Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * fd.c
4 : * Virtual file descriptor code.
5 : *
6 : * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
7 : * Portions Copyright (c) 1994, Regents of the University of California
8 : *
9 : * IDENTIFICATION
10 : * src/backend/storage/file/fd.c
11 : *
12 : * NOTES:
13 : *
14 : * This code manages a cache of 'virtual' file descriptors (VFDs).
15 : * The server opens many file descriptors for a variety of reasons,
16 : * including base tables, scratch files (e.g., sort and hash spool
17 : * files), and random calls to C library routines like system(3); it
18 : * is quite easy to exceed system limits on the number of open files a
19 : * single process can have. (This is around 1024 on many modern
20 : * operating systems, but may be lower on others.)
21 : *
22 : * VFDs are managed as an LRU pool, with actual OS file descriptors
23 : * being opened and closed as needed. Obviously, if a routine is
24 : * opened using these interfaces, all subsequent operations must also
25 : * be through these interfaces (the File type is not a real file
26 : * descriptor).
27 : *
28 : * For this scheme to work, most (if not all) routines throughout the
29 : * server should use these interfaces instead of calling the C library
30 : * routines (e.g., open(2) and fopen(3)) themselves. Otherwise, we
31 : * may find ourselves short of real file descriptors anyway.
32 : *
33 : * INTERFACE ROUTINES
34 : *
35 : * PathNameOpenFile and OpenTemporaryFile are used to open virtual files.
36 : * A File opened with OpenTemporaryFile is automatically deleted when the
37 : * File is closed, either explicitly or implicitly at end of transaction or
38 : * process exit. PathNameOpenFile is intended for files that are held open
39 : * for a long time, like relation files. It is the caller's responsibility
40 : * to close them, there is no automatic mechanism in fd.c for that.
41 : *
42 : * PathName(Create|Open|Delete)Temporary(File|Dir) are used to manage
43 : * temporary files that have names so that they can be shared between
44 : * backends. Such files are automatically closed and count against the
45 : * temporary file limit of the backend that creates them, but unlike anonymous
46 : * files they are not automatically deleted. See sharedfileset.c for a shared
47 : * ownership mechanism that provides automatic cleanup for shared files when
48 : * the last of a group of backends detaches.
49 : *
50 : * AllocateFile, AllocateDir, OpenPipeStream and OpenTransientFile are
51 : * wrappers around fopen(3), opendir(3), popen(3) and open(2), respectively.
52 : * They behave like the corresponding native functions, except that the handle
53 : * is registered with the current subtransaction, and will be automatically
54 : * closed at abort. These are intended mainly for short operations like
55 : * reading a configuration file; there is a limit on the number of files that
56 : * can be opened using these functions at any one time.
57 : *
58 : * Finally, BasicOpenFile is just a thin wrapper around open() that can
59 : * release file descriptors in use by the virtual file descriptors if
60 : * necessary. There is no automatic cleanup of file descriptors returned by
61 : * BasicOpenFile, it is solely the caller's responsibility to close the file
62 : * descriptor by calling close(2).
63 : *
64 : * If a non-virtual file descriptor needs to be held open for any length of
65 : * time, report it to fd.c by calling AcquireExternalFD or ReserveExternalFD
66 : * (and eventually ReleaseExternalFD), so that we can take it into account
67 : * while deciding how many VFDs can be open. This applies to FDs obtained
68 : * with BasicOpenFile as well as those obtained without use of any fd.c API.
69 : *
70 : *-------------------------------------------------------------------------
71 : */
72 :
73 : #include "postgres.h"
74 :
75 : #include <sys/file.h>
76 : #include <sys/param.h>
77 : #include <sys/stat.h>
78 : #ifndef WIN32
79 : #include <sys/mman.h>
80 : #endif
81 : #include <limits.h>
82 : #include <unistd.h>
83 : #include <fcntl.h>
84 : #ifdef HAVE_SYS_RESOURCE_H
85 : #include <sys/resource.h> /* for getrlimit */
86 : #endif
87 :
88 : #include "access/xact.h"
89 : #include "access/xlog.h"
90 : #include "catalog/pg_tablespace.h"
91 : #include "common/file_perm.h"
92 : #include "common/file_utils.h"
93 : #include "miscadmin.h"
94 : #include "pgstat.h"
95 : #include "port/pg_iovec.h"
96 : #include "portability/mem.h"
97 : #include "storage/fd.h"
98 : #include "storage/ipc.h"
99 : #include "utils/guc.h"
100 : #include "utils/resowner_private.h"
101 :
102 : /* Define PG_FLUSH_DATA_WORKS if we have an implementation for pg_flush_data */
103 : #if defined(HAVE_SYNC_FILE_RANGE)
104 : #define PG_FLUSH_DATA_WORKS 1
105 : #elif !defined(WIN32) && defined(MS_ASYNC)
106 : #define PG_FLUSH_DATA_WORKS 1
107 : #elif defined(USE_POSIX_FADVISE) && defined(POSIX_FADV_DONTNEED)
108 : #define PG_FLUSH_DATA_WORKS 1
109 : #endif
110 :
111 : /*
112 : * We must leave some file descriptors free for system(), the dynamic loader,
113 : * and other code that tries to open files without consulting fd.c. This
114 : * is the number left free. (While we try fairly hard to prevent EMFILE
115 : * errors, there's never any guarantee that we won't get ENFILE due to
116 : * other processes chewing up FDs. So it's a bad idea to try to open files
117 : * without consulting fd.c. Nonetheless we cannot control all code.)
118 : *
119 : * Because this is just a fixed setting, we are effectively assuming that
120 : * no such code will leave FDs open over the long term; otherwise the slop
121 : * is likely to be insufficient. Note in particular that we expect that
122 : * loading a shared library does not result in any permanent increase in
123 : * the number of open files. (This appears to be true on most if not
124 : * all platforms as of Feb 2004.)
125 : */
126 : #define NUM_RESERVED_FDS 10
127 :
128 : /*
129 : * If we have fewer than this many usable FDs after allowing for the reserved
130 : * ones, choke. (This value is chosen to work with "ulimit -n 64", but not
131 : * much less than that. Note that this value ensures numExternalFDs can be
132 : * at least 16; as of this writing, the contrib/postgres_fdw regression tests
133 : * will not pass unless that can grow to at least 14.)
134 : */
135 : #define FD_MINFREE 48
136 :
137 : /*
138 : * A number of platforms allow individual processes to open many more files
139 : * than they can really support when *many* processes do the same thing.
140 : * This GUC parameter lets the DBA limit max_safe_fds to something less than
141 : * what the postmaster's initial probe suggests will work.
142 : */
143 : int max_files_per_process = 1000;
144 :
145 : /*
146 : * Maximum number of file descriptors to open for operations that fd.c knows
147 : * about (VFDs, AllocateFile etc, or "external" FDs). This is initialized
148 : * to a conservative value, and remains that way indefinitely in bootstrap or
149 : * standalone-backend cases. In normal postmaster operation, the postmaster
150 : * calls set_max_safe_fds() late in initialization to update the value, and
151 : * that value is then inherited by forked subprocesses.
152 : *
153 : * Note: the value of max_files_per_process is taken into account while
154 : * setting this variable, and so need not be tested separately.
155 : */
156 : int max_safe_fds = FD_MINFREE; /* default if not changed */
157 :
158 : /* Whether it is safe to continue running after fsync() fails. */
159 : bool data_sync_retry = false;
160 :
161 : /* Debugging.... */
162 :
163 : #ifdef FDDEBUG
164 : #define DO_DB(A) \
165 : do { \
166 : int _do_db_save_errno = errno; \
167 : A; \
168 : errno = _do_db_save_errno; \
169 : } while (0)
170 : #else
171 : #define DO_DB(A) \
172 : ((void) 0)
173 : #endif
174 :
175 : #define VFD_CLOSED (-1)
176 :
177 : #define FileIsValid(file) \
178 : ((file) > 0 && (file) < (int) SizeVfdCache && VfdCache[file].fileName != NULL)
179 :
180 : #define FileIsNotOpen(file) (VfdCache[file].fd == VFD_CLOSED)
181 :
182 : /* these are the assigned bits in fdstate below: */
183 : #define FD_DELETE_AT_CLOSE (1 << 0) /* T = delete when closed */
184 : #define FD_CLOSE_AT_EOXACT (1 << 1) /* T = close at eoXact */
185 : #define FD_TEMP_FILE_LIMIT (1 << 2) /* T = respect temp_file_limit */
186 :
187 : typedef struct vfd
188 : {
189 : int fd; /* current FD, or VFD_CLOSED if none */
190 : unsigned short fdstate; /* bitflags for VFD's state */
191 : ResourceOwner resowner; /* owner, for automatic cleanup */
192 : File nextFree; /* link to next free VFD, if in freelist */
193 : File lruMoreRecently; /* doubly linked recency-of-use list */
194 : File lruLessRecently;
195 : off_t fileSize; /* current size of file (0 if not temporary) */
196 : char *fileName; /* name of file, or NULL for unused VFD */
197 : /* NB: fileName is malloc'd, and must be free'd when closing the VFD */
198 : int fileFlags; /* open(2) flags for (re)opening the file */
199 : mode_t fileMode; /* mode to pass to open(2) */
200 : } Vfd;
201 :
202 : /*
203 : * Virtual File Descriptor array pointer and size. This grows as
204 : * needed. 'File' values are indexes into this array.
205 : * Note that VfdCache[0] is not a usable VFD, just a list header.
206 : */
207 : static Vfd *VfdCache;
208 : static Size SizeVfdCache = 0;
209 :
210 : /*
211 : * Number of file descriptors known to be in use by VFD entries.
212 : */
213 : static int nfile = 0;
214 :
215 : /*
216 : * Flag to tell whether it's worth scanning VfdCache looking for temp files
217 : * to close
218 : */
219 : static bool have_xact_temporary_files = false;
220 :
221 : /*
222 : * Tracks the total size of all temporary files. Note: when temp_file_limit
223 : * is being enforced, this cannot overflow since the limit cannot be more
224 : * than INT_MAX kilobytes. When not enforcing, it could theoretically
225 : * overflow, but we don't care.
226 : */
227 : static uint64 temporary_files_size = 0;
228 :
229 : /*
230 : * List of OS handles opened with AllocateFile, AllocateDir and
231 : * OpenTransientFile.
232 : */
233 : typedef enum
234 : {
235 : AllocateDescFile,
236 : AllocateDescPipe,
237 : AllocateDescDir,
238 : AllocateDescRawFD
239 : } AllocateDescKind;
240 :
241 : typedef struct
242 : {
243 : AllocateDescKind kind;
244 : SubTransactionId create_subid;
245 : union
246 : {
247 : FILE *file;
248 : DIR *dir;
249 : int fd;
250 : } desc;
251 : } AllocateDesc;
252 :
253 : static int numAllocatedDescs = 0;
254 : static int maxAllocatedDescs = 0;
255 : static AllocateDesc *allocatedDescs = NULL;
256 :
257 : /*
258 : * Number of open "external" FDs reported to Reserve/ReleaseExternalFD.
259 : */
260 : static int numExternalFDs = 0;
261 :
262 : /*
263 : * Number of temporary files opened during the current session;
264 : * this is used in generation of tempfile names.
265 : */
266 : static long tempFileCounter = 0;
267 :
268 : /*
269 : * Array of OIDs of temp tablespaces. (Some entries may be InvalidOid,
270 : * indicating that the current database's default tablespace should be used.)
271 : * When numTempTableSpaces is -1, this has not been set in the current
272 : * transaction.
273 : */
274 : static Oid *tempTableSpaces = NULL;
275 : static int numTempTableSpaces = -1;
276 : static int nextTempTableSpace = 0;
277 :
278 :
279 : /*--------------------
280 : *
281 : * Private Routines
282 : *
283 : * Delete - delete a file from the Lru ring
284 : * LruDelete - remove a file from the Lru ring and close its FD
285 : * Insert - put a file at the front of the Lru ring
286 : * LruInsert - put a file at the front of the Lru ring and open it
287 : * ReleaseLruFile - Release an fd by closing the last entry in the Lru ring
288 : * ReleaseLruFiles - Release fd(s) until we're under the max_safe_fds limit
289 : * AllocateVfd - grab a free (or new) file record (from VfdCache)
290 : * FreeVfd - free a file record
291 : *
292 : * The Least Recently Used ring is a doubly linked list that begins and
293 : * ends on element zero. Element zero is special -- it doesn't represent
294 : * a file and its "fd" field always == VFD_CLOSED. Element zero is just an
295 : * anchor that shows us the beginning/end of the ring.
296 : * Only VFD elements that are currently really open (have an FD assigned) are
297 : * in the Lru ring. Elements that are "virtually" open can be recognized
298 : * by having a non-null fileName field.
299 : *
300 : * example:
301 : *
302 : * /--less----\ /---------\
303 : * v \ v \
304 : * #0 --more---> LeastRecentlyUsed --more-\ \
305 : * ^\ | |
306 : * \\less--> MostRecentlyUsedFile <---/ |
307 : * \more---/ \--less--/
308 : *
309 : *--------------------
310 : */
311 : static void Delete(File file);
312 : static void LruDelete(File file);
313 : static void Insert(File file);
314 : static int LruInsert(File file);
315 : static bool ReleaseLruFile(void);
316 : static void ReleaseLruFiles(void);
317 : static File AllocateVfd(void);
318 : static void FreeVfd(File file);
319 :
320 : static int FileAccess(File file);
321 : static File OpenTemporaryFileInTablespace(Oid tblspcOid, bool rejectError);
322 : static bool reserveAllocatedDesc(void);
323 : static int FreeDesc(AllocateDesc *desc);
324 :
325 : static void AtProcExit_Files(int code, Datum arg);
326 : static void CleanupTempFiles(bool isCommit, bool isProcExit);
327 : static void RemovePgTempRelationFiles(const char *tsdirname);
328 : static void RemovePgTempRelationFilesInDbspace(const char *dbspacedirname);
329 :
330 : static void walkdir(const char *path,
331 : void (*action) (const char *fname, bool isdir, int elevel),
332 : bool process_symlinks,
333 : int elevel);
334 : #ifdef PG_FLUSH_DATA_WORKS
335 : static void pre_sync_fname(const char *fname, bool isdir, int elevel);
336 : #endif
337 : static void datadir_fsync_fname(const char *fname, bool isdir, int elevel);
338 : static void unlink_if_exists_fname(const char *fname, bool isdir, int elevel);
339 :
340 : static int fsync_parent_path(const char *fname, int elevel);
341 :
342 :
343 : /*
344 : * pg_fsync --- do fsync with or without writethrough
345 : */
346 : int
347 146836 : pg_fsync(int fd)
348 : {
349 : #if !defined(WIN32) && defined(USE_ASSERT_CHECKING)
350 : struct stat st;
351 :
352 : /*
353 : * Some operating system implementations of fsync() have requirements
354 : * about the file access modes that were used when their file descriptor
355 : * argument was opened, and these requirements differ depending on whether
356 : * the file descriptor is for a directory.
357 : *
358 : * For any file descriptor that may eventually be handed to fsync(), we
359 : * should have opened it with access modes that are compatible with
360 : * fsync() on all supported systems, otherwise the code may not be
361 : * portable, even if it runs ok on the current system.
362 : *
363 : * We assert here that a descriptor for a file was opened with write
364 : * permissions (either O_RDWR or O_WRONLY) and for a directory without
365 : * write permissions (O_RDONLY).
366 : *
367 : * Ignore any fstat errors and let the follow-up fsync() do its work.
368 : * Doing this sanity check here counts for the case where fsync() is
369 : * disabled.
370 : */
371 : if (fstat(fd, &st) == 0)
372 : {
373 : int desc_flags = fcntl(fd, F_GETFL);
374 :
375 : /*
376 : * O_RDONLY is historically 0, so just make sure that for directories
377 : * no write flags are used.
378 : */
379 : if (S_ISDIR(st.st_mode))
380 : Assert((desc_flags & (O_RDWR | O_WRONLY)) == 0);
381 : else
382 : Assert((desc_flags & (O_RDWR | O_WRONLY)) != 0);
383 : }
384 : errno = 0;
385 : #endif
386 :
387 : /* #if is to skip the sync_method test if there's no need for it */
388 : #if defined(HAVE_FSYNC_WRITETHROUGH) && !defined(FSYNC_WRITETHROUGH_IS_FSYNC)
389 : if (sync_method == SYNC_METHOD_FSYNC_WRITETHROUGH)
390 : return pg_fsync_writethrough(fd);
391 : else
392 : #endif
393 146836 : return pg_fsync_no_writethrough(fd);
394 : }
395 :
396 :
397 : /*
398 : * pg_fsync_no_writethrough --- same as fsync except does nothing if
399 : * enableFsync is off
400 : */
401 : int
402 146836 : pg_fsync_no_writethrough(int fd)
403 : {
404 146836 : if (enableFsync)
405 2264 : return fsync(fd);
406 : else
407 144572 : return 0;
408 : }
409 :
410 : /*
411 : * pg_fsync_writethrough
412 : */
413 : int
414 0 : pg_fsync_writethrough(int fd)
415 : {
416 0 : if (enableFsync)
417 : {
418 : #ifdef WIN32
419 : return _commit(fd);
420 : #elif defined(F_FULLFSYNC)
421 : return (fcntl(fd, F_FULLFSYNC, 0) == -1) ? -1 : 0;
422 : #else
423 0 : errno = ENOSYS;
424 0 : return -1;
425 : #endif
426 : }
427 : else
428 0 : return 0;
429 : }
430 :
431 : /*
432 : * pg_fdatasync --- same as fdatasync except does nothing if enableFsync is off
433 : *
434 : * Not all platforms have fdatasync; treat as fsync if not available.
435 : */
436 : int
437 313366 : pg_fdatasync(int fd)
438 : {
439 313366 : if (enableFsync)
440 : {
441 : #ifdef HAVE_FDATASYNC
442 70 : return fdatasync(fd);
443 : #else
444 : return fsync(fd);
445 : #endif
446 : }
447 : else
448 313296 : return 0;
449 : }
450 :
451 : /*
452 : * pg_flush_data --- advise OS that the described dirty data should be flushed
453 : *
454 : * offset of 0 with nbytes 0 means that the entire file should be flushed
455 : */
456 : void
457 446378 : pg_flush_data(int fd, off_t offset, off_t nbytes)
458 : {
459 : /*
460 : * Right now file flushing is primarily used to avoid making later
461 : * fsync()/fdatasync() calls have less impact. Thus don't trigger flushes
462 : * if fsyncs are disabled - that's a decision we might want to make
463 : * configurable at some point.
464 : */
465 446378 : if (!enableFsync)
466 444438 : return;
467 :
468 : /*
469 : * We compile all alternatives that are supported on the current platform,
470 : * to find portability problems more easily.
471 : */
472 : #if defined(HAVE_SYNC_FILE_RANGE)
473 : {
474 : int rc;
475 : static bool not_implemented_by_kernel = false;
476 :
477 1940 : if (not_implemented_by_kernel)
478 0 : return;
479 :
480 : /*
481 : * sync_file_range(SYNC_FILE_RANGE_WRITE), currently linux specific,
482 : * tells the OS that writeback for the specified blocks should be
483 : * started, but that we don't want to wait for completion. Note that
484 : * this call might block if too much dirty data exists in the range.
485 : * This is the preferable method on OSs supporting it, as it works
486 : * reliably when available (contrast to msync()) and doesn't flush out
487 : * clean data (like FADV_DONTNEED).
488 : */
489 1940 : rc = sync_file_range(fd, offset, nbytes,
490 : SYNC_FILE_RANGE_WRITE);
491 1940 : if (rc != 0)
492 : {
493 : int elevel;
494 :
495 : /*
496 : * For systems that don't have an implementation of
497 : * sync_file_range() such as Windows WSL, generate only one
498 : * warning and then suppress all further attempts by this process.
499 : */
500 0 : if (errno == ENOSYS)
501 : {
502 0 : elevel = WARNING;
503 0 : not_implemented_by_kernel = true;
504 : }
505 : else
506 0 : elevel = data_sync_elevel(WARNING);
507 :
508 0 : ereport(elevel,
509 : (errcode_for_file_access(),
510 : errmsg("could not flush dirty data: %m")));
511 : }
512 :
513 1940 : return;
514 : }
515 : #endif
516 : #if !defined(WIN32) && defined(MS_ASYNC)
517 : {
518 : void *p;
519 : static int pagesize = 0;
520 :
521 : /*
522 : * On several OSs msync(MS_ASYNC) on a mmap'ed file triggers
523 : * writeback. On linux it only does so if MS_SYNC is specified, but
524 : * then it does the writeback synchronously. Luckily all common linux
525 : * systems have sync_file_range(). This is preferable over
526 : * FADV_DONTNEED because it doesn't flush out clean data.
527 : *
528 : * We map the file (mmap()), tell the kernel to sync back the contents
529 : * (msync()), and then remove the mapping again (munmap()).
530 : */
531 :
532 : /* mmap() needs actual length if we want to map whole file */
533 : if (offset == 0 && nbytes == 0)
534 : {
535 : nbytes = lseek(fd, 0, SEEK_END);
536 : if (nbytes < 0)
537 : {
538 : ereport(WARNING,
539 : (errcode_for_file_access(),
540 : errmsg("could not determine dirty data size: %m")));
541 : return;
542 : }
543 : }
544 :
545 : /*
546 : * Some platforms reject partial-page mmap() attempts. To deal with
547 : * that, just truncate the request to a page boundary. If any extra
548 : * bytes don't get flushed, well, it's only a hint anyway.
549 : */
550 :
551 : /* fetch pagesize only once */
552 : if (pagesize == 0)
553 : pagesize = sysconf(_SC_PAGESIZE);
554 :
555 : /* align length to pagesize, dropping any fractional page */
556 : if (pagesize > 0)
557 : nbytes = (nbytes / pagesize) * pagesize;
558 :
559 : /* fractional-page request is a no-op */
560 : if (nbytes <= 0)
561 : return;
562 :
563 : /*
564 : * mmap could well fail, particularly on 32-bit platforms where there
565 : * may simply not be enough address space. If so, silently fall
566 : * through to the next implementation.
567 : */
568 : if (nbytes <= (off_t) SSIZE_MAX)
569 : p = mmap(NULL, nbytes, PROT_READ, MAP_SHARED, fd, offset);
570 : else
571 : p = MAP_FAILED;
572 :
573 : if (p != MAP_FAILED)
574 : {
575 : int rc;
576 :
577 : rc = msync(p, (size_t) nbytes, MS_ASYNC);
578 : if (rc != 0)
579 : {
580 : ereport(data_sync_elevel(WARNING),
581 : (errcode_for_file_access(),
582 : errmsg("could not flush dirty data: %m")));
583 : /* NB: need to fall through to munmap()! */
584 : }
585 :
586 : rc = munmap(p, (size_t) nbytes);
587 : if (rc != 0)
588 : {
589 : /* FATAL error because mapping would remain */
590 : ereport(FATAL,
591 : (errcode_for_file_access(),
592 : errmsg("could not munmap() while flushing data: %m")));
593 : }
594 :
595 : return;
596 : }
597 : }
598 : #endif
599 : #if defined(USE_POSIX_FADVISE) && defined(POSIX_FADV_DONTNEED)
600 : {
601 : int rc;
602 :
603 : /*
604 : * Signal the kernel that the passed in range should not be cached
605 : * anymore. This has the, desired, side effect of writing out dirty
606 : * data, and the, undesired, side effect of likely discarding useful
607 : * clean cached blocks. For the latter reason this is the least
608 : * preferable method.
609 : */
610 :
611 : rc = posix_fadvise(fd, offset, nbytes, POSIX_FADV_DONTNEED);
612 :
613 : if (rc != 0)
614 : {
615 : /* don't error out, this is just a performance optimization */
616 : ereport(WARNING,
617 : (errcode_for_file_access(),
618 : errmsg("could not flush dirty data: %m")));
619 : }
620 :
621 : return;
622 : }
623 : #endif
624 : }
625 :
626 : /*
627 : * Truncate a file to a given length by name.
628 : */
629 : int
630 203568 : pg_truncate(const char *path, off_t length)
631 : {
632 : #ifdef WIN32
633 : int save_errno;
634 : int ret;
635 : int fd;
636 :
637 : fd = OpenTransientFile(path, O_RDWR | PG_BINARY);
638 : if (fd >= 0)
639 : {
640 : ret = ftruncate(fd, 0);
641 : save_errno = errno;
642 : CloseTransientFile(fd);
643 : errno = save_errno;
644 : }
645 : else
646 : ret = -1;
647 :
648 : return ret;
649 : #else
650 203568 : return truncate(path, length);
651 : #endif
652 : }
653 :
654 : /*
655 : * fsync_fname -- fsync a file or directory, handling errors properly
656 : *
657 : * Try to fsync a file or directory. When doing the latter, ignore errors that
658 : * indicate the OS just doesn't allow/require fsyncing directories.
659 : */
660 : void
661 23056 : fsync_fname(const char *fname, bool isdir)
662 : {
663 23056 : fsync_fname_ext(fname, isdir, false, data_sync_elevel(ERROR));
664 23056 : }
665 :
666 : /*
667 : * durable_rename -- rename(2) wrapper, issuing fsyncs required for durability
668 : *
669 : * This routine ensures that, after returning, the effect of renaming file
670 : * persists in case of a crash. A crash while this routine is running will
671 : * leave you with either the pre-existing or the moved file in place of the
672 : * new file; no mixed state or truncated files are possible.
673 : *
674 : * It does so by using fsync on the old filename and the possibly existing
675 : * target filename before the rename, and the target file and directory after.
676 : *
677 : * Note that rename() cannot be used across arbitrary directories, as they
678 : * might not be on the same filesystem. Therefore this routine does not
679 : * support renaming across directories.
680 : *
681 : * Log errors with the caller specified severity.
682 : *
683 : * Returns 0 if the operation succeeded, -1 otherwise. Note that errno is not
684 : * valid upon return.
685 : */
686 : int
687 3722 : durable_rename(const char *oldfile, const char *newfile, int elevel)
688 : {
689 : int fd;
690 :
691 : /*
692 : * First fsync the old and target path (if it exists), to ensure that they
693 : * are properly persistent on disk. Syncing the target file is not
694 : * strictly necessary, but it makes it easier to reason about crashes;
695 : * because it's then guaranteed that either source or target file exists
696 : * after a crash.
697 : */
698 3722 : if (fsync_fname_ext(oldfile, false, false, elevel) != 0)
699 0 : return -1;
700 :
701 3722 : fd = OpenTransientFile(newfile, PG_BINARY | O_RDWR);
702 3722 : if (fd < 0)
703 : {
704 514 : if (errno != ENOENT)
705 : {
706 0 : ereport(elevel,
707 : (errcode_for_file_access(),
708 : errmsg("could not open file \"%s\": %m", newfile)));
709 0 : return -1;
710 : }
711 : }
712 : else
713 : {
714 3208 : if (pg_fsync(fd) != 0)
715 : {
716 : int save_errno;
717 :
718 : /* close file upon error, might not be in transaction context */
719 0 : save_errno = errno;
720 0 : CloseTransientFile(fd);
721 0 : errno = save_errno;
722 :
723 0 : ereport(elevel,
724 : (errcode_for_file_access(),
725 : errmsg("could not fsync file \"%s\": %m", newfile)));
726 0 : return -1;
727 : }
728 :
729 3208 : if (CloseTransientFile(fd) != 0)
730 : {
731 0 : ereport(elevel,
732 : (errcode_for_file_access(),
733 : errmsg("could not close file \"%s\": %m", newfile)));
734 0 : return -1;
735 : }
736 : }
737 :
738 : /* Time to do the real deal... */
739 3722 : if (rename(oldfile, newfile) < 0)
740 : {
741 0 : ereport(elevel,
742 : (errcode_for_file_access(),
743 : errmsg("could not rename file \"%s\" to \"%s\": %m",
744 : oldfile, newfile)));
745 0 : return -1;
746 : }
747 :
748 : /*
749 : * To guarantee renaming the file is persistent, fsync the file with its
750 : * new name, and its containing directory.
751 : */
752 3722 : if (fsync_fname_ext(newfile, false, false, elevel) != 0)
753 0 : return -1;
754 :
755 3722 : if (fsync_parent_path(newfile, elevel) != 0)
756 0 : return -1;
757 :
758 3722 : return 0;
759 : }
760 :
761 : /*
762 : * durable_unlink -- remove a file in a durable manner
763 : *
764 : * This routine ensures that, after returning, the effect of removing file
765 : * persists in case of a crash. A crash while this routine is running will
766 : * leave the system in no mixed state.
767 : *
768 : * It does so by using fsync on the parent directory of the file after the
769 : * actual removal is done.
770 : *
771 : * Log errors with the severity specified by caller.
772 : *
773 : * Returns 0 if the operation succeeded, -1 otherwise. Note that errno is not
774 : * valid upon return.
775 : */
776 : int
777 548 : durable_unlink(const char *fname, int elevel)
778 : {
779 548 : if (unlink(fname) < 0)
780 : {
781 456 : ereport(elevel,
782 : (errcode_for_file_access(),
783 : errmsg("could not remove file \"%s\": %m",
784 : fname)));
785 456 : return -1;
786 : }
787 :
788 : /*
789 : * To guarantee that the removal of the file is persistent, fsync its
790 : * parent directory.
791 : */
792 92 : if (fsync_parent_path(fname, elevel) != 0)
793 0 : return -1;
794 :
795 92 : return 0;
796 : }
797 :
798 : /*
799 : * durable_rename_excl -- rename a file in a durable manner, without
800 : * overwriting an existing target file
801 : *
802 : * Similar to durable_rename(), except that this routine will fail if the
803 : * target file already exists.
804 : *
805 : * Note that a crash in an unfortunate moment can leave you with two links to
806 : * the target file.
807 : *
808 : * Log errors with the caller specified severity.
809 : *
810 : * Returns 0 if the operation succeeded, -1 otherwise. Note that errno is not
811 : * valid upon return.
812 : */
813 : int
814 1662 : durable_rename_excl(const char *oldfile, const char *newfile, int elevel)
815 : {
816 : /*
817 : * Ensure that, if we crash directly after the rename/link, a file with
818 : * valid contents is moved into place.
819 : */
820 1662 : if (fsync_fname_ext(oldfile, false, false, elevel) != 0)
821 0 : return -1;
822 :
823 1662 : if (link(oldfile, newfile) < 0)
824 : {
825 0 : ereport(elevel,
826 : (errcode_for_file_access(),
827 : errmsg("could not link file \"%s\" to \"%s\": %m",
828 : oldfile, newfile)));
829 0 : return -1;
830 : }
831 1662 : unlink(oldfile);
832 :
833 : /*
834 : * Make change persistent in case of an OS crash, both the new entry and
835 : * its parent directory need to be flushed.
836 : */
837 1662 : if (fsync_fname_ext(newfile, false, false, elevel) != 0)
838 0 : return -1;
839 :
840 : /* Same for parent directory */
841 1662 : if (fsync_parent_path(newfile, elevel) != 0)
842 0 : return -1;
843 :
844 1662 : return 0;
845 : }
846 :
847 : /*
848 : * InitFileAccess --- initialize this module during backend startup
849 : *
850 : * This is called during either normal or standalone backend start.
851 : * It is *not* called in the postmaster.
852 : */
853 : void
854 15748 : InitFileAccess(void)
855 : {
856 : Assert(SizeVfdCache == 0); /* call me only once */
857 :
858 : /* initialize cache header entry */
859 15748 : VfdCache = (Vfd *) malloc(sizeof(Vfd));
860 15748 : if (VfdCache == NULL)
861 0 : ereport(FATAL,
862 : (errcode(ERRCODE_OUT_OF_MEMORY),
863 : errmsg("out of memory")));
864 :
865 125984 : MemSet((char *) &(VfdCache[0]), 0, sizeof(Vfd));
866 15748 : VfdCache->fd = VFD_CLOSED;
867 :
868 15748 : SizeVfdCache = 1;
869 :
870 : /* register proc-exit hook to ensure temp files are dropped at exit */
871 15748 : on_proc_exit(AtProcExit_Files, 0);
872 15748 : }
873 :
874 : /*
875 : * count_usable_fds --- count how many FDs the system will let us open,
876 : * and estimate how many are already open.
877 : *
878 : * We stop counting if usable_fds reaches max_to_probe. Note: a small
879 : * value of max_to_probe might result in an underestimate of already_open;
880 : * we must fill in any "gaps" in the set of used FDs before the calculation
881 : * of already_open will give the right answer. In practice, max_to_probe
882 : * of a couple of dozen should be enough to ensure good results.
883 : *
884 : * We assume stdin (FD 0) is available for dup'ing
885 : */
886 : static void
887 798 : count_usable_fds(int max_to_probe, int *usable_fds, int *already_open)
888 : {
889 : int *fd;
890 : int size;
891 798 : int used = 0;
892 798 : int highestfd = 0;
893 : int j;
894 :
895 : #ifdef HAVE_GETRLIMIT
896 : struct rlimit rlim;
897 : int getrlimit_status;
898 : #endif
899 :
900 798 : size = 1024;
901 798 : fd = (int *) palloc(size * sizeof(int));
902 :
903 : #ifdef HAVE_GETRLIMIT
904 : #ifdef RLIMIT_NOFILE /* most platforms use RLIMIT_NOFILE */
905 798 : getrlimit_status = getrlimit(RLIMIT_NOFILE, &rlim);
906 : #else /* but BSD doesn't ... */
907 : getrlimit_status = getrlimit(RLIMIT_OFILE, &rlim);
908 : #endif /* RLIMIT_NOFILE */
909 798 : if (getrlimit_status != 0)
910 0 : ereport(WARNING, (errmsg("getrlimit failed: %m")));
911 : #endif /* HAVE_GETRLIMIT */
912 :
913 : /* dup until failure or probe limit reached */
914 : for (;;)
915 797202 : {
916 : int thisfd;
917 :
918 : #ifdef HAVE_GETRLIMIT
919 :
920 : /*
921 : * don't go beyond RLIMIT_NOFILE; causes irritating kernel logs on
922 : * some platforms
923 : */
924 798000 : if (getrlimit_status == 0 && highestfd >= rlim.rlim_cur - 1)
925 0 : break;
926 : #endif
927 :
928 798000 : thisfd = dup(0);
929 798000 : if (thisfd < 0)
930 : {
931 : /* Expect EMFILE or ENFILE, else it's fishy */
932 0 : if (errno != EMFILE && errno != ENFILE)
933 0 : elog(WARNING, "dup(0) failed after %d successes: %m", used);
934 0 : break;
935 : }
936 :
937 798000 : if (used >= size)
938 : {
939 0 : size *= 2;
940 0 : fd = (int *) repalloc(fd, size * sizeof(int));
941 : }
942 798000 : fd[used++] = thisfd;
943 :
944 798000 : if (highestfd < thisfd)
945 798000 : highestfd = thisfd;
946 :
947 798000 : if (used >= max_to_probe)
948 798 : break;
949 : }
950 :
951 : /* release the files we opened */
952 798798 : for (j = 0; j < used; j++)
953 798000 : close(fd[j]);
954 :
955 798 : pfree(fd);
956 :
957 : /*
958 : * Return results. usable_fds is just the number of successful dups. We
959 : * assume that the system limit is highestfd+1 (remember 0 is a legal FD
960 : * number) and so already_open is highestfd+1 - usable_fds.
961 : */
962 798 : *usable_fds = used;
963 798 : *already_open = highestfd + 1 - used;
964 798 : }
965 :
966 : /*
967 : * set_max_safe_fds
968 : * Determine number of file descriptors that fd.c is allowed to use
969 : */
970 : void
971 798 : set_max_safe_fds(void)
972 : {
973 : int usable_fds;
974 : int already_open;
975 :
976 : /*----------
977 : * We want to set max_safe_fds to
978 : * MIN(usable_fds, max_files_per_process - already_open)
979 : * less the slop factor for files that are opened without consulting
980 : * fd.c. This ensures that we won't exceed either max_files_per_process
981 : * or the experimentally-determined EMFILE limit.
982 : *----------
983 : */
984 798 : count_usable_fds(max_files_per_process,
985 : &usable_fds, &already_open);
986 :
987 798 : max_safe_fds = Min(usable_fds, max_files_per_process - already_open);
988 :
989 : /*
990 : * Take off the FDs reserved for system() etc.
991 : */
992 798 : max_safe_fds -= NUM_RESERVED_FDS;
993 :
994 : /*
995 : * Make sure we still have enough to get by.
996 : */
997 798 : if (max_safe_fds < FD_MINFREE)
998 0 : ereport(FATAL,
999 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
1000 : errmsg("insufficient file descriptors available to start server process"),
1001 : errdetail("System allows %d, we need at least %d.",
1002 : max_safe_fds + NUM_RESERVED_FDS,
1003 : FD_MINFREE + NUM_RESERVED_FDS)));
1004 :
1005 798 : elog(DEBUG2, "max_safe_fds = %d, usable_fds = %d, already_open = %d",
1006 : max_safe_fds, usable_fds, already_open);
1007 798 : }
1008 :
1009 : /*
1010 : * Open a file with BasicOpenFilePerm() and pass default file mode for the
1011 : * fileMode parameter.
1012 : */
1013 : int
1014 27926 : BasicOpenFile(const char *fileName, int fileFlags)
1015 : {
1016 27926 : return BasicOpenFilePerm(fileName, fileFlags, pg_file_create_mode);
1017 : }
1018 :
1019 : /*
1020 : * BasicOpenFilePerm --- same as open(2) except can free other FDs if needed
1021 : *
1022 : * This is exported for use by places that really want a plain kernel FD,
1023 : * but need to be proof against running out of FDs. Once an FD has been
1024 : * successfully returned, it is the caller's responsibility to ensure that
1025 : * it will not be leaked on ereport()! Most users should *not* call this
1026 : * routine directly, but instead use the VFD abstraction level, which
1027 : * provides protection against descriptor leaks as well as management of
1028 : * files that need to be open for more than a short period of time.
1029 : *
1030 : * Ideally this should be the *only* direct call of open() in the backend.
1031 : * In practice, the postmaster calls open() directly, and there are some
1032 : * direct open() calls done early in backend startup. Those are OK since
1033 : * this module wouldn't have any open files to close at that point anyway.
1034 : */
1035 : int
1036 2879748 : BasicOpenFilePerm(const char *fileName, int fileFlags, mode_t fileMode)
1037 : {
1038 : int fd;
1039 :
1040 2879748 : tryAgain:
1041 2879748 : fd = open(fileName, fileFlags, fileMode);
1042 :
1043 2879748 : if (fd >= 0)
1044 2492230 : return fd; /* success! */
1045 :
1046 387518 : if (errno == EMFILE || errno == ENFILE)
1047 : {
1048 0 : int save_errno = errno;
1049 :
1050 0 : ereport(LOG,
1051 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
1052 : errmsg("out of file descriptors: %m; release and retry")));
1053 0 : errno = 0;
1054 0 : if (ReleaseLruFile())
1055 0 : goto tryAgain;
1056 0 : errno = save_errno;
1057 : }
1058 :
1059 387518 : return -1; /* failure */
1060 : }
1061 :
1062 : /*
1063 : * AcquireExternalFD - attempt to reserve an external file descriptor
1064 : *
1065 : * This should be used by callers that need to hold a file descriptor open
1066 : * over more than a short interval, but cannot use any of the other facilities
1067 : * provided by this module.
1068 : *
1069 : * The difference between this and the underlying ReserveExternalFD function
1070 : * is that this will report failure (by setting errno and returning false)
1071 : * if "too many" external FDs are already reserved. This should be used in
1072 : * any code where the total number of FDs to be reserved is not predictable
1073 : * and small.
1074 : */
1075 : bool
1076 73492 : AcquireExternalFD(void)
1077 : {
1078 : /*
1079 : * We don't want more than max_safe_fds / 3 FDs to be consumed for
1080 : * "external" FDs.
1081 : */
1082 73492 : if (numExternalFDs < max_safe_fds / 3)
1083 : {
1084 73492 : ReserveExternalFD();
1085 73492 : return true;
1086 : }
1087 0 : errno = EMFILE;
1088 0 : return false;
1089 : }
1090 :
1091 : /*
1092 : * ReserveExternalFD - report external consumption of a file descriptor
1093 : *
1094 : * This should be used by callers that need to hold a file descriptor open
1095 : * over more than a short interval, but cannot use any of the other facilities
1096 : * provided by this module. This just tracks the use of the FD and closes
1097 : * VFDs if needed to ensure we keep NUM_RESERVED_FDS FDs available.
1098 : *
1099 : * Call this directly only in code where failure to reserve the FD would be
1100 : * fatal; for example, the WAL-writing code does so, since the alternative is
1101 : * session failure. Also, it's very unwise to do so in code that could
1102 : * consume more than one FD per process.
1103 : *
1104 : * Note: as long as everybody plays nice so that NUM_RESERVED_FDS FDs remain
1105 : * available, it doesn't matter too much whether this is called before or
1106 : * after actually opening the FD; but doing so beforehand reduces the risk of
1107 : * an EMFILE failure if not everybody played nice. In any case, it's solely
1108 : * caller's responsibility to keep the external-FD count in sync with reality.
1109 : */
1110 : void
1111 117314 : ReserveExternalFD(void)
1112 : {
1113 : /*
1114 : * Release VFDs if needed to stay safe. Because we do this before
1115 : * incrementing numExternalFDs, the final state will be as desired, i.e.,
1116 : * nfile + numAllocatedDescs + numExternalFDs <= max_safe_fds.
1117 : */
1118 117314 : ReleaseLruFiles();
1119 :
1120 117314 : numExternalFDs++;
1121 117314 : }
1122 :
1123 : /*
1124 : * ReleaseExternalFD - report release of an external file descriptor
1125 : *
1126 : * This is guaranteed not to change errno, so it can be used in failure paths.
1127 : */
1128 : void
1129 71406 : ReleaseExternalFD(void)
1130 : {
1131 : Assert(numExternalFDs > 0);
1132 71406 : numExternalFDs--;
1133 71406 : }
1134 :
1135 :
1136 : #if defined(FDDEBUG)
1137 :
1138 : static void
1139 : _dump_lru(void)
1140 : {
1141 : int mru = VfdCache[0].lruLessRecently;
1142 : Vfd *vfdP = &VfdCache[mru];
1143 : char buf[2048];
1144 :
1145 : snprintf(buf, sizeof(buf), "LRU: MOST %d ", mru);
1146 : while (mru != 0)
1147 : {
1148 : mru = vfdP->lruLessRecently;
1149 : vfdP = &VfdCache[mru];
1150 : snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%d ", mru);
1151 : }
1152 : snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "LEAST");
1153 : elog(LOG, "%s", buf);
1154 : }
1155 : #endif /* FDDEBUG */
1156 :
1157 : static void
1158 1950718 : Delete(File file)
1159 : {
1160 : Vfd *vfdP;
1161 :
1162 : Assert(file != 0);
1163 :
1164 : DO_DB(elog(LOG, "Delete %d (%s)",
1165 : file, VfdCache[file].fileName));
1166 : DO_DB(_dump_lru());
1167 :
1168 1950718 : vfdP = &VfdCache[file];
1169 :
1170 1950718 : VfdCache[vfdP->lruLessRecently].lruMoreRecently = vfdP->lruMoreRecently;
1171 1950718 : VfdCache[vfdP->lruMoreRecently].lruLessRecently = vfdP->lruLessRecently;
1172 :
1173 : DO_DB(_dump_lru());
1174 1950718 : }
1175 :
1176 : static void
1177 426378 : LruDelete(File file)
1178 : {
1179 : Vfd *vfdP;
1180 :
1181 : Assert(file != 0);
1182 :
1183 : DO_DB(elog(LOG, "LruDelete %d (%s)",
1184 : file, VfdCache[file].fileName));
1185 :
1186 426378 : vfdP = &VfdCache[file];
1187 :
1188 : /*
1189 : * Close the file. We aren't expecting this to fail; if it does, better
1190 : * to leak the FD than to mess up our internal state.
1191 : */
1192 426378 : if (close(vfdP->fd) != 0)
1193 0 : elog(vfdP->fdstate & FD_TEMP_FILE_LIMIT ? LOG : data_sync_elevel(LOG),
1194 : "could not close file \"%s\": %m", vfdP->fileName);
1195 426378 : vfdP->fd = VFD_CLOSED;
1196 426378 : --nfile;
1197 :
1198 : /* delete the vfd record from the LRU ring */
1199 426378 : Delete(file);
1200 426378 : }
1201 :
1202 : static void
1203 2176178 : Insert(File file)
1204 : {
1205 : Vfd *vfdP;
1206 :
1207 : Assert(file != 0);
1208 :
1209 : DO_DB(elog(LOG, "Insert %d (%s)",
1210 : file, VfdCache[file].fileName));
1211 : DO_DB(_dump_lru());
1212 :
1213 2176178 : vfdP = &VfdCache[file];
1214 :
1215 2176178 : vfdP->lruMoreRecently = 0;
1216 2176178 : vfdP->lruLessRecently = VfdCache[0].lruLessRecently;
1217 2176178 : VfdCache[0].lruLessRecently = file;
1218 2176178 : VfdCache[vfdP->lruLessRecently].lruMoreRecently = file;
1219 :
1220 : DO_DB(_dump_lru());
1221 2176178 : }
1222 :
1223 : /* returns 0 on success, -1 on re-open failure (with errno set) */
1224 : static int
1225 222224 : LruInsert(File file)
1226 : {
1227 : Vfd *vfdP;
1228 :
1229 : Assert(file != 0);
1230 :
1231 : DO_DB(elog(LOG, "LruInsert %d (%s)",
1232 : file, VfdCache[file].fileName));
1233 :
1234 222224 : vfdP = &VfdCache[file];
1235 :
1236 222224 : if (FileIsNotOpen(file))
1237 : {
1238 : /* Close excess kernel FDs. */
1239 222224 : ReleaseLruFiles();
1240 :
1241 : /*
1242 : * The open could still fail for lack of file descriptors, eg due to
1243 : * overall system file table being full. So, be prepared to release
1244 : * another FD if necessary...
1245 : */
1246 222224 : vfdP->fd = BasicOpenFilePerm(vfdP->fileName, vfdP->fileFlags,
1247 : vfdP->fileMode);
1248 222224 : if (vfdP->fd < 0)
1249 : {
1250 : DO_DB(elog(LOG, "re-open failed: %m"));
1251 0 : return -1;
1252 : }
1253 : else
1254 : {
1255 222224 : ++nfile;
1256 : }
1257 : }
1258 :
1259 : /*
1260 : * put it at the head of the Lru ring
1261 : */
1262 :
1263 222224 : Insert(file);
1264 :
1265 222224 : return 0;
1266 : }
1267 :
1268 : /*
1269 : * Release one kernel FD by closing the least-recently-used VFD.
1270 : */
1271 : static bool
1272 426346 : ReleaseLruFile(void)
1273 : {
1274 : DO_DB(elog(LOG, "ReleaseLruFile. Opened %d", nfile));
1275 :
1276 426346 : if (nfile > 0)
1277 : {
1278 : /*
1279 : * There are opened files and so there should be at least one used vfd
1280 : * in the ring.
1281 : */
1282 : Assert(VfdCache[0].lruMoreRecently != 0);
1283 426346 : LruDelete(VfdCache[0].lruMoreRecently);
1284 426346 : return true; /* freed a file */
1285 : }
1286 0 : return false; /* no files available to free */
1287 : }
1288 :
1289 : /*
1290 : * Release kernel FDs as needed to get under the max_safe_fds limit.
1291 : * After calling this, it's OK to try to open another file.
1292 : */
1293 : static void
1294 3122822 : ReleaseLruFiles(void)
1295 : {
1296 3549168 : while (nfile + numAllocatedDescs + numExternalFDs >= max_safe_fds)
1297 : {
1298 426346 : if (!ReleaseLruFile())
1299 0 : break;
1300 : }
1301 3122822 : }
1302 :
1303 : static File
1304 1764548 : AllocateVfd(void)
1305 : {
1306 : Index i;
1307 : File file;
1308 :
1309 : DO_DB(elog(LOG, "AllocateVfd. Size %zu", SizeVfdCache));
1310 :
1311 : Assert(SizeVfdCache > 0); /* InitFileAccess not called? */
1312 :
1313 1764548 : if (VfdCache[0].nextFree == 0)
1314 : {
1315 : /*
1316 : * The free list is empty so it is time to increase the size of the
1317 : * array. We choose to double it each time this happens. However,
1318 : * there's not much point in starting *real* small.
1319 : */
1320 18660 : Size newCacheSize = SizeVfdCache * 2;
1321 : Vfd *newVfdCache;
1322 :
1323 18660 : if (newCacheSize < 32)
1324 12992 : newCacheSize = 32;
1325 :
1326 : /*
1327 : * Be careful not to clobber VfdCache ptr if realloc fails.
1328 : */
1329 18660 : newVfdCache = (Vfd *) realloc(VfdCache, sizeof(Vfd) * newCacheSize);
1330 18660 : if (newVfdCache == NULL)
1331 0 : ereport(ERROR,
1332 : (errcode(ERRCODE_OUT_OF_MEMORY),
1333 : errmsg("out of memory")));
1334 18660 : VfdCache = newVfdCache;
1335 :
1336 : /*
1337 : * Initialize the new entries and link them into the free list.
1338 : */
1339 859236 : for (i = SizeVfdCache; i < newCacheSize; i++)
1340 : {
1341 6724608 : MemSet((char *) &(VfdCache[i]), 0, sizeof(Vfd));
1342 840576 : VfdCache[i].nextFree = i + 1;
1343 840576 : VfdCache[i].fd = VFD_CLOSED;
1344 : }
1345 18660 : VfdCache[newCacheSize - 1].nextFree = 0;
1346 18660 : VfdCache[0].nextFree = SizeVfdCache;
1347 :
1348 : /*
1349 : * Record the new size
1350 : */
1351 18660 : SizeVfdCache = newCacheSize;
1352 : }
1353 :
1354 1764548 : file = VfdCache[0].nextFree;
1355 :
1356 1764548 : VfdCache[0].nextFree = VfdCache[file].nextFree;
1357 :
1358 1764548 : return file;
1359 : }
1360 :
1361 : static void
1362 1460400 : FreeVfd(File file)
1363 : {
1364 1460400 : Vfd *vfdP = &VfdCache[file];
1365 :
1366 : DO_DB(elog(LOG, "FreeVfd: %d (%s)",
1367 : file, vfdP->fileName ? vfdP->fileName : ""));
1368 :
1369 1460400 : if (vfdP->fileName != NULL)
1370 : {
1371 1074464 : free(vfdP->fileName);
1372 1074464 : vfdP->fileName = NULL;
1373 : }
1374 1460400 : vfdP->fdstate = 0x0;
1375 :
1376 1460400 : vfdP->nextFree = VfdCache[0].nextFree;
1377 1460400 : VfdCache[0].nextFree = file;
1378 1460400 : }
1379 :
1380 : /* returns 0 on success, -1 on re-open failure (with errno set) */
1381 : static int
1382 3132156 : FileAccess(File file)
1383 : {
1384 : int returnValue;
1385 :
1386 : DO_DB(elog(LOG, "FileAccess %d (%s)",
1387 : file, VfdCache[file].fileName));
1388 :
1389 : /*
1390 : * Is the file open? If not, open it and put it at the head of the LRU
1391 : * ring (possibly closing the least recently used file to get an FD).
1392 : */
1393 :
1394 3132156 : if (FileIsNotOpen(file))
1395 : {
1396 222224 : returnValue = LruInsert(file);
1397 222224 : if (returnValue != 0)
1398 0 : return returnValue;
1399 : }
1400 2909932 : else if (VfdCache[0].lruLessRecently != file)
1401 : {
1402 : /*
1403 : * We now know that the file is open and that it is not the last one
1404 : * accessed, so we need to move it to the head of the Lru ring.
1405 : */
1406 :
1407 575342 : Delete(file);
1408 575342 : Insert(file);
1409 : }
1410 :
1411 3132156 : return 0;
1412 : }
1413 :
1414 : /*
1415 : * Called whenever a temporary file is deleted to report its size.
1416 : */
1417 : static void
1418 3334 : ReportTemporaryFileUsage(const char *path, off_t size)
1419 : {
1420 3334 : pgstat_report_tempfile(size);
1421 :
1422 3334 : if (log_temp_files >= 0)
1423 : {
1424 1548 : if ((size / 1024) >= log_temp_files)
1425 238 : ereport(LOG,
1426 : (errmsg("temporary file: path \"%s\", size %lu",
1427 : path, (unsigned long) size)));
1428 : }
1429 3334 : }
1430 :
1431 : /*
1432 : * Called to register a temporary file for automatic close.
1433 : * ResourceOwnerEnlargeFiles(CurrentResourceOwner) must have been called
1434 : * before the file was opened.
1435 : */
1436 : static void
1437 5474 : RegisterTemporaryFile(File file)
1438 : {
1439 5474 : ResourceOwnerRememberFile(CurrentResourceOwner, file);
1440 5474 : VfdCache[file].resowner = CurrentResourceOwner;
1441 :
1442 : /* Backup mechanism for closing at end of xact. */
1443 5474 : VfdCache[file].fdstate |= FD_CLOSE_AT_EOXACT;
1444 5474 : have_xact_temporary_files = true;
1445 5474 : }
1446 :
1447 : /*
1448 : * Called when we get a shared invalidation message on some relation.
1449 : */
1450 : #ifdef NOT_USED
1451 : void
1452 : FileInvalidate(File file)
1453 : {
1454 : Assert(FileIsValid(file));
1455 : if (!FileIsNotOpen(file))
1456 : LruDelete(file);
1457 : }
1458 : #endif
1459 :
1460 : /*
1461 : * Open a file with PathNameOpenFilePerm() and pass default file mode for the
1462 : * fileMode parameter.
1463 : */
1464 : File
1465 1764548 : PathNameOpenFile(const char *fileName, int fileFlags)
1466 : {
1467 1764548 : return PathNameOpenFilePerm(fileName, fileFlags, pg_file_create_mode);
1468 : }
1469 :
1470 : /*
1471 : * open a file in an arbitrary directory
1472 : *
1473 : * NB: if the passed pathname is relative (which it usually is),
1474 : * it will be interpreted relative to the process' working directory
1475 : * (which should always be $PGDATA when this code is running).
1476 : */
1477 : File
1478 1764548 : PathNameOpenFilePerm(const char *fileName, int fileFlags, mode_t fileMode)
1479 : {
1480 : char *fnamecopy;
1481 : File file;
1482 : Vfd *vfdP;
1483 :
1484 : DO_DB(elog(LOG, "PathNameOpenFilePerm: %s %x %o",
1485 : fileName, fileFlags, fileMode));
1486 :
1487 : /*
1488 : * We need a malloc'd copy of the file name; fail cleanly if no room.
1489 : */
1490 1764548 : fnamecopy = strdup(fileName);
1491 1764548 : if (fnamecopy == NULL)
1492 0 : ereport(ERROR,
1493 : (errcode(ERRCODE_OUT_OF_MEMORY),
1494 : errmsg("out of memory")));
1495 :
1496 1764548 : file = AllocateVfd();
1497 1764548 : vfdP = &VfdCache[file];
1498 :
1499 : /* Close excess kernel FDs. */
1500 1764548 : ReleaseLruFiles();
1501 :
1502 1764548 : vfdP->fd = BasicOpenFilePerm(fileName, fileFlags, fileMode);
1503 :
1504 1764548 : if (vfdP->fd < 0)
1505 : {
1506 385936 : int save_errno = errno;
1507 :
1508 385936 : FreeVfd(file);
1509 385936 : free(fnamecopy);
1510 385936 : errno = save_errno;
1511 385936 : return -1;
1512 : }
1513 1378612 : ++nfile;
1514 : DO_DB(elog(LOG, "PathNameOpenFile: success %d",
1515 : vfdP->fd));
1516 :
1517 1378612 : vfdP->fileName = fnamecopy;
1518 : /* Saved flags are adjusted to be OK for re-opening file */
1519 1378612 : vfdP->fileFlags = fileFlags & ~(O_CREAT | O_TRUNC | O_EXCL);
1520 1378612 : vfdP->fileMode = fileMode;
1521 1378612 : vfdP->fileSize = 0;
1522 1378612 : vfdP->fdstate = 0x0;
1523 1378612 : vfdP->resowner = NULL;
1524 :
1525 1378612 : Insert(file);
1526 :
1527 1378612 : return file;
1528 : }
1529 :
1530 : /*
1531 : * Create directory 'directory'. If necessary, create 'basedir', which must
1532 : * be the directory above it. This is designed for creating the top-level
1533 : * temporary directory on demand before creating a directory underneath it.
1534 : * Do nothing if the directory already exists.
1535 : *
1536 : * Directories created within the top-level temporary directory should begin
1537 : * with PG_TEMP_FILE_PREFIX, so that they can be identified as temporary and
1538 : * deleted at startup by RemovePgTempFiles(). Further subdirectories below
1539 : * that do not need any particular prefix.
1540 : */
1541 : void
1542 226 : PathNameCreateTemporaryDir(const char *basedir, const char *directory)
1543 : {
1544 226 : if (MakePGDirectory(directory) < 0)
1545 : {
1546 22 : if (errno == EEXIST)
1547 10 : return;
1548 :
1549 : /*
1550 : * Failed. Try to create basedir first in case it's missing. Tolerate
1551 : * EEXIST to close a race against another process following the same
1552 : * algorithm.
1553 : */
1554 12 : if (MakePGDirectory(basedir) < 0 && errno != EEXIST)
1555 0 : ereport(ERROR,
1556 : (errcode_for_file_access(),
1557 : errmsg("cannot create temporary directory \"%s\": %m",
1558 : basedir)));
1559 :
1560 : /* Try again. */
1561 12 : if (MakePGDirectory(directory) < 0 && errno != EEXIST)
1562 0 : ereport(ERROR,
1563 : (errcode_for_file_access(),
1564 : errmsg("cannot create temporary subdirectory \"%s\": %m",
1565 : directory)));
1566 : }
1567 : }
1568 :
1569 : /*
1570 : * Delete a directory and everything in it, if it exists.
1571 : */
1572 : void
1573 256 : PathNameDeleteTemporaryDir(const char *dirname)
1574 : {
1575 : struct stat statbuf;
1576 :
1577 : /* Silently ignore missing directory. */
1578 256 : if (stat(dirname, &statbuf) != 0 && errno == ENOENT)
1579 40 : return;
1580 :
1581 : /*
1582 : * Currently, walkdir doesn't offer a way for our passed in function to
1583 : * maintain state. Perhaps it should, so that we could tell the caller
1584 : * whether this operation succeeded or failed. Since this operation is
1585 : * used in a cleanup path, we wouldn't actually behave differently: we'll
1586 : * just log failures.
1587 : */
1588 216 : walkdir(dirname, unlink_if_exists_fname, false, LOG);
1589 : }
1590 :
1591 : /*
1592 : * Open a temporary file that will disappear when we close it.
1593 : *
1594 : * This routine takes care of generating an appropriate tempfile name.
1595 : * There's no need to pass in fileFlags or fileMode either, since only
1596 : * one setting makes any sense for a temp file.
1597 : *
1598 : * Unless interXact is true, the file is remembered by CurrentResourceOwner
1599 : * to ensure it's closed and deleted when it's no longer needed, typically at
1600 : * the end-of-transaction. In most cases, you don't want temporary files to
1601 : * outlive the transaction that created them, so this should be false -- but
1602 : * if you need "somewhat" temporary storage, this might be useful. In either
1603 : * case, the file is removed when the File is explicitly closed.
1604 : */
1605 : File
1606 1878 : OpenTemporaryFile(bool interXact)
1607 : {
1608 1878 : File file = 0;
1609 :
1610 : /*
1611 : * Make sure the current resource owner has space for this File before we
1612 : * open it, if we'll be registering it below.
1613 : */
1614 1878 : if (!interXact)
1615 1874 : ResourceOwnerEnlargeFiles(CurrentResourceOwner);
1616 :
1617 : /*
1618 : * If some temp tablespace(s) have been given to us, try to use the next
1619 : * one. If a given tablespace can't be found, we silently fall back to
1620 : * the database's default tablespace.
1621 : *
1622 : * BUT: if the temp file is slated to outlive the current transaction,
1623 : * force it into the database's default tablespace, so that it will not
1624 : * pose a threat to possible tablespace drop attempts.
1625 : */
1626 1878 : if (numTempTableSpaces > 0 && !interXact)
1627 : {
1628 0 : Oid tblspcOid = GetNextTempTableSpace();
1629 :
1630 0 : if (OidIsValid(tblspcOid))
1631 0 : file = OpenTemporaryFileInTablespace(tblspcOid, false);
1632 : }
1633 :
1634 : /*
1635 : * If not, or if tablespace is bad, create in database's default
1636 : * tablespace. MyDatabaseTableSpace should normally be set before we get
1637 : * here, but just in case it isn't, fall back to pg_default tablespace.
1638 : */
1639 1878 : if (file <= 0)
1640 1878 : file = OpenTemporaryFileInTablespace(MyDatabaseTableSpace ?
1641 : MyDatabaseTableSpace :
1642 : DEFAULTTABLESPACE_OID,
1643 : true);
1644 :
1645 : /* Mark it for deletion at close and temporary file size limit */
1646 1878 : VfdCache[file].fdstate |= FD_DELETE_AT_CLOSE | FD_TEMP_FILE_LIMIT;
1647 :
1648 : /* Register it with the current resource owner */
1649 1878 : if (!interXact)
1650 1874 : RegisterTemporaryFile(file);
1651 :
1652 1878 : return file;
1653 : }
1654 :
1655 : /*
1656 : * Return the path of the temp directory in a given tablespace.
1657 : */
1658 : void
1659 9786 : TempTablespacePath(char *path, Oid tablespace)
1660 : {
1661 : /*
1662 : * Identify the tempfile directory for this tablespace.
1663 : *
1664 : * If someone tries to specify pg_global, use pg_default instead.
1665 : */
1666 9786 : if (tablespace == InvalidOid ||
1667 0 : tablespace == DEFAULTTABLESPACE_OID ||
1668 : tablespace == GLOBALTABLESPACE_OID)
1669 9786 : snprintf(path, MAXPGPATH, "base/%s", PG_TEMP_FILES_DIR);
1670 : else
1671 : {
1672 : /* All other tablespaces are accessed via symlinks */
1673 0 : snprintf(path, MAXPGPATH, "pg_tblspc/%u/%s/%s",
1674 : tablespace, TABLESPACE_VERSION_DIRECTORY,
1675 : PG_TEMP_FILES_DIR);
1676 : }
1677 9786 : }
1678 :
1679 : /*
1680 : * Open a temporary file in a specific tablespace.
1681 : * Subroutine for OpenTemporaryFile, which see for details.
1682 : */
1683 : static File
1684 1878 : OpenTemporaryFileInTablespace(Oid tblspcOid, bool rejectError)
1685 : {
1686 : char tempdirpath[MAXPGPATH];
1687 : char tempfilepath[MAXPGPATH];
1688 : File file;
1689 :
1690 1878 : TempTablespacePath(tempdirpath, tblspcOid);
1691 :
1692 : /*
1693 : * Generate a tempfile name that should be unique within the current
1694 : * database instance.
1695 : */
1696 1878 : snprintf(tempfilepath, sizeof(tempfilepath), "%s/%s%d.%ld",
1697 : tempdirpath, PG_TEMP_FILE_PREFIX, MyProcPid, tempFileCounter++);
1698 :
1699 : /*
1700 : * Open the file. Note: we don't use O_EXCL, in case there is an orphaned
1701 : * temp file that can be reused.
1702 : */
1703 1878 : file = PathNameOpenFile(tempfilepath,
1704 : O_RDWR | O_CREAT | O_TRUNC | PG_BINARY);
1705 1878 : if (file <= 0)
1706 : {
1707 : /*
1708 : * We might need to create the tablespace's tempfile directory, if no
1709 : * one has yet done so.
1710 : *
1711 : * Don't check for an error from MakePGDirectory; it could fail if
1712 : * someone else just did the same thing. If it doesn't work then
1713 : * we'll bomb out on the second create attempt, instead.
1714 : */
1715 92 : (void) MakePGDirectory(tempdirpath);
1716 :
1717 92 : file = PathNameOpenFile(tempfilepath,
1718 : O_RDWR | O_CREAT | O_TRUNC | PG_BINARY);
1719 92 : if (file <= 0 && rejectError)
1720 0 : elog(ERROR, "could not create temporary file \"%s\": %m",
1721 : tempfilepath);
1722 : }
1723 :
1724 1878 : return file;
1725 : }
1726 :
1727 :
1728 : /*
1729 : * Create a new file. The directory containing it must already exist. Files
1730 : * created this way are subject to temp_file_limit and are automatically
1731 : * closed at end of transaction, but are not automatically deleted on close
1732 : * because they are intended to be shared between cooperating backends.
1733 : *
1734 : * If the file is inside the top-level temporary directory, its name should
1735 : * begin with PG_TEMP_FILE_PREFIX so that it can be identified as temporary
1736 : * and deleted at startup by RemovePgTempFiles(). Alternatively, it can be
1737 : * inside a directory created with PathNameCreateTemporaryDir(), in which case
1738 : * the prefix isn't needed.
1739 : */
1740 : File
1741 1682 : PathNameCreateTemporaryFile(const char *path, bool error_on_failure)
1742 : {
1743 : File file;
1744 :
1745 1682 : ResourceOwnerEnlargeFiles(CurrentResourceOwner);
1746 :
1747 : /*
1748 : * Open the file. Note: we don't use O_EXCL, in case there is an orphaned
1749 : * temp file that can be reused.
1750 : */
1751 1682 : file = PathNameOpenFile(path, O_RDWR | O_CREAT | O_TRUNC | PG_BINARY);
1752 1682 : if (file <= 0)
1753 : {
1754 226 : if (error_on_failure)
1755 0 : ereport(ERROR,
1756 : (errcode_for_file_access(),
1757 : errmsg("could not create temporary file \"%s\": %m",
1758 : path)));
1759 : else
1760 226 : return file;
1761 : }
1762 :
1763 : /* Mark it for temp_file_limit accounting. */
1764 1456 : VfdCache[file].fdstate |= FD_TEMP_FILE_LIMIT;
1765 :
1766 : /* Register it for automatic close. */
1767 1456 : RegisterTemporaryFile(file);
1768 :
1769 1456 : return file;
1770 : }
1771 :
1772 : /*
1773 : * Open a file that was created with PathNameCreateTemporaryFile, possibly in
1774 : * another backend. Files opened this way don't count against the
1775 : * temp_file_limit of the caller, are automatically closed at the end of the
1776 : * transaction but are not deleted on close.
1777 : */
1778 : File
1779 4288 : PathNameOpenTemporaryFile(const char *path, int mode)
1780 : {
1781 : File file;
1782 :
1783 4288 : ResourceOwnerEnlargeFiles(CurrentResourceOwner);
1784 :
1785 4288 : file = PathNameOpenFile(path, mode | PG_BINARY);
1786 :
1787 : /* If no such file, then we don't raise an error. */
1788 4288 : if (file <= 0 && errno != ENOENT)
1789 0 : ereport(ERROR,
1790 : (errcode_for_file_access(),
1791 : errmsg("could not open temporary file \"%s\": %m",
1792 : path)));
1793 :
1794 4288 : if (file > 0)
1795 : {
1796 : /* Register it for automatic close. */
1797 2144 : RegisterTemporaryFile(file);
1798 : }
1799 :
1800 4288 : return file;
1801 : }
1802 :
1803 : /*
1804 : * Delete a file by pathname. Return true if the file existed, false if
1805 : * didn't.
1806 : */
1807 : bool
1808 2912 : PathNameDeleteTemporaryFile(const char *path, bool error_on_failure)
1809 : {
1810 : struct stat filestats;
1811 : int stat_errno;
1812 :
1813 : /* Get the final size for pgstat reporting. */
1814 2912 : if (stat(path, &filestats) != 0)
1815 1456 : stat_errno = errno;
1816 : else
1817 1456 : stat_errno = 0;
1818 :
1819 : /*
1820 : * Unlike FileClose's automatic file deletion code, we tolerate
1821 : * non-existence to support BufFileDeleteShared which doesn't know how
1822 : * many segments it has to delete until it runs out.
1823 : */
1824 2912 : if (stat_errno == ENOENT)
1825 1456 : return false;
1826 :
1827 1456 : if (unlink(path) < 0)
1828 : {
1829 0 : if (errno != ENOENT)
1830 0 : ereport(error_on_failure ? ERROR : LOG,
1831 : (errcode_for_file_access(),
1832 : errmsg("could not unlink temporary file \"%s\": %m",
1833 : path)));
1834 0 : return false;
1835 : }
1836 :
1837 1456 : if (stat_errno == 0)
1838 1456 : ReportTemporaryFileUsage(path, filestats.st_size);
1839 : else
1840 : {
1841 0 : errno = stat_errno;
1842 0 : ereport(LOG,
1843 : (errcode_for_file_access(),
1844 : errmsg("could not stat file \"%s\": %m", path)));
1845 : }
1846 :
1847 1456 : return true;
1848 : }
1849 :
1850 : /*
1851 : * close a file when done with it
1852 : */
1853 : void
1854 1074464 : FileClose(File file)
1855 : {
1856 : Vfd *vfdP;
1857 :
1858 : Assert(FileIsValid(file));
1859 :
1860 : DO_DB(elog(LOG, "FileClose: %d (%s)",
1861 : file, VfdCache[file].fileName));
1862 :
1863 1074464 : vfdP = &VfdCache[file];
1864 :
1865 1074464 : if (!FileIsNotOpen(file))
1866 : {
1867 : /* close the file */
1868 948998 : if (close(vfdP->fd) != 0)
1869 : {
1870 : /*
1871 : * We may need to panic on failure to close non-temporary files;
1872 : * see LruDelete.
1873 : */
1874 0 : elog(vfdP->fdstate & FD_TEMP_FILE_LIMIT ? LOG : data_sync_elevel(LOG),
1875 : "could not close file \"%s\": %m", vfdP->fileName);
1876 : }
1877 :
1878 948998 : --nfile;
1879 948998 : vfdP->fd = VFD_CLOSED;
1880 :
1881 : /* remove the file from the lru ring */
1882 948998 : Delete(file);
1883 : }
1884 :
1885 1074464 : if (vfdP->fdstate & FD_TEMP_FILE_LIMIT)
1886 : {
1887 : /* Subtract its size from current usage (do first in case of error) */
1888 3334 : temporary_files_size -= vfdP->fileSize;
1889 3334 : vfdP->fileSize = 0;
1890 : }
1891 :
1892 : /*
1893 : * Delete the file if it was temporary, and make a log entry if wanted
1894 : */
1895 1074464 : if (vfdP->fdstate & FD_DELETE_AT_CLOSE)
1896 : {
1897 : struct stat filestats;
1898 : int stat_errno;
1899 :
1900 : /*
1901 : * If we get an error, as could happen within the ereport/elog calls,
1902 : * we'll come right back here during transaction abort. Reset the
1903 : * flag to ensure that we can't get into an infinite loop. This code
1904 : * is arranged to ensure that the worst-case consequence is failing to
1905 : * emit log message(s), not failing to attempt the unlink.
1906 : */
1907 1878 : vfdP->fdstate &= ~FD_DELETE_AT_CLOSE;
1908 :
1909 :
1910 : /* first try the stat() */
1911 1878 : if (stat(vfdP->fileName, &filestats))
1912 0 : stat_errno = errno;
1913 : else
1914 1878 : stat_errno = 0;
1915 :
1916 : /* in any case do the unlink */
1917 1878 : if (unlink(vfdP->fileName))
1918 0 : ereport(LOG,
1919 : (errcode_for_file_access(),
1920 : errmsg("could not delete file \"%s\": %m", vfdP->fileName)));
1921 :
1922 : /* and last report the stat results */
1923 1878 : if (stat_errno == 0)
1924 1878 : ReportTemporaryFileUsage(vfdP->fileName, filestats.st_size);
1925 : else
1926 : {
1927 0 : errno = stat_errno;
1928 0 : ereport(LOG,
1929 : (errcode_for_file_access(),
1930 : errmsg("could not stat file \"%s\": %m", vfdP->fileName)));
1931 : }
1932 : }
1933 :
1934 : /* Unregister it from the resource owner */
1935 1074464 : if (vfdP->resowner)
1936 5474 : ResourceOwnerForgetFile(vfdP->resowner, file);
1937 :
1938 : /*
1939 : * Return the Vfd slot to the free list
1940 : */
1941 1074464 : FreeVfd(file);
1942 1074464 : }
1943 :
1944 : /*
1945 : * FilePrefetch - initiate asynchronous read of a given range of the file.
1946 : *
1947 : * Currently the only implementation of this function is using posix_fadvise
1948 : * which is the simplest standardized interface that accomplishes this.
1949 : * We could add an implementation using libaio in the future; but note that
1950 : * this API is inappropriate for libaio, which wants to have a buffer provided
1951 : * to read into.
1952 : */
1953 : int
1954 556 : FilePrefetch(File file, off_t offset, int amount, uint32 wait_event_info)
1955 : {
1956 : #if defined(USE_POSIX_FADVISE) && defined(POSIX_FADV_WILLNEED)
1957 : int returnCode;
1958 :
1959 : Assert(FileIsValid(file));
1960 :
1961 : DO_DB(elog(LOG, "FilePrefetch: %d (%s) " INT64_FORMAT " %d",
1962 : file, VfdCache[file].fileName,
1963 : (int64) offset, amount));
1964 :
1965 556 : returnCode = FileAccess(file);
1966 556 : if (returnCode < 0)
1967 0 : return returnCode;
1968 :
1969 556 : pgstat_report_wait_start(wait_event_info);
1970 556 : returnCode = posix_fadvise(VfdCache[file].fd, offset, amount,
1971 : POSIX_FADV_WILLNEED);
1972 556 : pgstat_report_wait_end();
1973 :
1974 556 : return returnCode;
1975 : #else
1976 : Assert(FileIsValid(file));
1977 : return 0;
1978 : #endif
1979 : }
1980 :
1981 : void
1982 185770 : FileWriteback(File file, off_t offset, off_t nbytes, uint32 wait_event_info)
1983 : {
1984 : int returnCode;
1985 :
1986 : Assert(FileIsValid(file));
1987 :
1988 : DO_DB(elog(LOG, "FileWriteback: %d (%s) " INT64_FORMAT " " INT64_FORMAT,
1989 : file, VfdCache[file].fileName,
1990 : (int64) offset, (int64) nbytes));
1991 :
1992 185770 : if (nbytes <= 0)
1993 0 : return;
1994 :
1995 185770 : returnCode = FileAccess(file);
1996 185770 : if (returnCode < 0)
1997 0 : return;
1998 :
1999 185770 : pgstat_report_wait_start(wait_event_info);
2000 185770 : pg_flush_data(VfdCache[file].fd, offset, nbytes);
2001 185770 : pgstat_report_wait_end();
2002 : }
2003 :
2004 : int
2005 1322432 : FileRead(File file, char *buffer, int amount, off_t offset,
2006 : uint32 wait_event_info)
2007 : {
2008 : int returnCode;
2009 : Vfd *vfdP;
2010 :
2011 : Assert(FileIsValid(file));
2012 :
2013 : DO_DB(elog(LOG, "FileRead: %d (%s) " INT64_FORMAT " %d %p",
2014 : file, VfdCache[file].fileName,
2015 : (int64) offset,
2016 : amount, buffer));
2017 :
2018 1322432 : returnCode = FileAccess(file);
2019 1322432 : if (returnCode < 0)
2020 0 : return returnCode;
2021 :
2022 1322432 : vfdP = &VfdCache[file];
2023 :
2024 1322432 : retry:
2025 1322432 : pgstat_report_wait_start(wait_event_info);
2026 1322432 : returnCode = pg_pread(vfdP->fd, buffer, amount, offset);
2027 1322432 : pgstat_report_wait_end();
2028 :
2029 1322432 : if (returnCode < 0)
2030 : {
2031 : /*
2032 : * Windows may run out of kernel buffers and return "Insufficient
2033 : * system resources" error. Wait a bit and retry to solve it.
2034 : *
2035 : * It is rumored that EINTR is also possible on some Unix filesystems,
2036 : * in which case immediate retry is indicated.
2037 : */
2038 : #ifdef WIN32
2039 : DWORD error = GetLastError();
2040 :
2041 : switch (error)
2042 : {
2043 : case ERROR_NO_SYSTEM_RESOURCES:
2044 : pg_usleep(1000L);
2045 : errno = EINTR;
2046 : break;
2047 : default:
2048 : _dosmaperr(error);
2049 : break;
2050 : }
2051 : #endif
2052 : /* OK to retry if interrupted */
2053 0 : if (errno == EINTR)
2054 0 : goto retry;
2055 : }
2056 :
2057 1322432 : return returnCode;
2058 : }
2059 :
2060 : int
2061 1405602 : FileWrite(File file, char *buffer, int amount, off_t offset,
2062 : uint32 wait_event_info)
2063 : {
2064 : int returnCode;
2065 : Vfd *vfdP;
2066 :
2067 : Assert(FileIsValid(file));
2068 :
2069 : DO_DB(elog(LOG, "FileWrite: %d (%s) " INT64_FORMAT " %d %p",
2070 : file, VfdCache[file].fileName,
2071 : (int64) offset,
2072 : amount, buffer));
2073 :
2074 1405602 : returnCode = FileAccess(file);
2075 1405602 : if (returnCode < 0)
2076 0 : return returnCode;
2077 :
2078 1405602 : vfdP = &VfdCache[file];
2079 :
2080 : /*
2081 : * If enforcing temp_file_limit and it's a temp file, check to see if the
2082 : * write would overrun temp_file_limit, and throw error if so. Note: it's
2083 : * really a modularity violation to throw error here; we should set errno
2084 : * and return -1. However, there's no way to report a suitable error
2085 : * message if we do that. All current callers would just throw error
2086 : * immediately anyway, so this is safe at present.
2087 : */
2088 1405602 : if (temp_file_limit >= 0 && (vfdP->fdstate & FD_TEMP_FILE_LIMIT))
2089 : {
2090 0 : off_t past_write = offset + amount;
2091 :
2092 0 : if (past_write > vfdP->fileSize)
2093 : {
2094 0 : uint64 newTotal = temporary_files_size;
2095 :
2096 0 : newTotal += past_write - vfdP->fileSize;
2097 0 : if (newTotal > (uint64) temp_file_limit * (uint64) 1024)
2098 0 : ereport(ERROR,
2099 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
2100 : errmsg("temporary file size exceeds temp_file_limit (%dkB)",
2101 : temp_file_limit)));
2102 : }
2103 : }
2104 :
2105 1405602 : retry:
2106 1405602 : errno = 0;
2107 1405602 : pgstat_report_wait_start(wait_event_info);
2108 1405602 : returnCode = pg_pwrite(VfdCache[file].fd, buffer, amount, offset);
2109 1405602 : pgstat_report_wait_end();
2110 :
2111 : /* if write didn't set errno, assume problem is no disk space */
2112 1405602 : if (returnCode != amount && errno == 0)
2113 0 : errno = ENOSPC;
2114 :
2115 1405602 : if (returnCode >= 0)
2116 : {
2117 : /*
2118 : * Maintain fileSize and temporary_files_size if it's a temp file.
2119 : */
2120 1405602 : if (vfdP->fdstate & FD_TEMP_FILE_LIMIT)
2121 : {
2122 81398 : off_t past_write = offset + amount;
2123 :
2124 81398 : if (past_write > vfdP->fileSize)
2125 : {
2126 57086 : temporary_files_size += past_write - vfdP->fileSize;
2127 57086 : vfdP->fileSize = past_write;
2128 : }
2129 : }
2130 : }
2131 : else
2132 : {
2133 : /*
2134 : * See comments in FileRead()
2135 : */
2136 : #ifdef WIN32
2137 : DWORD error = GetLastError();
2138 :
2139 : switch (error)
2140 : {
2141 : case ERROR_NO_SYSTEM_RESOURCES:
2142 : pg_usleep(1000L);
2143 : errno = EINTR;
2144 : break;
2145 : default:
2146 : _dosmaperr(error);
2147 : break;
2148 : }
2149 : #endif
2150 : /* OK to retry if interrupted */
2151 0 : if (errno == EINTR)
2152 0 : goto retry;
2153 : }
2154 :
2155 1405602 : return returnCode;
2156 : }
2157 :
2158 : int
2159 79886 : FileSync(File file, uint32 wait_event_info)
2160 : {
2161 : int returnCode;
2162 :
2163 : Assert(FileIsValid(file));
2164 :
2165 : DO_DB(elog(LOG, "FileSync: %d (%s)",
2166 : file, VfdCache[file].fileName));
2167 :
2168 79886 : returnCode = FileAccess(file);
2169 79886 : if (returnCode < 0)
2170 0 : return returnCode;
2171 :
2172 79886 : pgstat_report_wait_start(wait_event_info);
2173 79886 : returnCode = pg_fsync(VfdCache[file].fd);
2174 79886 : pgstat_report_wait_end();
2175 :
2176 79886 : return returnCode;
2177 : }
2178 :
2179 : off_t
2180 4071136 : FileSize(File file)
2181 : {
2182 : Assert(FileIsValid(file));
2183 :
2184 : DO_DB(elog(LOG, "FileSize %d (%s)",
2185 : file, VfdCache[file].fileName));
2186 :
2187 4071136 : if (FileIsNotOpen(file))
2188 : {
2189 136124 : if (FileAccess(file) < 0)
2190 0 : return (off_t) -1;
2191 : }
2192 :
2193 4071136 : return lseek(VfdCache[file].fd, 0, SEEK_END);
2194 : }
2195 :
2196 : int
2197 1786 : FileTruncate(File file, off_t offset, uint32 wait_event_info)
2198 : {
2199 : int returnCode;
2200 :
2201 : Assert(FileIsValid(file));
2202 :
2203 : DO_DB(elog(LOG, "FileTruncate %d (%s)",
2204 : file, VfdCache[file].fileName));
2205 :
2206 1786 : returnCode = FileAccess(file);
2207 1786 : if (returnCode < 0)
2208 0 : return returnCode;
2209 :
2210 1786 : pgstat_report_wait_start(wait_event_info);
2211 1786 : returnCode = ftruncate(VfdCache[file].fd, offset);
2212 1786 : pgstat_report_wait_end();
2213 :
2214 1786 : if (returnCode == 0 && VfdCache[file].fileSize > offset)
2215 : {
2216 : /* adjust our state for truncation of a temp file */
2217 : Assert(VfdCache[file].fdstate & FD_TEMP_FILE_LIMIT);
2218 0 : temporary_files_size -= VfdCache[file].fileSize - offset;
2219 0 : VfdCache[file].fileSize = offset;
2220 : }
2221 :
2222 1786 : return returnCode;
2223 : }
2224 :
2225 : /*
2226 : * Return the pathname associated with an open file.
2227 : *
2228 : * The returned string points to an internal buffer, which is valid until
2229 : * the file is closed.
2230 : */
2231 : char *
2232 46 : FilePathName(File file)
2233 : {
2234 : Assert(FileIsValid(file));
2235 :
2236 46 : return VfdCache[file].fileName;
2237 : }
2238 :
2239 : /*
2240 : * Return the raw file descriptor of an opened file.
2241 : *
2242 : * The returned file descriptor will be valid until the file is closed, but
2243 : * there are a lot of things that can make that happen. So the caller should
2244 : * be careful not to do much of anything else before it finishes using the
2245 : * returned file descriptor.
2246 : */
2247 : int
2248 0 : FileGetRawDesc(File file)
2249 : {
2250 : Assert(FileIsValid(file));
2251 0 : return VfdCache[file].fd;
2252 : }
2253 :
2254 : /*
2255 : * FileGetRawFlags - returns the file flags on open(2)
2256 : */
2257 : int
2258 0 : FileGetRawFlags(File file)
2259 : {
2260 : Assert(FileIsValid(file));
2261 0 : return VfdCache[file].fileFlags;
2262 : }
2263 :
2264 : /*
2265 : * FileGetRawMode - returns the mode bitmask passed to open(2)
2266 : */
2267 : mode_t
2268 0 : FileGetRawMode(File file)
2269 : {
2270 : Assert(FileIsValid(file));
2271 0 : return VfdCache[file].fileMode;
2272 : }
2273 :
2274 : /*
2275 : * Make room for another allocatedDescs[] array entry if needed and possible.
2276 : * Returns true if an array element is available.
2277 : */
2278 : static bool
2279 1018736 : reserveAllocatedDesc(void)
2280 : {
2281 : AllocateDesc *newDescs;
2282 : int newMax;
2283 :
2284 : /* Quick out if array already has a free slot. */
2285 1018736 : if (numAllocatedDescs < maxAllocatedDescs)
2286 1016262 : return true;
2287 :
2288 : /*
2289 : * If the array hasn't yet been created in the current process, initialize
2290 : * it with FD_MINFREE / 3 elements. In many scenarios this is as many as
2291 : * we will ever need, anyway. We don't want to look at max_safe_fds
2292 : * immediately because set_max_safe_fds() may not have run yet.
2293 : */
2294 2474 : if (allocatedDescs == NULL)
2295 : {
2296 2474 : newMax = FD_MINFREE / 3;
2297 2474 : newDescs = (AllocateDesc *) malloc(newMax * sizeof(AllocateDesc));
2298 : /* Out of memory already? Treat as fatal error. */
2299 2474 : if (newDescs == NULL)
2300 0 : ereport(ERROR,
2301 : (errcode(ERRCODE_OUT_OF_MEMORY),
2302 : errmsg("out of memory")));
2303 2474 : allocatedDescs = newDescs;
2304 2474 : maxAllocatedDescs = newMax;
2305 2474 : return true;
2306 : }
2307 :
2308 : /*
2309 : * Consider enlarging the array beyond the initial allocation used above.
2310 : * By the time this happens, max_safe_fds should be known accurately.
2311 : *
2312 : * We mustn't let allocated descriptors hog all the available FDs, and in
2313 : * practice we'd better leave a reasonable number of FDs for VFD use. So
2314 : * set the maximum to max_safe_fds / 3. (This should certainly be at
2315 : * least as large as the initial size, FD_MINFREE / 3, so we aren't
2316 : * tightening the restriction here.) Recall that "external" FDs are
2317 : * allowed to consume another third of max_safe_fds.
2318 : */
2319 0 : newMax = max_safe_fds / 3;
2320 0 : if (newMax > maxAllocatedDescs)
2321 : {
2322 0 : newDescs = (AllocateDesc *) realloc(allocatedDescs,
2323 : newMax * sizeof(AllocateDesc));
2324 : /* Treat out-of-memory as a non-fatal error. */
2325 0 : if (newDescs == NULL)
2326 0 : return false;
2327 0 : allocatedDescs = newDescs;
2328 0 : maxAllocatedDescs = newMax;
2329 0 : return true;
2330 : }
2331 :
2332 : /* Can't enlarge allocatedDescs[] any more. */
2333 0 : return false;
2334 : }
2335 :
2336 : /*
2337 : * Routines that want to use stdio (ie, FILE*) should use AllocateFile
2338 : * rather than plain fopen(). This lets fd.c deal with freeing FDs if
2339 : * necessary to open the file. When done, call FreeFile rather than fclose.
2340 : *
2341 : * Note that files that will be open for any significant length of time
2342 : * should NOT be handled this way, since they cannot share kernel file
2343 : * descriptors with other files; there is grave risk of running out of FDs
2344 : * if anyone locks down too many FDs. Most callers of this routine are
2345 : * simply reading a config file that they will read and close immediately.
2346 : *
2347 : * fd.c will automatically close all files opened with AllocateFile at
2348 : * transaction commit or abort; this prevents FD leakage if a routine
2349 : * that calls AllocateFile is terminated prematurely by ereport(ERROR).
2350 : *
2351 : * Ideally this should be the *only* direct call of fopen() in the backend.
2352 : */
2353 : FILE *
2354 96110 : AllocateFile(const char *name, const char *mode)
2355 : {
2356 : FILE *file;
2357 :
2358 : DO_DB(elog(LOG, "AllocateFile: Allocated %d (%s)",
2359 : numAllocatedDescs, name));
2360 :
2361 : /* Can we allocate another non-virtual FD? */
2362 96110 : if (!reserveAllocatedDesc())
2363 0 : ereport(ERROR,
2364 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
2365 : errmsg("exceeded maxAllocatedDescs (%d) while trying to open file \"%s\"",
2366 : maxAllocatedDescs, name)));
2367 :
2368 : /* Close excess kernel FDs. */
2369 96110 : ReleaseLruFiles();
2370 :
2371 96110 : TryAgain:
2372 96110 : if ((file = fopen(name, mode)) != NULL)
2373 : {
2374 86124 : AllocateDesc *desc = &allocatedDescs[numAllocatedDescs];
2375 :
2376 86124 : desc->kind = AllocateDescFile;
2377 86124 : desc->desc.file = file;
2378 86124 : desc->create_subid = GetCurrentSubTransactionId();
2379 86124 : numAllocatedDescs++;
2380 86124 : return desc->desc.file;
2381 : }
2382 :
2383 9986 : if (errno == EMFILE || errno == ENFILE)
2384 : {
2385 0 : int save_errno = errno;
2386 :
2387 0 : ereport(LOG,
2388 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
2389 : errmsg("out of file descriptors: %m; release and retry")));
2390 0 : errno = 0;
2391 0 : if (ReleaseLruFile())
2392 0 : goto TryAgain;
2393 0 : errno = save_errno;
2394 : }
2395 :
2396 9986 : return NULL;
2397 : }
2398 :
2399 : /*
2400 : * Open a file with OpenTransientFilePerm() and pass default file mode for
2401 : * the fileMode parameter.
2402 : */
2403 : int
2404 864950 : OpenTransientFile(const char *fileName, int fileFlags)
2405 : {
2406 864950 : return OpenTransientFilePerm(fileName, fileFlags, pg_file_create_mode);
2407 : }
2408 :
2409 : /*
2410 : * Like AllocateFile, but returns an unbuffered fd like open(2)
2411 : */
2412 : int
2413 864954 : OpenTransientFilePerm(const char *fileName, int fileFlags, mode_t fileMode)
2414 : {
2415 : int fd;
2416 :
2417 : DO_DB(elog(LOG, "OpenTransientFile: Allocated %d (%s)",
2418 : numAllocatedDescs, fileName));
2419 :
2420 : /* Can we allocate another non-virtual FD? */
2421 864954 : if (!reserveAllocatedDesc())
2422 0 : ereport(ERROR,
2423 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
2424 : errmsg("exceeded maxAllocatedDescs (%d) while trying to open file \"%s\"",
2425 : maxAllocatedDescs, fileName)));
2426 :
2427 : /* Close excess kernel FDs. */
2428 864954 : ReleaseLruFiles();
2429 :
2430 864954 : fd = BasicOpenFilePerm(fileName, fileFlags, fileMode);
2431 :
2432 864954 : if (fd >= 0)
2433 : {
2434 863934 : AllocateDesc *desc = &allocatedDescs[numAllocatedDescs];
2435 :
2436 863934 : desc->kind = AllocateDescRawFD;
2437 863934 : desc->desc.fd = fd;
2438 863934 : desc->create_subid = GetCurrentSubTransactionId();
2439 863934 : numAllocatedDescs++;
2440 :
2441 863934 : return fd;
2442 : }
2443 :
2444 1020 : return -1; /* failure */
2445 : }
2446 :
2447 : /*
2448 : * Routines that want to initiate a pipe stream should use OpenPipeStream
2449 : * rather than plain popen(). This lets fd.c deal with freeing FDs if
2450 : * necessary. When done, call ClosePipeStream rather than pclose.
2451 : *
2452 : * This function also ensures that the popen'd program is run with default
2453 : * SIGPIPE processing, rather than the SIG_IGN setting the backend normally
2454 : * uses. This ensures desirable response to, eg, closing a read pipe early.
2455 : */
2456 : FILE *
2457 418 : OpenPipeStream(const char *command, const char *mode)
2458 : {
2459 : FILE *file;
2460 : int save_errno;
2461 :
2462 : DO_DB(elog(LOG, "OpenPipeStream: Allocated %d (%s)",
2463 : numAllocatedDescs, command));
2464 :
2465 : /* Can we allocate another non-virtual FD? */
2466 418 : if (!reserveAllocatedDesc())
2467 0 : ereport(ERROR,
2468 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
2469 : errmsg("exceeded maxAllocatedDescs (%d) while trying to execute command \"%s\"",
2470 : maxAllocatedDescs, command)));
2471 :
2472 : /* Close excess kernel FDs. */
2473 418 : ReleaseLruFiles();
2474 :
2475 418 : TryAgain:
2476 418 : fflush(stdout);
2477 418 : fflush(stderr);
2478 418 : pqsignal(SIGPIPE, SIG_DFL);
2479 418 : errno = 0;
2480 418 : file = popen(command, mode);
2481 418 : save_errno = errno;
2482 418 : pqsignal(SIGPIPE, SIG_IGN);
2483 418 : errno = save_errno;
2484 418 : if (file != NULL)
2485 : {
2486 418 : AllocateDesc *desc = &allocatedDescs[numAllocatedDescs];
2487 :
2488 418 : desc->kind = AllocateDescPipe;
2489 418 : desc->desc.file = file;
2490 418 : desc->create_subid = GetCurrentSubTransactionId();
2491 418 : numAllocatedDescs++;
2492 418 : return desc->desc.file;
2493 : }
2494 :
2495 0 : if (errno == EMFILE || errno == ENFILE)
2496 : {
2497 0 : ereport(LOG,
2498 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
2499 : errmsg("out of file descriptors: %m; release and retry")));
2500 0 : if (ReleaseLruFile())
2501 0 : goto TryAgain;
2502 0 : errno = save_errno;
2503 : }
2504 :
2505 0 : return NULL;
2506 : }
2507 :
2508 : /*
2509 : * Free an AllocateDesc of any type.
2510 : *
2511 : * The argument *must* point into the allocatedDescs[] array.
2512 : */
2513 : static int
2514 1006918 : FreeDesc(AllocateDesc *desc)
2515 : {
2516 : int result;
2517 :
2518 : /* Close the underlying object */
2519 1006918 : switch (desc->kind)
2520 : {
2521 86124 : case AllocateDescFile:
2522 86124 : result = fclose(desc->desc.file);
2523 86124 : break;
2524 418 : case AllocateDescPipe:
2525 418 : result = pclose(desc->desc.file);
2526 418 : break;
2527 56442 : case AllocateDescDir:
2528 56442 : result = closedir(desc->desc.dir);
2529 56442 : break;
2530 863934 : case AllocateDescRawFD:
2531 863934 : result = close(desc->desc.fd);
2532 863934 : break;
2533 0 : default:
2534 0 : elog(ERROR, "AllocateDesc kind not recognized");
2535 : result = 0; /* keep compiler quiet */
2536 : break;
2537 : }
2538 :
2539 : /* Compact storage in the allocatedDescs array */
2540 1006918 : numAllocatedDescs--;
2541 1006918 : *desc = allocatedDescs[numAllocatedDescs];
2542 :
2543 1006918 : return result;
2544 : }
2545 :
2546 : /*
2547 : * Close a file returned by AllocateFile.
2548 : *
2549 : * Note we do not check fclose's return value --- it is up to the caller
2550 : * to handle close errors.
2551 : */
2552 : int
2553 86112 : FreeFile(FILE *file)
2554 : {
2555 : int i;
2556 :
2557 : DO_DB(elog(LOG, "FreeFile: Allocated %d", numAllocatedDescs));
2558 :
2559 : /* Remove file from list of allocated files, if it's present */
2560 86114 : for (i = numAllocatedDescs; --i >= 0;)
2561 : {
2562 86114 : AllocateDesc *desc = &allocatedDescs[i];
2563 :
2564 86114 : if (desc->kind == AllocateDescFile && desc->desc.file == file)
2565 86112 : return FreeDesc(desc);
2566 : }
2567 :
2568 : /* Only get here if someone passes us a file not in allocatedDescs */
2569 0 : elog(WARNING, "file passed to FreeFile was not obtained from AllocateFile");
2570 :
2571 0 : return fclose(file);
2572 : }
2573 :
2574 : /*
2575 : * Close a file returned by OpenTransientFile.
2576 : *
2577 : * Note we do not check close's return value --- it is up to the caller
2578 : * to handle close errors.
2579 : */
2580 : int
2581 863928 : CloseTransientFile(int fd)
2582 : {
2583 : int i;
2584 :
2585 : DO_DB(elog(LOG, "CloseTransientFile: Allocated %d", numAllocatedDescs));
2586 :
2587 : /* Remove fd from list of allocated files, if it's present */
2588 863928 : for (i = numAllocatedDescs; --i >= 0;)
2589 : {
2590 863928 : AllocateDesc *desc = &allocatedDescs[i];
2591 :
2592 863928 : if (desc->kind == AllocateDescRawFD && desc->desc.fd == fd)
2593 863928 : return FreeDesc(desc);
2594 : }
2595 :
2596 : /* Only get here if someone passes us a file not in allocatedDescs */
2597 0 : elog(WARNING, "fd passed to CloseTransientFile was not obtained from OpenTransientFile");
2598 :
2599 0 : return close(fd);
2600 : }
2601 :
2602 : /*
2603 : * Routines that want to use <dirent.h> (ie, DIR*) should use AllocateDir
2604 : * rather than plain opendir(). This lets fd.c deal with freeing FDs if
2605 : * necessary to open the directory, and with closing it after an elog.
2606 : * When done, call FreeDir rather than closedir.
2607 : *
2608 : * Returns NULL, with errno set, on failure. Note that failure detection
2609 : * is commonly left to the following call of ReadDir or ReadDirExtended;
2610 : * see the comments for ReadDir.
2611 : *
2612 : * Ideally this should be the *only* direct call of opendir() in the backend.
2613 : */
2614 : DIR *
2615 57254 : AllocateDir(const char *dirname)
2616 : {
2617 : DIR *dir;
2618 :
2619 : DO_DB(elog(LOG, "AllocateDir: Allocated %d (%s)",
2620 : numAllocatedDescs, dirname));
2621 :
2622 : /* Can we allocate another non-virtual FD? */
2623 57254 : if (!reserveAllocatedDesc())
2624 0 : ereport(ERROR,
2625 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
2626 : errmsg("exceeded maxAllocatedDescs (%d) while trying to open directory \"%s\"",
2627 : maxAllocatedDescs, dirname)));
2628 :
2629 : /* Close excess kernel FDs. */
2630 57254 : ReleaseLruFiles();
2631 :
2632 57254 : TryAgain:
2633 57254 : if ((dir = opendir(dirname)) != NULL)
2634 : {
2635 56442 : AllocateDesc *desc = &allocatedDescs[numAllocatedDescs];
2636 :
2637 56442 : desc->kind = AllocateDescDir;
2638 56442 : desc->desc.dir = dir;
2639 56442 : desc->create_subid = GetCurrentSubTransactionId();
2640 56442 : numAllocatedDescs++;
2641 56442 : return desc->desc.dir;
2642 : }
2643 :
2644 812 : if (errno == EMFILE || errno == ENFILE)
2645 : {
2646 0 : int save_errno = errno;
2647 :
2648 0 : ereport(LOG,
2649 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
2650 : errmsg("out of file descriptors: %m; release and retry")));
2651 0 : errno = 0;
2652 0 : if (ReleaseLruFile())
2653 0 : goto TryAgain;
2654 0 : errno = save_errno;
2655 : }
2656 :
2657 812 : return NULL;
2658 : }
2659 :
2660 : /*
2661 : * Read a directory opened with AllocateDir, ereport'ing any error.
2662 : *
2663 : * This is easier to use than raw readdir() since it takes care of some
2664 : * otherwise rather tedious and error-prone manipulation of errno. Also,
2665 : * if you are happy with a generic error message for AllocateDir failure,
2666 : * you can just do
2667 : *
2668 : * dir = AllocateDir(path);
2669 : * while ((dirent = ReadDir(dir, path)) != NULL)
2670 : * process dirent;
2671 : * FreeDir(dir);
2672 : *
2673 : * since a NULL dir parameter is taken as indicating AllocateDir failed.
2674 : * (Make sure errno isn't changed between AllocateDir and ReadDir if you
2675 : * use this shortcut.)
2676 : *
2677 : * The pathname passed to AllocateDir must be passed to this routine too,
2678 : * but it is only used for error reporting.
2679 : */
2680 : struct dirent *
2681 1386340 : ReadDir(DIR *dir, const char *dirname)
2682 : {
2683 1386340 : return ReadDirExtended(dir, dirname, ERROR);
2684 : }
2685 :
2686 : /*
2687 : * Alternate version of ReadDir that allows caller to specify the elevel
2688 : * for any error report (whether it's reporting an initial failure of
2689 : * AllocateDir or a subsequent directory read failure).
2690 : *
2691 : * If elevel < ERROR, returns NULL after any error. With the normal coding
2692 : * pattern, this will result in falling out of the loop immediately as
2693 : * though the directory contained no (more) entries.
2694 : */
2695 : struct dirent *
2696 2524862 : ReadDirExtended(DIR *dir, const char *dirname, int elevel)
2697 : {
2698 : struct dirent *dent;
2699 :
2700 : /* Give a generic message for AllocateDir failure, if caller didn't */
2701 2524862 : if (dir == NULL)
2702 : {
2703 0 : ereport(elevel,
2704 : (errcode_for_file_access(),
2705 : errmsg("could not open directory \"%s\": %m",
2706 : dirname)));
2707 0 : return NULL;
2708 : }
2709 :
2710 2524862 : errno = 0;
2711 2524862 : if ((dent = readdir(dir)) != NULL)
2712 2479064 : return dent;
2713 :
2714 45798 : if (errno)
2715 0 : ereport(elevel,
2716 : (errcode_for_file_access(),
2717 : errmsg("could not read directory \"%s\": %m",
2718 : dirname)));
2719 45798 : return NULL;
2720 : }
2721 :
2722 : /*
2723 : * Close a directory opened with AllocateDir.
2724 : *
2725 : * Returns closedir's return value (with errno set if it's not 0).
2726 : * Note we do not check the return value --- it is up to the caller
2727 : * to handle close errors if wanted.
2728 : *
2729 : * Does nothing if dir == NULL; we assume that directory open failure was
2730 : * already reported if desired.
2731 : */
2732 : int
2733 56430 : FreeDir(DIR *dir)
2734 : {
2735 : int i;
2736 :
2737 : /* Nothing to do if AllocateDir failed */
2738 56430 : if (dir == NULL)
2739 0 : return 0;
2740 :
2741 : DO_DB(elog(LOG, "FreeDir: Allocated %d", numAllocatedDescs));
2742 :
2743 : /* Remove dir from list of allocated dirs, if it's present */
2744 56430 : for (i = numAllocatedDescs; --i >= 0;)
2745 : {
2746 56430 : AllocateDesc *desc = &allocatedDescs[i];
2747 :
2748 56430 : if (desc->kind == AllocateDescDir && desc->desc.dir == dir)
2749 56430 : return FreeDesc(desc);
2750 : }
2751 :
2752 : /* Only get here if someone passes us a dir not in allocatedDescs */
2753 0 : elog(WARNING, "dir passed to FreeDir was not obtained from AllocateDir");
2754 :
2755 0 : return closedir(dir);
2756 : }
2757 :
2758 :
2759 : /*
2760 : * Close a pipe stream returned by OpenPipeStream.
2761 : */
2762 : int
2763 418 : ClosePipeStream(FILE *file)
2764 : {
2765 : int i;
2766 :
2767 : DO_DB(elog(LOG, "ClosePipeStream: Allocated %d", numAllocatedDescs));
2768 :
2769 : /* Remove file from list of allocated files, if it's present */
2770 418 : for (i = numAllocatedDescs; --i >= 0;)
2771 : {
2772 418 : AllocateDesc *desc = &allocatedDescs[i];
2773 :
2774 418 : if (desc->kind == AllocateDescPipe && desc->desc.file == file)
2775 418 : return FreeDesc(desc);
2776 : }
2777 :
2778 : /* Only get here if someone passes us a file not in allocatedDescs */
2779 0 : elog(WARNING, "file passed to ClosePipeStream was not obtained from OpenPipeStream");
2780 :
2781 0 : return pclose(file);
2782 : }
2783 :
2784 : /*
2785 : * closeAllVfds
2786 : *
2787 : * Force all VFDs into the physically-closed state, so that the fewest
2788 : * possible number of kernel file descriptors are in use. There is no
2789 : * change in the logical state of the VFDs.
2790 : */
2791 : void
2792 20 : closeAllVfds(void)
2793 : {
2794 : Index i;
2795 :
2796 20 : if (SizeVfdCache > 0)
2797 : {
2798 : Assert(FileIsNotOpen(0)); /* Make sure ring not corrupted */
2799 640 : for (i = 1; i < SizeVfdCache; i++)
2800 : {
2801 620 : if (!FileIsNotOpen(i))
2802 32 : LruDelete(i);
2803 : }
2804 : }
2805 20 : }
2806 :
2807 :
2808 : /*
2809 : * SetTempTablespaces
2810 : *
2811 : * Define a list (actually an array) of OIDs of tablespaces to use for
2812 : * temporary files. This list will be used until end of transaction,
2813 : * unless this function is called again before then. It is caller's
2814 : * responsibility that the passed-in array has adequate lifespan (typically
2815 : * it'd be allocated in TopTransactionContext).
2816 : *
2817 : * Some entries of the array may be InvalidOid, indicating that the current
2818 : * database's default tablespace should be used.
2819 : */
2820 : void
2821 4704 : SetTempTablespaces(Oid *tableSpaces, int numSpaces)
2822 : {
2823 : Assert(numSpaces >= 0);
2824 4704 : tempTableSpaces = tableSpaces;
2825 4704 : numTempTableSpaces = numSpaces;
2826 :
2827 : /*
2828 : * Select a random starting point in the list. This is to minimize
2829 : * conflicts between backends that are most likely sharing the same list
2830 : * of temp tablespaces. Note that if we create multiple temp files in the
2831 : * same transaction, we'll advance circularly through the list --- this
2832 : * ensures that large temporary sort files are nicely spread across all
2833 : * available tablespaces.
2834 : */
2835 4704 : if (numSpaces > 1)
2836 0 : nextTempTableSpace = random() % numSpaces;
2837 : else
2838 4704 : nextTempTableSpace = 0;
2839 4704 : }
2840 :
2841 : /*
2842 : * TempTablespacesAreSet
2843 : *
2844 : * Returns true if SetTempTablespaces has been called in current transaction.
2845 : * (This is just so that tablespaces.c doesn't need its own per-transaction
2846 : * state.)
2847 : */
2848 : bool
2849 5036 : TempTablespacesAreSet(void)
2850 : {
2851 5036 : return (numTempTableSpaces >= 0);
2852 : }
2853 :
2854 : /*
2855 : * GetTempTablespaces
2856 : *
2857 : * Populate an array with the OIDs of the tablespaces that should be used for
2858 : * temporary files. (Some entries may be InvalidOid, indicating that the
2859 : * current database's default tablespace should be used.) At most numSpaces
2860 : * entries will be filled.
2861 : * Returns the number of OIDs that were copied into the output array.
2862 : */
2863 : int
2864 224 : GetTempTablespaces(Oid *tableSpaces, int numSpaces)
2865 : {
2866 : int i;
2867 :
2868 : Assert(TempTablespacesAreSet());
2869 224 : for (i = 0; i < numTempTableSpaces && i < numSpaces; ++i)
2870 0 : tableSpaces[i] = tempTableSpaces[i];
2871 :
2872 224 : return i;
2873 : }
2874 :
2875 : /*
2876 : * GetNextTempTableSpace
2877 : *
2878 : * Select the next temp tablespace to use. A result of InvalidOid means
2879 : * to use the current database's default tablespace.
2880 : */
2881 : Oid
2882 2338 : GetNextTempTableSpace(void)
2883 : {
2884 2338 : if (numTempTableSpaces > 0)
2885 : {
2886 : /* Advance nextTempTableSpace counter with wraparound */
2887 0 : if (++nextTempTableSpace >= numTempTableSpaces)
2888 0 : nextTempTableSpace = 0;
2889 0 : return tempTableSpaces[nextTempTableSpace];
2890 : }
2891 2338 : return InvalidOid;
2892 : }
2893 :
2894 :
2895 : /*
2896 : * AtEOSubXact_Files
2897 : *
2898 : * Take care of subtransaction commit/abort. At abort, we close temp files
2899 : * that the subtransaction may have opened. At commit, we reassign the
2900 : * files that were opened to the parent subtransaction.
2901 : */
2902 : void
2903 8058 : AtEOSubXact_Files(bool isCommit, SubTransactionId mySubid,
2904 : SubTransactionId parentSubid)
2905 : {
2906 : Index i;
2907 :
2908 8058 : for (i = 0; i < numAllocatedDescs; i++)
2909 : {
2910 0 : if (allocatedDescs[i].create_subid == mySubid)
2911 : {
2912 0 : if (isCommit)
2913 0 : allocatedDescs[i].create_subid = parentSubid;
2914 : else
2915 : {
2916 : /* have to recheck the item after FreeDesc (ugly) */
2917 0 : FreeDesc(&allocatedDescs[i--]);
2918 : }
2919 : }
2920 : }
2921 8058 : }
2922 :
2923 : /*
2924 : * AtEOXact_Files
2925 : *
2926 : * This routine is called during transaction commit or abort. All still-open
2927 : * per-transaction temporary file VFDs are closed, which also causes the
2928 : * underlying files to be deleted (although they should've been closed already
2929 : * by the ResourceOwner cleanup). Furthermore, all "allocated" stdio files are
2930 : * closed. We also forget any transaction-local temp tablespace list.
2931 : *
2932 : * The isCommit flag is used only to decide whether to emit warnings about
2933 : * unclosed files.
2934 : */
2935 : void
2936 561488 : AtEOXact_Files(bool isCommit)
2937 : {
2938 561488 : CleanupTempFiles(isCommit, false);
2939 561488 : tempTableSpaces = NULL;
2940 561488 : numTempTableSpaces = -1;
2941 561488 : }
2942 :
2943 : /*
2944 : * AtProcExit_Files
2945 : *
2946 : * on_proc_exit hook to clean up temp files during backend shutdown.
2947 : * Here, we want to clean up *all* temp files including interXact ones.
2948 : */
2949 : static void
2950 15748 : AtProcExit_Files(int code, Datum arg)
2951 : {
2952 15748 : CleanupTempFiles(false, true);
2953 15748 : }
2954 :
2955 : /*
2956 : * Close temporary files and delete their underlying files.
2957 : *
2958 : * isCommit: if true, this is normal transaction commit, and we don't
2959 : * expect any remaining files; warn if there are some.
2960 : *
2961 : * isProcExit: if true, this is being called as the backend process is
2962 : * exiting. If that's the case, we should remove all temporary files; if
2963 : * that's not the case, we are being called for transaction commit/abort
2964 : * and should only remove transaction-local temp files. In either case,
2965 : * also clean up "allocated" stdio files, dirs and fds.
2966 : */
2967 : static void
2968 577236 : CleanupTempFiles(bool isCommit, bool isProcExit)
2969 : {
2970 : Index i;
2971 :
2972 : /*
2973 : * Careful here: at proc_exit we need extra cleanup, not just
2974 : * xact_temporary files.
2975 : */
2976 577236 : if (isProcExit || have_xact_temporary_files)
2977 : {
2978 : Assert(FileIsNotOpen(0)); /* Make sure ring not corrupted */
2979 897540 : for (i = 1; i < SizeVfdCache; i++)
2980 : {
2981 880744 : unsigned short fdstate = VfdCache[i].fdstate;
2982 :
2983 880744 : if (((fdstate & FD_DELETE_AT_CLOSE) || (fdstate & FD_CLOSE_AT_EOXACT)) &&
2984 0 : VfdCache[i].fileName != NULL)
2985 : {
2986 : /*
2987 : * If we're in the process of exiting a backend process, close
2988 : * all temporary files. Otherwise, only close temporary files
2989 : * local to the current transaction. They should be closed by
2990 : * the ResourceOwner mechanism already, so this is just a
2991 : * debugging cross-check.
2992 : */
2993 0 : if (isProcExit)
2994 0 : FileClose(i);
2995 0 : else if (fdstate & FD_CLOSE_AT_EOXACT)
2996 : {
2997 0 : elog(WARNING,
2998 : "temporary file %s not closed at end-of-transaction",
2999 : VfdCache[i].fileName);
3000 0 : FileClose(i);
3001 : }
3002 : }
3003 : }
3004 :
3005 16796 : have_xact_temporary_files = false;
3006 : }
3007 :
3008 : /* Complain if any allocated files remain open at commit. */
3009 577236 : if (isCommit && numAllocatedDescs > 0)
3010 0 : elog(WARNING, "%d temporary files and directories not closed at end-of-transaction",
3011 : numAllocatedDescs);
3012 :
3013 : /* Clean up "allocated" stdio files, dirs and fds. */
3014 577266 : while (numAllocatedDescs > 0)
3015 30 : FreeDesc(&allocatedDescs[0]);
3016 577236 : }
3017 :
3018 :
3019 : /*
3020 : * Remove temporary and temporary relation files left over from a prior
3021 : * postmaster session
3022 : *
3023 : * This should be called during postmaster startup. It will forcibly
3024 : * remove any leftover files created by OpenTemporaryFile and any leftover
3025 : * temporary relation files created by mdcreate.
3026 : *
3027 : * NOTE: we could, but don't, call this during a post-backend-crash restart
3028 : * cycle. The argument for not doing it is that someone might want to examine
3029 : * the temp files for debugging purposes. This does however mean that
3030 : * OpenTemporaryFile had better allow for collision with an existing temp
3031 : * file name.
3032 : *
3033 : * NOTE: this function and its subroutines generally report syscall failures
3034 : * with ereport(LOG) and keep going. Removing temp files is not so critical
3035 : * that we should fail to start the database when we can't do it.
3036 : */
3037 : void
3038 798 : RemovePgTempFiles(void)
3039 : {
3040 : char temp_path[MAXPGPATH + 10 + sizeof(TABLESPACE_VERSION_DIRECTORY) + sizeof(PG_TEMP_FILES_DIR)];
3041 : DIR *spc_dir;
3042 : struct dirent *spc_de;
3043 :
3044 : /*
3045 : * First process temp files in pg_default ($PGDATA/base)
3046 : */
3047 798 : snprintf(temp_path, sizeof(temp_path), "base/%s", PG_TEMP_FILES_DIR);
3048 798 : RemovePgTempFilesInDir(temp_path, true, false);
3049 798 : RemovePgTempRelationFiles("base");
3050 :
3051 : /*
3052 : * Cycle through temp directories for all non-default tablespaces.
3053 : */
3054 798 : spc_dir = AllocateDir("pg_tblspc");
3055 :
3056 2464 : while ((spc_de = ReadDirExtended(spc_dir, "pg_tblspc", LOG)) != NULL)
3057 : {
3058 1666 : if (strcmp(spc_de->d_name, ".") == 0 ||
3059 868 : strcmp(spc_de->d_name, "..") == 0)
3060 1596 : continue;
3061 :
3062 70 : snprintf(temp_path, sizeof(temp_path), "pg_tblspc/%s/%s/%s",
3063 70 : spc_de->d_name, TABLESPACE_VERSION_DIRECTORY, PG_TEMP_FILES_DIR);
3064 70 : RemovePgTempFilesInDir(temp_path, true, false);
3065 :
3066 70 : snprintf(temp_path, sizeof(temp_path), "pg_tblspc/%s/%s",
3067 70 : spc_de->d_name, TABLESPACE_VERSION_DIRECTORY);
3068 70 : RemovePgTempRelationFiles(temp_path);
3069 : }
3070 :
3071 798 : FreeDir(spc_dir);
3072 :
3073 : /*
3074 : * In EXEC_BACKEND case there is a pgsql_tmp directory at the top level of
3075 : * DataDir as well. However, that is *not* cleaned here because doing so
3076 : * would create a race condition. It's done separately, earlier in
3077 : * postmaster startup.
3078 : */
3079 798 : }
3080 :
3081 : /*
3082 : * Process one pgsql_tmp directory for RemovePgTempFiles.
3083 : *
3084 : * If missing_ok is true, it's all right for the named directory to not exist.
3085 : * Any other problem results in a LOG message. (missing_ok should be true at
3086 : * the top level, since pgsql_tmp directories are not created until needed.)
3087 : *
3088 : * At the top level, this should be called with unlink_all = false, so that
3089 : * only files matching the temporary name prefix will be unlinked. When
3090 : * recursing it will be called with unlink_all = true to unlink everything
3091 : * under a top-level temporary directory.
3092 : *
3093 : * (These two flags could be replaced by one, but it seems clearer to keep
3094 : * them separate.)
3095 : */
3096 : void
3097 868 : RemovePgTempFilesInDir(const char *tmpdirname, bool missing_ok, bool unlink_all)
3098 : {
3099 : DIR *temp_dir;
3100 : struct dirent *temp_de;
3101 : char rm_path[MAXPGPATH * 2];
3102 :
3103 868 : temp_dir = AllocateDir(tmpdirname);
3104 :
3105 868 : if (temp_dir == NULL && errno == ENOENT && missing_ok)
3106 812 : return;
3107 :
3108 168 : while ((temp_de = ReadDirExtended(temp_dir, tmpdirname, LOG)) != NULL)
3109 : {
3110 112 : if (strcmp(temp_de->d_name, ".") == 0 ||
3111 56 : strcmp(temp_de->d_name, "..") == 0)
3112 112 : continue;
3113 :
3114 0 : snprintf(rm_path, sizeof(rm_path), "%s/%s",
3115 0 : tmpdirname, temp_de->d_name);
3116 :
3117 0 : if (unlink_all ||
3118 0 : strncmp(temp_de->d_name,
3119 : PG_TEMP_FILE_PREFIX,
3120 : strlen(PG_TEMP_FILE_PREFIX)) == 0)
3121 0 : {
3122 : struct stat statbuf;
3123 :
3124 0 : if (lstat(rm_path, &statbuf) < 0)
3125 : {
3126 0 : ereport(LOG,
3127 : (errcode_for_file_access(),
3128 : errmsg("could not stat file \"%s\": %m", rm_path)));
3129 0 : continue;
3130 : }
3131 :
3132 0 : if (S_ISDIR(statbuf.st_mode))
3133 : {
3134 : /* recursively remove contents, then directory itself */
3135 0 : RemovePgTempFilesInDir(rm_path, false, true);
3136 :
3137 0 : if (rmdir(rm_path) < 0)
3138 0 : ereport(LOG,
3139 : (errcode_for_file_access(),
3140 : errmsg("could not remove directory \"%s\": %m",
3141 : rm_path)));
3142 : }
3143 : else
3144 : {
3145 0 : if (unlink(rm_path) < 0)
3146 0 : ereport(LOG,
3147 : (errcode_for_file_access(),
3148 : errmsg("could not remove file \"%s\": %m",
3149 : rm_path)));
3150 : }
3151 : }
3152 : else
3153 0 : ereport(LOG,
3154 : (errmsg("unexpected file found in temporary-files directory: \"%s\"",
3155 : rm_path)));
3156 : }
3157 :
3158 56 : FreeDir(temp_dir);
3159 : }
3160 :
3161 : /* Process one tablespace directory, look for per-DB subdirectories */
3162 : static void
3163 868 : RemovePgTempRelationFiles(const char *tsdirname)
3164 : {
3165 : DIR *ts_dir;
3166 : struct dirent *de;
3167 : char dbspace_path[MAXPGPATH * 2];
3168 :
3169 868 : ts_dir = AllocateDir(tsdirname);
3170 :
3171 5220 : while ((de = ReadDirExtended(ts_dir, tsdirname, LOG)) != NULL)
3172 : {
3173 : /*
3174 : * We're only interested in the per-database directories, which have
3175 : * numeric names. Note that this code will also (properly) ignore "."
3176 : * and "..".
3177 : */
3178 4352 : if (strspn(de->d_name, "0123456789") != strlen(de->d_name))
3179 1792 : continue;
3180 :
3181 2560 : snprintf(dbspace_path, sizeof(dbspace_path), "%s/%s",
3182 2560 : tsdirname, de->d_name);
3183 2560 : RemovePgTempRelationFilesInDbspace(dbspace_path);
3184 : }
3185 :
3186 868 : FreeDir(ts_dir);
3187 868 : }
3188 :
3189 : /* Process one per-dbspace directory for RemovePgTempRelationFiles */
3190 : static void
3191 2560 : RemovePgTempRelationFilesInDbspace(const char *dbspacedirname)
3192 : {
3193 : DIR *dbspace_dir;
3194 : struct dirent *de;
3195 : char rm_path[MAXPGPATH * 2];
3196 :
3197 2560 : dbspace_dir = AllocateDir(dbspacedirname);
3198 :
3199 748522 : while ((de = ReadDirExtended(dbspace_dir, dbspacedirname, LOG)) != NULL)
3200 : {
3201 745962 : if (!looks_like_temp_rel_name(de->d_name))
3202 745954 : continue;
3203 :
3204 8 : snprintf(rm_path, sizeof(rm_path), "%s/%s",
3205 8 : dbspacedirname, de->d_name);
3206 :
3207 8 : if (unlink(rm_path) < 0)
3208 0 : ereport(LOG,
3209 : (errcode_for_file_access(),
3210 : errmsg("could not remove file \"%s\": %m",
3211 : rm_path)));
3212 : }
3213 :
3214 2560 : FreeDir(dbspace_dir);
3215 2560 : }
3216 :
3217 : /* t<digits>_<digits>, or t<digits>_<digits>_<forkname> */
3218 : bool
3219 1011568 : looks_like_temp_rel_name(const char *name)
3220 : {
3221 : int pos;
3222 : int savepos;
3223 :
3224 : /* Must start with "t". */
3225 1011568 : if (name[0] != 't')
3226 1011488 : return false;
3227 :
3228 : /* Followed by a non-empty string of digits and then an underscore. */
3229 392 : for (pos = 1; isdigit((unsigned char) name[pos]); ++pos)
3230 : ;
3231 80 : if (pos == 1 || name[pos] != '_')
3232 0 : return false;
3233 :
3234 : /* Followed by another nonempty string of digits. */
3235 392 : for (savepos = ++pos; isdigit((unsigned char) name[pos]); ++pos)
3236 : ;
3237 80 : if (savepos == pos)
3238 0 : return false;
3239 :
3240 : /* We might have _forkname or .segment or both. */
3241 80 : if (name[pos] == '_')
3242 : {
3243 40 : int forkchar = forkname_chars(&name[pos + 1], NULL);
3244 :
3245 40 : if (forkchar <= 0)
3246 0 : return false;
3247 40 : pos += forkchar + 1;
3248 : }
3249 80 : if (name[pos] == '.')
3250 : {
3251 : int segchar;
3252 :
3253 80 : for (segchar = 1; isdigit((unsigned char) name[pos + segchar]); ++segchar)
3254 : ;
3255 40 : if (segchar <= 1)
3256 0 : return false;
3257 40 : pos += segchar;
3258 : }
3259 :
3260 : /* Now we should be at the end. */
3261 80 : if (name[pos] != '\0')
3262 0 : return false;
3263 80 : return true;
3264 : }
3265 :
3266 :
3267 : /*
3268 : * Issue fsync recursively on PGDATA and all its contents.
3269 : *
3270 : * We fsync regular files and directories wherever they are, but we
3271 : * follow symlinks only for pg_wal and immediately under pg_tblspc.
3272 : * Other symlinks are presumed to point at files we're not responsible
3273 : * for fsyncing, and might not have privileges to write at all.
3274 : *
3275 : * Errors are logged but not considered fatal; that's because this is used
3276 : * only during database startup, to deal with the possibility that there are
3277 : * issued-but-unsynced writes pending against the data directory. We want to
3278 : * ensure that such writes reach disk before anything that's done in the new
3279 : * run. However, aborting on error would result in failure to start for
3280 : * harmless cases such as read-only files in the data directory, and that's
3281 : * not good either.
3282 : *
3283 : * Note that if we previously crashed due to a PANIC on fsync(), we'll be
3284 : * rewriting all changes again during recovery.
3285 : *
3286 : * Note we assume we're chdir'd into PGDATA to begin with.
3287 : */
3288 : void
3289 186 : SyncDataDirectory(void)
3290 : {
3291 : bool xlog_is_symlink;
3292 :
3293 : /* We can skip this whole thing if fsync is disabled. */
3294 186 : if (!enableFsync)
3295 184 : return;
3296 :
3297 : /*
3298 : * If pg_wal is a symlink, we'll need to recurse into it separately,
3299 : * because the first walkdir below will ignore it.
3300 : */
3301 2 : xlog_is_symlink = false;
3302 :
3303 : #ifndef WIN32
3304 : {
3305 : struct stat st;
3306 :
3307 2 : if (lstat("pg_wal", &st) < 0)
3308 0 : ereport(LOG,
3309 : (errcode_for_file_access(),
3310 : errmsg("could not stat file \"%s\": %m",
3311 : "pg_wal")));
3312 2 : else if (S_ISLNK(st.st_mode))
3313 0 : xlog_is_symlink = true;
3314 : }
3315 : #else
3316 : if (pgwin32_is_junction("pg_wal"))
3317 : xlog_is_symlink = true;
3318 : #endif
3319 :
3320 : /*
3321 : * If possible, hint to the kernel that we're soon going to fsync the data
3322 : * directory and its contents. Errors in this step are even less
3323 : * interesting than normal, so log them only at DEBUG1.
3324 : */
3325 : #ifdef PG_FLUSH_DATA_WORKS
3326 2 : walkdir(".", pre_sync_fname, false, DEBUG1);
3327 2 : if (xlog_is_symlink)
3328 0 : walkdir("pg_wal", pre_sync_fname, false, DEBUG1);
3329 2 : walkdir("pg_tblspc", pre_sync_fname, true, DEBUG1);
3330 : #endif
3331 :
3332 : /*
3333 : * Now we do the fsync()s in the same order.
3334 : *
3335 : * The main call ignores symlinks, so in addition to specially processing
3336 : * pg_wal if it's a symlink, pg_tblspc has to be visited separately with
3337 : * process_symlinks = true. Note that if there are any plain directories
3338 : * in pg_tblspc, they'll get fsync'd twice. That's not an expected case
3339 : * so we don't worry about optimizing it.
3340 : */
3341 2 : walkdir(".", datadir_fsync_fname, false, LOG);
3342 2 : if (xlog_is_symlink)
3343 0 : walkdir("pg_wal", datadir_fsync_fname, false, LOG);
3344 2 : walkdir("pg_tblspc", datadir_fsync_fname, true, LOG);
3345 : }
3346 :
3347 : /*
3348 : * walkdir: recursively walk a directory, applying the action to each
3349 : * regular file and directory (including the named directory itself).
3350 : *
3351 : * If process_symlinks is true, the action and recursion are also applied
3352 : * to regular files and directories that are pointed to by symlinks in the
3353 : * given directory; otherwise symlinks are ignored. Symlinks are always
3354 : * ignored in subdirectories, ie we intentionally don't pass down the
3355 : * process_symlinks flag to recursive calls.
3356 : *
3357 : * Errors are reported at level elevel, which might be ERROR or less.
3358 : *
3359 : * See also walkdir in file_utils.c, which is a frontend version of this
3360 : * logic.
3361 : */
3362 : static void
3363 324 : walkdir(const char *path,
3364 : void (*action) (const char *fname, bool isdir, int elevel),
3365 : bool process_symlinks,
3366 : int elevel)
3367 : {
3368 : DIR *dir;
3369 : struct dirent *de;
3370 :
3371 324 : dir = AllocateDir(path);
3372 :
3373 6296 : while ((de = ReadDirExtended(dir, path, elevel)) != NULL)
3374 : {
3375 : char subpath[MAXPGPATH * 2];
3376 :
3377 5972 : CHECK_FOR_INTERRUPTS();
3378 :
3379 5972 : if (strcmp(de->d_name, ".") == 0 ||
3380 5648 : strcmp(de->d_name, "..") == 0)
3381 648 : continue;
3382 :
3383 5324 : snprintf(subpath, sizeof(subpath), "%s/%s", path, de->d_name);
3384 :
3385 5324 : switch (get_dirent_type(subpath, de, process_symlinks, elevel))
3386 : {
3387 5224 : case PGFILETYPE_REG:
3388 5224 : (*action) (subpath, false, elevel);
3389 5224 : break;
3390 100 : case PGFILETYPE_DIR:
3391 100 : walkdir(subpath, action, false, elevel);
3392 100 : break;
3393 0 : default:
3394 :
3395 : /*
3396 : * Errors are already reported directly by get_dirent_type(),
3397 : * and any remaining symlinks and unknown file types are
3398 : * ignored.
3399 : */
3400 0 : break;
3401 : }
3402 : }
3403 :
3404 324 : FreeDir(dir); /* we ignore any error here */
3405 :
3406 : /*
3407 : * It's important to fsync the destination directory itself as individual
3408 : * file fsyncs don't guarantee that the directory entry for the file is
3409 : * synced. However, skip this if AllocateDir failed; the action function
3410 : * might not be robust against that.
3411 : */
3412 324 : if (dir)
3413 324 : (*action) (path, true, elevel);
3414 324 : }
3415 :
3416 :
3417 : /*
3418 : * Hint to the OS that it should get ready to fsync() this file.
3419 : *
3420 : * Ignores errors trying to open unreadable files, and logs other errors at a
3421 : * caller-specified level.
3422 : */
3423 : #ifdef PG_FLUSH_DATA_WORKS
3424 :
3425 : static void
3426 1938 : pre_sync_fname(const char *fname, bool isdir, int elevel)
3427 : {
3428 : int fd;
3429 :
3430 : /* Don't try to flush directories, it'll likely just fail */
3431 1938 : if (isdir)
3432 54 : return;
3433 :
3434 1884 : fd = OpenTransientFile(fname, O_RDONLY | PG_BINARY);
3435 :
3436 1884 : if (fd < 0)
3437 : {
3438 0 : if (errno == EACCES)
3439 0 : return;
3440 0 : ereport(elevel,
3441 : (errcode_for_file_access(),
3442 : errmsg("could not open file \"%s\": %m", fname)));
3443 0 : return;
3444 : }
3445 :
3446 : /*
3447 : * pg_flush_data() ignores errors, which is ok because this is only a
3448 : * hint.
3449 : */
3450 1884 : pg_flush_data(fd, 0, 0);
3451 :
3452 1884 : if (CloseTransientFile(fd) != 0)
3453 0 : ereport(elevel,
3454 : (errcode_for_file_access(),
3455 : errmsg("could not close file \"%s\": %m", fname)));
3456 : }
3457 :
3458 : #endif /* PG_FLUSH_DATA_WORKS */
3459 :
3460 : static void
3461 1938 : datadir_fsync_fname(const char *fname, bool isdir, int elevel)
3462 : {
3463 : /*
3464 : * We want to silently ignoring errors about unreadable files. Pass that
3465 : * desire on to fsync_fname_ext().
3466 : */
3467 1938 : fsync_fname_ext(fname, isdir, true, elevel);
3468 1938 : }
3469 :
3470 : static void
3471 1672 : unlink_if_exists_fname(const char *fname, bool isdir, int elevel)
3472 : {
3473 1672 : if (isdir)
3474 : {
3475 216 : if (rmdir(fname) != 0 && errno != ENOENT)
3476 0 : ereport(elevel,
3477 : (errcode_for_file_access(),
3478 : errmsg("could not remove directory \"%s\": %m", fname)));
3479 : }
3480 : else
3481 : {
3482 : /* Use PathNameDeleteTemporaryFile to report filesize */
3483 1456 : PathNameDeleteTemporaryFile(fname, false);
3484 : }
3485 1672 : }
3486 :
3487 : /*
3488 : * fsync_fname_ext -- Try to fsync a file or directory
3489 : *
3490 : * If ignore_perm is true, ignore errors upon trying to open unreadable
3491 : * files. Logs other errors at a caller-specified level.
3492 : *
3493 : * Returns 0 if the operation succeeded, -1 otherwise.
3494 : */
3495 : int
3496 41242 : fsync_fname_ext(const char *fname, bool isdir, bool ignore_perm, int elevel)
3497 : {
3498 : int fd;
3499 : int flags;
3500 : int returncode;
3501 :
3502 : /*
3503 : * Some OSs require directories to be opened read-only whereas other
3504 : * systems don't allow us to fsync files opened read-only; so we need both
3505 : * cases here. Using O_RDWR will cause us to fail to fsync files that are
3506 : * not writable by our userid, but we assume that's OK.
3507 : */
3508 41242 : flags = PG_BINARY;
3509 41242 : if (!isdir)
3510 14348 : flags |= O_RDWR;
3511 : else
3512 26894 : flags |= O_RDONLY;
3513 :
3514 41242 : fd = OpenTransientFile(fname, flags);
3515 :
3516 : /*
3517 : * Some OSs don't allow us to open directories at all (Windows returns
3518 : * EACCES), just ignore the error in that case. If desired also silently
3519 : * ignoring errors about unreadable files. Log others.
3520 : */
3521 41242 : if (fd < 0 && isdir && (errno == EISDIR || errno == EACCES))
3522 0 : return 0;
3523 41242 : else if (fd < 0 && ignore_perm && errno == EACCES)
3524 0 : return 0;
3525 41242 : else if (fd < 0)
3526 : {
3527 0 : ereport(elevel,
3528 : (errcode_for_file_access(),
3529 : errmsg("could not open file \"%s\": %m", fname)));
3530 0 : return -1;
3531 : }
3532 :
3533 41242 : returncode = pg_fsync(fd);
3534 :
3535 : /*
3536 : * Some OSes don't allow us to fsync directories at all, so we can ignore
3537 : * those errors. Anything else needs to be logged.
3538 : */
3539 41242 : if (returncode != 0 && !(isdir && (errno == EBADF || errno == EINVAL)))
3540 : {
3541 : int save_errno;
3542 :
3543 : /* close file upon error, might not be in transaction context */
3544 0 : save_errno = errno;
3545 0 : (void) CloseTransientFile(fd);
3546 0 : errno = save_errno;
3547 :
3548 0 : ereport(elevel,
3549 : (errcode_for_file_access(),
3550 : errmsg("could not fsync file \"%s\": %m", fname)));
3551 0 : return -1;
3552 : }
3553 :
3554 41242 : if (CloseTransientFile(fd) != 0)
3555 : {
3556 0 : ereport(elevel,
3557 : (errcode_for_file_access(),
3558 : errmsg("could not close file \"%s\": %m", fname)));
3559 0 : return -1;
3560 : }
3561 :
3562 41242 : return 0;
3563 : }
3564 :
3565 : /*
3566 : * fsync_parent_path -- fsync the parent path of a file or directory
3567 : *
3568 : * This is aimed at making file operations persistent on disk in case of
3569 : * an OS crash or power failure.
3570 : */
3571 : static int
3572 5476 : fsync_parent_path(const char *fname, int elevel)
3573 : {
3574 : char parentpath[MAXPGPATH];
3575 :
3576 5476 : strlcpy(parentpath, fname, MAXPGPATH);
3577 5476 : get_parent_directory(parentpath);
3578 :
3579 : /*
3580 : * get_parent_directory() returns an empty string if the input argument is
3581 : * just a file name (see comments in path.c), so handle that as being the
3582 : * current directory.
3583 : */
3584 5476 : if (strlen(parentpath) == 0)
3585 170 : strlcpy(parentpath, ".", MAXPGPATH);
3586 :
3587 5476 : if (fsync_fname_ext(parentpath, true, false, elevel) != 0)
3588 0 : return -1;
3589 :
3590 5476 : return 0;
3591 : }
3592 :
3593 : /*
3594 : * Create a PostgreSQL data sub-directory
3595 : *
3596 : * The data directory itself, and most of its sub-directories, are created at
3597 : * initdb time, but we do have some occasions when we create directories in
3598 : * the backend (CREATE TABLESPACE, for example). In those cases, we want to
3599 : * make sure that those directories are created consistently. Today, that means
3600 : * making sure that the created directory has the correct permissions, which is
3601 : * what pg_dir_create_mode tracks for us.
3602 : *
3603 : * Note that we also set the umask() based on what we understand the correct
3604 : * permissions to be (see file_perm.c).
3605 : *
3606 : * For permissions other than the default, mkdir() can be used directly, but
3607 : * be sure to consider carefully such cases -- a sub-directory with incorrect
3608 : * permissions in a PostgreSQL data directory could cause backups and other
3609 : * processes to fail.
3610 : */
3611 : int
3612 2002 : MakePGDirectory(const char *directoryName)
3613 : {
3614 2002 : return mkdir(directoryName, pg_dir_create_mode);
3615 : }
3616 :
3617 : /*
3618 : * Return the passed-in error level, or PANIC if data_sync_retry is off.
3619 : *
3620 : * Failure to fsync any data file is cause for immediate panic, unless
3621 : * data_sync_retry is enabled. Data may have been written to the operating
3622 : * system and removed from our buffer pool already, and if we are running on
3623 : * an operating system that forgets dirty data on write-back failure, there
3624 : * may be only one copy of the data remaining: in the WAL. A later attempt to
3625 : * fsync again might falsely report success. Therefore we must not allow any
3626 : * further checkpoints to be attempted. data_sync_retry can in theory be
3627 : * enabled on systems known not to drop dirty buffered data on write-back
3628 : * failure (with the likely outcome that checkpoints will continue to fail
3629 : * until the underlying problem is fixed).
3630 : *
3631 : * Any code that reports a failure from fsync() or related functions should
3632 : * filter the error level with this function.
3633 : */
3634 : int
3635 23056 : data_sync_elevel(int elevel)
3636 : {
3637 23056 : return data_sync_retry ? elevel : PANIC;
3638 : }
3639 :
3640 : /*
3641 : * A convenience wrapper for pg_pwritev() that retries on partial write. If an
3642 : * error is returned, it is unspecified how much has been written.
3643 : */
3644 : ssize_t
3645 41192 : pg_pwritev_with_retry(int fd, const struct iovec *iov, int iovcnt, off_t offset)
3646 : {
3647 : struct iovec iov_copy[PG_IOV_MAX];
3648 41192 : ssize_t sum = 0;
3649 : ssize_t part;
3650 :
3651 : /* We'd better have space to make a copy, in case we need to retry. */
3652 41192 : if (iovcnt > PG_IOV_MAX)
3653 : {
3654 0 : errno = EINVAL;
3655 0 : return -1;
3656 : }
3657 :
3658 : for (;;)
3659 : {
3660 : /* Write as much as we can. */
3661 41192 : part = pg_pwritev(fd, iov, iovcnt, offset);
3662 41192 : if (part < 0)
3663 0 : return -1;
3664 :
3665 : #ifdef SIMULATE_SHORT_WRITE
3666 : part = Min(part, 4096);
3667 : #endif
3668 :
3669 : /* Count our progress. */
3670 41192 : sum += part;
3671 41192 : offset += part;
3672 :
3673 : /* Step over iovecs that are done. */
3674 1359336 : while (iovcnt > 0 && iov->iov_len <= part)
3675 : {
3676 1318144 : part -= iov->iov_len;
3677 1318144 : ++iov;
3678 1318144 : --iovcnt;
3679 : }
3680 :
3681 : /* Are they all done? */
3682 41192 : if (iovcnt == 0)
3683 : {
3684 : /* We don't expect the kernel to write more than requested. */
3685 : Assert(part == 0);
3686 41192 : break;
3687 : }
3688 :
3689 : /*
3690 : * Move whatever's left to the front of our mutable copy and adjust
3691 : * the leading iovec.
3692 : */
3693 : Assert(iovcnt > 0);
3694 0 : memmove(iov_copy, iov, sizeof(*iov) * iovcnt);
3695 : Assert(iov->iov_len > part);
3696 0 : iov_copy[0].iov_base = (char *) iov_copy[0].iov_base + part;
3697 0 : iov_copy[0].iov_len -= part;
3698 0 : iov = iov_copy;
3699 : }
3700 :
3701 41192 : return sum;
3702 : }
|
