Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * xlogreader.c
4 : * Generic XLog reading facility
5 : *
6 : * Portions Copyright (c) 2013-2019, PostgreSQL Global Development Group
7 : *
8 : * IDENTIFICATION
9 : * src/backend/access/transam/xlogreader.c
10 : *
11 : * NOTES
12 : * See xlogreader.h for more notes on this facility.
13 : *
14 : * This file is compiled as both front-end and backend code, so it
15 : * may not use ereport, server-defined static variables, etc.
16 : *-------------------------------------------------------------------------
17 : */
18 : #include "postgres.h"
19 :
20 : #include "access/transam.h"
21 : #include "access/xlogrecord.h"
22 : #include "access/xlog_internal.h"
23 : #include "access/xlogreader.h"
24 : #include "catalog/pg_control.h"
25 : #include "common/pg_lzcompress.h"
26 : #include "replication/origin.h"
27 :
28 : #ifndef FRONTEND
29 : #include "utils/memutils.h"
30 : #endif
31 :
32 : static bool allocate_recordbuf(XLogReaderState *state, uint32 reclength);
33 :
34 : static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
35 : XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess);
36 : static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record,
37 : XLogRecPtr recptr);
38 : static int ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr,
39 : int reqLen);
40 : static void report_invalid_record(XLogReaderState *state, const char *fmt,...) pg_attribute_printf(2, 3);
41 :
42 : static void ResetDecoder(XLogReaderState *state);
43 :
44 : /* size of the buffer allocated for error message. */
45 : #define MAX_ERRORMSG_LEN 1000
46 :
47 : /*
48 : * Construct a string in state->errormsg_buf explaining what's wrong with
49 : * the current record being read.
50 : */
51 : static void
52 0 : report_invalid_record(XLogReaderState *state, const char *fmt,...)
53 : {
54 : va_list args;
55 :
56 0 : fmt = _(fmt);
57 :
58 0 : va_start(args, fmt);
59 0 : vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
60 0 : va_end(args);
61 0 : }
62 :
63 : /*
64 : * Allocate and initialize a new XLogReader.
65 : *
66 : * Returns NULL if the xlogreader couldn't be allocated.
67 : */
68 : XLogReaderState *
69 32 : XLogReaderAllocate(int wal_segment_size, XLogPageReadCB pagereadfunc,
70 : void *private_data)
71 : {
72 : XLogReaderState *state;
73 :
74 32 : state = (XLogReaderState *)
75 : palloc_extended(sizeof(XLogReaderState),
76 : MCXT_ALLOC_NO_OOM | MCXT_ALLOC_ZERO);
77 32 : if (!state)
78 0 : return NULL;
79 :
80 32 : state->max_block_id = -1;
81 :
82 : /*
83 : * Permanently allocate readBuf. We do it this way, rather than just
84 : * making a static array, for two reasons: (1) no need to waste the
85 : * storage in most instantiations of the backend; (2) a static char array
86 : * isn't guaranteed to have any particular alignment, whereas
87 : * palloc_extended() will provide MAXALIGN'd storage.
88 : */
89 32 : state->readBuf = (char *) palloc_extended(XLOG_BLCKSZ,
90 : MCXT_ALLOC_NO_OOM);
91 32 : if (!state->readBuf)
92 : {
93 0 : pfree(state);
94 0 : return NULL;
95 : }
96 :
97 32 : state->wal_segment_size = wal_segment_size;
98 32 : state->read_page = pagereadfunc;
99 : /* system_identifier initialized to zeroes above */
100 32 : state->private_data = private_data;
101 : /* ReadRecPtr and EndRecPtr initialized to zeroes above */
102 : /* readSegNo, readOff, readLen, readPageTLI initialized to zeroes above */
103 32 : state->errormsg_buf = palloc_extended(MAX_ERRORMSG_LEN + 1,
104 : MCXT_ALLOC_NO_OOM);
105 32 : if (!state->errormsg_buf)
106 : {
107 0 : pfree(state->readBuf);
108 0 : pfree(state);
109 0 : return NULL;
110 : }
111 32 : state->errormsg_buf[0] = '\0';
112 :
113 : /*
114 : * Allocate an initial readRecordBuf of minimal size, which can later be
115 : * enlarged if necessary.
116 : */
117 32 : if (!allocate_recordbuf(state, 0))
118 : {
119 0 : pfree(state->errormsg_buf);
120 0 : pfree(state->readBuf);
121 0 : pfree(state);
122 0 : return NULL;
123 : }
124 :
125 32 : return state;
126 : }
127 :
128 : void
129 32 : XLogReaderFree(XLogReaderState *state)
130 : {
131 : int block_id;
132 :
133 1088 : for (block_id = 0; block_id <= XLR_MAX_BLOCK_ID; block_id++)
134 : {
135 1056 : if (state->blocks[block_id].data)
136 12 : pfree(state->blocks[block_id].data);
137 : }
138 32 : if (state->main_data)
139 32 : pfree(state->main_data);
140 :
141 32 : pfree(state->errormsg_buf);
142 32 : if (state->readRecordBuf)
143 32 : pfree(state->readRecordBuf);
144 32 : pfree(state->readBuf);
145 32 : pfree(state);
146 32 : }
147 :
148 : /*
149 : * Allocate readRecordBuf to fit a record of at least the given length.
150 : * Returns true if successful, false if out of memory.
151 : *
152 : * readRecordBufSize is set to the new buffer size.
153 : *
154 : * To avoid useless small increases, round its size to a multiple of
155 : * XLOG_BLCKSZ, and make sure it's at least 5*Max(BLCKSZ, XLOG_BLCKSZ) to start
156 : * with. (That is enough for all "normal" records, but very large commit or
157 : * abort records might need more space.)
158 : */
159 : static bool
160 32 : allocate_recordbuf(XLogReaderState *state, uint32 reclength)
161 : {
162 32 : uint32 newSize = reclength;
163 :
164 32 : newSize += XLOG_BLCKSZ - (newSize % XLOG_BLCKSZ);
165 32 : newSize = Max(newSize, 5 * Max(BLCKSZ, XLOG_BLCKSZ));
166 :
167 : #ifndef FRONTEND
168 :
169 : /*
170 : * Note that in much unlucky circumstances, the random data read from a
171 : * recycled segment can cause this routine to be called with a size
172 : * causing a hard failure at allocation. For a standby, this would cause
173 : * the instance to stop suddenly with a hard failure, preventing it to
174 : * retry fetching WAL from one of its sources which could allow it to move
175 : * on with replay without a manual restart. If the data comes from a past
176 : * recycled segment and is still valid, then the allocation may succeed
177 : * but record checks are going to fail so this would be short-lived. If
178 : * the allocation fails because of a memory shortage, then this is not a
179 : * hard failure either per the guarantee given by MCXT_ALLOC_NO_OOM.
180 : */
181 : if (!AllocSizeIsValid(newSize))
182 : return false;
183 :
184 : #endif
185 :
186 32 : if (state->readRecordBuf)
187 0 : pfree(state->readRecordBuf);
188 32 : state->readRecordBuf =
189 32 : (char *) palloc_extended(newSize, MCXT_ALLOC_NO_OOM);
190 32 : if (state->readRecordBuf == NULL)
191 : {
192 0 : state->readRecordBufSize = 0;
193 0 : return false;
194 : }
195 32 : state->readRecordBufSize = newSize;
196 32 : return true;
197 : }
198 :
199 : /*
200 : * Attempt to read an XLOG record.
201 : *
202 : * If RecPtr is valid, try to read a record at that position. Otherwise
203 : * try to read a record just after the last one previously read.
204 : *
205 : * If the read_page callback fails to read the requested data, NULL is
206 : * returned. The callback is expected to have reported the error; errormsg
207 : * is set to NULL.
208 : *
209 : * If the reading fails for some other reason, NULL is also returned, and
210 : * *errormsg is set to a string with details of the failure.
211 : *
212 : * The returned pointer (or *errormsg) points to an internal buffer that's
213 : * valid until the next call to XLogReadRecord.
214 : */
215 : XLogRecord *
216 82056 : XLogReadRecord(XLogReaderState *state, XLogRecPtr RecPtr, char **errormsg)
217 : {
218 : XLogRecord *record;
219 : XLogRecPtr targetPagePtr;
220 : bool randAccess;
221 : uint32 len,
222 : total_len;
223 : uint32 targetRecOff;
224 : uint32 pageHeaderSize;
225 : bool gotheader;
226 : int readOff;
227 :
228 : /*
229 : * randAccess indicates whether to verify the previous-record pointer of
230 : * the record we're reading. We only do this if we're reading
231 : * sequentially, which is what we initially assume.
232 : */
233 82056 : randAccess = false;
234 :
235 : /* reset error state */
236 82056 : *errormsg = NULL;
237 82056 : state->errormsg_buf[0] = '\0';
238 :
239 82056 : ResetDecoder(state);
240 :
241 82056 : if (RecPtr == InvalidXLogRecPtr)
242 : {
243 : /* No explicit start point; read the record after the one we just read */
244 81816 : RecPtr = state->EndRecPtr;
245 :
246 81816 : if (state->ReadRecPtr == InvalidXLogRecPtr)
247 0 : randAccess = true;
248 :
249 : /*
250 : * RecPtr is pointing to end+1 of the previous WAL record. If we're
251 : * at a page boundary, no more records can fit on the current page. We
252 : * must skip over the page header, but we can't do that until we've
253 : * read in the page, since the header size is variable.
254 : */
255 : }
256 : else
257 : {
258 : /*
259 : * Caller supplied a position to start at.
260 : *
261 : * In this case, the passed-in record pointer should already be
262 : * pointing to a valid record starting position.
263 : */
264 : Assert(XRecOffIsValid(RecPtr));
265 240 : randAccess = true;
266 : }
267 :
268 82056 : state->currRecPtr = RecPtr;
269 :
270 82056 : targetPagePtr = RecPtr - (RecPtr % XLOG_BLCKSZ);
271 82056 : targetRecOff = RecPtr % XLOG_BLCKSZ;
272 :
273 : /*
274 : * Read the page containing the record into state->readBuf. Request enough
275 : * byte to cover the whole record header, or at least the part of it that
276 : * fits on the same page.
277 : */
278 82056 : readOff = ReadPageInternal(state,
279 : targetPagePtr,
280 82056 : Min(targetRecOff + SizeOfXLogRecord, XLOG_BLCKSZ));
281 82056 : if (readOff < 0)
282 0 : goto err;
283 :
284 : /*
285 : * ReadPageInternal always returns at least the page header, so we can
286 : * examine it now.
287 : */
288 82056 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
289 82056 : if (targetRecOff == 0)
290 : {
291 : /*
292 : * At page start, so skip over page header.
293 : */
294 72 : RecPtr += pageHeaderSize;
295 72 : targetRecOff = pageHeaderSize;
296 : }
297 81984 : else if (targetRecOff < pageHeaderSize)
298 : {
299 0 : report_invalid_record(state, "invalid record offset at %X/%X",
300 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr);
301 0 : goto err;
302 : }
303 :
304 82056 : if ((((XLogPageHeader) state->readBuf)->xlp_info & XLP_FIRST_IS_CONTRECORD) &&
305 : targetRecOff == pageHeaderSize)
306 : {
307 0 : report_invalid_record(state, "contrecord is requested by %X/%X",
308 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr);
309 0 : goto err;
310 : }
311 :
312 : /* ReadPageInternal has verified the page header */
313 : Assert(pageHeaderSize <= readOff);
314 :
315 : /*
316 : * Read the record length.
317 : *
318 : * NB: Even though we use an XLogRecord pointer here, the whole record
319 : * header might not fit on this page. xl_tot_len is the first field of the
320 : * struct, so it must be on this page (the records are MAXALIGNed), but we
321 : * cannot access any other fields until we've verified that we got the
322 : * whole header.
323 : */
324 82056 : record = (XLogRecord *) (state->readBuf + RecPtr % XLOG_BLCKSZ);
325 82056 : total_len = record->xl_tot_len;
326 :
327 : /*
328 : * If the whole record header is on this page, validate it immediately.
329 : * Otherwise do just a basic sanity check on xl_tot_len, and validate the
330 : * rest of the header after reading it from the next page. The xl_tot_len
331 : * check is necessary here to ensure that we enter the "Need to reassemble
332 : * record" code path below; otherwise we might fail to apply
333 : * ValidXLogRecordHeader at all.
334 : */
335 82056 : if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
336 : {
337 81884 : if (!ValidXLogRecordHeader(state, RecPtr, state->ReadRecPtr, record,
338 : randAccess))
339 0 : goto err;
340 81884 : gotheader = true;
341 : }
342 : else
343 : {
344 : /* XXX: more validation should be done here */
345 172 : if (total_len < SizeOfXLogRecord)
346 : {
347 0 : report_invalid_record(state,
348 : "invalid record length at %X/%X: wanted %u, got %u",
349 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr,
350 : (uint32) SizeOfXLogRecord, total_len);
351 0 : goto err;
352 : }
353 172 : gotheader = false;
354 : }
355 :
356 82056 : len = XLOG_BLCKSZ - RecPtr % XLOG_BLCKSZ;
357 82056 : if (total_len > len)
358 : {
359 : /* Need to reassemble record */
360 : char *contdata;
361 : XLogPageHeader pageHeader;
362 : char *buffer;
363 : uint32 gotlen;
364 :
365 : /*
366 : * Enlarge readRecordBuf as needed.
367 : */
368 1164 : if (total_len > state->readRecordBufSize &&
369 0 : !allocate_recordbuf(state, total_len))
370 : {
371 : /* We treat this as a "bogus data" condition */
372 0 : report_invalid_record(state, "record length %u at %X/%X too long",
373 : total_len,
374 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr);
375 0 : goto err;
376 : }
377 :
378 : /* Copy the first fragment of the record from the first page. */
379 2328 : memcpy(state->readRecordBuf,
380 1164 : state->readBuf + RecPtr % XLOG_BLCKSZ, len);
381 1164 : buffer = state->readRecordBuf + len;
382 1164 : gotlen = len;
383 :
384 : do
385 : {
386 : /* Calculate pointer to beginning of next page */
387 1168 : targetPagePtr += XLOG_BLCKSZ;
388 :
389 : /* Wait for the next page to become available */
390 1168 : readOff = ReadPageInternal(state, targetPagePtr,
391 1168 : Min(total_len - gotlen + SizeOfXLogShortPHD,
392 : XLOG_BLCKSZ));
393 :
394 1168 : if (readOff < 0)
395 0 : goto err;
396 :
397 : Assert(SizeOfXLogShortPHD <= readOff);
398 :
399 : /* Check that the continuation on next page looks valid */
400 1168 : pageHeader = (XLogPageHeader) state->readBuf;
401 1168 : if (!(pageHeader->xlp_info & XLP_FIRST_IS_CONTRECORD))
402 : {
403 0 : report_invalid_record(state,
404 : "there is no contrecord flag at %X/%X",
405 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr);
406 0 : goto err;
407 : }
408 :
409 : /*
410 : * Cross-check that xlp_rem_len agrees with how much of the record
411 : * we expect there to be left.
412 : */
413 2336 : if (pageHeader->xlp_rem_len == 0 ||
414 1168 : total_len != (pageHeader->xlp_rem_len + gotlen))
415 : {
416 0 : report_invalid_record(state,
417 : "invalid contrecord length %u at %X/%X",
418 : pageHeader->xlp_rem_len,
419 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr);
420 0 : goto err;
421 : }
422 :
423 : /* Append the continuation from this page to the buffer */
424 1168 : pageHeaderSize = XLogPageHeaderSize(pageHeader);
425 :
426 1168 : if (readOff < pageHeaderSize)
427 0 : readOff = ReadPageInternal(state, targetPagePtr,
428 : pageHeaderSize);
429 :
430 : Assert(pageHeaderSize <= readOff);
431 :
432 1168 : contdata = (char *) state->readBuf + pageHeaderSize;
433 1168 : len = XLOG_BLCKSZ - pageHeaderSize;
434 1168 : if (pageHeader->xlp_rem_len < len)
435 1164 : len = pageHeader->xlp_rem_len;
436 :
437 1168 : if (readOff < pageHeaderSize + len)
438 0 : readOff = ReadPageInternal(state, targetPagePtr,
439 0 : pageHeaderSize + len);
440 :
441 1168 : memcpy(buffer, (char *) contdata, len);
442 1168 : buffer += len;
443 1168 : gotlen += len;
444 :
445 : /* If we just reassembled the record header, validate it. */
446 1168 : if (!gotheader)
447 : {
448 172 : record = (XLogRecord *) state->readRecordBuf;
449 172 : if (!ValidXLogRecordHeader(state, RecPtr, state->ReadRecPtr,
450 : record, randAccess))
451 0 : goto err;
452 172 : gotheader = true;
453 : }
454 1168 : } while (gotlen < total_len);
455 :
456 : Assert(gotheader);
457 :
458 1164 : record = (XLogRecord *) state->readRecordBuf;
459 1164 : if (!ValidXLogRecord(state, record, RecPtr))
460 0 : goto err;
461 :
462 1164 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
463 1164 : state->ReadRecPtr = RecPtr;
464 2328 : state->EndRecPtr = targetPagePtr + pageHeaderSize
465 1164 : + MAXALIGN(pageHeader->xlp_rem_len);
466 : }
467 : else
468 : {
469 : /* Wait for the record data to become available */
470 80892 : readOff = ReadPageInternal(state, targetPagePtr,
471 80892 : Min(targetRecOff + total_len, XLOG_BLCKSZ));
472 80892 : if (readOff < 0)
473 0 : goto err;
474 :
475 : /* Record does not cross a page boundary */
476 80892 : if (!ValidXLogRecord(state, record, RecPtr))
477 0 : goto err;
478 :
479 80892 : state->EndRecPtr = RecPtr + MAXALIGN(total_len);
480 :
481 80892 : state->ReadRecPtr = RecPtr;
482 : }
483 :
484 : /*
485 : * Special processing if it's an XLOG SWITCH record
486 : */
487 82536 : if (record->xl_rmid == RM_XLOG_ID &&
488 480 : (record->xl_info & ~XLR_INFO_MASK) == XLOG_SWITCH)
489 : {
490 : /* Pretend it extends to end of segment */
491 8 : state->EndRecPtr += state->wal_segment_size - 1;
492 8 : state->EndRecPtr -= XLogSegmentOffset(state->EndRecPtr, state->wal_segment_size);
493 : }
494 :
495 82056 : if (DecodeXLogRecord(state, record, errormsg))
496 82056 : return record;
497 : else
498 0 : return NULL;
499 :
500 : err:
501 :
502 : /*
503 : * Invalidate the read state. We might read from a different source after
504 : * failure.
505 : */
506 0 : XLogReaderInvalReadState(state);
507 :
508 0 : if (state->errormsg_buf[0] != '\0')
509 0 : *errormsg = state->errormsg_buf;
510 :
511 0 : return NULL;
512 : }
513 :
514 : /*
515 : * Read a single xlog page including at least [pageptr, reqLen] of valid data
516 : * via the read_page() callback.
517 : *
518 : * Returns -1 if the required page cannot be read for some reason; errormsg_buf
519 : * is set in that case (unless the error occurs in the read_page callback).
520 : *
521 : * We fetch the page from a reader-local cache if we know we have the required
522 : * data and if there hasn't been any error since caching the data.
523 : */
524 : static int
525 164116 : ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
526 : {
527 : int readLen;
528 : uint32 targetPageOff;
529 : XLogSegNo targetSegNo;
530 : XLogPageHeader hdr;
531 :
532 : Assert((pageptr % XLOG_BLCKSZ) == 0);
533 :
534 164116 : XLByteToSeg(pageptr, targetSegNo, state->wal_segment_size);
535 164116 : targetPageOff = XLogSegmentOffset(pageptr, state->wal_segment_size);
536 :
537 : /* check whether we have all the requested data already */
538 326884 : if (targetSegNo == state->readSegNo && targetPageOff == state->readOff &&
539 162768 : reqLen <= state->readLen)
540 162768 : return state->readLen;
541 :
542 : /*
543 : * Data is not in our buffer.
544 : *
545 : * Every time we actually read the page, even if we looked at parts of it
546 : * before, we need to do verification as the read_page callback might now
547 : * be rereading data from a different source.
548 : *
549 : * Whenever switching to a new WAL segment, we read the first page of the
550 : * file and validate its header, even if that's not where the target
551 : * record is. This is so that we can check the additional identification
552 : * info that is present in the first page's "long" header.
553 : */
554 1348 : if (targetSegNo != state->readSegNo && targetPageOff != 0)
555 : {
556 12 : XLogRecPtr targetSegmentPtr = pageptr - targetPageOff;
557 :
558 12 : readLen = state->read_page(state, targetSegmentPtr, XLOG_BLCKSZ,
559 : state->currRecPtr,
560 : state->readBuf, &state->readPageTLI);
561 12 : if (readLen < 0)
562 0 : goto err;
563 :
564 : /* we can be sure to have enough WAL available, we scrolled back */
565 : Assert(readLen == XLOG_BLCKSZ);
566 :
567 12 : if (!XLogReaderValidatePageHeader(state, targetSegmentPtr,
568 : state->readBuf))
569 0 : goto err;
570 : }
571 :
572 : /*
573 : * First, read the requested data length, but at least a short page header
574 : * so that we can validate it.
575 : */
576 1348 : readLen = state->read_page(state, pageptr, Max(reqLen, SizeOfXLogShortPHD),
577 : state->currRecPtr,
578 : state->readBuf, &state->readPageTLI);
579 1348 : if (readLen < 0)
580 0 : goto err;
581 :
582 : Assert(readLen <= XLOG_BLCKSZ);
583 :
584 : /* Do we have enough data to check the header length? */
585 1348 : if (readLen <= SizeOfXLogShortPHD)
586 0 : goto err;
587 :
588 : Assert(readLen >= reqLen);
589 :
590 1348 : hdr = (XLogPageHeader) state->readBuf;
591 :
592 : /* still not enough */
593 1348 : if (readLen < XLogPageHeaderSize(hdr))
594 : {
595 0 : readLen = state->read_page(state, pageptr, XLogPageHeaderSize(hdr),
596 : state->currRecPtr,
597 : state->readBuf, &state->readPageTLI);
598 0 : if (readLen < 0)
599 0 : goto err;
600 : }
601 :
602 : /*
603 : * Now that we know we have the full header, validate it.
604 : */
605 1348 : if (!XLogReaderValidatePageHeader(state, pageptr, (char *) hdr))
606 0 : goto err;
607 :
608 : /* update read state information */
609 1348 : state->readSegNo = targetSegNo;
610 1348 : state->readOff = targetPageOff;
611 1348 : state->readLen = readLen;
612 :
613 1348 : return readLen;
614 :
615 : err:
616 0 : XLogReaderInvalReadState(state);
617 0 : return -1;
618 : }
619 :
620 : /*
621 : * Invalidate the xlogreader's read state to force a re-read.
622 : */
623 : void
624 0 : XLogReaderInvalReadState(XLogReaderState *state)
625 : {
626 0 : state->readSegNo = 0;
627 0 : state->readOff = 0;
628 0 : state->readLen = 0;
629 0 : }
630 :
631 : /*
632 : * Validate an XLOG record header.
633 : *
634 : * This is just a convenience subroutine to avoid duplicated code in
635 : * XLogReadRecord. It's not intended for use from anywhere else.
636 : */
637 : static bool
638 82056 : ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
639 : XLogRecPtr PrevRecPtr, XLogRecord *record,
640 : bool randAccess)
641 : {
642 82056 : if (record->xl_tot_len < SizeOfXLogRecord)
643 : {
644 0 : report_invalid_record(state,
645 : "invalid record length at %X/%X: wanted %u, got %u",
646 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr,
647 : (uint32) SizeOfXLogRecord, record->xl_tot_len);
648 0 : return false;
649 : }
650 82056 : if (record->xl_rmid > RM_MAX_ID)
651 : {
652 0 : report_invalid_record(state,
653 : "invalid resource manager ID %u at %X/%X",
654 0 : record->xl_rmid, (uint32) (RecPtr >> 32),
655 : (uint32) RecPtr);
656 0 : return false;
657 : }
658 82056 : if (randAccess)
659 : {
660 : /*
661 : * We can't exactly verify the prev-link, but surely it should be less
662 : * than the record's own address.
663 : */
664 240 : if (!(record->xl_prev < RecPtr))
665 : {
666 0 : report_invalid_record(state,
667 : "record with incorrect prev-link %X/%X at %X/%X",
668 0 : (uint32) (record->xl_prev >> 32),
669 0 : (uint32) record->xl_prev,
670 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr);
671 0 : return false;
672 : }
673 : }
674 : else
675 : {
676 : /*
677 : * Record's prev-link should exactly match our previous location. This
678 : * check guards against torn WAL pages where a stale but valid-looking
679 : * WAL record starts on a sector boundary.
680 : */
681 81816 : if (record->xl_prev != PrevRecPtr)
682 : {
683 0 : report_invalid_record(state,
684 : "record with incorrect prev-link %X/%X at %X/%X",
685 0 : (uint32) (record->xl_prev >> 32),
686 0 : (uint32) record->xl_prev,
687 0 : (uint32) (RecPtr >> 32), (uint32) RecPtr);
688 0 : return false;
689 : }
690 : }
691 :
692 82056 : return true;
693 : }
694 :
695 :
696 : /*
697 : * CRC-check an XLOG record. We do not believe the contents of an XLOG
698 : * record (other than to the minimal extent of computing the amount of
699 : * data to read in) until we've checked the CRCs.
700 : *
701 : * We assume all of the record (that is, xl_tot_len bytes) has been read
702 : * into memory at *record. Also, ValidXLogRecordHeader() has accepted the
703 : * record's header, which means in particular that xl_tot_len is at least
704 : * SizeOfXlogRecord.
705 : */
706 : static bool
707 82056 : ValidXLogRecord(XLogReaderState *state, XLogRecord *record, XLogRecPtr recptr)
708 : {
709 : pg_crc32c crc;
710 :
711 : /* Calculate the CRC */
712 82056 : INIT_CRC32C(crc);
713 82056 : COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
714 : /* include the record header last */
715 82056 : COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
716 82056 : FIN_CRC32C(crc);
717 :
718 82056 : if (!EQ_CRC32C(record->xl_crc, crc))
719 : {
720 0 : report_invalid_record(state,
721 : "incorrect resource manager data checksum in record at %X/%X",
722 0 : (uint32) (recptr >> 32), (uint32) recptr);
723 0 : return false;
724 : }
725 :
726 82056 : return true;
727 : }
728 :
729 : /*
730 : * Validate a page header.
731 : *
732 : * Check if 'phdr' is valid as the header of the XLog page at position
733 : * 'recptr'.
734 : */
735 : bool
736 1360 : XLogReaderValidatePageHeader(XLogReaderState *state, XLogRecPtr recptr,
737 : char *phdr)
738 : {
739 : XLogRecPtr recaddr;
740 : XLogSegNo segno;
741 : int32 offset;
742 1360 : XLogPageHeader hdr = (XLogPageHeader) phdr;
743 :
744 : Assert((recptr % XLOG_BLCKSZ) == 0);
745 :
746 1360 : XLByteToSeg(recptr, segno, state->wal_segment_size);
747 1360 : offset = XLogSegmentOffset(recptr, state->wal_segment_size);
748 :
749 1360 : XLogSegNoOffsetToRecPtr(segno, offset, state->wal_segment_size, recaddr);
750 :
751 1360 : if (hdr->xlp_magic != XLOG_PAGE_MAGIC)
752 : {
753 : char fname[MAXFNAMELEN];
754 :
755 0 : XLogFileName(fname, state->readPageTLI, segno, state->wal_segment_size);
756 :
757 0 : report_invalid_record(state,
758 : "invalid magic number %04X in log segment %s, offset %u",
759 0 : hdr->xlp_magic,
760 : fname,
761 : offset);
762 0 : return false;
763 : }
764 :
765 1360 : if ((hdr->xlp_info & ~XLP_ALL_FLAGS) != 0)
766 : {
767 : char fname[MAXFNAMELEN];
768 :
769 0 : XLogFileName(fname, state->readPageTLI, segno, state->wal_segment_size);
770 :
771 0 : report_invalid_record(state,
772 : "invalid info bits %04X in log segment %s, offset %u",
773 0 : hdr->xlp_info,
774 : fname,
775 : offset);
776 0 : return false;
777 : }
778 :
779 1360 : if (hdr->xlp_info & XLP_LONG_HEADER)
780 : {
781 48 : XLogLongPageHeader longhdr = (XLogLongPageHeader) hdr;
782 :
783 48 : if (state->system_identifier &&
784 0 : longhdr->xlp_sysid != state->system_identifier)
785 : {
786 : char fhdrident_str[32];
787 : char sysident_str[32];
788 :
789 : /*
790 : * Format sysids separately to keep platform-dependent format code
791 : * out of the translatable message string.
792 : */
793 0 : snprintf(fhdrident_str, sizeof(fhdrident_str), UINT64_FORMAT,
794 : longhdr->xlp_sysid);
795 0 : snprintf(sysident_str, sizeof(sysident_str), UINT64_FORMAT,
796 : state->system_identifier);
797 0 : report_invalid_record(state,
798 : "WAL file is from different database system: WAL file database system identifier is %s, pg_control database system identifier is %s",
799 : fhdrident_str, sysident_str);
800 0 : return false;
801 : }
802 48 : else if (longhdr->xlp_seg_size != state->wal_segment_size)
803 : {
804 0 : report_invalid_record(state,
805 : "WAL file is from different database system: incorrect segment size in page header");
806 0 : return false;
807 : }
808 48 : else if (longhdr->xlp_xlog_blcksz != XLOG_BLCKSZ)
809 : {
810 0 : report_invalid_record(state,
811 : "WAL file is from different database system: incorrect XLOG_BLCKSZ in page header");
812 0 : return false;
813 : }
814 : }
815 1312 : else if (offset == 0)
816 : {
817 : char fname[MAXFNAMELEN];
818 :
819 0 : XLogFileName(fname, state->readPageTLI, segno, state->wal_segment_size);
820 :
821 : /* hmm, first page of file doesn't have a long header? */
822 0 : report_invalid_record(state,
823 : "invalid info bits %04X in log segment %s, offset %u",
824 0 : hdr->xlp_info,
825 : fname,
826 : offset);
827 0 : return false;
828 : }
829 :
830 : /*
831 : * Check that the address on the page agrees with what we expected. This
832 : * check typically fails when an old WAL segment is recycled, and hasn't
833 : * yet been overwritten with new data yet.
834 : */
835 1360 : if (hdr->xlp_pageaddr != recaddr)
836 : {
837 : char fname[MAXFNAMELEN];
838 :
839 0 : XLogFileName(fname, state->readPageTLI, segno, state->wal_segment_size);
840 :
841 0 : report_invalid_record(state,
842 : "unexpected pageaddr %X/%X in log segment %s, offset %u",
843 0 : (uint32) (hdr->xlp_pageaddr >> 32), (uint32) hdr->xlp_pageaddr,
844 : fname,
845 : offset);
846 0 : return false;
847 : }
848 :
849 : /*
850 : * Since child timelines are always assigned a TLI greater than their
851 : * immediate parent's TLI, we should never see TLI go backwards across
852 : * successive pages of a consistent WAL sequence.
853 : *
854 : * Sometimes we re-read a segment that's already been (partially) read. So
855 : * we only verify TLIs for pages that are later than the last remembered
856 : * LSN.
857 : */
858 1360 : if (recptr > state->latestPagePtr)
859 : {
860 1284 : if (hdr->xlp_tli < state->latestPageTLI)
861 : {
862 : char fname[MAXFNAMELEN];
863 :
864 0 : XLogFileName(fname, state->readPageTLI, segno, state->wal_segment_size);
865 :
866 0 : report_invalid_record(state,
867 : "out-of-sequence timeline ID %u (after %u) in log segment %s, offset %u",
868 : hdr->xlp_tli,
869 : state->latestPageTLI,
870 : fname,
871 : offset);
872 0 : return false;
873 : }
874 : }
875 1360 : state->latestPagePtr = recptr;
876 1360 : state->latestPageTLI = hdr->xlp_tli;
877 :
878 1360 : return true;
879 : }
880 :
881 : #ifdef FRONTEND
882 : /*
883 : * Functions that are currently not needed in the backend, but are better
884 : * implemented inside xlogreader.c because of the internal facilities available
885 : * here.
886 : */
887 :
888 : /*
889 : * Find the first record with an lsn >= RecPtr.
890 : *
891 : * Useful for checking whether RecPtr is a valid xlog address for reading, and
892 : * to find the first valid address after some address when dumping records for
893 : * debugging purposes.
894 : */
895 : XLogRecPtr
896 0 : XLogFindNextRecord(XLogReaderState *state, XLogRecPtr RecPtr)
897 : {
898 0 : XLogReaderState saved_state = *state;
899 : XLogRecPtr tmpRecPtr;
900 0 : XLogRecPtr found = InvalidXLogRecPtr;
901 : XLogPageHeader header;
902 : char *errormsg;
903 :
904 : Assert(!XLogRecPtrIsInvalid(RecPtr));
905 :
906 : /*
907 : * skip over potential continuation data, keeping in mind that it may span
908 : * multiple pages
909 : */
910 0 : tmpRecPtr = RecPtr;
911 : while (true)
912 0 : {
913 : XLogRecPtr targetPagePtr;
914 : int targetRecOff;
915 : uint32 pageHeaderSize;
916 : int readLen;
917 :
918 : /*
919 : * Compute targetRecOff. It should typically be equal or greater than
920 : * short page-header since a valid record can't start anywhere before
921 : * that, except when caller has explicitly specified the offset that
922 : * falls somewhere there or when we are skipping multi-page
923 : * continuation record. It doesn't matter though because
924 : * ReadPageInternal() is prepared to handle that and will read at
925 : * least short page-header worth of data
926 : */
927 0 : targetRecOff = tmpRecPtr % XLOG_BLCKSZ;
928 :
929 : /* scroll back to page boundary */
930 0 : targetPagePtr = tmpRecPtr - targetRecOff;
931 :
932 : /* Read the page containing the record */
933 0 : readLen = ReadPageInternal(state, targetPagePtr, targetRecOff);
934 0 : if (readLen < 0)
935 0 : goto err;
936 :
937 0 : header = (XLogPageHeader) state->readBuf;
938 :
939 0 : pageHeaderSize = XLogPageHeaderSize(header);
940 :
941 : /* make sure we have enough data for the page header */
942 0 : readLen = ReadPageInternal(state, targetPagePtr, pageHeaderSize);
943 0 : if (readLen < 0)
944 0 : goto err;
945 :
946 : /* skip over potential continuation data */
947 0 : if (header->xlp_info & XLP_FIRST_IS_CONTRECORD)
948 : {
949 : /*
950 : * If the length of the remaining continuation data is more than
951 : * what can fit in this page, the continuation record crosses over
952 : * this page. Read the next page and try again. xlp_rem_len in the
953 : * next page header will contain the remaining length of the
954 : * continuation data
955 : *
956 : * Note that record headers are MAXALIGN'ed
957 : */
958 0 : if (MAXALIGN(header->xlp_rem_len) > (XLOG_BLCKSZ - pageHeaderSize))
959 0 : tmpRecPtr = targetPagePtr + XLOG_BLCKSZ;
960 : else
961 : {
962 : /*
963 : * The previous continuation record ends in this page. Set
964 : * tmpRecPtr to point to the first valid record
965 : */
966 0 : tmpRecPtr = targetPagePtr + pageHeaderSize
967 0 : + MAXALIGN(header->xlp_rem_len);
968 0 : break;
969 : }
970 : }
971 : else
972 : {
973 0 : tmpRecPtr = targetPagePtr + pageHeaderSize;
974 0 : break;
975 : }
976 : }
977 :
978 : /*
979 : * we know now that tmpRecPtr is an address pointing to a valid XLogRecord
980 : * because either we're at the first record after the beginning of a page
981 : * or we just jumped over the remaining data of a continuation.
982 : */
983 0 : while (XLogReadRecord(state, tmpRecPtr, &errormsg) != NULL)
984 : {
985 : /* continue after the record */
986 0 : tmpRecPtr = InvalidXLogRecPtr;
987 :
988 : /* past the record we've found, break out */
989 0 : if (RecPtr <= state->ReadRecPtr)
990 : {
991 0 : found = state->ReadRecPtr;
992 0 : goto out;
993 : }
994 : }
995 :
996 : err:
997 : out:
998 : /* Reset state to what we had before finding the record */
999 0 : state->ReadRecPtr = saved_state.ReadRecPtr;
1000 0 : state->EndRecPtr = saved_state.EndRecPtr;
1001 0 : XLogReaderInvalReadState(state);
1002 :
1003 0 : return found;
1004 : }
1005 :
1006 : #endif /* FRONTEND */
1007 :
1008 :
1009 : /* ----------------------------------------
1010 : * Functions for decoding the data and block references in a record.
1011 : * ----------------------------------------
1012 : */
1013 :
1014 : /* private function to reset the state between records */
1015 : static void
1016 164112 : ResetDecoder(XLogReaderState *state)
1017 : {
1018 : int block_id;
1019 :
1020 164112 : state->decoded_record = NULL;
1021 :
1022 164112 : state->main_data_len = 0;
1023 :
1024 246340 : for (block_id = 0; block_id <= state->max_block_id; block_id++)
1025 : {
1026 82228 : state->blocks[block_id].in_use = false;
1027 82228 : state->blocks[block_id].has_image = false;
1028 82228 : state->blocks[block_id].has_data = false;
1029 82228 : state->blocks[block_id].apply_image = false;
1030 : }
1031 164112 : state->max_block_id = -1;
1032 164112 : }
1033 :
1034 : /*
1035 : * Decode the previously read record.
1036 : *
1037 : * On error, a human-readable error message is returned in *errormsg, and
1038 : * the return value is false.
1039 : */
1040 : bool
1041 82056 : DecodeXLogRecord(XLogReaderState *state, XLogRecord *record, char **errormsg)
1042 : {
1043 : /*
1044 : * read next _size bytes from record buffer, but check for overrun first.
1045 : */
1046 : #define COPY_HEADER_FIELD(_dst, _size) \
1047 : do { \
1048 : if (remaining < _size) \
1049 : goto shortdata_err; \
1050 : memcpy(_dst, ptr, _size); \
1051 : ptr += _size; \
1052 : remaining -= _size; \
1053 : } while(0)
1054 :
1055 : char *ptr;
1056 : uint32 remaining;
1057 : uint32 datatotal;
1058 82056 : RelFileNode *rnode = NULL;
1059 : uint8 block_id;
1060 :
1061 82056 : ResetDecoder(state);
1062 :
1063 82056 : state->decoded_record = record;
1064 82056 : state->record_origin = InvalidRepOriginId;
1065 :
1066 82056 : ptr = (char *) record;
1067 82056 : ptr += SizeOfXLogRecord;
1068 82056 : remaining = record->xl_tot_len - SizeOfXLogRecord;
1069 :
1070 : /* Decode the headers */
1071 82056 : datatotal = 0;
1072 246340 : while (remaining > datatotal)
1073 : {
1074 163868 : COPY_HEADER_FIELD(&block_id, sizeof(uint8));
1075 :
1076 163868 : if (block_id == XLR_BLOCK_ID_DATA_SHORT)
1077 : {
1078 : /* XLogRecordDataHeaderShort */
1079 : uint8 main_data_len;
1080 :
1081 81628 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint8));
1082 :
1083 81628 : state->main_data_len = main_data_len;
1084 81628 : datatotal += main_data_len;
1085 81628 : break; /* by convention, the main data fragment is
1086 : * always last */
1087 : }
1088 82240 : else if (block_id == XLR_BLOCK_ID_DATA_LONG)
1089 : {
1090 : /* XLogRecordDataHeaderLong */
1091 : uint32 main_data_len;
1092 :
1093 12 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint32));
1094 12 : state->main_data_len = main_data_len;
1095 12 : datatotal += main_data_len;
1096 12 : break; /* by convention, the main data fragment is
1097 : * always last */
1098 : }
1099 82228 : else if (block_id == XLR_BLOCK_ID_ORIGIN)
1100 : {
1101 0 : COPY_HEADER_FIELD(&state->record_origin, sizeof(RepOriginId));
1102 : }
1103 82228 : else if (block_id <= XLR_MAX_BLOCK_ID)
1104 : {
1105 : /* XLogRecordBlockHeader */
1106 : DecodedBkpBlock *blk;
1107 : uint8 fork_flags;
1108 :
1109 82228 : if (block_id <= state->max_block_id)
1110 : {
1111 0 : report_invalid_record(state,
1112 : "out-of-order block_id %u at %X/%X",
1113 : block_id,
1114 0 : (uint32) (state->ReadRecPtr >> 32),
1115 0 : (uint32) state->ReadRecPtr);
1116 0 : goto err;
1117 : }
1118 82228 : state->max_block_id = block_id;
1119 :
1120 82228 : blk = &state->blocks[block_id];
1121 82228 : blk->in_use = true;
1122 82228 : blk->apply_image = false;
1123 :
1124 82228 : COPY_HEADER_FIELD(&fork_flags, sizeof(uint8));
1125 82228 : blk->forknum = fork_flags & BKPBLOCK_FORK_MASK;
1126 82228 : blk->flags = fork_flags;
1127 82228 : blk->has_image = ((fork_flags & BKPBLOCK_HAS_IMAGE) != 0);
1128 82228 : blk->has_data = ((fork_flags & BKPBLOCK_HAS_DATA) != 0);
1129 :
1130 82228 : COPY_HEADER_FIELD(&blk->data_len, sizeof(uint16));
1131 : /* cross-check that the HAS_DATA flag is set iff data_length > 0 */
1132 82228 : if (blk->has_data && blk->data_len == 0)
1133 : {
1134 0 : report_invalid_record(state,
1135 : "BKPBLOCK_HAS_DATA set, but no data included at %X/%X",
1136 0 : (uint32) (state->ReadRecPtr >> 32), (uint32) state->ReadRecPtr);
1137 0 : goto err;
1138 : }
1139 82228 : if (!blk->has_data && blk->data_len != 0)
1140 : {
1141 0 : report_invalid_record(state,
1142 : "BKPBLOCK_HAS_DATA not set, but data length is %u at %X/%X",
1143 0 : (unsigned int) blk->data_len,
1144 0 : (uint32) (state->ReadRecPtr >> 32), (uint32) state->ReadRecPtr);
1145 0 : goto err;
1146 : }
1147 82228 : datatotal += blk->data_len;
1148 :
1149 82228 : if (blk->has_image)
1150 : {
1151 640 : COPY_HEADER_FIELD(&blk->bimg_len, sizeof(uint16));
1152 640 : COPY_HEADER_FIELD(&blk->hole_offset, sizeof(uint16));
1153 640 : COPY_HEADER_FIELD(&blk->bimg_info, sizeof(uint8));
1154 :
1155 640 : blk->apply_image = ((blk->bimg_info & BKPIMAGE_APPLY) != 0);
1156 :
1157 640 : if (blk->bimg_info & BKPIMAGE_IS_COMPRESSED)
1158 : {
1159 0 : if (blk->bimg_info & BKPIMAGE_HAS_HOLE)
1160 0 : COPY_HEADER_FIELD(&blk->hole_length, sizeof(uint16));
1161 : else
1162 0 : blk->hole_length = 0;
1163 : }
1164 : else
1165 640 : blk->hole_length = BLCKSZ - blk->bimg_len;
1166 640 : datatotal += blk->bimg_len;
1167 :
1168 : /*
1169 : * cross-check that hole_offset > 0, hole_length > 0 and
1170 : * bimg_len < BLCKSZ if the HAS_HOLE flag is set.
1171 : */
1172 1240 : if ((blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1173 1200 : (blk->hole_offset == 0 ||
1174 1200 : blk->hole_length == 0 ||
1175 600 : blk->bimg_len == BLCKSZ))
1176 : {
1177 0 : report_invalid_record(state,
1178 : "BKPIMAGE_HAS_HOLE set, but hole offset %u length %u block image length %u at %X/%X",
1179 0 : (unsigned int) blk->hole_offset,
1180 0 : (unsigned int) blk->hole_length,
1181 0 : (unsigned int) blk->bimg_len,
1182 0 : (uint32) (state->ReadRecPtr >> 32), (uint32) state->ReadRecPtr);
1183 0 : goto err;
1184 : }
1185 :
1186 : /*
1187 : * cross-check that hole_offset == 0 and hole_length == 0 if
1188 : * the HAS_HOLE flag is not set.
1189 : */
1190 680 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1191 80 : (blk->hole_offset != 0 || blk->hole_length != 0))
1192 : {
1193 0 : report_invalid_record(state,
1194 : "BKPIMAGE_HAS_HOLE not set, but hole offset %u length %u at %X/%X",
1195 0 : (unsigned int) blk->hole_offset,
1196 0 : (unsigned int) blk->hole_length,
1197 0 : (uint32) (state->ReadRecPtr >> 32), (uint32) state->ReadRecPtr);
1198 0 : goto err;
1199 : }
1200 :
1201 : /*
1202 : * cross-check that bimg_len < BLCKSZ if the IS_COMPRESSED
1203 : * flag is set.
1204 : */
1205 640 : if ((blk->bimg_info & BKPIMAGE_IS_COMPRESSED) &&
1206 0 : blk->bimg_len == BLCKSZ)
1207 : {
1208 0 : report_invalid_record(state,
1209 : "BKPIMAGE_IS_COMPRESSED set, but block image length %u at %X/%X",
1210 0 : (unsigned int) blk->bimg_len,
1211 0 : (uint32) (state->ReadRecPtr >> 32), (uint32) state->ReadRecPtr);
1212 0 : goto err;
1213 : }
1214 :
1215 : /*
1216 : * cross-check that bimg_len = BLCKSZ if neither HAS_HOLE nor
1217 : * IS_COMPRESSED flag is set.
1218 : */
1219 680 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1220 80 : !(blk->bimg_info & BKPIMAGE_IS_COMPRESSED) &&
1221 40 : blk->bimg_len != BLCKSZ)
1222 : {
1223 0 : report_invalid_record(state,
1224 : "neither BKPIMAGE_HAS_HOLE nor BKPIMAGE_IS_COMPRESSED set, but block image length is %u at %X/%X",
1225 0 : (unsigned int) blk->data_len,
1226 0 : (uint32) (state->ReadRecPtr >> 32), (uint32) state->ReadRecPtr);
1227 0 : goto err;
1228 : }
1229 : }
1230 82228 : if (!(fork_flags & BKPBLOCK_SAME_REL))
1231 : {
1232 81892 : COPY_HEADER_FIELD(&blk->rnode, sizeof(RelFileNode));
1233 81892 : rnode = &blk->rnode;
1234 : }
1235 : else
1236 : {
1237 336 : if (rnode == NULL)
1238 : {
1239 0 : report_invalid_record(state,
1240 : "BKPBLOCK_SAME_REL set but no previous rel at %X/%X",
1241 0 : (uint32) (state->ReadRecPtr >> 32), (uint32) state->ReadRecPtr);
1242 0 : goto err;
1243 : }
1244 :
1245 336 : blk->rnode = *rnode;
1246 : }
1247 82228 : COPY_HEADER_FIELD(&blk->blkno, sizeof(BlockNumber));
1248 : }
1249 : else
1250 : {
1251 0 : report_invalid_record(state,
1252 : "invalid block_id %u at %X/%X",
1253 : block_id,
1254 0 : (uint32) (state->ReadRecPtr >> 32),
1255 0 : (uint32) state->ReadRecPtr);
1256 0 : goto err;
1257 : }
1258 : }
1259 :
1260 82056 : if (remaining != datatotal)
1261 0 : goto shortdata_err;
1262 :
1263 : /*
1264 : * Ok, we've parsed the fragment headers, and verified that the total
1265 : * length of the payload in the fragments is equal to the amount of data
1266 : * left. Copy the data of each fragment to a separate buffer.
1267 : *
1268 : * We could just set up pointers into readRecordBuf, but we want to align
1269 : * the data for the convenience of the callers. Backup images are not
1270 : * copied, however; they don't need alignment.
1271 : */
1272 :
1273 : /* block data first */
1274 164284 : for (block_id = 0; block_id <= state->max_block_id; block_id++)
1275 : {
1276 82228 : DecodedBkpBlock *blk = &state->blocks[block_id];
1277 :
1278 82228 : if (!blk->in_use)
1279 0 : continue;
1280 :
1281 : Assert(blk->has_image || !blk->apply_image);
1282 :
1283 82228 : if (blk->has_image)
1284 : {
1285 640 : blk->bkp_image = ptr;
1286 640 : ptr += blk->bimg_len;
1287 : }
1288 82228 : if (blk->has_data)
1289 : {
1290 40960 : if (!blk->data || blk->data_len > blk->data_bufsz)
1291 : {
1292 12 : if (blk->data)
1293 0 : pfree(blk->data);
1294 :
1295 : /*
1296 : * Force the initial request to be BLCKSZ so that we don't
1297 : * waste time with lots of trips through this stanza as a
1298 : * result of WAL compression.
1299 : */
1300 12 : blk->data_bufsz = MAXALIGN(Max(blk->data_len, BLCKSZ));
1301 12 : blk->data = palloc(blk->data_bufsz);
1302 : }
1303 40960 : memcpy(blk->data, ptr, blk->data_len);
1304 40960 : ptr += blk->data_len;
1305 : }
1306 : }
1307 :
1308 : /* and finally, the main data */
1309 82056 : if (state->main_data_len > 0)
1310 : {
1311 81640 : if (!state->main_data || state->main_data_len > state->main_data_bufsz)
1312 : {
1313 32 : if (state->main_data)
1314 0 : pfree(state->main_data);
1315 :
1316 : /*
1317 : * main_data_bufsz must be MAXALIGN'ed. In many xlog record
1318 : * types, we omit trailing struct padding on-disk to save a few
1319 : * bytes; but compilers may generate accesses to the xlog struct
1320 : * that assume that padding bytes are present. If the palloc
1321 : * request is not large enough to include such padding bytes then
1322 : * we'll get valgrind complaints due to otherwise-harmless fetches
1323 : * of the padding bytes.
1324 : *
1325 : * In addition, force the initial request to be reasonably large
1326 : * so that we don't waste time with lots of trips through this
1327 : * stanza. BLCKSZ / 2 seems like a good compromise choice.
1328 : */
1329 32 : state->main_data_bufsz = MAXALIGN(Max(state->main_data_len,
1330 : BLCKSZ / 2));
1331 32 : state->main_data = palloc(state->main_data_bufsz);
1332 : }
1333 81640 : memcpy(state->main_data, ptr, state->main_data_len);
1334 81640 : ptr += state->main_data_len;
1335 : }
1336 :
1337 82056 : return true;
1338 :
1339 : shortdata_err:
1340 0 : report_invalid_record(state,
1341 : "record with invalid length at %X/%X",
1342 0 : (uint32) (state->ReadRecPtr >> 32), (uint32) state->ReadRecPtr);
1343 : err:
1344 0 : *errormsg = state->errormsg_buf;
1345 :
1346 0 : return false;
1347 : }
1348 :
1349 : /*
1350 : * Returns information about the block that a block reference refers to.
1351 : *
1352 : * If the WAL record contains a block reference with the given ID, *rnode,
1353 : * *forknum, and *blknum are filled in (if not NULL), and returns true.
1354 : * Otherwise returns false.
1355 : */
1356 : bool
1357 82048 : XLogRecGetBlockTag(XLogReaderState *record, uint8 block_id,
1358 : RelFileNode *rnode, ForkNumber *forknum, BlockNumber *blknum)
1359 : {
1360 : DecodedBkpBlock *bkpb;
1361 :
1362 82048 : if (!record->blocks[block_id].in_use)
1363 0 : return false;
1364 :
1365 82048 : bkpb = &record->blocks[block_id];
1366 82048 : if (rnode)
1367 82048 : *rnode = bkpb->rnode;
1368 82048 : if (forknum)
1369 82048 : *forknum = bkpb->forknum;
1370 82048 : if (blknum)
1371 82048 : *blknum = bkpb->blkno;
1372 82048 : return true;
1373 : }
1374 :
1375 : /*
1376 : * Returns the data associated with a block reference, or NULL if there is
1377 : * no data (e.g. because a full-page image was taken instead). The returned
1378 : * pointer points to a MAXALIGNed buffer.
1379 : */
1380 : char *
1381 0 : XLogRecGetBlockData(XLogReaderState *record, uint8 block_id, Size *len)
1382 : {
1383 : DecodedBkpBlock *bkpb;
1384 :
1385 0 : if (!record->blocks[block_id].in_use)
1386 0 : return NULL;
1387 :
1388 0 : bkpb = &record->blocks[block_id];
1389 :
1390 0 : if (!bkpb->has_data)
1391 : {
1392 0 : if (len)
1393 0 : *len = 0;
1394 0 : return NULL;
1395 : }
1396 : else
1397 : {
1398 0 : if (len)
1399 0 : *len = bkpb->data_len;
1400 0 : return bkpb->data;
1401 : }
1402 : }
1403 :
1404 : /*
1405 : * Restore a full-page image from a backup block attached to an XLOG record.
1406 : *
1407 : * Returns the buffer number containing the page.
1408 : */
1409 : bool
1410 0 : RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
1411 : {
1412 : DecodedBkpBlock *bkpb;
1413 : char *ptr;
1414 : PGAlignedBlock tmp;
1415 :
1416 0 : if (!record->blocks[block_id].in_use)
1417 0 : return false;
1418 0 : if (!record->blocks[block_id].has_image)
1419 0 : return false;
1420 :
1421 0 : bkpb = &record->blocks[block_id];
1422 0 : ptr = bkpb->bkp_image;
1423 :
1424 0 : if (bkpb->bimg_info & BKPIMAGE_IS_COMPRESSED)
1425 : {
1426 : /* If a backup block image is compressed, decompress it */
1427 0 : if (pglz_decompress(ptr, bkpb->bimg_len, tmp.data,
1428 0 : BLCKSZ - bkpb->hole_length, true) < 0)
1429 : {
1430 0 : report_invalid_record(record, "invalid compressed image at %X/%X, block %d",
1431 0 : (uint32) (record->ReadRecPtr >> 32),
1432 0 : (uint32) record->ReadRecPtr,
1433 : block_id);
1434 0 : return false;
1435 : }
1436 0 : ptr = tmp.data;
1437 : }
1438 :
1439 : /* generate page, taking into account hole if necessary */
1440 0 : if (bkpb->hole_length == 0)
1441 : {
1442 0 : memcpy(page, ptr, BLCKSZ);
1443 : }
1444 : else
1445 : {
1446 0 : memcpy(page, ptr, bkpb->hole_offset);
1447 : /* must zero-fill the hole */
1448 0 : MemSet(page + bkpb->hole_offset, 0, bkpb->hole_length);
1449 0 : memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
1450 0 : ptr + bkpb->hole_offset,
1451 0 : BLCKSZ - (bkpb->hole_offset + bkpb->hole_length));
1452 : }
1453 :
1454 0 : return true;
1455 : }
|
