Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * xlogreader.c
4 : * Generic XLog reading facility
5 : *
6 : * Portions Copyright (c) 2013-2023, PostgreSQL Global Development Group
7 : *
8 : * IDENTIFICATION
9 : * src/backend/access/transam/xlogreader.c
10 : *
11 : * NOTES
12 : * See xlogreader.h for more notes on this facility.
13 : *
14 : * This file is compiled as both front-end and backend code, so it
15 : * may not use ereport, server-defined static variables, etc.
16 : *-------------------------------------------------------------------------
17 : */
18 : #include "postgres.h"
19 :
20 : #include <unistd.h>
21 : #ifdef USE_LZ4
22 : #include <lz4.h>
23 : #endif
24 : #ifdef USE_ZSTD
25 : #include <zstd.h>
26 : #endif
27 :
28 : #include "access/transam.h"
29 : #include "access/xlog_internal.h"
30 : #include "access/xlogreader.h"
31 : #include "access/xlogrecord.h"
32 : #include "catalog/pg_control.h"
33 : #include "common/pg_lzcompress.h"
34 : #include "replication/origin.h"
35 :
36 : #ifndef FRONTEND
37 : #include "miscadmin.h"
38 : #include "pgstat.h"
39 : #include "utils/memutils.h"
40 : #else
41 : #include "common/logging.h"
42 : #endif
43 :
44 : static void report_invalid_record(XLogReaderState *state, const char *fmt,...)
45 : pg_attribute_printf(2, 3);
46 : static void allocate_recordbuf(XLogReaderState *state, uint32 reclength);
47 : static int ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr,
48 : int reqLen);
49 : static void XLogReaderInvalReadState(XLogReaderState *state);
50 : static XLogPageReadResult XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking);
51 : static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
52 : XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess);
53 : static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record,
54 : XLogRecPtr recptr);
55 : static void ResetDecoder(XLogReaderState *state);
56 : static void WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
57 : int segsize, const char *waldir);
58 :
59 : /* size of the buffer allocated for error message. */
60 : #define MAX_ERRORMSG_LEN 1000
61 :
62 : /*
63 : * Default size; large enough that typical users of XLogReader won't often need
64 : * to use the 'oversized' memory allocation code path.
65 : */
66 : #define DEFAULT_DECODE_BUFFER_SIZE (64 * 1024)
67 :
68 : /*
69 : * Construct a string in state->errormsg_buf explaining what's wrong with
70 : * the current record being read.
71 : */
72 : static void
73 4 : report_invalid_record(XLogReaderState *state, const char *fmt,...)
74 : {
75 : va_list args;
76 :
77 4 : fmt = _(fmt);
78 :
79 4 : va_start(args, fmt);
80 4 : vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
81 4 : va_end(args);
82 :
83 4 : state->errormsg_deferred = true;
84 4 : }
85 :
86 : /*
87 : * Set the size of the decoding buffer. A pointer to a caller supplied memory
88 : * region may also be passed in, in which case non-oversized records will be
89 : * decoded there.
90 : */
91 : void
92 0 : XLogReaderSetDecodeBuffer(XLogReaderState *state, void *buffer, size_t size)
93 : {
94 : Assert(state->decode_buffer == NULL);
95 :
96 0 : state->decode_buffer = buffer;
97 0 : state->decode_buffer_size = size;
98 0 : state->decode_buffer_tail = buffer;
99 0 : state->decode_buffer_head = buffer;
100 0 : }
101 :
102 : /*
103 : * Allocate and initialize a new XLogReader.
104 : *
105 : * Returns NULL if the xlogreader couldn't be allocated.
106 : */
107 : XLogReaderState *
108 114 : XLogReaderAllocate(int wal_segment_size, const char *waldir,
109 : XLogReaderRoutine *routine, void *private_data)
110 : {
111 : XLogReaderState *state;
112 :
113 : state = (XLogReaderState *)
114 114 : palloc_extended(sizeof(XLogReaderState),
115 : MCXT_ALLOC_NO_OOM | MCXT_ALLOC_ZERO);
116 114 : if (!state)
117 0 : return NULL;
118 :
119 : /* initialize caller-provided support functions */
120 114 : state->routine = *routine;
121 :
122 : /*
123 : * Permanently allocate readBuf. We do it this way, rather than just
124 : * making a static array, for two reasons: (1) no need to waste the
125 : * storage in most instantiations of the backend; (2) a static char array
126 : * isn't guaranteed to have any particular alignment, whereas
127 : * palloc_extended() will provide MAXALIGN'd storage.
128 : */
129 114 : state->readBuf = (char *) palloc_extended(XLOG_BLCKSZ,
130 : MCXT_ALLOC_NO_OOM);
131 114 : if (!state->readBuf)
132 : {
133 0 : pfree(state);
134 0 : return NULL;
135 : }
136 :
137 : /* Initialize segment info. */
138 114 : WALOpenSegmentInit(&state->seg, &state->segcxt, wal_segment_size,
139 : waldir);
140 :
141 : /* system_identifier initialized to zeroes above */
142 114 : state->private_data = private_data;
143 : /* ReadRecPtr, EndRecPtr and readLen initialized to zeroes above */
144 114 : state->errormsg_buf = palloc_extended(MAX_ERRORMSG_LEN + 1,
145 : MCXT_ALLOC_NO_OOM);
146 114 : if (!state->errormsg_buf)
147 : {
148 0 : pfree(state->readBuf);
149 0 : pfree(state);
150 0 : return NULL;
151 : }
152 114 : state->errormsg_buf[0] = '\0';
153 :
154 : /*
155 : * Allocate an initial readRecordBuf of minimal size, which can later be
156 : * enlarged if necessary.
157 : */
158 114 : allocate_recordbuf(state, 0);
159 114 : return state;
160 : }
161 :
162 : void
163 110 : XLogReaderFree(XLogReaderState *state)
164 : {
165 110 : if (state->seg.ws_file != -1)
166 110 : state->routine.segment_close(state);
167 :
168 110 : if (state->decode_buffer && state->free_decode_buffer)
169 110 : pfree(state->decode_buffer);
170 :
171 110 : pfree(state->errormsg_buf);
172 110 : if (state->readRecordBuf)
173 110 : pfree(state->readRecordBuf);
174 110 : pfree(state->readBuf);
175 110 : pfree(state);
176 110 : }
177 :
178 : /*
179 : * Allocate readRecordBuf to fit a record of at least the given length.
180 : *
181 : * readRecordBufSize is set to the new buffer size.
182 : *
183 : * To avoid useless small increases, round its size to a multiple of
184 : * XLOG_BLCKSZ, and make sure it's at least 5*Max(BLCKSZ, XLOG_BLCKSZ) to start
185 : * with. (That is enough for all "normal" records, but very large commit or
186 : * abort records might need more space.)
187 : *
188 : * Note: This routine should *never* be called for xl_tot_len until the header
189 : * of the record has been fully validated.
190 : */
191 : static void
192 114 : allocate_recordbuf(XLogReaderState *state, uint32 reclength)
193 : {
194 114 : uint32 newSize = reclength;
195 :
196 114 : newSize += XLOG_BLCKSZ - (newSize % XLOG_BLCKSZ);
197 114 : newSize = Max(newSize, 5 * Max(BLCKSZ, XLOG_BLCKSZ));
198 :
199 114 : if (state->readRecordBuf)
200 0 : pfree(state->readRecordBuf);
201 114 : state->readRecordBuf = (char *) palloc(newSize);
202 114 : state->readRecordBufSize = newSize;
203 114 : }
204 :
205 : /*
206 : * Initialize the passed segment structs.
207 : */
208 : static void
209 114 : WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
210 : int segsize, const char *waldir)
211 : {
212 114 : seg->ws_file = -1;
213 114 : seg->ws_segno = 0;
214 114 : seg->ws_tli = 0;
215 :
216 114 : segcxt->ws_segsize = segsize;
217 114 : if (waldir)
218 114 : snprintf(segcxt->ws_dir, MAXPGPATH, "%s", waldir);
219 114 : }
220 :
221 : /*
222 : * Begin reading WAL at 'RecPtr'.
223 : *
224 : * 'RecPtr' should point to the beginning of a valid WAL record. Pointing at
225 : * the beginning of a page is also OK, if there is a new record right after
226 : * the page header, i.e. not a continuation.
227 : *
228 : * This does not make any attempt to read the WAL yet, and hence cannot fail.
229 : * If the starting address is not correct, the first call to XLogReadRecord()
230 : * will error out.
231 : */
232 : void
233 228 : XLogBeginRead(XLogReaderState *state, XLogRecPtr RecPtr)
234 : {
235 : Assert(!XLogRecPtrIsInvalid(RecPtr));
236 :
237 228 : ResetDecoder(state);
238 :
239 : /* Begin at the passed-in record pointer. */
240 228 : state->EndRecPtr = RecPtr;
241 228 : state->NextRecPtr = RecPtr;
242 228 : state->ReadRecPtr = InvalidXLogRecPtr;
243 228 : state->DecodeRecPtr = InvalidXLogRecPtr;
244 228 : }
245 :
246 : /*
247 : * Release the last record that was returned by XLogNextRecord(), if any, to
248 : * free up space. Returns the LSN past the end of the record.
249 : */
250 : XLogRecPtr
251 2453008 : XLogReleasePreviousRecord(XLogReaderState *state)
252 : {
253 : DecodedXLogRecord *record;
254 : XLogRecPtr next_lsn;
255 :
256 2453008 : if (!state->record)
257 1226732 : return InvalidXLogRecPtr;
258 :
259 : /*
260 : * Remove it from the decoded record queue. It must be the oldest item
261 : * decoded, decode_queue_head.
262 : */
263 1226276 : record = state->record;
264 1226276 : next_lsn = record->next_lsn;
265 : Assert(record == state->decode_queue_head);
266 1226276 : state->record = NULL;
267 1226276 : state->decode_queue_head = record->next;
268 :
269 : /* It might also be the newest item decoded, decode_queue_tail. */
270 1226276 : if (state->decode_queue_tail == record)
271 1226276 : state->decode_queue_tail = NULL;
272 :
273 : /* Release the space. */
274 1226276 : if (unlikely(record->oversized))
275 : {
276 : /* It's not in the decode buffer, so free it to release space. */
277 0 : pfree(record);
278 : }
279 : else
280 : {
281 : /* It must be the head (oldest) record in the decode buffer. */
282 : Assert(state->decode_buffer_head == (char *) record);
283 :
284 : /*
285 : * We need to update head to point to the next record that is in the
286 : * decode buffer, if any, being careful to skip oversized ones
287 : * (they're not in the decode buffer).
288 : */
289 1226276 : record = record->next;
290 1226276 : while (unlikely(record && record->oversized))
291 0 : record = record->next;
292 :
293 1226276 : if (record)
294 : {
295 : /* Adjust head to release space up to the next record. */
296 0 : state->decode_buffer_head = (char *) record;
297 : }
298 : else
299 : {
300 : /*
301 : * Otherwise we might as well just reset head and tail to the
302 : * start of the buffer space, because we're empty. This means
303 : * we'll keep overwriting the same piece of memory if we're not
304 : * doing any prefetching.
305 : */
306 1226276 : state->decode_buffer_head = state->decode_buffer;
307 1226276 : state->decode_buffer_tail = state->decode_buffer;
308 : }
309 : }
310 :
311 1226276 : return next_lsn;
312 : }
313 :
314 : /*
315 : * Attempt to read an XLOG record.
316 : *
317 : * XLogBeginRead() or XLogFindNextRecord() and then XLogReadAhead() must be
318 : * called before the first call to XLogNextRecord(). This functions returns
319 : * records and errors that were put into an internal queue by XLogReadAhead().
320 : *
321 : * On success, a record is returned.
322 : *
323 : * The returned record (or *errormsg) points to an internal buffer that's
324 : * valid until the next call to XLogNextRecord.
325 : */
326 : DecodedXLogRecord *
327 1226504 : XLogNextRecord(XLogReaderState *state, char **errormsg)
328 : {
329 : /* Release the last record returned by XLogNextRecord(). */
330 1226504 : XLogReleasePreviousRecord(state);
331 :
332 1226504 : if (state->decode_queue_head == NULL)
333 : {
334 112 : *errormsg = NULL;
335 112 : if (state->errormsg_deferred)
336 : {
337 4 : if (state->errormsg_buf[0] != '\0')
338 4 : *errormsg = state->errormsg_buf;
339 4 : state->errormsg_deferred = false;
340 : }
341 :
342 : /*
343 : * state->EndRecPtr is expected to have been set by the last call to
344 : * XLogBeginRead() or XLogNextRecord(), and is the location of the
345 : * error.
346 : */
347 : Assert(!XLogRecPtrIsInvalid(state->EndRecPtr));
348 :
349 112 : return NULL;
350 : }
351 :
352 : /*
353 : * Record this as the most recent record returned, so that we'll release
354 : * it next time. This also exposes it to the traditional
355 : * XLogRecXXX(xlogreader) macros, which work with the decoder rather than
356 : * the record for historical reasons.
357 : */
358 1226392 : state->record = state->decode_queue_head;
359 :
360 : /*
361 : * Update the pointers to the beginning and one-past-the-end of this
362 : * record, again for the benefit of historical code that expected the
363 : * decoder to track this rather than accessing these fields of the record
364 : * itself.
365 : */
366 1226392 : state->ReadRecPtr = state->record->lsn;
367 1226392 : state->EndRecPtr = state->record->next_lsn;
368 :
369 1226392 : *errormsg = NULL;
370 :
371 1226392 : return state->record;
372 : }
373 :
374 : /*
375 : * Attempt to read an XLOG record.
376 : *
377 : * XLogBeginRead() or XLogFindNextRecord() must be called before the first call
378 : * to XLogReadRecord().
379 : *
380 : * If the page_read callback fails to read the requested data, NULL is
381 : * returned. The callback is expected to have reported the error; errormsg
382 : * is set to NULL.
383 : *
384 : * If the reading fails for some other reason, NULL is also returned, and
385 : * *errormsg is set to a string with details of the failure.
386 : *
387 : * The returned pointer (or *errormsg) points to an internal buffer that's
388 : * valid until the next call to XLogReadRecord.
389 : */
390 : XLogRecord *
391 1226504 : XLogReadRecord(XLogReaderState *state, char **errormsg)
392 : {
393 : DecodedXLogRecord *decoded;
394 :
395 : /*
396 : * Release last returned record, if there is one. We need to do this so
397 : * that we can check for empty decode queue accurately.
398 : */
399 1226504 : XLogReleasePreviousRecord(state);
400 :
401 : /*
402 : * Call XLogReadAhead() in blocking mode to make sure there is something
403 : * in the queue, though we don't use the result.
404 : */
405 1226504 : if (!XLogReaderHasQueuedRecordOrError(state))
406 1226504 : XLogReadAhead(state, false /* nonblocking */ );
407 :
408 : /* Consume the head record or error. */
409 1226504 : decoded = XLogNextRecord(state, errormsg);
410 1226504 : if (decoded)
411 : {
412 : /*
413 : * This function returns a pointer to the record's header, not the
414 : * actual decoded record. The caller will access the decoded record
415 : * through the XLogRecGetXXX() macros, which reach the decoded
416 : * recorded as xlogreader->record.
417 : */
418 : Assert(state->record == decoded);
419 1226392 : return &decoded->header;
420 : }
421 :
422 112 : return NULL;
423 : }
424 :
425 : /*
426 : * Allocate space for a decoded record. The only member of the returned
427 : * object that is initialized is the 'oversized' flag, indicating that the
428 : * decoded record wouldn't fit in the decode buffer and must eventually be
429 : * freed explicitly.
430 : *
431 : * The caller is responsible for adjusting decode_buffer_tail with the real
432 : * size after successfully decoding a record into this space. This way, if
433 : * decoding fails, then there is nothing to undo unless the 'oversized' flag
434 : * was set and pfree() must be called.
435 : *
436 : * Return NULL if there is no space in the decode buffer and allow_oversized
437 : * is false, or if memory allocation fails for an oversized buffer.
438 : */
439 : static DecodedXLogRecord *
440 1226392 : XLogReadRecordAlloc(XLogReaderState *state, size_t xl_tot_len, bool allow_oversized)
441 : {
442 1226392 : size_t required_space = DecodeXLogRecordRequiredSpace(xl_tot_len);
443 1226392 : DecodedXLogRecord *decoded = NULL;
444 :
445 : /* Allocate a circular decode buffer if we don't have one already. */
446 1226392 : if (unlikely(state->decode_buffer == NULL))
447 : {
448 114 : if (state->decode_buffer_size == 0)
449 114 : state->decode_buffer_size = DEFAULT_DECODE_BUFFER_SIZE;
450 114 : state->decode_buffer = palloc(state->decode_buffer_size);
451 114 : state->decode_buffer_head = state->decode_buffer;
452 114 : state->decode_buffer_tail = state->decode_buffer;
453 114 : state->free_decode_buffer = true;
454 : }
455 :
456 : /* Try to allocate space in the circular decode buffer. */
457 1226392 : if (state->decode_buffer_tail >= state->decode_buffer_head)
458 : {
459 : /* Empty, or tail is to the right of head. */
460 1226392 : if (state->decode_buffer_tail + required_space <=
461 1226392 : state->decode_buffer + state->decode_buffer_size)
462 : {
463 : /* There is space between tail and end. */
464 1226392 : decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
465 1226392 : decoded->oversized = false;
466 1226392 : return decoded;
467 : }
468 0 : else if (state->decode_buffer + required_space <
469 0 : state->decode_buffer_head)
470 : {
471 : /* There is space between start and head. */
472 0 : decoded = (DecodedXLogRecord *) state->decode_buffer;
473 0 : decoded->oversized = false;
474 0 : return decoded;
475 : }
476 : }
477 : else
478 : {
479 : /* Tail is to the left of head. */
480 0 : if (state->decode_buffer_tail + required_space <
481 0 : state->decode_buffer_head)
482 : {
483 : /* There is space between tail and head. */
484 0 : decoded = (DecodedXLogRecord *) state->decode_buffer_tail;
485 0 : decoded->oversized = false;
486 0 : return decoded;
487 : }
488 : }
489 :
490 : /* Not enough space in the decode buffer. Are we allowed to allocate? */
491 0 : if (allow_oversized)
492 : {
493 0 : decoded = palloc(required_space);
494 0 : decoded->oversized = true;
495 0 : return decoded;
496 : }
497 :
498 0 : return NULL;
499 : }
500 :
501 : static XLogPageReadResult
502 1226504 : XLogDecodeNextRecord(XLogReaderState *state, bool nonblocking)
503 : {
504 : XLogRecPtr RecPtr;
505 : XLogRecord *record;
506 : XLogRecPtr targetPagePtr;
507 : bool randAccess;
508 : uint32 len,
509 : total_len;
510 : uint32 targetRecOff;
511 : uint32 pageHeaderSize;
512 : bool assembled;
513 : bool gotheader;
514 : int readOff;
515 : DecodedXLogRecord *decoded;
516 : char *errormsg; /* not used */
517 :
518 : /*
519 : * randAccess indicates whether to verify the previous-record pointer of
520 : * the record we're reading. We only do this if we're reading
521 : * sequentially, which is what we initially assume.
522 : */
523 1226504 : randAccess = false;
524 :
525 : /* reset error state */
526 1226504 : state->errormsg_buf[0] = '\0';
527 1226504 : decoded = NULL;
528 :
529 1226504 : state->abortedRecPtr = InvalidXLogRecPtr;
530 1226504 : state->missingContrecPtr = InvalidXLogRecPtr;
531 :
532 1226504 : RecPtr = state->NextRecPtr;
533 :
534 1226504 : if (state->DecodeRecPtr != InvalidXLogRecPtr)
535 : {
536 : /* read the record after the one we just read */
537 :
538 : /*
539 : * NextRecPtr is pointing to end+1 of the previous WAL record. If
540 : * we're at a page boundary, no more records can fit on the current
541 : * page. We must skip over the page header, but we can't do that until
542 : * we've read in the page, since the header size is variable.
543 : */
544 : }
545 : else
546 : {
547 : /*
548 : * Caller supplied a position to start at.
549 : *
550 : * In this case, NextRecPtr should already be pointing either to a
551 : * valid record starting position or alternatively to the beginning of
552 : * a page. See the header comments for XLogBeginRead.
553 : */
554 : Assert(RecPtr % XLOG_BLCKSZ == 0 || XRecOffIsValid(RecPtr));
555 228 : randAccess = true;
556 : }
557 :
558 1226504 : restart:
559 1226504 : state->nonblocking = nonblocking;
560 1226504 : state->currRecPtr = RecPtr;
561 1226504 : assembled = false;
562 :
563 1226504 : targetPagePtr = RecPtr - (RecPtr % XLOG_BLCKSZ);
564 1226504 : targetRecOff = RecPtr % XLOG_BLCKSZ;
565 :
566 : /*
567 : * Read the page containing the record into state->readBuf. Request enough
568 : * byte to cover the whole record header, or at least the part of it that
569 : * fits on the same page.
570 : */
571 1226504 : readOff = ReadPageInternal(state, targetPagePtr,
572 1226504 : Min(targetRecOff + SizeOfXLogRecord, XLOG_BLCKSZ));
573 1226504 : if (readOff == XLREAD_WOULDBLOCK)
574 0 : return XLREAD_WOULDBLOCK;
575 1226504 : else if (readOff < 0)
576 108 : goto err;
577 :
578 : /*
579 : * ReadPageInternal always returns at least the page header, so we can
580 : * examine it now.
581 : */
582 1226396 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
583 1226396 : if (targetRecOff == 0)
584 : {
585 : /*
586 : * At page start, so skip over page header.
587 : */
588 1154 : RecPtr += pageHeaderSize;
589 1154 : targetRecOff = pageHeaderSize;
590 : }
591 1225242 : else if (targetRecOff < pageHeaderSize)
592 : {
593 0 : report_invalid_record(state, "invalid record offset at %X/%X: expected at least %u, got %u",
594 0 : LSN_FORMAT_ARGS(RecPtr),
595 : pageHeaderSize, targetRecOff);
596 0 : goto err;
597 : }
598 :
599 1226396 : if ((((XLogPageHeader) state->readBuf)->xlp_info & XLP_FIRST_IS_CONTRECORD) &&
600 : targetRecOff == pageHeaderSize)
601 : {
602 0 : report_invalid_record(state, "contrecord is requested by %X/%X",
603 0 : LSN_FORMAT_ARGS(RecPtr));
604 0 : goto err;
605 : }
606 :
607 : /* ReadPageInternal has verified the page header */
608 : Assert(pageHeaderSize <= readOff);
609 :
610 : /*
611 : * Read the record length.
612 : *
613 : * NB: Even though we use an XLogRecord pointer here, the whole record
614 : * header might not fit on this page. xl_tot_len is the first field of the
615 : * struct, so it must be on this page (the records are MAXALIGNed), but we
616 : * cannot access any other fields until we've verified that we got the
617 : * whole header.
618 : */
619 1226396 : record = (XLogRecord *) (state->readBuf + RecPtr % XLOG_BLCKSZ);
620 1226396 : total_len = record->xl_tot_len;
621 :
622 : /*
623 : * If the whole record header is on this page, validate it immediately.
624 : * Otherwise do just a basic sanity check on xl_tot_len, and validate the
625 : * rest of the header after reading it from the next page. The xl_tot_len
626 : * check is necessary here to ensure that we enter the "Need to reassemble
627 : * record" code path below; otherwise we might fail to apply
628 : * ValidXLogRecordHeader at all.
629 : */
630 1226396 : if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
631 : {
632 1224080 : if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr, record,
633 : randAccess))
634 4 : goto err;
635 1224076 : gotheader = true;
636 : }
637 : else
638 : {
639 : /* There may be no next page if it's too small. */
640 2316 : if (total_len < SizeOfXLogRecord)
641 : {
642 0 : report_invalid_record(state,
643 : "invalid record length at %X/%X: expected at least %u, got %u",
644 0 : LSN_FORMAT_ARGS(RecPtr),
645 : (uint32) SizeOfXLogRecord, total_len);
646 0 : goto err;
647 : }
648 : /* We'll validate the header once we have the next page. */
649 2316 : gotheader = false;
650 : }
651 :
652 : /*
653 : * Try to find space to decode this record, if we can do so without
654 : * calling palloc. If we can't, we'll try again below after we've
655 : * validated that total_len isn't garbage bytes from a recycled WAL page.
656 : */
657 1226392 : decoded = XLogReadRecordAlloc(state,
658 : total_len,
659 : false /* allow_oversized */ );
660 1226392 : if (decoded == NULL && nonblocking)
661 : {
662 : /*
663 : * There is no space in the circular decode buffer, and the caller is
664 : * only reading ahead. The caller should consume existing records to
665 : * make space.
666 : */
667 0 : return XLREAD_WOULDBLOCK;
668 : }
669 :
670 1226392 : len = XLOG_BLCKSZ - RecPtr % XLOG_BLCKSZ;
671 1226392 : if (total_len > len)
672 : {
673 : /* Need to reassemble record */
674 : char *contdata;
675 : XLogPageHeader pageHeader;
676 : char *buffer;
677 : uint32 gotlen;
678 :
679 31434 : assembled = true;
680 :
681 : /*
682 : * We always have space for a couple of pages, enough to validate a
683 : * boundary-spanning record header.
684 : */
685 : Assert(state->readRecordBufSize >= XLOG_BLCKSZ * 2);
686 : Assert(state->readRecordBufSize >= len);
687 :
688 : /* Copy the first fragment of the record from the first page. */
689 31434 : memcpy(state->readRecordBuf,
690 31434 : state->readBuf + RecPtr % XLOG_BLCKSZ, len);
691 31434 : buffer = state->readRecordBuf + len;
692 31434 : gotlen = len;
693 :
694 : do
695 : {
696 : /* Calculate pointer to beginning of next page */
697 31564 : targetPagePtr += XLOG_BLCKSZ;
698 :
699 : /* Wait for the next page to become available */
700 31564 : readOff = ReadPageInternal(state, targetPagePtr,
701 31564 : Min(total_len - gotlen + SizeOfXLogShortPHD,
702 : XLOG_BLCKSZ));
703 :
704 31564 : if (readOff == XLREAD_WOULDBLOCK)
705 0 : return XLREAD_WOULDBLOCK;
706 31564 : else if (readOff < 0)
707 0 : goto err;
708 :
709 : Assert(SizeOfXLogShortPHD <= readOff);
710 :
711 31564 : pageHeader = (XLogPageHeader) state->readBuf;
712 :
713 : /*
714 : * If we were expecting a continuation record and got an
715 : * "overwrite contrecord" flag, that means the continuation record
716 : * was overwritten with a different record. Restart the read by
717 : * assuming the address to read is the location where we found
718 : * this flag; but keep track of the LSN of the record we were
719 : * reading, for later verification.
720 : */
721 31564 : if (pageHeader->xlp_info & XLP_FIRST_IS_OVERWRITE_CONTRECORD)
722 : {
723 0 : state->overwrittenRecPtr = RecPtr;
724 0 : RecPtr = targetPagePtr;
725 0 : goto restart;
726 : }
727 :
728 : /* Check that the continuation on next page looks valid */
729 31564 : if (!(pageHeader->xlp_info & XLP_FIRST_IS_CONTRECORD))
730 : {
731 0 : report_invalid_record(state,
732 : "there is no contrecord flag at %X/%X",
733 0 : LSN_FORMAT_ARGS(RecPtr));
734 0 : goto err;
735 : }
736 :
737 : /*
738 : * Cross-check that xlp_rem_len agrees with how much of the record
739 : * we expect there to be left.
740 : */
741 31564 : if (pageHeader->xlp_rem_len == 0 ||
742 31564 : total_len != (pageHeader->xlp_rem_len + gotlen))
743 : {
744 0 : report_invalid_record(state,
745 : "invalid contrecord length %u (expected %lld) at %X/%X",
746 : pageHeader->xlp_rem_len,
747 0 : ((long long) total_len) - gotlen,
748 0 : LSN_FORMAT_ARGS(RecPtr));
749 0 : goto err;
750 : }
751 :
752 : /* Append the continuation from this page to the buffer */
753 31564 : pageHeaderSize = XLogPageHeaderSize(pageHeader);
754 :
755 31564 : if (readOff < pageHeaderSize)
756 0 : readOff = ReadPageInternal(state, targetPagePtr,
757 : pageHeaderSize);
758 :
759 : Assert(pageHeaderSize <= readOff);
760 :
761 31564 : contdata = (char *) state->readBuf + pageHeaderSize;
762 31564 : len = XLOG_BLCKSZ - pageHeaderSize;
763 31564 : if (pageHeader->xlp_rem_len < len)
764 31434 : len = pageHeader->xlp_rem_len;
765 :
766 31564 : if (readOff < pageHeaderSize + len)
767 0 : readOff = ReadPageInternal(state, targetPagePtr,
768 0 : pageHeaderSize + len);
769 :
770 31564 : memcpy(buffer, (char *) contdata, len);
771 31564 : buffer += len;
772 31564 : gotlen += len;
773 :
774 : /* If we just reassembled the record header, validate it. */
775 31564 : if (!gotheader)
776 : {
777 2316 : record = (XLogRecord *) state->readRecordBuf;
778 2316 : if (!ValidXLogRecordHeader(state, RecPtr, state->DecodeRecPtr,
779 : record, randAccess))
780 0 : goto err;
781 2316 : gotheader = true;
782 : }
783 :
784 : /*
785 : * We might need a bigger buffer. We have validated the record
786 : * header, in the case that it split over a page boundary. We've
787 : * also cross-checked total_len against xlp_rem_len on the second
788 : * page, and verified xlp_pageaddr on both.
789 : */
790 31564 : if (total_len > state->readRecordBufSize)
791 : {
792 : char save_copy[XLOG_BLCKSZ * 2];
793 :
794 : /*
795 : * Save and restore the data we already had. It can't be more
796 : * than two pages.
797 : */
798 : Assert(gotlen <= lengthof(save_copy));
799 : Assert(gotlen <= state->readRecordBufSize);
800 0 : memcpy(save_copy, state->readRecordBuf, gotlen);
801 0 : allocate_recordbuf(state, total_len);
802 0 : memcpy(state->readRecordBuf, save_copy, gotlen);
803 0 : buffer = state->readRecordBuf + gotlen;
804 : }
805 31564 : } while (gotlen < total_len);
806 : Assert(gotheader);
807 :
808 31434 : record = (XLogRecord *) state->readRecordBuf;
809 31434 : if (!ValidXLogRecord(state, record, RecPtr))
810 0 : goto err;
811 :
812 31434 : pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
813 31434 : state->DecodeRecPtr = RecPtr;
814 31434 : state->NextRecPtr = targetPagePtr + pageHeaderSize
815 31434 : + MAXALIGN(pageHeader->xlp_rem_len);
816 : }
817 : else
818 : {
819 : /* Wait for the record data to become available */
820 1194958 : readOff = ReadPageInternal(state, targetPagePtr,
821 1194958 : Min(targetRecOff + total_len, XLOG_BLCKSZ));
822 1194958 : if (readOff == XLREAD_WOULDBLOCK)
823 0 : return XLREAD_WOULDBLOCK;
824 1194958 : else if (readOff < 0)
825 0 : goto err;
826 :
827 : /* Record does not cross a page boundary */
828 1194958 : if (!ValidXLogRecord(state, record, RecPtr))
829 0 : goto err;
830 :
831 1194958 : state->NextRecPtr = RecPtr + MAXALIGN(total_len);
832 :
833 1194958 : state->DecodeRecPtr = RecPtr;
834 : }
835 :
836 : /*
837 : * Special processing if it's an XLOG SWITCH record
838 : */
839 1226392 : if (record->xl_rmid == RM_XLOG_ID &&
840 31620 : (record->xl_info & ~XLR_INFO_MASK) == XLOG_SWITCH)
841 : {
842 : /* Pretend it extends to end of segment */
843 14 : state->NextRecPtr += state->segcxt.ws_segsize - 1;
844 14 : state->NextRecPtr -= XLogSegmentOffset(state->NextRecPtr, state->segcxt.ws_segsize);
845 : }
846 :
847 : /*
848 : * If we got here without a DecodedXLogRecord, it means we needed to
849 : * validate total_len before trusting it, but by now we've done that.
850 : */
851 1226392 : if (decoded == NULL)
852 : {
853 : Assert(!nonblocking);
854 0 : decoded = XLogReadRecordAlloc(state,
855 : total_len,
856 : true /* allow_oversized */ );
857 : /* allocation should always happen under allow_oversized */
858 : Assert(decoded != NULL);
859 : }
860 :
861 1226392 : if (DecodeXLogRecord(state, decoded, record, RecPtr, &errormsg))
862 : {
863 : /* Record the location of the next record. */
864 1226392 : decoded->next_lsn = state->NextRecPtr;
865 :
866 : /*
867 : * If it's in the decode buffer, mark the decode buffer space as
868 : * occupied.
869 : */
870 1226392 : if (!decoded->oversized)
871 : {
872 : /* The new decode buffer head must be MAXALIGNed. */
873 : Assert(decoded->size == MAXALIGN(decoded->size));
874 1226392 : if ((char *) decoded == state->decode_buffer)
875 1226392 : state->decode_buffer_tail = state->decode_buffer + decoded->size;
876 : else
877 0 : state->decode_buffer_tail += decoded->size;
878 : }
879 :
880 : /* Insert it into the queue of decoded records. */
881 : Assert(state->decode_queue_tail != decoded);
882 1226392 : if (state->decode_queue_tail)
883 0 : state->decode_queue_tail->next = decoded;
884 1226392 : state->decode_queue_tail = decoded;
885 1226392 : if (!state->decode_queue_head)
886 1226392 : state->decode_queue_head = decoded;
887 1226392 : return XLREAD_SUCCESS;
888 : }
889 :
890 0 : err:
891 112 : if (assembled)
892 : {
893 : /*
894 : * We get here when a record that spans multiple pages needs to be
895 : * assembled, but something went wrong -- perhaps a contrecord piece
896 : * was lost. If caller is WAL replay, it will know where the aborted
897 : * record was and where to direct followup WAL to be written, marking
898 : * the next piece with XLP_FIRST_IS_OVERWRITE_CONTRECORD, which will
899 : * in turn signal downstream WAL consumers that the broken WAL record
900 : * is to be ignored.
901 : */
902 0 : state->abortedRecPtr = RecPtr;
903 0 : state->missingContrecPtr = targetPagePtr;
904 :
905 : /*
906 : * If we got here without reporting an error, make sure an error is
907 : * queued so that XLogPrefetcherReadRecord() doesn't bring us back a
908 : * second time and clobber the above state.
909 : */
910 0 : state->errormsg_deferred = true;
911 : }
912 :
913 112 : if (decoded && decoded->oversized)
914 0 : pfree(decoded);
915 :
916 : /*
917 : * Invalidate the read state. We might read from a different source after
918 : * failure.
919 : */
920 112 : XLogReaderInvalReadState(state);
921 :
922 : /*
923 : * If an error was written to errmsg_buf, it'll be returned to the caller
924 : * of XLogReadRecord() after all successfully decoded records from the
925 : * read queue.
926 : */
927 :
928 112 : return XLREAD_FAIL;
929 : }
930 :
931 : /*
932 : * Try to decode the next available record, and return it. The record will
933 : * also be returned to XLogNextRecord(), which must be called to 'consume'
934 : * each record.
935 : *
936 : * If nonblocking is true, may return NULL due to lack of data or WAL decoding
937 : * space.
938 : */
939 : DecodedXLogRecord *
940 1226504 : XLogReadAhead(XLogReaderState *state, bool nonblocking)
941 : {
942 : XLogPageReadResult result;
943 :
944 1226504 : if (state->errormsg_deferred)
945 0 : return NULL;
946 :
947 1226504 : result = XLogDecodeNextRecord(state, nonblocking);
948 1226504 : if (result == XLREAD_SUCCESS)
949 : {
950 : Assert(state->decode_queue_tail != NULL);
951 1226392 : return state->decode_queue_tail;
952 : }
953 :
954 112 : return NULL;
955 : }
956 :
957 : /*
958 : * Read a single xlog page including at least [pageptr, reqLen] of valid data
959 : * via the page_read() callback.
960 : *
961 : * Returns XLREAD_FAIL if the required page cannot be read for some
962 : * reason; errormsg_buf is set in that case (unless the error occurs in the
963 : * page_read callback).
964 : *
965 : * Returns XLREAD_WOULDBLOCK if the requested data can't be read without
966 : * waiting. This can be returned only if the installed page_read callback
967 : * respects the state->nonblocking flag, and cannot read the requested data
968 : * immediately.
969 : *
970 : * We fetch the page from a reader-local cache if we know we have the required
971 : * data and if there hasn't been any error since caching the data.
972 : */
973 : static int
974 2453254 : ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
975 : {
976 : int readLen;
977 : uint32 targetPageOff;
978 : XLogSegNo targetSegNo;
979 : XLogPageHeader hdr;
980 :
981 : Assert((pageptr % XLOG_BLCKSZ) == 0);
982 :
983 2453254 : XLByteToSeg(pageptr, targetSegNo, state->segcxt.ws_segsize);
984 2453254 : targetPageOff = XLogSegmentOffset(pageptr, state->segcxt.ws_segsize);
985 :
986 : /* check whether we have all the requested data already */
987 2453254 : if (targetSegNo == state->seg.ws_segno &&
988 2453126 : targetPageOff == state->segoff && reqLen <= state->readLen)
989 2420314 : return state->readLen;
990 :
991 : /*
992 : * Invalidate contents of internal buffer before read attempt. Just set
993 : * the length to 0, rather than a full XLogReaderInvalReadState(), so we
994 : * don't forget the segment we last successfully read.
995 : */
996 32940 : state->readLen = 0;
997 :
998 : /*
999 : * Data is not in our buffer.
1000 : *
1001 : * Every time we actually read the segment, even if we looked at parts of
1002 : * it before, we need to do verification as the page_read callback might
1003 : * now be rereading data from a different source.
1004 : *
1005 : * Whenever switching to a new WAL segment, we read the first page of the
1006 : * file and validate its header, even if that's not where the target
1007 : * record is. This is so that we can check the additional identification
1008 : * info that is present in the first page's "long" header.
1009 : */
1010 32940 : if (targetSegNo != state->seg.ws_segno && targetPageOff != 0)
1011 : {
1012 26 : XLogRecPtr targetSegmentPtr = pageptr - targetPageOff;
1013 :
1014 26 : readLen = state->routine.page_read(state, targetSegmentPtr, XLOG_BLCKSZ,
1015 : state->currRecPtr,
1016 : state->readBuf);
1017 26 : if (readLen == XLREAD_WOULDBLOCK)
1018 0 : return XLREAD_WOULDBLOCK;
1019 26 : else if (readLen < 0)
1020 0 : goto err;
1021 :
1022 : /* we can be sure to have enough WAL available, we scrolled back */
1023 : Assert(readLen == XLOG_BLCKSZ);
1024 :
1025 26 : if (!XLogReaderValidatePageHeader(state, targetSegmentPtr,
1026 : state->readBuf))
1027 0 : goto err;
1028 : }
1029 :
1030 : /*
1031 : * First, read the requested data length, but at least a short page header
1032 : * so that we can validate it.
1033 : */
1034 32940 : readLen = state->routine.page_read(state, pageptr, Max(reqLen, SizeOfXLogShortPHD),
1035 : state->currRecPtr,
1036 : state->readBuf);
1037 32940 : if (readLen == XLREAD_WOULDBLOCK)
1038 0 : return XLREAD_WOULDBLOCK;
1039 32940 : else if (readLen < 0)
1040 108 : goto err;
1041 :
1042 : Assert(readLen <= XLOG_BLCKSZ);
1043 :
1044 : /* Do we have enough data to check the header length? */
1045 32832 : if (readLen <= SizeOfXLogShortPHD)
1046 0 : goto err;
1047 :
1048 : Assert(readLen >= reqLen);
1049 :
1050 32832 : hdr = (XLogPageHeader) state->readBuf;
1051 :
1052 : /* still not enough */
1053 32832 : if (readLen < XLogPageHeaderSize(hdr))
1054 : {
1055 0 : readLen = state->routine.page_read(state, pageptr, XLogPageHeaderSize(hdr),
1056 : state->currRecPtr,
1057 : state->readBuf);
1058 0 : if (readLen == XLREAD_WOULDBLOCK)
1059 0 : return XLREAD_WOULDBLOCK;
1060 0 : else if (readLen < 0)
1061 0 : goto err;
1062 : }
1063 :
1064 : /*
1065 : * Now that we know we have the full header, validate it.
1066 : */
1067 32832 : if (!XLogReaderValidatePageHeader(state, pageptr, (char *) hdr))
1068 0 : goto err;
1069 :
1070 : /* update read state information */
1071 32832 : state->seg.ws_segno = targetSegNo;
1072 32832 : state->segoff = targetPageOff;
1073 32832 : state->readLen = readLen;
1074 :
1075 32832 : return readLen;
1076 :
1077 108 : err:
1078 108 : XLogReaderInvalReadState(state);
1079 :
1080 108 : return XLREAD_FAIL;
1081 : }
1082 :
1083 : /*
1084 : * Invalidate the xlogreader's read state to force a re-read.
1085 : */
1086 : static void
1087 220 : XLogReaderInvalReadState(XLogReaderState *state)
1088 : {
1089 220 : state->seg.ws_segno = 0;
1090 220 : state->segoff = 0;
1091 220 : state->readLen = 0;
1092 220 : }
1093 :
1094 : /*
1095 : * Validate an XLOG record header.
1096 : *
1097 : * This is just a convenience subroutine to avoid duplicated code in
1098 : * XLogReadRecord. It's not intended for use from anywhere else.
1099 : */
1100 : static bool
1101 1226396 : ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
1102 : XLogRecPtr PrevRecPtr, XLogRecord *record,
1103 : bool randAccess)
1104 : {
1105 1226396 : if (record->xl_tot_len < SizeOfXLogRecord)
1106 : {
1107 4 : report_invalid_record(state,
1108 : "invalid record length at %X/%X: expected at least %u, got %u",
1109 4 : LSN_FORMAT_ARGS(RecPtr),
1110 : (uint32) SizeOfXLogRecord, record->xl_tot_len);
1111 4 : return false;
1112 : }
1113 1226392 : if (!RmgrIdIsValid(record->xl_rmid))
1114 : {
1115 0 : report_invalid_record(state,
1116 : "invalid resource manager ID %u at %X/%X",
1117 0 : record->xl_rmid, LSN_FORMAT_ARGS(RecPtr));
1118 0 : return false;
1119 : }
1120 1226392 : if (randAccess)
1121 : {
1122 : /*
1123 : * We can't exactly verify the prev-link, but surely it should be less
1124 : * than the record's own address.
1125 : */
1126 228 : if (!(record->xl_prev < RecPtr))
1127 : {
1128 0 : report_invalid_record(state,
1129 : "record with incorrect prev-link %X/%X at %X/%X",
1130 0 : LSN_FORMAT_ARGS(record->xl_prev),
1131 0 : LSN_FORMAT_ARGS(RecPtr));
1132 0 : return false;
1133 : }
1134 : }
1135 : else
1136 : {
1137 : /*
1138 : * Record's prev-link should exactly match our previous location. This
1139 : * check guards against torn WAL pages where a stale but valid-looking
1140 : * WAL record starts on a sector boundary.
1141 : */
1142 1226164 : if (record->xl_prev != PrevRecPtr)
1143 : {
1144 0 : report_invalid_record(state,
1145 : "record with incorrect prev-link %X/%X at %X/%X",
1146 0 : LSN_FORMAT_ARGS(record->xl_prev),
1147 0 : LSN_FORMAT_ARGS(RecPtr));
1148 0 : return false;
1149 : }
1150 : }
1151 :
1152 1226392 : return true;
1153 : }
1154 :
1155 :
1156 : /*
1157 : * CRC-check an XLOG record. We do not believe the contents of an XLOG
1158 : * record (other than to the minimal extent of computing the amount of
1159 : * data to read in) until we've checked the CRCs.
1160 : *
1161 : * We assume all of the record (that is, xl_tot_len bytes) has been read
1162 : * into memory at *record. Also, ValidXLogRecordHeader() has accepted the
1163 : * record's header, which means in particular that xl_tot_len is at least
1164 : * SizeOfXLogRecord.
1165 : */
1166 : static bool
1167 1226392 : ValidXLogRecord(XLogReaderState *state, XLogRecord *record, XLogRecPtr recptr)
1168 : {
1169 : pg_crc32c crc;
1170 :
1171 : Assert(record->xl_tot_len >= SizeOfXLogRecord);
1172 :
1173 : /* Calculate the CRC */
1174 1226392 : INIT_CRC32C(crc);
1175 1226392 : COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
1176 : /* include the record header last */
1177 1226392 : COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
1178 1226392 : FIN_CRC32C(crc);
1179 :
1180 1226392 : if (!EQ_CRC32C(record->xl_crc, crc))
1181 : {
1182 0 : report_invalid_record(state,
1183 : "incorrect resource manager data checksum in record at %X/%X",
1184 0 : LSN_FORMAT_ARGS(recptr));
1185 0 : return false;
1186 : }
1187 :
1188 1226392 : return true;
1189 : }
1190 :
1191 : /*
1192 : * Validate a page header.
1193 : *
1194 : * Check if 'phdr' is valid as the header of the XLog page at position
1195 : * 'recptr'.
1196 : */
1197 : bool
1198 32858 : XLogReaderValidatePageHeader(XLogReaderState *state, XLogRecPtr recptr,
1199 : char *phdr)
1200 : {
1201 : XLogSegNo segno;
1202 : int32 offset;
1203 32858 : XLogPageHeader hdr = (XLogPageHeader) phdr;
1204 :
1205 : Assert((recptr % XLOG_BLCKSZ) == 0);
1206 :
1207 32858 : XLByteToSeg(recptr, segno, state->segcxt.ws_segsize);
1208 32858 : offset = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1209 :
1210 32858 : if (hdr->xlp_magic != XLOG_PAGE_MAGIC)
1211 : {
1212 : char fname[MAXFNAMELEN];
1213 :
1214 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1215 :
1216 0 : report_invalid_record(state,
1217 : "invalid magic number %04X in WAL segment %s, LSN %X/%X, offset %u",
1218 0 : hdr->xlp_magic,
1219 : fname,
1220 0 : LSN_FORMAT_ARGS(recptr),
1221 : offset);
1222 0 : return false;
1223 : }
1224 :
1225 32858 : if ((hdr->xlp_info & ~XLP_ALL_FLAGS) != 0)
1226 : {
1227 : char fname[MAXFNAMELEN];
1228 :
1229 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1230 :
1231 0 : report_invalid_record(state,
1232 : "invalid info bits %04X in WAL segment %s, LSN %X/%X, offset %u",
1233 0 : hdr->xlp_info,
1234 : fname,
1235 0 : LSN_FORMAT_ARGS(recptr),
1236 : offset);
1237 0 : return false;
1238 : }
1239 :
1240 32858 : if (hdr->xlp_info & XLP_LONG_HEADER)
1241 : {
1242 118 : XLogLongPageHeader longhdr = (XLogLongPageHeader) hdr;
1243 :
1244 118 : if (state->system_identifier &&
1245 0 : longhdr->xlp_sysid != state->system_identifier)
1246 : {
1247 0 : report_invalid_record(state,
1248 : "WAL file is from different database system: WAL file database system identifier is %llu, pg_control database system identifier is %llu",
1249 0 : (unsigned long long) longhdr->xlp_sysid,
1250 0 : (unsigned long long) state->system_identifier);
1251 0 : return false;
1252 : }
1253 118 : else if (longhdr->xlp_seg_size != state->segcxt.ws_segsize)
1254 : {
1255 0 : report_invalid_record(state,
1256 : "WAL file is from different database system: incorrect segment size in page header");
1257 0 : return false;
1258 : }
1259 118 : else if (longhdr->xlp_xlog_blcksz != XLOG_BLCKSZ)
1260 : {
1261 0 : report_invalid_record(state,
1262 : "WAL file is from different database system: incorrect XLOG_BLCKSZ in page header");
1263 0 : return false;
1264 : }
1265 : }
1266 32740 : else if (offset == 0)
1267 : {
1268 : char fname[MAXFNAMELEN];
1269 :
1270 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1271 :
1272 : /* hmm, first page of file doesn't have a long header? */
1273 0 : report_invalid_record(state,
1274 : "invalid info bits %04X in WAL segment %s, LSN %X/%X, offset %u",
1275 0 : hdr->xlp_info,
1276 : fname,
1277 0 : LSN_FORMAT_ARGS(recptr),
1278 : offset);
1279 0 : return false;
1280 : }
1281 :
1282 : /*
1283 : * Check that the address on the page agrees with what we expected. This
1284 : * check typically fails when an old WAL segment is recycled, and hasn't
1285 : * yet been overwritten with new data yet.
1286 : */
1287 32858 : if (hdr->xlp_pageaddr != recptr)
1288 : {
1289 : char fname[MAXFNAMELEN];
1290 :
1291 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1292 :
1293 0 : report_invalid_record(state,
1294 : "unexpected pageaddr %X/%X in WAL segment %s, LSN %X/%X, offset %u",
1295 0 : LSN_FORMAT_ARGS(hdr->xlp_pageaddr),
1296 : fname,
1297 0 : LSN_FORMAT_ARGS(recptr),
1298 : offset);
1299 0 : return false;
1300 : }
1301 :
1302 : /*
1303 : * Since child timelines are always assigned a TLI greater than their
1304 : * immediate parent's TLI, we should never see TLI go backwards across
1305 : * successive pages of a consistent WAL sequence.
1306 : *
1307 : * Sometimes we re-read a segment that's already been (partially) read. So
1308 : * we only verify TLIs for pages that are later than the last remembered
1309 : * LSN.
1310 : */
1311 32858 : if (recptr > state->latestPagePtr)
1312 : {
1313 32858 : if (hdr->xlp_tli < state->latestPageTLI)
1314 : {
1315 : char fname[MAXFNAMELEN];
1316 :
1317 0 : XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
1318 :
1319 0 : report_invalid_record(state,
1320 : "out-of-sequence timeline ID %u (after %u) in WAL segment %s, LSN %X/%X, offset %u",
1321 : hdr->xlp_tli,
1322 : state->latestPageTLI,
1323 : fname,
1324 0 : LSN_FORMAT_ARGS(recptr),
1325 : offset);
1326 0 : return false;
1327 : }
1328 : }
1329 32858 : state->latestPagePtr = recptr;
1330 32858 : state->latestPageTLI = hdr->xlp_tli;
1331 :
1332 32858 : return true;
1333 : }
1334 :
1335 : /*
1336 : * Forget about an error produced by XLogReaderValidatePageHeader().
1337 : */
1338 : void
1339 0 : XLogReaderResetError(XLogReaderState *state)
1340 : {
1341 0 : state->errormsg_buf[0] = '\0';
1342 0 : state->errormsg_deferred = false;
1343 0 : }
1344 :
1345 : /*
1346 : * Find the first record with an lsn >= RecPtr.
1347 : *
1348 : * This is different from XLogBeginRead() in that RecPtr doesn't need to point
1349 : * to a valid record boundary. Useful for checking whether RecPtr is a valid
1350 : * xlog address for reading, and to find the first valid address after some
1351 : * address when dumping records for debugging purposes.
1352 : *
1353 : * This positions the reader, like XLogBeginRead(), so that the next call to
1354 : * XLogReadRecord() will read the next valid record.
1355 : */
1356 : XLogRecPtr
1357 114 : XLogFindNextRecord(XLogReaderState *state, XLogRecPtr RecPtr)
1358 : {
1359 : XLogRecPtr tmpRecPtr;
1360 114 : XLogRecPtr found = InvalidXLogRecPtr;
1361 : XLogPageHeader header;
1362 : char *errormsg;
1363 :
1364 : Assert(!XLogRecPtrIsInvalid(RecPtr));
1365 :
1366 : /* Make sure ReadPageInternal() can't return XLREAD_WOULDBLOCK. */
1367 114 : state->nonblocking = false;
1368 :
1369 : /*
1370 : * skip over potential continuation data, keeping in mind that it may span
1371 : * multiple pages
1372 : */
1373 114 : tmpRecPtr = RecPtr;
1374 : while (true)
1375 0 : {
1376 : XLogRecPtr targetPagePtr;
1377 : int targetRecOff;
1378 : uint32 pageHeaderSize;
1379 : int readLen;
1380 :
1381 : /*
1382 : * Compute targetRecOff. It should typically be equal or greater than
1383 : * short page-header since a valid record can't start anywhere before
1384 : * that, except when caller has explicitly specified the offset that
1385 : * falls somewhere there or when we are skipping multi-page
1386 : * continuation record. It doesn't matter though because
1387 : * ReadPageInternal() is prepared to handle that and will read at
1388 : * least short page-header worth of data
1389 : */
1390 114 : targetRecOff = tmpRecPtr % XLOG_BLCKSZ;
1391 :
1392 : /* scroll back to page boundary */
1393 114 : targetPagePtr = tmpRecPtr - targetRecOff;
1394 :
1395 : /* Read the page containing the record */
1396 114 : readLen = ReadPageInternal(state, targetPagePtr, targetRecOff);
1397 114 : if (readLen < 0)
1398 0 : goto err;
1399 :
1400 114 : header = (XLogPageHeader) state->readBuf;
1401 :
1402 114 : pageHeaderSize = XLogPageHeaderSize(header);
1403 :
1404 : /* make sure we have enough data for the page header */
1405 114 : readLen = ReadPageInternal(state, targetPagePtr, pageHeaderSize);
1406 114 : if (readLen < 0)
1407 0 : goto err;
1408 :
1409 : /* skip over potential continuation data */
1410 114 : if (header->xlp_info & XLP_FIRST_IS_CONTRECORD)
1411 : {
1412 : /*
1413 : * If the length of the remaining continuation data is more than
1414 : * what can fit in this page, the continuation record crosses over
1415 : * this page. Read the next page and try again. xlp_rem_len in the
1416 : * next page header will contain the remaining length of the
1417 : * continuation data
1418 : *
1419 : * Note that record headers are MAXALIGN'ed
1420 : */
1421 26 : if (MAXALIGN(header->xlp_rem_len) >= (XLOG_BLCKSZ - pageHeaderSize))
1422 0 : tmpRecPtr = targetPagePtr + XLOG_BLCKSZ;
1423 : else
1424 : {
1425 : /*
1426 : * The previous continuation record ends in this page. Set
1427 : * tmpRecPtr to point to the first valid record
1428 : */
1429 26 : tmpRecPtr = targetPagePtr + pageHeaderSize
1430 26 : + MAXALIGN(header->xlp_rem_len);
1431 26 : break;
1432 : }
1433 : }
1434 : else
1435 : {
1436 88 : tmpRecPtr = targetPagePtr + pageHeaderSize;
1437 88 : break;
1438 : }
1439 : }
1440 :
1441 : /*
1442 : * we know now that tmpRecPtr is an address pointing to a valid XLogRecord
1443 : * because either we're at the first record after the beginning of a page
1444 : * or we just jumped over the remaining data of a continuation.
1445 : */
1446 114 : XLogBeginRead(state, tmpRecPtr);
1447 558 : while (XLogReadRecord(state, &errormsg) != NULL)
1448 : {
1449 : /* past the record we've found, break out */
1450 558 : if (RecPtr <= state->ReadRecPtr)
1451 : {
1452 : /* Rewind the reader to the beginning of the last record. */
1453 114 : found = state->ReadRecPtr;
1454 114 : XLogBeginRead(state, found);
1455 114 : return found;
1456 : }
1457 : }
1458 :
1459 0 : err:
1460 0 : XLogReaderInvalReadState(state);
1461 :
1462 0 : return InvalidXLogRecPtr;
1463 : }
1464 :
1465 : /*
1466 : * Helper function to ease writing of XLogReaderRoutine->page_read callbacks.
1467 : * If this function is used, caller must supply a segment_open callback in
1468 : * 'state', as that is used here.
1469 : *
1470 : * Read 'count' bytes into 'buf', starting at location 'startptr', from WAL
1471 : * fetched from timeline 'tli'.
1472 : *
1473 : * Returns true if succeeded, false if an error occurs, in which case
1474 : * 'errinfo' receives error details.
1475 : *
1476 : * XXX probably this should be improved to suck data directly from the
1477 : * WAL buffers when possible.
1478 : */
1479 : bool
1480 32858 : WALRead(XLogReaderState *state,
1481 : char *buf, XLogRecPtr startptr, Size count, TimeLineID tli,
1482 : WALReadError *errinfo)
1483 : {
1484 : char *p;
1485 : XLogRecPtr recptr;
1486 : Size nbytes;
1487 :
1488 32858 : p = buf;
1489 32858 : recptr = startptr;
1490 32858 : nbytes = count;
1491 :
1492 65716 : while (nbytes > 0)
1493 : {
1494 : uint32 startoff;
1495 : int segbytes;
1496 : int readbytes;
1497 :
1498 32858 : startoff = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1499 :
1500 : /*
1501 : * If the data we want is not in a segment we have open, close what we
1502 : * have (if anything) and open the next one, using the caller's
1503 : * provided segment_open callback.
1504 : */
1505 32858 : if (state->seg.ws_file < 0 ||
1506 32744 : !XLByteInSeg(recptr, state->seg.ws_segno, state->segcxt.ws_segsize) ||
1507 32740 : tli != state->seg.ws_tli)
1508 : {
1509 : XLogSegNo nextSegNo;
1510 :
1511 118 : if (state->seg.ws_file >= 0)
1512 4 : state->routine.segment_close(state);
1513 :
1514 118 : XLByteToSeg(recptr, nextSegNo, state->segcxt.ws_segsize);
1515 118 : state->routine.segment_open(state, nextSegNo, &tli);
1516 :
1517 : /* This shouldn't happen -- indicates a bug in segment_open */
1518 : Assert(state->seg.ws_file >= 0);
1519 :
1520 : /* Update the current segment info. */
1521 118 : state->seg.ws_tli = tli;
1522 118 : state->seg.ws_segno = nextSegNo;
1523 : }
1524 :
1525 : /* How many bytes are within this segment? */
1526 32858 : if (nbytes > (state->segcxt.ws_segsize - startoff))
1527 0 : segbytes = state->segcxt.ws_segsize - startoff;
1528 : else
1529 32858 : segbytes = nbytes;
1530 :
1531 : #ifndef FRONTEND
1532 : pgstat_report_wait_start(WAIT_EVENT_WAL_READ);
1533 : #endif
1534 :
1535 : /* Reset errno first; eases reporting non-errno-affecting errors */
1536 32858 : errno = 0;
1537 32858 : readbytes = pg_pread(state->seg.ws_file, p, segbytes, (off_t) startoff);
1538 :
1539 : #ifndef FRONTEND
1540 : pgstat_report_wait_end();
1541 : #endif
1542 :
1543 32858 : if (readbytes <= 0)
1544 : {
1545 0 : errinfo->wre_errno = errno;
1546 0 : errinfo->wre_req = segbytes;
1547 0 : errinfo->wre_read = readbytes;
1548 0 : errinfo->wre_off = startoff;
1549 0 : errinfo->wre_seg = state->seg;
1550 0 : return false;
1551 : }
1552 :
1553 : /* Update state for read */
1554 32858 : recptr += readbytes;
1555 32858 : nbytes -= readbytes;
1556 32858 : p += readbytes;
1557 : }
1558 :
1559 32858 : return true;
1560 : }
1561 :
1562 : /* ----------------------------------------
1563 : * Functions for decoding the data and block references in a record.
1564 : * ----------------------------------------
1565 : */
1566 :
1567 : /*
1568 : * Private function to reset the state, forgetting all decoded records, if we
1569 : * are asked to move to a new read position.
1570 : */
1571 : static void
1572 228 : ResetDecoder(XLogReaderState *state)
1573 : {
1574 : DecodedXLogRecord *r;
1575 :
1576 : /* Reset the decoded record queue, freeing any oversized records. */
1577 342 : while ((r = state->decode_queue_head) != NULL)
1578 : {
1579 114 : state->decode_queue_head = r->next;
1580 114 : if (r->oversized)
1581 0 : pfree(r);
1582 : }
1583 228 : state->decode_queue_tail = NULL;
1584 228 : state->decode_queue_head = NULL;
1585 228 : state->record = NULL;
1586 :
1587 : /* Reset the decode buffer to empty. */
1588 228 : state->decode_buffer_tail = state->decode_buffer;
1589 228 : state->decode_buffer_head = state->decode_buffer;
1590 :
1591 : /* Clear error state. */
1592 228 : state->errormsg_buf[0] = '\0';
1593 228 : state->errormsg_deferred = false;
1594 228 : }
1595 :
1596 : /*
1597 : * Compute the maximum possible amount of padding that could be required to
1598 : * decode a record, given xl_tot_len from the record's header. This is the
1599 : * amount of output buffer space that we need to decode a record, though we
1600 : * might not finish up using it all.
1601 : *
1602 : * This computation is pessimistic and assumes the maximum possible number of
1603 : * blocks, due to lack of better information.
1604 : */
1605 : size_t
1606 1226392 : DecodeXLogRecordRequiredSpace(size_t xl_tot_len)
1607 : {
1608 1226392 : size_t size = 0;
1609 :
1610 : /* Account for the fixed size part of the decoded record struct. */
1611 1226392 : size += offsetof(DecodedXLogRecord, blocks[0]);
1612 : /* Account for the flexible blocks array of maximum possible size. */
1613 1226392 : size += sizeof(DecodedBkpBlock) * (XLR_MAX_BLOCK_ID + 1);
1614 : /* Account for all the raw main and block data. */
1615 1226392 : size += xl_tot_len;
1616 : /* We might insert padding before main_data. */
1617 1226392 : size += (MAXIMUM_ALIGNOF - 1);
1618 : /* We might insert padding before each block's data. */
1619 1226392 : size += (MAXIMUM_ALIGNOF - 1) * (XLR_MAX_BLOCK_ID + 1);
1620 : /* We might insert padding at the end. */
1621 1226392 : size += (MAXIMUM_ALIGNOF - 1);
1622 :
1623 1226392 : return size;
1624 : }
1625 :
1626 : /*
1627 : * Decode a record. "decoded" must point to a MAXALIGNed memory area that has
1628 : * space for at least DecodeXLogRecordRequiredSpace(record) bytes. On
1629 : * success, decoded->size contains the actual space occupied by the decoded
1630 : * record, which may turn out to be less.
1631 : *
1632 : * Only decoded->oversized member must be initialized already, and will not be
1633 : * modified. Other members will be initialized as required.
1634 : *
1635 : * On error, a human-readable error message is returned in *errormsg, and
1636 : * the return value is false.
1637 : */
1638 : bool
1639 1226392 : DecodeXLogRecord(XLogReaderState *state,
1640 : DecodedXLogRecord *decoded,
1641 : XLogRecord *record,
1642 : XLogRecPtr lsn,
1643 : char **errormsg)
1644 : {
1645 : /*
1646 : * read next _size bytes from record buffer, but check for overrun first.
1647 : */
1648 : #define COPY_HEADER_FIELD(_dst, _size) \
1649 : do { \
1650 : if (remaining < _size) \
1651 : goto shortdata_err; \
1652 : memcpy(_dst, ptr, _size); \
1653 : ptr += _size; \
1654 : remaining -= _size; \
1655 : } while(0)
1656 :
1657 : char *ptr;
1658 : char *out;
1659 : uint32 remaining;
1660 : uint32 datatotal;
1661 1226392 : RelFileLocator *rlocator = NULL;
1662 : uint8 block_id;
1663 :
1664 1226392 : decoded->header = *record;
1665 1226392 : decoded->lsn = lsn;
1666 1226392 : decoded->next = NULL;
1667 1226392 : decoded->record_origin = InvalidRepOriginId;
1668 1226392 : decoded->toplevel_xid = InvalidTransactionId;
1669 1226392 : decoded->main_data = NULL;
1670 1226392 : decoded->main_data_len = 0;
1671 1226392 : decoded->max_block_id = -1;
1672 1226392 : ptr = (char *) record;
1673 1226392 : ptr += SizeOfXLogRecord;
1674 1226392 : remaining = record->xl_tot_len - SizeOfXLogRecord;
1675 :
1676 : /* Decode the headers */
1677 1226392 : datatotal = 0;
1678 2588004 : while (remaining > datatotal)
1679 : {
1680 2557114 : COPY_HEADER_FIELD(&block_id, sizeof(uint8));
1681 :
1682 2557114 : if (block_id == XLR_BLOCK_ID_DATA_SHORT)
1683 : {
1684 : /* XLogRecordDataHeaderShort */
1685 : uint8 main_data_len;
1686 :
1687 1193430 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint8));
1688 :
1689 1193430 : decoded->main_data_len = main_data_len;
1690 1193430 : datatotal += main_data_len;
1691 1193430 : break; /* by convention, the main data fragment is
1692 : * always last */
1693 : }
1694 1363684 : else if (block_id == XLR_BLOCK_ID_DATA_LONG)
1695 : {
1696 : /* XLogRecordDataHeaderLong */
1697 : uint32 main_data_len;
1698 :
1699 2072 : COPY_HEADER_FIELD(&main_data_len, sizeof(uint32));
1700 2072 : decoded->main_data_len = main_data_len;
1701 2072 : datatotal += main_data_len;
1702 2072 : break; /* by convention, the main data fragment is
1703 : * always last */
1704 : }
1705 1361612 : else if (block_id == XLR_BLOCK_ID_ORIGIN)
1706 : {
1707 0 : COPY_HEADER_FIELD(&decoded->record_origin, sizeof(RepOriginId));
1708 : }
1709 1361612 : else if (block_id == XLR_BLOCK_ID_TOPLEVEL_XID)
1710 : {
1711 0 : COPY_HEADER_FIELD(&decoded->toplevel_xid, sizeof(TransactionId));
1712 : }
1713 1361612 : else if (block_id <= XLR_MAX_BLOCK_ID)
1714 : {
1715 : /* XLogRecordBlockHeader */
1716 : DecodedBkpBlock *blk;
1717 : uint8 fork_flags;
1718 :
1719 : /* mark any intervening block IDs as not in use */
1720 1361982 : for (int i = decoded->max_block_id + 1; i < block_id; ++i)
1721 370 : decoded->blocks[i].in_use = false;
1722 :
1723 1361612 : if (block_id <= decoded->max_block_id)
1724 : {
1725 0 : report_invalid_record(state,
1726 : "out-of-order block_id %u at %X/%X",
1727 : block_id,
1728 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1729 0 : goto err;
1730 : }
1731 1361612 : decoded->max_block_id = block_id;
1732 :
1733 1361612 : blk = &decoded->blocks[block_id];
1734 1361612 : blk->in_use = true;
1735 1361612 : blk->apply_image = false;
1736 :
1737 1361612 : COPY_HEADER_FIELD(&fork_flags, sizeof(uint8));
1738 1361612 : blk->forknum = fork_flags & BKPBLOCK_FORK_MASK;
1739 1361612 : blk->flags = fork_flags;
1740 1361612 : blk->has_image = ((fork_flags & BKPBLOCK_HAS_IMAGE) != 0);
1741 1361612 : blk->has_data = ((fork_flags & BKPBLOCK_HAS_DATA) != 0);
1742 :
1743 1361612 : blk->prefetch_buffer = InvalidBuffer;
1744 :
1745 1361612 : COPY_HEADER_FIELD(&blk->data_len, sizeof(uint16));
1746 : /* cross-check that the HAS_DATA flag is set iff data_length > 0 */
1747 1361612 : if (blk->has_data && blk->data_len == 0)
1748 : {
1749 0 : report_invalid_record(state,
1750 : "BKPBLOCK_HAS_DATA set, but no data included at %X/%X",
1751 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1752 0 : goto err;
1753 : }
1754 1361612 : if (!blk->has_data && blk->data_len != 0)
1755 : {
1756 0 : report_invalid_record(state,
1757 : "BKPBLOCK_HAS_DATA not set, but data length is %u at %X/%X",
1758 0 : (unsigned int) blk->data_len,
1759 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1760 0 : goto err;
1761 : }
1762 1361612 : datatotal += blk->data_len;
1763 :
1764 1361612 : if (blk->has_image)
1765 : {
1766 34700 : COPY_HEADER_FIELD(&blk->bimg_len, sizeof(uint16));
1767 34700 : COPY_HEADER_FIELD(&blk->hole_offset, sizeof(uint16));
1768 34700 : COPY_HEADER_FIELD(&blk->bimg_info, sizeof(uint8));
1769 :
1770 34700 : blk->apply_image = ((blk->bimg_info & BKPIMAGE_APPLY) != 0);
1771 :
1772 34700 : if (BKPIMAGE_COMPRESSED(blk->bimg_info))
1773 : {
1774 0 : if (blk->bimg_info & BKPIMAGE_HAS_HOLE)
1775 0 : COPY_HEADER_FIELD(&blk->hole_length, sizeof(uint16));
1776 : else
1777 0 : blk->hole_length = 0;
1778 : }
1779 : else
1780 34700 : blk->hole_length = BLCKSZ - blk->bimg_len;
1781 34700 : datatotal += blk->bimg_len;
1782 :
1783 : /*
1784 : * cross-check that hole_offset > 0, hole_length > 0 and
1785 : * bimg_len < BLCKSZ if the HAS_HOLE flag is set.
1786 : */
1787 34700 : if ((blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1788 33778 : (blk->hole_offset == 0 ||
1789 33778 : blk->hole_length == 0 ||
1790 33778 : blk->bimg_len == BLCKSZ))
1791 : {
1792 0 : report_invalid_record(state,
1793 : "BKPIMAGE_HAS_HOLE set, but hole offset %u length %u block image length %u at %X/%X",
1794 0 : (unsigned int) blk->hole_offset,
1795 0 : (unsigned int) blk->hole_length,
1796 0 : (unsigned int) blk->bimg_len,
1797 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1798 0 : goto err;
1799 : }
1800 :
1801 : /*
1802 : * cross-check that hole_offset == 0 and hole_length == 0 if
1803 : * the HAS_HOLE flag is not set.
1804 : */
1805 34700 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1806 922 : (blk->hole_offset != 0 || blk->hole_length != 0))
1807 : {
1808 0 : report_invalid_record(state,
1809 : "BKPIMAGE_HAS_HOLE not set, but hole offset %u length %u at %X/%X",
1810 0 : (unsigned int) blk->hole_offset,
1811 0 : (unsigned int) blk->hole_length,
1812 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1813 0 : goto err;
1814 : }
1815 :
1816 : /*
1817 : * Cross-check that bimg_len < BLCKSZ if it is compressed.
1818 : */
1819 34700 : if (BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1820 0 : blk->bimg_len == BLCKSZ)
1821 : {
1822 0 : report_invalid_record(state,
1823 : "BKPIMAGE_COMPRESSED set, but block image length %u at %X/%X",
1824 0 : (unsigned int) blk->bimg_len,
1825 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1826 0 : goto err;
1827 : }
1828 :
1829 : /*
1830 : * cross-check that bimg_len = BLCKSZ if neither HAS_HOLE is
1831 : * set nor COMPRESSED().
1832 : */
1833 34700 : if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1834 922 : !BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1835 922 : blk->bimg_len != BLCKSZ)
1836 : {
1837 0 : report_invalid_record(state,
1838 : "neither BKPIMAGE_HAS_HOLE nor BKPIMAGE_COMPRESSED set, but block image length is %u at %X/%X",
1839 0 : (unsigned int) blk->data_len,
1840 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1841 0 : goto err;
1842 : }
1843 : }
1844 1361612 : if (!(fork_flags & BKPBLOCK_SAME_REL))
1845 : {
1846 1185766 : COPY_HEADER_FIELD(&blk->rlocator, sizeof(RelFileLocator));
1847 1185766 : rlocator = &blk->rlocator;
1848 : }
1849 : else
1850 : {
1851 175846 : if (rlocator == NULL)
1852 : {
1853 0 : report_invalid_record(state,
1854 : "BKPBLOCK_SAME_REL set but no previous rel at %X/%X",
1855 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1856 0 : goto err;
1857 : }
1858 :
1859 175846 : blk->rlocator = *rlocator;
1860 : }
1861 1361612 : COPY_HEADER_FIELD(&blk->blkno, sizeof(BlockNumber));
1862 : }
1863 : else
1864 : {
1865 0 : report_invalid_record(state,
1866 : "invalid block_id %u at %X/%X",
1867 0 : block_id, LSN_FORMAT_ARGS(state->ReadRecPtr));
1868 0 : goto err;
1869 : }
1870 : }
1871 :
1872 1226392 : if (remaining != datatotal)
1873 0 : goto shortdata_err;
1874 :
1875 : /*
1876 : * Ok, we've parsed the fragment headers, and verified that the total
1877 : * length of the payload in the fragments is equal to the amount of data
1878 : * left. Copy the data of each fragment to contiguous space after the
1879 : * blocks array, inserting alignment padding before the data fragments so
1880 : * they can be cast to struct pointers by REDO routines.
1881 : */
1882 1226392 : out = ((char *) decoded) +
1883 1226392 : offsetof(DecodedXLogRecord, blocks) +
1884 1226392 : sizeof(decoded->blocks[0]) * (decoded->max_block_id + 1);
1885 :
1886 : /* block data first */
1887 2588374 : for (block_id = 0; block_id <= decoded->max_block_id; block_id++)
1888 : {
1889 1361982 : DecodedBkpBlock *blk = &decoded->blocks[block_id];
1890 :
1891 1361982 : if (!blk->in_use)
1892 370 : continue;
1893 :
1894 : Assert(blk->has_image || !blk->apply_image);
1895 :
1896 1361612 : if (blk->has_image)
1897 : {
1898 : /* no need to align image */
1899 34700 : blk->bkp_image = out;
1900 34700 : memcpy(out, ptr, blk->bimg_len);
1901 34700 : ptr += blk->bimg_len;
1902 34700 : out += blk->bimg_len;
1903 : }
1904 1361612 : if (blk->has_data)
1905 : {
1906 991768 : out = (char *) MAXALIGN(out);
1907 991768 : blk->data = out;
1908 991768 : memcpy(blk->data, ptr, blk->data_len);
1909 991768 : ptr += blk->data_len;
1910 991768 : out += blk->data_len;
1911 : }
1912 : }
1913 :
1914 : /* and finally, the main data */
1915 1226392 : if (decoded->main_data_len > 0)
1916 : {
1917 1195502 : out = (char *) MAXALIGN(out);
1918 1195502 : decoded->main_data = out;
1919 1195502 : memcpy(decoded->main_data, ptr, decoded->main_data_len);
1920 1195502 : ptr += decoded->main_data_len;
1921 1195502 : out += decoded->main_data_len;
1922 : }
1923 :
1924 : /* Report the actual size we used. */
1925 1226392 : decoded->size = MAXALIGN(out - (char *) decoded);
1926 : Assert(DecodeXLogRecordRequiredSpace(record->xl_tot_len) >=
1927 : decoded->size);
1928 :
1929 1226392 : return true;
1930 :
1931 0 : shortdata_err:
1932 0 : report_invalid_record(state,
1933 : "record with invalid length at %X/%X",
1934 0 : LSN_FORMAT_ARGS(state->ReadRecPtr));
1935 0 : err:
1936 0 : *errormsg = state->errormsg_buf;
1937 :
1938 0 : return false;
1939 : }
1940 :
1941 : /*
1942 : * Returns information about the block that a block reference refers to.
1943 : *
1944 : * This is like XLogRecGetBlockTagExtended, except that the block reference
1945 : * must exist and there's no access to prefetch_buffer.
1946 : */
1947 : void
1948 0 : XLogRecGetBlockTag(XLogReaderState *record, uint8 block_id,
1949 : RelFileLocator *rlocator, ForkNumber *forknum,
1950 : BlockNumber *blknum)
1951 : {
1952 0 : if (!XLogRecGetBlockTagExtended(record, block_id, rlocator, forknum,
1953 : blknum, NULL))
1954 : {
1955 : #ifndef FRONTEND
1956 : elog(ERROR, "could not locate backup block with ID %d in WAL record",
1957 : block_id);
1958 : #else
1959 0 : pg_fatal("could not locate backup block with ID %d in WAL record",
1960 : block_id);
1961 : #endif
1962 : }
1963 0 : }
1964 :
1965 : /*
1966 : * Returns information about the block that a block reference refers to,
1967 : * optionally including the buffer that the block may already be in.
1968 : *
1969 : * If the WAL record contains a block reference with the given ID, *rlocator,
1970 : * *forknum, *blknum and *prefetch_buffer are filled in (if not NULL), and
1971 : * returns true. Otherwise returns false.
1972 : */
1973 : bool
1974 849308 : XLogRecGetBlockTagExtended(XLogReaderState *record, uint8 block_id,
1975 : RelFileLocator *rlocator, ForkNumber *forknum,
1976 : BlockNumber *blknum,
1977 : Buffer *prefetch_buffer)
1978 : {
1979 : DecodedBkpBlock *bkpb;
1980 :
1981 849308 : if (!XLogRecHasBlockRef(record, block_id))
1982 258 : return false;
1983 :
1984 849050 : bkpb = &record->record->blocks[block_id];
1985 849050 : if (rlocator)
1986 849050 : *rlocator = bkpb->rlocator;
1987 849050 : if (forknum)
1988 849050 : *forknum = bkpb->forknum;
1989 849050 : if (blknum)
1990 849050 : *blknum = bkpb->blkno;
1991 849050 : if (prefetch_buffer)
1992 0 : *prefetch_buffer = bkpb->prefetch_buffer;
1993 849050 : return true;
1994 : }
1995 :
1996 : /*
1997 : * Returns the data associated with a block reference, or NULL if there is
1998 : * no data (e.g. because a full-page image was taken instead). The returned
1999 : * pointer points to a MAXALIGNed buffer.
2000 : */
2001 : char *
2002 3350 : XLogRecGetBlockData(XLogReaderState *record, uint8 block_id, Size *len)
2003 : {
2004 : DecodedBkpBlock *bkpb;
2005 :
2006 3350 : if (block_id > record->record->max_block_id ||
2007 3350 : !record->record->blocks[block_id].in_use)
2008 0 : return NULL;
2009 :
2010 3350 : bkpb = &record->record->blocks[block_id];
2011 :
2012 3350 : if (!bkpb->has_data)
2013 : {
2014 0 : if (len)
2015 0 : *len = 0;
2016 0 : return NULL;
2017 : }
2018 : else
2019 : {
2020 3350 : if (len)
2021 1468 : *len = bkpb->data_len;
2022 3350 : return bkpb->data;
2023 : }
2024 : }
2025 :
2026 : /*
2027 : * Restore a full-page image from a backup block attached to an XLOG record.
2028 : *
2029 : * Returns true if a full-page image is restored, and false on failure with
2030 : * an error to be consumed by the caller.
2031 : */
2032 : bool
2033 2 : RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
2034 : {
2035 : DecodedBkpBlock *bkpb;
2036 : char *ptr;
2037 : PGAlignedBlock tmp;
2038 :
2039 2 : if (block_id > record->record->max_block_id ||
2040 2 : !record->record->blocks[block_id].in_use)
2041 : {
2042 0 : report_invalid_record(record,
2043 : "could not restore image at %X/%X with invalid block %d specified",
2044 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2045 : block_id);
2046 0 : return false;
2047 : }
2048 2 : if (!record->record->blocks[block_id].has_image)
2049 : {
2050 0 : report_invalid_record(record, "could not restore image at %X/%X with invalid state, block %d",
2051 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2052 : block_id);
2053 0 : return false;
2054 : }
2055 :
2056 2 : bkpb = &record->record->blocks[block_id];
2057 2 : ptr = bkpb->bkp_image;
2058 :
2059 2 : if (BKPIMAGE_COMPRESSED(bkpb->bimg_info))
2060 : {
2061 : /* If a backup block image is compressed, decompress it */
2062 0 : bool decomp_success = true;
2063 :
2064 0 : if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_PGLZ) != 0)
2065 : {
2066 0 : if (pglz_decompress(ptr, bkpb->bimg_len, tmp.data,
2067 0 : BLCKSZ - bkpb->hole_length, true) < 0)
2068 0 : decomp_success = false;
2069 : }
2070 0 : else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_LZ4) != 0)
2071 : {
2072 : #ifdef USE_LZ4
2073 0 : if (LZ4_decompress_safe(ptr, tmp.data,
2074 0 : bkpb->bimg_len, BLCKSZ - bkpb->hole_length) <= 0)
2075 0 : decomp_success = false;
2076 : #else
2077 : report_invalid_record(record, "could not restore image at %X/%X compressed with %s not supported by build, block %d",
2078 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2079 : "LZ4",
2080 : block_id);
2081 : return false;
2082 : #endif
2083 : }
2084 0 : else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_ZSTD) != 0)
2085 : {
2086 : #ifdef USE_ZSTD
2087 : size_t decomp_result = ZSTD_decompress(tmp.data,
2088 : BLCKSZ - bkpb->hole_length,
2089 : ptr, bkpb->bimg_len);
2090 :
2091 : if (ZSTD_isError(decomp_result))
2092 : decomp_success = false;
2093 : #else
2094 0 : report_invalid_record(record, "could not restore image at %X/%X compressed with %s not supported by build, block %d",
2095 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2096 : "zstd",
2097 : block_id);
2098 0 : return false;
2099 : #endif
2100 : }
2101 : else
2102 : {
2103 0 : report_invalid_record(record, "could not restore image at %X/%X compressed with unknown method, block %d",
2104 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2105 : block_id);
2106 0 : return false;
2107 : }
2108 :
2109 0 : if (!decomp_success)
2110 : {
2111 0 : report_invalid_record(record, "could not decompress image at %X/%X, block %d",
2112 0 : LSN_FORMAT_ARGS(record->ReadRecPtr),
2113 : block_id);
2114 0 : return false;
2115 : }
2116 :
2117 0 : ptr = tmp.data;
2118 : }
2119 :
2120 : /* generate page, taking into account hole if necessary */
2121 2 : if (bkpb->hole_length == 0)
2122 : {
2123 0 : memcpy(page, ptr, BLCKSZ);
2124 : }
2125 : else
2126 : {
2127 2 : memcpy(page, ptr, bkpb->hole_offset);
2128 : /* must zero-fill the hole */
2129 2 : MemSet(page + bkpb->hole_offset, 0, bkpb->hole_length);
2130 2 : memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
2131 2 : ptr + bkpb->hole_offset,
2132 2 : BLCKSZ - (bkpb->hole_offset + bkpb->hole_length));
2133 : }
2134 :
2135 2 : return true;
2136 : }
2137 :
2138 : #ifndef FRONTEND
2139 :
2140 : /*
2141 : * Extract the FullTransactionId from a WAL record.
2142 : */
2143 : FullTransactionId
2144 : XLogRecGetFullXid(XLogReaderState *record)
2145 : {
2146 : TransactionId xid,
2147 : next_xid;
2148 : uint32 epoch;
2149 :
2150 : /*
2151 : * This function is only safe during replay, because it depends on the
2152 : * replay state. See AdvanceNextFullTransactionIdPastXid() for more.
2153 : */
2154 : Assert(AmStartupProcess() || !IsUnderPostmaster);
2155 :
2156 : xid = XLogRecGetXid(record);
2157 : next_xid = XidFromFullTransactionId(ShmemVariableCache->nextXid);
2158 : epoch = EpochFromFullTransactionId(ShmemVariableCache->nextXid);
2159 :
2160 : /*
2161 : * If xid is numerically greater than next_xid, it has to be from the last
2162 : * epoch.
2163 : */
2164 : if (unlikely(xid > next_xid))
2165 : --epoch;
2166 :
2167 : return FullTransactionIdFromEpochAndXid(epoch, xid);
2168 : }
2169 :
2170 : #endif
|