Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * xlogreader.c
4 : * Generic XLog reading facility
5 : *
6 : * Portions Copyright (c) 2013-2024, PostgreSQL Global Development Group
7 : *
8 : * IDENTIFICATION
9 : * src/backend/access/transam/xlogreader.c
10 : *
11 : * NOTES
12 : * See xlogreader.h for more notes on this facility.
13 : *
14 : * This file is compiled as both front-end and backend code, so it
15 : * may not use ereport, server-defined static variables, etc.
16 : *-------------------------------------------------------------------------
17 : */
18 : #include "postgres.h"
19 :
20 : #include <unistd.h>
21 : #ifdef USE_LZ4
22 : #include <lz4.h>
23 : #endif
24 : #ifdef USE_ZSTD
25 : #include <zstd.h>
26 : #endif
27 :
28 : #include "access/transam.h"
29 : #include "access/xlog_internal.h"
30 : #include "access/xlogreader.h"
31 : #include "access/xlogrecord.h"
32 : #include "catalog/pg_control.h"
33 : #include "common/pg_lzcompress.h"
34 : #include "replication/origin.h"
35 :
36 : #ifndef FRONTEND
37 : #include "pgstat.h"
38 : #else
39 : #include "common/logging.h"
40 : #endif
41 :
42 : static void report_invalid_record(XLogReaderState *state, const char *fmt,...)
43 : pg_attribute_printf(2, 3);
44 : static void allocate_recordbuf(XLogReaderState *state, uint32 reclength);
45 : static int ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr,
46 : int reqLen);
47 : static void XLogReaderInvalReadState(XLogReaderState *state);
48 : static XLogPageReadResult XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking);
49 : static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
50 : XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess);
51 : static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record,
52 : XLogRecPtr recptr);
53 : static void ResetDecoder(XLogReaderState *state);
54 : static void WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
55 : int segsize, const char *waldir);
56 :
57 : /* size of the buffer allocated for error message. */
58 : #define MAX_ERRORMSG_LEN 1000
59 :
60 : /*
61 : * Default size; large enough that typical users of XLogReader won't often need
62 : * to use the 'oversized' memory allocation code path.
63 : */
64 : #define DEFAULT_DECODE_BUFFER_SIZE (64 * 1024)
65 :
66 : /*
67 : * Construct a string in state->errormsg_buf explaining what's wrong with
68 : * the current record being read.
69 : */
70 : static void
71 4 : report_invalid_record(XLogReaderState *state, const char *fmt,...)
72 : {
73 : va_list args;
74 :
75 4 : fmt = _(fmt);
76 :
77 4 : va_start(args, fmt);
78 4 : vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
79 4 : va_end(args);
80 :
81 4 : state->errormsg_deferred = true;
82 4 : }
83 :
84 : /*
85 : * Set the size of the decoding buffer. A pointer to a caller supplied memory
86 : * region may also be passed in, in which case non-oversized records will be
87 : * decoded there.
88 : */
89 : void
90 0 : XLogReaderSetDecodeBuffer(XLogReaderState *state, void *buffer, size_t size)
91 : {
92 : Assert(state->decode_buffer == NULL);
93 :
94 0 : state->decode_buffer = buffer;
95 0 : state->decode_buffer_size = size;
96 0 : state->decode_buffer_tail = buffer;
97 0 : state->decode_buffer_head = buffer;
98 0 : }
99 :
100 : /*
101 : * Allocate and initialize a new XLogReader.
102 : *
103 : * Returns NULL if the xlogreader couldn't be allocated.
104 : */
105 : XLogReaderState *
106 130 : XLogReaderAllocate(int wal_segment_size, const char *waldir,
107 : XLogReaderRoutine *routine, void *private_data)
108 : {
109 : XLogReaderState *state;
110 :
111 : state = (XLogReaderState *)
112 130 : palloc_extended(sizeof(XLogReaderState),
113 : MCXT_ALLOC_NO_OOM | MCXT_ALLOC_ZERO);
114 130 : if (!state)
115 0 : return NULL;
116 :
117 : /* initialize caller-provided support functions */
118 130 : state->routine = *routine;
119 :
120 : /*
121 : * Permanently allocate readBuf. We do it this way, rather than just
122 : * making a static array, for two reasons: (1) no need to waste the
123 : * storage in most instantiations of the backend; (2) a static char array
124 : * isn't guaranteed to have any particular alignment, whereas
125 : * palloc_extended() will provide MAXALIGN'd storage.
126 : */
127 130 : state->readBuf = (char *) palloc_extended(XLOG_BLCKSZ,
128 : MCXT_ALLOC_NO_OOM);
129 130 : if (!state->readBuf)
130 : {
131 0 : pfree(state);
132 0 : return NULL;
133 : }
134 :
135 : /* Initialize segment info. */
136 130 : WALOpenSegmentInit(&state->seg, &state->segcxt, wal_segment_size,
137 : waldir);
138 :
139 : /* system_identifier initialized to zeroes above */
140 130 : state->private_data = private_data;
141 : /* ReadRecPtr, EndRecPtr and readLen initialized to zeroes above */
142 130 : state->errormsg_buf = palloc_extended(MAX_ERRORMSG_LEN + 1,
143 : MCXT_ALLOC_NO_OOM);
144 130 : if (!state->errormsg_buf)
145 : {
146 0 : pfree(state->readBuf);
147 0 : pfree(state);
148 0 : return NULL;
149 : }
150 130 : state->errormsg_buf[0] = '\0';
151 :
152 : /*
153 : * Allocate an initial readRecordBuf of minimal size, which can later be
154 : * enlarged if necessary.
155 : */
156 130 : allocate_recordbuf(state, 0);
157 130 : return state;
158 : }
159 :
160 : void
161 126 : XLogReaderFree(XLogReaderState *state)
162 : {
163 126 : if (state->seg.ws_file != -1)
164 126 : state->routine.segment_close(state);
165 :
166 126 : if (state->decode_buffer && state->free_decode_buffer)
167 126 : pfree(state->decode_buffer);
168 :
169 126 : pfree(state->errormsg_buf);
170 126 : if (state->readRecordBuf)
171 126 : pfree(state->readRecordBuf);
172 126 : pfree(state->readBuf);
173 126 : pfree(state);
174 126 : }
175 :
176 : /*
177 : * Allocate readRecordBuf to fit a record of at least the given length.
178 : *
179 : * readRecordBufSize is set to the new buffer size.
180 : *
181 : * To avoid useless small increases, round its size to a multiple of
182 : * XLOG_BLCKSZ, and make sure it's at least 5*Max(BLCKSZ, XLOG_BLCKSZ) to start
183 : * with. (That is enough for all "normal" records, but very large commit or
184 : * abort records might need more space.)
185 : *
186 : * Note: This routine should *never* be called for xl_tot_len until the header
187 : * of the record has been fully validated.
188 : */
189 : static void
190 146 : allocate_recordbuf(XLogReaderState *state, uint32 reclength)
191 : {
192 146 : uint32 newSize = reclength;
193 :
194 146 : newSize += XLOG_BLCKSZ - (newSize % XLOG_BLCKSZ);
195 146 : newSize = Max(newSize, 5 * Max(BLCKSZ, XLOG_BLCKSZ));
196 :
197 146 : if (state->readRecordBuf)
198 16 : pfree(state->readRecordBuf);
199 146 : state->readRecordBuf = (char *) palloc(newSize);
200 146 : state->readRecordBufSize = newSize;
201 146 : }
202 :
203 : /*
204 : * Initialize the passed segment structs.
205 : */
206 : static void
207 130 : WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
208 : int segsize, const char *waldir)
209 : {
210 130 : seg->ws_file = -1;
211 130 : seg->ws_segno = 0;
212 130 : seg->ws_tli = 0;
213 :
214 130 : segcxt->ws_segsize = segsize;
215 130 : if (waldir)
216 130 : snprintf(segcxt->ws_dir, MAXPGPATH, "%s", waldir);
217 130 : }
218 :
219 : /*
220 : * Begin reading WAL at 'RecPtr'.
221 : *
222 : * 'RecPtr' should point to the beginning of a valid WAL record. Pointing at
223 : * the beginning of a page is also OK, if there is a new record right after
224 : * the page header, i.e. not a continuation.
225 : *
226 : * This does not make any attempt to read the WAL yet, and hence cannot fail.
227 : * If the starting address is not correct, the first call to XLogReadRecord()
228 : * will error out.
229 : */
230 : void
231 260 : XLogBeginRead(XLogReaderState *state, XLogRecPtr RecPtr)
232 : {
233 : Assert(!XLogRecPtrIsInvalid(RecPtr));
234 :
235 260 : ResetDecoder(state);
236 :
237 : /* Begin at the passed-in record pointer. */
238 260 : state->EndRecPtr = RecPtr;
239 260 : state->NextRecPtr = RecPtr;
240 260 : state->ReadRecPtr = InvalidXLogRecPtr;
241 260 : state->DecodeRecPtr = InvalidXLogRecPtr;
242 260 : }
243 :
244 : /*
245 : * Release the last record that was returned by XLogNextRecord(), if any, to
246 : * free up space. Returns the LSN past the end of the record.
247 : */
248 : XLogRecPtr
249 2457276 : XLogReleasePreviousRecord(XLogReaderState *state)
250 : {
251 : DecodedXLogRecord *record;
252 : XLogRecPtr next_lsn;
253 :
254 2457276 : if (!state->record)
255 1228898 : return InvalidXLogRecPtr;
256 :
257 : /*
258 : * Remove it from the decoded record queue. It must be the oldest item
259 : * decoded, decode_queue_head.
260 : */
261 1228378 : record = state->record;
262 1228378 : next_lsn = record->next_lsn;
263 : Assert(record == state->decode_queue_head);
264 1228378 : state->record = NULL;
265 1228378 : state->decode_queue_head = record->next;
266 :
267 : /* It might also be the newest item decoded, decode_queue_tail. */
268 1228378 : if (state->decode_queue_tail == record)
269 1228378 : state->decode_queue_tail = NULL;
270 :
271 : /* Release the space. */
272 1228378 : if (unlikely(record->oversized))
273 : {
274 : /* It's not in the decode buffer, so free it to release space. */
275 24 : pfree(record);
276 : }
277 : else
278 : {
279 : /* It must be the head (oldest) record in the decode buffer. */
280 : Assert(state->decode_buffer_head == (char *) record);
281 :
282 : /*
283 : * We need to update head to point to the next record that is in the
284 : * decode buffer, if any, being careful to skip oversized ones
285 : * (they're not in the decode buffer).
286 : */
287 1228354 : record = record->next;
288 1228354 : while (unlikely(record && record->oversized))
289 0 : record = record->next;
290 :
291 1228354 : if (record)
292 : {
293 : /* Adjust head to release space up to the next record. */
294 0 : state->decode_buffer_head = (char *) record;
295 : }
296 : else
297 : {
298 : /*
299 : * Otherwise we might as well just reset head and tail to the
300 : * start of the buffer space, because we're empty. This means
301 : * we'll keep overwriting the same piece of memory if we're not
302 : * doing any prefetching.
303 : */
304 1228354 : state->decode_buffer_head = state->decode_buffer;
305 1228354 : state->decode_buffer_tail = state->decode_buffer;
306 : }
307 : }
308 :
309 1228378 : return next_lsn;
310 : }
311 :
312 : /*
313 : * Attempt to read an XLOG record.
314 : *
315 : * XLogBeginRead() or XLogFindNextRecord() and then XLogReadAhead() must be
316 : * called before the first call to XLogNextRecord(). This functions returns
317 : * records and errors that were put into an internal queue by XLogReadAhead().
318 : *
319 : * On success, a record is returned.
320 : *
321 : * The returned record (or *errormsg) points to an internal buffer that's
322 : * valid until the next call to XLogNextRecord.
323 : */
324 : DecodedXLogRecord *
325 1228638 : XLogNextRecord(XLogReaderState *state, char **errormsg)
326 : {
327 : /* Release the last record returned by XLogNextRecord(). */
328 1228638 : XLogReleasePreviousRecord(state);
329 :
330 1228638 : if (state->decode_queue_head == NULL)
331 : {
332 128 : *errormsg = NULL;
333 128 : if (state->errormsg_deferred)
334 : {
335 4 : if (state->errormsg_buf[0] != '\0')
336 4 : *errormsg = state->errormsg_buf;
337 4 : state->errormsg_deferred = false;
338 : }
339 :
340 : /*
341 : * state->EndRecPtr is expected to have been set by the last call to
342 : * XLogBeginRead() or XLogNextRecord(), and is the location of the
343 : * error.
344 : */
345 : Assert(!XLogRecPtrIsInvalid(state->EndRecPtr));
346 :
347 128 : return NULL;
348 : }
349 :
350 : /*
351 : * Record this as the most recent record returned, so that we'll release
352 : * it next time. This also exposes it to the traditional
353 : * XLogRecXXX(xlogreader) macros, which work with the decoder rather than
354 : * the record for historical reasons.
355 : */
356 1228510 : state->record = state->decode_queue_head;
357 :
358 : /*
359 : * Update the pointers to the beginning and one-past-the-end of this
360 : * record, again for the benefit of historical code that expected the
361 : * decoder to track this rather than accessing these fields of the record
362 : * itself.
363 : */
364 1228510 : state->ReadRecPtr = state->record->lsn;
365 1228510 : state->EndRecPtr = state->record->next_lsn;
366 :
367 1228510 : *errormsg = NULL;
368 :
369 1228510 : return state->record;
370 : }
371 :
372 : /*
373 : * Attempt to read an XLOG record.
374 : *
375 : * XLogBeginRead() or XLogFindNextRecord() must be called before the first call
376 : * to XLogReadRecord().
377 : *
378 : * If the page_read callback fails to read the requested data, NULL is
379 : * returned. The callback is expected to have reported the error; errormsg
380 : * is set to NULL.
381 : *
382 : * If the reading fails for some other reason, NULL is also returned, and
383 : * *errormsg is set to a string with details of the failure.
384 : *
385 : * The returned pointer (or *errormsg) points to an internal buffer that's
386 : * valid until the next call to XLogReadRecord.
387 : */
388 : XLogRecord *
389 1228638 : XLogReadRecord(XLogReaderState *state, char **errormsg)
390 : {
391 : DecodedXLogRecord *decoded;
392 :
393 : /*
394 : * Release last returned record, if there is one. We need to do this so
395 : * that we can check for empty decode queue accurately.
396 : */
397 1228638 : XLogReleasePreviousRecord(state);
398 :
399 : /*
400 : * Call XLogReadAhead() in blocking mode to make sure there is something
401 : * in the queue, though we don't use the result.
402 : */
403 1228638 : if (!XLogReaderHasQueuedRecordOrError(state))
404 1228638 : XLogReadAhead(state, false /* nonblocking */ );
405 :
406 : /* Consume the head record or error. */
407 1228638 : decoded = XLogNextRecord(state, errormsg);
408 1228638 : if (decoded)
409 : {
410 : /*
411 : * This function returns a pointer to the record's header, not the
412 : * actual decoded record. The caller will access the decoded record
413 : * through the XLogRecGetXXX() macros, which reach the decoded
414 : * recorded as xlogreader->record.
415 : */
416 : Assert(state->record == decoded);
417 1228510 : return &decoded->header;
418 : }
419 :
420 128 : return NULL;
421 : }
422 :
423 : /*
424 : * Allocate space for a decoded record. The only member of the returned
425 : * object that is initialized is the 'oversized' flag, indicating that the
426 : * decoded record wouldn't fit in the decode buffer and must eventually be
427 : * freed explicitly.
428 : *
429 : * The caller is responsible for adjusting decode_buffer_tail with the real
430 : * size after successfully decoding a record into this space. This way, if
431 : * decoding fails, then there is nothing to undo unless the 'oversized' flag
432 : * was set and pfree() must be called.
433 : *
434 : * Return NULL if there is no space in the decode buffer and allow_oversized
435 : * is false, or if memory allocation fails for an oversized buffer.
436 : */
437 : static DecodedXLogRecord *
438 1228534 : XLogReadRecordAlloc(XLogReaderState *state, size_t xl_tot_len, bool allow_oversized)
439 : {
440 1228534 : size_t required_space = DecodeXLogRecordRequiredSpace(xl_tot_len);
441 1228534 : DecodedXLogRecord *decoded = NULL;
442 :
443 : /* Allocate a circular decode buffer if we don't have one already. */
444 1228534 : if (unlikely(state->decode_buffer == NULL))
445 : {
446 130 : if (state->decode_buffer_size == 0)
447 130 : state->decode_buffer_size = DEFAULT_DECODE_BUFFER_SIZE;
448 130 : state->decode_buffer = palloc(state->decode_buffer_size);
449 130 : state->decode_buffer_head = state->decode_buffer;
450 130 : state->decode_buffer_tail = state->decode_buffer;
451 130 : state->free_decode_buffer = true;
452 : }
453 :
454 : /* Try to allocate space in the circular decode buffer. */
455 1228534 : if (state->decode_buffer_tail >= state->decode_buffer_head)
456 : {
457 : /* Empty, or tail is to the right of head. */
458 1228534 : if (required_space <=
459 1228534 : state->decode_buffer_size -
460 1228534 : (state->decode_buffer_tail - state->decode_buffer))
461 : {
462 : /*-
463 : * There is space between tail and end.
464 : *
465 : * +-----+--------------------+-----+
466 : * | |////////////////////|here!|
467 : * +-----+--------------------+-----+
468 : * ^ ^
469 : * | |
470 : * h t
471 : */
472 1228486 : decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
473 1228486 : decoded->oversized = false;
474 1228486 : return decoded;
475 : }
476 48 : else if (required_space <
477 48 : state->decode_buffer_head - state->decode_buffer)
478 : {
479 : /*-
480 : * There is space between start and head.
481 : *
482 : * +-----+--------------------+-----+
483 : * |here!|////////////////////| |
484 : * +-----+--------------------+-----+
485 : * ^ ^
486 : * | |
487 : * h t
488 : */
489 0 : decoded = (DecodedXLogRecord *) state->decode_buffer;
490 0 : decoded->oversized = false;
491 0 : return decoded;
492 : }
493 : }
494 : else
495 : {
496 : /* Tail is to the left of head. */
497 0 : if (required_space <
498 0 : state->decode_buffer_head - state->decode_buffer_tail)
499 : {
500 : /*-
501 : * There is space between tail and head.
502 : *
503 : * +-----+--------------------+-----+
504 : * |/////|here! |/////|
505 : * +-----+--------------------+-----+
506 : * ^ ^
507 : * | |
508 : * t h
509 : */
510 0 : decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
511 0 : decoded->oversized = false;
512 0 : return decoded;
513 : }
514 : }
515 :
516 : /* Not enough space in the decode buffer. Are we allowed to allocate? */
517 48 : if (allow_oversized)
518 : {
519 24 : decoded = palloc(required_space);
520 24 : decoded->oversized = true;
521 24 : return decoded;
522 : }
523 :
524 24 : return NULL;
525 : }
526 :
527 : static XLogPageReadResult
528 1228638 : XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking)
529 : {
530 : XLogRecPtr RecPtr;
531 : XLogRecord *record;
532 : XLogRecPtr targetPagePtr;
533 : bool randAccess;
534 : uint32 len,
535 : total_len;
536 : uint32 targetRecOff;
537 : uint32 pageHeaderSize;
538 : bool assembled;
539 : bool gotheader;
540 : int readOff;
541 : DecodedXLogRecord *decoded;
542 : char *errormsg; /* not used */
543 :
544 : /*
545 : * randAccess indicates whether to verify the previous-record pointer of
546 : * the record we're reading. We only do this if we're reading
547 : * sequentially, which is what we initially assume.
548 : */
549 1228638 : randAccess = false;
550 :
551 : /* reset error state */
552 1228638 : state->errormsg_buf[0] = '\0';
553 1228638 : decoded = NULL;
554 :
555 1228638 : state->abortedRecPtr = InvalidXLogRecPtr;
556 1228638 : state->missingContrecPtr = InvalidXLogRecPtr;
557 :
558 1228638 : RecPtr = state->NextRecPtr;
559 :
560 1228638 : if (state->DecodeRecPtr != InvalidXLogRecPtr)
561 : {
562 : /* read the record after the one we just read */
563 :
564 : /*
565 : * NextRecPtr is pointing to end+1 of the previous WAL record. If
566 : * we're at a page boundary, no more records can fit on the current
567 : * page. We must skip over the page header, but we can't do that until
568 : * we've read in the page, since the header size is variable.
569 : */
570 : }
571 : else
572 : {
573 : /*
574 : * Caller supplied a position to start at.
575 : *
576 : * In this case, NextRecPtr should already be pointing either to a
577 : * valid record starting position or alternatively to the beginning of
578 : * a page. See the header comments for XLogBeginRead.
579 : */
580 : Assert(RecPtr % XLOG_BLCKSZ == 0 || XRecOffIsValid(RecPtr));
581 260 : randAccess = true;
582 : }
583 :
584 1228638 : restart:
585 1228638 : state->nonblocking = nonblocking;
586 1228638 : state->currRecPtr = RecPtr;
587 1228638 : assembled = false;
588 :
589 1228638 : targetPagePtr = RecPtr - (RecPtr % XLOG_BLCKSZ);
590 1228638 : targetRecOff = RecPtr % XLOG_BLCKSZ;
591 :
592 : /*
593 : * Read the page containing the record into state->readBuf. Request enough
594 : * byte to cover the whole record header, or at least the part of it that
595 : * fits on the same page.
596 : */
597 1228638 : readOff = ReadPageInternal(state, targetPagePtr,
598 1228638 : Min(targetRecOff + SizeOfXLogRecord, XLOG_BLCKSZ));
599 1228638 : if (readOff == XLREAD_WOULDBLOCK)
600 0 : return XLREAD_WOULDBLOCK;
601 1228638 : else if (readOff < 0)
602 124 : goto err;
603 :
604 : /*
605 : * ReadPageInternal always returns at least the page header, so we can
606 : * examine it now.
607 : */
608 1228514 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
609 1228514 : if (targetRecOff == 0)
610 : {
611 : /*
612 : * At page start, so skip over page header.
613 : */
614 1164 : RecPtr += pageHeaderSize;
615 1164 : targetRecOff = pageHeaderSize;
616 : }
617 1227350 : else if (targetRecOff < pageHeaderSize)
618 : {
619 0 : report_invalid_record(state, "invalid record offset at %X/%X: expected at least %u, got %u",
620 0 : LSN_FORMAT_ARGS(RecPtr),
621 : pageHeaderSize, targetRecOff);
622 0 : goto err;
623 : }
624 :
625 1228514 : if ((((XLogPageHeader) state->readBuf)->xlp_info & XLP_FIRST_IS_CONTRECORD) &&
626 : targetRecOff == pageHeaderSize)
627 : {
628 0 : report_invalid_record(state, "contrecord is requested by %X/%X",
629 0 : LSN_FORMAT_ARGS(RecPtr));
630 0 : goto err;
631 : }
632 :
633 : /* ReadPageInternal has verified the page header */
634 : Assert(pageHeaderSize <= readOff);
635 :
636 : /*
637 : * Read the record length.
638 : *
639 : * NB: Even though we use an XLogRecord pointer here, the whole record
640 : * header might not fit on this page. xl_tot_len is the first field of the
641 : * struct, so it must be on this page (the records are MAXALIGNed), but we
642 : * cannot access any other fields until we've verified that we got the
643 : * whole header.
644 : */
645 1228514 : record = (XLogRecord *) (state->readBuf + RecPtr % XLOG_BLCKSZ);
646 1228514 : total_len = record->xl_tot_len;
647 :
648 : /*
649 : * If the whole record header is on this page, validate it immediately.
650 : * Otherwise do just a basic sanity check on xl_tot_len, and validate the
651 : * rest of the header after reading it from the next page. The xl_tot_len
652 : * check is necessary here to ensure that we enter the "Need to reassemble
653 : * record" code path below; otherwise we might fail to apply
654 : * ValidXLogRecordHeader at all.
655 : */
656 1228514 : if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
657 : {
658 1226018 : if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr, record,
659 : randAccess))
660 4 : goto err;
661 1226014 : gotheader = true;
662 : }
663 : else
664 : {
665 : /* There may be no next page if it's too small. */
666 2496 : if (total_len < SizeOfXLogRecord)
667 : {
668 0 : report_invalid_record(state,
669 : "invalid record length at %X/%X: expected at least %u, got %u",
670 0 : LSN_FORMAT_ARGS(RecPtr),
671 : (uint32) SizeOfXLogRecord, total_len);
672 0 : goto err;
673 : }
674 : /* We'll validate the header once we have the next page. */
675 2496 : gotheader = false;
676 : }
677 :
678 : /*
679 : * Try to find space to decode this record, if we can do so without
680 : * calling palloc. If we can't, we'll try again below after we've
681 : * validated that total_len isn't garbage bytes from a recycled WAL page.
682 : */
683 1228510 : decoded = XLogReadRecordAlloc(state,
684 : total_len,
685 : false /* allow_oversized */ );
686 1228510 : if (decoded == NULL && nonblocking)
687 : {
688 : /*
689 : * There is no space in the circular decode buffer, and the caller is
690 : * only reading ahead. The caller should consume existing records to
691 : * make space.
692 : */
693 0 : return XLREAD_WOULDBLOCK;
694 : }
695 :
696 1228510 : len = XLOG_BLCKSZ - RecPtr % XLOG_BLCKSZ;
697 1228510 : if (total_len > len)
698 : {
699 : /* Need to reassemble record */
700 : char *contdata;
701 : XLogPageHeader pageHeader;
702 : char *buffer;
703 : uint32 gotlen;
704 :
705 34704 : assembled = true;
706 :
707 : /*
708 : * We always have space for a couple of pages, enough to validate a
709 : * boundary-spanning record header.
710 : */
711 : Assert(state->readRecordBufSize >= XLOG_BLCKSZ * 2);
712 : Assert(state->readRecordBufSize >= len);
713 :
714 : /* Copy the first fragment of the record from the first page. */
715 34704 : memcpy(state->readRecordBuf,
716 34704 : state->readBuf + RecPtr % XLOG_BLCKSZ, len);
717 34704 : buffer = state->readRecordBuf + len;
718 34704 : gotlen = len;
719 :
720 : do
721 : {
722 : /* Calculate pointer to beginning of next page */
723 35428 : targetPagePtr += XLOG_BLCKSZ;
724 :
725 : /* Wait for the next page to become available */
726 35428 : readOff = ReadPageInternal(state, targetPagePtr,
727 35428 : Min(total_len - gotlen + SizeOfXLogShortPHD,
728 : XLOG_BLCKSZ));
729 :
730 35428 : if (readOff == XLREAD_WOULDBLOCK)
731 0 : return XLREAD_WOULDBLOCK;
732 35428 : else if (readOff < 0)
733 0 : goto err;
734 :
735 : Assert(SizeOfXLogShortPHD <= readOff);
736 :
737 35428 : pageHeader = (XLogPageHeader) state->readBuf;
738 :
739 : /*
740 : * If we were expecting a continuation record and got an
741 : * "overwrite contrecord" flag, that means the continuation record
742 : * was overwritten with a different record. Restart the read by
743 : * assuming the address to read is the location where we found
744 : * this flag; but keep track of the LSN of the record we were
745 : * reading, for later verification.
746 : */
747 35428 : if (pageHeader->xlp_info & XLP_FIRST_IS_OVERWRITE_CONTRECORD)
748 : {
749 0 : state->overwrittenRecPtr = RecPtr;
750 0 : RecPtr = targetPagePtr;
751 0 : goto restart;
752 : }
753 :
754 : /* Check that the continuation on next page looks valid */
755 35428 : if (!(pageHeader->xlp_info & XLP_FIRST_IS_CONTRECORD))
756 : {
757 0 : report_invalid_record(state,
758 : "there is no contrecord flag at %X/%X",
759 0 : LSN_FORMAT_ARGS(RecPtr));
760 0 : goto err;
761 : }
762 :
763 : /*
764 : * Cross-check that xlp_rem_len agrees with how much of the record
765 : * we expect there to be left.
766 : */
767 35428 : if (pageHeader->xlp_rem_len == 0 ||
768 35428 : total_len != (pageHeader->xlp_rem_len + gotlen))
769 : {
770 0 : report_invalid_record(state,
771 : "invalid contrecord length %u (expected %lld) at %X/%X",
772 : pageHeader->xlp_rem_len,
773 0 : ((long long) total_len) - gotlen,
774 0 : LSN_FORMAT_ARGS(RecPtr));
775 0 : goto err;
776 : }
777 :
778 : /* Append the continuation from this page to the buffer */
779 35428 : pageHeaderSize = XLogPageHeaderSize(pageHeader);
780 :
781 35428 : if (readOff < pageHeaderSize)
782 0 : readOff = ReadPageInternal(state, targetPagePtr,
783 : pageHeaderSize);
784 :
785 : Assert(pageHeaderSize <= readOff);
786 :
787 35428 : contdata = (char *) state->readBuf + pageHeaderSize;
788 35428 : len = XLOG_BLCKSZ - pageHeaderSize;
789 35428 : if (pageHeader->xlp_rem_len < len)
790 34704 : len = pageHeader->xlp_rem_len;
791 :
792 35428 : if (readOff < pageHeaderSize + len)
793 0 : readOff = ReadPageInternal(state, targetPagePtr,
794 0 : pageHeaderSize + len);
795 :
796 35428 : memcpy(buffer, (char *) contdata, len);
797 35428 : buffer += len;
798 35428 : gotlen += len;
799 :
800 : /* If we just reassembled the record header, validate it. */
801 35428 : if (!gotheader)
802 : {
803 2496 : record = (XLogRecord *) state->readRecordBuf;
804 2496 : if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr,
805 : record, randAccess))
806 0 : goto err;
807 2496 : gotheader = true;
808 : }
809 :
810 : /*
811 : * We might need a bigger buffer. We have validated the record
812 : * header, in the case that it split over a page boundary. We've
813 : * also cross-checked total_len against xlp_rem_len on the second
814 : * page, and verified xlp_pageaddr on both.
815 : */
816 35428 : if (total_len > state->readRecordBufSize)
817 : {
818 : char save_copy[XLOG_BLCKSZ * 2];
819 :
820 : /*
821 : * Save and restore the data we already had. It can't be more
822 : * than two pages.
823 : */
824 : Assert(gotlen <= lengthof(save_copy));
825 : Assert(gotlen <= state->readRecordBufSize);
826 16 : memcpy(save_copy, state->readRecordBuf, gotlen);
827 16 : allocate_recordbuf(state, total_len);
828 16 : memcpy(state->readRecordBuf, save_copy, gotlen);
829 16 : buffer = state->readRecordBuf + gotlen;
830 : }
831 35428 : } while (gotlen < total_len);
832 : Assert(gotheader);
833 :
834 34704 : record = (XLogRecord *) state->readRecordBuf;
835 34704 : if (!ValidXLogRecord(state, record, RecPtr))
836 0 : goto err;
837 :
838 34704 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
839 34704 : state->DecodeRecPtr = RecPtr;
840 34704 : state->NextRecPtr = targetPagePtr + pageHeaderSize
841 34704 : + MAXALIGN(pageHeader->xlp_rem_len);
842 : }
843 : else
844 : {
845 : /* Wait for the record data to become available */
846 1193806 : readOff = ReadPageInternal(state, targetPagePtr,
847 1193806 : Min(targetRecOff + total_len, XLOG_BLCKSZ));
848 1193806 : if (readOff == XLREAD_WOULDBLOCK)
849 0 : return XLREAD_WOULDBLOCK;
850 1193806 : else if (readOff < 0)
851 0 : goto err;
852 :
853 : /* Record does not cross a page boundary */
854 1193806 : if (!ValidXLogRecord(state, record, RecPtr))
855 0 : goto err;
856 :
857 1193806 : state->NextRecPtr = RecPtr + MAXALIGN(total_len);
858 :
859 1193806 : state->DecodeRecPtr = RecPtr;
860 : }
861 :
862 : /*
863 : * Special processing if it's an XLOG SWITCH record
864 : */
865 1228510 : if (record->xl_rmid == RM_XLOG_ID &&
866 33328 : (record->xl_info & ~XLR_INFO_MASK) == XLOG_SWITCH)
867 : {
868 : /* Pretend it extends to end of segment */
869 14 : state->NextRecPtr += state->segcxt.ws_segsize - 1;
870 14 : state->NextRecPtr -= XLogSegmentOffset(state->NextRecPtr, state->segcxt.ws_segsize);
871 : }
872 :
873 : /*
874 : * If we got here without a DecodedXLogRecord, it means we needed to
875 : * validate total_len before trusting it, but by now we've done that.
876 : */
877 1228510 : if (decoded == NULL)
878 : {
879 : Assert(!nonblocking);
880 24 : decoded = XLogReadRecordAlloc(state,
881 : total_len,
882 : true /* allow_oversized */ );
883 : /* allocation should always happen under allow_oversized */
884 : Assert(decoded != NULL);
885 : }
886 :
887 1228510 : if (DecodeXLogRecord(state, decoded, record, RecPtr, &errormsg))
888 : {
889 : /* Record the location of the next record. */
890 1228510 : decoded->next_lsn = state->NextRecPtr;
891 :
892 : /*
893 : * If it's in the decode buffer, mark the decode buffer space as
894 : * occupied.
895 : */
896 1228510 : if (!decoded->oversized)
897 : {
898 : /* The new decode buffer head must be MAXALIGNed. */
899 : Assert(decoded->size == MAXALIGN(decoded->size));
900 1228486 : if ((char *) decoded == state->decode_buffer)
901 1228486 : state->decode_buffer_tail = state->decode_buffer + decoded->size;
902 : else
903 0 : state->decode_buffer_tail += decoded->size;
904 : }
905 :
906 : /* Insert it into the queue of decoded records. */
907 : Assert(state->decode_queue_tail != decoded);
908 1228510 : if (state->decode_queue_tail)
909 0 : state->decode_queue_tail->next = decoded;
910 1228510 : state->decode_queue_tail = decoded;
911 1228510 : if (!state->decode_queue_head)
912 1228510 : state->decode_queue_head = decoded;
913 1228510 : return XLREAD_SUCCESS;
914 : }
915 :
916 0 : err:
917 128 : if (assembled)
918 : {
919 : /*
920 : * We get here when a record that spans multiple pages needs to be
921 : * assembled, but something went wrong -- perhaps a contrecord piece
922 : * was lost. If caller is WAL replay, it will know where the aborted
923 : * record was and where to direct followup WAL to be written, marking
924 : * the next piece with XLP_FIRST_IS_OVERWRITE_CONTRECORD, which will
925 : * in turn signal downstream WAL consumers that the broken WAL record
926 : * is to be ignored.
927 : */
928 0 : state->abortedRecPtr = RecPtr;
929 0 : state->missingContrecPtr = targetPagePtr;
930 :
931 : /*
932 : * If we got here without reporting an error, make sure an error is
933 : * queued so that XLogPrefetcherReadRecord() doesn't bring us back a
934 : * second time and clobber the above state.
935 : */
936 0 : state->errormsg_deferred = true;
937 : }
938 :
939 128 : if (decoded && decoded->oversized)
940 0 : pfree(decoded);
941 :
942 : /*
943 : * Invalidate the read state. We might read from a different source after
944 : * failure.
945 : */
946 128 : XLogReaderInvalReadState(state);
947 :
948 : /*
949 : * If an error was written to errormsg_buf, it'll be returned to the
950 : * caller of XLogReadRecord() after all successfully decoded records from
951 : * the read queue.
952 : */
953 :
954 128 : return XLREAD_FAIL;
955 : }
956 :
957 : /*
958 : * Try to decode the next available record, and return it. The record will
959 : * also be returned to XLogNextRecord(), which must be called to 'consume'
960 : * each record.
961 : *
962 : * If nonblocking is true, may return NULL due to lack of data or WAL decoding
963 : * space.
964 : */
965 : DecodedXLogRecord *
966 1228638 : XLogReadAhead(XLogReaderState *state, bool nonblocking)
967 : {
968 : XLogPageReadResult result;
969 :
970 1228638 : if (state->errormsg_deferred)
971 0 : return NULL;
972 :
973 1228638 : result = XLogDecodeNextRecord(state, nonblocking);
974 1228638 : if (result == XLREAD_SUCCESS)
975 : {
976 : Assert(state->decode_queue_tail != NULL);
977 1228510 : return state->decode_queue_tail;
978 : }
979 :
980 128 : return NULL;
981 : }
982 :
983 : /*
984 : * Read a single xlog page including at least [pageptr, reqLen] of valid data
985 : * via the page_read() callback.
986 : *
987 : * Returns XLREAD_FAIL if the required page cannot be read for some
988 : * reason; errormsg_buf is set in that case (unless the error occurs in the
989 : * page_read callback).
990 : *
991 : * Returns XLREAD_WOULDBLOCK if the requested data can't be read without
992 : * waiting. This can be returned only if the installed page_read callback
993 : * respects the state->nonblocking flag, and cannot read the requested data
994 : * immediately.
995 : *
996 : * We fetch the page from a reader-local cache if we know we have the required
997 : * data and if there hasn't been any error since caching the data.
998 : */
999 : static int
1000 2458132 : ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
1001 : {
1002 : int readLen;
1003 : uint32 targetPageOff;
1004 : XLogSegNo targetSegNo;
1005 : XLogPageHeader hdr;
1006 :
1007 : Assert((pageptr % XLOG_BLCKSZ) == 0);
1008 :
1009 2458132 : XLByteToSeg(pageptr, targetSegNo, state->segcxt.ws_segsize);
1010 2458132 : targetPageOff = XLogSegmentOffset(pageptr, state->segcxt.ws_segsize);
1011 :
1012 : /* check whether we have all the requested data already */
1013 2458132 : if (targetSegNo == state->seg.ws_segno &&
1014 2457988 : targetPageOff == state->segoff && reqLen <= state->readLen)
1015 2421286 : return state->readLen;
1016 :
1017 : /*
1018 : * Invalidate contents of internal buffer before read attempt. Just set
1019 : * the length to 0, rather than a full XLogReaderInvalReadState(), so we
1020 : * don't forget the segment we last successfully read.
1021 : */
1022 36846 : state->readLen = 0;
1023 :
1024 : /*
1025 : * Data is not in our buffer.
1026 : *
1027 : * Every time we actually read the segment, even if we looked at parts of
1028 : * it before, we need to do verification as the page_read callback might
1029 : * now be rereading data from a different source.
1030 : *
1031 : * Whenever switching to a new WAL segment, we read the first page of the
1032 : * file and validate its header, even if that's not where the target
1033 : * record is. This is so that we can check the additional identification
1034 : * info that is present in the first page's "long" header.
1035 : */
1036 36846 : if (targetSegNo != state->seg.ws_segno && targetPageOff != 0)
1037 : {
1038 26 : XLogRecPtr targetSegmentPtr = pageptr - targetPageOff;
1039 :
1040 26 : readLen = state->routine.page_read(state, targetSegmentPtr, XLOG_BLCKSZ,
1041 : state->currRecPtr,
1042 : state->readBuf);
1043 26 : if (readLen == XLREAD_WOULDBLOCK)
1044 0 : return XLREAD_WOULDBLOCK;
1045 26 : else if (readLen < 0)
1046 0 : goto err;
1047 :
1048 : /* we can be sure to have enough WAL available, we scrolled back */
1049 : Assert(readLen == XLOG_BLCKSZ);
1050 :
1051 26 : if (!XLogReaderValidatePageHeader(state, targetSegmentPtr,
1052 : state->readBuf))
1053 0 : goto err;
1054 : }
1055 :
1056 : /*
1057 : * First, read the requested data length, but at least a short page header
1058 : * so that we can validate it.
1059 : */
1060 36846 : readLen = state->routine.page_read(state, pageptr, Max(reqLen, SizeOfXLogShortPHD),
1061 : state->currRecPtr,
1062 : state->readBuf);
1063 36846 : if (readLen == XLREAD_WOULDBLOCK)
1064 0 : return XLREAD_WOULDBLOCK;
1065 36846 : else if (readLen < 0)
1066 124 : goto err;
1067 :
1068 : Assert(readLen <= XLOG_BLCKSZ);
1069 :
1070 : /* Do we have enough data to check the header length? */
1071 36722 : if (readLen <= SizeOfXLogShortPHD)
1072 0 : goto err;
1073 :
1074 : Assert(readLen >= reqLen);
1075 :
1076 36722 : hdr = (XLogPageHeader) state->readBuf;
1077 :
1078 : /* still not enough */
1079 36722 : if (readLen < XLogPageHeaderSize(hdr))
1080 : {
1081 0 : readLen = state->routine.page_read(state, pageptr, XLogPageHeaderSize(hdr),
1082 : state->currRecPtr,
1083 : state->readBuf);
1084 0 : if (readLen == XLREAD_WOULDBLOCK)
1085 0 : return XLREAD_WOULDBLOCK;
1086 0 : else if (readLen < 0)
1087 0 : goto err;
1088 : }
1089 :
1090 : /*
1091 : * Now that we know we have the full header, validate it.
1092 : */
1093 36722 : if (!XLogReaderValidatePageHeader(state, pageptr, (char *) hdr))
1094 0 : goto err;
1095 :
1096 : /* update read state information */
1097 36722 : state->seg.ws_segno = targetSegNo;
1098 36722 : state->segoff = targetPageOff;
1099 36722 : state->readLen = readLen;
1100 :
1101 36722 : return readLen;
1102 :
1103 124 : err:
1104 124 : XLogReaderInvalReadState(state);
1105 :
1106 124 : return XLREAD_FAIL;
1107 : }
1108 :
1109 : /*
1110 : * Invalidate the xlogreader's read state to force a re-read.
1111 : */
1112 : static void
1113 252 : XLogReaderInvalReadState(XLogReaderState *state)
1114 : {
1115 252 : state->seg.ws_segno = 0;
1116 252 : state->segoff = 0;
1117 252 : state->readLen = 0;
1118 252 : }
1119 :
1120 : /*
1121 : * Validate an XLOG record header.
1122 : *
1123 : * This is just a convenience subroutine to avoid duplicated code in
1124 : * XLogReadRecord. It's not intended for use from anywhere else.
1125 : */
1126 : static bool
1127 1228514 : ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
1128 : XLogRecPtr PrevRecPtr, XLogRecord *record,
1129 : bool randAccess)
1130 : {
1131 1228514 : if (record->xl_tot_len < SizeOfXLogRecord)
1132 : {
1133 4 : report_invalid_record(state,
1134 : "invalid record length at %X/%X: expected at least %u, got %u",
1135 4 : LSN_FORMAT_ARGS(RecPtr),
1136 : (uint32) SizeOfXLogRecord, record->xl_tot_len);
1137 4 : return false;
1138 : }
1139 1228510 : if (!RmgrIdIsValid(record->xl_rmid))
1140 : {
1141 0 : report_invalid_record(state,
1142 : "invalid resource manager ID %u at %X/%X",
1143 0 : record->xl_rmid, LSN_FORMAT_ARGS(RecPtr));
1144 0 : return false;
1145 : }
1146 1228510 : if (randAccess)
1147 : {
1148 : /*
1149 : * We can't exactly verify the prev-link, but surely it should be less
1150 : * than the record's own address.
1151 : */
1152 260 : if (!(record->xl_prev < RecPtr))
1153 : {
1154 0 : report_invalid_record(state,
1155 : "record with incorrect prev-link %X/%X at %X/%X",
1156 0 : LSN_FORMAT_ARGS(record->xl_prev),
1157 0 : LSN_FORMAT_ARGS(RecPtr));
1158 0 : return false;
1159 : }
1160 : }
1161 : else
1162 : {
1163 : /*
1164 : * Record's prev-link should exactly match our previous location. This
1165 : * check guards against torn WAL pages where a stale but valid-looking
1166 : * WAL record starts on a sector boundary.
1167 : */
1168 1228250 : if (record->xl_prev != PrevRecPtr)
1169 : {
1170 0 : report_invalid_record(state,
1171 : "record with incorrect prev-link %X/%X at %X/%X",
1172 0 : LSN_FORMAT_ARGS(record->xl_prev),
1173 0 : LSN_FORMAT_ARGS(RecPtr));
1174 0 : return false;
1175 : }
1176 : }
1177 :
1178 1228510 : return true;
1179 : }
1180 :
1181 :
1182 : /*
1183 : * CRC-check an XLOG record. We do not believe the contents of an XLOG
1184 : * record (other than to the minimal extent of computing the amount of
1185 : * data to read in) until we've checked the CRCs.
1186 : *
1187 : * We assume all of the record (that is, xl_tot_len bytes) has been read
1188 : * into memory at *record. Also, ValidXLogRecordHeader() has accepted the
1189 : * record's header, which means in particular that xl_tot_len is at least
1190 : * SizeOfXLogRecord.
1191 : */
1192 : static bool
1193 1228510 : ValidXLogRecord(XLogReaderState *state, XLogRecord *record, XLogRecPtr recptr)
1194 : {
1195 : pg_crc32c crc;
1196 :
1197 : Assert(record->xl_tot_len >= SizeOfXLogRecord);
1198 :
1199 : /* Calculate the CRC */
1200 1228510 : INIT_CRC32C(crc);
1201 1228510 : COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
1202 : /* include the record header last */
1203 1228510 : COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
1204 1228510 : FIN_CRC32C(crc);
1205 :
1206 1228510 : if (!EQ_CRC32C(record->xl_crc, crc))
1207 : {
1208 0 : report_invalid_record(state,
1209 : "incorrect resource manager data checksum in record at %X/%X",
1210 0 : LSN_FORMAT_ARGS(recptr));
1211 0 : return false;
1212 : }
1213 :
1214 1228510 : return true;
1215 : }
1216 :
1217 : /*
1218 : * Validate a page header.
1219 : *
1220 : * Check if 'phdr' is valid as the header of the XLog page at position
1221 : * 'recptr'.
1222 : */
1223 : bool
1224 36748 : XLogReaderValidatePageHeader(XLogReaderState *state, XLogRecPtr recptr,
1225 : char *phdr)
1226 : {
1227 : XLogSegNo segno;
1228 : int32 offset;
1229 36748 : XLogPageHeader hdr = (XLogPageHeader) phdr;
1230 :
1231 : Assert((recptr % XLOG_BLCKSZ) == 0);
1232 :
1233 36748 : XLByteToSeg(recptr, segno, state->segcxt.ws_segsize);
1234 36748 : offset = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1235 :
1236 36748 : if (hdr->xlp_magic != XLOG_PAGE_MAGIC)
1237 : {
1238 : char fname[MAXFNAMELEN];
1239 :
1240 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1241 :
1242 0 : report_invalid_record(state,
1243 : "invalid magic number %04X in WAL segment %s, LSN %X/%X, offset %u",
1244 0 : hdr->xlp_magic,
1245 : fname,
1246 0 : LSN_FORMAT_ARGS(recptr),
1247 : offset);
1248 0 : return false;
1249 : }
1250 :
1251 36748 : if ((hdr->xlp_info & ~XLP_ALL_FLAGS) != 0)
1252 : {
1253 : char fname[MAXFNAMELEN];
1254 :
1255 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1256 :
1257 0 : report_invalid_record(state,
1258 : "invalid info bits %04X in WAL segment %s, LSN %X/%X, offset %u",
1259 0 : hdr->xlp_info,
1260 : fname,
1261 0 : LSN_FORMAT_ARGS(recptr),
1262 : offset);
1263 0 : return false;
1264 : }
1265 :
1266 36748 : if (hdr->xlp_info & XLP_LONG_HEADER)
1267 : {
1268 134 : XLogLongPageHeader longhdr = (XLogLongPageHeader) hdr;
1269 :
1270 134 : if (state->system_identifier &&
1271 0 : longhdr->xlp_sysid != state->system_identifier)
1272 : {
1273 0 : report_invalid_record(state,
1274 : "WAL file is from different database system: WAL file database system identifier is %llu, pg_control database system identifier is %llu",
1275 0 : (unsigned long long) longhdr->xlp_sysid,
1276 0 : (unsigned long long) state->system_identifier);
1277 0 : return false;
1278 : }
1279 134 : else if (longhdr->xlp_seg_size != state->segcxt.ws_segsize)
1280 : {
1281 0 : report_invalid_record(state,
1282 : "WAL file is from different database system: incorrect segment size in page header");
1283 0 : return false;
1284 : }
1285 134 : else if (longhdr->xlp_xlog_blcksz != XLOG_BLCKSZ)
1286 : {
1287 0 : report_invalid_record(state,
1288 : "WAL file is from different database system: incorrect XLOG_BLCKSZ in page header");
1289 0 : return false;
1290 : }
1291 : }
1292 36614 : else if (offset == 0)
1293 : {
1294 : char fname[MAXFNAMELEN];
1295 :
1296 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1297 :
1298 : /* hmm, first page of file doesn't have a long header? */
1299 0 : report_invalid_record(state,
1300 : "invalid info bits %04X in WAL segment %s, LSN %X/%X, offset %u",
1301 0 : hdr->xlp_info,
1302 : fname,
1303 0 : LSN_FORMAT_ARGS(recptr),
1304 : offset);
1305 0 : return false;
1306 : }
1307 :
1308 : /*
1309 : * Check that the address on the page agrees with what we expected. This
1310 : * check typically fails when an old WAL segment is recycled, and hasn't
1311 : * yet been overwritten with new data yet.
1312 : */
1313 36748 : if (hdr->xlp_pageaddr != recptr)
1314 : {
1315 : char fname[MAXFNAMELEN];
1316 :
1317 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1318 :
1319 0 : report_invalid_record(state,
1320 : "unexpected pageaddr %X/%X in WAL segment %s, LSN %X/%X, offset %u",
1321 0 : LSN_FORMAT_ARGS(hdr->xlp_pageaddr),
1322 : fname,
1323 0 : LSN_FORMAT_ARGS(recptr),
1324 : offset);
1325 0 : return false;
1326 : }
1327 :
1328 : /*
1329 : * Since child timelines are always assigned a TLI greater than their
1330 : * immediate parent's TLI, we should never see TLI go backwards across
1331 : * successive pages of a consistent WAL sequence.
1332 : *
1333 : * Sometimes we re-read a segment that's already been (partially) read. So
1334 : * we only verify TLIs for pages that are later than the last remembered
1335 : * LSN.
1336 : */
1337 36748 : if (recptr > state->latestPagePtr)
1338 : {
1339 36748 : if (hdr->xlp_tli < state->latestPageTLI)
1340 : {
1341 : char fname[MAXFNAMELEN];
1342 :
1343 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1344 :
1345 0 : report_invalid_record(state,
1346 : "out-of-sequence timeline ID %u (after %u) in WAL segment %s, LSN %X/%X, offset %u",
1347 : hdr->xlp_tli,
1348 : state->latestPageTLI,
1349 : fname,
1350 0 : LSN_FORMAT_ARGS(recptr),
1351 : offset);
1352 0 : return false;
1353 : }
1354 : }
1355 36748 : state->latestPagePtr = recptr;
1356 36748 : state->latestPageTLI = hdr->xlp_tli;
1357 :
1358 36748 : return true;
1359 : }
1360 :
1361 : /*
1362 : * Forget about an error produced by XLogReaderValidatePageHeader().
1363 : */
1364 : void
1365 0 : XLogReaderResetError(XLogReaderState *state)
1366 : {
1367 0 : state->errormsg_buf[0] = '\0';
1368 0 : state->errormsg_deferred = false;
1369 0 : }
1370 :
1371 : /*
1372 : * Find the first record with an lsn >= RecPtr.
1373 : *
1374 : * This is different from XLogBeginRead() in that RecPtr doesn't need to point
1375 : * to a valid record boundary. Useful for checking whether RecPtr is a valid
1376 : * xlog address for reading, and to find the first valid address after some
1377 : * address when dumping records for debugging purposes.
1378 : *
1379 : * This positions the reader, like XLogBeginRead(), so that the next call to
1380 : * XLogReadRecord() will read the next valid record.
1381 : */
1382 : XLogRecPtr
1383 130 : XLogFindNextRecord(XLogReaderState *state, XLogRecPtr RecPtr)
1384 : {
1385 : XLogRecPtr tmpRecPtr;
1386 130 : XLogRecPtr found = InvalidXLogRecPtr;
1387 : XLogPageHeader header;
1388 : char *errormsg;
1389 :
1390 : Assert(!XLogRecPtrIsInvalid(RecPtr));
1391 :
1392 : /* Make sure ReadPageInternal() can't return XLREAD_WOULDBLOCK. */
1393 130 : state->nonblocking = false;
1394 :
1395 : /*
1396 : * skip over potential continuation data, keeping in mind that it may span
1397 : * multiple pages
1398 : */
1399 130 : tmpRecPtr = RecPtr;
1400 : while (true)
1401 0 : {
1402 : XLogRecPtr targetPagePtr;
1403 : int targetRecOff;
1404 : uint32 pageHeaderSize;
1405 : int readLen;
1406 :
1407 : /*
1408 : * Compute targetRecOff. It should typically be equal or greater than
1409 : * short page-header since a valid record can't start anywhere before
1410 : * that, except when caller has explicitly specified the offset that
1411 : * falls somewhere there or when we are skipping multi-page
1412 : * continuation record. It doesn't matter though because
1413 : * ReadPageInternal() is prepared to handle that and will read at
1414 : * least short page-header worth of data
1415 : */
1416 130 : targetRecOff = tmpRecPtr % XLOG_BLCKSZ;
1417 :
1418 : /* scroll back to page boundary */
1419 130 : targetPagePtr = tmpRecPtr - targetRecOff;
1420 :
1421 : /* Read the page containing the record */
1422 130 : readLen = ReadPageInternal(state, targetPagePtr, targetRecOff);
1423 130 : if (readLen < 0)
1424 0 : goto err;
1425 :
1426 130 : header = (XLogPageHeader) state->readBuf;
1427 :
1428 130 : pageHeaderSize = XLogPageHeaderSize(header);
1429 :
1430 : /* make sure we have enough data for the page header */
1431 130 : readLen = ReadPageInternal(state, targetPagePtr, pageHeaderSize);
1432 130 : if (readLen < 0)
1433 0 : goto err;
1434 :
1435 : /* skip over potential continuation data */
1436 130 : if (header->xlp_info & XLP_FIRST_IS_CONTRECORD)
1437 : {
1438 : /*
1439 : * If the length of the remaining continuation data is more than
1440 : * what can fit in this page, the continuation record crosses over
1441 : * this page. Read the next page and try again. xlp_rem_len in the
1442 : * next page header will contain the remaining length of the
1443 : * continuation data
1444 : *
1445 : * Note that record headers are MAXALIGN'ed
1446 : */
1447 26 : if (MAXALIGN(header->xlp_rem_len) >= (XLOG_BLCKSZ - pageHeaderSize))
1448 0 : tmpRecPtr = targetPagePtr + XLOG_BLCKSZ;
1449 : else
1450 : {
1451 : /*
1452 : * The previous continuation record ends in this page. Set
1453 : * tmpRecPtr to point to the first valid record
1454 : */
1455 26 : tmpRecPtr = targetPagePtr + pageHeaderSize
1456 26 : + MAXALIGN(header->xlp_rem_len);
1457 26 : break;
1458 : }
1459 : }
1460 : else
1461 : {
1462 104 : tmpRecPtr = targetPagePtr + pageHeaderSize;
1463 104 : break;
1464 : }
1465 : }
1466 :
1467 : /*
1468 : * we know now that tmpRecPtr is an address pointing to a valid XLogRecord
1469 : * because either we're at the first record after the beginning of a page
1470 : * or we just jumped over the remaining data of a continuation.
1471 : */
1472 130 : XLogBeginRead(state, tmpRecPtr);
1473 600 : while (XLogReadRecord(state, &errormsg) != NULL)
1474 : {
1475 : /* past the record we've found, break out */
1476 600 : if (RecPtr <= state->ReadRecPtr)
1477 : {
1478 : /* Rewind the reader to the beginning of the last record. */
1479 130 : found = state->ReadRecPtr;
1480 130 : XLogBeginRead(state, found);
1481 130 : return found;
1482 : }
1483 : }
1484 :
1485 0 : err:
1486 0 : XLogReaderInvalReadState(state);
1487 :
1488 0 : return InvalidXLogRecPtr;
1489 : }
1490 :
1491 : /*
1492 : * Helper function to ease writing of XLogReaderRoutine->page_read callbacks.
1493 : * If this function is used, caller must supply a segment_open callback in
1494 : * 'state', as that is used here.
1495 : *
1496 : * Read 'count' bytes into 'buf', starting at location 'startptr', from WAL
1497 : * fetched from timeline 'tli'.
1498 : *
1499 : * Returns true if succeeded, false if an error occurs, in which case
1500 : * 'errinfo' receives error details.
1501 : */
1502 : bool
1503 36748 : WALRead(XLogReaderState *state,
1504 : char *buf, XLogRecPtr startptr, Size count, TimeLineID tli,
1505 : WALReadError *errinfo)
1506 : {
1507 : char *p;
1508 : XLogRecPtr recptr;
1509 : Size nbytes;
1510 :
1511 36748 : p = buf;
1512 36748 : recptr = startptr;
1513 36748 : nbytes = count;
1514 :
1515 73496 : while (nbytes > 0)
1516 : {
1517 : uint32 startoff;
1518 : int segbytes;
1519 : int readbytes;
1520 :
1521 36748 : startoff = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1522 :
1523 : /*
1524 : * If the data we want is not in a segment we have open, close what we
1525 : * have (if anything) and open the next one, using the caller's
1526 : * provided segment_open callback.
1527 : */
1528 36748 : if (state->seg.ws_file < 0 ||
1529 36618 : !XLByteInSeg(recptr, state->seg.ws_segno, state->segcxt.ws_segsize) ||
1530 36614 : tli != state->seg.ws_tli)
1531 : {
1532 : XLogSegNo nextSegNo;
1533 :
1534 134 : if (state->seg.ws_file >= 0)
1535 4 : state->routine.segment_close(state);
1536 :
1537 134 : XLByteToSeg(recptr, nextSegNo, state->segcxt.ws_segsize);
1538 134 : state->routine.segment_open(state, nextSegNo, &tli);
1539 :
1540 : /* This shouldn't happen -- indicates a bug in segment_open */
1541 : Assert(state->seg.ws_file >= 0);
1542 :
1543 : /* Update the current segment info. */
1544 134 : state->seg.ws_tli = tli;
1545 134 : state->seg.ws_segno = nextSegNo;
1546 : }
1547 :
1548 : /* How many bytes are within this segment? */
1549 36748 : if (nbytes > (state->segcxt.ws_segsize - startoff))
1550 0 : segbytes = state->segcxt.ws_segsize - startoff;
1551 : else
1552 36748 : segbytes = nbytes;
1553 :
1554 : #ifndef FRONTEND
1555 : pgstat_report_wait_start(WAIT_EVENT_WAL_READ);
1556 : #endif
1557 :
1558 : /* Reset errno first; eases reporting non-errno-affecting errors */
1559 36748 : errno = 0;
1560 36748 : readbytes = pg_pread(state->seg.ws_file, p, segbytes, (off_t) startoff);
1561 :
1562 : #ifndef FRONTEND
1563 : pgstat_report_wait_end();
1564 : #endif
1565 :
1566 36748 : if (readbytes <= 0)
1567 : {
1568 0 : errinfo->wre_errno = errno;
1569 0 : errinfo->wre_req = segbytes;
1570 0 : errinfo->wre_read = readbytes;
1571 0 : errinfo->wre_off = startoff;
1572 0 : errinfo->wre_seg = state->seg;
1573 0 : return false;
1574 : }
1575 :
1576 : /* Update state for read */
1577 36748 : recptr += readbytes;
1578 36748 : nbytes -= readbytes;
1579 36748 : p += readbytes;
1580 : }
1581 :
1582 36748 : return true;
1583 : }
1584 :
1585 : /* ----------------------------------------
1586 : * Functions for decoding the data and block references in a record.
1587 : * ----------------------------------------
1588 : */
1589 :
1590 : /*
1591 : * Private function to reset the state, forgetting all decoded records, if we
1592 : * are asked to move to a new read position.
1593 : */
1594 : static void
1595 260 : ResetDecoder(XLogReaderState *state)
1596 : {
1597 : DecodedXLogRecord *r;
1598 :
1599 : /* Reset the decoded record queue, freeing any oversized records. */
1600 390 : while ((r = state->decode_queue_head) != NULL)
1601 : {
1602 130 : state->decode_queue_head = r->next;
1603 130 : if (r->oversized)
1604 0 : pfree(r);
1605 : }
1606 260 : state->decode_queue_tail = NULL;
1607 260 : state->decode_queue_head = NULL;
1608 260 : state->record = NULL;
1609 :
1610 : /* Reset the decode buffer to empty. */
1611 260 : state->decode_buffer_tail = state->decode_buffer;
1612 260 : state->decode_buffer_head = state->decode_buffer;
1613 :
1614 : /* Clear error state. */
1615 260 : state->errormsg_buf[0] = '\0';
1616 260 : state->errormsg_deferred = false;
1617 260 : }
1618 :
1619 : /*
1620 : * Compute the maximum possible amount of padding that could be required to
1621 : * decode a record, given xl_tot_len from the record's header. This is the
1622 : * amount of output buffer space that we need to decode a record, though we
1623 : * might not finish up using it all.
1624 : *
1625 : * This computation is pessimistic and assumes the maximum possible number of
1626 : * blocks, due to lack of better information.
1627 : */
1628 : size_t
1629 1228534 : DecodeXLogRecordRequiredSpace(size_t xl_tot_len)
1630 : {
1631 1228534 : size_t size = 0;
1632 :
1633 : /* Account for the fixed size part of the decoded record struct. */
1634 1228534 : size += offsetof(DecodedXLogRecord, blocks[0]);
1635 : /* Account for the flexible blocks array of maximum possible size. */
1636 1228534 : size += sizeof(DecodedBkpBlock) * (XLR_MAX_BLOCK_ID + 1);
1637 : /* Account for all the raw main and block data. */
1638 1228534 : size += xl_tot_len;
1639 : /* We might insert padding before main_data. */
1640 1228534 : size += (MAXIMUM_ALIGNOF - 1);
1641 : /* We might insert padding before each block's data. */
1642 1228534 : size += (MAXIMUM_ALIGNOF - 1) * (XLR_MAX_BLOCK_ID + 1);
1643 : /* We might insert padding at the end. */
1644 1228534 : size += (MAXIMUM_ALIGNOF - 1);
1645 :
1646 1228534 : return size;
1647 : }
1648 :
1649 : /*
1650 : * Decode a record. "decoded" must point to a MAXALIGNed memory area that has
1651 : * space for at least DecodeXLogRecordRequiredSpace(record) bytes. On
1652 : * success, decoded->size contains the actual space occupied by the decoded
1653 : * record, which may turn out to be less.
1654 : *
1655 : * Only decoded->oversized member must be initialized already, and will not be
1656 : * modified. Other members will be initialized as required.
1657 : *
1658 : * On error, a human-readable error message is returned in *errormsg, and
1659 : * the return value is false.
1660 : */
1661 : bool
1662 1228510 : DecodeXLogRecord(XLogReaderState *state,
1663 : DecodedXLogRecord *decoded,
1664 : XLogRecord *record,
1665 : XLogRecPtr lsn,
1666 : char **errormsg)
1667 : {
1668 : /*
1669 : * read next _size bytes from record buffer, but check for overrun first.
1670 : */
1671 : #define COPY_HEADER_FIELD(_dst, _size) \
1672 : do { \
1673 : if (remaining < _size) \
1674 : goto shortdata_err; \
1675 : memcpy(_dst, ptr, _size); \
1676 : ptr += _size; \
1677 : remaining -= _size; \
1678 : } while(0)
1679 :
1680 : char *ptr;
1681 : char *out;
1682 : uint32 remaining;
1683 : uint32 datatotal;
1684 1228510 : RelFileLocator *rlocator = NULL;
1685 : uint8 block_id;
1686 :
1687 1228510 : decoded->header = *record;
1688 1228510 : decoded->lsn = lsn;
1689 1228510 : decoded->next = NULL;
1690 1228510 : decoded->record_origin = InvalidRepOriginId;
1691 1228510 : decoded->toplevel_xid = InvalidTransactionId;
1692 1228510 : decoded->main_data = NULL;
1693 1228510 : decoded->main_data_len = 0;
1694 1228510 : decoded->max_block_id = -1;
1695 1228510 : ptr = (char *) record;
1696 1228510 : ptr += SizeOfXLogRecord;
1697 1228510 : remaining = record->xl_tot_len - SizeOfXLogRecord;
1698 :
1699 : /* Decode the headers */
1700 1228510 : datatotal = 0;
1701 2594894 : while (remaining > datatotal)
1702 : {
1703 2562360 : COPY_HEADER_FIELD(&block_id, sizeof(uint8));
1704 :
1705 2562360 : if (block_id == XLR_BLOCK_ID_DATA_SHORT)
1706 : {
1707 : /* XLogRecordDataHeaderShort */
1708 : uint8 main_data_len;
1709 :
1710 1193986 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint8));
1711 :
1712 1193986 : decoded->main_data_len = main_data_len;
1713 1193986 : datatotal += main_data_len;
1714 1193986 : break; /* by convention, the main data fragment is
1715 : * always last */
1716 : }
1717 1368374 : else if (block_id == XLR_BLOCK_ID_DATA_LONG)
1718 : {
1719 : /* XLogRecordDataHeaderLong */
1720 : uint32 main_data_len;
1721 :
1722 1990 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint32));
1723 1990 : decoded->main_data_len = main_data_len;
1724 1990 : datatotal += main_data_len;
1725 1990 : break; /* by convention, the main data fragment is
1726 : * always last */
1727 : }
1728 1366384 : else if (block_id == XLR_BLOCK_ID_ORIGIN)
1729 : {
1730 0 : COPY_HEADER_FIELD(&decoded->record_origin, sizeof(RepOriginId));
1731 : }
1732 1366384 : else if (block_id == XLR_BLOCK_ID_TOPLEVEL_XID)
1733 : {
1734 0 : COPY_HEADER_FIELD(&decoded->toplevel_xid, sizeof(TransactionId));
1735 : }
1736 1366384 : else if (block_id <= XLR_MAX_BLOCK_ID)
1737 : {
1738 : /* XLogRecordBlockHeader */
1739 : DecodedBkpBlock *blk;
1740 : uint8 fork_flags;
1741 :
1742 : /* mark any intervening block IDs as not in use */
1743 1366754 : for (int i = decoded->max_block_id + 1; i < block_id; ++i)
1744 370 : decoded->blocks[i].in_use = false;
1745 :
1746 1366384 : if (block_id <= decoded->max_block_id)
1747 : {
1748 0 : report_invalid_record(state,
1749 : "out-of-order block_id %u at %X/%X",
1750 : block_id,
1751 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1752 0 : goto err;
1753 : }
1754 1366384 : decoded->max_block_id = block_id;
1755 :
1756 1366384 : blk = &decoded->blocks[block_id];
1757 1366384 : blk->in_use = true;
1758 1366384 : blk->apply_image = false;
1759 :
1760 1366384 : COPY_HEADER_FIELD(&fork_flags, sizeof(uint8));
1761 1366384 : blk->forknum = fork_flags & BKPBLOCK_FORK_MASK;
1762 1366384 : blk->flags = fork_flags;
1763 1366384 : blk->has_image = ((fork_flags & BKPBLOCK_HAS_IMAGE) != 0);
1764 1366384 : blk->has_data = ((fork_flags & BKPBLOCK_HAS_DATA) != 0);
1765 :
1766 1366384 : blk->prefetch_buffer = InvalidBuffer;
1767 :
1768 1366384 : COPY_HEADER_FIELD(&blk->data_len, sizeof(uint16));
1769 : /* cross-check that the HAS_DATA flag is set iff data_length > 0 */
1770 1366384 : if (blk->has_data && blk->data_len == 0)
1771 : {
1772 0 : report_invalid_record(state,
1773 : "BKPBLOCK_HAS_DATA set, but no data included at %X/%X",
1774 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1775 0 : goto err;
1776 : }
1777 1366384 : if (!blk->has_data && blk->data_len != 0)
1778 : {
1779 0 : report_invalid_record(state,
1780 : "BKPBLOCK_HAS_DATA not set, but data length is %u at %X/%X",
1781 0 : (unsigned int) blk->data_len,
1782 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1783 0 : goto err;
1784 : }
1785 1366384 : datatotal += blk->data_len;
1786 :
1787 1366384 : if (blk->has_image)
1788 : {
1789 38828 : COPY_HEADER_FIELD(&blk->bimg_len, sizeof(uint16));
1790 38828 : COPY_HEADER_FIELD(&blk->hole_offset, sizeof(uint16));
1791 38828 : COPY_HEADER_FIELD(&blk->bimg_info, sizeof(uint8));
1792 :
1793 38828 : blk->apply_image = ((blk->bimg_info & BKPIMAGE_APPLY) != 0);
1794 :
1795 38828 : if (BKPIMAGE_COMPRESSED(blk->bimg_info))
1796 : {
1797 0 : if (blk->bimg_info & BKPIMAGE_HAS_HOLE)
1798 0 : COPY_HEADER_FIELD(&blk->hole_length, sizeof(uint16));
1799 : else
1800 0 : blk->hole_length = 0;
1801 : }
1802 : else
1803 38828 : blk->hole_length = BLCKSZ - blk->bimg_len;
1804 38828 : datatotal += blk->bimg_len;
1805 :
1806 : /*
1807 : * cross-check that hole_offset > 0, hole_length > 0 and
1808 : * bimg_len < BLCKSZ if the HAS_HOLE flag is set.
1809 : */
1810 38828 : if ((blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1811 35198 : (blk->hole_offset == 0 ||
1812 35198 : blk->hole_length == 0 ||
1813 35198 : blk->bimg_len == BLCKSZ))
1814 : {
1815 0 : report_invalid_record(state,
1816 : "BKPIMAGE_HAS_HOLE set, but hole offset %u length %u block image length %u at %X/%X",
1817 0 : (unsigned int) blk->hole_offset,
1818 0 : (unsigned int) blk->hole_length,
1819 0 : (unsigned int) blk->bimg_len,
1820 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1821 0 : goto err;
1822 : }
1823 :
1824 : /*
1825 : * cross-check that hole_offset == 0 and hole_length == 0 if
1826 : * the HAS_HOLE flag is not set.
1827 : */
1828 38828 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1829 3630 : (blk->hole_offset != 0 || blk->hole_length != 0))
1830 : {
1831 0 : report_invalid_record(state,
1832 : "BKPIMAGE_HAS_HOLE not set, but hole offset %u length %u at %X/%X",
1833 0 : (unsigned int) blk->hole_offset,
1834 0 : (unsigned int) blk->hole_length,
1835 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1836 0 : goto err;
1837 : }
1838 :
1839 : /*
1840 : * Cross-check that bimg_len < BLCKSZ if it is compressed.
1841 : */
1842 38828 : if (BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1843 0 : blk->bimg_len == BLCKSZ)
1844 : {
1845 0 : report_invalid_record(state,
1846 : "BKPIMAGE_COMPRESSED set, but block image length %u at %X/%X",
1847 0 : (unsigned int) blk->bimg_len,
1848 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1849 0 : goto err;
1850 : }
1851 :
1852 : /*
1853 : * cross-check that bimg_len = BLCKSZ if neither HAS_HOLE is
1854 : * set nor COMPRESSED().
1855 : */
1856 38828 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1857 3630 : !BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1858 3630 : blk->bimg_len != BLCKSZ)
1859 : {
1860 0 : report_invalid_record(state,
1861 : "neither BKPIMAGE_HAS_HOLE nor BKPIMAGE_COMPRESSED set, but block image length is %u at %X/%X",
1862 0 : (unsigned int) blk->data_len,
1863 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1864 0 : goto err;
1865 : }
1866 : }
1867 1366384 : if (!(fork_flags & BKPBLOCK_SAME_REL))
1868 : {
1869 1189248 : COPY_HEADER_FIELD(&blk->rlocator, sizeof(RelFileLocator));
1870 1189248 : rlocator = &blk->rlocator;
1871 : }
1872 : else
1873 : {
1874 177136 : if (rlocator == NULL)
1875 : {
1876 0 : report_invalid_record(state,
1877 : "BKPBLOCK_SAME_REL set but no previous rel at %X/%X",
1878 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1879 0 : goto err;
1880 : }
1881 :
1882 177136 : blk->rlocator = *rlocator;
1883 : }
1884 1366384 : COPY_HEADER_FIELD(&blk->blkno, sizeof(BlockNumber));
1885 : }
1886 : else
1887 : {
1888 0 : report_invalid_record(state,
1889 : "invalid block_id %u at %X/%X",
1890 0 : block_id, LSN_FORMAT_ARGS(state->ReadRecPtr));
1891 0 : goto err;
1892 : }
1893 : }
1894 :
1895 1228510 : if (remaining != datatotal)
1896 0 : goto shortdata_err;
1897 :
1898 : /*
1899 : * Ok, we've parsed the fragment headers, and verified that the total
1900 : * length of the payload in the fragments is equal to the amount of data
1901 : * left. Copy the data of each fragment to contiguous space after the
1902 : * blocks array, inserting alignment padding before the data fragments so
1903 : * they can be cast to struct pointers by REDO routines.
1904 : */
1905 1228510 : out = ((char *) decoded) +
1906 1228510 : offsetof(DecodedXLogRecord, blocks) +
1907 1228510 : sizeof(decoded->blocks[0]) * (decoded->max_block_id + 1);
1908 :
1909 : /* block data first */
1910 2595264 : for (block_id = 0; block_id <= decoded->max_block_id; block_id++)
1911 : {
1912 1366754 : DecodedBkpBlock *blk = &decoded->blocks[block_id];
1913 :
1914 1366754 : if (!blk->in_use)
1915 370 : continue;
1916 :
1917 : Assert(blk->has_image || !blk->apply_image);
1918 :
1919 1366384 : if (blk->has_image)
1920 : {
1921 : /* no need to align image */
1922 38828 : blk->bkp_image = out;
1923 38828 : memcpy(out, ptr, blk->bimg_len);
1924 38828 : ptr += blk->bimg_len;
1925 38828 : out += blk->bimg_len;
1926 : }
1927 1366384 : if (blk->has_data)
1928 : {
1929 994266 : out = (char *) MAXALIGN(out);
1930 994266 : blk->data = out;
1931 994266 : memcpy(blk->data, ptr, blk->data_len);
1932 994266 : ptr += blk->data_len;
1933 994266 : out += blk->data_len;
1934 : }
1935 : }
1936 :
1937 : /* and finally, the main data */
1938 1228510 : if (decoded->main_data_len > 0)
1939 : {
1940 1195976 : out = (char *) MAXALIGN(out);
1941 1195976 : decoded->main_data = out;
1942 1195976 : memcpy(decoded->main_data, ptr, decoded->main_data_len);
1943 1195976 : ptr += decoded->main_data_len;
1944 1195976 : out += decoded->main_data_len;
1945 : }
1946 :
1947 : /* Report the actual size we used. */
1948 1228510 : decoded->size = MAXALIGN(out - (char *) decoded);
1949 : Assert(DecodeXLogRecordRequiredSpace(record->xl_tot_len) >=
1950 : decoded->size);
1951 :
1952 1228510 : return true;
1953 :
1954 0 : shortdata_err:
1955 0 : report_invalid_record(state,
1956 : "record with invalid length at %X/%X",
1957 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1958 0 : err:
1959 0 : *errormsg = state->errormsg_buf;
1960 :
1961 0 : return false;
1962 : }
1963 :
1964 : /*
1965 : * Returns information about the block that a block reference refers to.
1966 : *
1967 : * This is like XLogRecGetBlockTagExtended, except that the block reference
1968 : * must exist and there's no access to prefetch_buffer.
1969 : */
1970 : void
1971 0 : XLogRecGetBlockTag(XLogReaderState *record, uint8 block_id,
1972 : RelFileLocator *rlocator, ForkNumber *forknum,
1973 : BlockNumber *blknum)
1974 : {
1975 0 : if (!XLogRecGetBlockTagExtended(record, block_id, rlocator, forknum,
1976 : blknum, NULL))
1977 : {
1978 : #ifndef FRONTEND
1979 : elog(ERROR, "could not locate backup block with ID %d in WAL record",
1980 : block_id);
1981 : #else
1982 0 : pg_fatal("could not locate backup block with ID %d in WAL record",
1983 : block_id);
1984 : #endif
1985 : }
1986 0 : }
1987 :
1988 : /*
1989 : * Returns information about the block that a block reference refers to,
1990 : * optionally including the buffer that the block may already be in.
1991 : *
1992 : * If the WAL record contains a block reference with the given ID, *rlocator,
1993 : * *forknum, *blknum and *prefetch_buffer are filled in (if not NULL), and
1994 : * returns true. Otherwise returns false.
1995 : */
1996 : bool
1997 852984 : XLogRecGetBlockTagExtended(XLogReaderState *record, uint8 block_id,
1998 : RelFileLocator *rlocator, ForkNumber *forknum,
1999 : BlockNumber *blknum,
2000 : Buffer *prefetch_buffer)
2001 : {
2002 : DecodedBkpBlock *bkpb;
2003 :
2004 852984 : if (!XLogRecHasBlockRef(record, block_id))
2005 258 : return false;
2006 :
2007 852726 : bkpb = &record->record->blocks[block_id];
2008 852726 : if (rlocator)
2009 852726 : *rlocator = bkpb->rlocator;
2010 852726 : if (forknum)
2011 852726 : *forknum = bkpb->forknum;
2012 852726 : if (blknum)
2013 852726 : *blknum = bkpb->blkno;
2014 852726 : if (prefetch_buffer)
2015 0 : *prefetch_buffer = bkpb->prefetch_buffer;
2016 852726 : return true;
2017 : }
2018 :
2019 : /*
2020 : * Returns the data associated with a block reference, or NULL if there is
2021 : * no data (e.g. because a full-page image was taken instead). The returned
2022 : * pointer points to a MAXALIGNed buffer.
2023 : */
2024 : char *
2025 3364 : XLogRecGetBlockData(XLogReaderState *record, uint8 block_id, Size *len)
2026 : {
2027 : DecodedBkpBlock *bkpb;
2028 :
2029 3364 : if (block_id > record->record->max_block_id ||
2030 3364 : !record->record->blocks[block_id].in_use)
2031 0 : return NULL;
2032 :
2033 3364 : bkpb = &record->record->blocks[block_id];
2034 :
2035 3364 : if (!bkpb->has_data)
2036 : {
2037 0 : if (len)
2038 0 : *len = 0;
2039 0 : return NULL;
2040 : }
2041 : else
2042 : {
2043 3364 : if (len)
2044 3020 : *len = bkpb->data_len;
2045 3364 : return bkpb->data;
2046 : }
2047 : }
2048 :
2049 : /*
2050 : * Restore a full-page image from a backup block attached to an XLOG record.
2051 : *
2052 : * Returns true if a full-page image is restored, and false on failure with
2053 : * an error to be consumed by the caller.
2054 : */
2055 : bool
2056 2 : RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
2057 : {
2058 : DecodedBkpBlock *bkpb;
2059 : char *ptr;
2060 : PGAlignedBlock tmp;
2061 :
2062 2 : if (block_id > record->record->max_block_id ||
2063 2 : !record->record->blocks[block_id].in_use)
2064 : {
2065 0 : report_invalid_record(record,
2066 : "could not restore image at %X/%X with invalid block %d specified",
2067 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2068 : block_id);
2069 0 : return false;
2070 : }
2071 2 : if (!record->record->blocks[block_id].has_image)
2072 : {
2073 0 : report_invalid_record(record, "could not restore image at %X/%X with invalid state, block %d",
2074 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2075 : block_id);
2076 0 : return false;
2077 : }
2078 :
2079 2 : bkpb = &record->record->blocks[block_id];
2080 2 : ptr = bkpb->bkp_image;
2081 :
2082 2 : if (BKPIMAGE_COMPRESSED(bkpb->bimg_info))
2083 : {
2084 : /* If a backup block image is compressed, decompress it */
2085 0 : bool decomp_success = true;
2086 :
2087 0 : if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_PGLZ) != 0)
2088 : {
2089 0 : if (pglz_decompress(ptr, bkpb->bimg_len, tmp.data,
2090 0 : BLCKSZ - bkpb->hole_length, true) < 0)
2091 0 : decomp_success = false;
2092 : }
2093 0 : else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_LZ4) != 0)
2094 : {
2095 : #ifdef USE_LZ4
2096 0 : if (LZ4_decompress_safe(ptr, tmp.data,
2097 0 : bkpb->bimg_len, BLCKSZ - bkpb->hole_length) <= 0)
2098 0 : decomp_success = false;
2099 : #else
2100 : report_invalid_record(record, "could not restore image at %X/%X compressed with %s not supported by build, block %d",
2101 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2102 : "LZ4",
2103 : block_id);
2104 : return false;
2105 : #endif
2106 : }
2107 0 : else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_ZSTD) != 0)
2108 : {
2109 : #ifdef USE_ZSTD
2110 : size_t decomp_result = ZSTD_decompress(tmp.data,
2111 : BLCKSZ - bkpb->hole_length,
2112 : ptr, bkpb->bimg_len);
2113 :
2114 : if (ZSTD_isError(decomp_result))
2115 : decomp_success = false;
2116 : #else
2117 0 : report_invalid_record(record, "could not restore image at %X/%X compressed with %s not supported by build, block %d",
2118 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2119 : "zstd",
2120 : block_id);
2121 0 : return false;
2122 : #endif
2123 : }
2124 : else
2125 : {
2126 0 : report_invalid_record(record, "could not restore image at %X/%X compressed with unknown method, block %d",
2127 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2128 : block_id);
2129 0 : return false;
2130 : }
2131 :
2132 0 : if (!decomp_success)
2133 : {
2134 0 : report_invalid_record(record, "could not decompress image at %X/%X, block %d",
2135 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2136 : block_id);
2137 0 : return false;
2138 : }
2139 :
2140 0 : ptr = tmp.data;
2141 : }
2142 :
2143 : /* generate page, taking into account hole if necessary */
2144 2 : if (bkpb->hole_length == 0)
2145 : {
2146 0 : memcpy(page, ptr, BLCKSZ);
2147 : }
2148 : else
2149 : {
2150 2 : memcpy(page, ptr, bkpb->hole_offset);
2151 : /* must zero-fill the hole */
2152 2 : MemSet(page + bkpb->hole_offset, 0, bkpb->hole_length);
2153 2 : memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
2154 2 : ptr + bkpb->hole_offset,
2155 2 : BLCKSZ - (bkpb->hole_offset + bkpb->hole_length));
2156 : }
2157 :
2158 2 : return true;
2159 : }
2160 :
2161 : #ifndef FRONTEND
2162 :
2163 : /*
2164 : * Extract the FullTransactionId from a WAL record.
2165 : */
2166 : FullTransactionId
2167 : XLogRecGetFullXid(XLogReaderState *record)
2168 : {
2169 : TransactionId xid,
2170 : next_xid;
2171 : uint32 epoch;
2172 :
2173 : /*
2174 : * This function is only safe during replay, because it depends on the
2175 : * replay state. See AdvanceNextFullTransactionIdPastXid() for more.
2176 : */
2177 : Assert(AmStartupProcess() || !IsUnderPostmaster);
2178 :
2179 : xid = XLogRecGetXid(record);
2180 : next_xid = XidFromFullTransactionId(TransamVariables->nextXid);
2181 : epoch = EpochFromFullTransactionId(TransamVariables->nextXid);
2182 :
2183 : /*
2184 : * If xid is numerically greater than next_xid, it has to be from the last
2185 : * epoch.
2186 : */
2187 : if (unlikely(xid > next_xid))
2188 : --epoch;
2189 :
2190 : return FullTransactionIdFromEpochAndXid(epoch, xid);
2191 : }
2192 :
2193 : #endif
|