD_END);
3048 358 : ConfigurePostmasterWaitSet(false);
3049 358 : SignalChildren(SIGQUIT, btmask(B_DEAD_END_BACKEND));
3050 :
3051 : /*
3052 : * We already SIGQUIT'd auxiliary processes (other than
3053 : * logger), if any, when we started immediate shutdown or
3054 : * entered FatalError state.
3055 : */
3056 : }
3057 : else
3058 : {
3059 : /*
3060 : * If we get here, we are proceeding with normal shutdown. All
3061 : * the regular children are gone, and it's time to tell the
3062 : * checkpointer to do a shutdown checkpoint.
3063 : */
3064 : Assert(Shutdown > NoShutdown);
3065 : /* Start the checkpointer if not running */
3066 631 : if (CheckpointerPMChild == NULL)
3067 0 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
3068 : /* And tell it to write the shutdown checkpoint */
3069 631 : if (CheckpointerPMChild != NULL)
3070 : {
3071 631 : signal_child(CheckpointerPMChild, SIGINT);
3072 631 : UpdatePMState(PM_WAIT_XLOG_SHUTDOWN);
3073 : }
3074 : else
3075 : {
3076 : /*
3077 : * If we failed to fork a checkpointer, just shut down.
3078 : * Any required cleanup will happen at next restart. We
3079 : * set FatalError so that an "abnormal shutdown" message
3080 : * gets logged when we exit.
3081 : *
3082 : * We don't consult send_abort_for_crash here, as it's
3083 : * unlikely that dumping cores would illuminate the reason
3084 : * for checkpointer fork failure.
3085 : *
3086 : * XXX: It may be worth to introduce a different PMQUIT
3087 : * value that signals that the cluster is in a bad state,
3088 : * without a process having crashed. But right now this
3089 : * path is very unlikely to be reached, so it isn't
3090 : * obviously worthwhile adding a distinct error message in
3091 : * quickdie().
3092 : */
3093 0 : HandleFatalError(PMQUIT_FOR_CRASH, false);
3094 : }
3095 : }
3096 : }
3097 : }
3098 :
3099 : /*
3100 : * The state transition from PM_WAIT_XLOG_SHUTDOWN to
3101 : * PM_WAIT_XLOG_ARCHIVAL is in process_pm_pmsignal(), in response to
3102 : * PMSIGNAL_XLOG_IS_SHUTDOWN.
3103 : */
3104 :
3105 27961 : if (pmState == PM_WAIT_XLOG_ARCHIVAL)
3106 : {
3107 : /*
3108 : * PM_WAIT_XLOG_ARCHIVAL state ends when there are no children other
3109 : * than checkpointer, io workers and dead-end children left. There
3110 : * shouldn't be any regular backends left by now anyway; what we're
3111 : * really waiting for is for walsenders and archiver to exit.
3112 : */
3113 694 : if (CountChildren(btmask_all_except(B_CHECKPOINTER, B_IO_WORKER,
3114 : B_LOGGER, B_DEAD_END_BACKEND)) == 0)
3115 : {
3116 631 : UpdatePMState(PM_WAIT_IO_WORKERS);
3117 631 : SignalChildren(SIGUSR2, btmask(B_IO_WORKER));
3118 : }
3119 : }
3120 :
3121 27961 : if (pmState == PM_WAIT_IO_WORKERS)
3122 : {
3123 : /*
3124 : * PM_WAIT_IO_WORKERS state ends when there's only checkpointer and
3125 : * dead-end children left.
3126 : */
3127 1836 : if (io_worker_count == 0)
3128 : {
3129 631 : UpdatePMState(PM_WAIT_CHECKPOINTER);
3130 :
3131 : /*
3132 : * Now that the processes mentioned above are gone, tell
3133 : * checkpointer to shut down too. That allows checkpointer to
3134 : * perform some last bits of cleanup without other processes
3135 : * interfering.
3136 : */
3137 631 : if (CheckpointerPMChild != NULL)
3138 631 : signal_child(CheckpointerPMChild, SIGUSR2);
3139 : }
3140 : }
3141 :
3142 : /*
3143 : * The state transition from PM_WAIT_CHECKPOINTER to PM_WAIT_DEAD_END is
3144 : * in process_pm_child_exit().
3145 : */
3146 :
3147 27961 : if (pmState == PM_WAIT_DEAD_END)
3148 : {
3149 : /*
3150 : * PM_WAIT_DEAD_END state ends when all other children are gone except
3151 : * for the logger. During normal shutdown, all that remains are
3152 : * dead-end backends, but in FatalError processing we jump straight
3153 : * here with more processes remaining. Note that they have already
3154 : * been sent appropriate shutdown signals, either during a normal
3155 : * state transition leading up to PM_WAIT_DEAD_END, or during
3156 : * FatalError processing.
3157 : *
3158 : * The reason we wait is to protect against a new postmaster starting
3159 : * conflicting subprocesses; this isn't an ironclad protection, but it
3160 : * at least helps in the shutdown-and-immediately-restart scenario.
3161 : */
3162 1010 : if (CountChildren(btmask_all_except(B_LOGGER)) == 0)
3163 : {
3164 : /* These other guys should be dead already */
3165 : Assert(StartupPMChild == NULL);
3166 : Assert(WalReceiverPMChild == NULL);
3167 : Assert(WalSummarizerPMChild == NULL);
3168 : Assert(BgWriterPMChild == NULL);
3169 : Assert(CheckpointerPMChild == NULL);
3170 : Assert(WalWriterPMChild == NULL);
3171 : Assert(AutoVacLauncherPMChild == NULL);
3172 : Assert(SlotSyncWorkerPMChild == NULL);
3173 : /* syslogger is not considered here */
3174 989 : UpdatePMState(PM_NO_CHILDREN);
3175 : }
3176 : }
3177 :
3178 : /*
3179 : * If we've been told to shut down, we exit as soon as there are no
3180 : * remaining children. If there was a crash, cleanup will occur at the
3181 : * next startup. (Before PostgreSQL 8.3, we tried to recover from the
3182 : * crash before exiting, but that seems unwise if we are quitting because
3183 : * we got SIGTERM from init --- there may well not be time for recovery
3184 : * before init decides to SIGKILL us.)
3185 : *
3186 : * Note that the syslogger continues to run. It will exit when it sees
3187 : * EOF on its input pipe, which happens when there are no more upstream
3188 : * processes.
3189 : */
3190 27961 : if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
3191 : {
3192 977 : if (FatalError)
3193 : {
3194 0 : ereport(LOG, (errmsg("abnormal database system shutdown")));
3195 0 : ExitPostmaster(1);
3196 : }
3197 : else
3198 : {
3199 : /*
3200 : * Normal exit from the postmaster is here. We don't need to log
3201 : * anything here, since the UnlinkLockFiles proc_exit callback
3202 : * will do so, and that should be the last user-visible action.
3203 : */
3204 977 : ExitPostmaster(0);
3205 : }
3206 : }
3207 :
3208 : /*
3209 : * If the startup process failed, or the user does not want an automatic
3210 : * restart after backend crashes, wait for all non-syslogger children to
3211 : * exit, and then exit postmaster. We don't try to reinitialize when the
3212 : * startup process fails, because more than likely it will just fail again
3213 : * and we will keep trying forever.
3214 : */
3215 26984 : if (pmState == PM_NO_CHILDREN)
3216 : {
3217 12 : if (StartupStatus == STARTUP_CRASHED)
3218 : {
3219 7 : ereport(LOG,
3220 : (errmsg("shutting down due to startup process failure")));
3221 7 : ExitPostmaster(1);
3222 : }
3223 5 : if (!restart_after_crash)
3224 : {
3225 0 : ereport(LOG,
3226 : (errmsg("shutting down because \"restart_after_crash\" is off")));
3227 0 : ExitPostmaster(1);
3228 : }
3229 : }
3230 :
3231 : /*
3232 : * If we need to recover from a crash, wait for all non-syslogger children
3233 : * to exit, then reset shmem and start the startup process.
3234 : */
3235 26977 : if (FatalError && pmState == PM_NO_CHILDREN)
3236 : {
3237 5 : ereport(LOG,
3238 : (errmsg("all server processes terminated; reinitializing")));
3239 :
3240 : /* remove leftover temporary files after a crash */
3241 5 : if (remove_temp_files_after_crash)
3242 4 : RemovePgTempFiles();
3243 :
3244 : /* allow background workers to immediately restart */
3245 5 : ResetBackgroundWorkerCrashTimes();
3246 :
3247 5 : shmem_exit(1);
3248 :
3249 : /* re-read control file into local memory */
3250 5 : LocalProcessControlFile(true);
3251 :
3252 : /*
3253 : * Re-initialize shared memory and semaphores. Note: We don't call
3254 : * RegisterBuiltinShmemCallbacks(), we keep the old registrations. In
3255 : * order to re-register structs in extensions, we'd need to reload
3256 : * shared preload libraries, and we don't want to do that.
3257 : */
3258 5 : ResetShmemAllocator();
3259 5 : ShmemCallRequestCallbacks();
3260 5 : CreateSharedMemoryAndSemaphores();
3261 :
3262 5 : UpdatePMState(PM_STARTUP);
3263 :
3264 : /* Make sure we can perform I/O while starting up. */
3265 5 : maybe_start_io_workers();
3266 :
3267 5 : StartupPMChild = StartChildProcess(B_STARTUP);
3268 : Assert(StartupPMChild != NULL);
3269 5 : StartupStatus = STARTUP_RUNNING;
3270 : /* crash recovery started, reset SIGKILL flag */
3271 5 : AbortStartTime = 0;
3272 :
3273 : /* start accepting server socket connection events again */
3274 5 : ConfigurePostmasterWaitSet(true);
3275 : }
3276 26977 : }
3277 :
3278 : static const char *
3279 1508 : pmstate_name(PMState state)
3280 : {
3281 : #define PM_TOSTR_CASE(sym) case sym: return #sym
3282 1508 : switch (state)
3283 : {
3284 81 : PM_TOSTR_CASE(PM_INIT);
3285 162 : PM_TOSTR_CASE(PM_STARTUP);
3286 28 : PM_TOSTR_CASE(PM_RECOVERY);
3287 25 : PM_TOSTR_CASE(PM_HOT_STANDBY);
3288 149 : PM_TOSTR_CASE(PM_RUN);
3289 128 : PM_TOSTR_CASE(PM_STOP_BACKENDS);
3290 174 : PM_TOSTR_CASE(PM_WAIT_BACKENDS);
3291 128 : PM_TOSTR_CASE(PM_WAIT_XLOG_SHUTDOWN);
3292 128 : PM_TOSTR_CASE(PM_WAIT_XLOG_ARCHIVAL);
3293 128 : PM_TOSTR_CASE(PM_WAIT_IO_WORKERS);
3294 166 : PM_TOSTR_CASE(PM_WAIT_DEAD_END);
3295 128 : PM_TOSTR_CASE(PM_WAIT_CHECKPOINTER);
3296 83 : PM_TOSTR_CASE(PM_NO_CHILDREN);
3297 : }
3298 : #undef PM_TOSTR_CASE
3299 :
3300 0 : pg_unreachable();
3301 : return ""; /* silence compiler */
3302 : }
3303 :
3304 : /*
3305 : * Simple wrapper for updating pmState. The main reason to have this wrapper
3306 : * is that it makes it easy to log all state transitions.
3307 : */
3308 : static void
3309 8472 : UpdatePMState(PMState newState)
3310 : {
3311 8472 : elog(DEBUG1, "updating PMState from %s to %s",
3312 : pmstate_name(pmState), pmstate_name(newState));
3313 8472 : pmState = newState;
3314 8472 : }
3315 :
3316 : /*
3317 : * Launch background processes after state change, or relaunch after an
3318 : * existing process has exited.
3319 : *
3320 : * Check the current pmState and the status of any background processes. If
3321 : * there are any background processes missing that should be running in the
3322 : * current state, but are not, launch them.
3323 : */
3324 : static void
3325 170971 : LaunchMissingBackgroundProcesses(void)
3326 : {
3327 : /* Syslogger is active in all states */
3328 170971 : if (SysLoggerPMChild == NULL && Logging_collector)
3329 0 : StartSysLogger();
3330 :
3331 : /*
3332 : * The number of configured workers might have changed, or a prior start
3333 : * of a worker might have failed. Check if we need to start/stop any
3334 : * workers.
3335 : *
3336 : * A config file change will always lead to this function being called, so
3337 : * we always will process the config change in a timely manner.
3338 : */
3339 170971 : maybe_start_io_workers();
3340 :
3341 : /*
3342 : * The checkpointer and the background writer are active from the start,
3343 : * until shutdown is initiated.
3344 : *
3345 : * (If the checkpointer is not running when we enter the
3346 : * PM_WAIT_XLOG_SHUTDOWN state, it is launched one more time to perform
3347 : * the shutdown checkpoint. That's done in PostmasterStateMachine(), not
3348 : * here.)
3349 : */
3350 170971 : if (pmState == PM_RUN || pmState == PM_RECOVERY ||
3351 9246 : pmState == PM_HOT_STANDBY || pmState == PM_STARTUP)
3352 : {
3353 164188 : if (CheckpointerPMChild == NULL)
3354 5 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
3355 164188 : if (BgWriterPMChild == NULL)
3356 5 : BgWriterPMChild = StartChildProcess(B_BG_WRITER);
3357 : }
3358 :
3359 : /*
3360 : * WAL writer is needed only in normal operation (else we cannot be
3361 : * writing any new WAL).
3362 : */
3363 170971 : if (WalWriterPMChild == NULL && pmState == PM_RUN)
3364 875 : WalWriterPMChild = StartChildProcess(B_WAL_WRITER);
3365 :
3366 : /*
3367 : * We don't want autovacuum to run in binary upgrade mode because
3368 : * autovacuum might update relfrozenxid for empty tables before the
3369 : * physical files are put in place.
3370 : */
3371 181266 : if (!IsBinaryUpgrade && AutoVacLauncherPMChild == NULL &&
3372 14471 : (AutoVacuumingActive() || start_autovac_launcher) &&
3373 6119 : pmState == PM_RUN)
3374 : {
3375 738 : AutoVacLauncherPMChild = StartChildProcess(B_AUTOVAC_LAUNCHER);
3376 738 : if (AutoVacLauncherPMChild != NULL)
3377 738 : start_autovac_launcher = false; /* signal processed */
3378 : }
3379 :
3380 : /*
3381 : * If WAL archiving is enabled always, we are allowed to start archiver
3382 : * even during recovery.
3383 : */
3384 170971 : if (PgArchPMChild == NULL &&
3385 169817 : ((XLogArchivingActive() && pmState == PM_RUN) ||
3386 169817 : (XLogArchivingAlways() && (pmState == PM_RECOVERY || pmState == PM_HOT_STANDBY))) &&
3387 54 : PgArchCanRestart())
3388 54 : PgArchPMChild = StartChildProcess(B_ARCHIVER);
3389 :
3390 : /*
3391 : * If we need to start a slot sync worker, try to do that now
3392 : *
3393 : * We allow to start the slot sync worker when we are on a hot standby,
3394 : * fast or immediate shutdown is not in progress, slot sync parameters are
3395 : * configured correctly, and it is the first time of worker's launch, or
3396 : * enough time has passed since the worker was launched last.
3397 : */
3398 170971 : if (SlotSyncWorkerPMChild == NULL && pmState == PM_HOT_STANDBY &&
3399 2251 : Shutdown <= SmartShutdown && sync_replication_slots &&
3400 35 : ValidateSlotSyncParams(LOG) && SlotSyncWorkerCanRestart())
3401 6 : SlotSyncWorkerPMChild = StartChildProcess(B_SLOTSYNC_WORKER);
3402 :
3403 : /*
3404 : * If we need to start a WAL receiver, try to do that now
3405 : *
3406 : * Note: if a walreceiver process is already running, it might seem that
3407 : * we should clear WalReceiverRequested. However, there's a race
3408 : * condition if the walreceiver terminates and the startup process
3409 : * immediately requests a new one: it's quite possible to get the signal
3410 : * for the request before reaping the dead walreceiver process. Better to
3411 : * risk launching an extra walreceiver than to miss launching one we need.
3412 : * (The walreceiver code has logic to recognize that it should go away if
3413 : * not needed.)
3414 : */
3415 170971 : if (WalReceiverRequested)
3416 : {
3417 362 : if (WalReceiverPMChild == NULL &&
3418 268 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
3419 266 : pmState == PM_HOT_STANDBY) &&
3420 257 : Shutdown <= SmartShutdown)
3421 : {
3422 257 : WalReceiverPMChild = StartChildProcess(B_WAL_RECEIVER);
3423 257 : if (WalReceiverPMChild != NULL)
3424 257 : WalReceiverRequested = false;
3425 : /* else leave the flag set, so we'll try again later */
3426 : }
3427 : }
3428 :
3429 : /* If we need to start a WAL summarizer, try to do that now */
3430 170971 : if (summarize_wal && WalSummarizerPMChild == NULL &&
3431 90 : (pmState == PM_RUN || pmState == PM_HOT_STANDBY) &&
3432 21 : Shutdown <= SmartShutdown)
3433 21 : WalSummarizerPMChild = StartChildProcess(B_WAL_SUMMARIZER);
3434 :
3435 : /* Get other worker processes running, if needed */
3436 170971 : if (StartWorkerNeeded || HaveCrashedWorker)
3437 8056 : maybe_start_bgworkers();
3438 170971 : }
3439 :
3440 : /*
3441 : * Return string representation of signal.
3442 : *
3443 : * Because this is only implemented for signals we already rely on in this
3444 : * file we don't need to deal with unimplemented or same-numeric-value signals
3445 : * (as we'd e.g. have to for EWOULDBLOCK / EAGAIN).
3446 : */
3447 : static const char *
3448 61 : pm_signame(int signal)
3449 : {
3450 : #define PM_TOSTR_CASE(sym) case sym: return #sym
3451 61 : switch (signal)
3452 : {
3453 0 : PM_TOSTR_CASE(SIGABRT);
3454 0 : PM_TOSTR_CASE(SIGCHLD);
3455 0 : PM_TOSTR_CASE(SIGHUP);
3456 7 : PM_TOSTR_CASE(SIGINT);
3457 0 : PM_TOSTR_CASE(SIGKILL);
3458 0 : PM_TOSTR_CASE(SIGQUIT);
3459 39 : PM_TOSTR_CASE(SIGTERM);
3460 0 : PM_TOSTR_CASE(SIGUSR1);
3461 15 : PM_TOSTR_CASE(SIGUSR2);
3462 0 : default:
3463 : /* all signals sent by postmaster should be listed here */
3464 : Assert(false);
3465 0 : return "(unknown)";
3466 : }
3467 : #undef PM_TOSTR_CASE
3468 :
3469 : return ""; /* silence compiler */
3470 : }
3471 :
3472 : /*
3473 : * Send a signal to a postmaster child process
3474 : *
3475 : * On systems that have setsid(), each child process sets itself up as a
3476 : * process group leader. For signals that are generally interpreted in the
3477 : * appropriate fashion, we signal the entire process group not just the
3478 : * direct child process. This allows us to, for example, SIGQUIT a blocked
3479 : * archive_recovery script, or SIGINT a script being run by a backend via
3480 : * system().
3481 : *
3482 : * There is a race condition for recently-forked children: they might not
3483 : * have executed setsid() yet. So we signal the child directly as well as
3484 : * the group. We assume such a child will handle the signal before trying
3485 : * to spawn any grandchild processes. We also assume that signaling the
3486 : * child twice will not cause any problems.
3487 : */
3488 : static void
3489 11074 : signal_child(PMChild *pmchild, int signal)
3490 : {
3491 11074 : pid_t pid = pmchild->pid;
3492 :
3493 11074 : ereport(DEBUG3,
3494 : (errmsg_internal("sending signal %d/%s to %s process with pid %d",
3495 : signal, pm_signame(signal),
3496 : GetBackendTypeDesc(pmchild->bkend_type),
3497 : (int) pmchild->pid)));
3498 :
3499 11074 : if (kill(pid, signal) < 0)
3500 0 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
3501 : #ifdef HAVE_SETSID
3502 11074 : switch (signal)
3503 : {
3504 6257 : case SIGINT:
3505 : case SIGTERM:
3506 : case SIGQUIT:
3507 : case SIGKILL:
3508 : case SIGABRT:
3509 6257 : if (kill(-pid, signal) < 0)
3510 4 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
3511 6257 : break;
3512 4817 : default:
3513 4817 : break;
3514 : }
3515 : #endif
3516 11074 : }
3517 :
3518 : /*
3519 : * Send a signal to the targeted children.
3520 : */
3521 : static bool
3522 3403 : SignalChildren(int signal, BackendTypeMask targetMask)
3523 : {
3524 : dlist_iter iter;
3525 3403 : bool signaled = false;
3526 :
3527 16259 : dlist_foreach(iter, &ActiveChildList)
3528 : {
3529 12856 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
3530 :
3531 : /*
3532 : * If we need to distinguish between B_BACKEND and B_WAL_SENDER, check
3533 : * if any B_BACKEND backends have recently announced that they are
3534 : * actually WAL senders.
3535 : */
3536 12856 : if (btmask_contains(targetMask, B_WAL_SENDER) != btmask_contains(targetMask, B_BACKEND) &&
3537 6796 : bp->bkend_type == B_BACKEND)
3538 : {
3539 537 : if (IsPostmasterChildWalSender(bp->child_slot))
3540 47 : bp->bkend_type = B_WAL_SENDER;
3541 : }
3542 :
3543 12856 : if (!btmask_contains(targetMask, bp->bkend_type))
3544 4548 : continue;
3545 :
3546 8308 : signal_child(bp, signal);
3547 8308 : signaled = true;
3548 : }
3549 3403 : return signaled;
3550 : }
3551 :
3552 : /*
3553 : * Send a termination signal to children. This considers all of our children
3554 : * processes, except syslogger.
3555 : */
3556 : static void
3557 358 : TerminateChildren(int signal)
3558 : {
3559 358 : SignalChildren(signal, btmask_all_except(B_LOGGER));
3560 358 : if (StartupPMChild != NULL)
3561 : {
3562 46 : if (signal == SIGQUIT || signal == SIGKILL || signal == SIGABRT)
3563 46 : StartupStatus = STARTUP_SIGNALED;
3564 : }
3565 358 : }
3566 :
3567 : /*
3568 : * BackendStartup -- start backend process
3569 : *
3570 : * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
3571 : *
3572 : * Note: if you change this code, also consider StartAutovacuumWorker and
3573 : * StartBackgroundWorker.
3574 : */
3575 : static int
3576 15087 : BackendStartup(ClientSocket *client_sock)
3577 : {
3578 15087 : PMChild *bn = NULL;
3579 : pid_t pid;
3580 : BackendStartupData startup_data;
3581 : CAC_state cac;
3582 :
3583 : /*
3584 : * Capture time that Postmaster got a socket from accept (for logging
3585 : * connection establishment and setup total duration).
3586 : */
3587 15087 : startup_data.socket_created = GetCurrentTimestamp();
3588 :
3589 : /*
3590 : * Allocate and assign the child slot. Note we must do this before
3591 : * forking, so that we can handle failures (out of memory or child-process
3592 : * slots) cleanly.
3593 : */
3594 15087 : cac = canAcceptConnections(B_BACKEND);
3595 15087 : if (cac == CAC_OK)
3596 : {
3597 : /* Can change later to B_WAL_SENDER */
3598 14879 : bn = AssignPostmasterChildSlot(B_BACKEND);
3599 14879 : if (!bn)
3600 : {
3601 : /*
3602 : * Too many regular child processes; launch a dead-end child
3603 : * process instead.
3604 : */
3605 28 : cac = CAC_TOOMANY;
3606 : }
3607 : }
3608 15087 : if (!bn)
3609 : {
3610 236 : bn = AllocDeadEndChild();
3611 236 : if (!bn)
3612 : {
3613 0 : ereport(LOG,
3614 : (errcode(ERRCODE_OUT_OF_MEMORY),
3615 : errmsg("out of memory")));
3616 0 : return STATUS_ERROR;
3617 : }
3618 : }
3619 :
3620 : /* Pass down canAcceptConnections state */
3621 15087 : startup_data.canAcceptConnections = cac;
3622 15087 : bn->rw = NULL;
3623 :
3624 : /* Hasn't asked to be notified about any bgworkers yet */
3625 15087 : bn->bgworker_notify = false;
3626 :
3627 15087 : pid = postmaster_child_launch(bn->bkend_type, bn->child_slot,
3628 : &startup_data, sizeof(startup_data),
3629 : client_sock);
3630 15087 : if (pid < 0)
3631 : {
3632 : /* in parent, fork failed */
3633 0 : int save_errno = errno;
3634 :
3635 0 : (void) ReleasePostmasterChildSlot(bn);
3636 0 : errno = save_errno;
3637 0 : ereport(LOG,
3638 : (errmsg("could not fork new process for connection: %m")));
3639 0 : report_fork_failure_to_client(client_sock, save_errno);
3640 0 : return STATUS_ERROR;
3641 : }
3642 :
3643 : /* in parent, successful fork */
3644 15087 : ereport(DEBUG2,
3645 : (errmsg_internal("forked new %s, pid=%d socket=%d",
3646 : GetBackendTypeDesc(bn->bkend_type),
3647 : (int) pid, (int) client_sock->sock)));
3648 :
3649 : /*
3650 : * Everything's been successful, it's safe to add this backend to our list
3651 : * of backends.
3652 : */
3653 15087 : bn->pid = pid;
3654 15087 : return STATUS_OK;
3655 : }
3656 :
3657 : /*
3658 : * Try to report backend fork() failure to client before we close the
3659 : * connection. Since we do not care to risk blocking the postmaster on
3660 : * this connection, we set the connection to non-blocking and try only once.
3661 : *
3662 : * This is grungy special-purpose code; we cannot use backend libpq since
3663 : * it's not up and running.
3664 : */
3665 : static void
3666 0 : report_fork_failure_to_client(ClientSocket *client_sock, int errnum)
3667 : {
3668 : char buffer[1000];
3669 : int rc;
3670 :
3671 : /* Format the error message packet (always V2 protocol) */
3672 0 : snprintf(buffer, sizeof(buffer), "E%s%s\n",
3673 : _("could not fork new process for connection: "),
3674 : strerror(errnum));
3675 :
3676 : /* Set port to non-blocking. Don't do send() if this fails */
3677 0 : if (!pg_set_noblock(client_sock->sock))
3678 0 : return;
3679 :
3680 : /* We'll retry after EINTR, but ignore all other failures */
3681 : do
3682 : {
3683 0 : rc = send(client_sock->sock, buffer, strlen(buffer) + 1, 0);
3684 0 : } while (rc < 0 && errno == EINTR);
3685 : }
3686 :
3687 : /*
3688 : * ExitPostmaster -- cleanup
3689 : *
3690 : * Do NOT call exit() directly --- always go through here!
3691 : */
3692 : static void
3693 986 : ExitPostmaster(int status)
3694 : {
3695 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
3696 :
3697 : /*
3698 : * There is no known cause for a postmaster to become multithreaded after
3699 : * startup. However, we might reach here via an error exit before
3700 : * reaching the test in PostmasterMain, so provide the same hint as there.
3701 : * This message uses LOG level, because an unclean shutdown at this point
3702 : * would usually not look much different from a clean shutdown.
3703 : */
3704 : if (pthread_is_threaded_np() != 0)
3705 : ereport(LOG,
3706 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
3707 : errmsg("postmaster became multithreaded"),
3708 : errhint("Set the LC_ALL environment variable to a valid locale.")));
3709 : #endif
3710 :
3711 : /* should cleanup shared memory and kill all backends */
3712 :
3713 : /*
3714 : * Not sure of the semantics here. When the Postmaster dies, should the
3715 : * backends all be killed? probably not.
3716 : *
3717 : * MUST -- vadim 05-10-1999
3718 : */
3719 :
3720 986 : proc_exit(status);
3721 : }
3722 :
3723 : /*
3724 : * Handle pmsignal conditions representing requests from backends,
3725 : * and check for promote and logrotate requests from pg_ctl.
3726 : */
3727 : static void
3728 130794 : process_pm_pmsignal(void)
3729 : {
3730 130794 : bool request_state_update = false;
3731 :
3732 130794 : pending_pm_pmsignal = false;
3733 :
3734 130794 : ereport(DEBUG2,
3735 : (errmsg_internal("postmaster received pmsignal signal")));
3736 :
3737 : /*
3738 : * RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in
3739 : * unexpected states. If the startup process quickly starts up, completes
3740 : * recovery, exits, we might process the death of the startup process
3741 : * first. We don't want to go back to recovery in that case.
3742 : */
3743 130794 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_STARTED) &&
3744 262 : pmState == PM_STARTUP && Shutdown == NoShutdown)
3745 : {
3746 : /* WAL redo has started. We're out of reinitialization. */
3747 262 : FatalError = false;
3748 262 : AbortStartTime = 0;
3749 262 : reachedConsistency = false;
3750 :
3751 : /*
3752 : * Start the archiver if we're responsible for (re-)archiving received
3753 : * files.
3754 : */
3755 : Assert(PgArchPMChild == NULL);
3756 262 : if (XLogArchivingAlways())
3757 3 : PgArchPMChild = StartChildProcess(B_ARCHIVER);
3758 :
3759 : /*
3760 : * If we aren't planning to enter hot standby mode later, treat
3761 : * RECOVERY_STARTED as meaning we're out of startup, and report status
3762 : * accordingly.
3763 : */
3764 262 : if (!EnableHotStandby)
3765 : {
3766 2 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STANDBY);
3767 : #ifdef USE_SYSTEMD
3768 : sd_notify(0, "READY=1");
3769 : #endif
3770 : }
3771 :
3772 262 : UpdatePMState(PM_RECOVERY);
3773 : }
3774 :
3775 130794 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_CONSISTENT) &&
3776 171 : pmState == PM_RECOVERY && Shutdown == NoShutdown)
3777 : {
3778 171 : reachedConsistency = true;
3779 : }
3780 :
3781 130794 : if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY) &&
3782 162 : (pmState == PM_RECOVERY && Shutdown == NoShutdown))
3783 : {
3784 162 : ereport(LOG,
3785 : (errmsg("database system is ready to accept read-only connections")));
3786 :
3787 : /* Report status */
3788 162 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
3789 : #ifdef USE_SYSTEMD
3790 : sd_notify(0, "READY=1");
3791 : #endif
3792 :
3793 162 : UpdatePMState(PM_HOT_STANDBY);
3794 162 : connsAllowed = true;
3795 :
3796 : /* Some workers may be scheduled to start now */
3797 162 : StartWorkerNeeded = true;
3798 : }
3799 :
3800 : /* Process IO worker start requests. */
3801 130794 : if (CheckPostmasterSignal(PMSIGNAL_IO_WORKER_GROW))
3802 : {
3803 : /*
3804 : * No local flag, as the state is exposed through pgaio_worker_*()
3805 : * functions. This signal is received on potentially actionable level
3806 : * changes, so that maybe_start_io_workers() will run.
3807 : */
3808 : }
3809 :
3810 : /* Process background worker state changes. */
3811 130794 : if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))
3812 : {
3813 : /* Accept new worker requests only if not stopping. */
3814 1708 : BackgroundWorkerStateChange(pmState < PM_STOP_BACKENDS);
3815 1708 : StartWorkerNeeded = true;
3816 : }
3817 :
3818 : /* Tell syslogger to rotate logfile if requested */
3819 130794 : if (SysLoggerPMChild != NULL)
3820 : {
3821 2 : if (CheckLogrotateSignal())
3822 : {
3823 1 : signal_child(SysLoggerPMChild, SIGUSR1);
3824 1 : RemoveLogrotateSignalFiles();
3825 : }
3826 1 : else if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE))
3827 : {
3828 0 : signal_child(SysLoggerPMChild, SIGUSR1);
3829 : }
3830 : }
3831 :
3832 130794 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER) &&
3833 125396 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
3834 : {
3835 : /*
3836 : * Start one iteration of the autovacuum daemon, even if autovacuuming
3837 : * is nominally not enabled. This is so we can have an active defense
3838 : * against transaction ID wraparound. We set a flag for the main loop
3839 : * to do it rather than trying to do it here --- this is because the
3840 : * autovac process itself may send the signal, and we want to handle
3841 : * that by launching another iteration as soon as the current one
3842 : * completes.
3843 : */
3844 125396 : start_autovac_launcher = true;
3845 : }
3846 :
3847 130794 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER) &&
3848 1440 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
3849 : {
3850 : /* The autovacuum launcher wants us to start a worker process. */
3851 1440 : StartAutovacuumWorker();
3852 : }
3853 :
3854 130794 : if (CheckPostmasterSignal(PMSIGNAL_START_WALRECEIVER))
3855 : {
3856 : /* Startup Process wants us to start the walreceiver process. */
3857 260 : WalReceiverRequested = true;
3858 : }
3859 :
3860 130794 : if (CheckPostmasterSignal(PMSIGNAL_XLOG_IS_SHUTDOWN))
3861 : {
3862 : /* Checkpointer completed the shutdown checkpoint */
3863 631 : if (pmState == PM_WAIT_XLOG_SHUTDOWN)
3864 : {
3865 : /*
3866 : * If we have an archiver subprocess, tell it to do a last archive
3867 : * cycle and quit. Likewise, if we have walsender processes, tell
3868 : * them to send any remaining WAL and quit.
3869 : */
3870 : Assert(Shutdown > NoShutdown);
3871 :
3872 : /* Waken archiver for the last time */
3873 631 : if (PgArchPMChild != NULL)
3874 17 : signal_child(PgArchPMChild, SIGUSR2);
3875 :
3876 : /*
3877 : * Waken walsenders for the last time. No regular backends should
3878 : * be around anymore.
3879 : */
3880 631 : SignalChildren(SIGUSR2, btmask(B_WAL_SENDER));
3881 :
3882 631 : UpdatePMState(PM_WAIT_XLOG_ARCHIVAL);
3883 : }
3884 0 : else if (!FatalError && Shutdown != ImmediateShutdown)
3885 : {
3886 : /*
3887 : * Checkpointer only ought to perform the shutdown checkpoint
3888 : * during shutdown. If somehow checkpointer did so in another
3889 : * situation, we have no choice but to crash-restart.
3890 : *
3891 : * It's possible however that we get PMSIGNAL_XLOG_IS_SHUTDOWN
3892 : * outside of PM_WAIT_XLOG_SHUTDOWN if an orderly shutdown was
3893 : * "interrupted" by a crash or an immediate shutdown.
3894 : */
3895 0 : ereport(LOG,
3896 : (errmsg("WAL was shut down unexpectedly")));
3897 :
3898 : /*
3899 : * Doesn't seem likely to help to take send_abort_for_crash into
3900 : * account here.
3901 : */
3902 0 : HandleFatalError(PMQUIT_FOR_CRASH, false);
3903 : }
3904 :
3905 : /*
3906 : * Need to run PostmasterStateMachine() to check if we already can go
3907 : * to the next state.
3908 : */
3909 631 : request_state_update = true;
3910 : }
3911 :
3912 : /*
3913 : * Try to advance postmaster's state machine, if a child requests it.
3914 : */
3915 130794 : if (CheckPostmasterSignal(PMSIGNAL_ADVANCE_STATE_MACHINE))
3916 : {
3917 1336 : request_state_update = true;
3918 : }
3919 :
3920 : /*
3921 : * Be careful about the order of this action relative to this function's
3922 : * other actions. Generally, this should be after other actions, in case
3923 : * they have effects PostmasterStateMachine would need to know about.
3924 : * However, we should do it before the CheckPromoteSignal step, which
3925 : * cannot have any (immediate) effect on the state machine, but does
3926 : * depend on what state we're in now.
3927 : */
3928 130794 : if (request_state_update)
3929 : {
3930 1967 : PostmasterStateMachine();
3931 : }
3932 :
3933 130794 : if (StartupPMChild != NULL &&
3934 659 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
3935 1104 : pmState == PM_HOT_STANDBY) &&
3936 659 : CheckPromoteSignal())
3937 : {
3938 : /*
3939 : * Tell startup process to finish recovery.
3940 : *
3941 : * Leave the promote signal file in place and let the Startup process
3942 : * do the unlink.
3943 : */
3944 48 : signal_child(StartupPMChild, SIGUSR2);
3945 : }
3946 130794 : }
3947 :
3948 : /*
3949 : * Dummy signal handler
3950 : *
3951 : * We use this for signals that we don't actually use in the postmaster,
3952 : * but we do use in backends. If we were to PG_SIG_IGN such signals in the
3953 : * postmaster, then a newly started backend might drop a signal that arrives
3954 : * before it's able to reconfigure its signal processing. (See notes in
3955 : * tcop/postgres.c.)
3956 : */
3957 : static void
3958 0 : dummy_handler(SIGNAL_ARGS)
3959 : {
3960 0 : }
3961 :
3962 : /*
3963 : * Count up number of child processes of specified types.
3964 : */
3965 : static int
3966 6996 : CountChildren(BackendTypeMask targetMask)
3967 : {
3968 : dlist_iter iter;
3969 6996 : int cnt = 0;
3970 :
3971 35378 : dlist_foreach(iter, &ActiveChildList)
3972 : {
3973 28382 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
3974 :
3975 : /*
3976 : * If we need to distinguish between B_BACKEND and B_WAL_SENDER, check
3977 : * if any B_BACKEND backends have recently announced that they are
3978 : * actually WAL senders.
3979 : */
3980 28382 : if (btmask_contains(targetMask, B_WAL_SENDER) != btmask_contains(targetMask, B_BACKEND) &&
3981 18988 : bp->bkend_type == B_BACKEND)
3982 : {
3983 858 : if (IsPostmasterChildWalSender(bp->child_slot))
3984 0 : bp->bkend_type = B_WAL_SENDER;
3985 : }
3986 :
3987 28382 : if (!btmask_contains(targetMask, bp->bkend_type))
3988 13153 : continue;
3989 :
3990 15229 : ereport(DEBUG4,
3991 : (errmsg_internal("%s process %d is still running",
3992 : GetBackendTypeDesc(bp->bkend_type), (int) bp->pid)));
3993 :
3994 15229 : cnt++;
3995 : }
3996 6996 : return cnt;
3997 : }
3998 :
3999 :
4000 : /*
4001 : * StartChildProcess -- start an auxiliary process for the postmaster
4002 : *
4003 : * "type" determines what kind of child will be started. All child types
4004 : * initially go to AuxiliaryProcessMain, which will handle common setup.
4005 : *
4006 : * Return value of StartChildProcess is subprocess' PMChild entry, or NULL on
4007 : * failure.
4008 : */
4009 : static PMChild *
4010 8382 : StartChildProcess(BackendType type)
4011 : {
4012 : PMChild *pmchild;
4013 : pid_t pid;
4014 :
4015 8382 : pmchild = AssignPostmasterChildSlot(type);
4016 8382 : if (!pmchild)
4017 : {
4018 0 : if (type == B_AUTOVAC_WORKER)
4019 0 : ereport(LOG,
4020 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
4021 : errmsg("no slot available for new autovacuum worker process")));
4022 : else
4023 : {
4024 : /* shouldn't happen because we allocate enough slots */
4025 0 : elog(LOG, "no postmaster child slot available for aux process");
4026 : }
4027 0 : return NULL;
4028 : }
4029 :
4030 8382 : pid = postmaster_child_launch(type, pmchild->child_slot, NULL, 0, NULL);
4031 8382 : if (pid < 0)
4032 : {
4033 : /* in parent, fork failed */
4034 0 : ReleasePostmasterChildSlot(pmchild);
4035 0 : ereport(LOG,
4036 : (errmsg("could not fork \"%s\" process: %m", PostmasterChildName(type))));
4037 :
4038 : /*
4039 : * fork failure is fatal during startup, but there's no need to choke
4040 : * immediately if starting other child types fails.
4041 : */
4042 0 : if (type == B_STARTUP)
4043 0 : ExitPostmaster(1);
4044 0 : return NULL;
4045 : }
4046 :
4047 : /* in parent, successful fork */
4048 8382 : pmchild->pid = pid;
4049 8382 : return pmchild;
4050 : }
4051 :
4052 : /*
4053 : * StartSysLogger -- start the syslogger process
4054 : */
4055 : void
4056 1 : StartSysLogger(void)
4057 : {
4058 : Assert(SysLoggerPMChild == NULL);
4059 :
4060 1 : SysLoggerPMChild = AssignPostmasterChildSlot(B_LOGGER);
4061 1 : if (!SysLoggerPMChild)
4062 0 : elog(PANIC, "no postmaster child slot available for syslogger");
4063 1 : SysLoggerPMChild->pid = SysLogger_Start(SysLoggerPMChild->child_slot);
4064 1 : if (SysLoggerPMChild->pid == 0)
4065 : {
4066 0 : ReleasePostmasterChildSlot(SysLoggerPMChild);
4067 0 : SysLoggerPMChild = NULL;
4068 : }
4069 1 : }
4070 :
4071 : /*
4072 : * StartAutovacuumWorker
4073 : * Start an autovac worker process.
4074 : *
4075 : * This function is here because it enters the resulting PID into the
4076 : * postmaster's private backends list.
4077 : *
4078 : * NB -- this code very roughly matches BackendStartup.
4079 : */
4080 : static void
4081 1440 : StartAutovacuumWorker(void)
4082 : {
4083 : PMChild *bn;
4084 :
4085 : /*
4086 : * If not in condition to run a process, don't try, but handle it like a
4087 : * fork failure. This does not normally happen, since the signal is only
4088 : * supposed to be sent by autovacuum launcher when it's OK to do it, but
4089 : * we have to check to avoid race-condition problems during DB state
4090 : * changes.
4091 : */
4092 1440 : if (canAcceptConnections(B_AUTOVAC_WORKER) == CAC_OK)
4093 : {
4094 1440 : bn = StartChildProcess(B_AUTOVAC_WORKER);
4095 1440 : if (bn)
4096 : {
4097 1440 : bn->bgworker_notify = false;
4098 1440 : bn->rw = NULL;
4099 1440 : return;
4100 : }
4101 : else
4102 : {
4103 : /*
4104 : * fork failed, fall through to report -- actual error message was
4105 : * logged by StartChildProcess
4106 : */
4107 : }
4108 : }
4109 :
4110 : /*
4111 : * Report the failure to the launcher, if it's running. (If it's not, we
4112 : * might not even be connected to shared memory, so don't try to call
4113 : * AutoVacWorkerFailed.) Note that we also need to signal it so that it
4114 : * responds to the condition, but we don't do that here, instead waiting
4115 : * for ServerLoop to do it. This way we avoid a ping-pong signaling in
4116 : * quick succession between the autovac launcher and postmaster in case
4117 : * things get ugly.
4118 : */
4119 0 : if (AutoVacLauncherPMChild != NULL)
4120 : {
4121 0 : AutoVacWorkerFailed();
4122 0 : avlauncher_needs_signal = true;
4123 : }
4124 : }
4125 :
4126 :
4127 : /*
4128 : * Create the opts file
4129 : */
4130 : static bool
4131 984 : CreateOptsFile(int argc, char *argv[], char *fullprogname)
4132 : {
4133 : FILE *fp;
4134 : int i;
4135 :
4136 : #define OPTS_FILE "postmaster.opts"
4137 :
4138 984 : if ((fp = fopen(OPTS_FILE, "w")) == NULL)
4139 : {
4140 0 : ereport(LOG,
4141 : (errcode_for_file_access(),
4142 : errmsg("could not create file \"%s\": %m", OPTS_FILE)));
4143 0 : return false;
4144 : }
4145 :
4146 984 : fprintf(fp, "%s", fullprogname);
4147 5138 : for (i = 1; i < argc; i++)
4148 4154 : fprintf(fp, " \"%s\"", argv[i]);
4149 984 : fputs("\n", fp);
4150 :
4151 984 : if (fclose(fp))
4152 : {
4153 0 : ereport(LOG,
4154 : (errcode_for_file_access(),
4155 : errmsg("could not write file \"%s\": %m", OPTS_FILE)));
4156 0 : return false;
4157 : }
4158 :
4159 984 : return true;
4160 : }
4161 :
4162 :
4163 : /*
4164 : * Start a new bgworker.
4165 : * Starting time conditions must have been checked already.
4166 : *
4167 : * Returns true on success, false on failure.
4168 : * In either case, update the RegisteredBgWorker's state appropriately.
4169 : *
4170 : * NB -- this code very roughly matches BackendStartup.
4171 : */
4172 : static bool
4173 3537 : StartBackgroundWorker(RegisteredBgWorker *rw)
4174 : {
4175 : PMChild *bn;
4176 : pid_t worker_pid;
4177 :
4178 : Assert(rw->rw_pid == 0);
4179 :
4180 : /*
4181 : * Allocate and assign the child slot. Note we must do this before
4182 : * forking, so that we can handle failures (out of memory or child-process
4183 : * slots) cleanly.
4184 : *
4185 : * Treat failure as though the worker had crashed. That way, the
4186 : * postmaster will wait a bit before attempting to start it again; if we
4187 : * tried again right away, most likely we'd find ourselves hitting the
4188 : * same resource-exhaustion condition.
4189 : */
4190 3537 : bn = AssignPostmasterChildSlot(B_BG_WORKER);
4191 3537 : if (bn == NULL)
4192 : {
4193 0 : ereport(LOG,
4194 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
4195 : errmsg("no slot available for new background worker process")));
4196 0 : rw->rw_crashed_at = GetCurrentTimestamp();
4197 0 : return false;
4198 : }
4199 3537 : bn->rw = rw;
4200 3537 : bn->bkend_type = B_BG_WORKER;
4201 3537 : bn->bgworker_notify = false;
4202 :
4203 3537 : ereport(DEBUG1,
4204 : (errmsg_internal("starting background worker process \"%s\"",
4205 : rw->rw_worker.bgw_name)));
4206 :
4207 3537 : worker_pid = postmaster_child_launch(B_BG_WORKER, bn->child_slot,
4208 3537 : &rw->rw_worker, sizeof(BackgroundWorker), NULL);
4209 3537 : if (worker_pid == -1)
4210 : {
4211 : /* in postmaster, fork failed ... */
4212 0 : ereport(LOG,
4213 : (errmsg("could not fork background worker process: %m")));
4214 : /* undo what AssignPostmasterChildSlot did */
4215 0 : ReleasePostmasterChildSlot(bn);
4216 :
4217 : /* mark entry as crashed, so we'll try again later */
4218 0 : rw->rw_crashed_at = GetCurrentTimestamp();
4219 0 : return false;
4220 : }
4221 :
4222 : /* in postmaster, fork successful ... */
4223 3537 : rw->rw_pid = worker_pid;
4224 3537 : bn->pid = rw->rw_pid;
4225 3537 : ReportBackgroundWorkerPID(rw);
4226 3537 : return true;
4227 : }
4228 :
4229 : /*
4230 : * Does the current postmaster state require starting a worker with the
4231 : * specified start_time?
4232 : */
4233 : static bool
4234 4627 : bgworker_should_start_now(BgWorkerStartTime start_time)
4235 : {
4236 4627 : switch (pmState)
4237 : {
4238 0 : case PM_NO_CHILDREN:
4239 : case PM_WAIT_CHECKPOINTER:
4240 : case PM_WAIT_DEAD_END:
4241 : case PM_WAIT_XLOG_ARCHIVAL:
4242 : case PM_WAIT_XLOG_SHUTDOWN:
4243 : case PM_WAIT_IO_WORKERS:
4244 : case PM_WAIT_BACKENDS:
4245 : case PM_STOP_BACKENDS:
4246 0 : break;
4247 :
4248 3537 : case PM_RUN:
4249 3537 : if (start_time == BgWorkerStart_RecoveryFinished)
4250 1507 : return true;
4251 : pg_fallthrough;
4252 :
4253 : case PM_HOT_STANDBY:
4254 2188 : if (start_time == BgWorkerStart_ConsistentState)
4255 2030 : return true;
4256 : pg_fallthrough;
4257 :
4258 : case PM_RECOVERY:
4259 : case PM_STARTUP:
4260 : case PM_INIT:
4261 1090 : if (start_time == BgWorkerStart_PostmasterStart)
4262 0 : return true;
4263 : }
4264 :
4265 1090 : return false;
4266 : }
4267 :
4268 : /*
4269 : * If the time is right, start background worker(s).
4270 : *
4271 : * As a side effect, the bgworker control variables are set or reset
4272 : * depending on whether more workers may need to be started.
4273 : *
4274 : * We limit the number of workers started per call, to avoid consuming the
4275 : * postmaster's attention for too long when many such requests are pending.
4276 : * As long as StartWorkerNeeded is true, ServerLoop will not block and will
4277 : * call this function again after dealing with any other issues.
4278 : */
4279 : static void
4280 9040 : maybe_start_bgworkers(void)
4281 : {
4282 : #define MAX_BGWORKERS_TO_LAUNCH 100
4283 9040 : int num_launched = 0;
4284 9040 : TimestampTz now = 0;
4285 : dlist_mutable_iter iter;
4286 :
4287 : /*
4288 : * During crash recovery, we have no need to be called until the state
4289 : * transition out of recovery.
4290 : */
4291 9040 : if (FatalError)
4292 : {
4293 0 : StartWorkerNeeded = false;
4294 0 : HaveCrashedWorker = false;
4295 0 : return;
4296 : }
4297 :
4298 : /* Don't need to be called again unless we find a reason for it below */
4299 9040 : StartWorkerNeeded = false;
4300 9040 : HaveCrashedWorker = false;
4301 :
4302 24646 : dlist_foreach_modify(iter, &BackgroundWorkerList)
4303 : {
4304 : RegisteredBgWorker *rw;
4305 :
4306 15606 : rw = dlist_container(RegisteredBgWorker, rw_lnode, iter.cur);
4307 :
4308 : /* ignore if already running */
4309 15606 : if (rw->rw_pid != 0)
4310 8006 : continue;
4311 :
4312 : /* if marked for death, clean up and remove from list */
4313 7600 : if (rw->rw_terminate)
4314 : {
4315 0 : ForgetBackgroundWorker(rw);
4316 0 : continue;
4317 : }
4318 :
4319 : /*
4320 : * If this worker has crashed previously, maybe it needs to be
4321 : * restarted (unless on registration it specified it doesn't want to
4322 : * be restarted at all). Check how long ago did a crash last happen.
4323 : * If the last crash is too recent, don't start it right away; let it
4324 : * be restarted once enough time has passed.
4325 : */
4326 7600 : if (rw->rw_crashed_at != 0)
4327 : {
4328 2973 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
4329 0 : {
4330 : int notify_pid;
4331 :
4332 0 : notify_pid = rw->rw_worker.bgw_notify_pid;
4333 :
4334 0 : ForgetBackgroundWorker(rw);
4335 :
4336 : /* Report worker is gone now. */
4337 0 : if (notify_pid != 0)
4338 0 : kill(notify_pid, SIGUSR1);
4339 :
4340 0 : continue;
4341 : }
4342 :
4343 : /* read system time only when needed */
4344 2973 : if (now == 0)
4345 2973 : now = GetCurrentTimestamp();
4346 :
4347 2973 : if (!TimestampDifferenceExceeds(rw->rw_crashed_at, now,
4348 2973 : rw->rw_worker.bgw_restart_time * 1000))
4349 : {
4350 : /* Set flag to remember that we have workers to start later */
4351 2973 : HaveCrashedWorker = true;
4352 2973 : continue;
4353 : }
4354 : }
4355 :
4356 4627 : if (bgworker_should_start_now(rw->rw_worker.bgw_start_time))
4357 : {
4358 : /* reset crash time before trying to start worker */
4359 3537 : rw->rw_crashed_at = 0;
4360 :
4361 : /*
4362 : * Try to start the worker.
4363 : *
4364 : * On failure, give up processing workers for now, but set
4365 : * StartWorkerNeeded so we'll come back here on the next iteration
4366 : * of ServerLoop to try again. (We don't want to wait, because
4367 : * there might be additional ready-to-run workers.) We could set
4368 : * HaveCrashedWorker as well, since this worker is now marked
4369 : * crashed, but there's no need because the next run of this
4370 : * function will do that.
4371 : */
4372 3537 : if (!StartBackgroundWorker(rw))
4373 : {
4374 0 : StartWorkerNeeded = true;
4375 0 : return;
4376 : }
4377 :
4378 : /*
4379 : * If we've launched as many workers as allowed, quit, but have
4380 : * ServerLoop call us again to look for additional ready-to-run
4381 : * workers. There might not be any, but we'll find out the next
4382 : * time we run.
4383 : */
4384 3537 : if (++num_launched >= MAX_BGWORKERS_TO_LAUNCH)
4385 : {
4386 0 : StartWorkerNeeded = true;
4387 0 : return;
4388 : }
4389 : }
4390 : }
4391 : }
4392 :
4393 : static bool
4394 22085 : maybe_reap_io_worker(int pid)
4395 : {
4396 665662 : for (int i = 0; i < MAX_IO_WORKERS; ++i)
4397 : {
4398 645598 : if (io_worker_children[i] &&
4399 43501 : io_worker_children[i]->pid == pid)
4400 : {
4401 2021 : ReleasePostmasterChildSlot(io_worker_children[i]);
4402 :
4403 2021 : --io_worker_count;
4404 2021 : io_worker_children[i] = NULL;
4405 2021 : return true;
4406 : }
4407 : }
4408 20064 : return false;
4409 : }
4410 :
4411 : /*
4412 : * Returns the next time at which maybe_start_io_workers() would start one or
4413 : * more I/O workers. Any time in the past means ASAP, and 0 means no worker
4414 : * is currently scheduled.
4415 : *
4416 : * This is called by DetermineSleepTime() and also maybe_start_io_workers()
4417 : * itself, to make sure that they agree.
4418 : */
4419 : static TimestampTz
4420 346479 : maybe_start_io_workers_scheduled_at(void)
4421 : {
4422 346479 : if (!pgaio_workers_enabled())
4423 230 : return 0;
4424 :
4425 : /*
4426 : * If we're in final shutting down state, then we're just waiting for all
4427 : * processes to exit.
4428 : */
4429 346249 : if (pmState >= PM_WAIT_IO_WORKERS)
4430 5168 : return 0;
4431 :
4432 : /* Don't start new workers during an immediate shutdown either. */
4433 341081 : if (Shutdown >= ImmediateShutdown)
4434 2174 : return 0;
4435 :
4436 : /*
4437 : * Don't start new workers if we're in the shutdown phase of a crash
4438 : * restart. But we *do* need to start if we're already starting up again.
4439 : */
4440 338907 : if (FatalError && pmState >= PM_STOP_BACKENDS)
4441 110 : return 0;
4442 :
4443 : /*
4444 : * Don't start a worker if we're at or above the maximum. (Excess workers
4445 : * exit when the GUC is lowered, but the count can be temporarily too high
4446 : * until they are reaped.)
4447 : */
4448 338797 : if (io_worker_count >= io_max_workers)
4449 39 : return 0;
4450 :
4451 : /* If we're under the minimum, start a worker as soon as possible. */
4452 338758 : if (io_worker_count < io_min_workers)
4453 2008 : return TIMESTAMP_MINUS_INFINITY; /* start worker ASAP */
4454 :
4455 : /* Only proceed if a "grow" signal has been received from a worker. */
4456 336750 : if (!pgaio_worker_pm_test_grow_signal_sent())
4457 336672 : return 0;
4458 :
4459 : /*
4460 : * maybe_start_io_workers() should start a new I/O worker after this time,
4461 : * or as soon as possible if is already in the past.
4462 : */
4463 78 : return io_worker_launch_next_time;
4464 : }
4465 :
4466 : /*
4467 : * Start I/O workers if required. Used at startup, to respond to change of
4468 : * the io_min_workers GUC, when asked to start a new one due to submission
4469 : * queue backlog, and after workers terminate in response to errors (by
4470 : * starting "replacement" workers).
4471 : */
4472 : static void
4473 173981 : maybe_start_io_workers(void)
4474 : {
4475 : TimestampTz scheduled_at;
4476 :
4477 176002 : while ((scheduled_at = maybe_start_io_workers_scheduled_at()) != 0)
4478 : {
4479 2071 : TimestampTz now = GetCurrentTimestamp();
4480 : PMChild *child;
4481 : int i;
4482 :
4483 : Assert(pmState < PM_WAIT_IO_WORKERS);
4484 :
4485 : /* Still waiting for the scheduled time? */
4486 2071 : if (scheduled_at > now)
4487 15 : break;
4488 :
4489 : /*
4490 : * Compute next launch time relative to the previous value, so that
4491 : * time spent on the postmaster's other duties don't result in an
4492 : * inaccurate launch interval.
4493 : */
4494 2056 : io_worker_launch_next_time =
4495 2056 : TimestampTzPlusMilliseconds(io_worker_launch_next_time,
4496 : io_worker_launch_interval);
4497 :
4498 : /*
4499 : * If that's already in the past, the interval is either impossibly
4500 : * short or we received no requests for new workers for a period.
4501 : * Compute a new future time relative to now instead.
4502 : */
4503 2056 : if (io_worker_launch_next_time <= now)
4504 1054 : io_worker_launch_next_time =
4505 1054 : TimestampTzPlusMilliseconds(now, io_worker_launch_interval);
4506 :
4507 : /*
4508 : * Check if a grow signal has been received, but the grow request has
4509 : * been canceled since then because work ran out. We've still
4510 : * advanced the next launch time, to suppress repeat signals from
4511 : * workers until then.
4512 : */
4513 2056 : if (io_worker_count >= io_min_workers && !pgaio_worker_pm_test_grow())
4514 : {
4515 35 : pgaio_worker_pm_clear_grow_signal_sent();
4516 35 : break;
4517 : }
4518 :
4519 : /* find unused entry in io_worker_children array */
4520 3550 : for (i = 0; i < MAX_IO_WORKERS; ++i)
4521 : {
4522 3550 : if (io_worker_children[i] == NULL)
4523 2021 : break;
4524 : }
4525 2021 : if (i == MAX_IO_WORKERS)
4526 0 : elog(ERROR, "could not find a free IO worker slot");
4527 :
4528 : /* Try to launch one. */
4529 2021 : child = StartChildProcess(B_IO_WORKER);
4530 2021 : if (child != NULL)
4531 : {
4532 2021 : io_worker_children[i] = child;
4533 2021 : ++io_worker_count;
4534 : }
4535 : else
4536 : {
4537 : /*
4538 : * Fork failure: we'll try again after the launch interval
4539 : * expires, or be called again without delay if we don't yet have
4540 : * io_min_workers. Don't loop here though, the postmaster has
4541 : * other duties.
4542 : */
4543 0 : break;
4544 : }
4545 : }
4546 :
4547 : /*
4548 : * Workers decide when to shut down by themselves, according to the
4549 : * io_max_workers and io_worker_idle_timeout GUCs.
4550 : */
4551 173981 : }
4552 :
4553 :
4554 : /*
4555 : * When a backend asks to be notified about worker state changes, we
4556 : * set a flag in its backend entry. The background worker machinery needs
4557 : * to know when such backends exit.
4558 : */
4559 : bool
4560 2711 : PostmasterMarkPIDForWorkerNotify(int pid)
4561 : {
4562 : dlist_iter iter;
4563 : PMChild *bp;
4564 :
4565 6977 : dlist_foreach(iter, &ActiveChildList)
4566 : {
4567 6977 : bp = dlist_container(PMChild, elem, iter.cur);
4568 6977 : if (bp->pid == pid)
4569 : {
4570 2711 : bp->bgworker_notify = true;
4571 2711 : return true;
4572 : }
4573 : }
4574 0 : return false;
4575 : }
4576 :
4577 : #ifdef WIN32
4578 :
4579 : /*
4580 : * Subset implementation of waitpid() for Windows. We assume pid is -1
4581 : * (that is, check all child processes) and options is WNOHANG (don't wait).
4582 : */
4583 : static pid_t
4584 : waitpid(pid_t pid, int *exitstatus, int options)
4585 : {
4586 : win32_deadchild_waitinfo *childinfo;
4587 : DWORD exitcode;
4588 : DWORD dwd;
4589 : ULONG_PTR key;
4590 : OVERLAPPED *ovl;
4591 :
4592 : /* Try to consume one win32_deadchild_waitinfo from the queue. */
4593 : if (!GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
4594 : {
4595 : errno = EAGAIN;
4596 : return -1;
4597 : }
4598 :
4599 : childinfo = (win32_deadchild_waitinfo *) key;
4600 : pid = childinfo->procId;
4601 :
4602 : /*
4603 : * Remove handle from wait - required even though it's set to wait only
4604 : * once
4605 : */
4606 : UnregisterWaitEx(childinfo->waitHandle, NULL);
4607 :
4608 : if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
4609 : {
4610 : /*
4611 : * Should never happen. Inform user and set a fixed exitcode.
4612 : */
4613 : write_stderr("could not read exit code for process\n");
4614 : exitcode = 255;
4615 : }
4616 : *exitstatus = exitcode;
4617 :
4618 : /*
4619 : * Close the process handle. Only after this point can the PID can be
4620 : * recycled by the kernel.
4621 : */
4622 : CloseHandle(childinfo->procHandle);
4623 :
4624 : /*
4625 : * Free struct that was allocated before the call to
4626 : * RegisterWaitForSingleObject()
4627 : */
4628 : pfree(childinfo);
4629 :
4630 : return pid;
4631 : }
4632 :
4633 : /*
4634 : * Note! Code below executes on a thread pool! All operations must
4635 : * be thread safe! Note that elog() and friends must *not* be used.
4636 : */
4637 : static void WINAPI
4638 : pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
4639 : {
4640 : /* Should never happen, since we use INFINITE as timeout value. */
4641 : if (TimerOrWaitFired)
4642 : return;
4643 :
4644 : /*
4645 : * Post the win32_deadchild_waitinfo object for waitpid() to deal with. If
4646 : * that fails, we leak the object, but we also leak a whole process and
4647 : * get into an unrecoverable state, so there's not much point in worrying
4648 : * about that. We'd like to panic, but we can't use that infrastructure
4649 : * from this thread.
4650 : */
4651 : if (!PostQueuedCompletionStatus(win32ChildQueue,
4652 : 0,
4653 : (ULONG_PTR) lpParameter,
4654 : NULL))
4655 : write_stderr("could not post child completion status\n");
4656 :
4657 : /* Queue SIGCHLD signal. */
4658 : pg_queue_signal(SIGCHLD);
4659 : }
4660 :
4661 : /*
4662 : * Queue a waiter to signal when this child dies. The wait will be handled
4663 : * automatically by an operating system thread pool. The memory and the
4664 : * process handle will be freed by a later call to waitpid().
4665 : */
4666 : void
4667 : pgwin32_register_deadchild_callback(HANDLE procHandle, DWORD procId)
4668 : {
4669 : win32_deadchild_waitinfo *childinfo;
4670 :
4671 : childinfo = palloc_object(win32_deadchild_waitinfo);
4672 : childinfo->procHandle = procHandle;
4673 : childinfo->procId = procId;
4674 :
4675 : if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
4676 : procHandle,
4677 : pgwin32_deadchild_callback,
4678 : childinfo,
4679 : INFINITE,
4680 : WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
4681 : ereport(FATAL,
4682 : (errmsg_internal("could not register process for wait: error code %lu",
4683 : GetLastError())));
4684 : }
4685 :
4686 : #endif /* WIN32 */
4687 :
4688 : /*
4689 : * Initialize one and only handle for monitoring postmaster death.
4690 : *
4691 : * Called once in the postmaster, so that child processes can subsequently
4692 : * monitor if their parent is dead.
4693 : */
4694 : static void
4695 984 : InitPostmasterDeathWatchHandle(void)
4696 : {
4697 : #ifndef WIN32
4698 :
4699 : /*
4700 : * Create a pipe. Postmaster holds the write end of the pipe open
4701 : * (POSTMASTER_FD_OWN), and children hold the read end. Children can pass
4702 : * the read file descriptor to select() to wake up in case postmaster
4703 : * dies, or check for postmaster death with a (read() == 0). Children must
4704 : * close the write end as soon as possible after forking, because EOF
4705 : * won't be signaled in the read end until all processes have closed the
4706 : * write fd. That is taken care of in ClosePostmasterPorts().
4707 : */
4708 : Assert(MyProcPid == PostmasterPid);
4709 984 : if (pipe(postmaster_alive_fds) < 0)
4710 0 : ereport(FATAL,
4711 : (errcode_for_file_access(),
4712 : errmsg_internal("could not create pipe to monitor postmaster death: %m")));
4713 :
4714 : /* Notify fd.c that we've eaten two FDs for the pipe. */
4715 984 : ReserveExternalFD();
4716 984 : ReserveExternalFD();
4717 :
4718 : /*
4719 : * Set O_NONBLOCK to allow testing for the fd's presence with a read()
4720 : * call.
4721 : */
4722 984 : if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFL, O_NONBLOCK) == -1)
4723 0 : ereport(FATAL,
4724 : (errcode_for_socket_access(),
4725 : errmsg_internal("could not set postmaster death monitoring pipe to nonblocking mode: %m")));
4726 : #else
4727 :
4728 : /*
4729 : * On Windows, we use a process handle for the same purpose.
4730 : */
4731 : if (DuplicateHandle(GetCurrentProcess(),
4732 : GetCurrentProcess(),
4733 : GetCurrentProcess(),
4734 : &PostmasterHandle,
4735 : 0,
4736 : TRUE,
4737 : DUPLICATE_SAME_ACCESS) == 0)
4738 : ereport(FATAL,
4739 : (errmsg_internal("could not duplicate postmaster handle: error code %lu",
4740 : GetLastError())));
4741 : #endif /* WIN32 */
4742 984 : }
|
