Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * xlogreader.c
4 : * Generic XLog reading facility
5 : *
6 : * Portions Copyright (c) 2013-2022, PostgreSQL Global Development Group
7 : *
8 : * IDENTIFICATION
9 : * src/backend/access/transam/xlogreader.c
10 : *
11 : * NOTES
12 : * See xlogreader.h for more notes on this facility.
13 : *
14 : * This file is compiled as both front-end and backend code, so it
15 : * may not use ereport, server-defined static variables, etc.
16 : *-------------------------------------------------------------------------
17 : */
18 : #include "postgres.h"
19 :
20 : #include <unistd.h>
21 : #ifdef USE_LZ4
22 : #include <lz4.h>
23 : #endif
24 : #ifdef USE_ZSTD
25 : #include <zstd.h>
26 : #endif
27 :
28 : #include "access/transam.h"
29 : #include "access/xlog_internal.h"
30 : #include "access/xlogreader.h"
31 : #include "access/xlogrecord.h"
32 : #include "catalog/pg_control.h"
33 : #include "common/pg_lzcompress.h"
34 : #include "replication/origin.h"
35 :
36 : #ifndef FRONTEND
37 : #include "miscadmin.h"
38 : #include "pgstat.h"
39 : #include "utils/memutils.h"
40 : #else
41 : #include "common/logging.h"
42 : #endif
43 :
44 : static void report_invalid_record(XLogReaderState *state, const char *fmt,...)
45 : pg_attribute_printf(2, 3);
46 : static bool allocate_recordbuf(XLogReaderState *state, uint32 reclength);
47 : static int ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr,
48 : int reqLen);
49 : static void XLogReaderInvalReadState(XLogReaderState *state);
50 : static XLogPageReadResult XLogDecodeNextRecord(XLogReaderState *state, bool non_blocking);
51 : static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
52 : XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess);
53 : static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record,
54 : XLogRecPtr recptr);
55 : static void ResetDecoder(XLogReaderState *state);
56 : static void WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
57 : int segsize, const char *waldir);
58 :
59 : /* size of the buffer allocated for error message. */
60 : #define MAX_ERRORMSG_LEN 1000
61 :
62 : /*
63 : * Default size; large enough that typical users of XLogReader won't often need
64 : * to use the 'oversized' memory allocation code path.
65 : */
66 : #define DEFAULT_DECODE_BUFFER_SIZE (64 * 1024)
67 :
68 : /*
69 : * Construct a string in state->errormsg_buf explaining what's wrong with
70 : * the current record being read.
71 : */
72 : static void
73 0 : report_invalid_record(XLogReaderState *state, const char *fmt,...)
74 : {
75 : va_list args;
76 :
77 0 : fmt = _(fmt);
78 :
79 0 : va_start(args, fmt);
80 0 : vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
81 0 : va_end(args);
82 :
83 0 : state->errormsg_deferred = true;
84 0 : }
85 :
86 : /*
87 : * Set the size of the decoding buffer. A pointer to a caller supplied memory
88 : * region may also be passed in, in which case non-oversized records will be
89 : * decoded there.
90 : */
91 : void
92 0 : XLogReaderSetDecodeBuffer(XLogReaderState *state, void *buffer, size_t size)
93 : {
94 : Assert(state->decode_buffer == NULL);
95 :
96 0 : state->decode_buffer = buffer;
97 0 : state->decode_buffer_size = size;
98 0 : state->decode_buffer_tail = buffer;
99 0 : state->decode_buffer_head = buffer;
100 0 : }
101 :
102 : /*
103 : * Allocate and initialize a new XLogReader.
104 : *
105 : * Returns NULL if the xlogreader couldn't be allocated.
106 : */
107 : XLogReaderState *
108 78 : XLogReaderAllocate(int wal_segment_size, const char *waldir,
109 : XLogReaderRoutine *routine, void *private_data)
110 : {
111 : XLogReaderState *state;
112 :
113 : state = (XLogReaderState *)
114 78 : palloc_extended(sizeof(XLogReaderState),
115 : MCXT_ALLOC_NO_OOM | MCXT_ALLOC_ZERO);
116 78 : if (!state)
117 0 : return NULL;
118 :
119 : /* initialize caller-provided support functions */
120 78 : state->routine = *routine;
121 :
122 : /*
123 : * Permanently allocate readBuf. We do it this way, rather than just
124 : * making a static array, for two reasons: (1) no need to waste the
125 : * storage in most instantiations of the backend; (2) a static char array
126 : * isn't guaranteed to have any particular alignment, whereas
127 : * palloc_extended() will provide MAXALIGN'd storage.
128 : */
129 78 : state->readBuf = (char *) palloc_extended(XLOG_BLCKSZ,
130 : MCXT_ALLOC_NO_OOM);
131 78 : if (!state->readBuf)
132 : {
133 0 : pfree(state);
134 0 : return NULL;
135 : }
136 :
137 : /* Initialize segment info. */
138 78 : WALOpenSegmentInit(&state->seg, &state->segcxt, wal_segment_size,
139 : waldir);
140 :
141 : /* system_identifier initialized to zeroes above */
142 78 : state->private_data = private_data;
143 : /* ReadRecPtr, EndRecPtr and readLen initialized to zeroes above */
144 78 : state->errormsg_buf = palloc_extended(MAX_ERRORMSG_LEN + 1,
145 : MCXT_ALLOC_NO_OOM);
146 78 : if (!state->errormsg_buf)
147 : {
148 0 : pfree(state->readBuf);
149 0 : pfree(state);
150 0 : return NULL;
151 : }
152 78 : state->errormsg_buf[0] = '\0';
153 :
154 : /*
155 : * Allocate an initial readRecordBuf of minimal size, which can later be
156 : * enlarged if necessary.
157 : */
158 78 : if (!allocate_recordbuf(state, 0))
159 : {
160 0 : pfree(state->errormsg_buf);
161 0 : pfree(state->readBuf);
162 0 : pfree(state);
163 0 : return NULL;
164 : }
165 :
166 78 : return state;
167 : }
168 :
169 : void
170 78 : XLogReaderFree(XLogReaderState *state)
171 : {
172 78 : if (state->seg.ws_file != -1)
173 0 : state->routine.segment_close(state);
174 :
175 78 : if (state->decode_buffer && state->free_decode_buffer)
176 78 : pfree(state->decode_buffer);
177 :
178 78 : pfree(state->errormsg_buf);
179 78 : if (state->readRecordBuf)
180 78 : pfree(state->readRecordBuf);
181 78 : pfree(state->readBuf);
182 78 : pfree(state);
183 78 : }
184 :
185 : /*
186 : * Allocate readRecordBuf to fit a record of at least the given length.
187 : * Returns true if successful, false if out of memory.
188 : *
189 : * readRecordBufSize is set to the new buffer size.
190 : *
191 : * To avoid useless small increases, round its size to a multiple of
192 : * XLOG_BLCKSZ, and make sure it's at least 5*Max(BLCKSZ, XLOG_BLCKSZ) to start
193 : * with. (That is enough for all "normal" records, but very large commit or
194 : * abort records might need more space.)
195 : */
196 : static bool
197 78 : allocate_recordbuf(XLogReaderState *state, uint32 reclength)
198 : {
199 78 : uint32 newSize = reclength;
200 :
201 78 : newSize += XLOG_BLCKSZ - (newSize % XLOG_BLCKSZ);
202 78 : newSize = Max(newSize, 5 * Max(BLCKSZ, XLOG_BLCKSZ));
203 :
204 : #ifndef FRONTEND
205 :
206 : /*
207 : * Note that in much unlucky circumstances, the random data read from a
208 : * recycled segment can cause this routine to be called with a size
209 : * causing a hard failure at allocation. For a standby, this would cause
210 : * the instance to stop suddenly with a hard failure, preventing it to
211 : * retry fetching WAL from one of its sources which could allow it to move
212 : * on with replay without a manual restart. If the data comes from a past
213 : * recycled segment and is still valid, then the allocation may succeed
214 : * but record checks are going to fail so this would be short-lived. If
215 : * the allocation fails because of a memory shortage, then this is not a
216 : * hard failure either per the guarantee given by MCXT_ALLOC_NO_OOM.
217 : */
218 : if (!AllocSizeIsValid(newSize))
219 : return false;
220 :
221 : #endif
222 :
223 78 : if (state->readRecordBuf)
224 0 : pfree(state->readRecordBuf);
225 78 : state->readRecordBuf =
226 78 : (char *) palloc_extended(newSize, MCXT_ALLOC_NO_OOM);
227 78 : if (state->readRecordBuf == NULL)
228 : {
229 0 : state->readRecordBufSize = 0;
230 0 : return false;
231 : }
232 78 : state->readRecordBufSize = newSize;
233 78 : return true;
234 : }
235 :
236 : /*
237 : * Initialize the passed segment structs.
238 : */
239 : static void
240 78 : WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
241 : int segsize, const char *waldir)
242 : {
243 78 : seg->ws_file = -1;
244 78 : seg->ws_segno = 0;
245 78 : seg->ws_tli = 0;
246 :
247 78 : segcxt->ws_segsize = segsize;
248 78 : if (waldir)
249 78 : snprintf(segcxt->ws_dir, MAXPGPATH, "%s", waldir);
250 78 : }
251 :
252 : /*
253 : * Begin reading WAL at 'RecPtr'.
254 : *
255 : * 'RecPtr' should point to the beginning of a valid WAL record. Pointing at
256 : * the beginning of a page is also OK, if there is a new record right after
257 : * the page header, i.e. not a continuation.
258 : *
259 : * This does not make any attempt to read the WAL yet, and hence cannot fail.
260 : * If the starting address is not correct, the first call to XLogReadRecord()
261 : * will error out.
262 : */
263 : void
264 4420 : XLogBeginRead(XLogReaderState *state, XLogRecPtr RecPtr)
265 : {
266 : Assert(!XLogRecPtrIsInvalid(RecPtr));
267 :
268 4420 : ResetDecoder(state);
269 :
270 : /* Begin at the passed-in record pointer. */
271 4420 : state->EndRecPtr = RecPtr;
272 4420 : state->NextRecPtr = RecPtr;
273 4420 : state->ReadRecPtr = InvalidXLogRecPtr;
274 4420 : state->DecodeRecPtr = InvalidXLogRecPtr;
275 4420 : }
276 :
277 : /*
278 : * See if we can release the last record that was returned by
279 : * XLogNextRecord(), if any, to free up space.
280 : */
281 : void
282 352364 : XLogReleasePreviousRecord(XLogReaderState *state)
283 : {
284 : DecodedXLogRecord *record;
285 :
286 352364 : if (!state->record)
287 180602 : return;
288 :
289 : /*
290 : * Remove it from the decoded record queue. It must be the oldest item
291 : * decoded, decode_queue_head.
292 : */
293 171762 : record = state->record;
294 : Assert(record == state->decode_queue_head);
295 171762 : state->record = NULL;
296 171762 : state->decode_queue_head = record->next;
297 :
298 : /* It might also be the newest item decoded, decode_queue_tail. */
299 171762 : if (state->decode_queue_tail == record)
300 171762 : state->decode_queue_tail = NULL;
301 :
302 : /* Release the space. */
303 171762 : if (unlikely(record->oversized))
304 : {
305 : /* It's not in the decode buffer, so free it to release space. */
306 0 : pfree(record);
307 : }
308 : else
309 : {
310 : /* It must be the head (oldest) record in the decode buffer. */
311 : Assert(state->decode_buffer_head == (char *) record);
312 :
313 : /*
314 : * We need to update head to point to the next record that is in the
315 : * decode buffer, if any, being careful to skip oversized ones
316 : * (they're not in the decode buffer).
317 : */
318 171762 : record = record->next;
319 171762 : while (unlikely(record && record->oversized))
320 0 : record = record->next;
321 :
322 171762 : if (record)
323 : {
324 : /* Adjust head to release space up to the next record. */
325 0 : state->decode_buffer_head = (char *) record;
326 : }
327 : else
328 : {
329 : /*
330 : * Otherwise we might as well just reset head and tail to the
331 : * start of the buffer space, because we're empty. This means
332 : * we'll keep overwriting the same piece of memory if we're not
333 : * doing any prefetching.
334 : */
335 171762 : state->decode_buffer_head = state->decode_buffer;
336 171762 : state->decode_buffer_tail = state->decode_buffer;
337 : }
338 : }
339 : }
340 :
341 : /*
342 : * Attempt to read an XLOG record.
343 : *
344 : * XLogBeginRead() or XLogFindNextRecord() and then XLogReadAhead() must be
345 : * called before the first call to XLogNextRecord(). This functions returns
346 : * records and errors that were put into an internal queue by XLogReadAhead().
347 : *
348 : * On success, a record is returned.
349 : *
350 : * The returned record (or *errormsg) points to an internal buffer that's
351 : * valid until the next call to XLogNextRecord.
352 : */
353 : DecodedXLogRecord *
354 176182 : XLogNextRecord(XLogReaderState *state, char **errormsg)
355 : {
356 : /* Release the last record returned by XLogNextRecord(). */
357 176182 : XLogReleasePreviousRecord(state);
358 :
359 176182 : if (state->decode_queue_head == NULL)
360 : {
361 0 : *errormsg = NULL;
362 0 : if (state->errormsg_deferred)
363 : {
364 0 : if (state->errormsg_buf[0] != '\0')
365 0 : *errormsg = state->errormsg_buf;
366 0 : state->errormsg_deferred = false;
367 : }
368 :
369 : /*
370 : * state->EndRecPtr is expected to have been set by the last call to
371 : * XLogBeginRead() or XLogNextRecord(), and is the location of the
372 : * error.
373 : */
374 : Assert(!XLogRecPtrIsInvalid(state->EndRecPtr));
375 :
376 0 : return NULL;
377 : }
378 :
379 : /*
380 : * Record this as the most recent record returned, so that we'll release
381 : * it next time. This also exposes it to the traditional
382 : * XLogRecXXX(xlogreader) macros, which work with the decoder rather than
383 : * the record for historical reasons.
384 : */
385 176182 : state->record = state->decode_queue_head;
386 :
387 : /*
388 : * Update the pointers to the beginning and one-past-the-end of this
389 : * record, again for the benefit of historical code that expected the
390 : * decoder to track this rather than accessing these fields of the record
391 : * itself.
392 : */
393 176182 : state->ReadRecPtr = state->record->lsn;
394 176182 : state->EndRecPtr = state->record->next_lsn;
395 :
396 176182 : *errormsg = NULL;
397 :
398 176182 : return state->record;
399 : }
400 :
401 : /*
402 : * Attempt to read an XLOG record.
403 : *
404 : * XLogBeginRead() or XLogFindNextRecord() must be called before the first call
405 : * to XLogReadRecord().
406 : *
407 : * If the page_read callback fails to read the requested data, NULL is
408 : * returned. The callback is expected to have reported the error; errormsg
409 : * is set to NULL.
410 : *
411 : * If the reading fails for some other reason, NULL is also returned, and
412 : * *errormsg is set to a string with details of the failure.
413 : *
414 : * The returned pointer (or *errormsg) points to an internal buffer that's
415 : * valid until the next call to XLogReadRecord.
416 : */
417 : XLogRecord *
418 176182 : XLogReadRecord(XLogReaderState *state, char **errormsg)
419 : {
420 : DecodedXLogRecord *decoded;
421 :
422 : /*
423 : * Release last returned record, if there is one. We need to do this so
424 : * that we can check for empty decode queue accurately.
425 : */
426 176182 : XLogReleasePreviousRecord(state);
427 :
428 : /*
429 : * Call XLogReadAhead() in blocking mode to make sure there is something
430 : * in the queue, though we don't use the result.
431 : */
432 176182 : if (!XLogReaderHasQueuedRecordOrError(state))
433 176182 : XLogReadAhead(state, false /* nonblocking */ );
434 :
435 : /* Consume the head record or error. */
436 176182 : decoded = XLogNextRecord(state, errormsg);
437 176182 : if (decoded)
438 : {
439 : /*
440 : * This function returns a pointer to the record's header, not the
441 : * actual decoded record. The caller will access the decoded record
442 : * through the XLogRecGetXXX() macros, which reach the decoded
443 : * recorded as xlogreader->record.
444 : */
445 : Assert(state->record == decoded);
446 176182 : return &decoded->header;
447 : }
448 :
449 0 : return NULL;
450 : }
451 :
452 : /*
453 : * Allocate space for a decoded record. The only member of the returned
454 : * object that is initialized is the 'oversized' flag, indicating that the
455 : * decoded record wouldn't fit in the decode buffer and must eventually be
456 : * freed explicitly.
457 : *
458 : * The caller is responsible for adjusting decode_buffer_tail with the real
459 : * size after successfully decoding a record into this space. This way, if
460 : * decoding fails, then there is nothing to undo unless the 'oversized' flag
461 : * was set and pfree() must be called.
462 : *
463 : * Return NULL if there is no space in the decode buffer and allow_oversized
464 : * is false, or if memory allocation fails for an oversized buffer.
465 : */
466 : static DecodedXLogRecord *
467 176182 : XLogReadRecordAlloc(XLogReaderState *state, size_t xl_tot_len, bool allow_oversized)
468 : {
469 176182 : size_t required_space = DecodeXLogRecordRequiredSpace(xl_tot_len);
470 176182 : DecodedXLogRecord *decoded = NULL;
471 :
472 : /* Allocate a circular decode buffer if we don't have one already. */
473 176182 : if (unlikely(state->decode_buffer == NULL))
474 : {
475 78 : if (state->decode_buffer_size == 0)
476 78 : state->decode_buffer_size = DEFAULT_DECODE_BUFFER_SIZE;
477 78 : state->decode_buffer = palloc(state->decode_buffer_size);
478 78 : state->decode_buffer_head = state->decode_buffer;
479 78 : state->decode_buffer_tail = state->decode_buffer;
480 78 : state->free_decode_buffer = true;
481 : }
482 :
483 : /* Try to allocate space in the circular decode buffer. */
484 176182 : if (state->decode_buffer_tail >= state->decode_buffer_head)
485 : {
486 : /* Empty, or tail is to the right of head. */
487 176182 : if (state->decode_buffer_tail + required_space <=
488 176182 : state->decode_buffer + state->decode_buffer_size)
489 : {
490 : /* There is space between tail and end. */
491 176182 : decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
492 176182 : decoded->oversized = false;
493 176182 : return decoded;
494 : }
495 0 : else if (state->decode_buffer + required_space <
496 0 : state->decode_buffer_head)
497 : {
498 : /* There is space between start and head. */
499 0 : decoded = (DecodedXLogRecord *) state->decode_buffer;
500 0 : decoded->oversized = false;
501 0 : return decoded;
502 : }
503 : }
504 : else
505 : {
506 : /* Tail is to the left of head. */
507 0 : if (state->decode_buffer_tail + required_space <
508 0 : state->decode_buffer_head)
509 : {
510 : /* There is space between tail and head. */
511 0 : decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
512 0 : decoded->oversized = false;
513 0 : return decoded;
514 : }
515 : }
516 :
517 : /* Not enough space in the decode buffer. Are we allowed to allocate? */
518 0 : if (allow_oversized)
519 : {
520 0 : decoded = palloc_extended(required_space, MCXT_ALLOC_NO_OOM);
521 0 : if (decoded == NULL)
522 0 : return NULL;
523 0 : decoded->oversized = true;
524 0 : return decoded;
525 : }
526 :
527 0 : return NULL;
528 : }
529 :
530 : static XLogPageReadResult
531 176182 : XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking)
532 : {
533 : XLogRecPtr RecPtr;
534 : XLogRecord *record;
535 : XLogRecPtr targetPagePtr;
536 : bool randAccess;
537 : uint32 len,
538 : total_len;
539 : uint32 targetRecOff;
540 : uint32 pageHeaderSize;
541 : bool assembled;
542 : bool gotheader;
543 : int readOff;
544 : DecodedXLogRecord *decoded;
545 : char *errormsg; /* not used */
546 :
547 : /*
548 : * randAccess indicates whether to verify the previous-record pointer of
549 : * the record we're reading. We only do this if we're reading
550 : * sequentially, which is what we initially assume.
551 : */
552 176182 : randAccess = false;
553 :
554 : /* reset error state */
555 176182 : state->errormsg_buf[0] = '\0';
556 176182 : decoded = NULL;
557 :
558 176182 : state->abortedRecPtr = InvalidXLogRecPtr;
559 176182 : state->missingContrecPtr = InvalidXLogRecPtr;
560 :
561 176182 : RecPtr = state->NextRecPtr;
562 :
563 176182 : if (state->DecodeRecPtr != InvalidXLogRecPtr)
564 : {
565 : /* read the record after the one we just read */
566 :
567 : /*
568 : * NextRecPtr is pointing to end+1 of the previous WAL record. If
569 : * we're at a page boundary, no more records can fit on the current
570 : * page. We must skip over the page header, but we can't do that until
571 : * we've read in the page, since the header size is variable.
572 : */
573 : }
574 : else
575 : {
576 : /*
577 : * Caller supplied a position to start at.
578 : *
579 : * In this case, NextRecPtr should already be pointing to a valid
580 : * record starting position.
581 : */
582 : Assert(XRecOffIsValid(RecPtr));
583 4420 : randAccess = true;
584 : }
585 :
586 176182 : restart:
587 176182 : state->nonblocking = nonblocking;
588 176182 : state->currRecPtr = RecPtr;
589 176182 : assembled = false;
590 :
591 176182 : targetPagePtr = RecPtr - (RecPtr % XLOG_BLCKSZ);
592 176182 : targetRecOff = RecPtr % XLOG_BLCKSZ;
593 :
594 : /*
595 : * Read the page containing the record into state->readBuf. Request enough
596 : * byte to cover the whole record header, or at least the part of it that
597 : * fits on the same page.
598 : */
599 176182 : readOff = ReadPageInternal(state, targetPagePtr,
600 176182 : Min(targetRecOff + SizeOfXLogRecord, XLOG_BLCKSZ));
601 176182 : if (readOff == XLREAD_WOULDBLOCK)
602 0 : return XLREAD_WOULDBLOCK;
603 176182 : else if (readOff < 0)
604 0 : goto err;
605 :
606 : /*
607 : * ReadPageInternal always returns at least the page header, so we can
608 : * examine it now.
609 : */
610 176182 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
611 176182 : if (targetRecOff == 0)
612 : {
613 : /*
614 : * At page start, so skip over page header.
615 : */
616 180 : RecPtr += pageHeaderSize;
617 180 : targetRecOff = pageHeaderSize;
618 : }
619 176002 : else if (targetRecOff < pageHeaderSize)
620 : {
621 0 : report_invalid_record(state, "invalid record offset at %X/%X",
622 0 : LSN_FORMAT_ARGS(RecPtr));
623 0 : goto err;
624 : }
625 :
626 176182 : if ((((XLogPageHeader) state->readBuf)->xlp_info & XLP_FIRST_IS_CONTRECORD) &&
627 : targetRecOff == pageHeaderSize)
628 : {
629 0 : report_invalid_record(state, "contrecord is requested by %X/%X",
630 0 : LSN_FORMAT_ARGS(RecPtr));
631 0 : goto err;
632 : }
633 :
634 : /* ReadPageInternal has verified the page header */
635 : Assert(pageHeaderSize <= readOff);
636 :
637 : /*
638 : * Read the record length.
639 : *
640 : * NB: Even though we use an XLogRecord pointer here, the whole record
641 : * header might not fit on this page. xl_tot_len is the first field of the
642 : * struct, so it must be on this page (the records are MAXALIGNed), but we
643 : * cannot access any other fields until we've verified that we got the
644 : * whole header.
645 : */
646 176182 : record = (XLogRecord *) (state->readBuf + RecPtr % XLOG_BLCKSZ);
647 176182 : total_len = record->xl_tot_len;
648 :
649 : /*
650 : * If the whole record header is on this page, validate it immediately.
651 : * Otherwise do just a basic sanity check on xl_tot_len, and validate the
652 : * rest of the header after reading it from the next page. The xl_tot_len
653 : * check is necessary here to ensure that we enter the "Need to reassemble
654 : * record" code path below; otherwise we might fail to apply
655 : * ValidXLogRecordHeader at all.
656 : */
657 176182 : if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
658 : {
659 175854 : if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr, record,
660 : randAccess))
661 0 : goto err;
662 175854 : gotheader = true;
663 : }
664 : else
665 : {
666 : /* XXX: more validation should be done here */
667 328 : if (total_len < SizeOfXLogRecord)
668 : {
669 0 : report_invalid_record(state,
670 : "invalid record length at %X/%X: wanted %u, got %u",
671 0 : LSN_FORMAT_ARGS(RecPtr),
672 : (uint32) SizeOfXLogRecord, total_len);
673 0 : goto err;
674 : }
675 328 : gotheader = false;
676 : }
677 :
678 : /*
679 : * Find space to decode this record. Don't allow oversized allocation if
680 : * the caller requested nonblocking. Otherwise, we *have* to try to
681 : * decode the record now because the caller has nothing else to do, so
682 : * allow an oversized record to be palloc'd if that turns out to be
683 : * necessary.
684 : */
685 176182 : decoded = XLogReadRecordAlloc(state,
686 : total_len,
687 176182 : !nonblocking /* allow_oversized */ );
688 176182 : if (decoded == NULL)
689 : {
690 : /*
691 : * There is no space in the decode buffer. The caller should help
692 : * with that problem by consuming some records.
693 : */
694 0 : if (nonblocking)
695 0 : return XLREAD_WOULDBLOCK;
696 :
697 : /* We failed to allocate memory for an oversized record. */
698 0 : report_invalid_record(state,
699 : "out of memory while trying to decode a record of length %u", total_len);
700 0 : goto err;
701 : }
702 :
703 176182 : len = XLOG_BLCKSZ - RecPtr % XLOG_BLCKSZ;
704 176182 : if (total_len > len)
705 : {
706 : /* Need to reassemble record */
707 : char *contdata;
708 : XLogPageHeader pageHeader;
709 : char *buffer;
710 : uint32 gotlen;
711 :
712 8084 : assembled = true;
713 :
714 : /*
715 : * Enlarge readRecordBuf as needed.
716 : */
717 8084 : if (total_len > state->readRecordBufSize &&
718 0 : !allocate_recordbuf(state, total_len))
719 : {
720 : /* We treat this as a "bogus data" condition */
721 0 : report_invalid_record(state, "record length %u at %X/%X too long",
722 0 : total_len, LSN_FORMAT_ARGS(RecPtr));
723 0 : goto err;
724 : }
725 :
726 : /* Copy the first fragment of the record from the first page. */
727 8084 : memcpy(state->readRecordBuf,
728 8084 : state->readBuf + RecPtr % XLOG_BLCKSZ, len);
729 8084 : buffer = state->readRecordBuf + len;
730 8084 : gotlen = len;
731 :
732 : do
733 : {
734 : /* Calculate pointer to beginning of next page */
735 8116 : targetPagePtr += XLOG_BLCKSZ;
736 :
737 : /* Wait for the next page to become available */
738 8116 : readOff = ReadPageInternal(state, targetPagePtr,
739 8116 : Min(total_len - gotlen + SizeOfXLogShortPHD,
740 : XLOG_BLCKSZ));
741 :
742 8116 : if (readOff == XLREAD_WOULDBLOCK)
743 0 : return XLREAD_WOULDBLOCK;
744 8116 : else if (readOff < 0)
745 0 : goto err;
746 :
747 : Assert(SizeOfXLogShortPHD <= readOff);
748 :
749 8116 : pageHeader = (XLogPageHeader) state->readBuf;
750 :
751 : /*
752 : * If we were expecting a continuation record and got an
753 : * "overwrite contrecord" flag, that means the continuation record
754 : * was overwritten with a different record. Restart the read by
755 : * assuming the address to read is the location where we found
756 : * this flag; but keep track of the LSN of the record we were
757 : * reading, for later verification.
758 : */
759 8116 : if (pageHeader->xlp_info & XLP_FIRST_IS_OVERWRITE_CONTRECORD)
760 : {
761 0 : state->overwrittenRecPtr = RecPtr;
762 0 : RecPtr = targetPagePtr;
763 0 : goto restart;
764 : }
765 :
766 : /* Check that the continuation on next page looks valid */
767 8116 : if (!(pageHeader->xlp_info & XLP_FIRST_IS_CONTRECORD))
768 : {
769 0 : report_invalid_record(state,
770 : "there is no contrecord flag at %X/%X",
771 0 : LSN_FORMAT_ARGS(RecPtr));
772 0 : goto err;
773 : }
774 :
775 : /*
776 : * Cross-check that xlp_rem_len agrees with how much of the record
777 : * we expect there to be left.
778 : */
779 8116 : if (pageHeader->xlp_rem_len == 0 ||
780 8116 : total_len != (pageHeader->xlp_rem_len + gotlen))
781 : {
782 0 : report_invalid_record(state,
783 : "invalid contrecord length %u (expected %lld) at %X/%X",
784 : pageHeader->xlp_rem_len,
785 0 : ((long long) total_len) - gotlen,
786 0 : LSN_FORMAT_ARGS(RecPtr));
787 0 : goto err;
788 : }
789 :
790 : /* Append the continuation from this page to the buffer */
791 8116 : pageHeaderSize = XLogPageHeaderSize(pageHeader);
792 :
793 8116 : if (readOff < pageHeaderSize)
794 0 : readOff = ReadPageInternal(state, targetPagePtr,
795 : pageHeaderSize);
796 :
797 : Assert(pageHeaderSize <= readOff);
798 :
799 8116 : contdata = (char *) state->readBuf + pageHeaderSize;
800 8116 : len = XLOG_BLCKSZ - pageHeaderSize;
801 8116 : if (pageHeader->xlp_rem_len < len)
802 8084 : len = pageHeader->xlp_rem_len;
803 :
804 8116 : if (readOff < pageHeaderSize + len)
805 0 : readOff = ReadPageInternal(state, targetPagePtr,
806 0 : pageHeaderSize + len);
807 :
808 8116 : memcpy(buffer, (char *) contdata, len);
809 8116 : buffer += len;
810 8116 : gotlen += len;
811 :
812 : /* If we just reassembled the record header, validate it. */
813 8116 : if (!gotheader)
814 : {
815 328 : record = (XLogRecord *) state->readRecordBuf;
816 328 : if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr,
817 : record, randAccess))
818 0 : goto err;
819 328 : gotheader = true;
820 : }
821 8116 : } while (gotlen < total_len);
822 :
823 : Assert(gotheader);
824 :
825 8084 : record = (XLogRecord *) state->readRecordBuf;
826 8084 : if (!ValidXLogRecord(state, record, RecPtr))
827 0 : goto err;
828 :
829 8084 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
830 8084 : state->DecodeRecPtr = RecPtr;
831 8084 : state->NextRecPtr = targetPagePtr + pageHeaderSize
832 8084 : + MAXALIGN(pageHeader->xlp_rem_len);
833 : }
834 : else
835 : {
836 : /* Wait for the record data to become available */
837 168098 : readOff = ReadPageInternal(state, targetPagePtr,
838 168098 : Min(targetRecOff + total_len, XLOG_BLCKSZ));
839 168098 : if (readOff == XLREAD_WOULDBLOCK)
840 0 : return XLREAD_WOULDBLOCK;
841 168098 : else if (readOff < 0)
842 0 : goto err;
843 :
844 : /* Record does not cross a page boundary */
845 168098 : if (!ValidXLogRecord(state, record, RecPtr))
846 0 : goto err;
847 :
848 168098 : state->NextRecPtr = RecPtr + MAXALIGN(total_len);
849 :
850 168098 : state->DecodeRecPtr = RecPtr;
851 : }
852 :
853 : /*
854 : * Special processing if it's an XLOG SWITCH record
855 : */
856 176182 : if (record->xl_rmid == RM_XLOG_ID &&
857 9754 : (record->xl_info & ~XLR_INFO_MASK) == XLOG_SWITCH)
858 : {
859 : /* Pretend it extends to end of segment */
860 16 : state->NextRecPtr += state->segcxt.ws_segsize - 1;
861 16 : state->NextRecPtr -= XLogSegmentOffset(state->NextRecPtr, state->segcxt.ws_segsize);
862 : }
863 :
864 176182 : if (DecodeXLogRecord(state, decoded, record, RecPtr, &errormsg))
865 : {
866 : /* Record the location of the next record. */
867 176182 : decoded->next_lsn = state->NextRecPtr;
868 :
869 : /*
870 : * If it's in the decode buffer, mark the decode buffer space as
871 : * occupied.
872 : */
873 176182 : if (!decoded->oversized)
874 : {
875 : /* The new decode buffer head must be MAXALIGNed. */
876 : Assert(decoded->size == MAXALIGN(decoded->size));
877 176182 : if ((char *) decoded == state->decode_buffer)
878 176182 : state->decode_buffer_tail = state->decode_buffer + decoded->size;
879 : else
880 0 : state->decode_buffer_tail += decoded->size;
881 : }
882 :
883 : /* Insert it into the queue of decoded records. */
884 : Assert(state->decode_queue_tail != decoded);
885 176182 : if (state->decode_queue_tail)
886 0 : state->decode_queue_tail->next = decoded;
887 176182 : state->decode_queue_tail = decoded;
888 176182 : if (!state->decode_queue_head)
889 176182 : state->decode_queue_head = decoded;
890 176182 : return XLREAD_SUCCESS;
891 : }
892 : else
893 0 : return XLREAD_FAIL;
894 :
895 0 : err:
896 0 : if (assembled)
897 : {
898 : /*
899 : * We get here when a record that spans multiple pages needs to be
900 : * assembled, but something went wrong -- perhaps a contrecord piece
901 : * was lost. If caller is WAL replay, it will know where the aborted
902 : * record was and where to direct followup WAL to be written, marking
903 : * the next piece with XLP_FIRST_IS_OVERWRITE_CONTRECORD, which will
904 : * in turn signal downstream WAL consumers that the broken WAL record
905 : * is to be ignored.
906 : */
907 0 : state->abortedRecPtr = RecPtr;
908 0 : state->missingContrecPtr = targetPagePtr;
909 : }
910 :
911 0 : if (decoded && decoded->oversized)
912 0 : pfree(decoded);
913 :
914 : /*
915 : * Invalidate the read state. We might read from a different source after
916 : * failure.
917 : */
918 0 : XLogReaderInvalReadState(state);
919 :
920 : /*
921 : * If an error was written to errmsg_buf, it'll be returned to the caller
922 : * of XLogReadRecord() after all successfully decoded records from the
923 : * read queue.
924 : */
925 :
926 0 : return XLREAD_FAIL;
927 : }
928 :
929 : /*
930 : * Try to decode the next available record, and return it. The record will
931 : * also be returned to XLogNextRecord(), which must be called to 'consume'
932 : * each record.
933 : *
934 : * If nonblocking is true, may return NULL due to lack of data or WAL decoding
935 : * space.
936 : */
937 : DecodedXLogRecord *
938 176182 : XLogReadAhead(XLogReaderState *state, bool nonblocking)
939 : {
940 : XLogPageReadResult result;
941 :
942 176182 : if (state->errormsg_deferred)
943 0 : return NULL;
944 :
945 176182 : result = XLogDecodeNextRecord(state, nonblocking);
946 176182 : if (result == XLREAD_SUCCESS)
947 : {
948 : Assert(state->decode_queue_tail != NULL);
949 176182 : return state->decode_queue_tail;
950 : }
951 :
952 0 : return NULL;
953 : }
954 :
955 : /*
956 : * Read a single xlog page including at least [pageptr, reqLen] of valid data
957 : * via the page_read() callback.
958 : *
959 : * Returns XLREAD_FAIL if the required page cannot be read for some
960 : * reason; errormsg_buf is set in that case (unless the error occurs in the
961 : * page_read callback).
962 : *
963 : * Returns XLREAD_WOULDBLOCK if the requested data can't be read without
964 : * waiting. This can be returned only if the installed page_read callback
965 : * respects the state->nonblocking flag, and cannot read the requested data
966 : * immediately.
967 : *
968 : * We fetch the page from a reader-local cache if we know we have the required
969 : * data and if there hasn't been any error since caching the data.
970 : */
971 : static int
972 352396 : ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
973 : {
974 : int readLen;
975 : uint32 targetPageOff;
976 : XLogSegNo targetSegNo;
977 : XLogPageHeader hdr;
978 :
979 : Assert((pageptr % XLOG_BLCKSZ) == 0);
980 :
981 352396 : XLByteToSeg(pageptr, targetSegNo, state->segcxt.ws_segsize);
982 352396 : targetPageOff = XLogSegmentOffset(pageptr, state->segcxt.ws_segsize);
983 :
984 : /* check whether we have all the requested data already */
985 352396 : if (targetSegNo == state->seg.ws_segno &&
986 352302 : targetPageOff == state->segoff && reqLen <= state->readLen)
987 341646 : return state->readLen;
988 :
989 : /*
990 : * Data is not in our buffer.
991 : *
992 : * Every time we actually read the segment, even if we looked at parts of
993 : * it before, we need to do verification as the page_read callback might
994 : * now be rereading data from a different source.
995 : *
996 : * Whenever switching to a new WAL segment, we read the first page of the
997 : * file and validate its header, even if that's not where the target
998 : * record is. This is so that we can check the additional identification
999 : * info that is present in the first page's "long" header.
1000 : */
1001 10750 : if (targetSegNo != state->seg.ws_segno && targetPageOff != 0)
1002 : {
1003 40 : XLogRecPtr targetSegmentPtr = pageptr - targetPageOff;
1004 :
1005 40 : readLen = state->routine.page_read(state, targetSegmentPtr, XLOG_BLCKSZ,
1006 : state->currRecPtr,
1007 : state->readBuf);
1008 40 : if (readLen == XLREAD_WOULDBLOCK)
1009 0 : return XLREAD_WOULDBLOCK;
1010 40 : else if (readLen < 0)
1011 0 : goto err;
1012 :
1013 : /* we can be sure to have enough WAL available, we scrolled back */
1014 : Assert(readLen == XLOG_BLCKSZ);
1015 :
1016 40 : if (!XLogReaderValidatePageHeader(state, targetSegmentPtr,
1017 : state->readBuf))
1018 0 : goto err;
1019 : }
1020 :
1021 : /*
1022 : * First, read the requested data length, but at least a short page header
1023 : * so that we can validate it.
1024 : */
1025 10750 : readLen = state->routine.page_read(state, pageptr, Max(reqLen, SizeOfXLogShortPHD),
1026 : state->currRecPtr,
1027 : state->readBuf);
1028 10750 : if (readLen == XLREAD_WOULDBLOCK)
1029 0 : return XLREAD_WOULDBLOCK;
1030 10750 : else if (readLen < 0)
1031 0 : goto err;
1032 :
1033 : Assert(readLen <= XLOG_BLCKSZ);
1034 :
1035 : /* Do we have enough data to check the header length? */
1036 10750 : if (readLen <= SizeOfXLogShortPHD)
1037 0 : goto err;
1038 :
1039 : Assert(readLen >= reqLen);
1040 :
1041 10750 : hdr = (XLogPageHeader) state->readBuf;
1042 :
1043 : /* still not enough */
1044 10750 : if (readLen < XLogPageHeaderSize(hdr))
1045 : {
1046 0 : readLen = state->routine.page_read(state, pageptr, XLogPageHeaderSize(hdr),
1047 : state->currRecPtr,
1048 : state->readBuf);
1049 0 : if (readLen == XLREAD_WOULDBLOCK)
1050 0 : return XLREAD_WOULDBLOCK;
1051 0 : else if (readLen < 0)
1052 0 : goto err;
1053 : }
1054 :
1055 : /*
1056 : * Now that we know we have the full header, validate it.
1057 : */
1058 10750 : if (!XLogReaderValidatePageHeader(state, pageptr, (char *) hdr))
1059 0 : goto err;
1060 :
1061 : /* update read state information */
1062 10750 : state->seg.ws_segno = targetSegNo;
1063 10750 : state->segoff = targetPageOff;
1064 10750 : state->readLen = readLen;
1065 :
1066 10750 : return readLen;
1067 :
1068 0 : err:
1069 0 : if (state->errormsg_buf[0] != '\0')
1070 : {
1071 0 : state->errormsg_deferred = true;
1072 0 : XLogReaderInvalReadState(state);
1073 : }
1074 0 : return XLREAD_FAIL;
1075 : }
1076 :
1077 : /*
1078 : * Invalidate the xlogreader's read state to force a re-read.
1079 : */
1080 : static void
1081 0 : XLogReaderInvalReadState(XLogReaderState *state)
1082 : {
1083 0 : state->seg.ws_segno = 0;
1084 0 : state->segoff = 0;
1085 0 : state->readLen = 0;
1086 0 : }
1087 :
1088 : /*
1089 : * Validate an XLOG record header.
1090 : *
1091 : * This is just a convenience subroutine to avoid duplicated code in
1092 : * XLogReadRecord. It's not intended for use from anywhere else.
1093 : */
1094 : static bool
1095 176182 : ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
1096 : XLogRecPtr PrevRecPtr, XLogRecord *record,
1097 : bool randAccess)
1098 : {
1099 176182 : if (record->xl_tot_len < SizeOfXLogRecord)
1100 : {
1101 0 : report_invalid_record(state,
1102 : "invalid record length at %X/%X: wanted %u, got %u",
1103 0 : LSN_FORMAT_ARGS(RecPtr),
1104 : (uint32) SizeOfXLogRecord, record->xl_tot_len);
1105 0 : return false;
1106 : }
1107 176182 : if (!RmgrIdIsValid(record->xl_rmid))
1108 : {
1109 0 : report_invalid_record(state,
1110 : "invalid resource manager ID %u at %X/%X",
1111 0 : record->xl_rmid, LSN_FORMAT_ARGS(RecPtr));
1112 0 : return false;
1113 : }
1114 176182 : if (randAccess)
1115 : {
1116 : /*
1117 : * We can't exactly verify the prev-link, but surely it should be less
1118 : * than the record's own address.
1119 : */
1120 4420 : if (!(record->xl_prev < RecPtr))
1121 : {
1122 0 : report_invalid_record(state,
1123 : "record with incorrect prev-link %X/%X at %X/%X",
1124 0 : LSN_FORMAT_ARGS(record->xl_prev),
1125 0 : LSN_FORMAT_ARGS(RecPtr));
1126 0 : return false;
1127 : }
1128 : }
1129 : else
1130 : {
1131 : /*
1132 : * Record's prev-link should exactly match our previous location. This
1133 : * check guards against torn WAL pages where a stale but valid-looking
1134 : * WAL record starts on a sector boundary.
1135 : */
1136 171762 : if (record->xl_prev != PrevRecPtr)
1137 : {
1138 0 : report_invalid_record(state,
1139 : "record with incorrect prev-link %X/%X at %X/%X",
1140 0 : LSN_FORMAT_ARGS(record->xl_prev),
1141 0 : LSN_FORMAT_ARGS(RecPtr));
1142 0 : return false;
1143 : }
1144 : }
1145 :
1146 176182 : return true;
1147 : }
1148 :
1149 :
1150 : /*
1151 : * CRC-check an XLOG record. We do not believe the contents of an XLOG
1152 : * record (other than to the minimal extent of computing the amount of
1153 : * data to read in) until we've checked the CRCs.
1154 : *
1155 : * We assume all of the record (that is, xl_tot_len bytes) has been read
1156 : * into memory at *record. Also, ValidXLogRecordHeader() has accepted the
1157 : * record's header, which means in particular that xl_tot_len is at least
1158 : * SizeOfXLogRecord.
1159 : */
1160 : static bool
1161 176182 : ValidXLogRecord(XLogReaderState *state, XLogRecord *record, XLogRecPtr recptr)
1162 : {
1163 : pg_crc32c crc;
1164 :
1165 : /* Calculate the CRC */
1166 176182 : INIT_CRC32C(crc);
1167 176182 : COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
1168 : /* include the record header last */
1169 176182 : COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
1170 176182 : FIN_CRC32C(crc);
1171 :
1172 176182 : if (!EQ_CRC32C(record->xl_crc, crc))
1173 : {
1174 0 : report_invalid_record(state,
1175 : "incorrect resource manager data checksum in record at %X/%X",
1176 0 : LSN_FORMAT_ARGS(recptr));
1177 0 : return false;
1178 : }
1179 :
1180 176182 : return true;
1181 : }
1182 :
1183 : /*
1184 : * Validate a page header.
1185 : *
1186 : * Check if 'phdr' is valid as the header of the XLog page at position
1187 : * 'recptr'.
1188 : */
1189 : bool
1190 10790 : XLogReaderValidatePageHeader(XLogReaderState *state, XLogRecPtr recptr,
1191 : char *phdr)
1192 : {
1193 : XLogRecPtr recaddr;
1194 : XLogSegNo segno;
1195 : int32 offset;
1196 10790 : XLogPageHeader hdr = (XLogPageHeader) phdr;
1197 :
1198 : Assert((recptr % XLOG_BLCKSZ) == 0);
1199 :
1200 10790 : XLByteToSeg(recptr, segno, state->segcxt.ws_segsize);
1201 10790 : offset = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1202 :
1203 10790 : XLogSegNoOffsetToRecPtr(segno, offset, state->segcxt.ws_segsize, recaddr);
1204 :
1205 10790 : if (hdr->xlp_magic != XLOG_PAGE_MAGIC)
1206 : {
1207 : char fname[MAXFNAMELEN];
1208 :
1209 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1210 :
1211 0 : report_invalid_record(state,
1212 : "invalid magic number %04X in log segment %s, offset %u",
1213 0 : hdr->xlp_magic,
1214 : fname,
1215 : offset);
1216 0 : return false;
1217 : }
1218 :
1219 10790 : if ((hdr->xlp_info & ~XLP_ALL_FLAGS) != 0)
1220 : {
1221 : char fname[MAXFNAMELEN];
1222 :
1223 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1224 :
1225 0 : report_invalid_record(state,
1226 : "invalid info bits %04X in log segment %s, offset %u",
1227 0 : hdr->xlp_info,
1228 : fname,
1229 : offset);
1230 0 : return false;
1231 : }
1232 :
1233 10790 : if (hdr->xlp_info & XLP_LONG_HEADER)
1234 : {
1235 102 : XLogLongPageHeader longhdr = (XLogLongPageHeader) hdr;
1236 :
1237 102 : if (state->system_identifier &&
1238 0 : longhdr->xlp_sysid != state->system_identifier)
1239 : {
1240 0 : report_invalid_record(state,
1241 : "WAL file is from different database system: WAL file database system identifier is %llu, pg_control database system identifier is %llu",
1242 0 : (unsigned long long) longhdr->xlp_sysid,
1243 0 : (unsigned long long) state->system_identifier);
1244 0 : return false;
1245 : }
1246 102 : else if (longhdr->xlp_seg_size != state->segcxt.ws_segsize)
1247 : {
1248 0 : report_invalid_record(state,
1249 : "WAL file is from different database system: incorrect segment size in page header");
1250 0 : return false;
1251 : }
1252 102 : else if (longhdr->xlp_xlog_blcksz != XLOG_BLCKSZ)
1253 : {
1254 0 : report_invalid_record(state,
1255 : "WAL file is from different database system: incorrect XLOG_BLCKSZ in page header");
1256 0 : return false;
1257 : }
1258 : }
1259 10688 : else if (offset == 0)
1260 : {
1261 : char fname[MAXFNAMELEN];
1262 :
1263 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1264 :
1265 : /* hmm, first page of file doesn't have a long header? */
1266 0 : report_invalid_record(state,
1267 : "invalid info bits %04X in log segment %s, offset %u",
1268 0 : hdr->xlp_info,
1269 : fname,
1270 : offset);
1271 0 : return false;
1272 : }
1273 :
1274 : /*
1275 : * Check that the address on the page agrees with what we expected. This
1276 : * check typically fails when an old WAL segment is recycled, and hasn't
1277 : * yet been overwritten with new data yet.
1278 : */
1279 10790 : if (hdr->xlp_pageaddr != recaddr)
1280 : {
1281 : char fname[MAXFNAMELEN];
1282 :
1283 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1284 :
1285 0 : report_invalid_record(state,
1286 : "unexpected pageaddr %X/%X in log segment %s, offset %u",
1287 0 : LSN_FORMAT_ARGS(hdr->xlp_pageaddr),
1288 : fname,
1289 : offset);
1290 0 : return false;
1291 : }
1292 :
1293 : /*
1294 : * Since child timelines are always assigned a TLI greater than their
1295 : * immediate parent's TLI, we should never see TLI go backwards across
1296 : * successive pages of a consistent WAL sequence.
1297 : *
1298 : * Sometimes we re-read a segment that's already been (partially) read. So
1299 : * we only verify TLIs for pages that are later than the last remembered
1300 : * LSN.
1301 : */
1302 10790 : if (recptr > state->latestPagePtr)
1303 : {
1304 8414 : if (hdr->xlp_tli < state->latestPageTLI)
1305 : {
1306 : char fname[MAXFNAMELEN];
1307 :
1308 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1309 :
1310 0 : report_invalid_record(state,
1311 : "out-of-sequence timeline ID %u (after %u) in log segment %s, offset %u",
1312 : hdr->xlp_tli,
1313 : state->latestPageTLI,
1314 : fname,
1315 : offset);
1316 0 : return false;
1317 : }
1318 : }
1319 10790 : state->latestPagePtr = recptr;
1320 10790 : state->latestPageTLI = hdr->xlp_tli;
1321 :
1322 10790 : return true;
1323 : }
1324 :
1325 : /*
1326 : * Find the first record with an lsn >= RecPtr.
1327 : *
1328 : * This is different from XLogBeginRead() in that RecPtr doesn't need to point
1329 : * to a valid record boundary. Useful for checking whether RecPtr is a valid
1330 : * xlog address for reading, and to find the first valid address after some
1331 : * address when dumping records for debugging purposes.
1332 : *
1333 : * This positions the reader, like XLogBeginRead(), so that the next call to
1334 : * XLogReadRecord() will read the next valid record.
1335 : */
1336 : XLogRecPtr
1337 0 : XLogFindNextRecord(XLogReaderState *state, XLogRecPtr RecPtr)
1338 : {
1339 : XLogRecPtr tmpRecPtr;
1340 0 : XLogRecPtr found = InvalidXLogRecPtr;
1341 : XLogPageHeader header;
1342 : char *errormsg;
1343 :
1344 : Assert(!XLogRecPtrIsInvalid(RecPtr));
1345 :
1346 : /* Make sure ReadPageInternal() can't return XLREAD_WOULDBLOCK. */
1347 0 : state->nonblocking = false;
1348 :
1349 : /*
1350 : * skip over potential continuation data, keeping in mind that it may span
1351 : * multiple pages
1352 : */
1353 0 : tmpRecPtr = RecPtr;
1354 : while (true)
1355 0 : {
1356 : XLogRecPtr targetPagePtr;
1357 : int targetRecOff;
1358 : uint32 pageHeaderSize;
1359 : int readLen;
1360 :
1361 : /*
1362 : * Compute targetRecOff. It should typically be equal or greater than
1363 : * short page-header since a valid record can't start anywhere before
1364 : * that, except when caller has explicitly specified the offset that
1365 : * falls somewhere there or when we are skipping multi-page
1366 : * continuation record. It doesn't matter though because
1367 : * ReadPageInternal() is prepared to handle that and will read at
1368 : * least short page-header worth of data
1369 : */
1370 0 : targetRecOff = tmpRecPtr % XLOG_BLCKSZ;
1371 :
1372 : /* scroll back to page boundary */
1373 0 : targetPagePtr = tmpRecPtr - targetRecOff;
1374 :
1375 : /* Read the page containing the record */
1376 0 : readLen = ReadPageInternal(state, targetPagePtr, targetRecOff);
1377 0 : if (readLen < 0)
1378 0 : goto err;
1379 :
1380 0 : header = (XLogPageHeader) state->readBuf;
1381 :
1382 0 : pageHeaderSize = XLogPageHeaderSize(header);
1383 :
1384 : /* make sure we have enough data for the page header */
1385 0 : readLen = ReadPageInternal(state, targetPagePtr, pageHeaderSize);
1386 0 : if (readLen < 0)
1387 0 : goto err;
1388 :
1389 : /* skip over potential continuation data */
1390 0 : if (header->xlp_info & XLP_FIRST_IS_CONTRECORD)
1391 : {
1392 : /*
1393 : * If the length of the remaining continuation data is more than
1394 : * what can fit in this page, the continuation record crosses over
1395 : * this page. Read the next page and try again. xlp_rem_len in the
1396 : * next page header will contain the remaining length of the
1397 : * continuation data
1398 : *
1399 : * Note that record headers are MAXALIGN'ed
1400 : */
1401 0 : if (MAXALIGN(header->xlp_rem_len) >= (XLOG_BLCKSZ - pageHeaderSize))
1402 0 : tmpRecPtr = targetPagePtr + XLOG_BLCKSZ;
1403 : else
1404 : {
1405 : /*
1406 : * The previous continuation record ends in this page. Set
1407 : * tmpRecPtr to point to the first valid record
1408 : */
1409 0 : tmpRecPtr = targetPagePtr + pageHeaderSize
1410 0 : + MAXALIGN(header->xlp_rem_len);
1411 0 : break;
1412 : }
1413 : }
1414 : else
1415 : {
1416 0 : tmpRecPtr = targetPagePtr + pageHeaderSize;
1417 0 : break;
1418 : }
1419 : }
1420 :
1421 : /*
1422 : * we know now that tmpRecPtr is an address pointing to a valid XLogRecord
1423 : * because either we're at the first record after the beginning of a page
1424 : * or we just jumped over the remaining data of a continuation.
1425 : */
1426 0 : XLogBeginRead(state, tmpRecPtr);
1427 0 : while (XLogReadRecord(state, &errormsg) != NULL)
1428 : {
1429 : /* past the record we've found, break out */
1430 0 : if (RecPtr <= state->ReadRecPtr)
1431 : {
1432 : /* Rewind the reader to the beginning of the last record. */
1433 0 : found = state->ReadRecPtr;
1434 0 : XLogBeginRead(state, found);
1435 0 : return found;
1436 : }
1437 : }
1438 :
1439 0 : err:
1440 0 : XLogReaderInvalReadState(state);
1441 :
1442 0 : return InvalidXLogRecPtr;
1443 : }
1444 :
1445 : /*
1446 : * Helper function to ease writing of XLogRoutine->page_read callbacks.
1447 : * If this function is used, caller must supply a segment_open callback in
1448 : * 'state', as that is used here.
1449 : *
1450 : * Read 'count' bytes into 'buf', starting at location 'startptr', from WAL
1451 : * fetched from timeline 'tli'.
1452 : *
1453 : * Returns true if succeeded, false if an error occurs, in which case
1454 : * 'errinfo' receives error details.
1455 : *
1456 : * XXX probably this should be improved to suck data directly from the
1457 : * WAL buffers when possible.
1458 : */
1459 : bool
1460 0 : WALRead(XLogReaderState *state,
1461 : char *buf, XLogRecPtr startptr, Size count, TimeLineID tli,
1462 : WALReadError *errinfo)
1463 : {
1464 : char *p;
1465 : XLogRecPtr recptr;
1466 : Size nbytes;
1467 :
1468 0 : p = buf;
1469 0 : recptr = startptr;
1470 0 : nbytes = count;
1471 :
1472 0 : while (nbytes > 0)
1473 : {
1474 : uint32 startoff;
1475 : int segbytes;
1476 : int readbytes;
1477 :
1478 0 : startoff = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1479 :
1480 : /*
1481 : * If the data we want is not in a segment we have open, close what we
1482 : * have (if anything) and open the next one, using the caller's
1483 : * provided openSegment callback.
1484 : */
1485 0 : if (state->seg.ws_file < 0 ||
1486 0 : !XLByteInSeg(recptr, state->seg.ws_segno, state->segcxt.ws_segsize) ||
1487 0 : tli != state->seg.ws_tli)
1488 : {
1489 : XLogSegNo nextSegNo;
1490 :
1491 0 : if (state->seg.ws_file >= 0)
1492 0 : state->routine.segment_close(state);
1493 :
1494 0 : XLByteToSeg(recptr, nextSegNo, state->segcxt.ws_segsize);
1495 0 : state->routine.segment_open(state, nextSegNo, &tli);
1496 :
1497 : /* This shouldn't happen -- indicates a bug in segment_open */
1498 : Assert(state->seg.ws_file >= 0);
1499 :
1500 : /* Update the current segment info. */
1501 0 : state->seg.ws_tli = tli;
1502 0 : state->seg.ws_segno = nextSegNo;
1503 : }
1504 :
1505 : /* How many bytes are within this segment? */
1506 0 : if (nbytes > (state->segcxt.ws_segsize - startoff))
1507 0 : segbytes = state->segcxt.ws_segsize - startoff;
1508 : else
1509 0 : segbytes = nbytes;
1510 :
1511 : #ifndef FRONTEND
1512 : pgstat_report_wait_start(WAIT_EVENT_WAL_READ);
1513 : #endif
1514 :
1515 : /* Reset errno first; eases reporting non-errno-affecting errors */
1516 0 : errno = 0;
1517 0 : readbytes = pg_pread(state->seg.ws_file, p, segbytes, (off_t) startoff);
1518 :
1519 : #ifndef FRONTEND
1520 : pgstat_report_wait_end();
1521 : #endif
1522 :
1523 0 : if (readbytes <= 0)
1524 : {
1525 0 : errinfo->wre_errno = errno;
1526 0 : errinfo->wre_req = segbytes;
1527 0 : errinfo->wre_read = readbytes;
1528 0 : errinfo->wre_off = startoff;
1529 0 : errinfo->wre_seg = state->seg;
1530 0 : return false;
1531 : }
1532 :
1533 : /* Update state for read */
1534 0 : recptr += readbytes;
1535 0 : nbytes -= readbytes;
1536 0 : p += readbytes;
1537 : }
1538 :
1539 0 : return true;
1540 : }
1541 :
1542 : /* ----------------------------------------
1543 : * Functions for decoding the data and block references in a record.
1544 : * ----------------------------------------
1545 : */
1546 :
1547 : /*
1548 : * Private function to reset the state, forgetting all decoded records, if we
1549 : * are asked to move to a new read position.
1550 : */
1551 : static void
1552 4420 : ResetDecoder(XLogReaderState *state)
1553 : {
1554 : DecodedXLogRecord *r;
1555 :
1556 : /* Reset the decoded record queue, freeing any oversized records. */
1557 8762 : while ((r = state->decode_queue_head) != NULL)
1558 : {
1559 4342 : state->decode_queue_head = r->next;
1560 4342 : if (r->oversized)
1561 0 : pfree(r);
1562 : }
1563 4420 : state->decode_queue_tail = NULL;
1564 4420 : state->decode_queue_head = NULL;
1565 4420 : state->record = NULL;
1566 :
1567 : /* Reset the decode buffer to empty. */
1568 4420 : state->decode_buffer_tail = state->decode_buffer;
1569 4420 : state->decode_buffer_head = state->decode_buffer;
1570 :
1571 : /* Clear error state. */
1572 4420 : state->errormsg_buf[0] = '\0';
1573 4420 : state->errormsg_deferred = false;
1574 4420 : }
1575 :
1576 : /*
1577 : * Compute the maximum possible amount of padding that could be required to
1578 : * decode a record, given xl_tot_len from the record's header. This is the
1579 : * amount of output buffer space that we need to decode a record, though we
1580 : * might not finish up using it all.
1581 : *
1582 : * This computation is pessimistic and assumes the maximum possible number of
1583 : * blocks, due to lack of better information.
1584 : */
1585 : size_t
1586 176182 : DecodeXLogRecordRequiredSpace(size_t xl_tot_len)
1587 : {
1588 176182 : size_t size = 0;
1589 :
1590 : /* Account for the fixed size part of the decoded record struct. */
1591 176182 : size += offsetof(DecodedXLogRecord, blocks[0]);
1592 : /* Account for the flexible blocks array of maximum possible size. */
1593 176182 : size += sizeof(DecodedBkpBlock) * (XLR_MAX_BLOCK_ID + 1);
1594 : /* Account for all the raw main and block data. */
1595 176182 : size += xl_tot_len;
1596 : /* We might insert padding before main_data. */
1597 176182 : size += (MAXIMUM_ALIGNOF - 1);
1598 : /* We might insert padding before each block's data. */
1599 176182 : size += (MAXIMUM_ALIGNOF - 1) * (XLR_MAX_BLOCK_ID + 1);
1600 : /* We might insert padding at the end. */
1601 176182 : size += (MAXIMUM_ALIGNOF - 1);
1602 :
1603 176182 : return size;
1604 : }
1605 :
1606 : /*
1607 : * Decode a record. "decoded" must point to a MAXALIGNed memory area that has
1608 : * space for at least DecodeXLogRecordRequiredSpace(record) bytes. On
1609 : * success, decoded->size contains the actual space occupied by the decoded
1610 : * record, which may turn out to be less.
1611 : *
1612 : * Only decoded->oversized member must be initialized already, and will not be
1613 : * modified. Other members will be initialized as required.
1614 : *
1615 : * On error, a human-readable error message is returned in *errormsg, and
1616 : * the return value is false.
1617 : */
1618 : bool
1619 176182 : DecodeXLogRecord(XLogReaderState *state,
1620 : DecodedXLogRecord *decoded,
1621 : XLogRecord *record,
1622 : XLogRecPtr lsn,
1623 : char **errormsg)
1624 : {
1625 : /*
1626 : * read next _size bytes from record buffer, but check for overrun first.
1627 : */
1628 : #define COPY_HEADER_FIELD(_dst, _size) \
1629 : do { \
1630 : if (remaining < _size) \
1631 : goto shortdata_err; \
1632 : memcpy(_dst, ptr, _size); \
1633 : ptr += _size; \
1634 : remaining -= _size; \
1635 : } while(0)
1636 :
1637 : char *ptr;
1638 : char *out;
1639 : uint32 remaining;
1640 : uint32 datatotal;
1641 176182 : RelFileNode *rnode = NULL;
1642 : uint8 block_id;
1643 :
1644 176182 : decoded->header = *record;
1645 176182 : decoded->lsn = lsn;
1646 176182 : decoded->next = NULL;
1647 176182 : decoded->record_origin = InvalidRepOriginId;
1648 176182 : decoded->toplevel_xid = InvalidTransactionId;
1649 176182 : decoded->main_data = NULL;
1650 176182 : decoded->main_data_len = 0;
1651 176182 : decoded->max_block_id = -1;
1652 176182 : ptr = (char *) record;
1653 176182 : ptr += SizeOfXLogRecord;
1654 176182 : remaining = record->xl_tot_len - SizeOfXLogRecord;
1655 :
1656 : /* Decode the headers */
1657 176182 : datatotal = 0;
1658 349138 : while (remaining > datatotal)
1659 : {
1660 339532 : COPY_HEADER_FIELD(&block_id, sizeof(uint8));
1661 :
1662 339532 : if (block_id == XLR_BLOCK_ID_DATA_SHORT)
1663 : {
1664 : /* XLogRecordDataHeaderShort */
1665 : uint8 main_data_len;
1666 :
1667 166544 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint8));
1668 :
1669 166544 : decoded->main_data_len = main_data_len;
1670 166544 : datatotal += main_data_len;
1671 166544 : break; /* by convention, the main data fragment is
1672 : * always last */
1673 : }
1674 172988 : else if (block_id == XLR_BLOCK_ID_DATA_LONG)
1675 : {
1676 : /* XLogRecordDataHeaderLong */
1677 : uint32 main_data_len;
1678 :
1679 32 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint32));
1680 32 : decoded->main_data_len = main_data_len;
1681 32 : datatotal += main_data_len;
1682 32 : break; /* by convention, the main data fragment is
1683 : * always last */
1684 : }
1685 172956 : else if (block_id == XLR_BLOCK_ID_ORIGIN)
1686 : {
1687 0 : COPY_HEADER_FIELD(&decoded->record_origin, sizeof(RepOriginId));
1688 : }
1689 172956 : else if (block_id == XLR_BLOCK_ID_TOPLEVEL_XID)
1690 : {
1691 0 : COPY_HEADER_FIELD(&decoded->toplevel_xid, sizeof(TransactionId));
1692 : }
1693 172956 : else if (block_id <= XLR_MAX_BLOCK_ID)
1694 : {
1695 : /* XLogRecordBlockHeader */
1696 : DecodedBkpBlock *blk;
1697 : uint8 fork_flags;
1698 :
1699 : /* mark any intervening block IDs as not in use */
1700 172956 : for (int i = decoded->max_block_id + 1; i < block_id; ++i)
1701 0 : decoded->blocks[i].in_use = false;
1702 :
1703 172956 : if (block_id <= decoded->max_block_id)
1704 : {
1705 0 : report_invalid_record(state,
1706 : "out-of-order block_id %u at %X/%X",
1707 : block_id,
1708 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1709 0 : goto err;
1710 : }
1711 172956 : decoded->max_block_id = block_id;
1712 :
1713 172956 : blk = &decoded->blocks[block_id];
1714 172956 : blk->in_use = true;
1715 172956 : blk->apply_image = false;
1716 :
1717 172956 : COPY_HEADER_FIELD(&fork_flags, sizeof(uint8));
1718 172956 : blk->forknum = fork_flags & BKPBLOCK_FORK_MASK;
1719 172956 : blk->flags = fork_flags;
1720 172956 : blk->has_image = ((fork_flags & BKPBLOCK_HAS_IMAGE) != 0);
1721 172956 : blk->has_data = ((fork_flags & BKPBLOCK_HAS_DATA) != 0);
1722 :
1723 172956 : blk->prefetch_buffer = InvalidBuffer;
1724 :
1725 172956 : COPY_HEADER_FIELD(&blk->data_len, sizeof(uint16));
1726 : /* cross-check that the HAS_DATA flag is set iff data_length > 0 */
1727 172956 : if (blk->has_data && blk->data_len == 0)
1728 : {
1729 0 : report_invalid_record(state,
1730 : "BKPBLOCK_HAS_DATA set, but no data included at %X/%X",
1731 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1732 0 : goto err;
1733 : }
1734 172956 : if (!blk->has_data && blk->data_len != 0)
1735 : {
1736 0 : report_invalid_record(state,
1737 : "BKPBLOCK_HAS_DATA not set, but data length is %u at %X/%X",
1738 0 : (unsigned int) blk->data_len,
1739 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1740 0 : goto err;
1741 : }
1742 172956 : datatotal += blk->data_len;
1743 :
1744 172956 : if (blk->has_image)
1745 : {
1746 9688 : COPY_HEADER_FIELD(&blk->bimg_len, sizeof(uint16));
1747 9688 : COPY_HEADER_FIELD(&blk->hole_offset, sizeof(uint16));
1748 9688 : COPY_HEADER_FIELD(&blk->bimg_info, sizeof(uint8));
1749 :
1750 9688 : blk->apply_image = ((blk->bimg_info & BKPIMAGE_APPLY) != 0);
1751 :
1752 9688 : if (BKPIMAGE_COMPRESSED(blk->bimg_info))
1753 : {
1754 0 : if (blk->bimg_info & BKPIMAGE_HAS_HOLE)
1755 0 : COPY_HEADER_FIELD(&blk->hole_length, sizeof(uint16));
1756 : else
1757 0 : blk->hole_length = 0;
1758 : }
1759 : else
1760 9688 : blk->hole_length = BLCKSZ - blk->bimg_len;
1761 9688 : datatotal += blk->bimg_len;
1762 :
1763 : /*
1764 : * cross-check that hole_offset > 0, hole_length > 0 and
1765 : * bimg_len < BLCKSZ if the HAS_HOLE flag is set.
1766 : */
1767 9688 : if ((blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1768 9592 : (blk->hole_offset == 0 ||
1769 9592 : blk->hole_length == 0 ||
1770 9592 : blk->bimg_len == BLCKSZ))
1771 : {
1772 0 : report_invalid_record(state,
1773 : "BKPIMAGE_HAS_HOLE set, but hole offset %u length %u block image length %u at %X/%X",
1774 0 : (unsigned int) blk->hole_offset,
1775 0 : (unsigned int) blk->hole_length,
1776 0 : (unsigned int) blk->bimg_len,
1777 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1778 0 : goto err;
1779 : }
1780 :
1781 : /*
1782 : * cross-check that hole_offset == 0 and hole_length == 0 if
1783 : * the HAS_HOLE flag is not set.
1784 : */
1785 9688 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1786 96 : (blk->hole_offset != 0 || blk->hole_length != 0))
1787 : {
1788 0 : report_invalid_record(state,
1789 : "BKPIMAGE_HAS_HOLE not set, but hole offset %u length %u at %X/%X",
1790 0 : (unsigned int) blk->hole_offset,
1791 0 : (unsigned int) blk->hole_length,
1792 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1793 0 : goto err;
1794 : }
1795 :
1796 : /*
1797 : * Cross-check that bimg_len < BLCKSZ if it is compressed.
1798 : */
1799 9688 : if (BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1800 0 : blk->bimg_len == BLCKSZ)
1801 : {
1802 0 : report_invalid_record(state,
1803 : "BKPIMAGE_COMPRESSED set, but block image length %u at %X/%X",
1804 0 : (unsigned int) blk->bimg_len,
1805 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1806 0 : goto err;
1807 : }
1808 :
1809 : /*
1810 : * cross-check that bimg_len = BLCKSZ if neither HAS_HOLE is
1811 : * set nor COMPRESSED().
1812 : */
1813 9688 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1814 96 : !BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1815 96 : blk->bimg_len != BLCKSZ)
1816 : {
1817 0 : report_invalid_record(state,
1818 : "neither BKPIMAGE_HAS_HOLE nor BKPIMAGE_COMPRESSED set, but block image length is %u at %X/%X",
1819 0 : (unsigned int) blk->data_len,
1820 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1821 0 : goto err;
1822 : }
1823 : }
1824 172956 : if (!(fork_flags & BKPBLOCK_SAME_REL))
1825 : {
1826 172284 : COPY_HEADER_FIELD(&blk->rnode, sizeof(RelFileNode));
1827 172284 : rnode = &blk->rnode;
1828 : }
1829 : else
1830 : {
1831 672 : if (rnode == NULL)
1832 : {
1833 0 : report_invalid_record(state,
1834 : "BKPBLOCK_SAME_REL set but no previous rel at %X/%X",
1835 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1836 0 : goto err;
1837 : }
1838 :
1839 672 : blk->rnode = *rnode;
1840 : }
1841 172956 : COPY_HEADER_FIELD(&blk->blkno, sizeof(BlockNumber));
1842 : }
1843 : else
1844 : {
1845 0 : report_invalid_record(state,
1846 : "invalid block_id %u at %X/%X",
1847 0 : block_id, LSN_FORMAT_ARGS(state->ReadRecPtr));
1848 0 : goto err;
1849 : }
1850 : }
1851 :
1852 176182 : if (remaining != datatotal)
1853 0 : goto shortdata_err;
1854 :
1855 : /*
1856 : * Ok, we've parsed the fragment headers, and verified that the total
1857 : * length of the payload in the fragments is equal to the amount of data
1858 : * left. Copy the data of each fragment to contiguous space after the
1859 : * blocks array, inserting alignment padding before the data fragments so
1860 : * they can be cast to struct pointers by REDO routines.
1861 : */
1862 176182 : out = ((char *) decoded) +
1863 176182 : offsetof(DecodedXLogRecord, blocks) +
1864 176182 : sizeof(decoded->blocks[0]) * (decoded->max_block_id + 1);
1865 :
1866 : /* block data first */
1867 349138 : for (block_id = 0; block_id <= decoded->max_block_id; block_id++)
1868 : {
1869 172956 : DecodedBkpBlock *blk = &decoded->blocks[block_id];
1870 :
1871 172956 : if (!blk->in_use)
1872 0 : continue;
1873 :
1874 : Assert(blk->has_image || !blk->apply_image);
1875 :
1876 172956 : if (blk->has_image)
1877 : {
1878 : /* no need to align image */
1879 9688 : blk->bkp_image = out;
1880 9688 : memcpy(out, ptr, blk->bimg_len);
1881 9688 : ptr += blk->bimg_len;
1882 9688 : out += blk->bimg_len;
1883 : }
1884 172956 : if (blk->has_data)
1885 : {
1886 81780 : out = (char *) MAXALIGN(out);
1887 81780 : blk->data = out;
1888 81780 : memcpy(blk->data, ptr, blk->data_len);
1889 81780 : ptr += blk->data_len;
1890 81780 : out += blk->data_len;
1891 : }
1892 : }
1893 :
1894 : /* and finally, the main data */
1895 176182 : if (decoded->main_data_len > 0)
1896 : {
1897 166576 : out = (char *) MAXALIGN(out);
1898 166576 : decoded->main_data = out;
1899 166576 : memcpy(decoded->main_data, ptr, decoded->main_data_len);
1900 166576 : ptr += decoded->main_data_len;
1901 166576 : out += decoded->main_data_len;
1902 : }
1903 :
1904 : /* Report the actual size we used. */
1905 176182 : decoded->size = MAXALIGN(out - (char *) decoded);
1906 : Assert(DecodeXLogRecordRequiredSpace(record->xl_tot_len) >=
1907 : decoded->size);
1908 :
1909 176182 : return true;
1910 :
1911 0 : shortdata_err:
1912 0 : report_invalid_record(state,
1913 : "record with invalid length at %X/%X",
1914 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1915 0 : err:
1916 0 : *errormsg = state->errormsg_buf;
1917 :
1918 0 : return false;
1919 : }
1920 :
1921 : /*
1922 : * Returns information about the block that a block reference refers to.
1923 : *
1924 : * This is like XLogRecGetBlockTagExtended, except that the block reference
1925 : * must exist and there's no access to prefetch_buffer.
1926 : */
1927 : void
1928 0 : XLogRecGetBlockTag(XLogReaderState *record, uint8 block_id,
1929 : RelFileNode *rnode, ForkNumber *forknum, BlockNumber *blknum)
1930 : {
1931 0 : if (!XLogRecGetBlockTagExtended(record, block_id, rnode, forknum, blknum,
1932 : NULL))
1933 : {
1934 : #ifndef FRONTEND
1935 : elog(ERROR, "failed to locate backup block with ID %d in WAL record",
1936 : block_id);
1937 : #else
1938 0 : pg_fatal("failed to locate backup block with ID %d in WAL record",
1939 : block_id);
1940 : #endif
1941 : }
1942 0 : }
1943 :
1944 : /*
1945 : * Returns information about the block that a block reference refers to,
1946 : * optionally including the buffer that the block may already be in.
1947 : *
1948 : * If the WAL record contains a block reference with the given ID, *rnode,
1949 : * *forknum, *blknum and *prefetch_buffer are filled in (if not NULL), and
1950 : * returns true. Otherwise returns false.
1951 : */
1952 : bool
1953 169844 : XLogRecGetBlockTagExtended(XLogReaderState *record, uint8 block_id,
1954 : RelFileNode *rnode, ForkNumber *forknum,
1955 : BlockNumber *blknum,
1956 : Buffer *prefetch_buffer)
1957 : {
1958 : DecodedBkpBlock *bkpb;
1959 :
1960 169844 : if (!XLogRecHasBlockRef(record, block_id))
1961 0 : return false;
1962 :
1963 169844 : bkpb = &record->record->blocks[block_id];
1964 169844 : if (rnode)
1965 169844 : *rnode = bkpb->rnode;
1966 169844 : if (forknum)
1967 169844 : *forknum = bkpb->forknum;
1968 169844 : if (blknum)
1969 169844 : *blknum = bkpb->blkno;
1970 169844 : if (prefetch_buffer)
1971 0 : *prefetch_buffer = bkpb->prefetch_buffer;
1972 169844 : return true;
1973 : }
1974 :
1975 : /*
1976 : * Returns the data associated with a block reference, or NULL if there is
1977 : * no data (e.g. because a full-page image was taken instead). The returned
1978 : * pointer points to a MAXALIGNed buffer.
1979 : */
1980 : char *
1981 0 : XLogRecGetBlockData(XLogReaderState *record, uint8 block_id, Size *len)
1982 : {
1983 : DecodedBkpBlock *bkpb;
1984 :
1985 0 : if (block_id > record->record->max_block_id ||
1986 0 : !record->record->blocks[block_id].in_use)
1987 0 : return NULL;
1988 :
1989 0 : bkpb = &record->record->blocks[block_id];
1990 :
1991 0 : if (!bkpb->has_data)
1992 : {
1993 0 : if (len)
1994 0 : *len = 0;
1995 0 : return NULL;
1996 : }
1997 : else
1998 : {
1999 0 : if (len)
2000 0 : *len = bkpb->data_len;
2001 0 : return bkpb->data;
2002 : }
2003 : }
2004 :
2005 : /*
2006 : * Restore a full-page image from a backup block attached to an XLOG record.
2007 : *
2008 : * Returns true if a full-page image is restored.
2009 : */
2010 : bool
2011 0 : RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
2012 : {
2013 : DecodedBkpBlock *bkpb;
2014 : char *ptr;
2015 : PGAlignedBlock tmp;
2016 :
2017 0 : if (block_id > record->record->max_block_id ||
2018 0 : !record->record->blocks[block_id].in_use)
2019 0 : return false;
2020 0 : if (!record->record->blocks[block_id].has_image)
2021 0 : return false;
2022 :
2023 0 : bkpb = &record->record->blocks[block_id];
2024 0 : ptr = bkpb->bkp_image;
2025 :
2026 0 : if (BKPIMAGE_COMPRESSED(bkpb->bimg_info))
2027 : {
2028 : /* If a backup block image is compressed, decompress it */
2029 0 : bool decomp_success = true;
2030 :
2031 0 : if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_PGLZ) != 0)
2032 : {
2033 0 : if (pglz_decompress(ptr, bkpb->bimg_len, tmp.data,
2034 0 : BLCKSZ - bkpb->hole_length, true) < 0)
2035 0 : decomp_success = false;
2036 : }
2037 0 : else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_LZ4) != 0)
2038 : {
2039 : #ifdef USE_LZ4
2040 0 : if (LZ4_decompress_safe(ptr, tmp.data,
2041 0 : bkpb->bimg_len, BLCKSZ - bkpb->hole_length) <= 0)
2042 0 : decomp_success = false;
2043 : #else
2044 : report_invalid_record(record, "image at %X/%X compressed with %s not supported by build, block %d",
2045 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2046 : "LZ4",
2047 : block_id);
2048 : return false;
2049 : #endif
2050 : }
2051 0 : else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_ZSTD) != 0)
2052 : {
2053 : #ifdef USE_ZSTD
2054 : size_t decomp_result = ZSTD_decompress(tmp.data,
2055 : BLCKSZ - bkpb->hole_length,
2056 : ptr, bkpb->bimg_len);
2057 :
2058 : if (ZSTD_isError(decomp_result))
2059 : decomp_success = false;
2060 : #else
2061 0 : report_invalid_record(record, "image at %X/%X compressed with %s not supported by build, block %d",
2062 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2063 : "zstd",
2064 : block_id);
2065 0 : return false;
2066 : #endif
2067 : }
2068 : else
2069 : {
2070 0 : report_invalid_record(record, "image at %X/%X compressed with unknown method, block %d",
2071 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2072 : block_id);
2073 0 : return false;
2074 : }
2075 :
2076 0 : if (!decomp_success)
2077 : {
2078 0 : report_invalid_record(record, "invalid compressed image at %X/%X, block %d",
2079 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2080 : block_id);
2081 0 : return false;
2082 : }
2083 :
2084 0 : ptr = tmp.data;
2085 : }
2086 :
2087 : /* generate page, taking into account hole if necessary */
2088 0 : if (bkpb->hole_length == 0)
2089 : {
2090 0 : memcpy(page, ptr, BLCKSZ);
2091 : }
2092 : else
2093 : {
2094 0 : memcpy(page, ptr, bkpb->hole_offset);
2095 : /* must zero-fill the hole */
2096 0 : MemSet(page + bkpb->hole_offset, 0, bkpb->hole_length);
2097 0 : memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
2098 0 : ptr + bkpb->hole_offset,
2099 0 : BLCKSZ - (bkpb->hole_offset + bkpb->hole_length));
2100 : }
2101 :
2102 0 : return true;
2103 : }
2104 :
2105 : #ifndef FRONTEND
2106 :
2107 : /*
2108 : * Extract the FullTransactionId from a WAL record.
2109 : */
2110 : FullTransactionId
2111 : XLogRecGetFullXid(XLogReaderState *record)
2112 : {
2113 : TransactionId xid,
2114 : next_xid;
2115 : uint32 epoch;
2116 :
2117 : /*
2118 : * This function is only safe during replay, because it depends on the
2119 : * replay state. See AdvanceNextFullTransactionIdPastXid() for more.
2120 : */
2121 : Assert(AmStartupProcess() || !IsUnderPostmaster);
2122 :
2123 : xid = XLogRecGetXid(record);
2124 : next_xid = XidFromFullTransactionId(ShmemVariableCache->nextXid);
2125 : epoch = EpochFromFullTransactionId(ShmemVariableCache->nextXid);
2126 :
2127 : /*
2128 : * If xid is numerically greater than next_xid, it has to be from the last
2129 : * epoch.
2130 : */
2131 : if (unlikely(xid > next_xid))
2132 : --epoch;
2133 :
2134 : return FullTransactionIdFromEpochAndXid(epoch, xid);
2135 : }
2136 :
2137 : #endif
|