Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * dsm.c
4 : * manage dynamic shared memory segments
5 : *
6 : * This file provides a set of services to make programming with dynamic
7 : * shared memory segments more convenient. Unlike the low-level
8 : * facilities provided by dsm_impl.h and dsm_impl.c, mappings and segments
9 : * created using this module will be cleaned up automatically. Mappings
10 : * will be removed when the resource owner under which they were created
11 : * is cleaned up, unless dsm_pin_mapping() is used, in which case they
12 : * have session lifespan. Segments will be removed when there are no
13 : * remaining mappings, or at postmaster shutdown in any case. After a
14 : * hard postmaster crash, remaining segments will be removed, if they
15 : * still exist, at the next postmaster startup.
16 : *
17 : * Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
18 : * Portions Copyright (c) 1994, Regents of the University of California
19 : *
20 : *
21 : * IDENTIFICATION
22 : * src/backend/storage/ipc/dsm.c
23 : *
24 : *-------------------------------------------------------------------------
25 : */
26 :
27 : #include "postgres.h"
28 :
29 : #include <fcntl.h>
30 : #include <unistd.h>
31 : #ifndef WIN32
32 : #include <sys/mman.h>
33 : #endif
34 : #include <sys/stat.h>
35 :
36 : #include "lib/ilist.h"
37 : #include "miscadmin.h"
38 : #include "storage/dsm.h"
39 : #include "storage/ipc.h"
40 : #include "storage/lwlock.h"
41 : #include "storage/pg_shmem.h"
42 : #include "utils/guc.h"
43 : #include "utils/memutils.h"
44 : #include "utils/resowner_private.h"
45 :
46 : #define PG_DYNSHMEM_CONTROL_MAGIC 0x9a503d32
47 :
48 : /*
49 : * There's no point in getting too cheap here, because the minimum allocation
50 : * is one OS page, which is probably at least 4KB and could easily be as high
51 : * as 64KB. Each currently sizeof(dsm_control_item), currently 8 bytes.
52 : */
53 : #define PG_DYNSHMEM_FIXED_SLOTS 64
54 : #define PG_DYNSHMEM_SLOTS_PER_BACKEND 2
55 :
56 : #define INVALID_CONTROL_SLOT ((uint32) -1)
57 :
58 : /* Backend-local tracking for on-detach callbacks. */
59 : typedef struct dsm_segment_detach_callback
60 : {
61 : on_dsm_detach_callback function;
62 : Datum arg;
63 : slist_node node;
64 : } dsm_segment_detach_callback;
65 :
66 : /* Backend-local state for a dynamic shared memory segment. */
67 : struct dsm_segment
68 : {
69 : dlist_node node; /* List link in dsm_segment_list. */
70 : ResourceOwner resowner; /* Resource owner. */
71 : dsm_handle handle; /* Segment name. */
72 : uint32 control_slot; /* Slot in control segment. */
73 : void *impl_private; /* Implementation-specific private data. */
74 : void *mapped_address; /* Mapping address, or NULL if unmapped. */
75 : Size mapped_size; /* Size of our mapping. */
76 : slist_head on_detach; /* On-detach callbacks. */
77 : };
78 :
79 : /* Shared-memory state for a dynamic shared memory segment. */
80 : typedef struct dsm_control_item
81 : {
82 : dsm_handle handle;
83 : uint32 refcnt; /* 2+ = active, 1 = moribund, 0 = gone */
84 : void *impl_private_pm_handle; /* only needed on Windows */
85 : bool pinned;
86 : } dsm_control_item;
87 :
88 : /* Layout of the dynamic shared memory control segment. */
89 : typedef struct dsm_control_header
90 : {
91 : uint32 magic;
92 : uint32 nitems;
93 : uint32 maxitems;
94 : dsm_control_item item[FLEXIBLE_ARRAY_MEMBER];
95 : } dsm_control_header;
96 :
97 : static void dsm_cleanup_for_mmap(void);
98 : static void dsm_postmaster_shutdown(int code, Datum arg);
99 : static dsm_segment *dsm_create_descriptor(void);
100 : static bool dsm_control_segment_sane(dsm_control_header *control,
101 : Size mapped_size);
102 : static uint64 dsm_control_bytes_needed(uint32 nitems);
103 :
104 : /* Has this backend initialized the dynamic shared memory system yet? */
105 : static bool dsm_init_done = false;
106 :
107 : /*
108 : * List of dynamic shared memory segments used by this backend.
109 : *
110 : * At process exit time, we must decrement the reference count of each
111 : * segment we have attached; this list makes it possible to find all such
112 : * segments.
113 : *
114 : * This list should always be empty in the postmaster. We could probably
115 : * allow the postmaster to map dynamic shared memory segments before it
116 : * begins to start child processes, provided that each process adjusted
117 : * the reference counts for those segments in the control segment at
118 : * startup time, but there's no obvious need for such a facility, which
119 : * would also be complex to handle in the EXEC_BACKEND case. Once the
120 : * postmaster has begun spawning children, there's an additional problem:
121 : * each new mapping would require an update to the control segment,
122 : * which requires locking, in which the postmaster must not be involved.
123 : */
124 : static dlist_head dsm_segment_list = DLIST_STATIC_INIT(dsm_segment_list);
125 :
126 : /*
127 : * Control segment information.
128 : *
129 : * Unlike ordinary shared memory segments, the control segment is not
130 : * reference counted; instead, it lasts for the postmaster's entire
131 : * life cycle. For simplicity, it doesn't have a dsm_segment object either.
132 : */
133 : static dsm_handle dsm_control_handle;
134 : static dsm_control_header *dsm_control;
135 : static Size dsm_control_mapped_size = 0;
136 : static void *dsm_control_impl_private = NULL;
137 :
138 : /*
139 : * Start up the dynamic shared memory system.
140 : *
141 : * This is called just once during each cluster lifetime, at postmaster
142 : * startup time.
143 : */
144 : void
145 1848 : dsm_postmaster_startup(PGShmemHeader *shim)
146 : {
147 1848 : void *dsm_control_address = NULL;
148 : uint32 maxitems;
149 : Size segsize;
150 :
151 : Assert(!IsUnderPostmaster);
152 :
153 : /*
154 : * If we're using the mmap implementations, clean up any leftovers.
155 : * Cleanup isn't needed on Windows, and happens earlier in startup for
156 : * POSIX and System V shared memory, via a direct call to
157 : * dsm_cleanup_using_control_segment.
158 : */
159 1848 : if (dynamic_shared_memory_type == DSM_IMPL_MMAP)
160 0 : dsm_cleanup_for_mmap();
161 :
162 : /* Determine size for new control segment. */
163 1848 : maxitems = PG_DYNSHMEM_FIXED_SLOTS
164 1848 : + PG_DYNSHMEM_SLOTS_PER_BACKEND * MaxBackends;
165 1848 : elog(DEBUG2, "dynamic shared memory system will support %u segments",
166 : maxitems);
167 1848 : segsize = dsm_control_bytes_needed(maxitems);
168 :
169 : /*
170 : * Loop until we find an unused identifier for the new control segment. We
171 : * sometimes use 0 as a sentinel value indicating that no control segment
172 : * is known to exist, so avoid using that value for a real control
173 : * segment.
174 : */
175 : for (;;)
176 : {
177 0 : Assert(dsm_control_address == NULL);
178 : Assert(dsm_control_mapped_size == 0);
179 1848 : dsm_control_handle = random();
180 1848 : if (dsm_control_handle == DSM_HANDLE_INVALID)
181 0 : continue;
182 1848 : if (dsm_impl_op(DSM_OP_CREATE, dsm_control_handle, segsize,
183 : &dsm_control_impl_private, &dsm_control_address,
184 : &dsm_control_mapped_size, ERROR))
185 1848 : break;
186 : }
187 1848 : dsm_control = dsm_control_address;
188 1848 : on_shmem_exit(dsm_postmaster_shutdown, PointerGetDatum(shim));
189 1848 : elog(DEBUG2,
190 : "created dynamic shared memory control segment %u (%zu bytes)",
191 : dsm_control_handle, segsize);
192 1848 : shim->dsm_control = dsm_control_handle;
193 :
194 : /* Initialize control segment. */
195 1848 : dsm_control->magic = PG_DYNSHMEM_CONTROL_MAGIC;
196 1848 : dsm_control->nitems = 0;
197 1848 : dsm_control->maxitems = maxitems;
198 1848 : }
199 :
200 : /*
201 : * Determine whether the control segment from the previous postmaster
202 : * invocation still exists. If so, remove the dynamic shared memory
203 : * segments to which it refers, and then the control segment itself.
204 : */
205 : void
206 4 : dsm_cleanup_using_control_segment(dsm_handle old_control_handle)
207 : {
208 4 : void *mapped_address = NULL;
209 4 : void *junk_mapped_address = NULL;
210 4 : void *impl_private = NULL;
211 4 : void *junk_impl_private = NULL;
212 4 : Size mapped_size = 0;
213 4 : Size junk_mapped_size = 0;
214 : uint32 nitems;
215 : uint32 i;
216 : dsm_control_header *old_control;
217 :
218 : /*
219 : * Try to attach the segment. If this fails, it probably just means that
220 : * the operating system has been rebooted and the segment no longer
221 : * exists, or an unrelated process has used the same shm ID. So just fall
222 : * out quietly.
223 : */
224 4 : if (!dsm_impl_op(DSM_OP_ATTACH, old_control_handle, 0, &impl_private,
225 : &mapped_address, &mapped_size, DEBUG1))
226 0 : return;
227 :
228 : /*
229 : * We've managed to reattach it, but the contents might not be sane. If
230 : * they aren't, we disregard the segment after all.
231 : */
232 4 : old_control = (dsm_control_header *) mapped_address;
233 4 : if (!dsm_control_segment_sane(old_control, mapped_size))
234 : {
235 0 : dsm_impl_op(DSM_OP_DETACH, old_control_handle, 0, &impl_private,
236 : &mapped_address, &mapped_size, LOG);
237 0 : return;
238 : }
239 :
240 : /*
241 : * OK, the control segment looks basically valid, so we can use it to get
242 : * a list of segments that need to be removed.
243 : */
244 4 : nitems = old_control->nitems;
245 4 : for (i = 0; i < nitems; ++i)
246 : {
247 : dsm_handle handle;
248 : uint32 refcnt;
249 :
250 : /* If the reference count is 0, the slot is actually unused. */
251 0 : refcnt = old_control->item[i].refcnt;
252 0 : if (refcnt == 0)
253 0 : continue;
254 :
255 : /* Log debugging information. */
256 0 : handle = old_control->item[i].handle;
257 0 : elog(DEBUG2, "cleaning up orphaned dynamic shared memory with ID %u (reference count %u)",
258 : handle, refcnt);
259 :
260 : /* Destroy the referenced segment. */
261 0 : dsm_impl_op(DSM_OP_DESTROY, handle, 0, &junk_impl_private,
262 : &junk_mapped_address, &junk_mapped_size, LOG);
263 : }
264 :
265 : /* Destroy the old control segment, too. */
266 4 : elog(DEBUG2,
267 : "cleaning up dynamic shared memory control segment with ID %u",
268 : old_control_handle);
269 4 : dsm_impl_op(DSM_OP_DESTROY, old_control_handle, 0, &impl_private,
270 : &mapped_address, &mapped_size, LOG);
271 : }
272 :
273 : /*
274 : * When we're using the mmap shared memory implementation, "shared memory"
275 : * segments might even manage to survive an operating system reboot.
276 : * But there's no guarantee as to exactly what will survive: some segments
277 : * may survive, and others may not, and the contents of some may be out
278 : * of date. In particular, the control segment may be out of date, so we
279 : * can't rely on it to figure out what to remove. However, since we know
280 : * what directory contains the files we used as shared memory, we can simply
281 : * scan the directory and blow everything away that shouldn't be there.
282 : */
283 : static void
284 0 : dsm_cleanup_for_mmap(void)
285 : {
286 : DIR *dir;
287 : struct dirent *dent;
288 :
289 : /* Scan the directory for something with a name of the correct format. */
290 0 : dir = AllocateDir(PG_DYNSHMEM_DIR);
291 :
292 0 : while ((dent = ReadDir(dir, PG_DYNSHMEM_DIR)) != NULL)
293 : {
294 0 : if (strncmp(dent->d_name, PG_DYNSHMEM_MMAP_FILE_PREFIX,
295 : strlen(PG_DYNSHMEM_MMAP_FILE_PREFIX)) == 0)
296 : {
297 : char buf[MAXPGPATH + sizeof(PG_DYNSHMEM_DIR)];
298 :
299 0 : snprintf(buf, sizeof(buf), PG_DYNSHMEM_DIR "/%s", dent->d_name);
300 :
301 0 : elog(DEBUG2, "removing file \"%s\"", buf);
302 :
303 : /* We found a matching file; so remove it. */
304 0 : if (unlink(buf) != 0)
305 0 : ereport(ERROR,
306 : (errcode_for_file_access(),
307 : errmsg("could not remove file \"%s\": %m", buf)));
308 : }
309 : }
310 :
311 : /* Cleanup complete. */
312 0 : FreeDir(dir);
313 0 : }
314 :
315 : /*
316 : * At shutdown time, we iterate over the control segment and remove all
317 : * remaining dynamic shared memory segments. We avoid throwing errors here;
318 : * the postmaster is shutting down either way, and this is just non-critical
319 : * resource cleanup.
320 : */
321 : static void
322 1844 : dsm_postmaster_shutdown(int code, Datum arg)
323 : {
324 : uint32 nitems;
325 : uint32 i;
326 : void *dsm_control_address;
327 1844 : void *junk_mapped_address = NULL;
328 1844 : void *junk_impl_private = NULL;
329 1844 : Size junk_mapped_size = 0;
330 1844 : PGShmemHeader *shim = (PGShmemHeader *) DatumGetPointer(arg);
331 :
332 : /*
333 : * If some other backend exited uncleanly, it might have corrupted the
334 : * control segment while it was dying. In that case, we warn and ignore
335 : * the contents of the control segment. This may end up leaving behind
336 : * stray shared memory segments, but there's not much we can do about that
337 : * if the metadata is gone.
338 : */
339 1844 : nitems = dsm_control->nitems;
340 1844 : if (!dsm_control_segment_sane(dsm_control, dsm_control_mapped_size))
341 : {
342 0 : ereport(LOG,
343 : (errmsg("dynamic shared memory control segment is corrupt")));
344 0 : return;
345 : }
346 :
347 : /* Remove any remaining segments. */
348 1878 : for (i = 0; i < nitems; ++i)
349 : {
350 : dsm_handle handle;
351 :
352 : /* If the reference count is 0, the slot is actually unused. */
353 34 : if (dsm_control->item[i].refcnt == 0)
354 34 : continue;
355 :
356 : /* Log debugging information. */
357 0 : handle = dsm_control->item[i].handle;
358 0 : elog(DEBUG2, "cleaning up orphaned dynamic shared memory with ID %u",
359 : handle);
360 :
361 : /* Destroy the segment. */
362 0 : dsm_impl_op(DSM_OP_DESTROY, handle, 0, &junk_impl_private,
363 : &junk_mapped_address, &junk_mapped_size, LOG);
364 : }
365 :
366 : /* Remove the control segment itself. */
367 1844 : elog(DEBUG2,
368 : "cleaning up dynamic shared memory control segment with ID %u",
369 : dsm_control_handle);
370 1844 : dsm_control_address = dsm_control;
371 1844 : dsm_impl_op(DSM_OP_DESTROY, dsm_control_handle, 0,
372 : &dsm_control_impl_private, &dsm_control_address,
373 : &dsm_control_mapped_size, LOG);
374 1844 : dsm_control = dsm_control_address;
375 1844 : shim->dsm_control = 0;
376 : }
377 :
378 : /*
379 : * Prepare this backend for dynamic shared memory usage. Under EXEC_BACKEND,
380 : * we must reread the state file and map the control segment; in other cases,
381 : * we'll have inherited the postmaster's mapping and global variables.
382 : */
383 : static void
384 1692 : dsm_backend_startup(void)
385 : {
386 : #ifdef EXEC_BACKEND
387 : {
388 : void *control_address = NULL;
389 :
390 : /* Attach control segment. */
391 : Assert(dsm_control_handle != 0);
392 : dsm_impl_op(DSM_OP_ATTACH, dsm_control_handle, 0,
393 : &dsm_control_impl_private, &control_address,
394 : &dsm_control_mapped_size, ERROR);
395 : dsm_control = control_address;
396 : /* If control segment doesn't look sane, something is badly wrong. */
397 : if (!dsm_control_segment_sane(dsm_control, dsm_control_mapped_size))
398 : {
399 : dsm_impl_op(DSM_OP_DETACH, dsm_control_handle, 0,
400 : &dsm_control_impl_private, &control_address,
401 : &dsm_control_mapped_size, WARNING);
402 : ereport(FATAL,
403 : (errcode(ERRCODE_INTERNAL_ERROR),
404 : errmsg("dynamic shared memory control segment is not valid")));
405 : }
406 : }
407 : #endif
408 :
409 1692 : dsm_init_done = true;
410 1692 : }
411 :
412 : #ifdef EXEC_BACKEND
413 : /*
414 : * When running under EXEC_BACKEND, we get a callback here when the main
415 : * shared memory segment is re-attached, so that we can record the control
416 : * handle retrieved from it.
417 : */
418 : void
419 : dsm_set_control_handle(dsm_handle h)
420 : {
421 : Assert(dsm_control_handle == 0 && h != 0);
422 : dsm_control_handle = h;
423 : }
424 : #endif
425 :
426 : /*
427 : * Create a new dynamic shared memory segment.
428 : *
429 : * If there is a non-NULL CurrentResourceOwner, the new segment is associated
430 : * with it and must be detached before the resource owner releases, or a
431 : * warning will be logged. If CurrentResourceOwner is NULL, the segment
432 : * remains attached until explicitly detached or the session ends.
433 : * Creating with a NULL CurrentResourceOwner is equivalent to creating
434 : * with a non-NULL CurrentResourceOwner and then calling dsm_pin_mapping.
435 : */
436 : dsm_segment *
437 644 : dsm_create(Size size, int flags)
438 : {
439 : dsm_segment *seg;
440 : uint32 i;
441 : uint32 nitems;
442 :
443 : /* Unsafe in postmaster (and pointless in a stand-alone backend). */
444 : Assert(IsUnderPostmaster);
445 :
446 644 : if (!dsm_init_done)
447 38 : dsm_backend_startup();
448 :
449 : /* Create a new segment descriptor. */
450 644 : seg = dsm_create_descriptor();
451 :
452 : /* Loop until we find an unused segment identifier. */
453 : for (;;)
454 : {
455 0 : Assert(seg->mapped_address == NULL && seg->mapped_size == 0);
456 644 : seg->handle = random();
457 644 : if (seg->handle == DSM_HANDLE_INVALID) /* Reserve sentinel */
458 0 : continue;
459 644 : if (dsm_impl_op(DSM_OP_CREATE, seg->handle, size, &seg->impl_private,
460 : &seg->mapped_address, &seg->mapped_size, ERROR))
461 644 : break;
462 : }
463 :
464 : /* Lock the control segment so we can register the new segment. */
465 644 : LWLockAcquire(DynamicSharedMemoryControlLock, LW_EXCLUSIVE);
466 :
467 : /* Search the control segment for an unused slot. */
468 644 : nitems = dsm_control->nitems;
469 1686 : for (i = 0; i < nitems; ++i)
470 : {
471 1652 : if (dsm_control->item[i].refcnt == 0)
472 : {
473 610 : dsm_control->item[i].handle = seg->handle;
474 : /* refcnt of 1 triggers destruction, so start at 2 */
475 610 : dsm_control->item[i].refcnt = 2;
476 610 : dsm_control->item[i].impl_private_pm_handle = NULL;
477 610 : dsm_control->item[i].pinned = false;
478 610 : seg->control_slot = i;
479 610 : LWLockRelease(DynamicSharedMemoryControlLock);
480 610 : return seg;
481 : }
482 : }
483 :
484 : /* Verify that we can support an additional mapping. */
485 34 : if (nitems >= dsm_control->maxitems)
486 : {
487 0 : if ((flags & DSM_CREATE_NULL_IF_MAXSEGMENTS) != 0)
488 : {
489 0 : LWLockRelease(DynamicSharedMemoryControlLock);
490 0 : dsm_impl_op(DSM_OP_DESTROY, seg->handle, 0, &seg->impl_private,
491 : &seg->mapped_address, &seg->mapped_size, WARNING);
492 0 : if (seg->resowner != NULL)
493 0 : ResourceOwnerForgetDSM(seg->resowner, seg);
494 0 : dlist_delete(&seg->node);
495 0 : pfree(seg);
496 0 : return NULL;
497 : }
498 0 : ereport(ERROR,
499 : (errcode(ERRCODE_INSUFFICIENT_RESOURCES),
500 : errmsg("too many dynamic shared memory segments")));
501 : }
502 :
503 : /* Enter the handle into a new array slot. */
504 34 : dsm_control->item[nitems].handle = seg->handle;
505 : /* refcnt of 1 triggers destruction, so start at 2 */
506 34 : dsm_control->item[nitems].refcnt = 2;
507 34 : dsm_control->item[nitems].impl_private_pm_handle = NULL;
508 34 : dsm_control->item[nitems].pinned = false;
509 34 : seg->control_slot = nitems;
510 34 : dsm_control->nitems++;
511 34 : LWLockRelease(DynamicSharedMemoryControlLock);
512 :
513 34 : return seg;
514 : }
515 :
516 : /*
517 : * Attach a dynamic shared memory segment.
518 : *
519 : * See comments for dsm_segment_handle() for an explanation of how this
520 : * is intended to be used.
521 : *
522 : * This function will return NULL if the segment isn't known to the system.
523 : * This can happen if we're asked to attach the segment, but then everyone
524 : * else detaches it (causing it to be destroyed) before we get around to
525 : * attaching it.
526 : *
527 : * If there is a non-NULL CurrentResourceOwner, the attached segment is
528 : * associated with it and must be detached before the resource owner releases,
529 : * or a warning will be logged. Otherwise the segment remains attached until
530 : * explicitly detached or the session ends. See the note atop dsm_create().
531 : */
532 : dsm_segment *
533 3684 : dsm_attach(dsm_handle h)
534 : {
535 : dsm_segment *seg;
536 : dlist_iter iter;
537 : uint32 i;
538 : uint32 nitems;
539 :
540 : /* Unsafe in postmaster (and pointless in a stand-alone backend). */
541 : Assert(IsUnderPostmaster);
542 :
543 3684 : if (!dsm_init_done)
544 1654 : dsm_backend_startup();
545 :
546 : /*
547 : * Since this is just a debugging cross-check, we could leave it out
548 : * altogether, or include it only in assert-enabled builds. But since the
549 : * list of attached segments should normally be very short, let's include
550 : * it always for right now.
551 : *
552 : * If you're hitting this error, you probably want to attempt to find an
553 : * existing mapping via dsm_find_mapping() before calling dsm_attach() to
554 : * create a new one.
555 : */
556 6132 : dlist_foreach(iter, &dsm_segment_list)
557 : {
558 2448 : seg = dlist_container(dsm_segment, node, iter.cur);
559 2448 : if (seg->handle == h)
560 0 : elog(ERROR, "can't attach the same segment more than once");
561 : }
562 :
563 : /* Create a new segment descriptor. */
564 3684 : seg = dsm_create_descriptor();
565 3684 : seg->handle = h;
566 :
567 : /* Bump reference count for this segment in shared memory. */
568 3684 : LWLockAcquire(DynamicSharedMemoryControlLock, LW_EXCLUSIVE);
569 3684 : nitems = dsm_control->nitems;
570 7032 : for (i = 0; i < nitems; ++i)
571 : {
572 : /*
573 : * If the reference count is 0, the slot is actually unused. If the
574 : * reference count is 1, the slot is still in use, but the segment is
575 : * in the process of going away; even if the handle matches, another
576 : * slot may already have started using the same handle value by
577 : * coincidence so we have to keep searching.
578 : */
579 7032 : if (dsm_control->item[i].refcnt <= 1)
580 98 : continue;
581 :
582 : /* If the handle doesn't match, it's not the slot we want. */
583 6934 : if (dsm_control->item[i].handle != seg->handle)
584 3250 : continue;
585 :
586 : /* Otherwise we've found a match. */
587 3684 : dsm_control->item[i].refcnt++;
588 3684 : seg->control_slot = i;
589 3684 : break;
590 : }
591 3684 : LWLockRelease(DynamicSharedMemoryControlLock);
592 :
593 : /*
594 : * If we didn't find the handle we're looking for in the control segment,
595 : * it probably means that everyone else who had it mapped, including the
596 : * original creator, died before we got to this point. It's up to the
597 : * caller to decide what to do about that.
598 : */
599 3684 : if (seg->control_slot == INVALID_CONTROL_SLOT)
600 : {
601 0 : dsm_detach(seg);
602 0 : return NULL;
603 : }
604 :
605 : /* Here's where we actually try to map the segment. */
606 3684 : dsm_impl_op(DSM_OP_ATTACH, seg->handle, 0, &seg->impl_private,
607 : &seg->mapped_address, &seg->mapped_size, ERROR);
608 :
609 3684 : return seg;
610 : }
611 :
612 : /*
613 : * At backend shutdown time, detach any segments that are still attached.
614 : * (This is similar to dsm_detach_all, except that there's no reason to
615 : * unmap the control segment before exiting, so we don't bother.)
616 : */
617 : void
618 26494 : dsm_backend_shutdown(void)
619 : {
620 54676 : while (!dlist_is_empty(&dsm_segment_list))
621 : {
622 : dsm_segment *seg;
623 :
624 1688 : seg = dlist_head_element(dsm_segment, node, &dsm_segment_list);
625 1688 : dsm_detach(seg);
626 : }
627 26494 : }
628 :
629 : /*
630 : * Detach all shared memory segments, including the control segments. This
631 : * should be called, along with PGSharedMemoryDetach, in processes that
632 : * might inherit mappings but are not intended to be connected to dynamic
633 : * shared memory.
634 : */
635 : void
636 588 : dsm_detach_all(void)
637 : {
638 588 : void *control_address = dsm_control;
639 :
640 1176 : while (!dlist_is_empty(&dsm_segment_list))
641 : {
642 : dsm_segment *seg;
643 :
644 0 : seg = dlist_head_element(dsm_segment, node, &dsm_segment_list);
645 0 : dsm_detach(seg);
646 : }
647 :
648 588 : if (control_address != NULL)
649 588 : dsm_impl_op(DSM_OP_DETACH, dsm_control_handle, 0,
650 : &dsm_control_impl_private, &control_address,
651 : &dsm_control_mapped_size, ERROR);
652 588 : }
653 :
654 : /*
655 : * Detach from a shared memory segment, destroying the segment if we
656 : * remove the last reference.
657 : *
658 : * This function should never fail. It will often be invoked when aborting
659 : * a transaction, and a further error won't serve any purpose. It's not a
660 : * complete disaster if we fail to unmap or destroy the segment; it means a
661 : * resource leak, but that doesn't necessarily preclude further operations.
662 : */
663 : void
664 4328 : dsm_detach(dsm_segment *seg)
665 : {
666 : /*
667 : * Invoke registered callbacks. Just in case one of those callbacks
668 : * throws a further error that brings us back here, pop the callback
669 : * before invoking it, to avoid infinite error recursion.
670 : */
671 17840 : while (!slist_is_empty(&seg->on_detach))
672 : {
673 : slist_node *node;
674 : dsm_segment_detach_callback *cb;
675 : on_dsm_detach_callback function;
676 : Datum arg;
677 :
678 9184 : node = slist_pop_head_node(&seg->on_detach);
679 9184 : cb = slist_container(dsm_segment_detach_callback, node, node);
680 9184 : function = cb->function;
681 9184 : arg = cb->arg;
682 9184 : pfree(cb);
683 :
684 9184 : function(seg, arg);
685 : }
686 :
687 : /*
688 : * Try to remove the mapping, if one exists. Normally, there will be, but
689 : * maybe not, if we failed partway through a create or attach operation.
690 : * We remove the mapping before decrementing the reference count so that
691 : * the process that sees a zero reference count can be certain that no
692 : * remaining mappings exist. Even if this fails, we pretend that it
693 : * works, because retrying is likely to fail in the same way.
694 : */
695 4328 : if (seg->mapped_address != NULL)
696 : {
697 4328 : dsm_impl_op(DSM_OP_DETACH, seg->handle, 0, &seg->impl_private,
698 : &seg->mapped_address, &seg->mapped_size, WARNING);
699 4328 : seg->impl_private = NULL;
700 4328 : seg->mapped_address = NULL;
701 4328 : seg->mapped_size = 0;
702 : }
703 :
704 : /* Reduce reference count, if we previously increased it. */
705 4328 : if (seg->control_slot != INVALID_CONTROL_SLOT)
706 : {
707 : uint32 refcnt;
708 4328 : uint32 control_slot = seg->control_slot;
709 :
710 4328 : LWLockAcquire(DynamicSharedMemoryControlLock, LW_EXCLUSIVE);
711 : Assert(dsm_control->item[control_slot].handle == seg->handle);
712 : Assert(dsm_control->item[control_slot].refcnt > 1);
713 4328 : refcnt = --dsm_control->item[control_slot].refcnt;
714 4328 : seg->control_slot = INVALID_CONTROL_SLOT;
715 4328 : LWLockRelease(DynamicSharedMemoryControlLock);
716 :
717 : /* If new reference count is 1, try to destroy the segment. */
718 4328 : if (refcnt == 1)
719 : {
720 : /* A pinned segment should never reach 1. */
721 : Assert(!dsm_control->item[control_slot].pinned);
722 :
723 : /*
724 : * If we fail to destroy the segment here, or are killed before we
725 : * finish doing so, the reference count will remain at 1, which
726 : * will mean that nobody else can attach to the segment. At
727 : * postmaster shutdown time, or when a new postmaster is started
728 : * after a hard kill, another attempt will be made to remove the
729 : * segment.
730 : *
731 : * The main case we're worried about here is being killed by a
732 : * signal before we can finish removing the segment. In that
733 : * case, it's important to be sure that the segment still gets
734 : * removed. If we actually fail to remove the segment for some
735 : * other reason, the postmaster may not have any better luck than
736 : * we did. There's not much we can do about that, though.
737 : */
738 536 : if (dsm_impl_op(DSM_OP_DESTROY, seg->handle, 0, &seg->impl_private,
739 : &seg->mapped_address, &seg->mapped_size, WARNING))
740 : {
741 536 : LWLockAcquire(DynamicSharedMemoryControlLock, LW_EXCLUSIVE);
742 : Assert(dsm_control->item[control_slot].handle == seg->handle);
743 : Assert(dsm_control->item[control_slot].refcnt == 1);
744 536 : dsm_control->item[control_slot].refcnt = 0;
745 536 : LWLockRelease(DynamicSharedMemoryControlLock);
746 : }
747 : }
748 : }
749 :
750 : /* Clean up our remaining backend-private data structures. */
751 4328 : if (seg->resowner != NULL)
752 974 : ResourceOwnerForgetDSM(seg->resowner, seg);
753 4328 : dlist_delete(&seg->node);
754 4328 : pfree(seg);
755 4328 : }
756 :
757 : /*
758 : * Keep a dynamic shared memory mapping until end of session.
759 : *
760 : * By default, mappings are owned by the current resource owner, which
761 : * typically means they stick around for the duration of the current query
762 : * only.
763 : */
764 : void
765 1700 : dsm_pin_mapping(dsm_segment *seg)
766 : {
767 1700 : if (seg->resowner != NULL)
768 : {
769 1700 : ResourceOwnerForgetDSM(seg->resowner, seg);
770 1700 : seg->resowner = NULL;
771 : }
772 1700 : }
773 :
774 : /*
775 : * Arrange to remove a dynamic shared memory mapping at cleanup time.
776 : *
777 : * dsm_pin_mapping() can be used to preserve a mapping for the entire
778 : * lifetime of a process; this function reverses that decision, making
779 : * the segment owned by the current resource owner. This may be useful
780 : * just before performing some operation that will invalidate the segment
781 : * for future use by this backend.
782 : */
783 : void
784 0 : dsm_unpin_mapping(dsm_segment *seg)
785 : {
786 : Assert(seg->resowner == NULL);
787 0 : ResourceOwnerEnlargeDSMs(CurrentResourceOwner);
788 0 : seg->resowner = CurrentResourceOwner;
789 0 : ResourceOwnerRememberDSM(seg->resowner, seg);
790 0 : }
791 :
792 : /*
793 : * Keep a dynamic shared memory segment until postmaster shutdown, or until
794 : * dsm_unpin_segment is called.
795 : *
796 : * This function should not be called more than once per segment, unless the
797 : * segment is explicitly unpinned with dsm_unpin_segment in between calls.
798 : *
799 : * Note that this function does not arrange for the current process to
800 : * keep the segment mapped indefinitely; if that behavior is desired,
801 : * dsm_pin_mapping() should be used from each process that needs to
802 : * retain the mapping.
803 : */
804 : void
805 108 : dsm_pin_segment(dsm_segment *seg)
806 : {
807 : void *handle;
808 :
809 : /*
810 : * Bump reference count for this segment in shared memory. This will
811 : * ensure that even if there is no session which is attached to this
812 : * segment, it will remain until postmaster shutdown or an explicit call
813 : * to unpin.
814 : */
815 108 : LWLockAcquire(DynamicSharedMemoryControlLock, LW_EXCLUSIVE);
816 108 : if (dsm_control->item[seg->control_slot].pinned)
817 0 : elog(ERROR, "cannot pin a segment that is already pinned");
818 108 : dsm_impl_pin_segment(seg->handle, seg->impl_private, &handle);
819 108 : dsm_control->item[seg->control_slot].pinned = true;
820 108 : dsm_control->item[seg->control_slot].refcnt++;
821 108 : dsm_control->item[seg->control_slot].impl_private_pm_handle = handle;
822 108 : LWLockRelease(DynamicSharedMemoryControlLock);
823 108 : }
824 :
825 : /*
826 : * Unpin a dynamic shared memory segment that was previously pinned with
827 : * dsm_pin_segment. This function should not be called unless dsm_pin_segment
828 : * was previously called for this segment.
829 : *
830 : * The argument is a dsm_handle rather than a dsm_segment in case you want
831 : * to unpin a segment to which you haven't attached. This turns out to be
832 : * useful if, for example, a reference to one shared memory segment is stored
833 : * within another shared memory segment. You might want to unpin the
834 : * referenced segment before destroying the referencing segment.
835 : */
836 : void
837 108 : dsm_unpin_segment(dsm_handle handle)
838 : {
839 108 : uint32 control_slot = INVALID_CONTROL_SLOT;
840 108 : bool destroy = false;
841 : uint32 i;
842 :
843 : /* Find the control slot for the given handle. */
844 108 : LWLockAcquire(DynamicSharedMemoryControlLock, LW_EXCLUSIVE);
845 434 : for (i = 0; i < dsm_control->nitems; ++i)
846 : {
847 : /* Skip unused slots and segments that are concurrently going away. */
848 434 : if (dsm_control->item[i].refcnt <= 1)
849 30 : continue;
850 :
851 : /* If we've found our handle, we can stop searching. */
852 404 : if (dsm_control->item[i].handle == handle)
853 : {
854 108 : control_slot = i;
855 108 : break;
856 : }
857 : }
858 :
859 : /*
860 : * We should definitely have found the slot, and it should not already be
861 : * in the process of going away, because this function should only be
862 : * called on a segment which is pinned.
863 : */
864 108 : if (control_slot == INVALID_CONTROL_SLOT)
865 0 : elog(ERROR, "cannot unpin unknown segment handle");
866 108 : if (!dsm_control->item[control_slot].pinned)
867 0 : elog(ERROR, "cannot unpin a segment that is not pinned");
868 : Assert(dsm_control->item[control_slot].refcnt > 1);
869 :
870 : /*
871 : * Allow implementation-specific code to run. We have to do this before
872 : * releasing the lock, because impl_private_pm_handle may get modified by
873 : * dsm_impl_unpin_segment.
874 : */
875 108 : dsm_impl_unpin_segment(handle,
876 108 : &dsm_control->item[control_slot].impl_private_pm_handle);
877 :
878 : /* Note that 1 means no references (0 means unused slot). */
879 108 : if (--dsm_control->item[control_slot].refcnt == 1)
880 108 : destroy = true;
881 108 : dsm_control->item[control_slot].pinned = false;
882 :
883 : /* Now we can release the lock. */
884 108 : LWLockRelease(DynamicSharedMemoryControlLock);
885 :
886 : /* Clean up resources if that was the last reference. */
887 108 : if (destroy)
888 : {
889 108 : void *junk_impl_private = NULL;
890 108 : void *junk_mapped_address = NULL;
891 108 : Size junk_mapped_size = 0;
892 :
893 : /*
894 : * For an explanation of how error handling works in this case, see
895 : * comments in dsm_detach. Note that if we reach this point, the
896 : * current process certainly does not have the segment mapped, because
897 : * if it did, the reference count would have still been greater than 1
898 : * even after releasing the reference count held by the pin. The fact
899 : * that there can't be a dsm_segment for this handle makes it OK to
900 : * pass the mapped size, mapped address, and private data as NULL
901 : * here.
902 : */
903 108 : if (dsm_impl_op(DSM_OP_DESTROY, handle, 0, &junk_impl_private,
904 : &junk_mapped_address, &junk_mapped_size, WARNING))
905 : {
906 108 : LWLockAcquire(DynamicSharedMemoryControlLock, LW_EXCLUSIVE);
907 : Assert(dsm_control->item[control_slot].handle == handle);
908 : Assert(dsm_control->item[control_slot].refcnt == 1);
909 108 : dsm_control->item[control_slot].refcnt = 0;
910 108 : LWLockRelease(DynamicSharedMemoryControlLock);
911 : }
912 : }
913 108 : }
914 :
915 : /*
916 : * Find an existing mapping for a shared memory segment, if there is one.
917 : */
918 : dsm_segment *
919 0 : dsm_find_mapping(dsm_handle h)
920 : {
921 : dlist_iter iter;
922 : dsm_segment *seg;
923 :
924 0 : dlist_foreach(iter, &dsm_segment_list)
925 : {
926 0 : seg = dlist_container(dsm_segment, node, iter.cur);
927 0 : if (seg->handle == h)
928 0 : return seg;
929 : }
930 :
931 0 : return NULL;
932 : }
933 :
934 : /*
935 : * Get the address at which a dynamic shared memory segment is mapped.
936 : */
937 : void *
938 4328 : dsm_segment_address(dsm_segment *seg)
939 : {
940 : Assert(seg->mapped_address != NULL);
941 4328 : return seg->mapped_address;
942 : }
943 :
944 : /*
945 : * Get the size of a mapping.
946 : */
947 : Size
948 0 : dsm_segment_map_length(dsm_segment *seg)
949 : {
950 : Assert(seg->mapped_address != NULL);
951 0 : return seg->mapped_size;
952 : }
953 :
954 : /*
955 : * Get a handle for a mapping.
956 : *
957 : * To establish communication via dynamic shared memory between two backends,
958 : * one of them should first call dsm_create() to establish a new shared
959 : * memory mapping. That process should then call dsm_segment_handle() to
960 : * obtain a handle for the mapping, and pass that handle to the
961 : * coordinating backend via some means (e.g. bgw_main_arg, or via the
962 : * main shared memory segment). The recipient, once in possession of the
963 : * handle, should call dsm_attach().
964 : */
965 : dsm_handle
966 1286 : dsm_segment_handle(dsm_segment *seg)
967 : {
968 1286 : return seg->handle;
969 : }
970 :
971 : /*
972 : * Register an on-detach callback for a dynamic shared memory segment.
973 : */
974 : void
975 13988 : on_dsm_detach(dsm_segment *seg, on_dsm_detach_callback function, Datum arg)
976 : {
977 : dsm_segment_detach_callback *cb;
978 :
979 13988 : cb = MemoryContextAlloc(TopMemoryContext,
980 : sizeof(dsm_segment_detach_callback));
981 13988 : cb->function = function;
982 13988 : cb->arg = arg;
983 13988 : slist_push_head(&seg->on_detach, &cb->node);
984 13988 : }
985 :
986 : /*
987 : * Unregister an on-detach callback for a dynamic shared memory segment.
988 : */
989 : void
990 4804 : cancel_on_dsm_detach(dsm_segment *seg, on_dsm_detach_callback function,
991 : Datum arg)
992 : {
993 : slist_mutable_iter iter;
994 :
995 14714 : slist_foreach_modify(iter, &seg->on_detach)
996 : {
997 : dsm_segment_detach_callback *cb;
998 :
999 14714 : cb = slist_container(dsm_segment_detach_callback, node, iter.cur);
1000 14714 : if (cb->function == function && cb->arg == arg)
1001 : {
1002 4804 : slist_delete_current(&iter);
1003 4804 : pfree(cb);
1004 4804 : break;
1005 : }
1006 : }
1007 4804 : }
1008 :
1009 : /*
1010 : * Discard all registered on-detach callbacks without executing them.
1011 : */
1012 : void
1013 11690 : reset_on_dsm_detach(void)
1014 : {
1015 : dlist_iter iter;
1016 :
1017 11690 : dlist_foreach(iter, &dsm_segment_list)
1018 : {
1019 0 : dsm_segment *seg = dlist_container(dsm_segment, node, iter.cur);
1020 :
1021 : /* Throw away explicit on-detach actions one by one. */
1022 0 : while (!slist_is_empty(&seg->on_detach))
1023 : {
1024 : slist_node *node;
1025 : dsm_segment_detach_callback *cb;
1026 :
1027 0 : node = slist_pop_head_node(&seg->on_detach);
1028 0 : cb = slist_container(dsm_segment_detach_callback, node, node);
1029 0 : pfree(cb);
1030 : }
1031 :
1032 : /*
1033 : * Decrementing the reference count is a sort of implicit on-detach
1034 : * action; make sure we don't do that, either.
1035 : */
1036 0 : seg->control_slot = INVALID_CONTROL_SLOT;
1037 : }
1038 11690 : }
1039 :
1040 : /*
1041 : * Create a segment descriptor.
1042 : */
1043 : static dsm_segment *
1044 4328 : dsm_create_descriptor(void)
1045 : {
1046 : dsm_segment *seg;
1047 :
1048 4328 : if (CurrentResourceOwner)
1049 2674 : ResourceOwnerEnlargeDSMs(CurrentResourceOwner);
1050 :
1051 4328 : seg = MemoryContextAlloc(TopMemoryContext, sizeof(dsm_segment));
1052 4328 : dlist_push_head(&dsm_segment_list, &seg->node);
1053 :
1054 : /* seg->handle must be initialized by the caller */
1055 4328 : seg->control_slot = INVALID_CONTROL_SLOT;
1056 4328 : seg->impl_private = NULL;
1057 4328 : seg->mapped_address = NULL;
1058 4328 : seg->mapped_size = 0;
1059 :
1060 4328 : seg->resowner = CurrentResourceOwner;
1061 4328 : if (CurrentResourceOwner)
1062 2674 : ResourceOwnerRememberDSM(CurrentResourceOwner, seg);
1063 :
1064 4328 : slist_init(&seg->on_detach);
1065 :
1066 4328 : return seg;
1067 : }
1068 :
1069 : /*
1070 : * Sanity check a control segment.
1071 : *
1072 : * The goal here isn't to detect everything that could possibly be wrong with
1073 : * the control segment; there's not enough information for that. Rather, the
1074 : * goal is to make sure that someone can iterate over the items in the segment
1075 : * without overrunning the end of the mapping and crashing. We also check
1076 : * the magic number since, if that's messed up, this may not even be one of
1077 : * our segments at all.
1078 : */
1079 : static bool
1080 1848 : dsm_control_segment_sane(dsm_control_header *control, Size mapped_size)
1081 : {
1082 1848 : if (mapped_size < offsetof(dsm_control_header, item))
1083 0 : return false; /* Mapped size too short to read header. */
1084 1848 : if (control->magic != PG_DYNSHMEM_CONTROL_MAGIC)
1085 0 : return false; /* Magic number doesn't match. */
1086 1848 : if (dsm_control_bytes_needed(control->maxitems) > mapped_size)
1087 0 : return false; /* Max item count won't fit in map. */
1088 1848 : if (control->nitems > control->maxitems)
1089 0 : return false; /* Overfull. */
1090 1848 : return true;
1091 : }
1092 :
1093 : /*
1094 : * Compute the number of control-segment bytes needed to store a given
1095 : * number of items.
1096 : */
1097 : static uint64
1098 3696 : dsm_control_bytes_needed(uint32 nitems)
1099 : {
1100 : return offsetof(dsm_control_header, item)
1101 3696 : + sizeof(dsm_control_item) * (uint64) nitems;
1102 : }
|
