LCOV - code coverage report
Current view: top level - src/bin/pg_rewind - xlogreader.c (source / functions) Hit Total Coverage
Test: PostgreSQL 15beta1 Lines: 376 720 52.2 %
Date: 2022-05-18 03:10:05 Functions: 19 27 70.4 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * xlogreader.c
       4             :  *      Generic XLog reading facility
       5             :  *
       6             :  * Portions Copyright (c) 2013-2022, PostgreSQL Global Development Group
       7             :  *
       8             :  * IDENTIFICATION
       9             :  *      src/backend/access/transam/xlogreader.c
      10             :  *
      11             :  * NOTES
      12             :  *      See xlogreader.h for more notes on this facility.
      13             :  *
      14             :  *      This file is compiled as both front-end and backend code, so it
      15             :  *      may not use ereport, server-defined static variables, etc.
      16             :  *-------------------------------------------------------------------------
      17             :  */
      18             : #include "postgres.h"
      19             : 
      20             : #include <unistd.h>
      21             : #ifdef USE_LZ4
      22             : #include <lz4.h>
      23             : #endif
      24             : #ifdef USE_ZSTD
      25             : #include <zstd.h>
      26             : #endif
      27             : 
      28             : #include "access/transam.h"
      29             : #include "access/xlog_internal.h"
      30             : #include "access/xlogreader.h"
      31             : #include "access/xlogrecord.h"
      32             : #include "catalog/pg_control.h"
      33             : #include "common/pg_lzcompress.h"
      34             : #include "replication/origin.h"
      35             : 
      36             : #ifndef FRONTEND
      37             : #include "miscadmin.h"
      38             : #include "pgstat.h"
      39             : #include "utils/memutils.h"
      40             : #else
      41             : #include "common/logging.h"
      42             : #endif
      43             : 
      44             : static void report_invalid_record(XLogReaderState *state, const char *fmt,...)
      45             :             pg_attribute_printf(2, 3);
      46             : static bool allocate_recordbuf(XLogReaderState *state, uint32 reclength);
      47             : static int  ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr,
      48             :                              int reqLen);
      49             : static void XLogReaderInvalReadState(XLogReaderState *state);
      50             : static XLogPageReadResult XLogDecodeNextRecord(XLogReaderState *state, bool non_blocking);
      51             : static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
      52             :                                   XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess);
      53             : static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record,
      54             :                             XLogRecPtr recptr);
      55             : static void ResetDecoder(XLogReaderState *state);
      56             : static void WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
      57             :                                int segsize, const char *waldir);
      58             : 
      59             : /* size of the buffer allocated for error message. */
      60             : #define MAX_ERRORMSG_LEN 1000
      61             : 
      62             : /*
      63             :  * Default size; large enough that typical users of XLogReader won't often need
      64             :  * to use the 'oversized' memory allocation code path.
      65             :  */
      66             : #define DEFAULT_DECODE_BUFFER_SIZE (64 * 1024)
      67             : 
      68             : /*
      69             :  * Construct a string in state->errormsg_buf explaining what's wrong with
      70             :  * the current record being read.
      71             :  */
      72             : static void
      73           0 : report_invalid_record(XLogReaderState *state, const char *fmt,...)
      74             : {
      75             :     va_list     args;
      76             : 
      77           0 :     fmt = _(fmt);
      78             : 
      79           0 :     va_start(args, fmt);
      80           0 :     vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
      81           0 :     va_end(args);
      82             : 
      83           0 :     state->errormsg_deferred = true;
      84           0 : }
      85             : 
      86             : /*
      87             :  * Set the size of the decoding buffer.  A pointer to a caller supplied memory
      88             :  * region may also be passed in, in which case non-oversized records will be
      89             :  * decoded there.
      90             :  */
      91             : void
      92           0 : XLogReaderSetDecodeBuffer(XLogReaderState *state, void *buffer, size_t size)
      93             : {
      94             :     Assert(state->decode_buffer == NULL);
      95             : 
      96           0 :     state->decode_buffer = buffer;
      97           0 :     state->decode_buffer_size = size;
      98           0 :     state->decode_buffer_tail = buffer;
      99           0 :     state->decode_buffer_head = buffer;
     100           0 : }
     101             : 
     102             : /*
     103             :  * Allocate and initialize a new XLogReader.
     104             :  *
     105             :  * Returns NULL if the xlogreader couldn't be allocated.
     106             :  */
     107             : XLogReaderState *
     108          78 : XLogReaderAllocate(int wal_segment_size, const char *waldir,
     109             :                    XLogReaderRoutine *routine, void *private_data)
     110             : {
     111             :     XLogReaderState *state;
     112             : 
     113             :     state = (XLogReaderState *)
     114          78 :         palloc_extended(sizeof(XLogReaderState),
     115             :                         MCXT_ALLOC_NO_OOM | MCXT_ALLOC_ZERO);
     116          78 :     if (!state)
     117           0 :         return NULL;
     118             : 
     119             :     /* initialize caller-provided support functions */
     120          78 :     state->routine = *routine;
     121             : 
     122             :     /*
     123             :      * Permanently allocate readBuf.  We do it this way, rather than just
     124             :      * making a static array, for two reasons: (1) no need to waste the
     125             :      * storage in most instantiations of the backend; (2) a static char array
     126             :      * isn't guaranteed to have any particular alignment, whereas
     127             :      * palloc_extended() will provide MAXALIGN'd storage.
     128             :      */
     129          78 :     state->readBuf = (char *) palloc_extended(XLOG_BLCKSZ,
     130             :                                               MCXT_ALLOC_NO_OOM);
     131          78 :     if (!state->readBuf)
     132             :     {
     133           0 :         pfree(state);
     134           0 :         return NULL;
     135             :     }
     136             : 
     137             :     /* Initialize segment info. */
     138          78 :     WALOpenSegmentInit(&state->seg, &state->segcxt, wal_segment_size,
     139             :                        waldir);
     140             : 
     141             :     /* system_identifier initialized to zeroes above */
     142          78 :     state->private_data = private_data;
     143             :     /* ReadRecPtr, EndRecPtr and readLen initialized to zeroes above */
     144          78 :     state->errormsg_buf = palloc_extended(MAX_ERRORMSG_LEN + 1,
     145             :                                           MCXT_ALLOC_NO_OOM);
     146          78 :     if (!state->errormsg_buf)
     147             :     {
     148           0 :         pfree(state->readBuf);
     149           0 :         pfree(state);
     150           0 :         return NULL;
     151             :     }
     152          78 :     state->errormsg_buf[0] = '\0';
     153             : 
     154             :     /*
     155             :      * Allocate an initial readRecordBuf of minimal size, which can later be
     156             :      * enlarged if necessary.
     157             :      */
     158          78 :     if (!allocate_recordbuf(state, 0))
     159             :     {
     160           0 :         pfree(state->errormsg_buf);
     161           0 :         pfree(state->readBuf);
     162           0 :         pfree(state);
     163           0 :         return NULL;
     164             :     }
     165             : 
     166          78 :     return state;
     167             : }
     168             : 
     169             : void
     170          78 : XLogReaderFree(XLogReaderState *state)
     171             : {
     172          78 :     if (state->seg.ws_file != -1)
     173           0 :         state->routine.segment_close(state);
     174             : 
     175          78 :     if (state->decode_buffer && state->free_decode_buffer)
     176          78 :         pfree(state->decode_buffer);
     177             : 
     178          78 :     pfree(state->errormsg_buf);
     179          78 :     if (state->readRecordBuf)
     180          78 :         pfree(state->readRecordBuf);
     181          78 :     pfree(state->readBuf);
     182          78 :     pfree(state);
     183          78 : }
     184             : 
     185             : /*
     186             :  * Allocate readRecordBuf to fit a record of at least the given length.
     187             :  * Returns true if successful, false if out of memory.
     188             :  *
     189             :  * readRecordBufSize is set to the new buffer size.
     190             :  *
     191             :  * To avoid useless small increases, round its size to a multiple of
     192             :  * XLOG_BLCKSZ, and make sure it's at least 5*Max(BLCKSZ, XLOG_BLCKSZ) to start
     193             :  * with.  (That is enough for all "normal" records, but very large commit or
     194             :  * abort records might need more space.)
     195             :  */
     196             : static bool
     197          78 : allocate_recordbuf(XLogReaderState *state, uint32 reclength)
     198             : {
     199          78 :     uint32      newSize = reclength;
     200             : 
     201          78 :     newSize += XLOG_BLCKSZ - (newSize % XLOG_BLCKSZ);
     202          78 :     newSize = Max(newSize, 5 * Max(BLCKSZ, XLOG_BLCKSZ));
     203             : 
     204             : #ifndef FRONTEND
     205             : 
     206             :     /*
     207             :      * Note that in much unlucky circumstances, the random data read from a
     208             :      * recycled segment can cause this routine to be called with a size
     209             :      * causing a hard failure at allocation.  For a standby, this would cause
     210             :      * the instance to stop suddenly with a hard failure, preventing it to
     211             :      * retry fetching WAL from one of its sources which could allow it to move
     212             :      * on with replay without a manual restart. If the data comes from a past
     213             :      * recycled segment and is still valid, then the allocation may succeed
     214             :      * but record checks are going to fail so this would be short-lived.  If
     215             :      * the allocation fails because of a memory shortage, then this is not a
     216             :      * hard failure either per the guarantee given by MCXT_ALLOC_NO_OOM.
     217             :      */
     218             :     if (!AllocSizeIsValid(newSize))
     219             :         return false;
     220             : 
     221             : #endif
     222             : 
     223          78 :     if (state->readRecordBuf)
     224           0 :         pfree(state->readRecordBuf);
     225          78 :     state->readRecordBuf =
     226          78 :         (char *) palloc_extended(newSize, MCXT_ALLOC_NO_OOM);
     227          78 :     if (state->readRecordBuf == NULL)
     228             :     {
     229           0 :         state->readRecordBufSize = 0;
     230           0 :         return false;
     231             :     }
     232          78 :     state->readRecordBufSize = newSize;
     233          78 :     return true;
     234             : }
     235             : 
     236             : /*
     237             :  * Initialize the passed segment structs.
     238             :  */
     239             : static void
     240          78 : WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
     241             :                    int segsize, const char *waldir)
     242             : {
     243          78 :     seg->ws_file = -1;
     244          78 :     seg->ws_segno = 0;
     245          78 :     seg->ws_tli = 0;
     246             : 
     247          78 :     segcxt->ws_segsize = segsize;
     248          78 :     if (waldir)
     249          78 :         snprintf(segcxt->ws_dir, MAXPGPATH, "%s", waldir);
     250          78 : }
     251             : 
     252             : /*
     253             :  * Begin reading WAL at 'RecPtr'.
     254             :  *
     255             :  * 'RecPtr' should point to the beginning of a valid WAL record.  Pointing at
     256             :  * the beginning of a page is also OK, if there is a new record right after
     257             :  * the page header, i.e. not a continuation.
     258             :  *
     259             :  * This does not make any attempt to read the WAL yet, and hence cannot fail.
     260             :  * If the starting address is not correct, the first call to XLogReadRecord()
     261             :  * will error out.
     262             :  */
     263             : void
     264        4420 : XLogBeginRead(XLogReaderState *state, XLogRecPtr RecPtr)
     265             : {
     266             :     Assert(!XLogRecPtrIsInvalid(RecPtr));
     267             : 
     268        4420 :     ResetDecoder(state);
     269             : 
     270             :     /* Begin at the passed-in record pointer. */
     271        4420 :     state->EndRecPtr = RecPtr;
     272        4420 :     state->NextRecPtr = RecPtr;
     273        4420 :     state->ReadRecPtr = InvalidXLogRecPtr;
     274        4420 :     state->DecodeRecPtr = InvalidXLogRecPtr;
     275        4420 : }
     276             : 
     277             : /*
     278             :  * See if we can release the last record that was returned by
     279             :  * XLogNextRecord(), if any, to free up space.
     280             :  */
     281             : void
     282      352364 : XLogReleasePreviousRecord(XLogReaderState *state)
     283             : {
     284             :     DecodedXLogRecord *record;
     285             : 
     286      352364 :     if (!state->record)
     287      180602 :         return;
     288             : 
     289             :     /*
     290             :      * Remove it from the decoded record queue.  It must be the oldest item
     291             :      * decoded, decode_queue_head.
     292             :      */
     293      171762 :     record = state->record;
     294             :     Assert(record == state->decode_queue_head);
     295      171762 :     state->record = NULL;
     296      171762 :     state->decode_queue_head = record->next;
     297             : 
     298             :     /* It might also be the newest item decoded, decode_queue_tail. */
     299      171762 :     if (state->decode_queue_tail == record)
     300      171762 :         state->decode_queue_tail = NULL;
     301             : 
     302             :     /* Release the space. */
     303      171762 :     if (unlikely(record->oversized))
     304             :     {
     305             :         /* It's not in the decode buffer, so free it to release space. */
     306           0 :         pfree(record);
     307             :     }
     308             :     else
     309             :     {
     310             :         /* It must be the head (oldest) record in the decode buffer. */
     311             :         Assert(state->decode_buffer_head == (char *) record);
     312             : 
     313             :         /*
     314             :          * We need to update head to point to the next record that is in the
     315             :          * decode buffer, if any, being careful to skip oversized ones
     316             :          * (they're not in the decode buffer).
     317             :          */
     318      171762 :         record = record->next;
     319      171762 :         while (unlikely(record && record->oversized))
     320           0 :             record = record->next;
     321             : 
     322      171762 :         if (record)
     323             :         {
     324             :             /* Adjust head to release space up to the next record. */
     325           0 :             state->decode_buffer_head = (char *) record;
     326             :         }
     327             :         else
     328             :         {
     329             :             /*
     330             :              * Otherwise we might as well just reset head and tail to the
     331             :              * start of the buffer space, because we're empty.  This means
     332             :              * we'll keep overwriting the same piece of memory if we're not
     333             :              * doing any prefetching.
     334             :              */
     335      171762 :             state->decode_buffer_head = state->decode_buffer;
     336      171762 :             state->decode_buffer_tail = state->decode_buffer;
     337             :         }
     338             :     }
     339             : }
     340             : 
     341             : /*
     342             :  * Attempt to read an XLOG record.
     343             :  *
     344             :  * XLogBeginRead() or XLogFindNextRecord() and then XLogReadAhead() must be
     345             :  * called before the first call to XLogNextRecord().  This functions returns
     346             :  * records and errors that were put into an internal queue by XLogReadAhead().
     347             :  *
     348             :  * On success, a record is returned.
     349             :  *
     350             :  * The returned record (or *errormsg) points to an internal buffer that's
     351             :  * valid until the next call to XLogNextRecord.
     352             :  */
     353             : DecodedXLogRecord *
     354      176182 : XLogNextRecord(XLogReaderState *state, char **errormsg)
     355             : {
     356             :     /* Release the last record returned by XLogNextRecord(). */
     357      176182 :     XLogReleasePreviousRecord(state);
     358             : 
     359      176182 :     if (state->decode_queue_head == NULL)
     360             :     {
     361           0 :         *errormsg = NULL;
     362           0 :         if (state->errormsg_deferred)
     363             :         {
     364           0 :             if (state->errormsg_buf[0] != '\0')
     365           0 :                 *errormsg = state->errormsg_buf;
     366           0 :             state->errormsg_deferred = false;
     367             :         }
     368             : 
     369             :         /*
     370             :          * state->EndRecPtr is expected to have been set by the last call to
     371             :          * XLogBeginRead() or XLogNextRecord(), and is the location of the
     372             :          * error.
     373             :          */
     374             :         Assert(!XLogRecPtrIsInvalid(state->EndRecPtr));
     375             : 
     376           0 :         return NULL;
     377             :     }
     378             : 
     379             :     /*
     380             :      * Record this as the most recent record returned, so that we'll release
     381             :      * it next time.  This also exposes it to the traditional
     382             :      * XLogRecXXX(xlogreader) macros, which work with the decoder rather than
     383             :      * the record for historical reasons.
     384             :      */
     385      176182 :     state->record = state->decode_queue_head;
     386             : 
     387             :     /*
     388             :      * Update the pointers to the beginning and one-past-the-end of this
     389             :      * record, again for the benefit of historical code that expected the
     390             :      * decoder to track this rather than accessing these fields of the record
     391             :      * itself.
     392             :      */
     393      176182 :     state->ReadRecPtr = state->record->lsn;
     394      176182 :     state->EndRecPtr = state->record->next_lsn;
     395             : 
     396      176182 :     *errormsg = NULL;
     397             : 
     398      176182 :     return state->record;
     399             : }
     400             : 
     401             : /*
     402             :  * Attempt to read an XLOG record.
     403             :  *
     404             :  * XLogBeginRead() or XLogFindNextRecord() must be called before the first call
     405             :  * to XLogReadRecord().
     406             :  *
     407             :  * If the page_read callback fails to read the requested data, NULL is
     408             :  * returned.  The callback is expected to have reported the error; errormsg
     409             :  * is set to NULL.
     410             :  *
     411             :  * If the reading fails for some other reason, NULL is also returned, and
     412             :  * *errormsg is set to a string with details of the failure.
     413             :  *
     414             :  * The returned pointer (or *errormsg) points to an internal buffer that's
     415             :  * valid until the next call to XLogReadRecord.
     416             :  */
     417             : XLogRecord *
     418      176182 : XLogReadRecord(XLogReaderState *state, char **errormsg)
     419             : {
     420             :     DecodedXLogRecord *decoded;
     421             : 
     422             :     /*
     423             :      * Release last returned record, if there is one.  We need to do this so
     424             :      * that we can check for empty decode queue accurately.
     425             :      */
     426      176182 :     XLogReleasePreviousRecord(state);
     427             : 
     428             :     /*
     429             :      * Call XLogReadAhead() in blocking mode to make sure there is something
     430             :      * in the queue, though we don't use the result.
     431             :      */
     432      176182 :     if (!XLogReaderHasQueuedRecordOrError(state))
     433      176182 :         XLogReadAhead(state, false /* nonblocking */ );
     434             : 
     435             :     /* Consume the head record or error. */
     436      176182 :     decoded = XLogNextRecord(state, errormsg);
     437      176182 :     if (decoded)
     438             :     {
     439             :         /*
     440             :          * This function returns a pointer to the record's header, not the
     441             :          * actual decoded record.  The caller will access the decoded record
     442             :          * through the XLogRecGetXXX() macros, which reach the decoded
     443             :          * recorded as xlogreader->record.
     444             :          */
     445             :         Assert(state->record == decoded);
     446      176182 :         return &decoded->header;
     447             :     }
     448             : 
     449           0 :     return NULL;
     450             : }
     451             : 
     452             : /*
     453             :  * Allocate space for a decoded record.  The only member of the returned
     454             :  * object that is initialized is the 'oversized' flag, indicating that the
     455             :  * decoded record wouldn't fit in the decode buffer and must eventually be
     456             :  * freed explicitly.
     457             :  *
     458             :  * The caller is responsible for adjusting decode_buffer_tail with the real
     459             :  * size after successfully decoding a record into this space.  This way, if
     460             :  * decoding fails, then there is nothing to undo unless the 'oversized' flag
     461             :  * was set and pfree() must be called.
     462             :  *
     463             :  * Return NULL if there is no space in the decode buffer and allow_oversized
     464             :  * is false, or if memory allocation fails for an oversized buffer.
     465             :  */
     466             : static DecodedXLogRecord *
     467      176182 : XLogReadRecordAlloc(XLogReaderState *state, size_t xl_tot_len, bool allow_oversized)
     468             : {
     469      176182 :     size_t      required_space = DecodeXLogRecordRequiredSpace(xl_tot_len);
     470      176182 :     DecodedXLogRecord *decoded = NULL;
     471             : 
     472             :     /* Allocate a circular decode buffer if we don't have one already. */
     473      176182 :     if (unlikely(state->decode_buffer == NULL))
     474             :     {
     475          78 :         if (state->decode_buffer_size == 0)
     476          78 :             state->decode_buffer_size = DEFAULT_DECODE_BUFFER_SIZE;
     477          78 :         state->decode_buffer = palloc(state->decode_buffer_size);
     478          78 :         state->decode_buffer_head = state->decode_buffer;
     479          78 :         state->decode_buffer_tail = state->decode_buffer;
     480          78 :         state->free_decode_buffer = true;
     481             :     }
     482             : 
     483             :     /* Try to allocate space in the circular decode buffer. */
     484      176182 :     if (state->decode_buffer_tail >= state->decode_buffer_head)
     485             :     {
     486             :         /* Empty, or tail is to the right of head. */
     487      176182 :         if (state->decode_buffer_tail + required_space <=
     488      176182 :             state->decode_buffer + state->decode_buffer_size)
     489             :         {
     490             :             /* There is space between tail and end. */
     491      176182 :             decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
     492      176182 :             decoded->oversized = false;
     493      176182 :             return decoded;
     494             :         }
     495           0 :         else if (state->decode_buffer + required_space <
     496           0 :                  state->decode_buffer_head)
     497             :         {
     498             :             /* There is space between start and head. */
     499           0 :             decoded = (DecodedXLogRecord *) state->decode_buffer;
     500           0 :             decoded->oversized = false;
     501           0 :             return decoded;
     502             :         }
     503             :     }
     504             :     else
     505             :     {
     506             :         /* Tail is to the left of head. */
     507           0 :         if (state->decode_buffer_tail + required_space <
     508           0 :             state->decode_buffer_head)
     509             :         {
     510             :             /* There is space between tail and head. */
     511           0 :             decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
     512           0 :             decoded->oversized = false;
     513           0 :             return decoded;
     514             :         }
     515             :     }
     516             : 
     517             :     /* Not enough space in the decode buffer.  Are we allowed to allocate? */
     518           0 :     if (allow_oversized)
     519             :     {
     520           0 :         decoded = palloc_extended(required_space, MCXT_ALLOC_NO_OOM);
     521           0 :         if (decoded == NULL)
     522           0 :             return NULL;
     523           0 :         decoded->oversized = true;
     524           0 :         return decoded;
     525             :     }
     526             : 
     527           0 :     return NULL;
     528             : }
     529             : 
     530             : static XLogPageReadResult
     531      176182 : XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking)
     532             : {
     533             :     XLogRecPtr  RecPtr;
     534             :     XLogRecord *record;
     535             :     XLogRecPtr  targetPagePtr;
     536             :     bool        randAccess;
     537             :     uint32      len,
     538             :                 total_len;
     539             :     uint32      targetRecOff;
     540             :     uint32      pageHeaderSize;
     541             :     bool        assembled;
     542             :     bool        gotheader;
     543             :     int         readOff;
     544             :     DecodedXLogRecord *decoded;
     545             :     char       *errormsg;       /* not used */
     546             : 
     547             :     /*
     548             :      * randAccess indicates whether to verify the previous-record pointer of
     549             :      * the record we're reading.  We only do this if we're reading
     550             :      * sequentially, which is what we initially assume.
     551             :      */
     552      176182 :     randAccess = false;
     553             : 
     554             :     /* reset error state */
     555      176182 :     state->errormsg_buf[0] = '\0';
     556      176182 :     decoded = NULL;
     557             : 
     558      176182 :     state->abortedRecPtr = InvalidXLogRecPtr;
     559      176182 :     state->missingContrecPtr = InvalidXLogRecPtr;
     560             : 
     561      176182 :     RecPtr = state->NextRecPtr;
     562             : 
     563      176182 :     if (state->DecodeRecPtr != InvalidXLogRecPtr)
     564             :     {
     565             :         /* read the record after the one we just read */
     566             : 
     567             :         /*
     568             :          * NextRecPtr is pointing to end+1 of the previous WAL record.  If
     569             :          * we're at a page boundary, no more records can fit on the current
     570             :          * page. We must skip over the page header, but we can't do that until
     571             :          * we've read in the page, since the header size is variable.
     572             :          */
     573             :     }
     574             :     else
     575             :     {
     576             :         /*
     577             :          * Caller supplied a position to start at.
     578             :          *
     579             :          * In this case, NextRecPtr should already be pointing to a valid
     580             :          * record starting position.
     581             :          */
     582             :         Assert(XRecOffIsValid(RecPtr));
     583        4420 :         randAccess = true;
     584             :     }
     585             : 
     586      176182 : restart:
     587      176182 :     state->nonblocking = nonblocking;
     588      176182 :     state->currRecPtr = RecPtr;
     589      176182 :     assembled = false;
     590             : 
     591      176182 :     targetPagePtr = RecPtr - (RecPtr % XLOG_BLCKSZ);
     592      176182 :     targetRecOff = RecPtr % XLOG_BLCKSZ;
     593             : 
     594             :     /*
     595             :      * Read the page containing the record into state->readBuf. Request enough
     596             :      * byte to cover the whole record header, or at least the part of it that
     597             :      * fits on the same page.
     598             :      */
     599      176182 :     readOff = ReadPageInternal(state, targetPagePtr,
     600      176182 :                                Min(targetRecOff + SizeOfXLogRecord, XLOG_BLCKSZ));
     601      176182 :     if (readOff == XLREAD_WOULDBLOCK)
     602           0 :         return XLREAD_WOULDBLOCK;
     603      176182 :     else if (readOff < 0)
     604           0 :         goto err;
     605             : 
     606             :     /*
     607             :      * ReadPageInternal always returns at least the page header, so we can
     608             :      * examine it now.
     609             :      */
     610      176182 :     pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
     611      176182 :     if (targetRecOff == 0)
     612             :     {
     613             :         /*
     614             :          * At page start, so skip over page header.
     615             :          */
     616         180 :         RecPtr += pageHeaderSize;
     617         180 :         targetRecOff = pageHeaderSize;
     618             :     }
     619      176002 :     else if (targetRecOff < pageHeaderSize)
     620             :     {
     621           0 :         report_invalid_record(state, "invalid record offset at %X/%X",
     622           0 :                               LSN_FORMAT_ARGS(RecPtr));
     623           0 :         goto err;
     624             :     }
     625             : 
     626      176182 :     if ((((XLogPageHeader) state->readBuf)->xlp_info & XLP_FIRST_IS_CONTRECORD) &&
     627             :         targetRecOff == pageHeaderSize)
     628             :     {
     629           0 :         report_invalid_record(state, "contrecord is requested by %X/%X",
     630           0 :                               LSN_FORMAT_ARGS(RecPtr));
     631           0 :         goto err;
     632             :     }
     633             : 
     634             :     /* ReadPageInternal has verified the page header */
     635             :     Assert(pageHeaderSize <= readOff);
     636             : 
     637             :     /*
     638             :      * Read the record length.
     639             :      *
     640             :      * NB: Even though we use an XLogRecord pointer here, the whole record
     641             :      * header might not fit on this page. xl_tot_len is the first field of the
     642             :      * struct, so it must be on this page (the records are MAXALIGNed), but we
     643             :      * cannot access any other fields until we've verified that we got the
     644             :      * whole header.
     645             :      */
     646      176182 :     record = (XLogRecord *) (state->readBuf + RecPtr % XLOG_BLCKSZ);
     647      176182 :     total_len = record->xl_tot_len;
     648             : 
     649             :     /*
     650             :      * If the whole record header is on this page, validate it immediately.
     651             :      * Otherwise do just a basic sanity check on xl_tot_len, and validate the
     652             :      * rest of the header after reading it from the next page.  The xl_tot_len
     653             :      * check is necessary here to ensure that we enter the "Need to reassemble
     654             :      * record" code path below; otherwise we might fail to apply
     655             :      * ValidXLogRecordHeader at all.
     656             :      */
     657      176182 :     if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
     658             :     {
     659      175854 :         if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr, record,
     660             :                                    randAccess))
     661           0 :             goto err;
     662      175854 :         gotheader = true;
     663             :     }
     664             :     else
     665             :     {
     666             :         /* XXX: more validation should be done here */
     667         328 :         if (total_len < SizeOfXLogRecord)
     668             :         {
     669           0 :             report_invalid_record(state,
     670             :                                   "invalid record length at %X/%X: wanted %u, got %u",
     671           0 :                                   LSN_FORMAT_ARGS(RecPtr),
     672             :                                   (uint32) SizeOfXLogRecord, total_len);
     673           0 :             goto err;
     674             :         }
     675         328 :         gotheader = false;
     676             :     }
     677             : 
     678             :     /*
     679             :      * Find space to decode this record.  Don't allow oversized allocation if
     680             :      * the caller requested nonblocking.  Otherwise, we *have* to try to
     681             :      * decode the record now because the caller has nothing else to do, so
     682             :      * allow an oversized record to be palloc'd if that turns out to be
     683             :      * necessary.
     684             :      */
     685      176182 :     decoded = XLogReadRecordAlloc(state,
     686             :                                   total_len,
     687      176182 :                                   !nonblocking /* allow_oversized */ );
     688      176182 :     if (decoded == NULL)
     689             :     {
     690             :         /*
     691             :          * There is no space in the decode buffer.  The caller should help
     692             :          * with that problem by consuming some records.
     693             :          */
     694           0 :         if (nonblocking)
     695           0 :             return XLREAD_WOULDBLOCK;
     696             : 
     697             :         /* We failed to allocate memory for an oversized record. */
     698           0 :         report_invalid_record(state,
     699             :                               "out of memory while trying to decode a record of length %u", total_len);
     700           0 :         goto err;
     701             :     }
     702             : 
     703      176182 :     len = XLOG_BLCKSZ - RecPtr % XLOG_BLCKSZ;
     704      176182 :     if (total_len > len)
     705             :     {
     706             :         /* Need to reassemble record */
     707             :         char       *contdata;
     708             :         XLogPageHeader pageHeader;
     709             :         char       *buffer;
     710             :         uint32      gotlen;
     711             : 
     712        8084 :         assembled = true;
     713             : 
     714             :         /*
     715             :          * Enlarge readRecordBuf as needed.
     716             :          */
     717        8084 :         if (total_len > state->readRecordBufSize &&
     718           0 :             !allocate_recordbuf(state, total_len))
     719             :         {
     720             :             /* We treat this as a "bogus data" condition */
     721           0 :             report_invalid_record(state, "record length %u at %X/%X too long",
     722           0 :                                   total_len, LSN_FORMAT_ARGS(RecPtr));
     723           0 :             goto err;
     724             :         }
     725             : 
     726             :         /* Copy the first fragment of the record from the first page. */
     727        8084 :         memcpy(state->readRecordBuf,
     728        8084 :                state->readBuf + RecPtr % XLOG_BLCKSZ, len);
     729        8084 :         buffer = state->readRecordBuf + len;
     730        8084 :         gotlen = len;
     731             : 
     732             :         do
     733             :         {
     734             :             /* Calculate pointer to beginning of next page */
     735        8116 :             targetPagePtr += XLOG_BLCKSZ;
     736             : 
     737             :             /* Wait for the next page to become available */
     738        8116 :             readOff = ReadPageInternal(state, targetPagePtr,
     739        8116 :                                        Min(total_len - gotlen + SizeOfXLogShortPHD,
     740             :                                            XLOG_BLCKSZ));
     741             : 
     742        8116 :             if (readOff == XLREAD_WOULDBLOCK)
     743           0 :                 return XLREAD_WOULDBLOCK;
     744        8116 :             else if (readOff < 0)
     745           0 :                 goto err;
     746             : 
     747             :             Assert(SizeOfXLogShortPHD <= readOff);
     748             : 
     749        8116 :             pageHeader = (XLogPageHeader) state->readBuf;
     750             : 
     751             :             /*
     752             :              * If we were expecting a continuation record and got an
     753             :              * "overwrite contrecord" flag, that means the continuation record
     754             :              * was overwritten with a different record.  Restart the read by
     755             :              * assuming the address to read is the location where we found
     756             :              * this flag; but keep track of the LSN of the record we were
     757             :              * reading, for later verification.
     758             :              */
     759        8116 :             if (pageHeader->xlp_info & XLP_FIRST_IS_OVERWRITE_CONTRECORD)
     760             :             {
     761           0 :                 state->overwrittenRecPtr = RecPtr;
     762           0 :                 RecPtr = targetPagePtr;
     763           0 :                 goto restart;
     764             :             }
     765             : 
     766             :             /* Check that the continuation on next page looks valid */
     767        8116 :             if (!(pageHeader->xlp_info & XLP_FIRST_IS_CONTRECORD))
     768             :             {
     769           0 :                 report_invalid_record(state,
     770             :                                       "there is no contrecord flag at %X/%X",
     771           0 :                                       LSN_FORMAT_ARGS(RecPtr));
     772           0 :                 goto err;
     773             :             }
     774             : 
     775             :             /*
     776             :              * Cross-check that xlp_rem_len agrees with how much of the record
     777             :              * we expect there to be left.
     778             :              */
     779        8116 :             if (pageHeader->xlp_rem_len == 0 ||
     780        8116 :                 total_len != (pageHeader->xlp_rem_len + gotlen))
     781             :             {
     782           0 :                 report_invalid_record(state,
     783             :                                       "invalid contrecord length %u (expected %lld) at %X/%X",
     784             :                                       pageHeader->xlp_rem_len,
     785           0 :                                       ((long long) total_len) - gotlen,
     786           0 :                                       LSN_FORMAT_ARGS(RecPtr));
     787           0 :                 goto err;
     788             :             }
     789             : 
     790             :             /* Append the continuation from this page to the buffer */
     791        8116 :             pageHeaderSize = XLogPageHeaderSize(pageHeader);
     792             : 
     793        8116 :             if (readOff < pageHeaderSize)
     794           0 :                 readOff = ReadPageInternal(state, targetPagePtr,
     795             :                                            pageHeaderSize);
     796             : 
     797             :             Assert(pageHeaderSize <= readOff);
     798             : 
     799        8116 :             contdata = (char *) state->readBuf + pageHeaderSize;
     800        8116 :             len = XLOG_BLCKSZ - pageHeaderSize;
     801        8116 :             if (pageHeader->xlp_rem_len < len)
     802        8084 :                 len = pageHeader->xlp_rem_len;
     803             : 
     804        8116 :             if (readOff < pageHeaderSize + len)
     805           0 :                 readOff = ReadPageInternal(state, targetPagePtr,
     806           0 :                                            pageHeaderSize + len);
     807             : 
     808        8116 :             memcpy(buffer, (char *) contdata, len);
     809        8116 :             buffer += len;
     810        8116 :             gotlen += len;
     811             : 
     812             :             /* If we just reassembled the record header, validate it. */
     813        8116 :             if (!gotheader)
     814             :             {
     815         328 :                 record = (XLogRecord *) state->readRecordBuf;
     816         328 :                 if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr,
     817             :                                            record, randAccess))
     818           0 :                     goto err;
     819         328 :                 gotheader = true;
     820             :             }
     821        8116 :         } while (gotlen < total_len);
     822             : 
     823             :         Assert(gotheader);
     824             : 
     825        8084 :         record = (XLogRecord *) state->readRecordBuf;
     826        8084 :         if (!ValidXLogRecord(state, record, RecPtr))
     827           0 :             goto err;
     828             : 
     829        8084 :         pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
     830        8084 :         state->DecodeRecPtr = RecPtr;
     831        8084 :         state->NextRecPtr = targetPagePtr + pageHeaderSize
     832        8084 :             + MAXALIGN(pageHeader->xlp_rem_len);
     833             :     }
     834             :     else
     835             :     {
     836             :         /* Wait for the record data to become available */
     837      168098 :         readOff = ReadPageInternal(state, targetPagePtr,
     838      168098 :                                    Min(targetRecOff + total_len, XLOG_BLCKSZ));
     839      168098 :         if (readOff == XLREAD_WOULDBLOCK)
     840           0 :             return XLREAD_WOULDBLOCK;
     841      168098 :         else if (readOff < 0)
     842           0 :             goto err;
     843             : 
     844             :         /* Record does not cross a page boundary */
     845      168098 :         if (!ValidXLogRecord(state, record, RecPtr))
     846           0 :             goto err;
     847             : 
     848      168098 :         state->NextRecPtr = RecPtr + MAXALIGN(total_len);
     849             : 
     850      168098 :         state->DecodeRecPtr = RecPtr;
     851             :     }
     852             : 
     853             :     /*
     854             :      * Special processing if it's an XLOG SWITCH record
     855             :      */
     856      176182 :     if (record->xl_rmid == RM_XLOG_ID &&
     857        9754 :         (record->xl_info & ~XLR_INFO_MASK) == XLOG_SWITCH)
     858             :     {
     859             :         /* Pretend it extends to end of segment */
     860          16 :         state->NextRecPtr += state->segcxt.ws_segsize - 1;
     861          16 :         state->NextRecPtr -= XLogSegmentOffset(state->NextRecPtr, state->segcxt.ws_segsize);
     862             :     }
     863             : 
     864      176182 :     if (DecodeXLogRecord(state, decoded, record, RecPtr, &errormsg))
     865             :     {
     866             :         /* Record the location of the next record. */
     867      176182 :         decoded->next_lsn = state->NextRecPtr;
     868             : 
     869             :         /*
     870             :          * If it's in the decode buffer, mark the decode buffer space as
     871             :          * occupied.
     872             :          */
     873      176182 :         if (!decoded->oversized)
     874             :         {
     875             :             /* The new decode buffer head must be MAXALIGNed. */
     876             :             Assert(decoded->size == MAXALIGN(decoded->size));
     877      176182 :             if ((char *) decoded == state->decode_buffer)
     878      176182 :                 state->decode_buffer_tail = state->decode_buffer + decoded->size;
     879             :             else
     880           0 :                 state->decode_buffer_tail += decoded->size;
     881             :         }
     882             : 
     883             :         /* Insert it into the queue of decoded records. */
     884             :         Assert(state->decode_queue_tail != decoded);
     885      176182 :         if (state->decode_queue_tail)
     886           0 :             state->decode_queue_tail->next = decoded;
     887      176182 :         state->decode_queue_tail = decoded;
     888      176182 :         if (!state->decode_queue_head)
     889      176182 :             state->decode_queue_head = decoded;
     890      176182 :         return XLREAD_SUCCESS;
     891             :     }
     892             :     else
     893           0 :         return XLREAD_FAIL;
     894             : 
     895           0 : err:
     896           0 :     if (assembled)
     897             :     {
     898             :         /*
     899             :          * We get here when a record that spans multiple pages needs to be
     900             :          * assembled, but something went wrong -- perhaps a contrecord piece
     901             :          * was lost.  If caller is WAL replay, it will know where the aborted
     902             :          * record was and where to direct followup WAL to be written, marking
     903             :          * the next piece with XLP_FIRST_IS_OVERWRITE_CONTRECORD, which will
     904             :          * in turn signal downstream WAL consumers that the broken WAL record
     905             :          * is to be ignored.
     906             :          */
     907           0 :         state->abortedRecPtr = RecPtr;
     908           0 :         state->missingContrecPtr = targetPagePtr;
     909             :     }
     910             : 
     911           0 :     if (decoded && decoded->oversized)
     912           0 :         pfree(decoded);
     913             : 
     914             :     /*
     915             :      * Invalidate the read state. We might read from a different source after
     916             :      * failure.
     917             :      */
     918           0 :     XLogReaderInvalReadState(state);
     919             : 
     920             :     /*
     921             :      * If an error was written to errmsg_buf, it'll be returned to the caller
     922             :      * of XLogReadRecord() after all successfully decoded records from the
     923             :      * read queue.
     924             :      */
     925             : 
     926           0 :     return XLREAD_FAIL;
     927             : }
     928             : 
     929             : /*
     930             :  * Try to decode the next available record, and return it.  The record will
     931             :  * also be returned to XLogNextRecord(), which must be called to 'consume'
     932             :  * each record.
     933             :  *
     934             :  * If nonblocking is true, may return NULL due to lack of data or WAL decoding
     935             :  * space.
     936             :  */
     937             : DecodedXLogRecord *
     938      176182 : XLogReadAhead(XLogReaderState *state, bool nonblocking)
     939             : {
     940             :     XLogPageReadResult result;
     941             : 
     942      176182 :     if (state->errormsg_deferred)
     943           0 :         return NULL;
     944             : 
     945      176182 :     result = XLogDecodeNextRecord(state, nonblocking);
     946      176182 :     if (result == XLREAD_SUCCESS)
     947             :     {
     948             :         Assert(state->decode_queue_tail != NULL);
     949      176182 :         return state->decode_queue_tail;
     950             :     }
     951             : 
     952           0 :     return NULL;
     953             : }
     954             : 
     955             : /*
     956             :  * Read a single xlog page including at least [pageptr, reqLen] of valid data
     957             :  * via the page_read() callback.
     958             :  *
     959             :  * Returns XLREAD_FAIL if the required page cannot be read for some
     960             :  * reason; errormsg_buf is set in that case (unless the error occurs in the
     961             :  * page_read callback).
     962             :  *
     963             :  * Returns XLREAD_WOULDBLOCK if the requested data can't be read without
     964             :  * waiting.  This can be returned only if the installed page_read callback
     965             :  * respects the state->nonblocking flag, and cannot read the requested data
     966             :  * immediately.
     967             :  *
     968             :  * We fetch the page from a reader-local cache if we know we have the required
     969             :  * data and if there hasn't been any error since caching the data.
     970             :  */
     971             : static int
     972      352396 : ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
     973             : {
     974             :     int         readLen;
     975             :     uint32      targetPageOff;
     976             :     XLogSegNo   targetSegNo;
     977             :     XLogPageHeader hdr;
     978             : 
     979             :     Assert((pageptr % XLOG_BLCKSZ) == 0);
     980             : 
     981      352396 :     XLByteToSeg(pageptr, targetSegNo, state->segcxt.ws_segsize);
     982      352396 :     targetPageOff = XLogSegmentOffset(pageptr, state->segcxt.ws_segsize);
     983             : 
     984             :     /* check whether we have all the requested data already */
     985      352396 :     if (targetSegNo == state->seg.ws_segno &&
     986      352302 :         targetPageOff == state->segoff && reqLen <= state->readLen)
     987      341646 :         return state->readLen;
     988             : 
     989             :     /*
     990             :      * Data is not in our buffer.
     991             :      *
     992             :      * Every time we actually read the segment, even if we looked at parts of
     993             :      * it before, we need to do verification as the page_read callback might
     994             :      * now be rereading data from a different source.
     995             :      *
     996             :      * Whenever switching to a new WAL segment, we read the first page of the
     997             :      * file and validate its header, even if that's not where the target
     998             :      * record is.  This is so that we can check the additional identification
     999             :      * info that is present in the first page's "long" header.
    1000             :      */
    1001       10750 :     if (targetSegNo != state->seg.ws_segno && targetPageOff != 0)
    1002             :     {
    1003          40 :         XLogRecPtr  targetSegmentPtr = pageptr - targetPageOff;
    1004             : 
    1005          40 :         readLen = state->routine.page_read(state, targetSegmentPtr, XLOG_BLCKSZ,
    1006             :                                            state->currRecPtr,
    1007             :                                            state->readBuf);
    1008          40 :         if (readLen == XLREAD_WOULDBLOCK)
    1009           0 :             return XLREAD_WOULDBLOCK;
    1010          40 :         else if (readLen < 0)
    1011           0 :             goto err;
    1012             : 
    1013             :         /* we can be sure to have enough WAL available, we scrolled back */
    1014             :         Assert(readLen == XLOG_BLCKSZ);
    1015             : 
    1016          40 :         if (!XLogReaderValidatePageHeader(state, targetSegmentPtr,
    1017             :                                           state->readBuf))
    1018           0 :             goto err;
    1019             :     }
    1020             : 
    1021             :     /*
    1022             :      * First, read the requested data length, but at least a short page header
    1023             :      * so that we can validate it.
    1024             :      */
    1025       10750 :     readLen = state->routine.page_read(state, pageptr, Max(reqLen, SizeOfXLogShortPHD),
    1026             :                                        state->currRecPtr,
    1027             :                                        state->readBuf);
    1028       10750 :     if (readLen == XLREAD_WOULDBLOCK)
    1029           0 :         return XLREAD_WOULDBLOCK;
    1030       10750 :     else if (readLen < 0)
    1031           0 :         goto err;
    1032             : 
    1033             :     Assert(readLen <= XLOG_BLCKSZ);
    1034             : 
    1035             :     /* Do we have enough data to check the header length? */
    1036       10750 :     if (readLen <= SizeOfXLogShortPHD)
    1037           0 :         goto err;
    1038             : 
    1039             :     Assert(readLen >= reqLen);
    1040             : 
    1041       10750 :     hdr = (XLogPageHeader) state->readBuf;
    1042             : 
    1043             :     /* still not enough */
    1044       10750 :     if (readLen < XLogPageHeaderSize(hdr))
    1045             :     {
    1046           0 :         readLen = state->routine.page_read(state, pageptr, XLogPageHeaderSize(hdr),
    1047             :                                            state->currRecPtr,
    1048             :                                            state->readBuf);
    1049           0 :         if (readLen == XLREAD_WOULDBLOCK)
    1050           0 :             return XLREAD_WOULDBLOCK;
    1051           0 :         else if (readLen < 0)
    1052           0 :             goto err;
    1053             :     }
    1054             : 
    1055             :     /*
    1056             :      * Now that we know we have the full header, validate it.
    1057             :      */
    1058       10750 :     if (!XLogReaderValidatePageHeader(state, pageptr, (char *) hdr))
    1059           0 :         goto err;
    1060             : 
    1061             :     /* update read state information */
    1062       10750 :     state->seg.ws_segno = targetSegNo;
    1063       10750 :     state->segoff = targetPageOff;
    1064       10750 :     state->readLen = readLen;
    1065             : 
    1066       10750 :     return readLen;
    1067             : 
    1068           0 : err:
    1069           0 :     if (state->errormsg_buf[0] != '\0')
    1070             :     {
    1071           0 :         state->errormsg_deferred = true;
    1072           0 :         XLogReaderInvalReadState(state);
    1073             :     }
    1074           0 :     return XLREAD_FAIL;
    1075             : }
    1076             : 
    1077             : /*
    1078             :  * Invalidate the xlogreader's read state to force a re-read.
    1079             :  */
    1080             : static void
    1081           0 : XLogReaderInvalReadState(XLogReaderState *state)
    1082             : {
    1083           0 :     state->seg.ws_segno = 0;
    1084           0 :     state->segoff = 0;
    1085           0 :     state->readLen = 0;
    1086           0 : }
    1087             : 
    1088             : /*
    1089             :  * Validate an XLOG record header.
    1090             :  *
    1091             :  * This is just a convenience subroutine to avoid duplicated code in
    1092             :  * XLogReadRecord.  It's not intended for use from anywhere else.
    1093             :  */
    1094             : static bool
    1095      176182 : ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
    1096             :                       XLogRecPtr PrevRecPtr, XLogRecord *record,
    1097             :                       bool randAccess)
    1098             : {
    1099      176182 :     if (record->xl_tot_len < SizeOfXLogRecord)
    1100             :     {
    1101           0 :         report_invalid_record(state,
    1102             :                               "invalid record length at %X/%X: wanted %u, got %u",
    1103           0 :                               LSN_FORMAT_ARGS(RecPtr),
    1104             :                               (uint32) SizeOfXLogRecord, record->xl_tot_len);
    1105           0 :         return false;
    1106             :     }
    1107      176182 :     if (!RmgrIdIsValid(record->xl_rmid))
    1108             :     {
    1109           0 :         report_invalid_record(state,
    1110             :                               "invalid resource manager ID %u at %X/%X",
    1111           0 :                               record->xl_rmid, LSN_FORMAT_ARGS(RecPtr));
    1112           0 :         return false;
    1113             :     }
    1114      176182 :     if (randAccess)
    1115             :     {
    1116             :         /*
    1117             :          * We can't exactly verify the prev-link, but surely it should be less
    1118             :          * than the record's own address.
    1119             :          */
    1120        4420 :         if (!(record->xl_prev < RecPtr))
    1121             :         {
    1122           0 :             report_invalid_record(state,
    1123             :                                   "record with incorrect prev-link %X/%X at %X/%X",
    1124           0 :                                   LSN_FORMAT_ARGS(record->xl_prev),
    1125           0 :                                   LSN_FORMAT_ARGS(RecPtr));
    1126           0 :             return false;
    1127             :         }
    1128             :     }
    1129             :     else
    1130             :     {
    1131             :         /*
    1132             :          * Record's prev-link should exactly match our previous location. This
    1133             :          * check guards against torn WAL pages where a stale but valid-looking
    1134             :          * WAL record starts on a sector boundary.
    1135             :          */
    1136      171762 :         if (record->xl_prev != PrevRecPtr)
    1137             :         {
    1138           0 :             report_invalid_record(state,
    1139             :                                   "record with incorrect prev-link %X/%X at %X/%X",
    1140           0 :                                   LSN_FORMAT_ARGS(record->xl_prev),
    1141           0 :                                   LSN_FORMAT_ARGS(RecPtr));
    1142           0 :             return false;
    1143             :         }
    1144             :     }
    1145             : 
    1146      176182 :     return true;
    1147             : }
    1148             : 
    1149             : 
    1150             : /*
    1151             :  * CRC-check an XLOG record.  We do not believe the contents of an XLOG
    1152             :  * record (other than to the minimal extent of computing the amount of
    1153             :  * data to read in) until we've checked the CRCs.
    1154             :  *
    1155             :  * We assume all of the record (that is, xl_tot_len bytes) has been read
    1156             :  * into memory at *record.  Also, ValidXLogRecordHeader() has accepted the
    1157             :  * record's header, which means in particular that xl_tot_len is at least
    1158             :  * SizeOfXLogRecord.
    1159             :  */
    1160             : static bool
    1161      176182 : ValidXLogRecord(XLogReaderState *state, XLogRecord *record, XLogRecPtr recptr)
    1162             : {
    1163             :     pg_crc32c   crc;
    1164             : 
    1165             :     /* Calculate the CRC */
    1166      176182 :     INIT_CRC32C(crc);
    1167      176182 :     COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
    1168             :     /* include the record header last */
    1169      176182 :     COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
    1170      176182 :     FIN_CRC32C(crc);
    1171             : 
    1172      176182 :     if (!EQ_CRC32C(record->xl_crc, crc))
    1173             :     {
    1174           0 :         report_invalid_record(state,
    1175             :                               "incorrect resource manager data checksum in record at %X/%X",
    1176           0 :                               LSN_FORMAT_ARGS(recptr));
    1177           0 :         return false;
    1178             :     }
    1179             : 
    1180      176182 :     return true;
    1181             : }
    1182             : 
    1183             : /*
    1184             :  * Validate a page header.
    1185             :  *
    1186             :  * Check if 'phdr' is valid as the header of the XLog page at position
    1187             :  * 'recptr'.
    1188             :  */
    1189             : bool
    1190       10790 : XLogReaderValidatePageHeader(XLogReaderState *state, XLogRecPtr recptr,
    1191             :                              char *phdr)
    1192             : {
    1193             :     XLogRecPtr  recaddr;
    1194             :     XLogSegNo   segno;
    1195             :     int32       offset;
    1196       10790 :     XLogPageHeader hdr = (XLogPageHeader) phdr;
    1197             : 
    1198             :     Assert((recptr % XLOG_BLCKSZ) == 0);
    1199             : 
    1200       10790 :     XLByteToSeg(recptr, segno, state->segcxt.ws_segsize);
    1201       10790 :     offset = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
    1202             : 
    1203       10790 :     XLogSegNoOffsetToRecPtr(segno, offset, state->segcxt.ws_segsize, recaddr);
    1204             : 
    1205       10790 :     if (hdr->xlp_magic != XLOG_PAGE_MAGIC)
    1206             :     {
    1207             :         char        fname[MAXFNAMELEN];
    1208             : 
    1209           0 :         XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1210             : 
    1211           0 :         report_invalid_record(state,
    1212             :                               "invalid magic number %04X in log segment %s, offset %u",
    1213           0 :                               hdr->xlp_magic,
    1214             :                               fname,
    1215             :                               offset);
    1216           0 :         return false;
    1217             :     }
    1218             : 
    1219       10790 :     if ((hdr->xlp_info & ~XLP_ALL_FLAGS) != 0)
    1220             :     {
    1221             :         char        fname[MAXFNAMELEN];
    1222             : 
    1223           0 :         XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1224             : 
    1225           0 :         report_invalid_record(state,
    1226             :                               "invalid info bits %04X in log segment %s, offset %u",
    1227           0 :                               hdr->xlp_info,
    1228             :                               fname,
    1229             :                               offset);
    1230           0 :         return false;
    1231             :     }
    1232             : 
    1233       10790 :     if (hdr->xlp_info & XLP_LONG_HEADER)
    1234             :     {
    1235         102 :         XLogLongPageHeader longhdr = (XLogLongPageHeader) hdr;
    1236             : 
    1237         102 :         if (state->system_identifier &&
    1238           0 :             longhdr->xlp_sysid != state->system_identifier)
    1239             :         {
    1240           0 :             report_invalid_record(state,
    1241             :                                   "WAL file is from different database system: WAL file database system identifier is %llu, pg_control database system identifier is %llu",
    1242           0 :                                   (unsigned long long) longhdr->xlp_sysid,
    1243           0 :                                   (unsigned long long) state->system_identifier);
    1244           0 :             return false;
    1245             :         }
    1246         102 :         else if (longhdr->xlp_seg_size != state->segcxt.ws_segsize)
    1247             :         {
    1248           0 :             report_invalid_record(state,
    1249             :                                   "WAL file is from different database system: incorrect segment size in page header");
    1250           0 :             return false;
    1251             :         }
    1252         102 :         else if (longhdr->xlp_xlog_blcksz != XLOG_BLCKSZ)
    1253             :         {
    1254           0 :             report_invalid_record(state,
    1255             :                                   "WAL file is from different database system: incorrect XLOG_BLCKSZ in page header");
    1256           0 :             return false;
    1257             :         }
    1258             :     }
    1259       10688 :     else if (offset == 0)
    1260             :     {
    1261             :         char        fname[MAXFNAMELEN];
    1262             : 
    1263           0 :         XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1264             : 
    1265             :         /* hmm, first page of file doesn't have a long header? */
    1266           0 :         report_invalid_record(state,
    1267             :                               "invalid info bits %04X in log segment %s, offset %u",
    1268           0 :                               hdr->xlp_info,
    1269             :                               fname,
    1270             :                               offset);
    1271           0 :         return false;
    1272             :     }
    1273             : 
    1274             :     /*
    1275             :      * Check that the address on the page agrees with what we expected. This
    1276             :      * check typically fails when an old WAL segment is recycled, and hasn't
    1277             :      * yet been overwritten with new data yet.
    1278             :      */
    1279       10790 :     if (hdr->xlp_pageaddr != recaddr)
    1280             :     {
    1281             :         char        fname[MAXFNAMELEN];
    1282             : 
    1283           0 :         XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1284             : 
    1285           0 :         report_invalid_record(state,
    1286             :                               "unexpected pageaddr %X/%X in log segment %s, offset %u",
    1287           0 :                               LSN_FORMAT_ARGS(hdr->xlp_pageaddr),
    1288             :                               fname,
    1289             :                               offset);
    1290           0 :         return false;
    1291             :     }
    1292             : 
    1293             :     /*
    1294             :      * Since child timelines are always assigned a TLI greater than their
    1295             :      * immediate parent's TLI, we should never see TLI go backwards across
    1296             :      * successive pages of a consistent WAL sequence.
    1297             :      *
    1298             :      * Sometimes we re-read a segment that's already been (partially) read. So
    1299             :      * we only verify TLIs for pages that are later than the last remembered
    1300             :      * LSN.
    1301             :      */
    1302       10790 :     if (recptr > state->latestPagePtr)
    1303             :     {
    1304        8414 :         if (hdr->xlp_tli < state->latestPageTLI)
    1305             :         {
    1306             :             char        fname[MAXFNAMELEN];
    1307             : 
    1308           0 :             XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
    1309             : 
    1310           0 :             report_invalid_record(state,
    1311             :                                   "out-of-sequence timeline ID %u (after %u) in log segment %s, offset %u",
    1312             :                                   hdr->xlp_tli,
    1313             :                                   state->latestPageTLI,
    1314             :                                   fname,
    1315             :                                   offset);
    1316           0 :             return false;
    1317             :         }
    1318             :     }
    1319       10790 :     state->latestPagePtr = recptr;
    1320       10790 :     state->latestPageTLI = hdr->xlp_tli;
    1321             : 
    1322       10790 :     return true;
    1323             : }
    1324             : 
    1325             : /*
    1326             :  * Find the first record with an lsn >= RecPtr.
    1327             :  *
    1328             :  * This is different from XLogBeginRead() in that RecPtr doesn't need to point
    1329             :  * to a valid record boundary.  Useful for checking whether RecPtr is a valid
    1330             :  * xlog address for reading, and to find the first valid address after some
    1331             :  * address when dumping records for debugging purposes.
    1332             :  *
    1333             :  * This positions the reader, like XLogBeginRead(), so that the next call to
    1334             :  * XLogReadRecord() will read the next valid record.
    1335             :  */
    1336             : XLogRecPtr
    1337           0 : XLogFindNextRecord(XLogReaderState *state, XLogRecPtr RecPtr)
    1338             : {
    1339             :     XLogRecPtr  tmpRecPtr;
    1340           0 :     XLogRecPtr  found = InvalidXLogRecPtr;
    1341             :     XLogPageHeader header;
    1342             :     char       *errormsg;
    1343             : 
    1344             :     Assert(!XLogRecPtrIsInvalid(RecPtr));
    1345             : 
    1346             :     /* Make sure ReadPageInternal() can't return XLREAD_WOULDBLOCK. */
    1347           0 :     state->nonblocking = false;
    1348             : 
    1349             :     /*
    1350             :      * skip over potential continuation data, keeping in mind that it may span
    1351             :      * multiple pages
    1352             :      */
    1353           0 :     tmpRecPtr = RecPtr;
    1354             :     while (true)
    1355           0 :     {
    1356             :         XLogRecPtr  targetPagePtr;
    1357             :         int         targetRecOff;
    1358             :         uint32      pageHeaderSize;
    1359             :         int         readLen;
    1360             : 
    1361             :         /*
    1362             :          * Compute targetRecOff. It should typically be equal or greater than
    1363             :          * short page-header since a valid record can't start anywhere before
    1364             :          * that, except when caller has explicitly specified the offset that
    1365             :          * falls somewhere there or when we are skipping multi-page
    1366             :          * continuation record. It doesn't matter though because
    1367             :          * ReadPageInternal() is prepared to handle that and will read at
    1368             :          * least short page-header worth of data
    1369             :          */
    1370           0 :         targetRecOff = tmpRecPtr % XLOG_BLCKSZ;
    1371             : 
    1372             :         /* scroll back to page boundary */
    1373           0 :         targetPagePtr = tmpRecPtr - targetRecOff;
    1374             : 
    1375             :         /* Read the page containing the record */
    1376           0 :         readLen = ReadPageInternal(state, targetPagePtr, targetRecOff);
    1377           0 :         if (readLen < 0)
    1378           0 :             goto err;
    1379             : 
    1380           0 :         header = (XLogPageHeader) state->readBuf;
    1381             : 
    1382           0 :         pageHeaderSize = XLogPageHeaderSize(header);
    1383             : 
    1384             :         /* make sure we have enough data for the page header */
    1385           0 :         readLen = ReadPageInternal(state, targetPagePtr, pageHeaderSize);
    1386           0 :         if (readLen < 0)
    1387           0 :             goto err;
    1388             : 
    1389             :         /* skip over potential continuation data */
    1390           0 :         if (header->xlp_info & XLP_FIRST_IS_CONTRECORD)
    1391             :         {
    1392             :             /*
    1393             :              * If the length of the remaining continuation data is more than
    1394             :              * what can fit in this page, the continuation record crosses over
    1395             :              * this page. Read the next page and try again. xlp_rem_len in the
    1396             :              * next page header will contain the remaining length of the
    1397             :              * continuation data
    1398             :              *
    1399             :              * Note that record headers are MAXALIGN'ed
    1400             :              */
    1401           0 :             if (MAXALIGN(header->xlp_rem_len) >= (XLOG_BLCKSZ - pageHeaderSize))
    1402           0 :                 tmpRecPtr = targetPagePtr + XLOG_BLCKSZ;
    1403             :             else
    1404             :             {
    1405             :                 /*
    1406             :                  * The previous continuation record ends in this page. Set
    1407             :                  * tmpRecPtr to point to the first valid record
    1408             :                  */
    1409           0 :                 tmpRecPtr = targetPagePtr + pageHeaderSize
    1410           0 :                     + MAXALIGN(header->xlp_rem_len);
    1411           0 :                 break;
    1412             :             }
    1413             :         }
    1414             :         else
    1415             :         {
    1416           0 :             tmpRecPtr = targetPagePtr + pageHeaderSize;
    1417           0 :             break;
    1418             :         }
    1419             :     }
    1420             : 
    1421             :     /*
    1422             :      * we know now that tmpRecPtr is an address pointing to a valid XLogRecord
    1423             :      * because either we're at the first record after the beginning of a page
    1424             :      * or we just jumped over the remaining data of a continuation.
    1425             :      */
    1426           0 :     XLogBeginRead(state, tmpRecPtr);
    1427           0 :     while (XLogReadRecord(state, &errormsg) != NULL)
    1428             :     {
    1429             :         /* past the record we've found, break out */
    1430           0 :         if (RecPtr <= state->ReadRecPtr)
    1431             :         {
    1432             :             /* Rewind the reader to the beginning of the last record. */
    1433           0 :             found = state->ReadRecPtr;
    1434           0 :             XLogBeginRead(state, found);
    1435           0 :             return found;
    1436             :         }
    1437             :     }
    1438             : 
    1439           0 : err:
    1440           0 :     XLogReaderInvalReadState(state);
    1441             : 
    1442           0 :     return InvalidXLogRecPtr;
    1443             : }
    1444             : 
    1445             : /*
    1446             :  * Helper function to ease writing of XLogRoutine->page_read callbacks.
    1447             :  * If this function is used, caller must supply a segment_open callback in
    1448             :  * 'state', as that is used here.
    1449             :  *
    1450             :  * Read 'count' bytes into 'buf', starting at location 'startptr', from WAL
    1451             :  * fetched from timeline 'tli'.
    1452             :  *
    1453             :  * Returns true if succeeded, false if an error occurs, in which case
    1454             :  * 'errinfo' receives error details.
    1455             :  *
    1456             :  * XXX probably this should be improved to suck data directly from the
    1457             :  * WAL buffers when possible.
    1458             :  */
    1459             : bool
    1460           0 : WALRead(XLogReaderState *state,
    1461             :         char *buf, XLogRecPtr startptr, Size count, TimeLineID tli,
    1462             :         WALReadError *errinfo)
    1463             : {
    1464             :     char       *p;
    1465             :     XLogRecPtr  recptr;
    1466             :     Size        nbytes;
    1467             : 
    1468           0 :     p = buf;
    1469           0 :     recptr = startptr;
    1470           0 :     nbytes = count;
    1471             : 
    1472           0 :     while (nbytes > 0)
    1473             :     {
    1474             :         uint32      startoff;
    1475             :         int         segbytes;
    1476             :         int         readbytes;
    1477             : 
    1478           0 :         startoff = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
    1479             : 
    1480             :         /*
    1481             :          * If the data we want is not in a segment we have open, close what we
    1482             :          * have (if anything) and open the next one, using the caller's
    1483             :          * provided openSegment callback.
    1484             :          */
    1485           0 :         if (state->seg.ws_file < 0 ||
    1486           0 :             !XLByteInSeg(recptr, state->seg.ws_segno, state->segcxt.ws_segsize) ||
    1487           0 :             tli != state->seg.ws_tli)
    1488             :         {
    1489             :             XLogSegNo   nextSegNo;
    1490             : 
    1491           0 :             if (state->seg.ws_file >= 0)
    1492           0 :                 state->routine.segment_close(state);
    1493             : 
    1494           0 :             XLByteToSeg(recptr, nextSegNo, state->segcxt.ws_segsize);
    1495           0 :             state->routine.segment_open(state, nextSegNo, &tli);
    1496             : 
    1497             :             /* This shouldn't happen -- indicates a bug in segment_open */
    1498             :             Assert(state->seg.ws_file >= 0);
    1499             : 
    1500             :             /* Update the current segment info. */
    1501           0 :             state->seg.ws_tli = tli;
    1502           0 :             state->seg.ws_segno = nextSegNo;
    1503             :         }
    1504             : 
    1505             :         /* How many bytes are within this segment? */
    1506           0 :         if (nbytes > (state->segcxt.ws_segsize - startoff))
    1507           0 :             segbytes = state->segcxt.ws_segsize - startoff;
    1508             :         else
    1509           0 :             segbytes = nbytes;
    1510             : 
    1511             : #ifndef FRONTEND
    1512             :         pgstat_report_wait_start(WAIT_EVENT_WAL_READ);
    1513             : #endif
    1514             : 
    1515             :         /* Reset errno first; eases reporting non-errno-affecting errors */
    1516           0 :         errno = 0;
    1517           0 :         readbytes = pg_pread(state->seg.ws_file, p, segbytes, (off_t) startoff);
    1518             : 
    1519             : #ifndef FRONTEND
    1520             :         pgstat_report_wait_end();
    1521             : #endif
    1522             : 
    1523           0 :         if (readbytes <= 0)
    1524             :         {
    1525           0 :             errinfo->wre_errno = errno;
    1526           0 :             errinfo->wre_req = segbytes;
    1527           0 :             errinfo->wre_read = readbytes;
    1528           0 :             errinfo->wre_off = startoff;
    1529           0 :             errinfo->wre_seg = state->seg;
    1530           0 :             return false;
    1531             :         }
    1532             : 
    1533             :         /* Update state for read */
    1534           0 :         recptr += readbytes;
    1535           0 :         nbytes -= readbytes;
    1536           0 :         p += readbytes;
    1537             :     }
    1538             : 
    1539           0 :     return true;
    1540             : }
    1541             : 
    1542             : /* ----------------------------------------
    1543             :  * Functions for decoding the data and block references in a record.
    1544             :  * ----------------------------------------
    1545             :  */
    1546             : 
    1547             : /*
    1548             :  * Private function to reset the state, forgetting all decoded records, if we
    1549             :  * are asked to move to a new read position.
    1550             :  */
    1551             : static void
    1552        4420 : ResetDecoder(XLogReaderState *state)
    1553             : {
    1554             :     DecodedXLogRecord *r;
    1555             : 
    1556             :     /* Reset the decoded record queue, freeing any oversized records. */
    1557        8762 :     while ((r = state->decode_queue_head) != NULL)
    1558             :     {
    1559        4342 :         state->decode_queue_head = r->next;
    1560        4342 :         if (r->oversized)
    1561           0 :             pfree(r);
    1562             :     }
    1563        4420 :     state->decode_queue_tail = NULL;
    1564        4420 :     state->decode_queue_head = NULL;
    1565        4420 :     state->record = NULL;
    1566             : 
    1567             :     /* Reset the decode buffer to empty. */
    1568        4420 :     state->decode_buffer_tail = state->decode_buffer;
    1569        4420 :     state->decode_buffer_head = state->decode_buffer;
    1570             : 
    1571             :     /* Clear error state. */
    1572        4420 :     state->errormsg_buf[0] = '\0';
    1573        4420 :     state->errormsg_deferred = false;
    1574        4420 : }
    1575             : 
    1576             : /*
    1577             :  * Compute the maximum possible amount of padding that could be required to
    1578             :  * decode a record, given xl_tot_len from the record's header.  This is the
    1579             :  * amount of output buffer space that we need to decode a record, though we
    1580             :  * might not finish up using it all.
    1581             :  *
    1582             :  * This computation is pessimistic and assumes the maximum possible number of
    1583             :  * blocks, due to lack of better information.
    1584             :  */
    1585             : size_t
    1586      176182 : DecodeXLogRecordRequiredSpace(size_t xl_tot_len)
    1587             : {
    1588      176182 :     size_t      size = 0;
    1589             : 
    1590             :     /* Account for the fixed size part of the decoded record struct. */
    1591      176182 :     size += offsetof(DecodedXLogRecord, blocks[0]);
    1592             :     /* Account for the flexible blocks array of maximum possible size. */
    1593      176182 :     size += sizeof(DecodedBkpBlock) * (XLR_MAX_BLOCK_ID + 1);
    1594             :     /* Account for all the raw main and block data. */
    1595      176182 :     size += xl_tot_len;
    1596             :     /* We might insert padding before main_data. */
    1597      176182 :     size += (MAXIMUM_ALIGNOF - 1);
    1598             :     /* We might insert padding before each block's data. */
    1599      176182 :     size += (MAXIMUM_ALIGNOF - 1) * (XLR_MAX_BLOCK_ID + 1);
    1600             :     /* We might insert padding at the end. */
    1601      176182 :     size += (MAXIMUM_ALIGNOF - 1);
    1602             : 
    1603      176182 :     return size;
    1604             : }
    1605             : 
    1606             : /*
    1607             :  * Decode a record.  "decoded" must point to a MAXALIGNed memory area that has
    1608             :  * space for at least DecodeXLogRecordRequiredSpace(record) bytes.  On
    1609             :  * success, decoded->size contains the actual space occupied by the decoded
    1610             :  * record, which may turn out to be less.
    1611             :  *
    1612             :  * Only decoded->oversized member must be initialized already, and will not be
    1613             :  * modified.  Other members will be initialized as required.
    1614             :  *
    1615             :  * On error, a human-readable error message is returned in *errormsg, and
    1616             :  * the return value is false.
    1617             :  */
    1618             : bool
    1619      176182 : DecodeXLogRecord(XLogReaderState *state,
    1620             :                  DecodedXLogRecord *decoded,
    1621             :                  XLogRecord *record,
    1622             :                  XLogRecPtr lsn,
    1623             :                  char **errormsg)
    1624             : {
    1625             :     /*
    1626             :      * read next _size bytes from record buffer, but check for overrun first.
    1627             :      */
    1628             : #define COPY_HEADER_FIELD(_dst, _size)          \
    1629             :     do {                                        \
    1630             :         if (remaining < _size)                   \
    1631             :             goto shortdata_err;                 \
    1632             :         memcpy(_dst, ptr, _size);               \
    1633             :         ptr += _size;                           \
    1634             :         remaining -= _size;                     \
    1635             :     } while(0)
    1636             : 
    1637             :     char       *ptr;
    1638             :     char       *out;
    1639             :     uint32      remaining;
    1640             :     uint32      datatotal;
    1641      176182 :     RelFileNode *rnode = NULL;
    1642             :     uint8       block_id;
    1643             : 
    1644      176182 :     decoded->header = *record;
    1645      176182 :     decoded->lsn = lsn;
    1646      176182 :     decoded->next = NULL;
    1647      176182 :     decoded->record_origin = InvalidRepOriginId;
    1648      176182 :     decoded->toplevel_xid = InvalidTransactionId;
    1649      176182 :     decoded->main_data = NULL;
    1650      176182 :     decoded->main_data_len = 0;
    1651      176182 :     decoded->max_block_id = -1;
    1652      176182 :     ptr = (char *) record;
    1653      176182 :     ptr += SizeOfXLogRecord;
    1654      176182 :     remaining = record->xl_tot_len - SizeOfXLogRecord;
    1655             : 
    1656             :     /* Decode the headers */
    1657      176182 :     datatotal = 0;
    1658      349138 :     while (remaining > datatotal)
    1659             :     {
    1660      339532 :         COPY_HEADER_FIELD(&block_id, sizeof(uint8));
    1661             : 
    1662      339532 :         if (block_id == XLR_BLOCK_ID_DATA_SHORT)
    1663             :         {
    1664             :             /* XLogRecordDataHeaderShort */
    1665             :             uint8       main_data_len;
    1666             : 
    1667      166544 :             COPY_HEADER_FIELD(&main_data_len, sizeof(uint8));
    1668             : 
    1669      166544 :             decoded->main_data_len = main_data_len;
    1670      166544 :             datatotal += main_data_len;
    1671      166544 :             break;              /* by convention, the main data fragment is
    1672             :                                  * always last */
    1673             :         }
    1674      172988 :         else if (block_id == XLR_BLOCK_ID_DATA_LONG)
    1675             :         {
    1676             :             /* XLogRecordDataHeaderLong */
    1677             :             uint32      main_data_len;
    1678             : 
    1679          32 :             COPY_HEADER_FIELD(&main_data_len, sizeof(uint32));
    1680          32 :             decoded->main_data_len = main_data_len;
    1681          32 :             datatotal += main_data_len;
    1682          32 :             break;              /* by convention, the main data fragment is
    1683             :                                  * always last */
    1684             :         }
    1685      172956 :         else if (block_id == XLR_BLOCK_ID_ORIGIN)
    1686             :         {
    1687           0 :             COPY_HEADER_FIELD(&decoded->record_origin, sizeof(RepOriginId));
    1688             :         }
    1689      172956 :         else if (block_id == XLR_BLOCK_ID_TOPLEVEL_XID)
    1690             :         {
    1691           0 :             COPY_HEADER_FIELD(&decoded->toplevel_xid, sizeof(TransactionId));
    1692             :         }
    1693      172956 :         else if (block_id <= XLR_MAX_BLOCK_ID)
    1694             :         {
    1695             :             /* XLogRecordBlockHeader */
    1696             :             DecodedBkpBlock *blk;
    1697             :             uint8       fork_flags;
    1698             : 
    1699             :             /* mark any intervening block IDs as not in use */
    1700      172956 :             for (int i = decoded->max_block_id + 1; i < block_id; ++i)
    1701           0 :                 decoded->blocks[i].in_use = false;
    1702             : 
    1703      172956 :             if (block_id <= decoded->max_block_id)
    1704             :             {
    1705           0 :                 report_invalid_record(state,
    1706             :                                       "out-of-order block_id %u at %X/%X",
    1707             :                                       block_id,
    1708           0 :                                       LSN_FORMAT_ARGS(state->ReadRecPtr));
    1709           0 :                 goto err;
    1710             :             }
    1711      172956 :             decoded->max_block_id = block_id;
    1712             : 
    1713      172956 :             blk = &decoded->blocks[block_id];
    1714      172956 :             blk->in_use = true;
    1715      172956 :             blk->apply_image = false;
    1716             : 
    1717      172956 :             COPY_HEADER_FIELD(&fork_flags, sizeof(uint8));
    1718      172956 :             blk->forknum = fork_flags & BKPBLOCK_FORK_MASK;
    1719      172956 :             blk->flags = fork_flags;
    1720      172956 :             blk->has_image = ((fork_flags & BKPBLOCK_HAS_IMAGE) != 0);
    1721      172956 :             blk->has_data = ((fork_flags & BKPBLOCK_HAS_DATA) != 0);
    1722             : 
    1723      172956 :             blk->prefetch_buffer = InvalidBuffer;
    1724             : 
    1725      172956 :             COPY_HEADER_FIELD(&blk->data_len, sizeof(uint16));
    1726             :             /* cross-check that the HAS_DATA flag is set iff data_length > 0 */
    1727      172956 :             if (blk->has_data && blk->data_len == 0)
    1728             :             {
    1729           0 :                 report_invalid_record(state,
    1730             :                                       "BKPBLOCK_HAS_DATA set, but no data included at %X/%X",
    1731           0 :                                       LSN_FORMAT_ARGS(state->ReadRecPtr));
    1732           0 :                 goto err;
    1733             :             }
    1734      172956 :             if (!blk->has_data && blk->data_len != 0)
    1735             :             {
    1736           0 :                 report_invalid_record(state,
    1737             :                                       "BKPBLOCK_HAS_DATA not set, but data length is %u at %X/%X",
    1738           0 :                                       (unsigned int) blk->data_len,
    1739           0 :                                       LSN_FORMAT_ARGS(state->ReadRecPtr));
    1740           0 :                 goto err;
    1741             :             }
    1742      172956 :             datatotal += blk->data_len;
    1743             : 
    1744      172956 :             if (blk->has_image)
    1745             :             {
    1746        9688 :                 COPY_HEADER_FIELD(&blk->bimg_len, sizeof(uint16));
    1747        9688 :                 COPY_HEADER_FIELD(&blk->hole_offset, sizeof(uint16));
    1748        9688 :                 COPY_HEADER_FIELD(&blk->bimg_info, sizeof(uint8));
    1749             : 
    1750        9688 :                 blk->apply_image = ((blk->bimg_info & BKPIMAGE_APPLY) != 0);
    1751             : 
    1752        9688 :                 if (BKPIMAGE_COMPRESSED(blk->bimg_info))
    1753             :                 {
    1754           0 :                     if (blk->bimg_info & BKPIMAGE_HAS_HOLE)
    1755           0 :                         COPY_HEADER_FIELD(&blk->hole_length, sizeof(uint16));
    1756             :                     else
    1757           0 :                         blk->hole_length = 0;
    1758             :                 }
    1759             :                 else
    1760        9688 :                     blk->hole_length = BLCKSZ - blk->bimg_len;
    1761        9688 :                 datatotal += blk->bimg_len;
    1762             : 
    1763             :                 /*
    1764             :                  * cross-check that hole_offset > 0, hole_length > 0 and
    1765             :                  * bimg_len < BLCKSZ if the HAS_HOLE flag is set.
    1766             :                  */
    1767        9688 :                 if ((blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
    1768        9592 :                     (blk->hole_offset == 0 ||
    1769        9592 :                      blk->hole_length == 0 ||
    1770        9592 :                      blk->bimg_len == BLCKSZ))
    1771             :                 {
    1772           0 :                     report_invalid_record(state,
    1773             :                                           "BKPIMAGE_HAS_HOLE set, but hole offset %u length %u block image length %u at %X/%X",
    1774           0 :                                           (unsigned int) blk->hole_offset,
    1775           0 :                                           (unsigned int) blk->hole_length,
    1776           0 :                                           (unsigned int) blk->bimg_len,
    1777           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1778           0 :                     goto err;
    1779             :                 }
    1780             : 
    1781             :                 /*
    1782             :                  * cross-check that hole_offset == 0 and hole_length == 0 if
    1783             :                  * the HAS_HOLE flag is not set.
    1784             :                  */
    1785        9688 :                 if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
    1786          96 :                     (blk->hole_offset != 0 || blk->hole_length != 0))
    1787             :                 {
    1788           0 :                     report_invalid_record(state,
    1789             :                                           "BKPIMAGE_HAS_HOLE not set, but hole offset %u length %u at %X/%X",
    1790           0 :                                           (unsigned int) blk->hole_offset,
    1791           0 :                                           (unsigned int) blk->hole_length,
    1792           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1793           0 :                     goto err;
    1794             :                 }
    1795             : 
    1796             :                 /*
    1797             :                  * Cross-check that bimg_len < BLCKSZ if it is compressed.
    1798             :                  */
    1799        9688 :                 if (BKPIMAGE_COMPRESSED(blk->bimg_info) &&
    1800           0 :                     blk->bimg_len == BLCKSZ)
    1801             :                 {
    1802           0 :                     report_invalid_record(state,
    1803             :                                           "BKPIMAGE_COMPRESSED set, but block image length %u at %X/%X",
    1804           0 :                                           (unsigned int) blk->bimg_len,
    1805           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1806           0 :                     goto err;
    1807             :                 }
    1808             : 
    1809             :                 /*
    1810             :                  * cross-check that bimg_len = BLCKSZ if neither HAS_HOLE is
    1811             :                  * set nor COMPRESSED().
    1812             :                  */
    1813        9688 :                 if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
    1814          96 :                     !BKPIMAGE_COMPRESSED(blk->bimg_info) &&
    1815          96 :                     blk->bimg_len != BLCKSZ)
    1816             :                 {
    1817           0 :                     report_invalid_record(state,
    1818             :                                           "neither BKPIMAGE_HAS_HOLE nor BKPIMAGE_COMPRESSED set, but block image length is %u at %X/%X",
    1819           0 :                                           (unsigned int) blk->data_len,
    1820           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1821           0 :                     goto err;
    1822             :                 }
    1823             :             }
    1824      172956 :             if (!(fork_flags & BKPBLOCK_SAME_REL))
    1825             :             {
    1826      172284 :                 COPY_HEADER_FIELD(&blk->rnode, sizeof(RelFileNode));
    1827      172284 :                 rnode = &blk->rnode;
    1828             :             }
    1829             :             else
    1830             :             {
    1831         672 :                 if (rnode == NULL)
    1832             :                 {
    1833           0 :                     report_invalid_record(state,
    1834             :                                           "BKPBLOCK_SAME_REL set but no previous rel at %X/%X",
    1835           0 :                                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1836           0 :                     goto err;
    1837             :                 }
    1838             : 
    1839         672 :                 blk->rnode = *rnode;
    1840             :             }
    1841      172956 :             COPY_HEADER_FIELD(&blk->blkno, sizeof(BlockNumber));
    1842             :         }
    1843             :         else
    1844             :         {
    1845           0 :             report_invalid_record(state,
    1846             :                                   "invalid block_id %u at %X/%X",
    1847           0 :                                   block_id, LSN_FORMAT_ARGS(state->ReadRecPtr));
    1848           0 :             goto err;
    1849             :         }
    1850             :     }
    1851             : 
    1852      176182 :     if (remaining != datatotal)
    1853           0 :         goto shortdata_err;
    1854             : 
    1855             :     /*
    1856             :      * Ok, we've parsed the fragment headers, and verified that the total
    1857             :      * length of the payload in the fragments is equal to the amount of data
    1858             :      * left.  Copy the data of each fragment to contiguous space after the
    1859             :      * blocks array, inserting alignment padding before the data fragments so
    1860             :      * they can be cast to struct pointers by REDO routines.
    1861             :      */
    1862      176182 :     out = ((char *) decoded) +
    1863      176182 :         offsetof(DecodedXLogRecord, blocks) +
    1864      176182 :         sizeof(decoded->blocks[0]) * (decoded->max_block_id + 1);
    1865             : 
    1866             :     /* block data first */
    1867      349138 :     for (block_id = 0; block_id <= decoded->max_block_id; block_id++)
    1868             :     {
    1869      172956 :         DecodedBkpBlock *blk = &decoded->blocks[block_id];
    1870             : 
    1871      172956 :         if (!blk->in_use)
    1872           0 :             continue;
    1873             : 
    1874             :         Assert(blk->has_image || !blk->apply_image);
    1875             : 
    1876      172956 :         if (blk->has_image)
    1877             :         {
    1878             :             /* no need to align image */
    1879        9688 :             blk->bkp_image = out;
    1880        9688 :             memcpy(out, ptr, blk->bimg_len);
    1881        9688 :             ptr += blk->bimg_len;
    1882        9688 :             out += blk->bimg_len;
    1883             :         }
    1884      172956 :         if (blk->has_data)
    1885             :         {
    1886       81780 :             out = (char *) MAXALIGN(out);
    1887       81780 :             blk->data = out;
    1888       81780 :             memcpy(blk->data, ptr, blk->data_len);
    1889       81780 :             ptr += blk->data_len;
    1890       81780 :             out += blk->data_len;
    1891             :         }
    1892             :     }
    1893             : 
    1894             :     /* and finally, the main data */
    1895      176182 :     if (decoded->main_data_len > 0)
    1896             :     {
    1897      166576 :         out = (char *) MAXALIGN(out);
    1898      166576 :         decoded->main_data = out;
    1899      166576 :         memcpy(decoded->main_data, ptr, decoded->main_data_len);
    1900      166576 :         ptr += decoded->main_data_len;
    1901      166576 :         out += decoded->main_data_len;
    1902             :     }
    1903             : 
    1904             :     /* Report the actual size we used. */
    1905      176182 :     decoded->size = MAXALIGN(out - (char *) decoded);
    1906             :     Assert(DecodeXLogRecordRequiredSpace(record->xl_tot_len) >=
    1907             :            decoded->size);
    1908             : 
    1909      176182 :     return true;
    1910             : 
    1911           0 : shortdata_err:
    1912           0 :     report_invalid_record(state,
    1913             :                           "record with invalid length at %X/%X",
    1914           0 :                           LSN_FORMAT_ARGS(state->ReadRecPtr));
    1915           0 : err:
    1916           0 :     *errormsg = state->errormsg_buf;
    1917             : 
    1918           0 :     return false;
    1919             : }
    1920             : 
    1921             : /*
    1922             :  * Returns information about the block that a block reference refers to.
    1923             :  *
    1924             :  * This is like XLogRecGetBlockTagExtended, except that the block reference
    1925             :  * must exist and there's no access to prefetch_buffer.
    1926             :  */
    1927             : void
    1928           0 : XLogRecGetBlockTag(XLogReaderState *record, uint8 block_id,
    1929             :                    RelFileNode *rnode, ForkNumber *forknum, BlockNumber *blknum)
    1930             : {
    1931           0 :     if (!XLogRecGetBlockTagExtended(record, block_id, rnode, forknum, blknum,
    1932             :                                     NULL))
    1933             :     {
    1934             : #ifndef FRONTEND
    1935             :         elog(ERROR, "failed to locate backup block with ID %d in WAL record",
    1936             :              block_id);
    1937             : #else
    1938           0 :         pg_fatal("failed to locate backup block with ID %d in WAL record",
    1939             :                  block_id);
    1940             : #endif
    1941             :     }
    1942           0 : }
    1943             : 
    1944             : /*
    1945             :  * Returns information about the block that a block reference refers to,
    1946             :  * optionally including the buffer that the block may already be in.
    1947             :  *
    1948             :  * If the WAL record contains a block reference with the given ID, *rnode,
    1949             :  * *forknum, *blknum and *prefetch_buffer are filled in (if not NULL), and
    1950             :  * returns true.  Otherwise returns false.
    1951             :  */
    1952             : bool
    1953      169844 : XLogRecGetBlockTagExtended(XLogReaderState *record, uint8 block_id,
    1954             :                            RelFileNode *rnode, ForkNumber *forknum,
    1955             :                            BlockNumber *blknum,
    1956             :                            Buffer *prefetch_buffer)
    1957             : {
    1958             :     DecodedBkpBlock *bkpb;
    1959             : 
    1960      169844 :     if (!XLogRecHasBlockRef(record, block_id))
    1961           0 :         return false;
    1962             : 
    1963      169844 :     bkpb = &record->record->blocks[block_id];
    1964      169844 :     if (rnode)
    1965      169844 :         *rnode = bkpb->rnode;
    1966      169844 :     if (forknum)
    1967      169844 :         *forknum = bkpb->forknum;
    1968      169844 :     if (blknum)
    1969      169844 :         *blknum = bkpb->blkno;
    1970      169844 :     if (prefetch_buffer)
    1971           0 :         *prefetch_buffer = bkpb->prefetch_buffer;
    1972      169844 :     return true;
    1973             : }
    1974             : 
    1975             : /*
    1976             :  * Returns the data associated with a block reference, or NULL if there is
    1977             :  * no data (e.g. because a full-page image was taken instead). The returned
    1978             :  * pointer points to a MAXALIGNed buffer.
    1979             :  */
    1980             : char *
    1981           0 : XLogRecGetBlockData(XLogReaderState *record, uint8 block_id, Size *len)
    1982             : {
    1983             :     DecodedBkpBlock *bkpb;
    1984             : 
    1985           0 :     if (block_id > record->record->max_block_id ||
    1986           0 :         !record->record->blocks[block_id].in_use)
    1987           0 :         return NULL;
    1988             : 
    1989           0 :     bkpb = &record->record->blocks[block_id];
    1990             : 
    1991           0 :     if (!bkpb->has_data)
    1992             :     {
    1993           0 :         if (len)
    1994           0 :             *len = 0;
    1995           0 :         return NULL;
    1996             :     }
    1997             :     else
    1998             :     {
    1999           0 :         if (len)
    2000           0 :             *len = bkpb->data_len;
    2001           0 :         return bkpb->data;
    2002             :     }
    2003             : }
    2004             : 
    2005             : /*
    2006             :  * Restore a full-page image from a backup block attached to an XLOG record.
    2007             :  *
    2008             :  * Returns true if a full-page image is restored.
    2009             :  */
    2010             : bool
    2011           0 : RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
    2012             : {
    2013             :     DecodedBkpBlock *bkpb;
    2014             :     char       *ptr;
    2015             :     PGAlignedBlock tmp;
    2016             : 
    2017           0 :     if (block_id > record->record->max_block_id ||
    2018           0 :         !record->record->blocks[block_id].in_use)
    2019           0 :         return false;
    2020           0 :     if (!record->record->blocks[block_id].has_image)
    2021           0 :         return false;
    2022             : 
    2023           0 :     bkpb = &record->record->blocks[block_id];
    2024           0 :     ptr = bkpb->bkp_image;
    2025             : 
    2026           0 :     if (BKPIMAGE_COMPRESSED(bkpb->bimg_info))
    2027             :     {
    2028             :         /* If a backup block image is compressed, decompress it */
    2029           0 :         bool        decomp_success = true;
    2030             : 
    2031           0 :         if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_PGLZ) != 0)
    2032             :         {
    2033           0 :             if (pglz_decompress(ptr, bkpb->bimg_len, tmp.data,
    2034           0 :                                 BLCKSZ - bkpb->hole_length, true) < 0)
    2035           0 :                 decomp_success = false;
    2036             :         }
    2037           0 :         else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_LZ4) != 0)
    2038             :         {
    2039             : #ifdef USE_LZ4
    2040           0 :             if (LZ4_decompress_safe(ptr, tmp.data,
    2041           0 :                                     bkpb->bimg_len, BLCKSZ - bkpb->hole_length) <= 0)
    2042           0 :                 decomp_success = false;
    2043             : #else
    2044             :             report_invalid_record(record, "image at %X/%X compressed with %s not supported by build, block %d",
    2045             :                                   LSN_FORMAT_ARGS(record->ReadRecPtr),
    2046             :                                   "LZ4",
    2047             :                                   block_id);
    2048             :             return false;
    2049             : #endif
    2050             :         }
    2051           0 :         else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_ZSTD) != 0)
    2052             :         {
    2053             : #ifdef USE_ZSTD
    2054             :             size_t      decomp_result = ZSTD_decompress(tmp.data,
    2055             :                                                         BLCKSZ - bkpb->hole_length,
    2056             :                                                         ptr, bkpb->bimg_len);
    2057             : 
    2058             :             if (ZSTD_isError(decomp_result))
    2059             :                 decomp_success = false;
    2060             : #else
    2061           0 :             report_invalid_record(record, "image at %X/%X compressed with %s not supported by build, block %d",
    2062           0 :                                   LSN_FORMAT_ARGS(record->ReadRecPtr),
    2063             :                                   "zstd",
    2064             :                                   block_id);
    2065           0 :             return false;
    2066             : #endif
    2067             :         }
    2068             :         else
    2069             :         {
    2070           0 :             report_invalid_record(record, "image at %X/%X compressed with unknown method, block %d",
    2071           0 :                                   LSN_FORMAT_ARGS(record->ReadRecPtr),
    2072             :                                   block_id);
    2073           0 :             return false;
    2074             :         }
    2075             : 
    2076           0 :         if (!decomp_success)
    2077             :         {
    2078           0 :             report_invalid_record(record, "invalid compressed image at %X/%X, block %d",
    2079           0 :                                   LSN_FORMAT_ARGS(record->ReadRecPtr),
    2080             :                                   block_id);
    2081           0 :             return false;
    2082             :         }
    2083             : 
    2084           0 :         ptr = tmp.data;
    2085             :     }
    2086             : 
    2087             :     /* generate page, taking into account hole if necessary */
    2088           0 :     if (bkpb->hole_length == 0)
    2089             :     {
    2090           0 :         memcpy(page, ptr, BLCKSZ);
    2091             :     }
    2092             :     else
    2093             :     {
    2094           0 :         memcpy(page, ptr, bkpb->hole_offset);
    2095             :         /* must zero-fill the hole */
    2096           0 :         MemSet(page + bkpb->hole_offset, 0, bkpb->hole_length);
    2097           0 :         memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
    2098           0 :                ptr + bkpb->hole_offset,
    2099           0 :                BLCKSZ - (bkpb->hole_offset + bkpb->hole_length));
    2100             :     }
    2101             : 
    2102           0 :     return true;
    2103             : }
    2104             : 
    2105             : #ifndef FRONTEND
    2106             : 
    2107             : /*
    2108             :  * Extract the FullTransactionId from a WAL record.
    2109             :  */
    2110             : FullTransactionId
    2111             : XLogRecGetFullXid(XLogReaderState *record)
    2112             : {
    2113             :     TransactionId xid,
    2114             :                 next_xid;
    2115             :     uint32      epoch;
    2116             : 
    2117             :     /*
    2118             :      * This function is only safe during replay, because it depends on the
    2119             :      * replay state.  See AdvanceNextFullTransactionIdPastXid() for more.
    2120             :      */
    2121             :     Assert(AmStartupProcess() || !IsUnderPostmaster);
    2122             : 
    2123             :     xid = XLogRecGetXid(record);
    2124             :     next_xid = XidFromFullTransactionId(ShmemVariableCache->nextXid);
    2125             :     epoch = EpochFromFullTransactionId(ShmemVariableCache->nextXid);
    2126             : 
    2127             :     /*
    2128             :      * If xid is numerically greater than next_xid, it has to be from the last
    2129             :      * epoch.
    2130             :      */
    2131             :     if (unlikely(xid > next_xid))
    2132             :         --epoch;
    2133             : 
    2134             :     return FullTransactionIdFromEpochAndXid(epoch, xid);
    2135             : }
    2136             : 
    2137             : #endif

Generated by: LCOV version 1.14