Age Owner TLA Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * postmaster.c
4 : * This program acts as a clearing house for requests to the
5 : * POSTGRES system. Frontend programs send a startup message
6 : * to the Postmaster and the postmaster uses the info in the
7 : * message to setup a backend process.
8 : *
9 : * The postmaster also manages system-wide operations such as
10 : * startup and shutdown. The postmaster itself doesn't do those
11 : * operations, mind you --- it just forks off a subprocess to do them
12 : * at the right times. It also takes care of resetting the system
13 : * if a backend crashes.
14 : *
15 : * The postmaster process creates the shared memory and semaphore
16 : * pools during startup, but as a rule does not touch them itself.
17 : * In particular, it is not a member of the PGPROC array of backends
18 : * and so it cannot participate in lock-manager operations. Keeping
19 : * the postmaster away from shared memory operations makes it simpler
20 : * and more reliable. The postmaster is almost always able to recover
21 : * from crashes of individual backends by resetting shared memory;
22 : * if it did much with shared memory then it would be prone to crashing
23 : * along with the backends.
24 : *
25 : * When a request message is received, we now fork() immediately.
26 : * The child process performs authentication of the request, and
27 : * then becomes a backend if successful. This allows the auth code
28 : * to be written in a simple single-threaded style (as opposed to the
29 : * crufty "poor man's multitasking" code that used to be needed).
30 : * More importantly, it ensures that blockages in non-multithreaded
31 : * libraries like SSL or PAM cannot cause denial of service to other
32 : * clients.
33 : *
34 : *
35 : * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
36 : * Portions Copyright (c) 1994, Regents of the University of California
37 : *
38 : *
39 : * IDENTIFICATION
40 : * src/backend/postmaster/postmaster.c
41 : *
42 : * NOTES
43 : *
44 : * Initialization:
45 : * The Postmaster sets up shared memory data structures
46 : * for the backends.
47 : *
48 : * Synchronization:
49 : * The Postmaster shares memory with the backends but should avoid
50 : * touching shared memory, so as not to become stuck if a crashing
51 : * backend screws up locks or shared memory. Likewise, the Postmaster
52 : * should never block on messages from frontend clients.
53 : *
54 : * Garbage Collection:
55 : * The Postmaster cleans up after backends if they have an emergency
56 : * exit and/or core dump.
57 : *
58 : * Error Reporting:
59 : * Use write_stderr() only for reporting "interactive" errors
60 : * (essentially, bogus arguments on the command line). Once the
61 : * postmaster is launched, use ereport().
62 : *
63 : *-------------------------------------------------------------------------
64 : */
65 :
66 : #include "postgres.h"
67 :
68 : #include <unistd.h>
69 : #include <signal.h>
70 : #include <time.h>
71 : #include <sys/wait.h>
72 : #include <ctype.h>
73 : #include <sys/stat.h>
74 : #include <sys/socket.h>
75 : #include <fcntl.h>
76 : #include <sys/param.h>
77 : #include <netdb.h>
78 : #include <limits.h>
79 :
80 : #ifdef USE_BONJOUR
81 : #include <dns_sd.h>
82 : #endif
83 :
84 : #ifdef USE_SYSTEMD
85 : #include <systemd/sd-daemon.h>
86 : #endif
87 :
88 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
89 : #include <pthread.h>
90 : #endif
91 :
92 : #include "access/transam.h"
93 : #include "access/xlog.h"
94 : #include "access/xlogrecovery.h"
95 : #include "catalog/pg_control.h"
96 : #include "common/file_perm.h"
97 : #include "common/ip.h"
98 : #include "common/pg_prng.h"
99 : #include "common/string.h"
100 : #include "lib/ilist.h"
101 : #include "libpq/auth.h"
102 : #include "libpq/libpq.h"
103 : #include "libpq/pqformat.h"
104 : #include "libpq/pqsignal.h"
105 : #include "nodes/queryjumble.h"
106 : #include "pg_getopt.h"
107 : #include "pgstat.h"
108 : #include "port/pg_bswap.h"
109 : #include "postmaster/autovacuum.h"
110 : #include "postmaster/auxprocess.h"
111 : #include "postmaster/bgworker_internals.h"
112 : #include "postmaster/fork_process.h"
113 : #include "postmaster/interrupt.h"
114 : #include "postmaster/pgarch.h"
115 : #include "postmaster/postmaster.h"
116 : #include "postmaster/syslogger.h"
117 : #include "replication/logicallauncher.h"
118 : #include "replication/walsender.h"
119 : #include "storage/fd.h"
120 : #include "storage/ipc.h"
121 : #include "storage/pg_shmem.h"
122 : #include "storage/pmsignal.h"
123 : #include "storage/proc.h"
124 : #include "tcop/tcopprot.h"
125 : #include "utils/builtins.h"
126 : #include "utils/datetime.h"
127 : #include "utils/memutils.h"
128 : #include "utils/pidfile.h"
129 : #include "utils/ps_status.h"
130 : #include "utils/timeout.h"
131 : #include "utils/timestamp.h"
132 : #include "utils/varlena.h"
133 :
134 : #ifdef EXEC_BACKEND
135 : #include "storage/spin.h"
136 : #endif
137 :
138 :
139 : /*
140 : * Possible types of a backend. Beyond being the possible bkend_type values in
141 : * struct bkend, these are OR-able request flag bits for SignalSomeChildren()
142 : * and CountChildren().
143 : */
144 : #define BACKEND_TYPE_NORMAL 0x0001 /* normal backend */
145 : #define BACKEND_TYPE_AUTOVAC 0x0002 /* autovacuum worker process */
146 : #define BACKEND_TYPE_WALSND 0x0004 /* walsender process */
147 : #define BACKEND_TYPE_BGWORKER 0x0008 /* bgworker process */
148 : #define BACKEND_TYPE_ALL 0x000F /* OR of all the above */
149 :
150 : /*
151 : * List of active backends (or child processes anyway; we don't actually
152 : * know whether a given child has become a backend or is still in the
153 : * authorization phase). This is used mainly to keep track of how many
154 : * children we have and send them appropriate signals when necessary.
155 : *
156 : * As shown in the above set of backend types, this list includes not only
157 : * "normal" client sessions, but also autovacuum workers, walsenders, and
158 : * background workers. (Note that at the time of launch, walsenders are
159 : * labeled BACKEND_TYPE_NORMAL; we relabel them to BACKEND_TYPE_WALSND
160 : * upon noticing they've changed their PMChildFlags entry. Hence that check
161 : * must be done before any operation that needs to distinguish walsenders
162 : * from normal backends.)
163 : *
164 : * Also, "dead_end" children are in it: these are children launched just for
165 : * the purpose of sending a friendly rejection message to a would-be client.
166 : * We must track them because they are attached to shared memory, but we know
167 : * they will never become live backends. dead_end children are not assigned a
168 : * PMChildSlot. dead_end children have bkend_type NORMAL.
169 : *
170 : * "Special" children such as the startup, bgwriter and autovacuum launcher
171 : * tasks are not in this list. They are tracked via StartupPID and other
172 : * pid_t variables below. (Thus, there can't be more than one of any given
173 : * "special" child process type. We use BackendList entries for any child
174 : * process there can be more than one of.)
175 : */
176 : typedef struct bkend
177 : {
178 : pid_t pid; /* process id of backend */
179 : int32 cancel_key; /* cancel key for cancels for this backend */
180 : int child_slot; /* PMChildSlot for this backend, if any */
181 : int bkend_type; /* child process flavor, see above */
182 : bool dead_end; /* is it going to send an error and quit? */
183 : bool bgworker_notify; /* gets bgworker start/stop notifications */
184 : dlist_node elem; /* list link in BackendList */
185 : } Backend;
186 :
187 : static dlist_head BackendList = DLIST_STATIC_INIT(BackendList);
188 :
189 : #ifdef EXEC_BACKEND
190 : static Backend *ShmemBackendArray;
191 : #endif
192 :
193 : BackgroundWorker *MyBgworkerEntry = NULL;
194 :
195 :
196 :
197 : /* The socket number we are listening for connections on */
198 : int PostPortNumber = DEF_PGPORT;
199 :
200 : /* The directory names for Unix socket(s) */
201 : char *Unix_socket_directories;
202 :
203 : /* The TCP listen address(es) */
204 : char *ListenAddresses;
205 :
206 : /*
207 : * SuperuserReservedConnections is the number of backends reserved for
208 : * superuser use, and ReservedConnections is the number of backends reserved
209 : * for use by roles with privileges of the pg_use_reserved_connections
210 : * predefined role. These are taken out of the pool of MaxConnections backend
211 : * slots, so the number of backend slots available for roles that are neither
212 : * superuser nor have privileges of pg_use_reserved_connections is
213 : * (MaxConnections - SuperuserReservedConnections - ReservedConnections).
214 : *
215 : * If the number of remaining slots is less than or equal to
216 : * SuperuserReservedConnections, only superusers can make new connections. If
217 : * the number of remaining slots is greater than SuperuserReservedConnections
218 : * but less than or equal to
219 : * (SuperuserReservedConnections + ReservedConnections), only superusers and
220 : * roles with privileges of pg_use_reserved_connections can make new
221 : * connections. Note that pre-existing superuser and
222 : * pg_use_reserved_connections connections don't count against the limits.
223 : */
224 : int SuperuserReservedConnections;
225 : int ReservedConnections;
226 :
227 : /* The socket(s) we're listening to. */
228 : #define MAXLISTEN 64
229 : static pgsocket ListenSocket[MAXLISTEN];
230 :
231 : /* still more option variables */
232 : bool EnableSSL = false;
233 :
234 : int PreAuthDelay = 0;
235 : int AuthenticationTimeout = 60;
236 :
237 : bool log_hostname; /* for ps display and logging */
238 : bool Log_connections = false;
239 : bool Db_user_namespace = false;
240 :
241 : bool enable_bonjour = false;
242 : char *bonjour_name;
243 : bool restart_after_crash = true;
244 : bool remove_temp_files_after_crash = true;
245 : bool send_abort_for_crash = false;
246 : bool send_abort_for_kill = false;
247 :
248 : /* PIDs of special child processes; 0 when not running */
249 : static pid_t StartupPID = 0,
250 : BgWriterPID = 0,
251 : CheckpointerPID = 0,
252 : WalWriterPID = 0,
253 : WalReceiverPID = 0,
254 : AutoVacPID = 0,
255 : PgArchPID = 0,
256 : SysLoggerPID = 0;
257 :
258 : /* Startup process's status */
259 : typedef enum
260 : {
261 : STARTUP_NOT_RUNNING,
262 : STARTUP_RUNNING,
263 : STARTUP_SIGNALED, /* we sent it a SIGQUIT or SIGKILL */
264 : STARTUP_CRASHED
265 : } StartupStatusEnum;
266 :
267 : static StartupStatusEnum StartupStatus = STARTUP_NOT_RUNNING;
268 :
269 : /* Startup/shutdown state */
270 : #define NoShutdown 0
271 : #define SmartShutdown 1
272 : #define FastShutdown 2
273 : #define ImmediateShutdown 3
274 :
275 : static int Shutdown = NoShutdown;
276 :
277 : static bool FatalError = false; /* T if recovering from backend crash */
278 :
279 : /*
280 : * We use a simple state machine to control startup, shutdown, and
281 : * crash recovery (which is rather like shutdown followed by startup).
282 : *
283 : * After doing all the postmaster initialization work, we enter PM_STARTUP
284 : * state and the startup process is launched. The startup process begins by
285 : * reading the control file and other preliminary initialization steps.
286 : * In a normal startup, or after crash recovery, the startup process exits
287 : * with exit code 0 and we switch to PM_RUN state. However, archive recovery
288 : * is handled specially since it takes much longer and we would like to support
289 : * hot standby during archive recovery.
290 : *
291 : * When the startup process is ready to start archive recovery, it signals the
292 : * postmaster, and we switch to PM_RECOVERY state. The background writer and
293 : * checkpointer are launched, while the startup process continues applying WAL.
294 : * If Hot Standby is enabled, then, after reaching a consistent point in WAL
295 : * redo, startup process signals us again, and we switch to PM_HOT_STANDBY
296 : * state and begin accepting connections to perform read-only queries. When
297 : * archive recovery is finished, the startup process exits with exit code 0
298 : * and we switch to PM_RUN state.
299 : *
300 : * Normal child backends can only be launched when we are in PM_RUN or
301 : * PM_HOT_STANDBY state. (connsAllowed can also restrict launching.)
302 : * In other states we handle connection requests by launching "dead_end"
303 : * child processes, which will simply send the client an error message and
304 : * quit. (We track these in the BackendList so that we can know when they
305 : * are all gone; this is important because they're still connected to shared
306 : * memory, and would interfere with an attempt to destroy the shmem segment,
307 : * possibly leading to SHMALL failure when we try to make a new one.)
308 : * In PM_WAIT_DEAD_END state we are waiting for all the dead_end children
309 : * to drain out of the system, and therefore stop accepting connection
310 : * requests at all until the last existing child has quit (which hopefully
311 : * will not be very long).
312 : *
313 : * Notice that this state variable does not distinguish *why* we entered
314 : * states later than PM_RUN --- Shutdown and FatalError must be consulted
315 : * to find that out. FatalError is never true in PM_RECOVERY, PM_HOT_STANDBY,
316 : * or PM_RUN states, nor in PM_SHUTDOWN states (because we don't enter those
317 : * states when trying to recover from a crash). It can be true in PM_STARTUP
318 : * state, because we don't clear it until we've successfully started WAL redo.
319 : */
320 : typedef enum
321 : {
322 : PM_INIT, /* postmaster starting */
323 : PM_STARTUP, /* waiting for startup subprocess */
324 : PM_RECOVERY, /* in archive recovery mode */
325 : PM_HOT_STANDBY, /* in hot standby mode */
326 : PM_RUN, /* normal "database is alive" state */
327 : PM_STOP_BACKENDS, /* need to stop remaining backends */
328 : PM_WAIT_BACKENDS, /* waiting for live backends to exit */
329 : PM_SHUTDOWN, /* waiting for checkpointer to do shutdown
330 : * ckpt */
331 : PM_SHUTDOWN_2, /* waiting for archiver and walsenders to
332 : * finish */
333 : PM_WAIT_DEAD_END, /* waiting for dead_end children to exit */
334 : PM_NO_CHILDREN /* all important children have exited */
335 : } PMState;
336 :
337 : static PMState pmState = PM_INIT;
338 :
339 : /*
340 : * While performing a "smart shutdown", we restrict new connections but stay
341 : * in PM_RUN or PM_HOT_STANDBY state until all the client backends are gone.
342 : * connsAllowed is a sub-state indicator showing the active restriction.
343 : * It is of no interest unless pmState is PM_RUN or PM_HOT_STANDBY.
344 : */
345 : static bool connsAllowed = true;
346 :
347 : /* Start time of SIGKILL timeout during immediate shutdown or child crash */
348 : /* Zero means timeout is not running */
349 : static time_t AbortStartTime = 0;
350 :
351 : /* Length of said timeout */
352 : #define SIGKILL_CHILDREN_AFTER_SECS 5
353 :
354 : static bool ReachedNormalRunning = false; /* T if we've reached PM_RUN */
355 :
356 : bool ClientAuthInProgress = false; /* T during new-client
357 : * authentication */
358 :
359 : bool redirection_done = false; /* stderr redirected for syslogger? */
360 :
361 : /* received START_AUTOVAC_LAUNCHER signal */
362 : static bool start_autovac_launcher = false;
363 :
364 : /* the launcher needs to be signaled to communicate some condition */
365 : static bool avlauncher_needs_signal = false;
366 :
367 : /* received START_WALRECEIVER signal */
368 : static bool WalReceiverRequested = false;
369 :
370 : /* set when there's a worker that needs to be started up */
371 : static bool StartWorkerNeeded = true;
372 : static bool HaveCrashedWorker = false;
373 :
374 : /* set when signals arrive */
375 : static volatile sig_atomic_t pending_pm_pmsignal;
376 : static volatile sig_atomic_t pending_pm_child_exit;
377 : static volatile sig_atomic_t pending_pm_reload_request;
378 : static volatile sig_atomic_t pending_pm_shutdown_request;
379 : static volatile sig_atomic_t pending_pm_fast_shutdown_request;
380 : static volatile sig_atomic_t pending_pm_immediate_shutdown_request;
381 :
382 : /* event multiplexing object */
383 : static WaitEventSet *pm_wait_set;
384 :
385 : #ifdef USE_SSL
386 : /* Set when and if SSL has been initialized properly */
387 : static bool LoadedSSL = false;
388 : #endif
389 :
390 : #ifdef USE_BONJOUR
391 : static DNSServiceRef bonjour_sdref = NULL;
392 : #endif
393 :
394 : /*
395 : * postmaster.c - function prototypes
396 : */
397 : static void CloseServerPorts(int status, Datum arg);
398 : static void unlink_external_pid_file(int status, Datum arg);
399 : static void getInstallationPaths(const char *argv0);
400 : static void checkControlFile(void);
401 : static Port *ConnCreate(int serverFd);
402 : static void ConnFree(Port *port);
403 : static void handle_pm_pmsignal_signal(SIGNAL_ARGS);
404 : static void handle_pm_child_exit_signal(SIGNAL_ARGS);
405 : static void handle_pm_reload_request_signal(SIGNAL_ARGS);
406 : static void handle_pm_shutdown_request_signal(SIGNAL_ARGS);
407 : static void process_pm_pmsignal(void);
408 : static void process_pm_child_exit(void);
409 : static void process_pm_reload_request(void);
410 : static void process_pm_shutdown_request(void);
411 : static void process_startup_packet_die(SIGNAL_ARGS);
412 : static void dummy_handler(SIGNAL_ARGS);
413 : static void StartupPacketTimeoutHandler(void);
414 : static void CleanupBackend(int pid, int exitstatus);
415 : static bool CleanupBackgroundWorker(int pid, int exitstatus);
416 : static void HandleChildCrash(int pid, int exitstatus, const char *procname);
417 : static void LogChildExit(int lev, const char *procname,
418 : int pid, int exitstatus);
419 : static void PostmasterStateMachine(void);
420 : static void BackendInitialize(Port *port);
421 : static void BackendRun(Port *port) pg_attribute_noreturn();
422 : static void ExitPostmaster(int status) pg_attribute_noreturn();
423 : static int ServerLoop(void);
424 : static int BackendStartup(Port *port);
425 : static int ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done);
426 : static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options);
427 : static void processCancelRequest(Port *port, void *pkt);
428 : static void report_fork_failure_to_client(Port *port, int errnum);
429 : static CAC_state canAcceptConnections(int backend_type);
430 : static bool RandomCancelKey(int32 *cancel_key);
431 : static void signal_child(pid_t pid, int signal);
432 : static void sigquit_child(pid_t pid);
433 : static bool SignalSomeChildren(int signal, int target);
434 : static void TerminateChildren(int signal);
435 :
436 : #define SignalChildren(sig) SignalSomeChildren(sig, BACKEND_TYPE_ALL)
437 :
438 : static int CountChildren(int target);
439 : static bool assign_backendlist_entry(RegisteredBgWorker *rw);
440 : static void maybe_start_bgworkers(void);
441 : static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
442 : static pid_t StartChildProcess(AuxProcType type);
443 : static void StartAutovacuumWorker(void);
444 : static void MaybeStartWalReceiver(void);
445 : static void InitPostmasterDeathWatchHandle(void);
446 :
447 : /*
448 : * Archiver is allowed to start up at the current postmaster state?
449 : *
450 : * If WAL archiving is enabled always, we are allowed to start archiver
451 : * even during recovery.
452 : */
453 : #define PgArchStartupAllowed() \
454 : (((XLogArchivingActive() && pmState == PM_RUN) || \
455 : (XLogArchivingAlways() && \
456 : (pmState == PM_RECOVERY || pmState == PM_HOT_STANDBY))) && \
457 : PgArchCanRestart())
458 :
459 : #ifdef EXEC_BACKEND
460 :
461 : #ifdef WIN32
462 : #define WNOHANG 0 /* ignored, so any integer value will do */
463 :
464 : static pid_t waitpid(pid_t pid, int *exitstatus, int options);
465 : static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
466 :
467 : static HANDLE win32ChildQueue;
468 :
469 : typedef struct
470 : {
471 : HANDLE waitHandle;
472 : HANDLE procHandle;
473 : DWORD procId;
474 : } win32_deadchild_waitinfo;
475 : #endif /* WIN32 */
476 :
477 : static pid_t backend_forkexec(Port *port);
478 : static pid_t internal_forkexec(int argc, char *argv[], Port *port);
479 :
480 : /* Type for a socket that can be inherited to a client process */
481 : #ifdef WIN32
482 : typedef struct
483 : {
484 : SOCKET origsocket; /* Original socket value, or PGINVALID_SOCKET
485 : * if not a socket */
486 : WSAPROTOCOL_INFO wsainfo;
487 : } InheritableSocket;
488 : #else
489 : typedef int InheritableSocket;
490 : #endif
491 :
492 : /*
493 : * Structure contains all variables passed to exec:ed backends
494 : */
495 : typedef struct
496 : {
497 : Port port;
498 : InheritableSocket portsocket;
499 : char DataDir[MAXPGPATH];
500 : pgsocket ListenSocket[MAXLISTEN];
501 : int32 MyCancelKey;
502 : int MyPMChildSlot;
503 : #ifndef WIN32
504 : unsigned long UsedShmemSegID;
505 : #else
506 : void *ShmemProtectiveRegion;
507 : HANDLE UsedShmemSegID;
508 : #endif
509 : void *UsedShmemSegAddr;
510 : slock_t *ShmemLock;
511 : VariableCache ShmemVariableCache;
512 : Backend *ShmemBackendArray;
513 : #ifndef HAVE_SPINLOCKS
514 : PGSemaphore *SpinlockSemaArray;
515 : #endif
516 : int NamedLWLockTrancheRequests;
517 : NamedLWLockTranche *NamedLWLockTrancheArray;
518 : LWLockPadded *MainLWLockArray;
519 : slock_t *ProcStructLock;
520 : PROC_HDR *ProcGlobal;
521 : PGPROC *AuxiliaryProcs;
522 : PGPROC *PreparedXactProcs;
523 : PMSignalData *PMSignalState;
524 : pid_t PostmasterPid;
525 : TimestampTz PgStartTime;
526 : TimestampTz PgReloadTime;
527 : pg_time_t first_syslogger_file_time;
528 : bool redirection_done;
529 : bool IsBinaryUpgrade;
530 : bool query_id_enabled;
531 : int max_safe_fds;
532 : int MaxBackends;
533 : #ifdef WIN32
534 : HANDLE PostmasterHandle;
535 : HANDLE initial_signal_pipe;
536 : HANDLE syslogPipe[2];
537 : #else
538 : int postmaster_alive_fds[2];
539 : int syslogPipe[2];
540 : #endif
541 : char my_exec_path[MAXPGPATH];
542 : char pkglib_path[MAXPGPATH];
543 : } BackendParameters;
544 :
545 : static void read_backend_variables(char *id, Port *port);
546 : static void restore_backend_variables(BackendParameters *param, Port *port);
547 :
548 : #ifndef WIN32
549 : static bool save_backend_variables(BackendParameters *param, Port *port);
550 : #else
551 : static bool save_backend_variables(BackendParameters *param, Port *port,
552 : HANDLE childProcess, pid_t childPid);
553 : #endif
554 :
555 : static void ShmemBackendArrayAdd(Backend *bn);
556 : static void ShmemBackendArrayRemove(Backend *bn);
557 : #endif /* EXEC_BACKEND */
558 :
559 : #define StartupDataBase() StartChildProcess(StartupProcess)
560 : #define StartArchiver() StartChildProcess(ArchiverProcess)
561 : #define StartBackgroundWriter() StartChildProcess(BgWriterProcess)
562 : #define StartCheckpointer() StartChildProcess(CheckpointerProcess)
563 : #define StartWalWriter() StartChildProcess(WalWriterProcess)
564 : #define StartWalReceiver() StartChildProcess(WalReceiverProcess)
565 :
566 : /* Macros to check exit status of a child process */
567 : #define EXIT_STATUS_0(st) ((st) == 0)
568 : #define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
569 : #define EXIT_STATUS_3(st) (WIFEXITED(st) && WEXITSTATUS(st) == 3)
570 :
571 : #ifndef WIN32
572 : /*
573 : * File descriptors for pipe used to monitor if postmaster is alive.
574 : * First is POSTMASTER_FD_WATCH, second is POSTMASTER_FD_OWN.
575 : */
576 : int postmaster_alive_fds[2] = {-1, -1};
577 : #else
578 : /* Process handle of postmaster used for the same purpose on Windows */
579 : HANDLE PostmasterHandle;
580 : #endif
581 :
582 : /*
583 : * Postmaster main entry point
584 : */
585 : void
9770 scrappy 586 GIC 601 : PostmasterMain(int argc, char *argv[])
587 : {
588 : int opt;
589 : int status;
6757 tgl 590 601 : char *userDoption = NULL;
4469 591 601 : bool listen_addr_saved = false;
592 : int i;
3347 peter_e 593 601 : char *output_config_variable = NULL;
594 :
1633 tmunro 595 601 : InitProcessGlobals();
596 :
597 601 : PostmasterPid = MyProcPid;
5729 andrew 598 ECB :
7256 tgl 599 GIC 601 : IsPostmasterEnvironment = true;
600 :
601 : /*
612 andres 602 ECB : * Start our win32 signal implementation
603 : */
604 : #ifdef WIN32
605 : pgwin32_signal_initialize();
606 : #endif
607 :
608 : /*
1828 sfrost 609 : * We should not be creating any files or directories before we check the
610 : * data directory (see checkDataDir()), but just in case set the umask to
611 : * the most restrictive (owner-only) permissions.
612 : *
613 : * checkDataDir() will reset the umask based on the data directory
614 : * permissions.
615 : */
1828 sfrost 616 GIC 601 : umask(PG_MODE_MASK_OWNER);
617 :
618 : /*
619 : * By default, palloc() requests in the postmaster will be allocated in
620 : * the PostmasterContext, which is space that can be recycled by backends.
621 : * Allocated data that needs to be available to backends should be
622 : * allocated in TopMemoryContext.
623 : */
8320 tgl 624 601 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
625 : "Postmaster",
626 : ALLOCSET_DEFAULT_SIZES);
627 601 : MemoryContextSwitchTo(PostmasterContext);
8320 tgl 628 ECB :
629 : /* Initialize paths to installation files */
5090 tgl 630 GIC 601 : getInstallationPaths(argv[0]);
631 :
632 : /*
633 : * Set up signal handlers for the postmaster process.
634 : *
635 : * CAUTION: when changing this list, check for side-effects on the signal
3291 tgl 636 ECB : * handling setup of child processes. See tcop/postgres.c,
637 : * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
368 andres 638 : * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/syslogger.c,
639 : * postmaster/bgworker.c and postmaster/checkpointer.c.
3291 tgl 640 : */
3291 tgl 641 CBC 601 : pqinitmask();
65 tmunro 642 GNC 601 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
3291 tgl 643 ECB :
87 tmunro 644 GNC 601 : pqsignal(SIGHUP, handle_pm_reload_request_signal);
645 601 : pqsignal(SIGINT, handle_pm_shutdown_request_signal);
646 601 : pqsignal(SIGQUIT, handle_pm_shutdown_request_signal);
647 601 : pqsignal(SIGTERM, handle_pm_shutdown_request_signal);
648 601 : pqsignal(SIGALRM, SIG_IGN); /* ignored */
649 601 : pqsignal(SIGPIPE, SIG_IGN); /* ignored */
650 601 : pqsignal(SIGUSR1, handle_pm_pmsignal_signal);
651 601 : pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
652 601 : pqsignal(SIGCHLD, handle_pm_child_exit_signal);
653 :
654 : /* This may configure SIGURG, depending on platform. */
655 601 : InitializeLatchSupport();
656 601 : InitProcessLocalLatch();
657 :
658 : /*
1604 tgl 659 ECB : * No other place in Postgres should touch SIGTTIN/SIGTTOU handling. We
660 : * ignore those signals in a postmaster environment, so that there is no
661 : * risk of a child process freezing up due to writing to stderr. But for
662 : * a standalone backend, their default handling is reasonable. Hence, all
663 : * child processes should just allow the inherited settings to stand.
664 : */
665 : #ifdef SIGTTIN
87 tmunro 666 GNC 601 : pqsignal(SIGTTIN, SIG_IGN); /* ignored */
667 : #endif
1604 tgl 668 ECB : #ifdef SIGTTOU
87 tmunro 669 GNC 601 : pqsignal(SIGTTOU, SIG_IGN); /* ignored */
1604 tgl 670 ECB : #endif
671 :
672 : /* ignore SIGXFSZ, so that ulimit violations work like disk full */
673 : #ifdef SIGXFSZ
87 tmunro 674 GNC 601 : pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
675 : #endif
676 :
677 : /* Begin accepting signals. */
65 678 601 : sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
679 :
8320 tgl 680 ECB : /*
681 : * Options setup
682 : */
7632 tgl 683 GIC 601 : InitializeGUCOptions();
9345 bruce 684 EUB :
8348 peter_e 685 GBC 601 : opterr = 1;
7842 tgl 686 EUB :
687 : /*
3260 bruce 688 ECB : * Parse command-line options. CAUTION: keep this in sync with
689 : * tcop/postgres.c (the option sets should not conflict) and with the
5624 690 : * common help() function in main/main.c.
5939 tgl 691 : */
118 peter 692 GNC 1998 : while ((opt = getopt(argc, argv, "B:bC:c:D:d:EeFf:h:ijk:lN:OPp:r:S:sTt:W:-:")) != -1)
9345 bruce 693 ECB : {
9345 bruce 694 CBC 1397 : switch (opt)
9345 bruce 695 ECB : {
9344 bruce 696 UIC 0 : case 'B':
7715 peter_e 697 LBC 0 : SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
9344 bruce 698 UIC 0 : break;
699 :
4367 bruce 700 GIC 6 : case 'b':
701 : /* Undocumented flag used for binary upgrades */
702 6 : IsBinaryUpgrade = true;
4367 bruce 703 CBC 6 : break;
4367 bruce 704 ECB :
4203 bruce 705 GIC 2 : case 'C':
3831 bruce 706 GBC 2 : output_config_variable = strdup(optarg);
4203 707 2 : break;
708 :
118 peter 709 GNC 618 : case 'c':
710 : case '-':
711 : {
712 : char *name,
713 : *value;
714 :
715 618 : ParseLongOption(optarg, &name, &value);
716 618 : if (!value)
717 : {
118 peter 718 UNC 0 : if (opt == '-')
719 0 : ereport(ERROR,
720 : (errcode(ERRCODE_SYNTAX_ERROR),
721 : errmsg("--%s requires a value",
722 : optarg)));
723 : else
724 0 : ereport(ERROR,
725 : (errcode(ERRCODE_SYNTAX_ERROR),
726 : errmsg("-c %s requires a value",
727 : optarg)));
728 : }
729 :
118 peter 730 GNC 618 : SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
731 618 : pfree(name);
732 618 : pfree(value);
733 618 : break;
734 : }
735 :
9344 bruce 736 GIC 601 : case 'D':
3831 737 601 : userDoption = strdup(optarg);
9344 738 601 : break;
6303 peter_e 739 EUB :
9344 bruce 740 UIC 0 : case 'd':
6720 tgl 741 0 : set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
742 0 : break;
743 :
6303 peter_e 744 0 : case 'E':
6303 peter_e 745 LBC 0 : SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
746 0 : break;
6303 peter_e 747 ECB :
6303 peter_e 748 LBC 0 : case 'e':
6303 peter_e 749 UIC 0 : SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
750 0 : break;
6303 peter_e 751 ECB :
8346 bruce 752 CBC 82 : case 'F':
7715 peter_e 753 82 : SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
8346 bruce 754 GIC 82 : break;
6303 peter_e 755 EUB :
6303 peter_e 756 UBC 0 : case 'f':
757 0 : if (!set_plan_disabling_options(optarg, PGC_POSTMASTER, PGC_S_ARGV))
758 : {
759 0 : write_stderr("%s: invalid argument for option -f: \"%s\"\n",
6303 peter_e 760 EUB : progname, optarg);
6303 peter_e 761 UBC 0 : ExitPostmaster(1);
762 : }
763 0 : break;
6303 peter_e 764 EUB :
8182 bruce 765 UBC 0 : case 'h':
6956 tgl 766 UIC 0 : SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
8182 bruce 767 LBC 0 : break;
6303 peter_e 768 ECB :
9281 bruce 769 LBC 0 : case 'i':
6956 tgl 770 UIC 0 : SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
8584 bruce 771 UBC 0 : break;
6303 peter_e 772 EUB :
6303 peter_e 773 UIC 0 : case 'j':
6303 peter_e 774 EUB : /* only used by interactive backend */
6303 peter_e 775 UIC 0 : break;
6303 peter_e 776 EUB :
8182 bruce 777 GIC 82 : case 'k':
3894 tgl 778 GBC 82 : SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV);
8182 bruce 779 GIC 82 : break;
6303 peter_e 780 EUB :
8584 bruce 781 UBC 0 : case 'l':
7715 peter_e 782 0 : SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
9284 bruce 783 UIC 0 : break;
9345 bruce 784 EUB :
8815 tgl 785 UBC 0 : case 'N':
7715 peter_e 786 0 : SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
8815 tgl 787 UIC 0 : break;
6303 peter_e 788 EUB :
6303 peter_e 789 LBC 0 : case 'O':
6303 peter_e 790 UIC 0 : SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
6303 peter_e 791 UBC 0 : break;
6303 peter_e 792 EUB :
6303 peter_e 793 UBC 0 : case 'P':
6303 peter_e 794 UIC 0 : SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
6303 peter_e 795 UBC 0 : break;
6303 peter_e 796 EUB :
9344 bruce 797 GBC 6 : case 'p':
7715 peter_e 798 GIC 6 : SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
9344 bruce 799 GBC 6 : break;
9345 bruce 800 EUB :
6303 peter_e 801 UBC 0 : case 'r':
802 : /* only used by single-user backend */
803 0 : break;
6303 peter_e 804 EUB :
6303 peter_e 805 UBC 0 : case 'S':
6303 peter_e 806 UIC 0 : SetConfigOption("work_mem", optarg, PGC_POSTMASTER, PGC_S_ARGV);
9344 bruce 807 LBC 0 : break;
6303 peter_e 808 ECB :
9344 bruce 809 LBC 0 : case 's':
5939 tgl 810 UIC 0 : SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
6303 peter_e 811 UBC 0 : break;
812 :
813 0 : case 'T':
814 :
9344 bruce 815 EUB : /*
816 : * This option used to be defined as sending SIGSTOP after a
817 : * backend crash, but sending SIGABRT seems more useful.
818 : */
139 tgl 819 UNC 0 : SetConfigOption("send_abort_for_crash", "true", PGC_POSTMASTER, PGC_S_ARGV);
9344 bruce 820 UBC 0 : break;
821 :
6303 peter_e 822 0 : case 't':
823 : {
6031 bruce 824 UIC 0 : const char *tmp = get_stats_option_name(optarg);
825 :
826 0 : if (tmp)
827 : {
6031 bruce 828 UBC 0 : SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
6031 bruce 829 EUB : }
830 : else
831 : {
6031 bruce 832 UIC 0 : write_stderr("%s: invalid argument for option -t: \"%s\"\n",
6031 bruce 833 EUB : progname, optarg);
6031 bruce 834 UIC 0 : ExitPostmaster(1);
6031 bruce 835 EUB : }
6031 bruce 836 UIC 0 : break;
6303 peter_e 837 EUB : }
838 :
6303 peter_e 839 UIC 0 : case 'W':
840 0 : SetConfigOption("post_auth_delay", optarg, PGC_POSTMASTER, PGC_S_ARGV);
6303 peter_e 841 UBC 0 : break;
842 :
9344 bruce 843 UIC 0 : default:
6836 844 0 : write_stderr("Try \"%s --help\" for more information.\n",
845 : progname);
8166 tgl 846 0 : ExitPostmaster(1);
9345 bruce 847 ECB : }
9345 bruce 848 EUB : }
849 :
7715 peter_e 850 ECB : /*
851 : * Postmaster accepts no non-option switch arguments.
852 : */
7715 peter_e 853 GIC 601 : if (optind < argc)
854 : {
6836 bruce 855 UIC 0 : write_stderr("%s: invalid argument: \"%s\"\n",
856 0 : progname, argv[optind]);
857 0 : write_stderr("Try \"%s --help\" for more information.\n",
858 : progname);
7715 peter_e 859 0 : ExitPostmaster(1);
860 : }
861 :
862 : /*
6385 bruce 863 ECB : * Locate the proper configuration files and data directory, and read
864 : * postgresql.conf for the first time.
6757 tgl 865 : */
6757 tgl 866 GIC 601 : if (!SelectConfigFiles(userDoption, progname))
6757 tgl 867 UIC 0 : ExitPostmaster(2);
868 :
4203 bruce 869 GIC 600 : if (output_config_variable != NULL)
870 : {
871 : /*
570 michael 872 ECB : * If this is a runtime-computed GUC, it hasn't yet been initialized,
873 : * and the present value is not useful. However, this is a convenient
874 : * place to print the value for most GUCs because it is safe to run
875 : * postmaster startup to this point even if the server is already
876 : * running. For the handful of runtime-computed GUCs that we cannot
877 : * provide meaningful values for yet, we wait until later in
878 : * postmaster startup to print the value. We won't be able to use -C
879 : * on running servers for those GUCs, but using this option now would
880 : * lead to incorrect results for them.
881 : */
570 michael 882 GIC 2 : int flags = GetConfigOptionFlags(output_config_variable, true);
883 :
884 2 : if ((flags & GUC_RUNTIME_COMPUTED) == 0)
885 : {
570 michael 886 ECB : /*
887 : * "-C guc" was specified, so print GUC's value and exit. No
888 : * extra permission check is needed because the user is reading
889 : * inside the data dir.
890 : */
570 michael 891 CBC 1 : const char *config_val = GetConfigOption(output_config_variable,
892 : false, false);
893 :
894 1 : puts(config_val ? config_val : "");
570 michael 895 GIC 1 : ExitPostmaster(0);
896 : }
333 michael 897 ECB :
898 : /*
899 : * A runtime-computed GUC will be printed later on. As we initialize
900 : * a server startup sequence, silence any log messages that may show
901 : * up in the output generated. FATAL and more severe messages are
902 : * useful to show, even if one would only expect at least PANIC. LOG
903 : * entries are hidden.
333 michael 904 EUB : */
305 tgl 905 GIC 1 : SetConfigOption("log_min_messages", "FATAL", PGC_SUSET,
906 : PGC_S_OVERRIDE);
907 : }
3955 bruce 908 EUB :
909 : /* Verify that DataDir looks reasonable */
6757 tgl 910 CBC 599 : checkDataDir();
6897 tgl 911 EUB :
912 : /* Check that pg_control exists */
1828 sfrost 913 CBC 599 : checkControlFile();
1828 sfrost 914 EUB :
915 : /* And switch working directory into it */
6488 tgl 916 GIC 599 : ChangeToDataDir();
917 :
918 : /*
919 : * Check for invalid combinations of GUC settings.
920 : */
79 rhaas 921 GNC 599 : if (SuperuserReservedConnections + ReservedConnections >= MaxConnections)
922 : {
79 rhaas 923 UNC 0 : write_stderr("%s: superuser_reserved_connections (%d) plus reserved_connections (%d) must be less than max_connections (%d)\n",
1858 tgl 924 EUB : progname,
925 : SuperuserReservedConnections, ReservedConnections,
926 : MaxConnections);
3894 magnus 927 UIC 0 : ExitPostmaster(1);
928 : }
2886 heikki.linnakangas 929 GIC 599 : if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)
4729 heikki.linnakangas 930 UIC 0 : ereport(ERROR,
931 : (errmsg("WAL archival cannot be enabled when wal_level is \"minimal\"")));
4729 heikki.linnakangas 932 CBC 599 : if (max_wal_senders > 0 && wal_level == WAL_LEVEL_MINIMAL)
4729 heikki.linnakangas 933 UIC 0 : ereport(ERROR,
934 : (errmsg("WAL streaming (max_wal_senders > 0) requires wal_level \"replica\" or \"logical\"")));
935 :
936 : /*
937 : * Other one-time internal sanity checks can go here, if they are fast.
938 : * (Put any slow processing further down, after postmaster.pid creation.)
939 : */
7388 tgl 940 GIC 599 : if (!CheckDateTokenTables())
941 : {
6836 bruce 942 LBC 0 : write_stderr("%s: invalid datetoken tables, please fix\n", progname);
7388 tgl 943 UIC 0 : ExitPostmaster(1);
944 : }
7388 tgl 945 ECB :
946 : /*
7836 bruce 947 : * Now that we are done processing the postmaster arguments, reset
948 : * getopt(3) library so that it will work correctly in subprocesses.
949 : */
7842 tgl 950 CBC 599 : optind = 1;
951 : #ifdef HAVE_INT_OPTRESET
952 : optreset = 1; /* some systems need this too */
953 : #endif
954 :
955 : /* For debugging: display postmaster environment */
956 : {
957 : extern char **environ;
958 : char **p;
959 :
7180 tgl 960 GIC 599 : ereport(DEBUG3,
961 : (errmsg_internal("%s: PostmasterMain: initial environment dump:",
962 : progname)));
963 599 : ereport(DEBUG3,
964 : (errmsg_internal("-----------------------------------------")));
8183 965 58352 : for (p = environ; *p; ++p)
7180 966 57753 : ereport(DEBUG3,
967 : (errmsg_internal("\t%s", *p)));
7180 tgl 968 CBC 599 : ereport(DEBUG3,
969 : (errmsg_internal("-----------------------------------------")));
970 : }
971 :
972 : /*
973 : * Create lockfile for data directory.
974 : *
975 : * We want to do this before we try to grab the input sockets, because the
976 : * data directory interlock is more reliable than the socket-file
977 : * interlock (thanks to whoever decided to put socket files in /tmp :-().
978 : * For the same reason, it's best to grab the TCP socket(s) before the
3894 tgl 979 ECB : * Unix socket(s).
980 : *
981 : * Also note that this internally sets up the on_proc_exit function that
982 : * is responsible for removing both data directory and socket lockfiles;
983 : * so it must happen before opening sockets so that at exit, the socket
984 : * lockfiles go away after CloseServerPorts runs.
8166 985 : */
6488 tgl 986 GIC 599 : CreateDataDirLockFile(true);
987 :
988 : /*
989 : * Read the control file (for error checking and config info).
1802 tgl 990 ECB : *
991 : * Since we verify the control file's CRC, this has a useful side effect
992 : * on machines where we need a run-time test for CRC support instructions.
993 : * The postmaster will do the test once at startup, and then its child
994 : * processes will inherit the correct function pointer and not need to
995 : * repeat the test.
996 : */
2030 andres 997 GIC 598 : LocalProcessControlFile(false);
2034 andres 998 ECB :
2271 peter_e 999 : /*
1000 : * Register the apply launcher. It's probably a good idea to call this
1001 : * before any modules had a chance to take the background worker slots.
1002 : */
2271 peter_e 1003 GIC 598 : ApplyLauncherRegister();
1004 :
1005 : /*
1006 : * process any libraries that should be preloaded at postmaster start
6380 tgl 1007 ECB : */
6081 tgl 1008 GIC 598 : process_shared_preload_libraries();
1009 :
1010 : /*
1011 : * Initialize SSL library, if specified.
1110 andrew 1012 ECB : */
1013 : #ifdef USE_SSL
1110 andrew 1014 GIC 598 : if (EnableSSL)
1015 : {
1016 26 : (void) secure_initialize(true);
1017 23 : LoadedSSL = true;
1018 : }
1110 andrew 1019 ECB : #endif
1020 :
1021 : /*
1022 : * Now that loadable modules have had their chance to alter any GUCs,
1023 : * calculate MaxBackends.
1024 : */
3749 alvherre 1025 CBC 595 : InitializeMaxBackends();
1026 :
1027 : /*
1028 : * Give preloaded libraries a chance to request additional shared memory.
1029 : */
331 rhaas 1030 GIC 595 : process_shmem_requests();
1031 :
1032 : /*
1033 : * Now that loadable modules have had their chance to request additional
1034 : * shared memory, determine the value of any runtime-computed GUCs that
1035 : * depend on the amount of shared memory required.
1036 : */
578 michael 1037 595 : InitializeShmemGUCs();
578 michael 1038 ECB :
1039 : /*
368 jdavis 1040 : * Now that modules have been loaded, we can process any custom resource
1041 : * managers specified in the wal_consistency_checking GUC.
1042 : */
368 jdavis 1043 CBC 595 : InitializeWalConsistencyChecking();
368 jdavis 1044 ECB :
1045 : /*
1046 : * If -C was specified with a runtime-computed GUC, we held off printing
1047 : * the value earlier, as the GUC was not yet initialized. We handle -C
1048 : * for most GUCs before we lock the data directory so that the option may
1049 : * be used on a running server. However, a handful of GUCs are runtime-
1050 : * computed and do not have meaningful values until after locking the data
1051 : * directory, and we cannot safely calculate their values earlier on a
1052 : * running server. At this point, such GUCs should be properly
1053 : * initialized, and we haven't yet set up shared memory, so this is a good
570 michael 1054 : * time to handle the -C option for these special GUCs.
1055 : */
570 michael 1056 GIC 595 : if (output_config_variable != NULL)
1057 : {
1058 1 : const char *config_val = GetConfigOption(output_config_variable,
1059 : false, false);
570 michael 1060 ECB :
570 michael 1061 GIC 1 : puts(config_val ? config_val : "");
1062 1 : ExitPostmaster(0);
1063 : }
1064 :
1306 tgl 1065 ECB : /*
1066 : * Set up shared memory and semaphores.
1067 : *
1068 : * Note: if using SysV shmem and/or semas, each postmaster startup will
1069 : * normally choose the same IPC keys. This helps ensure that we will
1070 : * clean up dead IPC objects if the postmaster crashes and is restarted.
1071 : */
267 tgl 1072 GNC 594 : CreateSharedMemoryAndSemaphores();
1073 :
1074 : /*
1306 tgl 1075 ECB : * Estimate number of openable files. This must happen after setting up
1076 : * semaphores, because on some platforms semaphores count as open files.
1077 : */
1306 tgl 1078 GIC 593 : set_max_safe_fds();
1079 :
1080 : /*
1081 : * Set reference point for stack-depth checking.
1082 : */
416 1083 593 : (void) set_stack_base();
1084 :
1085 : /*
1086 : * Initialize pipe (or process handle on Windows) that allows children to
1087 : * wake up from sleep on postmaster death.
1088 : */
1306 1089 593 : InitPostmasterDeathWatchHandle();
1090 :
1091 : #ifdef WIN32
1092 :
1093 : /*
1094 : * Initialize I/O completion port used to deliver list of dead children.
1095 : */
1096 : win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
1097 : if (win32ChildQueue == NULL)
1098 : ereport(FATAL,
1099 : (errmsg("could not create I/O completion port for child queue")));
1100 : #endif
1101 :
1102 : #ifdef EXEC_BACKEND
1103 : /* Write out nondefault GUC settings for child processes to use */
1104 : write_nondefault_variables(PGC_POSTMASTER);
1105 :
1106 : /*
1107 : * Clean out the temp directory used to transmit parameters to child
1108 : * processes (see internal_forkexec, below). We must do this before
1109 : * launching any child processes, else we have a race condition: we could
1110 : * remove a parameter file before the child can read it. It should be
1111 : * safe to do so now, because we verified earlier that there are no
1112 : * conflicting Postgres processes in this data directory.
1113 : */
1114 : RemovePgTempFilesInDir(PG_TEMP_FILES_DIR, true, false);
1115 : #endif
1116 :
1117 : /*
1118 : * Forcibly remove the files signaling a standby promotion request.
1119 : * Otherwise, the existence of those files triggers a promotion too early,
1306 tgl 1120 ECB : * whether a user wants that or not.
1121 : *
1122 : * This removal of files is usually unnecessary because they can exist
1123 : * only during a few moments during a standby promotion. However there is
1124 : * a race condition: if pg_ctl promote is executed and creates the files
1125 : * during a promotion, the files can stay around even after the server is
970 1126 : * brought up to be the primary. Then, if a new standby starts by using
970 tgl 1127 EUB : * the backup taken from the new primary, the files can exist at server
1128 : * startup and must be removed in order to avoid an unexpected promotion.
1129 : *
1130 : * Note that promotion signal files need to be removed before the startup
1131 : * process is invoked. Because, after that, they can be used by
1132 : * postmaster's SIGUSR1 signal handler.
1133 : */
1306 tgl 1134 GIC 593 : RemovePromoteSignalFiles();
1306 tgl 1135 ECB :
1136 : /* Do the same for logrotate signal file */
1306 tgl 1137 GIC 593 : RemoveLogrotateSignalFiles();
1138 :
1139 : /* Remove any outdated file holding the current log filenames. */
1140 593 : if (unlink(LOG_METAINFO_DATAFILE) < 0 && errno != ENOENT)
1306 tgl 1141 UIC 0 : ereport(LOG,
1142 : (errcode_for_file_access(),
1143 : errmsg("could not remove file \"%s\": %m",
1144 : LOG_METAINFO_DATAFILE)));
1145 :
1146 : /*
1147 : * If enabled, start up syslogger collection subprocess
1306 tgl 1148 ECB : */
1306 tgl 1149 GBC 593 : SysLoggerPID = SysLogger_Start();
1150 :
1151 : /*
1152 : * Reset whereToSendOutput from DestDebug (its starting state) to
1153 : * DestNone. This stops ereport from sending log messages to stderr unless
1306 tgl 1154 ECB : * Log_destination permits. We don't do this until the postmaster is
1155 : * fully launched, since startup failures may as well be reported to
1156 : * stderr.
1157 : *
1158 : * If we are in fact disabling logging to stderr, first emit a log message
1159 : * saying so, to provide a breadcrumb trail for users who may not remember
1160 : * that their logging is configured to go somewhere else.
1161 : */
1306 tgl 1162 GIC 593 : if (!(Log_destination & LOG_DESTINATION_STDERR))
1306 tgl 1163 UIC 0 : ereport(LOG,
1164 : (errmsg("ending log output to stderr"),
1165 : errhint("Future log output will go to log destination \"%s\".",
1166 : Log_destination_string)));
1167 :
1306 tgl 1168 GIC 593 : whereToSendOutput = DestNone;
1169 :
1306 tgl 1170 ECB : /*
1171 : * Report server startup in log. While we could emit this much earlier,
1172 : * it seems best to do so after starting the log collector, if we intend
1173 : * to use one.
1174 : */
1530 peter 1175 CBC 593 : ereport(LOG,
1176 : (errmsg("starting %s", PG_VERSION_STR)));
1177 :
1178 : /*
1179 : * Establish input sockets.
2807 tgl 1180 ECB : *
1181 : * First, mark them all closed, and set up an on_proc_exit function that's
1182 : * charged with closing the sockets again at postmaster shutdown.
8183 1183 : */
7241 bruce 1184 GIC 38545 : for (i = 0; i < MAXLISTEN; i++)
4837 magnus 1185 37952 : ListenSocket[i] = PGINVALID_SOCKET;
7200 tgl 1186 ECB :
2807 tgl 1187 GIC 593 : on_proc_exit(CloseServerPorts, 0);
1188 :
6956 tgl 1189 GBC 593 : if (ListenAddresses)
1190 : {
1191 : char *rawstring;
1192 : List *elemlist;
1193 : ListCell *l;
6492 peter_e 1194 GIC 593 : int success = 0;
6956 tgl 1195 ECB :
1196 : /* Need a modifiable copy of ListenAddresses */
6818 tgl 1197 CBC 593 : rawstring = pstrdup(ListenAddresses);
1198 :
3894 tgl 1199 ECB : /* Parse string into list of hostnames */
1243 tgl 1200 GBC 593 : if (!SplitGUCList(rawstring, ',', &elemlist))
8397 bruce 1201 EUB : {
1202 : /* syntax error in list */
6818 tgl 1203 UIC 0 : ereport(FATAL,
1204 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
3510 alvherre 1205 ECB : errmsg("invalid list syntax in parameter \"%s\"",
1206 : "listen_addresses")));
1207 : }
1208 :
6818 tgl 1209 GIC 627 : foreach(l, elemlist)
6818 tgl 1210 ECB : {
6797 bruce 1211 GIC 34 : char *curhost = (char *) lfirst(l);
6818 tgl 1212 ECB :
6891 bruce 1213 GIC 34 : if (strcmp(curhost, "*") == 0)
6956 tgl 1214 LBC 0 : status = StreamServerPort(AF_UNSPEC, NULL,
6956 tgl 1215 UIC 0 : (unsigned short) PostPortNumber,
3894 tgl 1216 ECB : NULL,
6956 1217 : ListenSocket, MAXLISTEN);
1218 : else
7200 tgl 1219 GIC 34 : status = StreamServerPort(AF_UNSPEC, curhost,
1220 34 : (unsigned short) PostPortNumber,
3894 tgl 1221 EUB : NULL,
1222 : ListenSocket, MAXLISTEN);
1223 :
6492 peter_e 1224 GIC 34 : if (status == STATUS_OK)
1225 : {
6492 peter_e 1226 CBC 34 : success++;
4469 tgl 1227 EUB : /* record the first successful host addr in lockfile */
4469 tgl 1228 GIC 34 : if (!listen_addr_saved)
1229 : {
4469 tgl 1230 CBC 34 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, curhost);
1231 34 : listen_addr_saved = true;
1232 : }
1233 : }
1234 : else
6956 tgl 1235 UIC 0 : ereport(WARNING,
1236 : (errmsg("could not create listen socket for \"%s\"",
1237 : curhost)));
1238 : }
1239 :
3894 tgl 1240 GIC 593 : if (!success && elemlist != NIL)
6492 peter_e 1241 UIC 0 : ereport(FATAL,
1242 : (errmsg("could not create any TCP/IP sockets")));
1243 :
6818 tgl 1244 GIC 593 : list_free(elemlist);
1245 593 : pfree(rawstring);
1246 : }
1247 :
1248 : #ifdef USE_BONJOUR
1249 : /* Register for Bonjour only if we opened TCP socket(s) */
1250 : if (enable_bonjour && ListenSocket[0] != PGINVALID_SOCKET)
1251 : {
1252 : DNSServiceErrorType err;
1253 :
1254 : /*
1255 : * We pass 0 for interface_index, which will result in registering on
1256 : * all "applicable" interfaces. It's not entirely clear from the
1257 : * DNS-SD docs whether this would be appropriate if we have bound to
1258 : * just a subset of the available network interfaces.
1259 : */
1260 : err = DNSServiceRegister(&bonjour_sdref,
1261 : 0,
1262 : 0,
1263 : bonjour_name,
1264 : "_postgresql._tcp.",
1265 : NULL,
1266 : NULL,
1267 : pg_hton16(PostPortNumber),
1268 : 0,
1269 : NULL,
1270 : NULL,
1271 : NULL);
1272 : if (err != kDNSServiceErr_NoError)
856 peter 1273 ECB : ereport(LOG,
1274 : (errmsg("DNSServiceRegister() failed: error code %ld",
1275 : (long) err)));
1276 :
1277 : /*
4790 bruce 1278 : * We don't bother to read the mDNS daemon's reply, and we expect that
1279 : * it will automatically terminate our registration when the socket is
1280 : * closed at postmaster termination. So there's nothing more to be
1281 : * done here. However, the bonjour_sdref is kept around so that
1282 : * forked children can close their copies of the socket.
1283 : */
9281 1284 : }
1285 : #endif
1286 :
3894 tgl 1287 GIC 593 : if (Unix_socket_directories)
1288 : {
1289 : char *rawstring;
1290 : List *elemlist;
1291 : ListCell *l;
3894 tgl 1292 CBC 593 : int success = 0;
1293 :
3894 tgl 1294 ECB : /* Need a modifiable copy of Unix_socket_directories */
3894 tgl 1295 GIC 593 : rawstring = pstrdup(Unix_socket_directories);
3894 tgl 1296 ECB :
1297 : /* Parse string into list of directories */
3894 tgl 1298 GIC 593 : if (!SplitDirectoriesString(rawstring, ',', &elemlist))
1299 : {
1300 : /* syntax error in list */
3894 tgl 1301 LBC 0 : ereport(FATAL,
1302 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
3510 alvherre 1303 ECB : errmsg("invalid list syntax in parameter \"%s\"",
1304 : "unix_socket_directories")));
3894 tgl 1305 : }
1306 :
3894 tgl 1307 GIC 1183 : foreach(l, elemlist)
1308 : {
3894 tgl 1309 GBC 590 : char *socketdir = (char *) lfirst(l);
1310 :
3894 tgl 1311 GIC 590 : status = StreamServerPort(AF_UNIX, NULL,
1312 590 : (unsigned short) PostPortNumber,
1313 : socketdir,
3894 tgl 1314 ECB : ListenSocket, MAXLISTEN);
3894 tgl 1315 EUB :
3894 tgl 1316 GIC 590 : if (status == STATUS_OK)
1317 : {
3894 tgl 1318 CBC 590 : success++;
3894 tgl 1319 ECB : /* record the first successful Unix socket in lockfile */
3894 tgl 1320 GIC 590 : if (success == 1)
1321 590 : AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
1322 : }
1323 : else
3894 tgl 1324 UIC 0 : ereport(WARNING,
3894 tgl 1325 ECB : (errmsg("could not create Unix-domain socket in directory \"%s\"",
3894 tgl 1326 EUB : socketdir)));
1327 : }
1328 :
3894 tgl 1329 GIC 593 : if (!success && elemlist != NIL)
3894 tgl 1330 UIC 0 : ereport(FATAL,
1331 : (errmsg("could not create any Unix-domain sockets")));
1332 :
3894 tgl 1333 GIC 593 : list_free_deep(elemlist);
3894 tgl 1334 CBC 593 : pfree(rawstring);
3894 tgl 1335 ECB : }
1336 :
1337 : /*
1338 : * check that we have some socket to listen on
1339 : */
4837 magnus 1340 CBC 593 : if (ListenSocket[0] == PGINVALID_SOCKET)
6956 tgl 1341 UBC 0 : ereport(FATAL,
1342 : (errmsg("no socket created for listening")));
1343 :
1344 : /*
1345 : * If no valid TCP ports, write an empty line for listen address,
4469 tgl 1346 ECB : * indicating the Unix socket must be used. Note that this line is not
1347 : * added to the lock file until there is a socket backing it.
4469 tgl 1348 EUB : */
4469 tgl 1349 GIC 593 : if (!listen_addr_saved)
4469 tgl 1350 GBC 559 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, "");
1351 :
8166 tgl 1352 EUB : /*
6385 bruce 1353 : * Record postmaster options. We delay this till now to avoid recording
1354 : * bogus options (eg, unusable port number).
1355 : */
6905 bruce 1356 GBC 593 : if (!CreateOptsFile(argc, argv, my_exec_path))
8166 tgl 1357 UBC 0 : ExitPostmaster(1);
8397 bruce 1358 EUB :
1359 : /*
1360 : * Write the external PID file if requested
6757 tgl 1361 : */
6756 tgl 1362 GBC 593 : if (external_pid_file)
1363 : {
6756 tgl 1364 UBC 0 : FILE *fpidfile = fopen(external_pid_file, "w");
1365 :
6757 tgl 1366 UIC 0 : if (fpidfile)
1367 : {
1368 0 : fprintf(fpidfile, "%d\n", MyProcPid);
1369 0 : fclose(fpidfile);
1370 :
4312 peter_e 1371 ECB : /* Make PID file world readable */
4312 peter_e 1372 UIC 0 : if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
1373 0 : write_stderr("%s: could not change permissions of external PID file \"%s\": %s\n",
1374 0 : progname, external_pid_file, strerror(errno));
1375 : }
6757 tgl 1376 ECB : else
6753 peter_e 1377 UIC 0 : write_stderr("%s: could not write external PID file \"%s\": %s\n",
6756 tgl 1378 0 : progname, external_pid_file, strerror(errno));
1379 :
3884 peter_e 1380 0 : on_proc_exit(unlink_external_pid_file, 0);
6757 tgl 1381 ECB : }
1382 :
1383 : /*
1384 : * Remove old temporary files. At this point there can be no other
1385 : * Postgres processes running in this directory, so this should be safe.
1386 : */
3008 andres 1387 GBC 593 : RemovePgTempFiles();
1388 :
1389 : /*
1390 : * Initialize the autovacuum subsystem (again, no process start yet)
8166 tgl 1391 ECB : */
6102 tgl 1392 GIC 593 : autovac_init();
1393 :
1394 : /*
1395 : * Load configuration files for client authentication.
1396 : */
4976 1397 593 : if (!load_hba())
1398 : {
1399 : /*
1400 : * It makes no sense to continue if we fail to load the HBA file,
1401 : * since there is no way to connect to the database in this case.
1402 : */
4976 tgl 1403 UIC 0 : ereport(FATAL,
1404 : /* translator: %s is a configuration file */
1405 : (errmsg("could not load %s", HbaFileName)));
1406 : }
3852 heikki.linnakangas 1407 GIC 593 : if (!load_ident())
1408 : {
1409 : /*
1410 : * We can start up without the IDENT file, although it means that you
1411 : * cannot log in using any of the authentication methods that need a
1412 : * user name mapping. load_ident() already logged the details of error
1413 : * to the log.
1414 : */
1415 : }
1416 :
1417 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1418 :
1419 : /*
1420 : * On macOS, libintl replaces setlocale() with a version that calls
1421 : * CFLocaleCopyCurrent() when its second argument is "" and every relevant
1422 : * environment variable is unset or empty. CFLocaleCopyCurrent() makes
3014 noah 1423 ECB : * the process multithreaded. The postmaster calls sigprocmask() and
1424 : * calls fork() without an immediate exec(), both of which have undefined
1425 : * behavior in a multithreaded program. A multithreaded postmaster is the
1426 : * normal case on Windows, which offers neither fork() nor sigprocmask().
1427 : */
1428 : if (pthread_is_threaded_np() != 0)
1429 : ereport(FATAL,
1430 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1431 : errmsg("postmaster became multithreaded during startup"),
2118 tgl 1432 : errhint("Set the LC_ALL environment variable to a valid locale.")));
3014 noah 1433 : #endif
1434 :
6508 bruce 1435 : /*
1436 : * Remember postmaster startup time
1437 : */
6493 tgl 1438 GIC 593 : PgStartTime = GetCurrentTimestamp();
1439 :
2111 tgl 1440 ECB : /*
1441 : * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
1442 : * see what's happening.
1443 : */
2111 tgl 1444 GIC 593 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STARTING);
1445 :
615 tmunro 1446 ECB : /* Start bgwriter and checkpointer so they can help with recovery */
615 tmunro 1447 GIC 593 : if (CheckpointerPID == 0)
615 tmunro 1448 CBC 593 : CheckpointerPID = StartCheckpointer();
615 tmunro 1449 GIC 593 : if (BgWriterPID == 0)
1450 593 : BgWriterPID = StartBackgroundWriter();
1451 :
1452 : /*
6102 tgl 1453 EUB : * We're ready to rock and roll...
1454 : */
6102 tgl 1455 GIC 593 : StartupPID = StartupDataBase();
5722 1456 593 : Assert(StartupPID != 0);
2831 1457 593 : StartupStatus = STARTUP_RUNNING;
5722 1458 593 : pmState = PM_STARTUP;
1459 :
1460 : /* Some workers may be scheduled to start now */
2174 1461 593 : maybe_start_bgworkers();
1462 :
9345 bruce 1463 CBC 593 : status = ServerLoop();
1464 :
1465 : /*
1466 : * ServerLoop probably shouldn't ever return, but if it does, close down.
1467 : */
9345 bruce 1468 UIC 0 : ExitPostmaster(status != STATUS_OK);
1469 :
1470 : abort(); /* not reached */
1471 : }
1472 :
6890 tgl 1473 ECB :
1474 : /*
2807 1475 : * on_proc_exit callback to close server's listen sockets
1476 : */
1477 : static void
2807 tgl 1478 CBC 593 : CloseServerPorts(int status, Datum arg)
1479 : {
1480 : int i;
1481 :
1482 : /*
1483 : * First, explicitly close all the socket FDs. We used to just let this
1484 : * happen implicitly at postmaster exit, but it's better to close them
1485 : * before we remove the postmaster.pid lockfile; otherwise there's a race
1486 : * condition if a new postmaster wants to re-use the TCP port number.
2807 tgl 1487 ECB : */
2807 tgl 1488 GIC 38545 : for (i = 0; i < MAXLISTEN; i++)
1489 : {
1490 37952 : if (ListenSocket[i] != PGINVALID_SOCKET)
1491 : {
1492 624 : StreamClose(ListenSocket[i]);
2807 tgl 1493 CBC 624 : ListenSocket[i] = PGINVALID_SOCKET;
1494 : }
1495 : }
1496 :
1497 : /*
1498 : * Next, remove any filesystem entries for Unix sockets. To avoid race
2807 tgl 1499 EUB : * conditions against incoming postmasters, this must happen after closing
1500 : * the sockets and before removing lock files.
1501 : */
2807 tgl 1502 GBC 593 : RemoveSocketFiles();
2807 tgl 1503 EUB :
1504 : /*
1505 : * We don't do anything about socket lock files here; those will be
1506 : * removed in a later on_proc_exit callback.
1507 : */
2807 tgl 1508 GIC 593 : }
1509 :
1510 : /*
3884 peter_e 1511 ECB : * on_proc_exit callback to delete external_pid_file
1512 : */
1513 : static void
3884 peter_e 1514 UIC 0 : unlink_external_pid_file(int status, Datum arg)
1515 : {
3884 peter_e 1516 LBC 0 : if (external_pid_file)
3884 peter_e 1517 UBC 0 : unlink(external_pid_file);
3884 peter_e 1518 UIC 0 : }
1519 :
1520 :
1521 : /*
1522 : * Compute and check the directory paths to files that are part of the
1523 : * installation (as deduced from the postgres executable's own location)
1524 : */
1525 : static void
5090 tgl 1526 GIC 601 : getInstallationPaths(const char *argv0)
1527 : {
1528 : DIR *pdir;
1529 :
1530 : /* Locate the postgres executable itself */
1531 601 : if (find_my_exec(argv0, my_exec_path) < 0)
856 peter 1532 UIC 0 : ereport(FATAL,
856 peter 1533 ECB : (errmsg("%s: could not locate my own executable path", argv0)));
1534 :
1535 : #ifdef EXEC_BACKEND
1536 : /* Locate executable backend before we change working directory */
1537 : if (find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1538 : postgres_exec_path) < 0)
1539 : ereport(FATAL,
1540 : (errmsg("%s: could not locate matching postgres executable",
1541 : argv0)));
5090 tgl 1542 : #endif
1543 :
5090 tgl 1544 EUB : /*
1545 : * Locate the pkglib directory --- this has to be set early in case we try
1546 : * to load any modules from it in response to postgresql.conf entries.
1547 : */
5090 tgl 1548 GIC 601 : get_pkglib_path(my_exec_path, pkglib_path);
1549 :
5090 tgl 1550 ECB : /*
1551 : * Verify that there's a readable directory there; otherwise the Postgres
1552 : * installation is incomplete or corrupt. (A typical cause of this
1553 : * failure is that the postgres executable has been moved or hardlinked to
1554 : * some directory that's not a sibling of the installation lib/
1555 : * directory.)
1556 : */
5090 tgl 1557 GIC 601 : pdir = AllocateDir(pkglib_path);
1558 601 : if (pdir == NULL)
5090 tgl 1559 UIC 0 : ereport(ERROR,
1560 : (errcode_for_file_access(),
1561 : errmsg("could not open directory \"%s\": %m",
1562 : pkglib_path),
1563 : errhint("This may indicate an incomplete PostgreSQL installation, or that the file \"%s\" has been moved away from its proper location.",
1564 : my_exec_path)));
5090 tgl 1565 CBC 601 : FreeDir(pdir);
1566 :
1567 : /*
1568 : * XXX is it worth similarly checking the share/ directory? If the lib/
1569 : * directory is there, then share/ probably is too.
5090 tgl 1570 ECB : */
5090 tgl 1571 GIC 601 : }
5090 tgl 1572 ECB :
6890 1573 : /*
1574 : * Check that pg_control exists in the correct location in the data directory.
1828 sfrost 1575 EUB : *
1576 : * No attempt is made to validate the contents of pg_control here. This is
1577 : * just a sanity check to see if we are looking at a real data directory.
6890 tgl 1578 : */
1579 : static void
1828 sfrost 1580 GIC 599 : checkControlFile(void)
6890 tgl 1581 ECB : {
1582 : char path[MAXPGPATH];
1583 : FILE *fp;
1584 :
6757 tgl 1585 GIC 599 : snprintf(path, sizeof(path), "%s/global/pg_control", DataDir);
1586 :
6890 1587 599 : fp = AllocateFile(path, PG_BINARY_R);
1588 599 : if (fp == NULL)
1589 : {
6836 bruce 1590 UIC 0 : write_stderr("%s: could not find the database system\n"
1591 : "Expected to find it in the directory \"%s\",\n"
1592 : "but could not open file \"%s\": %s\n",
6757 tgl 1593 0 : progname, DataDir, path, strerror(errno));
6890 tgl 1594 LBC 0 : ExitPostmaster(2);
1595 : }
6890 tgl 1596 CBC 599 : FreeFile(fp);
6890 tgl 1597 GIC 599 : }
1598 :
1599 : /*
1600 : * Determine how long should we let ServerLoop sleep, in milliseconds.
1601 : *
3776 alvherre 1602 ECB : * In normal conditions we wait at most one minute, to ensure that the other
1603 : * background tasks handled by ServerLoop get done even when no requests are
1604 : * arriving. However, if there are background workers waiting to be started,
2851 tgl 1605 : * we don't actually sleep so that they are quickly serviced. Other exception
1606 : * cases are as shown in the code.
1607 : */
1608 : static int
87 tmunro 1609 GNC 25393 : DetermineSleepTime(void)
3776 alvherre 1610 ECB : {
3776 alvherre 1611 CBC 25393 : TimestampTz next_wakeup = 0;
1612 :
3776 alvherre 1613 ECB : /*
1614 : * Normal case: either there are no background workers at all, or we're in
1615 : * a shutdown sequence (during which we ignore bgworkers altogether).
1616 : */
3776 alvherre 1617 GIC 25393 : if (Shutdown > NoShutdown ||
1618 22349 : (!StartWorkerNeeded && !HaveCrashedWorker))
3776 alvherre 1619 EUB : {
2851 tgl 1620 GBC 25393 : if (AbortStartTime != 0)
1621 : {
1622 : int seconds;
1623 :
3473 alvherre 1624 EUB : /* time left to abort; clamp to 0 in case it already expired */
87 tmunro 1625 GNC 932 : seconds = SIGKILL_CHILDREN_AFTER_SECS -
2851 tgl 1626 GIC 932 : (time(NULL) - AbortStartTime);
1627 :
87 tmunro 1628 GNC 932 : return Max(seconds * 1000, 0);
1629 : }
1630 : else
1631 24461 : return 60 * 1000;
1632 : }
1633 :
3776 alvherre 1634 UIC 0 : if (StartWorkerNeeded)
87 tmunro 1635 UNC 0 : return 0;
3776 alvherre 1636 EUB :
3776 alvherre 1637 UBC 0 : if (HaveCrashedWorker)
1638 : {
3260 bruce 1639 EUB : slist_mutable_iter siter;
3776 alvherre 1640 :
1641 : /*
1642 : * When there are crashed bgworkers, we sleep just long enough that
3260 bruce 1643 : * they are restarted when they request to be. Scan the list to
1644 : * determine the minimum of all wakeup times according to most recent
3776 alvherre 1645 : * crash time and requested restart interval.
1646 : */
3554 rhaas 1647 UIC 0 : slist_foreach_modify(siter, &BackgroundWorkerList)
1648 : {
1649 : RegisteredBgWorker *rw;
3776 alvherre 1650 EUB : TimestampTz this_wakeup;
1651 :
3776 alvherre 1652 UIC 0 : rw = slist_container(RegisteredBgWorker, rw_lnode, siter.cur);
1653 :
1654 0 : if (rw->rw_crashed_at == 0)
3776 alvherre 1655 UBC 0 : continue;
1656 :
3460 rhaas 1657 0 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART
3460 rhaas 1658 UIC 0 : || rw->rw_terminate)
1659 : {
3546 tgl 1660 UBC 0 : ForgetBackgroundWorker(&siter);
3776 alvherre 1661 UIC 0 : continue;
1662 : }
1663 :
1664 0 : this_wakeup = TimestampTzPlusMilliseconds(rw->rw_crashed_at,
1665 : 1000L * rw->rw_worker.bgw_restart_time);
1666 0 : if (next_wakeup == 0 || this_wakeup < next_wakeup)
1667 0 : next_wakeup = this_wakeup;
1668 : }
1669 : }
1670 :
1671 0 : if (next_wakeup != 0)
1672 : {
1673 : int ms;
1674 :
1675 : /* result of TimestampDifferenceMilliseconds is in [0, INT_MAX] */
73 tgl 1676 UNC 0 : ms = (int) TimestampDifferenceMilliseconds(GetCurrentTimestamp(),
1677 : next_wakeup);
1678 0 : return Min(60 * 1000, ms);
3776 alvherre 1679 ECB : }
1680 :
87 tmunro 1681 UNC 0 : return 60 * 1000;
1682 : }
1683 :
1684 : /*
1685 : * Activate or deactivate notifications of server socket events. Since we
1686 : * don't currently have a way to remove events from an existing WaitEventSet,
1687 : * we'll just destroy and recreate the whole thing. This is called during
1688 : * shutdown so we can wait for backends to exit without accepting new
1689 : * connections, and during crash reinitialization when we need to start
1690 : * listening for new connections again. The WaitEventSet will be freed in fork
1691 : * children by ClosePostmasterPorts().
1692 : */
1693 : static void
87 tmunro 1694 GNC 1203 : ConfigurePostmasterWaitSet(bool accept_connections)
1695 : {
1696 : int nsockets;
1697 :
1698 1203 : if (pm_wait_set)
1699 610 : FreeWaitEventSet(pm_wait_set);
1700 1203 : pm_wait_set = NULL;
1701 :
1702 : /* How many server sockets do we need to wait for? */
1703 1203 : nsockets = 0;
1704 1203 : if (accept_connections)
1705 : {
1706 1225 : while (nsockets < MAXLISTEN &&
1707 1225 : ListenSocket[nsockets] != PGINVALID_SOCKET)
1708 628 : ++nsockets;
1709 : }
1710 :
1711 1203 : pm_wait_set = CreateWaitEventSet(CurrentMemoryContext, 1 + nsockets);
1712 1203 : AddWaitEventToSet(pm_wait_set, WL_LATCH_SET, PGINVALID_SOCKET, MyLatch,
1713 : NULL);
1714 :
1715 1203 : if (accept_connections)
1716 : {
1717 1225 : for (int i = 0; i < nsockets; i++)
1718 628 : AddWaitEventToSet(pm_wait_set, WL_SOCKET_ACCEPT, ListenSocket[i],
1719 : NULL, NULL);
1720 : }
87 tmunro 1721 GIC 1203 : }
87 tmunro 1722 ECB :
1723 : /*
6889 tgl 1724 : * Main idle loop of postmaster
1725 : */
9364 bruce 1726 : static int
9683 scrappy 1727 GIC 593 : ServerLoop(void)
1728 : {
1729 : time_t last_lockfile_recheck_time,
6889 tgl 1730 ECB : last_touch_time;
1731 : WaitEvent events[MAXLISTEN];
1732 : int nevents;
1733 :
87 tmunro 1734 GNC 593 : ConfigurePostmasterWaitSet(true);
2742 tgl 1735 GIC 593 : last_lockfile_recheck_time = last_touch_time = time(NULL);
1736 :
1737 : for (;;)
9345 bruce 1738 CBC 24800 : {
1739 : time_t now;
2176 tgl 1740 ECB :
87 tmunro 1741 GNC 25393 : nevents = WaitEventSetWait(pm_wait_set,
1742 25393 : DetermineSleepTime(),
1743 : events,
1744 : lengthof(events),
1745 : 0 /* postmaster posts no wait_events */ );
8202 tgl 1746 ECB :
1747 : /*
1748 : * Latch set by signal handler, or new connection pending on any of
1749 : * our sockets? If the latter, fork a child process to deal with it.
1750 : */
87 tmunro 1751 GNC 50192 : for (int i = 0; i < nevents; i++)
9071 bruce 1752 ECB : {
87 tmunro 1753 GNC 25392 : if (events[i].events & WL_LATCH_SET)
1754 16557 : ResetLatch(MyLatch);
1755 :
1756 : /*
1757 : * The following requests are handled unconditionally, even if we
1758 : * didn't see WL_LATCH_SET. This gives high priority to shutdown
1759 : * and reload requests where the latch happens to appear later in
1760 : * events[] or will be reported by a later call to
1761 : * WaitEventSetWait().
1762 : */
74 1763 25392 : if (pending_pm_shutdown_request)
1764 590 : process_pm_shutdown_request();
1765 25392 : if (pending_pm_reload_request)
1766 103 : process_pm_reload_request();
1767 25392 : if (pending_pm_child_exit)
1768 13502 : process_pm_child_exit();
1769 24799 : if (pending_pm_pmsignal)
1770 2363 : process_pm_pmsignal();
1771 :
1772 24799 : if (events[i].events & WL_SOCKET_ACCEPT)
1773 : {
1774 : Port *port;
1775 :
87 1776 8835 : port = ConnCreate(events[i].fd);
1777 8835 : if (port)
7241 bruce 1778 ECB : {
87 tmunro 1779 GNC 8835 : BackendStartup(port);
1780 :
1781 : /*
1782 : * We no longer need the open socket or port structure in
1783 : * this process
1784 : */
1785 8835 : StreamClose(port->sock);
1786 8835 : ConnFree(port);
7241 bruce 1787 EUB : }
1788 : }
1789 : }
1790 :
1791 : /* If we have lost the log collector, try to start a new one */
5712 andrew 1792 GIC 24800 : if (SysLoggerPID == 0 && Logging_collector)
6821 tgl 1793 UIC 0 : SysLoggerPID = SysLogger_Start();
1794 :
6889 tgl 1795 ECB : /*
6797 bruce 1796 : * If no background writer process is running, and we are not in a
1797 : * state that prevents it, start one. It doesn't matter if this
1798 : * fails, we'll just try again later. Likewise for the checkpointer.
6889 tgl 1799 EUB : */
4177 simon 1800 GBC 24800 : if (pmState == PM_RUN || pmState == PM_RECOVERY ||
615 tmunro 1801 4445 : pmState == PM_HOT_STANDBY || pmState == PM_STARTUP)
1802 : {
4177 simon 1803 GIC 21749 : if (CheckpointerPID == 0)
1804 4 : CheckpointerPID = StartCheckpointer();
3964 simon 1805 CBC 21749 : if (BgWriterPID == 0)
3964 simon 1806 GBC 4 : BgWriterPID = StartBackgroundWriter();
1807 : }
1808 :
5738 tgl 1809 ECB : /*
1810 : * Likewise, if we have lost the walwriter process, try to start a new
3985 tgl 1811 EUB : * one. But this is needed only in normal operation (else we cannot
1812 : * be writing any new WAL).
5738 1813 : */
5722 tgl 1814 GIC 24800 : if (WalWriterPID == 0 && pmState == PM_RUN)
5738 tgl 1815 UIC 0 : WalWriterPID = StartWalWriter();
1816 :
4367 bruce 1817 ECB : /*
4322 1818 : * If we have lost the autovacuum launcher, try to start a new one. We
1819 : * don't want autovacuum to run in binary upgrade mode because
1820 : * autovacuum might update relfrozenxid for empty tables before the
1821 : * physical files are put in place.
4367 1822 : */
4367 bruce 1823 GIC 28864 : if (!IsBinaryUpgrade && AutoVacPID == 0 &&
5761 tgl 1824 5152 : (AutoVacuumingActive() || start_autovac_launcher) &&
5722 1825 2976 : pmState == PM_RUN)
1826 : {
5897 alvherre 1827 UIC 0 : AutoVacPID = StartAutoVacLauncher();
5999 tgl 1828 0 : if (AutoVacPID != 0)
5624 bruce 1829 0 : start_autovac_launcher = false; /* signal processed */
1830 : }
1831 :
1832 : /* If we have lost the archiver, try to start a new one. */
2858 fujii 1833 GIC 24800 : if (PgArchPID == 0 && PgArchStartupAllowed())
755 fujii 1834 UIC 0 : PgArchPID = StartArchiver();
1835 :
1836 : /* If we need to signal the autovacuum launcher, do so now */
4976 alvherre 1837 GIC 24800 : if (avlauncher_needs_signal)
1838 : {
4976 alvherre 1839 UIC 0 : avlauncher_needs_signal = false;
1840 0 : if (AutoVacPID != 0)
4969 tgl 1841 LBC 0 : kill(AutoVacPID, SIGUSR2);
1842 : }
1843 :
1844 : /* If we need to start a WAL receiver, try to do that now */
2113 tgl 1845 GIC 24800 : if (WalReceiverRequested)
1846 241 : MaybeStartWalReceiver();
1847 :
1848 : /* Get other worker processes running, if needed */
3776 alvherre 1849 24800 : if (StartWorkerNeeded || HaveCrashedWorker)
2174 tgl 1850 2885 : maybe_start_bgworkers();
1851 :
3014 noah 1852 ECB : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1853 :
1854 : /*
1855 : * With assertions enabled, check regularly for appearance of
1856 : * additional threads. All builds check at start and exit.
3014 noah 1857 EUB : */
1858 : Assert(pthread_is_threaded_np() == 0);
1859 : #endif
1860 :
2739 tgl 1861 : /*
1862 : * Lastly, check to see if it's time to do some things that we don't
1863 : * want to do every single time through the loop, because they're a
1864 : * bit expensive. Note that there's up to a minute of slop in when
1865 : * these tasks will be performed, since DetermineSleepTime() will let
1866 : * us sleep at most that long; except for SIGKILL timeout which has
1867 : * special-case logic there.
1868 : */
2739 tgl 1869 GIC 24800 : now = time(NULL);
1870 :
1871 : /*
1872 : * If we already sent SIGQUIT to children and they are slow to shut
1873 : * down, it's time to send them SIGKILL (or SIGABRT if requested).
1874 : * This doesn't happen normally, but under certain conditions backends
1875 : * can get stuck while shutting down. This is a last measure to get
1876 : * them unwedged.
3572 alvherre 1877 ECB : *
1878 : * Note we also do this during recovery from a process crash.
1879 : */
139 tgl 1880 GNC 24800 : if ((Shutdown >= ImmediateShutdown || FatalError) &&
2851 tgl 1881 GBC 937 : AbortStartTime != 0 &&
2851 tgl 1882 GIC 932 : (now - AbortStartTime) >= SIGKILL_CHILDREN_AFTER_SECS)
3572 alvherre 1883 EUB : {
1884 : /* We were gentle with them before. Not anymore */
940 tgl 1885 LBC 0 : ereport(LOG,
1886 : /* translator: %s is SIGKILL or SIGABRT */
1887 : (errmsg("issuing %s to recalcitrant children",
1888 : send_abort_for_kill ? "SIGABRT" : "SIGKILL")));
139 tgl 1889 UNC 0 : TerminateChildren(send_abort_for_kill ? SIGABRT : SIGKILL);
1890 : /* reset flag so we don't SIGKILL again */
3473 alvherre 1891 UIC 0 : AbortStartTime = 0;
1892 : }
1893 :
1894 : /*
2742 tgl 1895 ECB : * Once a minute, verify that postmaster.pid hasn't been removed or
1896 : * overwritten. If it has, we force a shutdown. This avoids having
2742 tgl 1897 EUB : * postmasters and child processes hanging around after their database
1898 : * is gone, and maybe causing problems if a new database cluster is
1899 : * created in the same place. It also provides some protection
1900 : * against a DBA foolishly removing postmaster.pid and manually
1901 : * starting a new postmaster. Data corruption is likely to ensue from
1902 : * that anyway, but we can minimize the damage by aborting ASAP.
1903 : */
2742 tgl 1904 GIC 24800 : if (now - last_lockfile_recheck_time >= 1 * SECS_PER_MINUTE)
1905 : {
1906 11 : if (!RecheckDataDirLockFile())
1907 : {
2742 tgl 1908 UIC 0 : ereport(LOG,
1909 : (errmsg("performing immediate shutdown because data directory lock file is invalid")));
1910 0 : kill(MyProcPid, SIGQUIT);
1911 : }
2742 tgl 1912 GIC 11 : last_lockfile_recheck_time = now;
1913 : }
1914 :
1915 : /*
1916 : * Touch Unix socket and lock files every 58 minutes, to ensure that
1917 : * they are not removed by overzealous /tmp-cleaning tasks. We assume
1918 : * no one runs cleaners with cutoff times of less than an hour ...
1919 : */
1920 24800 : if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
1921 : {
2742 tgl 1922 UIC 0 : TouchSocketFiles();
2742 tgl 1923 LBC 0 : TouchSocketLockFiles();
2742 tgl 1924 UIC 0 : last_touch_time = now;
1925 : }
1926 : }
1927 : }
1928 :
9675 bryanh 1929 EUB : /*
1930 : * Read a client's startup packet and do something according to it.
1931 : *
7201 tgl 1932 : * Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
1933 : * not return at all.
1934 : *
7201 tgl 1935 ECB : * (Note that ereport(FATAL) stuff is sent to the client, so only use it
7842 1936 : * if that's what you want. Return STATUS_ERROR if you don't want to
1937 : * send anything to the client, which would typically be appropriate
1938 : * if we detect a communications failure.)
1467 sfrost 1939 : *
1940 : * Set ssl_done and/or gss_done when negotiation of an encrypted layer
1072 sfrost 1941 EUB : * (currently, TLS or GSSAPI) is completed. A successful negotiation of either
1942 : * encryption layer sets both flags, but a rejected negotiation sets only the
1943 : * flag for that layer, since the client may wish to try the other one. We
1944 : * should make no assumption here about the order in which the client may make
1945 : * requests.
1946 : */
1947 : static int
1072 sfrost 1948 GIC 8852 : ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
1949 : {
1950 : int32 len;
1951 : char *buf;
7297 tgl 1952 ECB : ProtocolVersion proto;
1953 : MemoryContext oldcontext;
1954 :
2988 heikki.linnakangas 1955 CBC 8852 : pq_startmsgread();
1956 :
1495 andrew 1957 EUB : /*
1958 : * Grab the first byte of the length word separately, so that we can tell
1959 : * whether we have no data at all or an incomplete packet. (This might
1960 : * sound inefficient, but it's not really, because of buffering in
1961 : * pqcomm.c.)
1495 andrew 1962 ECB : */
1495 andrew 1963 GIC 8852 : if (pq_getbytes((char *) &len, 1) == EOF)
1964 : {
1965 : /*
1966 : * If we get no data at all, don't clutter the log with a complaint;
1967 : * such cases often occur for legitimate reasons. An example is that
1495 andrew 1968 ECB : * we might be here after responding to NEGOTIATE_SSL_CODE, and if the
1969 : * client didn't like our response, it'll probably just drop the
1970 : * connection. Service-monitoring software also often just opens and
1971 : * closes a connection without sending anything. (So do port
1972 : * scanners, which may be less benign, but it's not really our job to
1973 : * notice those.)
7292 tgl 1974 EUB : */
1495 andrew 1975 GIC 13 : return STATUS_ERROR;
1976 : }
1495 andrew 1977 EUB :
1495 andrew 1978 GIC 8839 : if (pq_getbytes(((char *) &len) + 1, 3) == EOF)
1495 andrew 1979 ECB : {
1980 : /* Got a partial length word, so bleat about that */
1072 sfrost 1981 LBC 0 : if (!ssl_done && !gss_done)
1467 sfrost 1982 UIC 0 : ereport(COMMERROR,
1983 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1467 sfrost 1984 ECB : errmsg("incomplete startup packet")));
7842 tgl 1985 UIC 0 : return STATUS_ERROR;
1986 : }
1987 :
2016 andres 1988 GIC 8839 : len = pg_ntoh32(len);
7963 peter_e 1989 8839 : len -= 4;
7963 peter_e 1990 ECB :
7297 tgl 1991 CBC 8839 : if (len < (int32) sizeof(ProtocolVersion) ||
7297 tgl 1992 GIC 8839 : len > MAX_STARTUP_PACKET_LENGTH)
7292 tgl 1993 ECB : {
7201 tgl 1994 UIC 0 : ereport(COMMERROR,
1995 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
1996 : errmsg("invalid length of startup packet")));
7292 1997 0 : return STATUS_ERROR;
7292 tgl 1998 ECB : }
7963 peter_e 1999 :
2000 : /*
766 heikki.linnakangas 2001 EUB : * Allocate space to hold the startup packet, plus one extra byte that's
2002 : * initialized to be zero. This ensures we will have null termination of
2003 : * all strings inside the packet.
2004 : */
766 heikki.linnakangas 2005 GIC 8839 : buf = palloc(len + 1);
766 heikki.linnakangas 2006 GBC 8839 : buf[len] = '\0';
2007 :
7842 tgl 2008 GIC 8839 : if (pq_getbytes(buf, len) == EOF)
2009 : {
7201 tgl 2010 LBC 0 : ereport(COMMERROR,
7201 tgl 2011 ECB : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2012 : errmsg("incomplete startup packet")));
7842 tgl 2013 UIC 0 : return STATUS_ERROR;
2014 : }
2988 heikki.linnakangas 2015 GIC 8839 : pq_endmsgread();
2016 :
2017 : /*
2018 : * The first field is either a protocol version number or a special
2019 : * request code.
9040 scrappy 2020 ECB : */
2016 andres 2021 GBC 8839 : port->proto = proto = pg_ntoh32(*((ProtocolVersion *) buf));
2022 :
7297 tgl 2023 GIC 8839 : if (proto == CANCEL_REQUEST_CODE)
2024 : {
78 noah 2025 2 : if (len != sizeof(CancelRequestPacket))
2026 : {
78 noah 2027 UIC 0 : ereport(COMMERROR,
2028 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2029 : errmsg("invalid length of startup packet")));
2030 0 : return STATUS_ERROR;
78 noah 2031 ECB : }
7297 tgl 2032 GIC 2 : processCancelRequest(port, buf);
4971 tgl 2033 ECB : /* Not really an error, but we don't want to proceed further */
4971 tgl 2034 GIC 2 : return STATUS_ERROR;
7963 peter_e 2035 ECB : }
2036 :
1072 sfrost 2037 GIC 8837 : if (proto == NEGOTIATE_SSL_CODE && !ssl_done)
2038 : {
8397 bruce 2039 ECB : char SSLok;
2040 :
2041 : #ifdef USE_SSL
2042 : /* No SSL when disabled or on Unix sockets */
418 peter 2043 CBC 177 : if (!LoadedSSL || port->laddr.addr.ss_family == AF_UNIX)
8201 tgl 2044 GIC 64 : SSLok = 'N';
8257 bruce 2045 EUB : else
8201 tgl 2046 GBC 113 : SSLok = 'S'; /* Support for SSL */
8595 bruce 2047 EUB : #else
2048 : SSLok = 'N'; /* No support for SSL */
2049 : #endif
6111 tgl 2050 :
6111 tgl 2051 GIC 177 : retry1:
8397 bruce 2052 177 : if (send(port->sock, &SSLok, 1, 0) != 1)
2053 : {
6111 tgl 2054 LBC 0 : if (errno == EINTR)
6111 tgl 2055 UBC 0 : goto retry1; /* if interrupted, just retry */
7201 tgl 2056 UIC 0 : ereport(COMMERROR,
2057 : (errcode_for_socket_access(),
2058 : errmsg("failed to send SSL negotiation response: %m")));
7833 bruce 2059 0 : return STATUS_ERROR; /* close the connection */
2060 : }
2061 :
2062 : #ifdef USE_SSL
7604 bruce 2063 GIC 177 : if (SSLok == 'S' && secure_open_server(port) == -1)
7522 bruce 2064 CBC 18 : return STATUS_ERROR;
8595 bruce 2065 EUB : #endif
2066 :
2067 : /*
2068 : * At this point we should have no data already buffered. If we do,
2069 : * it was received before we performed the SSL handshake, so it wasn't
2070 : * encrypted and indeed may have been injected by a man-in-the-middle.
2071 : * We report this case to the client.
2072 : */
517 tgl 2073 GIC 159 : if (pq_buffer_has_data())
517 tgl 2074 UIC 0 : ereport(FATAL,
517 tgl 2075 ECB : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2076 : errmsg("received unencrypted data after SSL request"),
2077 : errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
2078 :
2079 : /*
2080 : * regular startup packet, cancel, etc packet should follow, but not
2081 : * another SSL negotiation request, and a GSS request should only
2082 : * follow if SSL was rejected (client may negotiate in either order)
2083 : */
1072 sfrost 2084 CBC 159 : return ProcessStartupPacket(port, true, SSLok == 'S');
2085 : }
1072 sfrost 2086 GIC 8660 : else if (proto == NEGOTIATE_GSS_CODE && !gss_done)
1467 sfrost 2087 ECB : {
1467 sfrost 2088 CBC 17 : char GSSok = 'N';
832 tgl 2089 EUB :
2090 : #ifdef ENABLE_GSS
2091 : /* No GSSAPI encryption when on Unix socket */
418 peter 2092 GIC 17 : if (port->laddr.addr.ss_family != AF_UNIX)
1467 sfrost 2093 17 : GSSok = 'G';
2094 : #endif
2095 :
2096 17 : while (send(port->sock, &GSSok, 1, 0) != 1)
2097 : {
1467 sfrost 2098 UIC 0 : if (errno == EINTR)
2099 0 : continue;
2100 0 : ereport(COMMERROR,
2101 : (errcode_for_socket_access(),
2102 : errmsg("failed to send GSSAPI negotiation response: %m")));
2103 0 : return STATUS_ERROR; /* close the connection */
2104 : }
1467 sfrost 2105 ECB :
2106 : #ifdef ENABLE_GSS
1467 sfrost 2107 GIC 17 : if (GSSok == 'G' && secure_open_gssapi(port) == -1)
1467 sfrost 2108 UIC 0 : return STATUS_ERROR;
1467 sfrost 2109 ECB : #endif
1060 tgl 2110 :
2111 : /*
2112 : * At this point we should have no data already buffered. If we do,
2113 : * it was received before we performed the GSS handshake, so it wasn't
2114 : * encrypted and indeed may have been injected by a man-in-the-middle.
2115 : * We report this case to the client.
2116 : */
517 tgl 2117 CBC 17 : if (pq_buffer_has_data())
517 tgl 2118 UIC 0 : ereport(FATAL,
517 tgl 2119 ECB : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2120 : errmsg("received unencrypted data after GSSAPI encryption request"),
2121 : errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
2122 :
2123 : /*
2124 : * regular startup packet, cancel, etc packet should follow, but not
1072 sfrost 2125 : * another GSS negotiation request, and an SSL request should only
2126 : * follow if GSS was rejected (client may negotiate in either order)
2127 : */
1072 sfrost 2128 CBC 17 : return ProcessStartupPacket(port, GSSok == 'G', true);
1467 sfrost 2129 EUB : }
8595 bruce 2130 ECB :
2131 : /* Could add additional special packet types here */
9040 scrappy 2132 :
7292 tgl 2133 : /*
6385 bruce 2134 : * Set FrontendProtocol now so that ereport() knows what format to send if
2135 : * we fail during startup.
7292 tgl 2136 : */
7292 tgl 2137 CBC 8643 : FrontendProtocol = proto;
8595 bruce 2138 ECB :
2139 : /* Check that the major protocol version is in range. */
7297 tgl 2140 GIC 8643 : if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
1965 rhaas 2141 8643 : PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST))
7201 tgl 2142 UIC 0 : ereport(FATAL,
2143 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
2144 : errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
2145 : PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
2146 : PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
7201 tgl 2147 ECB : PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
2148 : PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));
9040 scrappy 2149 :
8053 bruce 2150 : /*
2151 : * Now fetch parameters out of startup packet and save them into the Port
6385 2152 : * structure. All data structures attached to the Port struct must be
4790 bruce 2153 EUB : * allocated in TopMemoryContext so that they will remain available in a
2154 : * running backend (even after PostmasterContext is destroyed). We need
2155 : * not worry about leaking this storage on failure, since we aren't in the
2156 : * postmaster process anymore.
2157 : */
7297 tgl 2158 GIC 8643 : oldcontext = MemoryContextSwitchTo(TopMemoryContext);
2159 :
766 heikki.linnakangas 2160 ECB : /* Handle protocol version 3 startup packet */
2161 : {
7188 bruce 2162 GIC 8643 : int32 offset = sizeof(ProtocolVersion);
1965 rhaas 2163 8643 : List *unrecognized_protocol_options = NIL;
2164 :
2165 : /*
2166 : * Scan packet body for name/option pairs. We can assume any string
2167 : * beginning within the packet body is null-terminated, thanks to
6385 bruce 2168 EUB : * zeroing extra byte above.
2169 : */
7297 tgl 2170 GIC 8643 : port->guc_options = NIL;
2171 :
2172 42273 : while (offset < len)
7297 tgl 2173 ECB : {
766 heikki.linnakangas 2174 CBC 42273 : char *nameptr = buf + offset;
7188 bruce 2175 ECB : int32 valoffset;
2176 : char *valptr;
2177 :
7297 tgl 2178 GIC 42273 : if (*nameptr == '\0')
2179 8643 : break; /* found packet terminator */
2180 33630 : valoffset = offset + strlen(nameptr) + 1;
2181 33630 : if (valoffset >= len)
7297 tgl 2182 UIC 0 : break; /* missing value, will complain below */
766 heikki.linnakangas 2183 GIC 33630 : valptr = buf + valoffset;
7297 tgl 2184 ECB :
7297 tgl 2185 GIC 33630 : if (strcmp(nameptr, "database") == 0)
7297 tgl 2186 CBC 8643 : port->database_name = pstrdup(valptr);
7297 tgl 2187 GIC 24987 : else if (strcmp(nameptr, "user") == 0)
2188 8643 : port->user_name = pstrdup(valptr);
7297 tgl 2189 CBC 16344 : else if (strcmp(nameptr, "options") == 0)
7297 tgl 2190 GIC 2503 : port->cmdline_options = pstrdup(valptr);
4832 heikki.linnakangas 2191 13841 : else if (strcmp(nameptr, "replication") == 0)
2192 : {
2193 : /*
2194 : * Due to backward compatibility concerns the replication
2195 : * parameter is a hybrid beast which allows the value to be
3317 rhaas 2196 ECB : * either boolean or the string 'database'. The latter
3317 rhaas 2197 EUB : * connects to a specific database which is e.g. required for
2198 : * logical decoding while.
2199 : */
3317 rhaas 2200 GIC 847 : if (strcmp(valptr, "database") == 0)
2201 : {
2202 483 : am_walsender = true;
2203 483 : am_db_walsender = true;
2204 : }
2205 364 : else if (!parse_bool(valptr, &am_walsender))
4832 heikki.linnakangas 2206 UIC 0 : ereport(FATAL,
4832 heikki.linnakangas 2207 ECB : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2208 : errmsg("invalid value for parameter \"%s\": \"%s\"",
2118 tgl 2209 EUB : "replication",
2210 : valptr),
2211 : errhint("Valid values are: \"false\", 0, \"true\", 1, \"database\".")));
2212 : }
1965 rhaas 2213 CBC 12994 : else if (strncmp(nameptr, "_pq_.", 5) == 0)
1965 rhaas 2214 EUB : {
2215 : /*
2216 : * Any option beginning with _pq_. is reserved for use as a
2217 : * protocol-level option, but at present no such options are
2218 : * defined.
1965 rhaas 2219 ECB : */
1965 rhaas 2220 EUB : unrecognized_protocol_options =
1965 rhaas 2221 UIC 0 : lappend(unrecognized_protocol_options, pstrdup(nameptr));
1965 rhaas 2222 ECB : }
2223 : else
2224 : {
2225 : /* Assume it's a generic GUC option */
7297 tgl 2226 GIC 12994 : port->guc_options = lappend(port->guc_options,
2227 12994 : pstrdup(nameptr));
2228 12994 : port->guc_options = lappend(port->guc_options,
2229 12994 : pstrdup(valptr));
1654 sfrost 2230 EUB :
2231 : /*
2232 : * Copy application_name to port if we come across it. This
2233 : * is done so we can log the application_name in the
2234 : * connection authorization message. Note that the GUC would
2235 : * be used but we haven't gone through GUC setup yet.
2236 : */
1654 sfrost 2237 GIC 12994 : if (strcmp(nameptr, "application_name") == 0)
2238 : {
208 peter 2239 GNC 8642 : port->application_name = pg_clean_ascii(valptr, 0);
1654 sfrost 2240 ECB : }
7297 tgl 2241 EUB : }
7297 tgl 2242 CBC 33630 : offset = valoffset + strlen(valptr) + 1;
7297 tgl 2243 EUB : }
2244 :
7297 tgl 2245 ECB : /*
2246 : * If we didn't find a packet terminator exactly at the end of the
2247 : * given packet length, complain.
2248 : */
7188 bruce 2249 GIC 8643 : if (offset != len - 1)
7201 tgl 2250 UIC 0 : ereport(FATAL,
2251 : (errcode(ERRCODE_PROTOCOL_VIOLATION),
2252 : errmsg("invalid startup packet layout: expected terminator as last byte")));
2253 :
2254 : /*
2255 : * If the client requested a newer protocol version or if the client
2256 : * requested any protocol options we didn't recognize, let them know
2257 : * the newest minor protocol version we do support and the names of
1957 rhaas 2258 ECB : * any unrecognized options.
1965 2259 : */
1965 rhaas 2260 GIC 8643 : if (PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST) ||
2261 : unrecognized_protocol_options != NIL)
1965 rhaas 2262 UIC 0 : SendNegotiateProtocolVersion(unrecognized_protocol_options);
2263 : }
8083 tgl 2264 ECB :
2265 : /* Check a user name was given. */
7297 tgl 2266 GIC 8643 : if (port->user_name == NULL || port->user_name[0] == '\0')
7201 tgl 2267 UIC 0 : ereport(FATAL,
2268 : (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
2269 : errmsg("no PostgreSQL user name specified in startup packet")));
2270 :
7297 tgl 2271 ECB : /* The database defaults to the user name. */
7297 tgl 2272 GIC 8643 : if (port->database_name == NULL || port->database_name[0] == '\0')
7297 tgl 2273 LBC 0 : port->database_name = pstrdup(port->user_name);
7297 tgl 2274 ECB :
7539 bruce 2275 GIC 8643 : if (Db_user_namespace)
2276 : {
2277 : /*
6385 bruce 2278 ECB : * If user@, it is a global user, remove '@'. We only want to do this
2279 : * if there is an '@' at the end and no earlier in the user string or
2280 : * they may fake as a local user of another database attaching to this
2281 : * database.
2282 : */
7297 tgl 2283 UIC 0 : if (strchr(port->user_name, '@') ==
2284 0 : port->user_name + strlen(port->user_name) - 1)
7297 tgl 2285 UBC 0 : *strchr(port->user_name, '@') = '\0';
2286 : else
2287 : {
2288 : /* Append '@' and dbname */
3465 peter_e 2289 UIC 0 : port->user_name = psprintf("%s@%s", port->user_name, port->database_name);
7539 bruce 2290 ECB : }
2291 : }
2292 :
2293 : /*
2294 : * Truncate given database and user names to length of a Postgres name.
6385 2295 : * This avoids lookup failures when overlength names are given.
7297 tgl 2296 : */
7297 tgl 2297 GIC 8643 : if (strlen(port->database_name) >= NAMEDATALEN)
7297 tgl 2298 UIC 0 : port->database_name[NAMEDATALEN - 1] = '\0';
7297 tgl 2299 GIC 8643 : if (strlen(port->user_name) >= NAMEDATALEN)
7297 tgl 2300 UBC 0 : port->user_name[NAMEDATALEN - 1] = '\0';
7297 tgl 2301 EUB :
1124 peter 2302 GIC 8643 : if (am_walsender)
2303 847 : MyBackendType = B_WAL_SENDER;
2304 : else
1124 peter 2305 CBC 7796 : MyBackendType = B_BACKEND;
1124 peter 2306 ECB :
2307 : /*
2308 : * Normal walsender backends, e.g. for streaming replication, are not
3317 rhaas 2309 : * connected to a particular database. But walsenders used for logical
2310 : * replication need to connect to a specific database. We allow streaming
2311 : * replication commands to be issued even if connected to a database as it
2312 : * can make sense to first make a basebackup and then stream changes
2313 : * starting from that.
2314 : */
3317 rhaas 2315 GIC 8643 : if (am_walsender && !am_db_walsender)
4832 heikki.linnakangas 2316 364 : port->database_name[0] = '\0';
2317 :
2318 : /*
2319 : * Done putting stuff in TopMemoryContext.
2320 : */
7297 tgl 2321 8643 : MemoryContextSwitchTo(oldcontext);
2322 :
2323 : /*
2324 : * If we're going to reject the connection due to database state, say so
2325 : * now instead of wasting cycles on an authentication exchange. (This also
6385 bruce 2326 EUB : * allows a pg_ping utility to be written.)
2327 : */
7050 bruce 2328 GIC 8643 : switch (port->canAcceptConnections)
2329 : {
7892 peter_e 2330 13 : case CAC_STARTUP:
7201 tgl 2331 GBC 13 : ereport(FATAL,
7201 tgl 2332 EUB : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2333 : errmsg("the database system is starting up")));
7892 peter_e 2334 : break;
745 fujii 2335 GBC 6 : case CAC_NOTCONSISTENT:
2336 6 : if (EnableHotStandby)
745 fujii 2337 GIC 6 : ereport(FATAL,
2338 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
745 fujii 2339 EUB : errmsg("the database system is not yet accepting connections"),
2340 : errdetail("Consistent recovery state has not been yet reached.")));
2341 : else
745 fujii 2342 UIC 0 : ereport(FATAL,
2343 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2344 : errmsg("the database system is not accepting connections"),
2345 : errdetail("Hot standby mode is disabled.")));
2346 : break;
7892 peter_e 2347 CBC 4 : case CAC_SHUTDOWN:
7201 tgl 2348 GIC 4 : ereport(FATAL,
7201 tgl 2349 ECB : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2350 : errmsg("the database system is shutting down")));
2351 : break;
7892 peter_e 2352 GIC 1 : case CAC_RECOVERY:
7201 tgl 2353 1 : ereport(FATAL,
2354 : (errcode(ERRCODE_CANNOT_CONNECT_NOW),
2355 : errmsg("the database system is in recovery mode")));
2356 : break;
7892 peter_e 2357 UIC 0 : case CAC_TOOMANY:
7201 tgl 2358 0 : ereport(FATAL,
2359 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
7201 tgl 2360 ECB : errmsg("sorry, too many clients already")));
7892 peter_e 2361 : break;
7892 peter_e 2362 GIC 8619 : case CAC_OK:
7621 tgl 2363 8619 : break;
2364 : }
2365 :
7963 peter_e 2366 8619 : return STATUS_OK;
2367 : }
2368 :
1965 rhaas 2369 ECB : /*
2370 : * Send a NegotiateProtocolVersion to the client. This lets the client know
2371 : * that they have requested a newer minor protocol version than we are able
2372 : * to speak. We'll speak the highest version we know about; the client can,
2373 : * of course, abandon the connection if that's a problem.
2374 : *
2375 : * We also include in the response a list of protocol options we didn't
2376 : * understand. This allows clients to include optional parameters that might
2377 : * be present either in newer protocol versions or third-party protocol
2378 : * extensions without fear of having to reconnect if those options are not
2379 : * understood, while at the same time making certain that the client is aware
2380 : * of which options were actually accepted.
2381 : */
2382 : static void
1965 rhaas 2383 UIC 0 : SendNegotiateProtocolVersion(List *unrecognized_protocol_options)
2384 : {
1965 rhaas 2385 ECB : StringInfoData buf;
2386 : ListCell *lc;
2387 :
1965 rhaas 2388 UIC 0 : pq_beginmessage(&buf, 'v'); /* NegotiateProtocolVersion */
1965 rhaas 2389 UBC 0 : pq_sendint32(&buf, PG_PROTOCOL_LATEST);
1965 rhaas 2390 UIC 0 : pq_sendint32(&buf, list_length(unrecognized_protocol_options));
2391 0 : foreach(lc, unrecognized_protocol_options)
1965 rhaas 2392 LBC 0 : pq_sendstring(&buf, lfirst(lc));
1965 rhaas 2393 UIC 0 : pq_endmessage(&buf);
2394 :
2395 : /* no need to flush, some other message will follow */
2396 0 : }
2397 :
2398 : /*
2399 : * The client has sent a cancel request packet, not a normal
2400 : * start-a-new-connection packet. Perform the necessary processing.
7963 peter_e 2401 EUB : * Nothing is sent back to the client.
2402 : */
2403 : static void
7963 peter_e 2404 GIC 2 : processCancelRequest(Port *port, void *pkt)
2405 : {
8986 bruce 2406 2 : CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
2407 : int backendPID;
2408 : int32 cancelAuthCode;
2409 : Backend *bp;
2410 :
2411 : #ifndef EXEC_BACKEND
2412 : dlist_iter iter;
7013 bruce 2413 ECB : #else
2414 : int i;
2415 : #endif
2416 :
2016 andres 2417 GIC 2 : backendPID = (int) pg_ntoh32(canc->backendPID);
2418 2 : cancelAuthCode = (int32) pg_ntoh32(canc->cancelAuthCode);
2419 :
2420 : /*
2421 : * See if we have a matching backend. In the EXEC_BACKEND case, we can no
2422 : * longer access the postmaster's own backend list, and must rely on the
6385 bruce 2423 ECB : * duplicate array in shared memory.
2424 : */
2425 : #ifndef EXEC_BACKEND
3827 alvherre 2426 CBC 3 : dlist_foreach(iter, &BackendList)
9040 scrappy 2427 ECB : {
3827 alvherre 2428 CBC 3 : bp = dlist_container(Backend, elem, iter.cur);
7013 bruce 2429 ECB : #else
5087 tgl 2430 : for (i = MaxLivePostmasterChildren() - 1; i >= 0; i--)
7013 bruce 2431 : {
2432 : bp = (Backend *) &ShmemBackendArray[i];
2433 : #endif
9040 scrappy 2434 CBC 3 : if (bp->pid == backendPID)
2435 : {
9040 scrappy 2436 GIC 2 : if (bp->cancel_key == cancelAuthCode)
2437 : {
2438 : /* Found a match; signal that backend to cancel current op */
7180 tgl 2439 2 : ereport(DEBUG2,
2440 : (errmsg_internal("processing cancel request: sending SIGINT to process %d",
7180 tgl 2441 ECB : backendPID)));
5983 tgl 2442 GBC 2 : signal_child(bp->pid, SIGINT);
2443 : }
2444 : else
2445 : /* Right PID, wrong key: no way, Jose */
5634 neilc 2446 UIC 0 : ereport(LOG,
2447 : (errmsg("wrong key in cancel request for process %d",
2448 : backendPID)));
7963 peter_e 2449 GIC 2 : return;
2450 : }
2451 : #ifndef EXEC_BACKEND /* make GNU Emacs 26.1 see brace balance */
2452 : }
2453 : #else
2454 : }
2455 : #endif
9040 scrappy 2456 ECB :
9040 scrappy 2457 EUB : /* No matching backend */
5634 neilc 2458 UIC 0 : ereport(LOG,
5596 peter_e 2459 ECB : (errmsg("PID %d in cancel request did not match any process",
2460 : backendPID)));
2461 : }
2462 :
2463 : /*
2464 : * canAcceptConnections --- check to see if database state allows connections
2465 : * of the specified type. backend_type can be BACKEND_TYPE_NORMAL,
2466 : * BACKEND_TYPE_AUTOVAC, or BACKEND_TYPE_BGWORKER. (Note that we don't yet
2467 : * know whether a NORMAL connection might turn into a walsender.)
2468 : */
4529 tgl 2469 : static CAC_state
1280 tgl 2470 GIC 11004 : canAcceptConnections(int backend_type)
2471 : {
4529 2472 11004 : CAC_state result = CAC_OK;
4529 tgl 2473 ECB :
2474 : /*
4790 bruce 2475 EUB : * Can't start backends when in startup/shutdown/inconsistent recovery
2476 : * state. We treat autovac workers the same as user backends for this
2477 : * purpose. However, bgworkers are excluded from this test; we expect
1280 tgl 2478 : * bgworker_should_start_now() decided whether the DB state allows them.
2479 : */
968 tgl 2480 GIC 11004 : if (pmState != PM_RUN && pmState != PM_HOT_STANDBY &&
1280 tgl 2481 ECB : backend_type != BACKEND_TYPE_BGWORKER)
2482 : {
968 tgl 2483 GBC 24 : if (Shutdown > NoShutdown)
5624 bruce 2484 4 : return CAC_SHUTDOWN; /* shutdown is pending */
745 fujii 2485 20 : else if (!FatalError && pmState == PM_STARTUP)
4382 bruce 2486 13 : return CAC_STARTUP; /* normal startup */
745 fujii 2487 GIC 7 : else if (!FatalError && pmState == PM_RECOVERY)
2488 6 : return CAC_NOTCONSISTENT; /* not yet at consistent recovery
745 fujii 2489 ECB : * state */
2490 : else
4529 tgl 2491 GIC 1 : return CAC_RECOVERY; /* else must be crash recovery */
2492 : }
2493 :
2494 : /*
2495 : * "Smart shutdown" restrictions are applied only to normal connections,
2496 : * not to autovac workers or bgworkers.
2497 : */
368 sfrost 2498 10980 : if (!connsAllowed && backend_type == BACKEND_TYPE_NORMAL)
368 sfrost 2499 UIC 0 : return CAC_SHUTDOWN; /* shutdown is pending */
968 tgl 2500 ECB :
2501 : /*
7967 2502 : * Don't start too many children.
2503 : *
2504 : * We allow more connections here than we can have backends because some
2505 : * might still be authenticating; they might fail auth, or some existing
2506 : * backend might exit before the auth cycle is completed. The exact
2507 : * MaxBackends limit is enforced when a new backend tries to join the
2508 : * shared-inval backend array.
2509 : *
2510 : * The limit here must match the sizes of the per-child-process arrays;
2511 : * see comments for MaxLivePostmasterChildren().
2512 : */
4832 heikki.linnakangas 2513 GIC 10980 : if (CountChildren(BACKEND_TYPE_ALL) >= MaxLivePostmasterChildren())
4529 tgl 2514 UIC 0 : result = CAC_TOOMANY;
2515 :
4529 tgl 2516 GIC 10980 : return result;
8166 tgl 2517 ECB : }
2518 :
2519 :
2520 : /*
2521 : * ConnCreate -- create a local connection data structure
4547 2522 : *
2523 : * Returns NULL on failure, other than out-of-memory which is fatal.
9770 scrappy 2524 : */
9204 2525 : static Port *
9204 scrappy 2526 GIC 8835 : ConnCreate(int serverFd)
2527 : {
2528 : Port *port;
2529 :
9345 bruce 2530 8835 : if (!(port = (Port *) calloc(1, sizeof(Port))))
2531 : {
7201 tgl 2532 UIC 0 : ereport(LOG,
2533 : (errcode(ERRCODE_OUT_OF_MEMORY),
2534 : errmsg("out of memory")));
9345 bruce 2535 LBC 0 : ExitPostmaster(1);
9345 bruce 2536 EUB : }
2537 :
9204 scrappy 2538 GIC 8835 : if (StreamConnection(serverFd, port) != STATUS_OK)
9345 bruce 2539 ECB : {
3280 bruce 2540 UIC 0 : if (port->sock != PGINVALID_SOCKET)
5899 tgl 2541 LBC 0 : StreamClose(port->sock);
8353 tgl 2542 UIC 0 : ConnFree(port);
4547 heikki.linnakangas 2543 0 : return NULL;
2544 : }
2545 :
9204 scrappy 2546 GIC 8835 : return port;
2547 : }
9770 scrappy 2548 ECB :
2549 :
8595 bruce 2550 : /*
2551 : * ConnFree -- free a local connection data structure
832 tgl 2552 : *
2553 : * Caller has already closed the socket if any, so there's not much
2554 : * to do here.
2555 : */
2556 : static void
201 pg 2557 GNC 8835 : ConnFree(Port *port)
2558 : {
2559 8835 : free(port);
8595 bruce 2560 GIC 8835 : }
8595 bruce 2561 ECB :
2562 :
2563 : /*
8095 tgl 2564 : * ClosePostmasterPorts -- close all the postmaster's open sockets
2565 : *
2566 : * This is called during child process startup to release file descriptors
2567 : * that are not needed by that child process. The postmaster still has
2568 : * them open, of course.
2569 : *
2570 : * Note: we pass am_syslogger as a boolean because we don't want to set
2571 : * the global variable yet when this is called.
2572 : */
2573 : void
6821 tgl 2574 GIC 12729 : ClosePostmasterPorts(bool am_syslogger)
2575 : {
2576 : int i;
2577 :
2578 : /* Release resources held by the postmaster's WaitEventSet. */
87 tmunro 2579 GNC 12729 : if (pm_wait_set)
2580 : {
2581 11469 : FreeWaitEventSetAfterFork(pm_wait_set);
2582 11469 : pm_wait_set = NULL;
2583 : }
2584 :
2585 : #ifndef WIN32
3955 bruce 2586 ECB :
2587 : /*
2588 : * Close the write end of postmaster death watch pipe. It's important to
2589 : * do this as early as possible, so that if postmaster dies, others won't
2590 : * think that it's still running because we're holding the pipe open.
2591 : */
1373 peter 2592 GIC 12729 : if (close(postmaster_alive_fds[POSTMASTER_FD_OWN]) != 0)
4293 heikki.linnakangas 2593 UIC 0 : ereport(FATAL,
2594 : (errcode_for_file_access(),
3955 bruce 2595 ECB : errmsg_internal("could not close postmaster death monitoring pipe in child process: %m")));
4293 heikki.linnakangas 2596 GIC 12729 : postmaster_alive_fds[POSTMASTER_FD_OWN] = -1;
1140 tgl 2597 ECB : /* Notify fd.c that we released one pipe FD. */
1140 tgl 2598 CBC 12729 : ReleaseExternalFD();
4293 heikki.linnakangas 2599 ECB : #endif
2600 :
2601 : /*
2602 : * Close the postmaster's listen sockets. These aren't tracked by fd.c,
2603 : * so we don't call ReleaseExternalFD() here.
2604 : */
7241 bruce 2605 GIC 827385 : for (i = 0; i < MAXLISTEN; i++)
7241 bruce 2606 ECB : {
4837 magnus 2607 GIC 814656 : if (ListenSocket[i] != PGINVALID_SOCKET)
2608 : {
7241 bruce 2609 13101 : StreamClose(ListenSocket[i]);
4837 magnus 2610 13101 : ListenSocket[i] = PGINVALID_SOCKET;
2611 : }
2612 : }
2613 :
2614 : /*
2615 : * If using syslogger, close the read side of the pipe. We don't bother
2616 : * tracking this in fd.c, either.
1140 tgl 2617 EUB : */
6821 tgl 2618 GBC 12729 : if (!am_syslogger)
6821 tgl 2619 EUB : {
2620 : #ifndef WIN32
6821 tgl 2621 GBC 12728 : if (syslogPipe[0] >= 0)
6821 tgl 2622 GIC 14 : close(syslogPipe[0]);
2623 12728 : syslogPipe[0] = -1;
2624 : #else
2625 : if (syslogPipe[0])
2626 : CloseHandle(syslogPipe[0]);
2627 : syslogPipe[0] = 0;
2628 : #endif
6821 tgl 2629 ECB : }
2630 :
4961 2631 : #ifdef USE_BONJOUR
2632 : /* If using Bonjour, close the connection to the mDNS daemon */
2633 : if (bonjour_sdref)
2634 : close(DNSServiceRefSockFD(bonjour_sdref));
2635 : #endif
8095 tgl 2636 GIC 12729 : }
2637 :
8182 bruce 2638 ECB :
2639 : /*
1633 tmunro 2640 : * InitProcessGlobals -- set MyProcPid, MyStartTime[stamp], random seeds
2641 : *
1562 tgl 2642 : * Called early in the postmaster and every backend.
1633 tmunro 2643 : */
2644 : void
1633 tmunro 2645 CBC 14586 : InitProcessGlobals(void)
1633 tmunro 2646 ECB : {
1633 tmunro 2647 GIC 14586 : MyProcPid = getpid();
2648 14586 : MyStartTimestamp = GetCurrentTimestamp();
2649 14586 : MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
2650 :
2651 : /*
497 tgl 2652 ECB : * Set a different global seed in every process. We want something
2653 : * unpredictable, so if possible, use high-quality random bits for the
1562 2654 : * seed. Otherwise, fall back to a seed based on timestamp and PID.
2655 : */
497 tgl 2656 CBC 14586 : if (unlikely(!pg_prng_strong_seed(&pg_global_prng_state)))
1562 tgl 2657 ECB : {
2658 : uint64 rseed;
497 2659 :
1562 2660 : /*
2661 : * Since PIDs and timestamps tend to change more frequently in their
2662 : * least significant bits, shift the timestamp left to allow a larger
2663 : * total number of seeds in a given time period. Since that would
2664 : * leave only 20 bits of the timestamp that cycle every ~1 second,
2665 : * also mix in some higher bits.
2666 : */
1562 tgl 2667 UIC 0 : rseed = ((uint64) MyProcPid) ^
1606 tmunro 2668 LBC 0 : ((uint64) MyStartTimestamp << 12) ^
1562 tgl 2669 UIC 0 : ((uint64) MyStartTimestamp >> 20);
497 tgl 2670 ECB :
497 tgl 2671 UIC 0 : pg_prng_seed(&pg_global_prng_state, rseed);
2672 : }
497 tgl 2673 ECB :
2674 : /*
2675 : * Also make sure that we've set a good seed for random(3). Use of that
2676 : * is deprecated in core Postgres, but extensions might use it.
2677 : */
2678 : #ifndef WIN32
497 tgl 2679 CBC 14586 : srandom(pg_prng_uint32(&pg_global_prng_state));
497 tgl 2680 ECB : #endif
1633 tmunro 2681 CBC 14586 : }
1633 tmunro 2682 ECB :
87 2683 : /*
2684 : * Child processes use SIGUSR1 to notify us of 'pmsignals'. pg_ctl uses
2685 : * SIGUSR1 to ask postmaster to check for logrotate and promote files.
2686 : */
2687 : static void
87 tmunro 2688 GNC 2383 : handle_pm_pmsignal_signal(SIGNAL_ARGS)
2689 : {
87 tmunro 2690 GIC 2383 : int save_errno = errno;
87 tmunro 2691 ECB :
87 tmunro 2692 GNC 2383 : pending_pm_pmsignal = true;
2693 2383 : SetLatch(MyLatch);
2694 :
2695 2383 : errno = save_errno;
2696 2383 : }
2697 :
2698 : /*
2699 : * pg_ctl uses SIGHUP to request a reload of the configuration files.
2700 : */
2701 : static void
2702 103 : handle_pm_reload_request_signal(SIGNAL_ARGS)
2703 : {
8147 tgl 2704 103 : int save_errno = errno;
2705 :
87 tmunro 2706 103 : pending_pm_reload_request = true;
2707 103 : SetLatch(MyLatch);
2708 :
2709 103 : errno = save_errno;
2710 103 : }
2711 :
2712 : /*
2713 : * Re-read config files, and tell children to do same.
2714 : */
2715 : static void
2716 103 : process_pm_reload_request(void)
2717 : {
2718 103 : pending_pm_reload_request = false;
2719 :
2720 103 : ereport(DEBUG2,
2721 : (errmsg_internal("postmaster received reload request signal")));
2722 :
7969 tgl 2723 GIC 103 : if (Shutdown <= SmartShutdown)
7969 tgl 2724 ECB : {
7201 tgl 2725 CBC 103 : ereport(LOG,
2726 : (errmsg("received SIGHUP, reloading configuration files")));
7826 tgl 2727 GIC 103 : ProcessConfigFile(PGC_SIGHUP);
7276 bruce 2728 103 : SignalChildren(SIGHUP);
5149 heikki.linnakangas 2729 103 : if (StartupPID != 0)
2730 18 : signal_child(StartupPID, SIGHUP);
6889 tgl 2731 103 : if (BgWriterPID != 0)
5983 2732 103 : signal_child(BgWriterPID, SIGHUP);
4177 simon 2733 103 : if (CheckpointerPID != 0)
4177 simon 2734 CBC 103 : signal_child(CheckpointerPID, SIGHUP);
5738 tgl 2735 GIC 103 : if (WalWriterPID != 0)
2736 85 : signal_child(WalWriterPID, SIGHUP);
4832 heikki.linnakangas 2737 103 : if (WalReceiverPID != 0)
2738 16 : signal_child(WalReceiverPID, SIGHUP);
6478 tgl 2739 103 : if (AutoVacPID != 0)
5983 2740 83 : signal_child(AutoVacPID, SIGHUP);
6838 tgl 2741 CBC 103 : if (PgArchPID != 0)
5983 tgl 2742 GIC 4 : signal_child(PgArchPID, SIGHUP);
6821 tgl 2743 CBC 103 : if (SysLoggerPID != 0)
5983 tgl 2744 UIC 0 : signal_child(SysLoggerPID, SIGHUP);
6622 tgl 2745 ECB :
2746 : /* Reload authentication config files too */
5319 magnus 2747 CBC 103 : if (!load_hba())
2288 tgl 2748 UIC 0 : ereport(LOG,
1424 alvherre 2749 ECB : /* translator: %s is a configuration file */
2750 : (errmsg("%s was not reloaded", HbaFileName)));
5319 magnus 2751 :
3852 heikki.linnakangas 2752 CBC 103 : if (!load_ident())
2288 tgl 2753 LBC 0 : ereport(LOG,
2754 : (errmsg("%s was not reloaded", IdentFileName)));
7081 JanWieck 2755 ECB :
2288 tgl 2756 : #ifdef USE_SSL
2757 : /* Reload SSL configuration as well */
2288 tgl 2758 CBC 103 : if (EnableSSL)
2759 : {
2288 tgl 2760 LBC 0 : if (secure_initialize(false) == 0)
2288 tgl 2761 UIC 0 : LoadedSSL = true;
2288 tgl 2762 ECB : else
2288 tgl 2763 LBC 0 : ereport(LOG,
2764 : (errmsg("SSL configuration was not reloaded")));
2765 : }
2766 : else
2767 : {
2288 tgl 2768 GIC 103 : secure_destroy();
2288 tgl 2769 CBC 103 : LoadedSSL = false;
2770 : }
2771 : #endif
2772 :
6890 tgl 2773 ECB : #ifdef EXEC_BACKEND
2774 : /* Update the starting-point file for future children */
2775 : write_nondefault_variables(PGC_SIGHUP);
2776 : #endif
2777 : }
87 tmunro 2778 GIC 103 : }
87 tmunro 2779 ECB :
2780 : /*
2781 : * pg_ctl uses SIGTERM, SIGINT and SIGQUIT to request different types of
2782 : * shutdown.
2783 : */
2784 : static void
87 tmunro 2785 GNC 590 : handle_pm_shutdown_request_signal(SIGNAL_ARGS)
87 tmunro 2786 ECB : {
87 tmunro 2787 GIC 590 : int save_errno = errno;
2788 :
87 tmunro 2789 GBC 590 : switch (postgres_signal_arg)
87 tmunro 2790 ECB : {
87 tmunro 2791 CBC 6 : case SIGTERM:
2792 : /* smart is implied if the other two flags aren't set */
87 tmunro 2793 GNC 6 : pending_pm_shutdown_request = true;
2794 6 : break;
2795 346 : case SIGINT:
2796 346 : pending_pm_fast_shutdown_request = true;
2797 346 : pending_pm_shutdown_request = true;
2798 346 : break;
2799 238 : case SIGQUIT:
2800 238 : pending_pm_immediate_shutdown_request = true;
2801 238 : pending_pm_shutdown_request = true;
2802 238 : break;
2803 : }
2804 590 : SetLatch(MyLatch);
2805 :
8147 tgl 2806 590 : errno = save_errno;
8348 peter_e 2807 590 : }
2808 :
2809 : /*
2810 : * Process shutdown request.
2811 : */
2812 : static void
87 tmunro 2813 590 : process_pm_shutdown_request(void)
2814 : {
2815 : int mode;
2816 :
7180 tgl 2817 590 : ereport(DEBUG2,
2818 : (errmsg_internal("postmaster received shutdown request signal")));
2819 :
87 tmunro 2820 590 : pending_pm_shutdown_request = false;
2821 :
2822 : /*
2823 : * If more than one shutdown request signal arrived since the last server
2824 : * loop, take the one that is the most immediate. That matches the
2825 : * priority that would apply if we processed them one by one in any order.
2826 : */
2827 590 : if (pending_pm_immediate_shutdown_request)
2828 : {
2829 238 : pending_pm_immediate_shutdown_request = false;
2830 238 : pending_pm_fast_shutdown_request = false;
2831 238 : mode = ImmediateShutdown;
2832 : }
2833 352 : else if (pending_pm_fast_shutdown_request)
2834 : {
2835 346 : pending_pm_fast_shutdown_request = false;
2836 346 : mode = FastShutdown;
2837 : }
2838 : else
2839 6 : mode = SmartShutdown;
2840 :
2841 590 : switch (mode)
2842 : {
2843 6 : case SmartShutdown:
2844 :
2845 : /*
2846 : * Smart Shutdown:
8586 vadim4o 2847 ECB : *
2848 : * Wait for children to end their work, then shut down.
2849 : */
8586 vadim4o 2850 GIC 6 : if (Shutdown >= SmartShutdown)
7826 tgl 2851 UIC 0 : break;
8586 vadim4o 2852 GIC 6 : Shutdown = SmartShutdown;
7201 tgl 2853 6 : ereport(LOG,
2854 : (errmsg("received smart shutdown request")));
2855 :
2856 : /* Report status */
2111 tgl 2857 CBC 6 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2700 peter_e 2858 ECB : #ifdef USE_SYSTEMD
2700 peter_e 2859 GBC 6 : sd_notify(0, "STOPPING=1");
2860 : #endif
2861 :
968 tgl 2862 EUB : /*
2863 : * If we reached normal running, we go straight to waiting for
2864 : * client backends to exit. If already in PM_STOP_BACKENDS or a
2865 : * later state, do not change it.
2866 : */
368 sfrost 2867 GIC 6 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2868 6 : connsAllowed = false;
968 tgl 2869 UIC 0 : else if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
5722 tgl 2870 ECB : {
968 2871 : /* There should be no clients, so proceed to stop children */
968 tgl 2872 UIC 0 : pmState = PM_STOP_BACKENDS;
5722 tgl 2873 ECB : }
2874 :
2875 : /*
2876 : * Now wait for online backup mode to end and backends to exit. If
2877 : * that is already the case, PostmasterStateMachine will take the
2878 : * next step.
2879 : */
5722 tgl 2880 GIC 6 : PostmasterStateMachine();
7826 tgl 2881 CBC 6 : break;
8586 vadim4o 2882 EUB :
87 tmunro 2883 GNC 346 : case FastShutdown:
6797 bruce 2884 ECB :
2885 : /*
2886 : * Fast Shutdown:
2887 : *
6347 2888 : * Abort all children with SIGTERM (rollback active transactions
2889 : * and exit) and shut down when they are gone.
8586 vadim4o 2890 : */
8586 vadim4o 2891 GIC 346 : if (Shutdown >= FastShutdown)
7826 tgl 2892 UIC 0 : break;
6997 tgl 2893 CBC 346 : Shutdown = FastShutdown;
7201 tgl 2894 GIC 346 : ereport(LOG,
2895 : (errmsg("received fast shutdown request")));
2111 tgl 2896 EUB :
2897 : /* Report status */
2111 tgl 2898 CBC 346 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2700 peter_e 2899 ECB : #ifdef USE_SYSTEMD
2700 peter_e 2900 GIC 346 : sd_notify(0, "STOPPING=1");
2901 : #endif
6997 tgl 2902 ECB :
1684 michael 2903 GIC 346 : if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
5163 heikki.linnakangas 2904 ECB : {
2905 : /* Just shut down background processes silently */
968 tgl 2906 UIC 0 : pmState = PM_STOP_BACKENDS;
2907 : }
4672 rhaas 2908 GIC 346 : else if (pmState == PM_RUN ||
2909 33 : pmState == PM_HOT_STANDBY)
2910 : {
968 tgl 2911 ECB : /* Report that we're about to zap live client sessions */
5722 tgl 2912 CBC 346 : ereport(LOG,
2913 : (errmsg("aborting any active transactions")));
968 2914 346 : pmState = PM_STOP_BACKENDS;
2915 : }
2916 :
2917 : /*
2918 : * PostmasterStateMachine will issue any necessary signals, or
2919 : * take the next step if no child processes need to be killed.
2920 : */
5722 tgl 2921 GIC 346 : PostmasterStateMachine();
7826 2922 346 : break;
8586 vadim4o 2923 ECB :
87 tmunro 2924 GNC 238 : case ImmediateShutdown:
6797 bruce 2925 ECB :
8397 2926 : /*
2927 : * Immediate Shutdown:
2928 : *
2929 : * abort all children with SIGQUIT, wait for them to exit,
3572 alvherre 2930 : * terminate remaining ones with SIGKILL, then exit without
2931 : * attempt to properly shut down the data base system.
8586 vadim4o 2932 : */
3572 alvherre 2933 GIC 238 : if (Shutdown >= ImmediateShutdown)
3572 alvherre 2934 UIC 0 : break;
3572 alvherre 2935 GIC 238 : Shutdown = ImmediateShutdown;
7201 tgl 2936 238 : ereport(LOG,
2615 tgl 2937 ECB : (errmsg("received immediate shutdown request")));
2111 2938 :
2939 : /* Report status */
2111 tgl 2940 GIC 238 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2941 : #ifdef USE_SYSTEMD
2700 peter_e 2942 CBC 238 : sd_notify(0, "STOPPING=1");
2943 : #endif
2944 :
2945 : /* tell children to shut down ASAP */
2946 : /* (note we don't apply send_abort_for_crash here) */
836 tgl 2947 GIC 238 : SetQuitSignalReason(PMQUIT_FOR_STOP);
3572 alvherre 2948 238 : TerminateChildren(SIGQUIT);
3572 alvherre 2949 CBC 238 : pmState = PM_WAIT_BACKENDS;
3572 alvherre 2950 ECB :
2951 : /* set stopwatch for them to die */
3572 alvherre 2952 CBC 238 : AbortStartTime = time(NULL);
2953 :
2954 : /*
3572 alvherre 2955 ECB : * Now wait for backends to exit. If there are none,
2956 : * PostmasterStateMachine will take the next step.
2957 : */
3572 alvherre 2958 GIC 238 : PostmasterStateMachine();
8586 vadim4o 2959 CBC 238 : break;
8993 scrappy 2960 ECB : }
87 tmunro 2961 GNC 590 : }
2962 :
2963 : static void
2964 13536 : handle_pm_child_exit_signal(SIGNAL_ARGS)
2965 : {
2966 13536 : int save_errno = errno;
2967 :
2968 13536 : pending_pm_child_exit = true;
2969 13536 : SetLatch(MyLatch);
2970 :
7826 tgl 2971 GIC 13536 : errno = save_errno;
9770 scrappy 2972 13536 : }
2973 :
9770 scrappy 2974 ECB : /*
2975 : * Cleanup after a child process dies.
2976 : */
2977 : static void
87 tmunro 2978 GNC 13502 : process_pm_child_exit(void)
9770 scrappy 2979 ECB : {
5722 tgl 2980 : int pid; /* process id of dead child process */
2981 : int exitstatus; /* its exit status */
2982 :
87 tmunro 2983 GNC 13502 : pending_pm_child_exit = false;
87 tmunro 2984 ECB :
7180 tgl 2985 GIC 13502 : ereport(DEBUG4,
2986 : (errmsg_internal("reaping dead processes")));
2987 :
3930 2988 27539 : while ((pid = waitpid(-1, &exitstatus, WNOHANG)) > 0)
2989 : {
7824 tgl 2990 ECB : /*
6889 2991 : * Check if this child was a startup process.
2992 : */
5722 tgl 2993 CBC 14037 : if (pid == StartupPID)
8586 vadim4o 2994 ECB : {
6889 tgl 2995 GIC 597 : StartupPID = 0;
5722 tgl 2996 ECB :
2997 : /*
2998 : * Startup process exited in response to a shutdown request (or it
3791 2999 : * completed normally regardless of the shutdown request).
3000 : */
3791 tgl 3001 GBC 597 : if (Shutdown > NoShutdown &&
3791 tgl 3002 GIC 76 : (EXIT_STATUS_0(exitstatus) || EXIT_STATUS_1(exitstatus)))
3791 tgl 3003 EUB : {
2831 tgl 3004 GBC 33 : StartupStatus = STARTUP_NOT_RUNNING;
3791 3005 33 : pmState = PM_WAIT_BACKENDS;
3057 simon 3006 EUB : /* PostmasterStateMachine logic does the rest */
3057 simon 3007 GIC 33 : continue;
3057 simon 3008 EUB : }
3009 :
3057 simon 3010 GIC 564 : if (EXIT_STATUS_3(exitstatus))
3011 : {
3057 simon 3012 UIC 0 : ereport(LOG,
3013 : (errmsg("shutdown at recovery target")));
2831 tgl 3014 0 : StartupStatus = STARTUP_NOT_RUNNING;
968 3015 0 : Shutdown = Max(Shutdown, SmartShutdown);
3057 simon 3016 LBC 0 : TerminateChildren(SIGTERM);
3017 0 : pmState = PM_WAIT_BACKENDS;
3791 tgl 3018 ECB : /* PostmasterStateMachine logic does the rest */
3791 tgl 3019 UIC 0 : continue;
3791 tgl 3020 EUB : }
3021 :
5163 heikki.linnakangas 3022 : /*
3023 : * Unexpected exit of startup process (including FATAL exit)
5035 tgl 3024 : * during PM_STARTUP is treated as catastrophic. There are no
3025 : * other processes running yet, so we can just exit.
3026 : */
1322 tgl 3027 GIC 564 : if (pmState == PM_STARTUP &&
3028 413 : StartupStatus != STARTUP_SIGNALED &&
3029 413 : !EXIT_STATUS_0(exitstatus))
3030 : {
6620 bruce 3031 UIC 0 : LogChildExit(LOG, _("startup process"),
3032 : pid, exitstatus);
7201 tgl 3033 0 : ereport(LOG,
3034 : (errmsg("aborting startup due to startup process failure")));
8166 3035 0 : ExitPostmaster(1);
3036 : }
3037 :
3038 : /*
3039 : * After PM_STARTUP, any unexpected exit (including FATAL exit) of
3040 : * the startup process is catastrophic, so kill other children,
3041 : * and set StartupStatus so we don't try to reinitialize after
3042 : * they're gone. Exception: if StartupStatus is STARTUP_SIGNALED,
3043 : * then we previously sent the startup process a SIGQUIT; so
3044 : * that's probably the reason it died, and we do want to try to
4080 tgl 3045 ECB : * restart in that case.
3046 : *
1322 3047 : * This stanza also handles the case where we sent a SIGQUIT
3048 : * during PM_STARTUP due to some dead_end child crashing: in that
3049 : * situation, if the startup process dies on the SIGQUIT, we need
3050 : * to transition to PM_WAIT_BACKENDS state which will allow
1322 tgl 3051 EUB : * PostmasterStateMachine to restart the startup process. (On the
3052 : * other hand, the startup process might complete normally, if we
3053 : * were too late with the SIGQUIT. In that case we'll fall
1322 tgl 3054 ECB : * through and commence normal operations.)
7350 3055 : */
5163 heikki.linnakangas 3056 CBC 564 : if (!EXIT_STATUS_0(exitstatus))
5722 tgl 3057 ECB : {
2831 tgl 3058 GIC 46 : if (StartupStatus == STARTUP_SIGNALED)
3059 : {
3060 43 : StartupStatus = STARTUP_NOT_RUNNING;
1322 3061 43 : if (pmState == PM_STARTUP)
1322 tgl 3062 UIC 0 : pmState = PM_WAIT_BACKENDS;
1322 tgl 3063 ECB : }
2831 3064 : else
2831 tgl 3065 CBC 3 : StartupStatus = STARTUP_CRASHED;
5163 heikki.linnakangas 3066 46 : HandleChildCrash(pid, exitstatus,
3067 46 : _("startup process"));
5722 tgl 3068 46 : continue;
3069 : }
3070 :
3071 : /*
3072 : * Startup succeeded, commence normal operations
3073 : */
2831 tgl 3074 GIC 518 : StartupStatus = STARTUP_NOT_RUNNING;
5158 heikki.linnakangas 3075 CBC 518 : FatalError = false;
1322 tgl 3076 GBC 518 : AbortStartTime = 0;
4701 rhaas 3077 CBC 518 : ReachedNormalRunning = true;
5158 heikki.linnakangas 3078 GBC 518 : pmState = PM_RUN;
368 sfrost 3079 CBC 518 : connsAllowed = true;
5158 heikki.linnakangas 3080 ECB :
3081 : /*
3082 : * Crank up the background tasks, if we didn't do that already
3083 : * when we entered consistent recovery state. It doesn't matter
3084 : * if this fails, we'll just try again later.
3085 : */
4177 simon 3086 CBC 518 : if (CheckpointerPID == 0)
4177 simon 3087 LBC 0 : CheckpointerPID = StartCheckpointer();
3964 simon 3088 CBC 518 : if (BgWriterPID == 0)
3964 simon 3089 LBC 0 : BgWriterPID = StartBackgroundWriter();
3985 tgl 3090 GIC 518 : if (WalWriterPID == 0)
3091 518 : WalWriterPID = StartWalWriter();
5158 heikki.linnakangas 3092 ECB :
3093 : /*
3094 : * Likewise, start other special children as needed. In a restart
3095 : * situation, some of them may be alive already.
3096 : */
4367 bruce 3097 GIC 518 : if (!IsBinaryUpgrade && AutoVacuumingActive() && AutoVacPID == 0)
5158 heikki.linnakangas 3098 493 : AutoVacPID = StartAutoVacLauncher();
2858 fujii 3099 CBC 518 : if (PgArchStartupAllowed() && PgArchPID == 0)
755 fujii 3100 GIC 27 : PgArchPID = StartArchiver();
5158 heikki.linnakangas 3101 ECB :
3102 : /* workers may be scheduled to start now */
2174 tgl 3103 GIC 518 : maybe_start_bgworkers();
3776 alvherre 3104 ECB :
3105 : /* at this point we are really open for business */
5158 heikki.linnakangas 3106 GIC 518 : ereport(LOG,
3107 : (errmsg("database system is ready to accept connections")));
3108 :
3109 : /* Report status */
2111 tgl 3110 518 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
3111 : #ifdef USE_SYSTEMD
2700 peter_e 3112 CBC 518 : sd_notify(0, "READY=1");
3113 : #endif
2700 peter_e 3114 ECB :
5156 heikki.linnakangas 3115 CBC 518 : continue;
6889 tgl 3116 ECB : }
3117 :
3118 : /*
3119 : * Was it the bgwriter? Normal exit can be ignored; we'll start a new
3120 : * one at the next iteration of the postmaster's main loop, if
3121 : * necessary. Any other exit condition is treated as a crash.
3122 : */
5722 tgl 3123 GIC 13440 : if (pid == BgWriterPID)
6889 tgl 3124 ECB : {
6873 tgl 3125 GIC 597 : BgWriterPID = 0;
4177 simon 3126 CBC 597 : if (!EXIT_STATUS_0(exitstatus))
3127 245 : HandleChildCrash(pid, exitstatus,
4177 simon 3128 GIC 245 : _("background writer process"));
3129 597 : continue;
3130 : }
3131 :
3132 : /*
3133 : * Was it the checkpointer?
3134 : */
3135 12843 : if (pid == CheckpointerPID)
3136 : {
3137 597 : CheckpointerPID = 0;
5722 tgl 3138 597 : if (EXIT_STATUS_0(exitstatus) && pmState == PM_SHUTDOWN)
3139 : {
3140 : /*
3141 : * OK, we saw normal exit of the checkpointer after it's been
3142 : * told to shut down. We expect that it wrote a shutdown
3260 bruce 3143 ECB : * checkpoint. (If for some reason it didn't, recovery will
3144 : * occur on next postmaster start.)
3145 : *
5567 tgl 3146 : * At this point we should have no normal backend children
3147 : * left (else we'd not be in PM_SHUTDOWN state) but we might
3148 : * have dead_end children to wait for.
3149 : *
3150 : * If we have an archiver subprocess, tell it to do a last
3151 : * archive cycle and quit. Likewise, if we have walsender
3152 : * processes, tell them to send any remaining WAL and quit.
6889 3153 : */
5722 tgl 3154 GIC 352 : Assert(Shutdown > NoShutdown);
5567 tgl 3155 ECB :
3156 : /* Waken archiver for the last time */
5567 tgl 3157 GIC 352 : if (PgArchPID != 0)
3158 10 : signal_child(PgArchPID, SIGUSR2);
3159 :
3160 : /*
3161 : * Waken walsenders for the last time. No regular backends
3162 : * should be around anymore.
4832 heikki.linnakangas 3163 ECB : */
2134 andres 3164 CBC 352 : SignalChildren(SIGUSR2);
3165 :
4832 heikki.linnakangas 3166 GIC 352 : pmState = PM_SHUTDOWN_2;
8586 vadim4o 3167 ECB : }
3168 : else
3169 : {
3170 : /*
3171 : * Any unexpected exit of the checkpointer (including FATAL
3172 : * exit) is treated as a crash.
3173 : */
5722 tgl 3174 GIC 245 : HandleChildCrash(pid, exitstatus,
4177 simon 3175 CBC 245 : _("checkpointer process"));
3176 : }
5974 tgl 3177 ECB :
6889 tgl 3178 CBC 597 : continue;
8586 vadim4o 3179 ECB : }
7961 JanWieck 3180 :
5738 tgl 3181 : /*
3182 : * Was it the wal writer? Normal exit can be ignored; we'll start a
3183 : * new one at the next iteration of the postmaster's main loop, if
3184 : * necessary. Any other exit condition is treated as a crash.
3185 : */
5722 tgl 3186 GIC 12246 : if (pid == WalWriterPID)
3187 : {
5738 3188 518 : WalWriterPID = 0;
3189 518 : if (!EXIT_STATUS_0(exitstatus))
5738 tgl 3190 CBC 199 : HandleChildCrash(pid, exitstatus,
5631 peter_e 3191 GIC 199 : _("WAL writer process"));
5738 tgl 3192 CBC 518 : continue;
5738 tgl 3193 ECB : }
3194 :
4832 heikki.linnakangas 3195 : /*
3196 : * Was it the wal receiver? If exit status is zero (normal) or one
3197 : * (FATAL exit), we assume everything is all right just like normal
3198 : * backends. (If we need a new wal receiver, we'll start one at the
3199 : * next iteration of the postmaster's main loop.)
3200 : */
4832 heikki.linnakangas 3201 GIC 11728 : if (pid == WalReceiverPID)
3202 : {
3203 201 : WalReceiverPID = 0;
3204 201 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
4832 heikki.linnakangas 3205 CBC 29 : HandleChildCrash(pid, exitstatus,
4832 heikki.linnakangas 3206 GIC 29 : _("WAL receiver process"));
4832 heikki.linnakangas 3207 CBC 201 : continue;
4832 heikki.linnakangas 3208 ECB : }
3209 :
6478 tgl 3210 : /*
5624 bruce 3211 : * Was it the autovacuum launcher? Normal exit can be ignored; we'll
3212 : * start a new one at the next iteration of the postmaster's main
3213 : * loop, if necessary. Any other exit condition is treated as a
3214 : * crash.
3215 : */
5722 tgl 3216 GIC 11527 : if (pid == AutoVacPID)
3217 : {
6478 3218 493 : AutoVacPID = 0;
5897 alvherre 3219 493 : if (!EXIT_STATUS_0(exitstatus))
6478 tgl 3220 190 : HandleChildCrash(pid, exitstatus,
5897 alvherre 3221 190 : _("autovacuum launcher process"));
6478 tgl 3222 493 : continue;
6478 tgl 3223 ECB : }
3224 :
6838 3225 : /*
755 fujii 3226 : * Was it the archiver? If exit status is zero (normal) or one (FATAL
3227 : * exit), we assume everything is all right just like normal backends
3228 : * and just try to restart a new one so that we immediately retry
3229 : * archiving remaining files. (If fail, we'll try again in future
755 fujii 3230 EUB : * cycles of the postmaster's main loop.) Unless we were waiting for
755 fujii 3231 ECB : * it to shut down; don't restart it in that case, and
3232 : * PostmasterStateMachine() will advance to the next shutdown step.
3233 : */
5722 tgl 3234 GIC 11034 : if (pid == PgArchPID)
6838 tgl 3235 ECB : {
6838 tgl 3236 GIC 30 : PgArchPID = 0;
755 fujii 3237 GBC 30 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
755 fujii 3238 GIC 20 : HandleChildCrash(pid, exitstatus,
755 fujii 3239 GBC 20 : _("archiver process"));
2858 3240 30 : if (PgArchStartupAllowed())
755 fujii 3241 UBC 0 : PgArchPID = StartArchiver();
6838 tgl 3242 GIC 30 : continue;
6838 tgl 3243 EUB : }
3244 :
3245 : /* Was it the system logger? If so, try to start a new one */
5722 tgl 3246 GIC 11004 : if (pid == SysLoggerPID)
6821 tgl 3247 ECB : {
6821 tgl 3248 UIC 0 : SysLoggerPID = 0;
3249 : /* for safety's sake, launch new logger *first* */
6821 tgl 3250 LBC 0 : SysLoggerPID = SysLogger_Start();
5983 3251 0 : if (!EXIT_STATUS_0(exitstatus))
6620 bruce 3252 UIC 0 : LogChildExit(LOG, _("system logger process"),
3253 : pid, exitstatus);
6821 tgl 3254 0 : continue;
3255 : }
3256 :
3776 alvherre 3257 ECB : /* Was it one of our background workers? */
3776 alvherre 3258 GIC 11004 : if (CleanupBackgroundWorker(pid, exitstatus))
3259 : {
3260 : /* have it be restarted */
3261 2153 : HaveCrashedWorker = true;
3262 2153 : continue;
3263 : }
3776 alvherre 3264 ECB :
7274 tgl 3265 : /*
3266 : * Else do standard backend child cleanup.
3267 : */
6822 tgl 3268 GIC 8851 : CleanupBackend(pid, exitstatus);
3269 : } /* loop over pending child-death reports */
3270 :
3271 : /*
3272 : * After cleaning out the SIGCHLD queue, see if we have any state changes
3273 : * or actions to make.
3274 : */
5722 3275 13502 : PostmasterStateMachine();
9770 scrappy 3276 CBC 12909 : }
3277 :
3278 : /*
3279 : * Scan the bgworkers list and see if the given PID (which has just stopped
3776 alvherre 3280 ECB : * or crashed) is in it. Handle its shutdown if so, and return true. If not a
3281 : * bgworker, return false.
3282 : *
3283 : * This is heavily based on CleanupBackend. One important difference is that
3284 : * we don't know yet that the dying process is a bgworker, so we must be silent
3285 : * until we're sure it is.
3286 : */
3287 : static bool
3776 alvherre 3288 GIC 11004 : CleanupBackgroundWorker(int pid,
3289 : int exitstatus) /* child's exit status */
3290 : {
3776 alvherre 3291 ECB : char namebuf[MAXPGPATH];
2153 bruce 3292 : slist_mutable_iter iter;
3293 :
2228 rhaas 3294 GIC 22535 : slist_foreach_modify(iter, &BackgroundWorkerList)
3776 alvherre 3295 ECB : {
3296 : RegisteredBgWorker *rw;
3297 :
3776 alvherre 3298 CBC 13684 : rw = slist_container(RegisteredBgWorker, rw_lnode, iter.cur);
3299 :
3776 alvherre 3300 GIC 13684 : if (rw->rw_pid != pid)
3301 11531 : continue;
3302 :
3776 alvherre 3303 ECB : #ifdef WIN32
3304 : /* see CleanupBackend */
3305 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
3306 : exitstatus = 0;
3307 : #endif
3308 :
2047 peter_e 3309 GIC 2153 : snprintf(namebuf, MAXPGPATH, _("background worker \"%s\""),
3310 2153 : rw->rw_worker.bgw_type);
2047 peter_e 3311 ECB :
3312 :
3776 alvherre 3313 CBC 2153 : if (!EXIT_STATUS_0(exitstatus))
3259 rhaas 3314 ECB : {
3315 : /* Record timestamp, so we know when to restart the worker. */
3776 alvherre 3316 GIC 662 : rw->rw_crashed_at = GetCurrentTimestamp();
3317 : }
3318 : else
3319 : {
3320 : /* Zero exit status means terminate */
3321 1491 : rw->rw_crashed_at = 0;
3259 rhaas 3322 CBC 1491 : rw->rw_terminate = true;
3323 : }
3776 alvherre 3324 EUB :
3325 : /*
3326 : * Additionally, just like a backend, any exit status other than 0 or
3327 : * 1 is considered a crash and causes a system-wide restart.
3328 : */
604 andres 3329 CBC 2153 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3330 : {
604 andres 3331 GIC 210 : HandleChildCrash(pid, exitstatus, namebuf);
3332 210 : return true;
3333 : }
3334 :
3335 : /*
3336 : * We must release the postmaster child slot. If the worker failed to
3337 : * do so, it did not clean up after itself, requiring a crash-restart
3338 : * cycle.
3339 : */
604 andres 3340 CBC 1943 : if (!ReleasePostmasterChildSlot(rw->rw_child_slot))
3259 rhaas 3341 ECB : {
3259 rhaas 3342 LBC 0 : HandleChildCrash(pid, exitstatus, namebuf);
3343 0 : return true;
3776 alvherre 3344 ECB : }
3345 :
3346 : /* Get it out of the BackendList and clear out remaining data */
2777 rhaas 3347 GIC 1943 : dlist_delete(&rw->rw_backend->elem);
3776 alvherre 3348 ECB : #ifdef EXEC_BACKEND
3349 : ShmemBackendArrayRemove(rw->rw_backend);
3350 : #endif
3260 bruce 3351 :
3352 : /*
3353 : * It's possible that this background worker started some OTHER
2495 rhaas 3354 : * background worker and asked to be notified when that worker started
3355 : * or stopped. If so, cancel any notifications destined for the
3356 : * now-dead backend.
3357 : */
2777 rhaas 3358 GIC 1943 : if (rw->rw_backend->bgworker_notify)
3359 125 : BackgroundWorkerStopNotifications(rw->rw_pid);
3360 1943 : free(rw->rw_backend);
3361 1943 : rw->rw_backend = NULL;
3776 alvherre 3362 1943 : rw->rw_pid = 0;
3363 1943 : rw->rw_child_slot = 0;
2118 tgl 3364 1943 : ReportBackgroundWorkerExit(&iter); /* report child death */
3776 alvherre 3365 ECB :
2844 rhaas 3366 GIC 1943 : LogChildExit(EXIT_STATUS_0(exitstatus) ? DEBUG1 : LOG,
3367 : namebuf, pid, exitstatus);
3368 :
3776 alvherre 3369 1943 : return true;
3776 alvherre 3370 ECB : }
3371 :
3776 alvherre 3372 GIC 8851 : return false;
3373 : }
3374 :
3375 : /*
3376 : * CleanupBackend -- cleanup after terminated backend.
3377 : *
3378 : * Remove all local state associated with backend.
3379 : *
3380 : * If you change this, see also CleanupBackgroundWorker.
3381 : */
3382 : static void
6822 tgl 3383 8851 : CleanupBackend(int pid,
3384 : int exitstatus) /* child's exit status. */
3385 : {
3386 : dlist_mutable_iter iter;
3387 :
6620 bruce 3388 8851 : LogChildExit(DEBUG2, _("server process"), pid, exitstatus);
3389 :
3390 : /*
3391 : * If a backend dies in an ugly way then we must signal all other backends
3392 : * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
3393 : * assume everything is all right and proceed to remove the backend from
3394 : * the active backend list.
9345 bruce 3395 ECB : */
3396 :
3314 3397 : #ifdef WIN32
3260 3398 :
3399 : /*
3400 : * On win32, also treat ERROR_WAIT_NO_CHILDREN (128) as nonfatal case,
4382 3401 : * since that sometimes happens under load when the process fails to start
3402 : * properly (long before it starts using shared memory). Microsoft reports
3403 : * it is related to mutex failure:
3404 : * http://archives.postgresql.org/pgsql-hackers/2010-09/msg00790.php
4588 magnus 3405 : */
3406 : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
3407 : {
3408 : LogChildExit(LOG, _("server process"), pid, exitstatus);
3409 : exitstatus = 0;
3410 : }
3411 : #endif
3412 :
5983 tgl 3413 GIC 8851 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
3414 : {
6620 bruce 3415 GBC 254 : HandleChildCrash(pid, exitstatus, _("server process"));
6889 tgl 3416 254 : return;
3417 : }
3418 :
3827 alvherre 3419 GIC 22317 : dlist_foreach_modify(iter, &BackendList)
3420 : {
3421 22317 : Backend *bp = dlist_container(Backend, elem, iter.cur);
6889 tgl 3422 ECB :
6889 tgl 3423 GIC 22317 : if (bp->pid == pid)
3424 : {
5722 3425 8597 : if (!bp->dead_end)
3426 : {
5087 3427 8573 : if (!ReleasePostmasterChildSlot(bp->child_slot))
3428 : {
3429 : /*
3430 : * Uh-oh, the child failed to clean itself up. Treat as a
3431 : * crash after all.
5087 tgl 3432 ECB : */
5087 tgl 3433 UIC 0 : HandleChildCrash(pid, exitstatus, _("server process"));
5087 tgl 3434 LBC 0 : return;
5087 tgl 3435 ECB : }
3436 : #ifdef EXEC_BACKEND
3437 : ShmemBackendArrayRemove(bp);
3438 : #endif
3439 : }
3511 rhaas 3440 GIC 8597 : if (bp->bgworker_notify)
3441 : {
3442 : /*
3443 : * This backend may have been slated to receive SIGUSR1 when
3444 : * some background worker started or stopped. Cancel those
3445 : * notifications, as we don't want to signal PIDs that are not
3446 : * PostgreSQL backends. This gets skipped in the (probably
3447 : * very common) case where the backend has never requested any
3448 : * such notifications.
3511 rhaas 3449 ECB : */
3511 rhaas 3450 GIC 57 : BackgroundWorkerStopNotifications(bp->pid);
3451 : }
3825 tgl 3452 8597 : dlist_delete(iter.cur);
6889 3453 8597 : free(bp);
3454 8597 : break;
3455 : }
3456 : }
3457 : }
3458 :
3459 : /*
3460 : * HandleChildCrash -- cleanup after failed backend, bgwriter, checkpointer,
3461 : * walwriter, autovacuum, archiver or background worker.
3462 : *
6889 tgl 3463 ECB : * The objectives here are to clean up our local state about the child
3464 : * process, and to signal all other remaining children to quickdie.
3465 : */
3466 : static void
6822 tgl 3467 CBC 1438 : HandleChildCrash(int pid, int exitstatus, const char *procname)
6889 tgl 3468 ECB : {
3469 : dlist_mutable_iter iter;
3776 alvherre 3470 : slist_iter siter;
3471 : Backend *bp;
3472 : bool take_action;
3473 :
6889 tgl 3474 : /*
3475 : * We only log messages and send signals if this is the first process
3476 : * crash and we're not doing an immediate shutdown; otherwise, we're only
3477 : * here to update postmaster's idea of live processes. If we have already
1036 peter 3478 : * signaled children, nonzero exit status is to be expected, so don't
3260 bruce 3479 : * clutter log.
6889 tgl 3480 : */
3572 alvherre 3481 CBC 1438 : take_action = !FatalError && Shutdown != ImmediateShutdown;
3482 :
3572 alvherre 3483 GIC 1438 : if (take_action)
3484 : {
6822 tgl 3485 7 : LogChildExit(LOG, procname, pid, exitstatus);
7201 tgl 3486 CBC 7 : ereport(LOG,
6385 bruce 3487 ECB : (errmsg("terminating any other active server processes")));
836 tgl 3488 GIC 7 : SetQuitSignalReason(PMQUIT_FOR_CRASH);
3489 : }
3490 :
3776 alvherre 3491 ECB : /* Process background workers. */
3776 alvherre 3492 CBC 2942 : slist_foreach(siter, &BackgroundWorkerList)
3776 alvherre 3493 ECB : {
3494 : RegisteredBgWorker *rw;
3495 :
3776 alvherre 3496 GIC 1504 : rw = slist_container(RegisteredBgWorker, rw_lnode, siter.cur);
3497 1504 : if (rw->rw_pid == 0)
3602 bruce 3498 695 : continue; /* not running */
3776 alvherre 3499 809 : if (rw->rw_pid == pid)
3500 : {
3501 : /*
3502 : * Found entry for freshly-dead worker, so remove it.
3503 : */
3504 210 : (void) ReleasePostmasterChildSlot(rw->rw_child_slot);
2777 rhaas 3505 CBC 210 : dlist_delete(&rw->rw_backend->elem);
3776 alvherre 3506 ECB : #ifdef EXEC_BACKEND
3507 : ShmemBackendArrayRemove(rw->rw_backend);
3508 : #endif
2777 rhaas 3509 GIC 210 : free(rw->rw_backend);
3510 210 : rw->rw_backend = NULL;
3776 alvherre 3511 CBC 210 : rw->rw_pid = 0;
3776 alvherre 3512 GIC 210 : rw->rw_child_slot = 0;
3776 alvherre 3513 ECB : /* don't reset crashed_at */
3514 : /* don't report child stop, either */
3515 : /* Keep looping so we can signal remaining workers */
3516 : }
3517 : else
3518 : {
3519 : /*
3260 bruce 3520 : * This worker is still alive. Unless we did so already, tell it
3521 : * to commit hara-kiri.
3776 alvherre 3522 : */
3572 alvherre 3523 CBC 599 : if (take_action)
139 tgl 3524 GNC 4 : sigquit_child(rw->rw_pid);
3525 : }
3526 : }
3527 :
3528 : /* Process regular backends */
3827 alvherre 3529 GIC 3455 : dlist_foreach_modify(iter, &BackendList)
3530 : {
3531 2017 : bp = dlist_container(Backend, elem, iter.cur);
3827 alvherre 3532 ECB :
6889 tgl 3533 CBC 2017 : if (bp->pid == pid)
3534 : {
6889 tgl 3535 ECB : /*
3536 : * Found entry for freshly-dead backend, so remove it.
3537 : */
5722 tgl 3538 GIC 254 : if (!bp->dead_end)
3539 : {
5087 3540 254 : (void) ReleasePostmasterChildSlot(bp->child_slot);
5087 tgl 3541 ECB : #ifdef EXEC_BACKEND
3542 : ShmemBackendArrayRemove(bp);
5722 tgl 3543 EUB : #endif
3544 : }
3825 tgl 3545 GIC 254 : dlist_delete(iter.cur);
6889 tgl 3546 CBC 254 : free(bp);
3547 : /* Keep looping so we can signal remaining backends */
6889 tgl 3548 EUB : }
3549 : else
3550 : {
3551 : /*
3552 : * This backend is still alive. Unless we did so already, tell it
6385 bruce 3553 ECB : * to commit hara-kiri.
8145 tgl 3554 EUB : *
3555 : * We could exclude dead_end children here, but at least when
3556 : * sending SIGABRT it seems better to include them.
3776 alvherre 3557 ECB : *
3558 : * Background workers were already processed above; ignore them
3559 : * here.
8145 tgl 3560 : */
3776 alvherre 3561 GBC 1763 : if (bp->bkend_type == BACKEND_TYPE_BGWORKER)
3776 alvherre 3562 CBC 599 : continue;
3776 alvherre 3563 ECB :
3572 alvherre 3564 GIC 1164 : if (take_action)
139 tgl 3565 GNC 6 : sigquit_child(bp->pid);
9345 bruce 3566 ECB : }
9345 bruce 3567 EUB : }
9345 bruce 3568 ECB :
5163 heikki.linnakangas 3569 : /* Take care of the startup process too */
5163 heikki.linnakangas 3570 GIC 1438 : if (pid == StartupPID)
3571 : {
5163 heikki.linnakangas 3572 LBC 0 : StartupPID = 0;
1322 tgl 3573 EUB : /* Caller adjusts StartupStatus, so don't touch it here */
2831 tgl 3574 ECB : }
3572 alvherre 3575 GBC 1438 : else if (StartupPID != 0 && take_action)
3576 : {
139 tgl 3577 UNC 0 : sigquit_child(StartupPID);
2831 tgl 3578 UIC 0 : StartupStatus = STARTUP_SIGNALED;
5163 heikki.linnakangas 3579 ECB : }
3580 :
6889 tgl 3581 : /* Take care of the bgwriter too */
6889 tgl 3582 CBC 1438 : if (pid == BgWriterPID)
7081 JanWieck 3583 LBC 0 : BgWriterPID = 0;
3572 alvherre 3584 CBC 1438 : else if (BgWriterPID != 0 && take_action)
139 tgl 3585 GNC 7 : sigquit_child(BgWriterPID);
8145 tgl 3586 ECB :
3587 : /* Take care of the checkpointer too */
4177 simon 3588 GIC 1438 : if (pid == CheckpointerPID)
4177 simon 3589 UIC 0 : CheckpointerPID = 0;
3572 alvherre 3590 GIC 1438 : else if (CheckpointerPID != 0 && take_action)
139 tgl 3591 GNC 7 : sigquit_child(CheckpointerPID);
3592 :
5738 tgl 3593 ECB : /* Take care of the walwriter too */
5738 tgl 3594 GIC 1438 : if (pid == WalWriterPID)
5738 tgl 3595 LBC 0 : WalWriterPID = 0;
3572 alvherre 3596 CBC 1438 : else if (WalWriterPID != 0 && take_action)
139 tgl 3597 GNC 4 : sigquit_child(WalWriterPID);
3598 :
3599 : /* Take care of the walreceiver too */
4832 heikki.linnakangas 3600 GIC 1438 : if (pid == WalReceiverPID)
4832 heikki.linnakangas 3601 UIC 0 : WalReceiverPID = 0;
3572 alvherre 3602 GIC 1438 : else if (WalReceiverPID != 0 && take_action)
139 tgl 3603 UNC 0 : sigquit_child(WalReceiverPID);
3604 :
3605 : /* Take care of the autovacuum launcher too */
6478 tgl 3606 GIC 1438 : if (pid == AutoVacPID)
6478 tgl 3607 UIC 0 : AutoVacPID = 0;
3572 alvherre 3608 GIC 1438 : else if (AutoVacPID != 0 && take_action)
139 tgl 3609 GNC 4 : sigquit_child(AutoVacPID);
3610 :
3611 : /* Take care of the archiver too */
755 fujii 3612 GIC 1438 : if (pid == PgArchPID)
755 fujii 3613 UIC 0 : PgArchPID = 0;
755 fujii 3614 GIC 1438 : else if (PgArchPID != 0 && take_action)
139 tgl 3615 UNC 0 : sigquit_child(PgArchPID);
3616 :
3617 : /* We do NOT restart the syslogger */
6821 tgl 3618 ECB :
3572 alvherre 3619 GIC 1438 : if (Shutdown != ImmediateShutdown)
3620 39 : FatalError = true;
3621 :
3622 : /* We now transit into a state of waiting for children to die */
5163 heikki.linnakangas 3623 1438 : if (pmState == PM_RECOVERY ||
4712 rhaas 3624 1436 : pmState == PM_HOT_STANDBY ||
5163 heikki.linnakangas 3625 1435 : pmState == PM_RUN ||
968 tgl 3626 1431 : pmState == PM_STOP_BACKENDS ||
5461 3627 1431 : pmState == PM_SHUTDOWN)
5722 tgl 3628 CBC 7 : pmState = PM_WAIT_BACKENDS;
3629 :
3630 : /*
3572 alvherre 3631 ECB : * .. and if this doesn't happen quickly enough, now the clock is ticking
3632 : * for us to kill them without mercy.
3633 : */
3572 alvherre 3634 GIC 1438 : if (AbortStartTime == 0)
3635 7 : AbortStartTime = time(NULL);
9770 scrappy 3636 1438 : }
3637 :
3638 : /*
7820 tgl 3639 ECB : * Log the death of a child process.
7824 3640 : */
3641 : static void
7706 tgl 3642 GIC 10801 : LogChildExit(int lev, const char *procname, int pid, int exitstatus)
3643 : {
3644 : /*
3645 : * size of activity_buffer is arbitrary, but set equal to default
3646 : * track_activity_query_size
3647 : */
3648 : char activity_buffer[1024];
4188 tgl 3649 CBC 10801 : const char *activity = NULL;
3650 :
4188 tgl 3651 GIC 10801 : if (!EXIT_STATUS_0(exitstatus))
3652 838 : activity = pgstat_get_crashed_backend_activity(pid,
3653 : activity_buffer,
3654 : sizeof(activity_buffer));
3655 :
7824 tgl 3656 CBC 10801 : if (WIFEXITED(exitstatus))
7201 tgl 3657 GIC 10795 : ereport(lev,
3658 :
5976 peter_e 3659 ECB : /*------
3660 : translator: %s is a noun phrase describing a child process, such as
3661 : "server process" */
7136 3662 : (errmsg("%s (PID %d) exited with exit code %d",
4188 rhaas 3663 : procname, pid, WEXITSTATUS(exitstatus)),
3664 : activity ? errdetail("Failed process was running: %s", activity) : 0));
7824 tgl 3665 CBC 6 : else if (WIFSIGNALED(exitstatus))
1575 tgl 3666 ECB : {
3667 : #if defined(WIN32)
7201 3668 : ereport(lev,
7188 bruce 3669 :
3670 : /*------
5976 peter_e 3671 : translator: %s is a noun phrase describing a child process, such as
3672 : "server process" */
5915 tgl 3673 : (errmsg("%s (PID %d) was terminated by exception 0x%X",
bruce 3674 : procname, pid, WTERMSIG(exitstatus)),
3675 : errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
3676 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3677 : #else
2118 tgl 3678 CBC 6 : ereport(lev,
3679 :
3680 : /*------
3681 : translator: %s is a noun phrase describing a child process, such as
3682 : "server process" */
3683 : (errmsg("%s (PID %d) was terminated by signal %d: %s",
3684 : procname, pid, WTERMSIG(exitstatus),
1575 tgl 3685 ECB : pg_strsignal(WTERMSIG(exitstatus))),
3686 : activity ? errdetail("Failed process was running: %s", activity) : 0));
3687 : #endif
3688 : }
3689 : else
7201 tgl 3690 UIC 0 : ereport(lev,
3691 :
3692 : /*------
3693 : translator: %s is a noun phrase describing a child process, such as
3694 : "server process" */
3695 : (errmsg("%s (PID %d) exited with unrecognized status %d",
3696 : procname, pid, exitstatus),
3697 : activity ? errdetail("Failed process was running: %s", activity) : 0));
7824 tgl 3698 CBC 10801 : }
7824 tgl 3699 ECB :
5722 3700 : /*
3701 : * Advance the postmaster's state machine and take actions as appropriate
3702 : *
3703 : * This is common code for process_pm_shutdown_request(),
3704 : * process_pm_child_exit() and process_pm_pmsignal(), which process the signals
3705 : * that might mean we need to change state.
3706 : */
3707 : static void
5722 tgl 3708 CBC 14971 : PostmasterStateMachine(void)
3709 : {
3710 : /* If we're doing a smart shutdown, try to advance that state. */
968 tgl 3711 GIC 14971 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
3712 : {
368 sfrost 3713 11326 : if (!connsAllowed)
968 tgl 3714 ECB : {
3715 : /*
3716 : * This state ends when we have no normal client backends running.
3717 : * Then we're ready to stop other children.
3718 : */
968 tgl 3719 GIC 18 : if (CountChildren(BACKEND_TYPE_NORMAL) == 0)
3720 6 : pmState = PM_STOP_BACKENDS;
3721 : }
3722 : }
3723 :
3724 : /*
3725 : * If we're ready to do so, signal child processes to shut down. (This
3726 : * isn't a persistent state, but treating it as a distinct pmState allows
3727 : * us to share this code across multiple shutdown code paths.)
3728 : */
968 tgl 3729 CBC 14971 : if (pmState == PM_STOP_BACKENDS)
3730 : {
836 tgl 3731 ECB : /*
836 tgl 3732 EUB : * Forget any pending requests for background workers, since we're no
3733 : * longer willing to launch any new workers. (If additional requests
836 tgl 3734 ECB : * arrive, BackgroundWorkerStateChange will reject them.)
3735 : */
836 tgl 3736 CBC 352 : ForgetUnstartedBackgroundWorkers();
836 tgl 3737 ECB :
3738 : /* Signal all backend children except walsenders */
968 tgl 3739 GIC 352 : SignalSomeChildren(SIGTERM,
3740 : BACKEND_TYPE_ALL - BACKEND_TYPE_WALSND);
3741 : /* and the autovac launcher too */
3742 352 : if (AutoVacPID != 0)
3743 303 : signal_child(AutoVacPID, SIGTERM);
3744 : /* and the bgwriter too */
3745 352 : if (BgWriterPID != 0)
3746 352 : signal_child(BgWriterPID, SIGTERM);
3747 : /* and the walwriter too */
3748 352 : if (WalWriterPID != 0)
3749 319 : signal_child(WalWriterPID, SIGTERM);
3750 : /* If we're in recovery, also stop startup and walreceiver procs */
968 tgl 3751 GBC 352 : if (StartupPID != 0)
3752 33 : signal_child(StartupPID, SIGTERM);
968 tgl 3753 GIC 352 : if (WalReceiverPID != 0)
3754 28 : signal_child(WalReceiverPID, SIGTERM);
968 tgl 3755 EUB : /* checkpointer, archiver, stats, and syslogger may continue for now */
3756 :
3757 : /* Now transition to PM_WAIT_BACKENDS state to wait for them to die */
968 tgl 3758 GIC 352 : pmState = PM_WAIT_BACKENDS;
3759 : }
3760 :
3761 : /*
3762 : * If we are in a state-machine state that implies waiting for backends to
5624 bruce 3763 ECB : * exit, see if they're all gone, and change state if so.
3764 : */
5722 tgl 3765 GIC 14971 : if (pmState == PM_WAIT_BACKENDS)
3766 : {
3767 : /*
3768 : * PM_WAIT_BACKENDS state ends when we have no regular backends
3769 : * (including autovac workers), no bgworkers (including unconnected
3770 : * ones), and no walwriter, autovac launcher or bgwriter. If we are
3260 bruce 3771 ECB : * doing crash recovery or an immediate shutdown then we expect the
3772 : * checkpointer to exit as well, otherwise not. The stats and
755 fujii 3773 : * syslogger processes are disregarded since they are not connected to
3774 : * shared memory; we also disregard dead_end children here. Walsenders
3775 : * and archiver are also disregarded, they will be terminated later
3776 : * after writing the checkpoint record.
5722 tgl 3777 : */
968 tgl 3778 GIC 3241 : if (CountChildren(BACKEND_TYPE_ALL - BACKEND_TYPE_WALSND) == 0 &&
5722 3779 1285 : StartupPID == 0 &&
4832 heikki.linnakangas 3780 CBC 1182 : WalReceiverPID == 0 &&
4177 simon 3781 GIC 1148 : BgWriterPID == 0 &&
3531 fujii 3782 877 : (CheckpointerPID == 0 ||
3783 574 : (!FatalError && Shutdown < ImmediateShutdown)) &&
5722 tgl 3784 837 : WalWriterPID == 0 &&
3785 691 : AutoVacPID == 0)
3786 : {
3572 alvherre 3787 597 : if (Shutdown >= ImmediateShutdown || FatalError)
3788 : {
3789 : /*
3790 : * Start waiting for dead_end children to die. This state
3791 : * change causes ServerLoop to stop creating new ones.
3792 : */
5722 tgl 3793 245 : pmState = PM_WAIT_DEAD_END;
5567 tgl 3794 ECB :
3795 : /*
3796 : * We already SIGQUIT'd the archiver and stats processes, if
3572 alvherre 3797 : * any, when we started immediate shutdown or entered
3798 : * FatalError state.
5567 tgl 3799 : */
5722 3800 : }
3801 : else
3802 : {
3803 : /*
5624 bruce 3804 : * If we get here, we are proceeding with normal shutdown. All
3805 : * the regular children are gone, and it's time to tell the
3806 : * checkpointer to do a shutdown checkpoint.
3807 : */
5722 tgl 3808 GIC 352 : Assert(Shutdown > NoShutdown);
3809 : /* Start the checkpointer if not running */
4177 simon 3810 352 : if (CheckpointerPID == 0)
4177 simon 3811 UIC 0 : CheckpointerPID = StartCheckpointer();
3812 : /* And tell it to shut down */
4177 simon 3813 GIC 352 : if (CheckpointerPID != 0)
3814 : {
3815 352 : signal_child(CheckpointerPID, SIGUSR2);
5722 tgl 3816 352 : pmState = PM_SHUTDOWN;
3817 : }
3818 : else
3819 : {
5722 tgl 3820 ECB : /*
3821 : * If we failed to fork a checkpointer, just shut down.
3955 bruce 3822 : * Any required cleanup will happen at next restart. We
3823 : * set FatalError so that an "abnormal shutdown" message
3955 bruce 3824 EUB : * gets logged when we exit.
3825 : *
3826 : * We don't consult send_abort_for_crash here, as it's
3827 : * unlikely that dumping cores would illuminate the reason
3828 : * for checkpointer fork failure.
5722 tgl 3829 : */
5722 tgl 3830 UIC 0 : FatalError = true;
3831 0 : pmState = PM_WAIT_DEAD_END;
3832 :
3833 : /* Kill the walsenders and archiver too */
4497 alvherre 3834 0 : SignalChildren(SIGQUIT);
5567 tgl 3835 0 : if (PgArchPID != 0)
3836 0 : signal_child(PgArchPID, SIGQUIT);
3837 : }
5722 tgl 3838 ECB : }
3839 : }
3840 : }
3841 :
4832 heikki.linnakangas 3842 GIC 14971 : if (pmState == PM_SHUTDOWN_2)
3843 : {
3844 : /*
3845 : * PM_SHUTDOWN_2 state ends when there's no other children than
3846 : * dead_end children left. There shouldn't be any regular backends
3847 : * left by now anyway; what we're really waiting for is walsenders and
3848 : * archiver.
4832 heikki.linnakangas 3849 ECB : */
1446 tgl 3850 GIC 386 : if (PgArchPID == 0 && CountChildren(BACKEND_TYPE_ALL) == 0)
4832 heikki.linnakangas 3851 ECB : {
4832 heikki.linnakangas 3852 GIC 352 : pmState = PM_WAIT_DEAD_END;
4832 heikki.linnakangas 3853 ECB : }
3854 : }
3855 :
5722 tgl 3856 GIC 14971 : if (pmState == PM_WAIT_DEAD_END)
5722 tgl 3857 ECB : {
3858 : /* Don't allow any new socket connection events. */
87 tmunro 3859 GNC 606 : ConfigurePostmasterWaitSet(false);
3860 :
3861 : /*
5624 bruce 3862 EUB : * PM_WAIT_DEAD_END state ends when the BackendList is entirely empty
3863 : * (ie, no dead_end children remain), and the archiver is gone too.
5567 tgl 3864 : *
3865 : * The reason we wait for those two is to protect them against a new
3866 : * postmaster starting conflicting subprocesses; this isn't an
3867 : * ironclad protection, but it at least helps in the
3868 : * shutdown-and-immediately-restart scenario. Note that they have
3869 : * already been sent appropriate shutdown signals, either during a
3870 : * normal state transition leading up to PM_WAIT_DEAD_END, or during
3871 : * FatalError processing.
5722 tgl 3872 ECB : */
368 andres 3873 GIC 606 : if (dlist_is_empty(&BackendList) && PgArchPID == 0)
5722 tgl 3874 ECB : {
3875 : /* These other guys should be dead already */
5722 tgl 3876 GIC 597 : Assert(StartupPID == 0);
4832 heikki.linnakangas 3877 597 : Assert(WalReceiverPID == 0);
5722 tgl 3878 CBC 597 : Assert(BgWriterPID == 0);
4177 simon 3879 597 : Assert(CheckpointerPID == 0);
5722 tgl 3880 GIC 597 : Assert(WalWriterPID == 0);
3881 597 : Assert(AutoVacPID == 0);
5567 tgl 3882 ECB : /* syslogger is not considered here */
5722 tgl 3883 GIC 597 : pmState = PM_NO_CHILDREN;
5722 tgl 3884 ECB : }
3885 : }
3886 :
3887 : /*
3888 : * If we've been told to shut down, we exit as soon as there are no
3889 : * remaining children. If there was a crash, cleanup will occur at the
3890 : * next startup. (Before PostgreSQL 8.3, we tried to recover from the
3891 : * crash before exiting, but that seems unwise if we are quitting because
3892 : * we got SIGTERM from init --- there may well not be time for recovery
3893 : * before init decides to SIGKILL us.)
3894 : *
5567 3895 : * Note that the syslogger continues to run. It will exit when it sees
3896 : * EOF on its input pipe, which happens when there are no more upstream
3897 : * processes.
3898 : */
5722 tgl 3899 GIC 14971 : if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
5722 tgl 3900 ECB : {
5722 tgl 3901 GIC 590 : if (FatalError)
5722 tgl 3902 ECB : {
5722 tgl 3903 UIC 0 : ereport(LOG, (errmsg("abnormal database system shutdown")));
3904 0 : ExitPostmaster(1);
3905 : }
3906 : else
3907 : {
3908 : /*
3909 : * Normal exit from the postmaster is here. We don't need to log
3910 : * anything here, since the UnlinkLockFiles proc_exit callback
3911 : * will do so, and that should be the last user-visible action.
3912 : */
5722 tgl 3913 GIC 590 : ExitPostmaster(0);
3914 : }
3915 : }
3916 :
3917 : /*
3918 : * If the startup process failed, or the user does not want an automatic
3919 : * restart after backend crashes, wait for all non-syslogger children to
3920 : * exit, and then exit postmaster. We don't try to reinitialize when the
3921 : * startup process fails, because more than likely it will just fail again
2831 tgl 3922 ECB : * and we will keep trying forever.
3923 : */
686 tgl 3924 CBC 14381 : if (pmState == PM_NO_CHILDREN)
686 tgl 3925 EUB : {
686 tgl 3926 GIC 7 : if (StartupStatus == STARTUP_CRASHED)
686 tgl 3927 ECB : {
686 tgl 3928 GIC 3 : ereport(LOG,
686 tgl 3929 ECB : (errmsg("shutting down due to startup process failure")));
686 tgl 3930 GIC 3 : ExitPostmaster(1);
3931 : }
3932 4 : if (!restart_after_crash)
3933 : {
686 tgl 3934 LBC 0 : ereport(LOG,
686 tgl 3935 ECB : (errmsg("shutting down because restart_after_crash is off")));
686 tgl 3936 LBC 0 : ExitPostmaster(1);
686 tgl 3937 ECB : }
3938 : }
3939 :
3940 : /*
5050 bruce 3941 : * If we need to recover from a crash, wait for all non-syslogger children
3942 : * to exit, then reset shmem and StartupDataBase.
3943 : */
5722 tgl 3944 GIC 14378 : if (FatalError && pmState == PM_NO_CHILDREN)
3945 : {
3946 4 : ereport(LOG,
3947 : (errmsg("all server processes terminated; reinitializing")));
3948 :
3949 : /* remove leftover temporary files after a crash */
752 tomas.vondra 3950 4 : if (remove_temp_files_after_crash)
3951 3 : RemovePgTempFiles();
752 tomas.vondra 3952 ECB :
3953 : /* allow background workers to immediately restart */
3259 rhaas 3954 CBC 4 : ResetBackgroundWorkerCrashTimes();
3955 :
5208 tgl 3956 GIC 4 : shmem_exit(1);
3957 :
2030 andres 3958 ECB : /* re-read control file into local memory */
2030 andres 3959 CBC 4 : LocalProcessControlFile(true);
3960 :
3961 : /* re-create shared memory and semaphores */
267 tgl 3962 GNC 4 : CreateSharedMemoryAndSemaphores();
3963 :
5722 tgl 3964 GIC 4 : StartupPID = StartupDataBase();
3965 4 : Assert(StartupPID != 0);
2831 3966 4 : StartupStatus = STARTUP_RUNNING;
5722 tgl 3967 CBC 4 : pmState = PM_STARTUP;
3968 : /* crash recovery started, reset SIGKILL flag */
3473 alvherre 3969 GIC 4 : AbortStartTime = 0;
3970 :
3971 : /* start accepting server socket connection events again */
87 tmunro 3972 GNC 4 : ConfigurePostmasterWaitSet(true);
5722 tgl 3973 ECB : }
5722 tgl 3974 GIC 14378 : }
5722 tgl 3975 ECB :
3976 :
5983 3977 : /*
3978 : * Send a signal to a postmaster child process
3979 : *
3980 : * On systems that have setsid(), each child process sets itself up as a
3981 : * process group leader. For signals that are generally interpreted in the
3982 : * appropriate fashion, we signal the entire process group not just the
3983 : * direct child process. This allows us to, for example, SIGQUIT a blocked
3984 : * archive_recovery script, or SIGINT a script being run by a backend via
3985 : * system().
3986 : *
3987 : * There is a race condition for recently-forked children: they might not
3988 : * have executed setsid() yet. So we signal the child directly as well as
3989 : * the group. We assume such a child will handle the signal before trying
3990 : * to spawn any grandchild processes. We also assume that signaling the
3991 : * child twice will not cause any problems.
3992 : */
3993 : static void
5983 tgl 3994 CBC 4325 : signal_child(pid_t pid, int signal)
3995 : {
3996 4325 : if (kill(pid, signal) < 0)
5983 tgl 3997 LBC 0 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
3998 : #ifdef HAVE_SETSID
5983 tgl 3999 GIC 4325 : switch (signal)
5983 tgl 4000 ECB : {
5983 tgl 4001 GIC 3173 : case SIGINT:
4002 : case SIGTERM:
5983 tgl 4003 ECB : case SIGQUIT:
4004 : case SIGKILL:
4005 : case SIGABRT:
5983 tgl 4006 CBC 3173 : if (kill(-pid, signal) < 0)
5983 tgl 4007 GIC 4 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
4008 3173 : break;
4009 1152 : default:
4010 1152 : break;
4011 : }
4012 : #endif
4013 4325 : }
5983 tgl 4014 ECB :
4015 : /*
4016 : * Convenience function for killing a child process after a crash of some
4017 : * other child process. We log the action at a higher level than we would
4018 : * otherwise do, and we apply send_abort_for_crash to decide which signal
4019 : * to send. Normally it's SIGQUIT -- and most other comments in this file
4020 : * are written on the assumption that it is -- but developers might prefer
4021 : * to use SIGABRT to collect per-child core dumps.
4022 : */
4023 : static void
139 tgl 4024 GNC 32 : sigquit_child(pid_t pid)
4025 : {
4026 32 : ereport(DEBUG2,
4027 : (errmsg_internal("sending %s to process %d",
4028 : (send_abort_for_crash ? "SIGABRT" : "SIGQUIT"),
4029 : (int) pid)));
4030 32 : signal_child(pid, (send_abort_for_crash ? SIGABRT : SIGQUIT));
4031 32 : }
4032 :
4033 : /*
4832 heikki.linnakangas 4034 ECB : * Send a signal to the targeted children (but NOT special children;
4035 : * dead_end children are never signaled, either).
4036 : */
4037 : static bool
4832 heikki.linnakangas 4038 CBC 1045 : SignalSomeChildren(int signal, int target)
8993 scrappy 4039 ECB : {
4040 : dlist_iter iter;
4832 heikki.linnakangas 4041 CBC 1045 : bool signaled = false;
8993 scrappy 4042 ECB :
3827 alvherre 4043 CBC 2569 : dlist_foreach(iter, &BackendList)
8993 scrappy 4044 ECB : {
3827 alvherre 4045 CBC 1524 : Backend *bp = dlist_container(Backend, elem, iter.cur);
8993 scrappy 4046 ECB :
5722 tgl 4047 CBC 1524 : if (bp->dead_end)
4048 2 : continue;
4461 rhaas 4049 ECB :
4050 : /*
4382 bruce 4051 : * Since target == BACKEND_TYPE_ALL is the most common case, we test
4052 : * it first and avoid touching shared memory for every child.
4461 rhaas 4053 : */
4461 rhaas 4054 GIC 1522 : if (target != BACKEND_TYPE_ALL)
4055 : {
4056 : /*
4057 : * Assign bkend_type for any recently announced WAL Sender
4058 : * processes.
4059 : */
3776 alvherre 4060 1108 : if (bp->bkend_type == BACKEND_TYPE_NORMAL &&
4061 378 : IsPostmasterChildWalSender(bp->child_slot))
4062 27 : bp->bkend_type = BACKEND_TYPE_WALSND;
4461 rhaas 4063 ECB :
3776 alvherre 4064 GIC 730 : if (!(target & bp->bkend_type))
4461 rhaas 4065 27 : continue;
4066 : }
4067 :
6889 tgl 4068 1495 : ereport(DEBUG4,
4069 : (errmsg_internal("sending signal %d to process %d",
4070 : signal, (int) bp->pid)));
5983 4071 1495 : signal_child(bp->pid, signal);
4832 heikki.linnakangas 4072 CBC 1495 : signaled = true;
8993 scrappy 4073 ECB : }
4832 heikki.linnakangas 4074 GIC 1045 : return signaled;
8993 scrappy 4075 EUB : }
4076 :
4077 : /*
3572 alvherre 4078 : * Send a termination signal to children. This considers all of our children
4079 : * processes, except syslogger and dead_end backends.
4080 : */
4081 : static void
3572 alvherre 4082 GIC 238 : TerminateChildren(int signal)
4083 : {
4084 238 : SignalChildren(signal);
4085 238 : if (StartupPID != 0)
2831 tgl 4086 ECB : {
3572 alvherre 4087 GIC 43 : signal_child(StartupPID, signal);
139 tgl 4088 GNC 43 : if (signal == SIGQUIT || signal == SIGKILL || signal == SIGABRT)
2831 tgl 4089 GBC 43 : StartupStatus = STARTUP_SIGNALED;
4090 : }
3572 alvherre 4091 GIC 238 : if (BgWriterPID != 0)
3572 alvherre 4092 GBC 238 : signal_child(BgWriterPID, signal);
3572 alvherre 4093 GIC 238 : if (CheckpointerPID != 0)
4094 238 : signal_child(CheckpointerPID, signal);
3572 alvherre 4095 CBC 238 : if (WalWriterPID != 0)
3572 alvherre 4096 GIC 195 : signal_child(WalWriterPID, signal);
4097 238 : if (WalReceiverPID != 0)
3572 alvherre 4098 CBC 30 : signal_child(WalReceiverPID, signal);
4099 238 : if (AutoVacPID != 0)
3572 alvherre 4100 GIC 186 : signal_child(AutoVacPID, signal);
4101 238 : if (PgArchPID != 0)
4102 20 : signal_child(PgArchPID, signal);
4103 238 : }
3572 alvherre 4104 ECB :
9770 scrappy 4105 : /*
4106 : * BackendStartup -- start backend process
4107 : *
4108 : * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
4109 : *
5897 alvherre 4110 : * Note: if you change this code, also consider StartAutovacuumWorker.
4111 : */
4112 : static int
9204 scrappy 4113 GIC 8835 : BackendStartup(Port *port)
4114 : {
9344 bruce 4115 ECB : Backend *bn; /* for backend cleanup */
7963 peter_e 4116 : pid_t pid;
4117 :
9070 bruce 4118 : /*
4119 : * Create backend data structure. Better before the fork() so we can
4120 : * handle failure cleanly.
7840 tgl 4121 : */
7840 tgl 4122 GIC 8835 : bn = (Backend *) malloc(sizeof(Backend));
4123 8835 : if (!bn)
7840 tgl 4124 ECB : {
7201 tgl 4125 UIC 0 : ereport(LOG,
4126 : (errcode(ERRCODE_OUT_OF_MEMORY),
7201 tgl 4127 ECB : errmsg("out of memory")));
7840 tgl 4128 UIC 0 : return STATUS_ERROR;
4129 : }
4130 :
4131 : /*
4132 : * Compute the cancel key that will be assigned to this backend. The
4133 : * backend will have its own copy in the forked-off process' value of
4134 : * MyCancelKey, so that it can transmit the key to the frontend.
4135 : */
2316 heikki.linnakangas 4136 CBC 8835 : if (!RandomCancelKey(&MyCancelKey))
4137 : {
2309 heikki.linnakangas 4138 UIC 0 : free(bn);
2316 heikki.linnakangas 4139 LBC 0 : ereport(LOG,
4140 : (errcode(ERRCODE_INTERNAL_ERROR),
4141 : errmsg("could not generate random cancel key")));
2316 heikki.linnakangas 4142 UIC 0 : return STATUS_ERROR;
2316 heikki.linnakangas 4143 ECB : }
4144 :
5087 tgl 4145 GIC 8835 : bn->cancel_key = MyCancelKey;
5087 tgl 4146 EUB :
4147 : /* Pass down canAcceptConnections state */
1280 tgl 4148 GBC 8835 : port->canAcceptConnections = canAcceptConnections(BACKEND_TYPE_NORMAL);
368 sfrost 4149 8835 : bn->dead_end = (port->canAcceptConnections != CAC_OK);
5087 tgl 4150 EUB :
4151 : /*
4152 : * Unless it's a dead_end child, assign it a child slot number
4153 : */
5087 tgl 4154 GBC 8835 : if (!bn->dead_end)
4155 8811 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
4156 : else
5087 tgl 4157 GIC 24 : bn->child_slot = 0;
4158 :
3511 rhaas 4159 ECB : /* Hasn't asked to be notified about any bgworkers yet */
3511 rhaas 4160 GIC 8835 : bn->bgworker_notify = false;
4161 :
4162 : #ifdef EXEC_BACKEND
4163 : pid = backend_forkexec(port);
4164 : #else /* !EXEC_BACKEND */
6604 neilc 4165 8835 : pid = fork_process();
7963 peter_e 4166 17511 : if (pid == 0) /* child */
7256 tgl 4167 ECB : {
7256 tgl 4168 CBC 8676 : free(bn);
6304 tgl 4169 ECB :
4170 : /* Detangle from postmaster */
3008 andres 4171 GIC 8676 : InitPostmasterChild();
4172 :
4173 : /* Close the postmaster's sockets */
6304 tgl 4174 8676 : ClosePostmasterPorts(false);
4175 :
4971 tgl 4176 ECB : /* Perform additional initialization and collect startup packet */
6304 tgl 4177 GIC 8676 : BackendInitialize(port);
4178 :
4179 : /*
4180 : * Create a per-backend PGPROC struct in shared memory. We must do
4181 : * this before we can use LWLocks. In the !EXEC_BACKEND case (here)
4182 : * this could be delayed a bit further, but EXEC_BACKEND needs to do
4183 : * stuff with LWLocks before PostgresMain(), so we do it here as well
4184 : * for symmetry.
4185 : */
570 andres 4186 8619 : InitProcess();
4187 :
6304 tgl 4188 EUB : /* And run the backend */
3940 peter_e 4189 GIC 8617 : BackendRun(port);
4190 : }
4191 : #endif /* EXEC_BACKEND */
4192 :
9345 bruce 4193 8835 : if (pid < 0)
9345 bruce 4194 EUB : {
4195 : /* in parent, fork failed */
7763 tgl 4196 UIC 0 : int save_errno = errno;
4197 :
4976 4198 0 : if (!bn->dead_end)
4976 tgl 4199 UBC 0 : (void) ReleasePostmasterChildSlot(bn->child_slot);
7763 4200 0 : free(bn);
7201 tgl 4201 UIC 0 : errno = save_errno;
4202 0 : ereport(LOG,
4203 : (errmsg("could not fork new process for connection: %m")));
7763 4204 0 : report_fork_failure_to_client(port, save_errno);
8986 bruce 4205 UBC 0 : return STATUS_ERROR;
9345 bruce 4206 EUB : }
4207 :
4208 : /* in parent, successful fork */
7180 tgl 4209 GIC 8835 : ereport(DEBUG2,
4210 : (errmsg_internal("forked new backend, pid=%d socket=%d",
4211 : (int) pid, (int) port->sock)));
4212 :
4213 : /*
4214 : * Everything's been successful, it's safe to add this backend to our list
4215 : * of backends.
4216 : */
9345 bruce 4217 8835 : bn->pid = pid;
2118 tgl 4218 8835 : bn->bkend_type = BACKEND_TYPE_NORMAL; /* Can change later to WALSND */
3827 alvherre 4219 8835 : dlist_push_head(&BackendList, &bn->elem);
4220 :
4221 : #ifdef EXEC_BACKEND
4222 : if (!bn->dead_end)
5722 tgl 4223 ECB : ShmemBackendArrayAdd(bn);
4224 : #endif
4225 :
8986 bruce 4226 GIC 8835 : return STATUS_OK;
4227 : }
4228 :
4229 : /*
4230 : * Try to report backend fork() failure to client before we close the
4231 : * connection. Since we do not care to risk blocking the postmaster on
7763 tgl 4232 ECB : * this connection, we set the connection to non-blocking and try only once.
4233 : *
4234 : * This is grungy special-purpose code; we cannot use backend libpq since
4235 : * it's not up and running.
4236 : */
4237 : static void
7763 tgl 4238 UIC 0 : report_fork_failure_to_client(Port *port, int errnum)
4239 : {
4240 : char buffer[1000];
4241 : int rc;
4242 :
4243 : /* Format the error message packet (always V2 protocol) */
7763 tgl 4244 LBC 0 : snprintf(buffer, sizeof(buffer), "E%s%s\n",
6620 bruce 4245 EUB : _("could not fork new process for connection: "),
4246 : strerror(errnum));
4247 :
7763 tgl 4248 ECB : /* Set port to non-blocking. Don't do send() if this fails */
6589 tgl 4249 UIC 0 : if (!pg_set_noblock(port->sock))
7763 4250 0 : return;
7763 tgl 4251 ECB :
6111 4252 : /* We'll retry after EINTR, but ignore all other failures */
4253 : do
4254 : {
6111 tgl 4255 UIC 0 : rc = send(port->sock, buffer, strlen(buffer) + 1, 0);
4256 0 : } while (rc < 0 && errno == EINTR);
4257 : }
7763 tgl 4258 ECB :
4259 :
4260 : /*
4261 : * BackendInitialize -- initialize an interactive (postmaster-child)
4262 : * backend process, and collect the client's startup packet.
4263 : *
4264 : * returns: nothing. Will not return at all if there's any failure.
4265 : *
4266 : * Note: this code does not depend on having any access to shared memory.
4267 : * Indeed, our approach to SIGTERM/timeout handling *requires* that
4268 : * shared memory not have been touched yet; see comments within.
4269 : * In the EXEC_BACKEND case, we are physically attached to shared memory
4270 : * but have not yet set up most of our local pointers to shmem structures.
9770 scrappy 4271 : */
4272 : static void
6304 tgl 4273 CBC 8676 : BackendInitialize(Port *port)
9770 scrappy 4274 ECB : {
4275 : int status;
4276 : int ret;
4277 : char remote_host[NI_MAXHOST];
4278 : char remote_port[NI_MAXSERV];
1124 peter 4279 : StringInfoData ps_data;
9081 bruce 4280 :
6890 tgl 4281 : /* Save port etc. for ps status */
6890 tgl 4282 GIC 8676 : MyProcPort = port;
4283 :
4284 : /* Tell fd.c about the long-lived FD associated with the port */
1140 tgl 4285 GBC 8676 : ReserveExternalFD();
4286 :
4287 : /*
4288 : * PreAuthDelay is a debugging aid for investigating problems in the
4289 : * authentication cycle: it can be set in postgresql.conf to allow time to
4290 : * attach to the newly-forked backend with a debugger. (See also
4291 : * PostAuthDelay, which we allow clients to pass through PGOPTIONS, but it
4292 : * is not honored until after authentication.)
6890 tgl 4293 ECB : */
6890 tgl 4294 CBC 8676 : if (PreAuthDelay > 0)
6890 tgl 4295 UIC 0 : pg_usleep(PreAuthDelay * 1000000L);
4296 :
4971 tgl 4297 ECB : /* This flag will remain set until InitPostgres finishes authentication */
6890 tgl 4298 GIC 8676 : ClientAuthInProgress = true; /* limit visibility of log messages */
6890 tgl 4299 ECB :
6991 bruce 4300 : /* set these to empty in case they are needed before we set them up */
6991 bruce 4301 GIC 8676 : port->remote_host = "";
4302 8676 : port->remote_port = "";
4303 :
4304 : /*
6385 bruce 4305 ECB : * Initialize libpq and enable reporting of ereport errors to the client.
4306 : * Must do this now because authentication uses libpq to send messages.
4307 : */
7870 tgl 4308 GIC 8676 : pq_init(); /* initialize libpq to talk to client */
2118 4309 8676 : whereToSendOutput = DestRemote; /* now safe to ereport to client */
4310 :
4311 : /*
4312 : * We arrange to do _exit(1) if we receive SIGTERM or timeout while trying
4313 : * to collect the startup packet; while SIGQUIT results in _exit(2).
4314 : * Otherwise the postmaster cannot shutdown the database FAST or IMMED
4315 : * cleanly if a buggy client fails to send the packet promptly.
4316 : *
4317 : * Exiting with _exit(1) is only possible because we have not yet touched
4318 : * shared memory; therefore no outside-the-process state needs to get
4319 : * cleaned up.
4320 : */
941 tgl 4321 CBC 8676 : pqsignal(SIGTERM, process_startup_packet_die);
935 tgl 4322 ECB : /* SIGQUIT handler was already set up by InitPostmasterChild */
3919 alvherre 4323 CBC 8676 : InitializeTimeouts(); /* establishes SIGALRM handler */
65 tmunro 4324 GNC 8676 : sigprocmask(SIG_SETMASK, &StartupBlockSig, NULL);
7884 JanWieck 4325 ECB :
4326 : /*
4327 : * Get the remote host name and port for logging and status display.
4328 : */
7241 bruce 4329 GIC 8676 : remote_host[0] = '\0';
4330 8676 : remote_port[0] = '\0';
3839 peter_e 4331 8676 : if ((ret = pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
4332 : remote_host, sizeof(remote_host),
4333 : remote_port, sizeof(remote_port),
4334 : (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV)) != 0)
3839 peter_e 4335 UIC 0 : ereport(WARNING,
4336 : (errmsg_internal("pg_getnameinfo_all() failed: %s",
4337 : gai_strerror(ret))));
4338 :
4339 : /*
4340 : * Save remote_host and remote_port in port structure (after this, they
4341 : * will appear in log_line_prefix data for log messages).
2630 tgl 4342 ECB : */
2630 tgl 4343 CBC 8676 : port->remote_host = strdup(remote_host);
2630 tgl 4344 GIC 8676 : port->remote_port = strdup(remote_port);
4345 :
4346 : /* And now we can issue the Log_connections message, if wanted */
7241 bruce 4347 8676 : if (Log_connections)
4348 : {
4763 simon 4349 CBC 351 : if (remote_port[0])
4763 simon 4350 GIC 138 : ereport(LOG,
4351 : (errmsg("connection received: host=%s port=%s",
4352 : remote_host,
4353 : remote_port)));
4763 simon 4354 ECB : else
4763 simon 4355 CBC 213 : ereport(LOG,
4356 : (errmsg("connection received: host=%s",
4357 : remote_host)));
4358 : }
4359 :
4360 : /*
4361 : * If we did a reverse lookup to name, we might as well save the results
4362 : * rather than possibly repeating the lookup during authentication.
4363 : *
4364 : * Note that we don't want to specify NI_NAMEREQD above, because then we'd
4365 : * get nothing useful for a client without an rDNS entry. Therefore, we
3294 tgl 4366 ECB : * must check whether we got a numeric IPv4 or IPv6 address, and not save
4367 : * it into remote_hostname if so. (This test is conservative and might
4368 : * sometimes classify a hostname as numeric, but an error in that
4369 : * direction is safe; it only results in a possible extra lookup.)
4370 : */
3294 tgl 4371 GIC 8676 : if (log_hostname &&
3294 tgl 4372 CBC 114 : ret == 0 &&
4373 114 : strspn(remote_host, "0123456789.") < strlen(remote_host) &&
3294 tgl 4374 GIC 114 : strspn(remote_host, "0123456789ABCDEFabcdef:") < strlen(remote_host))
4375 114 : port->remote_hostname = strdup(remote_host);
4376 :
4377 : /*
4378 : * Ready to begin client interaction. We will give up and _exit(1) after
940 tgl 4379 ECB : * a time delay, so that a broken client can't hog a connection
4971 4380 : * indefinitely. PreAuthDelay and any DNS interactions above don't count
4381 : * against the time limit.
3919 alvherre 4382 : *
4383 : * Note: AuthenticationTimeout is applied here while waiting for the
4384 : * startup packet, and then again in InitPostgres for the duration of any
4385 : * authentication operations. So a hostile client could tie up the
4386 : * process for nearly twice AuthenticationTimeout before we kick him off.
4387 : *
4388 : * Note: because PostgresMain will call InitializeTimeouts again, the
4389 : * registration of STARTUP_PACKET_TIMEOUT will be lost. This is okay
4390 : * since we never use it again after this function.
4391 : */
3919 alvherre 4392 CBC 8676 : RegisterTimeout(STARTUP_PACKET_TIMEOUT, StartupPacketTimeoutHandler);
4393 8676 : enable_timeout_after(STARTUP_PACKET_TIMEOUT, AuthenticationTimeout * 1000);
4394 :
4395 : /*
4396 : * Receive the startup packet (which might turn out to be a cancel request
4397 : * packet).
4398 : */
1072 sfrost 4399 GIC 8676 : status = ProcessStartupPacket(port, false, false);
4400 :
4401 : /*
4402 : * Disable the timeout, and prevent SIGTERM again.
941 tgl 4403 ECB : */
941 tgl 4404 GIC 8652 : disable_timeout(STARTUP_PACKET_TIMEOUT, false);
65 tmunro 4405 GNC 8652 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
4406 :
4407 : /*
4408 : * As a safety check that nothing in startup has yet performed
940 tgl 4409 ECB : * shared-memory modifications that would need to be undone if we had
4410 : * exited through SIGTERM or timeout above, check that no on_shmem_exit
4411 : * handlers have been registered yet. (This isn't terribly bulletproof,
4412 : * since someone might misuse an on_proc_exit handler for shmem cleanup,
4413 : * but it's a cheap and helpful check. We cannot disallow on_proc_exit
4414 : * handlers unfortunately, since pq_init() already registered one.)
4415 : */
940 tgl 4416 GIC 8652 : check_on_shmem_exit_lists_are_empty();
4417 :
4418 : /*
4419 : * Stop here if it was bad or a cancel packet. ProcessStartupPacket
4420 : * already did any appropriate error reporting.
4421 : */
7621 4422 8652 : if (status != STATUS_OK)
7030 bruce 4423 33 : proc_exit(0);
4424 :
4425 : /*
4426 : * Now that we have the user and database name, we can set the process
4427 : * title for ps. It's good to do this as early as possible in startup.
4428 : */
1124 peter 4429 8619 : initStringInfo(&ps_data);
4832 heikki.linnakangas 4430 8619 : if (am_walsender)
1124 peter 4431 832 : appendStringInfo(&ps_data, "%s ", GetBackendTypeDesc(B_WAL_SENDER));
4432 8619 : appendStringInfo(&ps_data, "%s ", port->user_name);
136 michael 4433 GNC 8619 : if (port->database_name[0] != '\0')
1124 peter 4434 GIC 8269 : appendStringInfo(&ps_data, "%s ", port->database_name);
215 drowley 4435 GNC 8619 : appendStringInfoString(&ps_data, port->remote_host);
1124 peter 4436 GIC 8619 : if (port->remote_port[0] != '\0')
4437 164 : appendStringInfo(&ps_data, "(%s)", port->remote_port);
4438 :
4439 8619 : init_ps_display(ps_data.data);
4440 8619 : pfree(ps_data.data);
4441 :
4442 8619 : set_ps_display("initializing");
6304 tgl 4443 8619 : }
4444 :
4445 :
4446 : /*
4447 : * BackendRun -- set up the backend's argument list and invoke PostgresMain()
4448 : *
4449 : * returns:
4450 : * Doesn't return at all.
4451 : */
4452 : static void
4453 8617 : BackendRun(Port *port)
4454 : {
4455 : /*
4456 : * Make sure we aren't in PostmasterContext anymore. (We can't delete it
4457 : * just yet, though, because InitPostgres will need the HBA data.)
4458 : */
4971 4459 8617 : MemoryContextSwitchTo(TopMemoryContext);
4460 :
578 andres 4461 8617 : PostgresMain(port->database_name, port->user_name);
4462 : }
4463 :
4464 :
4465 : #ifdef EXEC_BACKEND
4466 :
4467 : /*
4468 : * postmaster_forkexec -- fork and exec a postmaster subprocess
4469 : *
4470 : * The caller must have set up the argv array already, except for argv[2]
4471 : * which will be filled with the name of the temp variable file.
4472 : *
4473 : * Returns the child process PID, or -1 on fork failure (a suitable error
4474 : * message has been logged on failure).
4475 : *
4476 : * All uses of this routine will dispatch to SubPostmasterMain in the
4477 : * child process.
4478 : */
4479 : pid_t
4480 : postmaster_forkexec(int argc, char *argv[])
4481 : {
4482 : Port port;
4483 :
4484 : /* This entry point passes dummy values for the Port variables */
4485 : memset(&port, 0, sizeof(port));
4486 : return internal_forkexec(argc, argv, &port);
4487 : }
4488 :
4489 : /*
4490 : * backend_forkexec -- fork/exec off a backend process
4491 : *
4492 : * Some operating systems (WIN32) don't have fork() so we have to simulate
4493 : * it by storing parameters that need to be passed to the child and
4494 : * then create a new child process.
4495 : *
4496 : * returns the pid of the fork/exec'd process, or -1 on failure
4497 : */
4498 : static pid_t
4499 : backend_forkexec(Port *port)
4500 : {
4501 : char *av[4];
4502 : int ac = 0;
4503 :
4504 : av[ac++] = "postgres";
4505 : av[ac++] = "--forkbackend";
4506 : av[ac++] = NULL; /* filled in by internal_forkexec */
4507 :
4508 : av[ac] = NULL;
4509 : Assert(ac < lengthof(av));
4510 :
4511 : return internal_forkexec(ac, av, port);
4512 : }
4513 :
4514 : #ifndef WIN32
4515 :
4516 : /*
4517 : * internal_forkexec non-win32 implementation
4518 : *
4519 : * - writes out backend variables to the parameter file
4520 : * - fork():s, and then exec():s the child process
4521 : */
4522 : static pid_t
4523 : internal_forkexec(int argc, char *argv[], Port *port)
4524 : {
4525 : static unsigned long tmpBackendFileNum = 0;
4526 : pid_t pid;
4527 : char tmpfilename[MAXPGPATH];
4528 : BackendParameters param;
4529 : FILE *fp;
4530 :
4531 : if (!save_backend_variables(¶m, port))
4532 : return -1; /* log made by save_backend_variables */
4533 :
4534 : /* Calculate name for temp file */
4535 : snprintf(tmpfilename, MAXPGPATH, "%s/%s.backend_var.%d.%lu",
4536 : PG_TEMP_FILES_DIR, PG_TEMP_FILE_PREFIX,
4537 : MyProcPid, ++tmpBackendFileNum);
4538 :
4539 : /* Open file */
4540 : fp = AllocateFile(tmpfilename, PG_BINARY_W);
4541 : if (!fp)
4542 : {
4543 : /*
4544 : * As in OpenTemporaryFileInTablespace, try to make the temp-file
4545 : * directory, ignoring errors.
4546 : */
4547 : (void) MakePGDirectory(PG_TEMP_FILES_DIR);
4548 :
4549 : fp = AllocateFile(tmpfilename, PG_BINARY_W);
4550 : if (!fp)
4551 : {
4552 : ereport(LOG,
4553 : (errcode_for_file_access(),
4554 : errmsg("could not create file \"%s\": %m",
4555 : tmpfilename)));
4556 : return -1;
4557 : }
4558 : }
4559 :
4560 : if (fwrite(¶m, sizeof(param), 1, fp) != 1)
4561 : {
4562 : ereport(LOG,
4563 : (errcode_for_file_access(),
4564 : errmsg("could not write to file \"%s\": %m", tmpfilename)));
4565 : FreeFile(fp);
4566 : return -1;
4567 : }
4568 :
4569 : /* Release file */
4570 : if (FreeFile(fp))
4571 : {
4572 : ereport(LOG,
4573 : (errcode_for_file_access(),
4574 : errmsg("could not write to file \"%s\": %m", tmpfilename)));
4575 : return -1;
4576 : }
4577 :
4578 : /* Make sure caller set up argv properly */
4579 : Assert(argc >= 3);
4580 : Assert(argv[argc] == NULL);
4581 : Assert(strncmp(argv[1], "--fork", 6) == 0);
4582 : Assert(argv[2] == NULL);
4583 :
4584 : /* Insert temp file name after --fork argument */
4585 : argv[2] = tmpfilename;
4586 :
4587 : /* Fire off execv in child */
4588 : if ((pid = fork_process()) == 0)
4589 : {
4590 : if (execv(postgres_exec_path, argv) < 0)
4591 : {
4592 : ereport(LOG,
4593 : (errmsg("could not execute server process \"%s\": %m",
4594 : postgres_exec_path)));
4595 : /* We're already in the child process here, can't return */
4596 : exit(1);
4597 : }
4598 : }
4599 :
4600 : return pid; /* Parent returns pid, or -1 on fork failure */
4601 : }
4602 : #else /* WIN32 */
4603 :
4604 : /*
4605 : * internal_forkexec win32 implementation
4606 : *
4607 : * - starts backend using CreateProcess(), in suspended state
4608 : * - writes out backend variables to the parameter file
4609 : * - during this, duplicates handles and sockets required for
4610 : * inheritance into the new process
4611 : * - resumes execution of the new process once the backend parameter
4612 : * file is complete.
4613 : */
4614 : static pid_t
4615 : internal_forkexec(int argc, char *argv[], Port *port)
4616 : {
4617 : int retry_count = 0;
4618 : STARTUPINFO si;
4619 : PROCESS_INFORMATION pi;
4620 : int i;
4621 : int j;
4622 : char cmdLine[MAXPGPATH * 2];
4623 : HANDLE paramHandle;
4624 : BackendParameters *param;
4625 : SECURITY_ATTRIBUTES sa;
4626 : char paramHandleStr[32];
4627 : win32_deadchild_waitinfo *childinfo;
4628 :
4629 : /* Make sure caller set up argv properly */
4630 : Assert(argc >= 3);
4631 : Assert(argv[argc] == NULL);
4632 : Assert(strncmp(argv[1], "--fork", 6) == 0);
4633 : Assert(argv[2] == NULL);
4634 :
4635 : /* Resume here if we need to retry */
4636 : retry:
4637 :
4638 : /* Set up shared memory for parameter passing */
4639 : ZeroMemory(&sa, sizeof(sa));
4640 : sa.nLength = sizeof(sa);
4641 : sa.bInheritHandle = TRUE;
4642 : paramHandle = CreateFileMapping(INVALID_HANDLE_VALUE,
4643 : &sa,
4644 : PAGE_READWRITE,
4645 : 0,
4646 : sizeof(BackendParameters),
4647 : NULL);
4648 : if (paramHandle == INVALID_HANDLE_VALUE)
4649 : {
4650 : ereport(LOG,
4651 : (errmsg("could not create backend parameter file mapping: error code %lu",
4652 : GetLastError())));
4653 : return -1;
4654 : }
4655 :
4656 : param = MapViewOfFile(paramHandle, FILE_MAP_WRITE, 0, 0, sizeof(BackendParameters));
4657 : if (!param)
4658 : {
4659 : ereport(LOG,
4660 : (errmsg("could not map backend parameter memory: error code %lu",
4661 : GetLastError())));
4662 : CloseHandle(paramHandle);
4663 : return -1;
4664 : }
4665 :
4666 : /* Insert temp file name after --fork argument */
4667 : #ifdef _WIN64
4668 : sprintf(paramHandleStr, "%llu", (LONG_PTR) paramHandle);
4669 : #else
4670 : sprintf(paramHandleStr, "%lu", (DWORD) paramHandle);
4671 : #endif
4672 : argv[2] = paramHandleStr;
4673 :
4674 : /* Format the cmd line */
4675 : cmdLine[sizeof(cmdLine) - 1] = '\0';
4676 : cmdLine[sizeof(cmdLine) - 2] = '\0';
4677 : snprintf(cmdLine, sizeof(cmdLine) - 1, "\"%s\"", postgres_exec_path);
4678 : i = 0;
4679 : while (argv[++i] != NULL)
4680 : {
4681 : j = strlen(cmdLine);
4682 : snprintf(cmdLine + j, sizeof(cmdLine) - 1 - j, " \"%s\"", argv[i]);
4683 : }
4684 : if (cmdLine[sizeof(cmdLine) - 2] != '\0')
4685 : {
4686 : ereport(LOG,
4687 : (errmsg("subprocess command line too long")));
4688 : UnmapViewOfFile(param);
4689 : CloseHandle(paramHandle);
4690 : return -1;
4691 : }
4692 :
4693 : memset(&pi, 0, sizeof(pi));
4694 : memset(&si, 0, sizeof(si));
4695 : si.cb = sizeof(si);
4696 :
4697 : /*
4698 : * Create the subprocess in a suspended state. This will be resumed later,
4699 : * once we have written out the parameter file.
4700 : */
4701 : if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED,
4702 : NULL, NULL, &si, &pi))
4703 : {
4704 : ereport(LOG,
4705 : (errmsg("CreateProcess() call failed: %m (error code %lu)",
4706 : GetLastError())));
4707 : UnmapViewOfFile(param);
4708 : CloseHandle(paramHandle);
4709 : return -1;
4710 : }
4711 :
4712 : if (!save_backend_variables(param, port, pi.hProcess, pi.dwProcessId))
4713 : {
4714 : /*
4715 : * log made by save_backend_variables, but we have to clean up the
4716 : * mess with the half-started process
4717 : */
4718 : if (!TerminateProcess(pi.hProcess, 255))
4719 : ereport(LOG,
4720 : (errmsg_internal("could not terminate unstarted process: error code %lu",
4721 : GetLastError())));
4722 : CloseHandle(pi.hProcess);
4723 : CloseHandle(pi.hThread);
4724 : UnmapViewOfFile(param);
4725 : CloseHandle(paramHandle);
4726 : return -1; /* log made by save_backend_variables */
4727 : }
4728 :
4729 : /* Drop the parameter shared memory that is now inherited to the backend */
4730 : if (!UnmapViewOfFile(param))
4731 : ereport(LOG,
4732 : (errmsg("could not unmap view of backend parameter file: error code %lu",
4733 : GetLastError())));
4734 : if (!CloseHandle(paramHandle))
4735 : ereport(LOG,
4736 : (errmsg("could not close handle to backend parameter file: error code %lu",
4737 : GetLastError())));
4738 :
4739 : /*
4740 : * Reserve the memory region used by our main shared memory segment before
4741 : * we resume the child process. Normally this should succeed, but if ASLR
4742 : * is active then it might sometimes fail due to the stack or heap having
4743 : * gotten mapped into that range. In that case, just terminate the
4744 : * process and retry.
4745 : */
4746 : if (!pgwin32_ReserveSharedMemoryRegion(pi.hProcess))
4747 : {
4748 : /* pgwin32_ReserveSharedMemoryRegion already made a log entry */
4749 : if (!TerminateProcess(pi.hProcess, 255))
4750 : ereport(LOG,
4751 : (errmsg_internal("could not terminate process that failed to reserve memory: error code %lu",
4752 : GetLastError())));
4753 : CloseHandle(pi.hProcess);
4754 : CloseHandle(pi.hThread);
4755 : if (++retry_count < 100)
4756 : goto retry;
4757 : ereport(LOG,
4758 : (errmsg("giving up after too many tries to reserve shared memory"),
4759 : errhint("This might be caused by ASLR or antivirus software.")));
4760 : return -1;
4761 : }
4762 :
4763 : /*
4764 : * Now that the backend variables are written out, we start the child
4765 : * thread so it can start initializing while we set up the rest of the
4766 : * parent state.
4767 : */
4768 : if (ResumeThread(pi.hThread) == -1)
4769 : {
4770 : if (!TerminateProcess(pi.hProcess, 255))
4771 : {
4772 : ereport(LOG,
4773 : (errmsg_internal("could not terminate unstartable process: error code %lu",
4774 : GetLastError())));
4775 : CloseHandle(pi.hProcess);
4776 : CloseHandle(pi.hThread);
4777 : return -1;
4778 : }
4779 : CloseHandle(pi.hProcess);
4780 : CloseHandle(pi.hThread);
4781 : ereport(LOG,
4782 : (errmsg_internal("could not resume thread of unstarted process: error code %lu",
4783 : GetLastError())));
4784 : return -1;
4785 : }
4786 :
4787 : /*
4788 : * Queue a waiter to signal when this child dies. The wait will be handled
4789 : * automatically by an operating system thread pool. The memory will be
4790 : * freed by a later call to waitpid().
4791 : */
4792 : childinfo = palloc(sizeof(win32_deadchild_waitinfo));
4793 : childinfo->procHandle = pi.hProcess;
4794 : childinfo->procId = pi.dwProcessId;
4795 :
4796 : if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
4797 : pi.hProcess,
4798 : pgwin32_deadchild_callback,
4799 : childinfo,
4800 : INFINITE,
4801 : WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
4802 : ereport(FATAL,
4803 : (errmsg_internal("could not register process for wait: error code %lu",
4804 : GetLastError())));
4805 :
4806 : /* Don't close pi.hProcess here - waitpid() needs access to it */
4807 :
4808 : CloseHandle(pi.hThread);
4809 :
4810 : return pi.dwProcessId;
4811 : }
4812 : #endif /* WIN32 */
4813 :
4814 :
4815 : /*
4816 : * SubPostmasterMain -- Get the fork/exec'd process into a state equivalent
4817 : * to what it would be if we'd simply forked on Unix, and then
4818 : * dispatch to the appropriate place.
4819 : *
4820 : * The first two command line arguments are expected to be "--forkFOO"
4821 : * (where FOO indicates which postmaster child we are to become), and
4822 : * the name of a variables file that we can read to load data that would
4823 : * have been inherited by fork() on Unix. Remaining arguments go to the
4824 : * subprocess FooMain() routine.
4825 : */
4826 : void
4827 : SubPostmasterMain(int argc, char *argv[])
4828 : {
4829 : Port port;
4830 :
4831 : /* In EXEC_BACKEND case we will not have inherited these settings */
4832 : IsPostmasterEnvironment = true;
4833 : whereToSendOutput = DestNone;
4834 :
4835 : /* Setup essential subsystems (to ensure elog() behaves sanely) */
4836 : InitializeGUCOptions();
4837 :
4838 : /* Check we got appropriate args */
4839 : if (argc < 3)
4840 : elog(FATAL, "invalid subpostmaster invocation");
4841 :
4842 : /* Read in the variables file */
4843 : memset(&port, 0, sizeof(Port));
4844 : read_backend_variables(argv[2], &port);
4845 :
4846 : /* Close the postmaster's sockets (as soon as we know them) */
4847 : ClosePostmasterPorts(strcmp(argv[1], "--forklog") == 0);
4848 :
4849 : /* Setup as postmaster child */
4850 : InitPostmasterChild();
4851 :
4852 : /*
4853 : * If appropriate, physically re-attach to shared memory segment. We want
4854 : * to do this before going any further to ensure that we can attach at the
4855 : * same address the postmaster used. On the other hand, if we choose not
4856 : * to re-attach, we may have other cleanup to do.
4857 : *
4858 : * If testing EXEC_BACKEND on Linux, you should run this as root before
4859 : * starting the postmaster:
4860 : *
4861 : * sysctl -w kernel.randomize_va_space=0
4862 : *
4863 : * This prevents using randomized stack and code addresses that cause the
4864 : * child process's memory map to be different from the parent's, making it
4865 : * sometimes impossible to attach to shared memory at the desired address.
4866 : * Return the setting to its old value (usually '1' or '2') when finished.
4867 : */
4868 : if (strcmp(argv[1], "--forkbackend") == 0 ||
4869 : strcmp(argv[1], "--forkavlauncher") == 0 ||
4870 : strcmp(argv[1], "--forkavworker") == 0 ||
4871 : strcmp(argv[1], "--forkaux") == 0 ||
4872 : strncmp(argv[1], "--forkbgworker=", 15) == 0)
4873 : PGSharedMemoryReAttach();
4874 : else
4875 : PGSharedMemoryNoReAttach();
4876 :
4877 : /* autovacuum needs this set before calling InitProcess */
4878 : if (strcmp(argv[1], "--forkavlauncher") == 0)
4879 : AutovacuumLauncherIAm();
4880 : if (strcmp(argv[1], "--forkavworker") == 0)
4881 : AutovacuumWorkerIAm();
4882 :
4883 : /* Read in remaining GUC variables */
4884 : read_nondefault_variables();
4885 :
4886 : /*
4887 : * Check that the data directory looks valid, which will also check the
4888 : * privileges on the data directory and update our umask and file/group
4889 : * variables for creating files later. Note: this should really be done
4890 : * before we create any files or directories.
4891 : */
4892 : checkDataDir();
4893 :
4894 : /*
4895 : * (re-)read control file, as it contains config. The postmaster will
4896 : * already have read this, but this process doesn't know about that.
4897 : */
4898 : LocalProcessControlFile(false);
4899 :
4900 : /*
4901 : * Reload any libraries that were preloaded by the postmaster. Since we
4902 : * exec'd this process, those libraries didn't come along with us; but we
4903 : * should load them into all child processes to be consistent with the
4904 : * non-EXEC_BACKEND behavior.
4905 : */
4906 : process_shared_preload_libraries();
4907 :
4908 : /* Run backend or appropriate child */
4909 : if (strcmp(argv[1], "--forkbackend") == 0)
4910 : {
4911 : Assert(argc == 3); /* shouldn't be any more args */
4912 :
4913 : /*
4914 : * Need to reinitialize the SSL library in the backend, since the
4915 : * context structures contain function pointers and cannot be passed
4916 : * through the parameter file.
4917 : *
4918 : * If for some reason reload fails (maybe the user installed broken
4919 : * key files), soldier on without SSL; that's better than all
4920 : * connections becoming impossible.
4921 : *
4922 : * XXX should we do this in all child processes? For the moment it's
4923 : * enough to do it in backend children.
4924 : */
4925 : #ifdef USE_SSL
4926 : if (EnableSSL)
4927 : {
4928 : if (secure_initialize(false) == 0)
4929 : LoadedSSL = true;
4930 : else
4931 : ereport(LOG,
4932 : (errmsg("SSL configuration could not be loaded in child process")));
4933 : }
4934 : #endif
4935 :
4936 : /*
4937 : * Perform additional initialization and collect startup packet.
4938 : *
4939 : * We want to do this before InitProcess() for a couple of reasons: 1.
4940 : * so that we aren't eating up a PGPROC slot while waiting on the
4941 : * client. 2. so that if InitProcess() fails due to being out of
4942 : * PGPROC slots, we have already initialized libpq and are able to
4943 : * report the error to the client.
4944 : */
4945 : BackendInitialize(&port);
4946 :
4947 : /* Restore basic shared memory pointers */
4948 : InitShmemAccess(UsedShmemSegAddr);
4949 :
4950 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
4951 : InitProcess();
4952 :
4953 : /* Attach process to shared data structures */
4954 : CreateSharedMemoryAndSemaphores();
4955 :
4956 : /* And run the backend */
4957 : BackendRun(&port); /* does not return */
4958 : }
4959 : if (strcmp(argv[1], "--forkaux") == 0)
4960 : {
4961 : AuxProcType auxtype;
4962 :
4963 : Assert(argc == 4);
4964 :
4965 : /* Restore basic shared memory pointers */
4966 : InitShmemAccess(UsedShmemSegAddr);
4967 :
4968 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
4969 : InitAuxiliaryProcess();
4970 :
4971 : /* Attach process to shared data structures */
4972 : CreateSharedMemoryAndSemaphores();
4973 :
4974 : auxtype = atoi(argv[3]);
4975 : AuxiliaryProcessMain(auxtype); /* does not return */
4976 : }
4977 : if (strcmp(argv[1], "--forkavlauncher") == 0)
4978 : {
4979 : /* Restore basic shared memory pointers */
4980 : InitShmemAccess(UsedShmemSegAddr);
4981 :
4982 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
4983 : InitProcess();
4984 :
4985 : /* Attach process to shared data structures */
4986 : CreateSharedMemoryAndSemaphores();
4987 :
4988 : AutoVacLauncherMain(argc - 2, argv + 2); /* does not return */
4989 : }
4990 : if (strcmp(argv[1], "--forkavworker") == 0)
4991 : {
4992 : /* Restore basic shared memory pointers */
6304 tgl 4993 ECB : InitShmemAccess(UsedShmemSegAddr);
4994 :
4995 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
4996 : InitProcess();
4997 :
4998 : /* Attach process to shared data structures */
4999 : CreateSharedMemoryAndSemaphores();
5000 :
5001 : AutoVacWorkerMain(argc - 2, argv + 2); /* does not return */
5002 : }
5003 : if (strncmp(argv[1], "--forkbgworker=", 15) == 0)
5004 : {
5005 : int shmem_slot;
5006 :
5007 : /* do this as early as possible; in particular, before InitProcess() */
5008 : IsBackgroundWorker = true;
5009 :
5010 : /* Restore basic shared memory pointers */
5011 : InitShmemAccess(UsedShmemSegAddr);
5012 :
5013 : /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
5014 : InitProcess();
5015 :
5016 : /* Attach process to shared data structures */
5017 : CreateSharedMemoryAndSemaphores();
5018 :
2441 5019 : /* Fetch MyBgworkerEntry from shared memory */
5020 : shmem_slot = atoi(argv[1] + 15);
5021 : MyBgworkerEntry = BackgroundWorkerEntry(shmem_slot);
5022 :
5023 : StartBackgroundWorker();
5024 : }
5025 : if (strcmp(argv[1], "--forklog") == 0)
5026 : {
6821 5027 : /* Do not want to attach to shared memory */
5028 :
2118 5029 : SysLoggerMain(argc, argv); /* does not return */
5030 : }
6890 5031 :
5032 : abort(); /* shouldn't get here */
5033 : }
5034 : #endif /* EXEC_BACKEND */
5035 :
5036 :
5037 : /*
5038 : * ExitPostmaster -- cleanup
5039 : *
8166 5040 : * Do NOT call exit() directly --- always go through here!
9770 scrappy 5041 : */
5042 : static void
9770 scrappy 5043 GIC 595 : ExitPostmaster(int status)
9770 scrappy 5044 ECB : {
3014 noah 5045 : #ifdef HAVE_PTHREAD_IS_THREADED_NP
5046 :
5047 : /*
5048 : * There is no known cause for a postmaster to become multithreaded after
5049 : * startup. Recheck to account for the possibility of unknown causes.
5050 : * This message uses LOG level, because an unclean shutdown at this point
5051 : * would usually not look much different from a clean shutdown.
5052 : */
5053 : if (pthread_is_threaded_np() != 0)
5054 : ereport(LOG,
5055 : (errcode(ERRCODE_INTERNAL_ERROR),
5056 : errmsg_internal("postmaster became multithreaded"),
5057 : errdetail("Please report this to <%s>.", PACKAGE_BUGREPORT)));
5058 : #endif
5059 :
9345 bruce 5060 : /* should cleanup shared memory and kill all backends */
5061 :
5062 : /*
5063 : * Not sure of the semantics here. When the Postmaster dies, should the
6385 5064 : * backends all be killed? probably not.
5065 : *
5066 : * MUST -- vadim 05-10-1999
5067 : */
8353 tgl 5068 :
9052 bruce 5069 GIC 595 : proc_exit(status);
5070 : }
9770 scrappy 5071 ECB :
5163 heikki.linnakangas 5072 : /*
5073 : * Handle pmsignal conditions representing requests from backends,
5074 : * and check for promote and logrotate requests from pg_ctl.
5075 : */
5076 : static void
87 tmunro 5077 GNC 2363 : process_pm_pmsignal(void)
5078 : {
5079 2363 : pending_pm_pmsignal = false;
5080 :
5081 2363 : ereport(DEBUG2,
5082 : (errmsg_internal("postmaster received pmsignal signal")));
5163 heikki.linnakangas 5083 ECB :
5084 : /*
5085 : * RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in
5086 : * unexpected states. If the startup process quickly starts up, completes
5158 5087 : * recovery, exits, we might process the death of the startup process
5088 : * first. We don't want to go back to recovery in that case.
5089 : */
5158 heikki.linnakangas 5090 CBC 2363 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_STARTED) &&
3791 tgl 5091 184 : pmState == PM_STARTUP && Shutdown == NoShutdown)
5092 : {
5093 : /* WAL redo has started. We're out of reinitialization. */
5158 heikki.linnakangas 5094 184 : FatalError = false;
1322 tgl 5095 184 : AbortStartTime = 0;
5096 :
5097 : /*
2886 heikki.linnakangas 5098 ECB : * Start the archiver if we're responsible for (re-)archiving received
5099 : * files.
5100 : */
2886 heikki.linnakangas 5101 GIC 184 : Assert(PgArchPID == 0);
2858 fujii 5102 CBC 184 : if (XLogArchivingAlways())
755 5103 3 : PgArchPID = StartArchiver();
5104 :
2111 tgl 5105 EUB : /*
5106 : * If we aren't planning to enter hot standby mode later, treat
5107 : * RECOVERY_STARTED as meaning we're out of startup, and report status
5108 : * accordingly.
5109 : */
2700 peter_e 5110 GIC 184 : if (!EnableHotStandby)
2111 tgl 5111 ECB : {
2111 tgl 5112 GBC 2 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STANDBY);
5113 : #ifdef USE_SYSTEMD
2700 peter_e 5114 GIC 2 : sd_notify(0, "READY=1");
5115 : #endif
5116 : }
5117 :
5158 heikki.linnakangas 5118 184 : pmState = PM_RECOVERY;
5119 : }
5120 :
4712 rhaas 5121 2363 : if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY) &&
3791 tgl 5122 114 : pmState == PM_RECOVERY && Shutdown == NoShutdown)
5163 heikki.linnakangas 5123 EUB : {
4859 simon 5124 GIC 114 : ereport(LOG,
5125 : (errmsg("database system is ready to accept read-only connections")));
8062 tgl 5126 ECB :
2111 5127 : /* Report status */
2111 tgl 5128 GIC 114 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
5129 : #ifdef USE_SYSTEMD
2700 peter_e 5130 CBC 114 : sd_notify(0, "READY=1");
5131 : #endif
5132 :
4712 rhaas 5133 114 : pmState = PM_HOT_STANDBY;
368 sfrost 5134 GIC 114 : connsAllowed = true;
5135 :
5136 : /* Some workers may be scheduled to start now */
3109 rhaas 5137 CBC 114 : StartWorkerNeeded = true;
5158 heikki.linnakangas 5138 ECB : }
5139 :
5140 : /* Process background worker state changes. */
836 tgl 5141 GIC 2363 : if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))
5142 : {
5143 : /* Accept new worker requests only if not stopping. */
5144 953 : BackgroundWorkerStateChange(pmState < PM_STOP_BACKENDS);
5145 953 : StartWorkerNeeded = true;
5146 : }
5147 :
3109 rhaas 5148 2363 : if (StartWorkerNeeded || HaveCrashedWorker)
2174 tgl 5149 1067 : maybe_start_bgworkers();
5150 :
1681 akorotkov 5151 ECB : /* Tell syslogger to rotate logfile if requested */
1681 akorotkov 5152 GIC 2363 : if (SysLoggerPID != 0)
6449 tgl 5153 ECB : {
1681 akorotkov 5154 GIC 1 : if (CheckLogrotateSignal())
5155 : {
1681 akorotkov 5156 CBC 1 : signal_child(SysLoggerPID, SIGUSR1);
5157 1 : RemoveLogrotateSignalFiles();
1681 akorotkov 5158 ECB : }
1681 akorotkov 5159 LBC 0 : else if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE))
5160 : {
1681 akorotkov 5161 UIC 0 : signal_child(SysLoggerPID, SIGUSR1);
5162 : }
5163 : }
5164 :
3791 tgl 5165 GIC 2363 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER) &&
968 tgl 5166 UIC 0 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
6117 alvherre 5167 ECB : {
5168 : /*
5999 tgl 5169 : * Start one iteration of the autovacuum daemon, even if autovacuuming
5170 : * is nominally not enabled. This is so we can have an active defense
5171 : * against transaction ID wraparound. We set a flag for the main loop
5172 : * to do it rather than trying to do it here --- this is because the
5173 : * autovac process itself may send the signal, and we want to handle
5174 : * that by launching another iteration as soon as the current one
5175 : * completes.
5176 : */
5897 alvherre 5177 UIC 0 : start_autovac_launcher = true;
5178 : }
5179 :
3791 tgl 5180 GIC 2363 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER) &&
968 5181 16 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
5182 : {
5183 : /* The autovacuum launcher wants us to start a worker process. */
5897 alvherre 5184 16 : StartAutovacuumWorker();
5738 tgl 5185 EUB : }
5186 :
2113 tgl 5187 GBC 2363 : if (CheckPostmasterSignal(PMSIGNAL_START_WALRECEIVER))
5188 : {
5189 : /* Startup Process wants us to start the walreceiver process. */
5190 : /* Start immediately if possible, else remember request for later. */
2113 tgl 5191 GIC 213 : WalReceiverRequested = true;
5192 213 : MaybeStartWalReceiver();
5193 : }
5194 :
5195 : /*
5196 : * Try to advance postmaster's state machine, if a child requests it.
5197 : *
5198 : * Be careful about the order of this action relative to this function's
5199 : * other actions. Generally, this should be after other actions, in case
1446 tgl 5200 EUB : * they have effects PostmasterStateMachine would need to know about.
5201 : * However, we should do it before the CheckPromoteSignal step, which
5202 : * cannot have any (immediate) effect on the state machine, but does
5203 : * depend on what state we're in now.
5204 : */
1446 tgl 5205 GIC 2363 : if (CheckPostmasterSignal(PMSIGNAL_ADVANCE_STATE_MACHINE))
5206 : {
4389 rhaas 5207 879 : PostmasterStateMachine();
5208 : }
4389 rhaas 5209 EUB :
1446 tgl 5210 GIC 2363 : if (StartupPID != 0 &&
4436 rhaas 5211 GBC 571 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
968 tgl 5212 GIC 975 : pmState == PM_HOT_STANDBY) &&
1446 5213 571 : CheckPromoteSignal())
5214 : {
5215 : /*
5216 : * Tell startup process to finish recovery.
5217 : *
5218 : * Leave the promote signal file in place and let the Startup process
970 tgl 5219 ECB : * do the unlink.
5220 : */
4436 rhaas 5221 CBC 36 : signal_child(StartupPID, SIGUSR2);
5222 : }
8062 tgl 5223 2363 : }
5224 :
5225 : /*
941 tgl 5226 ECB : * SIGTERM while processing startup packet.
5227 : *
940 5228 : * Running proc_exit() from a signal handler would be quite unsafe.
5229 : * However, since we have not yet touched shared memory, we can just
5230 : * pull the plug and exit without running any atexit handlers.
5231 : *
5232 : * One might be tempted to try to send a message, or log one, indicating
5233 : * why we are disconnecting. However, that would be quite unsafe in itself.
5234 : * Also, it seems undesirable to provide clues about the database's state
5235 : * to a client that has not yet completed authentication, or even sent us
5236 : * a startup packet.
5237 : */
5238 : static void
941 tgl 5239 LBC 0 : process_startup_packet_die(SIGNAL_ARGS)
5240 : {
940 tgl 5241 UIC 0 : _exit(1);
5242 : }
5243 :
5244 : /*
7826 tgl 5245 ECB : * Dummy signal handler
5246 : *
5247 : * We use this for signals that we don't actually use in the postmaster,
5248 : * but we do use in backends. If we were to SIG_IGN such signals in the
6889 5249 : * postmaster, then a newly started backend might drop a signal that arrives
5250 : * before it's able to reconfigure its signal processing. (See notes in
5251 : * tcop/postgres.c.)
5252 : */
7826 5253 : static void
7826 tgl 5254 UIC 0 : dummy_handler(SIGNAL_ARGS)
7826 tgl 5255 ECB : {
7826 tgl 5256 UIC 0 : }
5257 :
5258 : /*
5259 : * Timeout while processing startup packet.
5260 : * As for process_startup_packet_die(), we exit via _exit(1).
5261 : */
5262 : static void
3919 alvherre 5263 0 : StartupPacketTimeoutHandler(void)
5264 : {
940 tgl 5265 0 : _exit(1);
5266 : }
5267 :
5268 :
2364 heikki.linnakangas 5269 ECB : /*
5270 : * Generate a random cancel key.
5271 : */
5272 : static bool
2316 heikki.linnakangas 5273 GIC 11004 : RandomCancelKey(int32 *cancel_key)
5274 : {
1559 michael 5275 11004 : return pg_strong_random(cancel_key, sizeof(int32));
5276 : }
5277 :
5278 : /*
5279 : * Count up number of child processes of specified types (dead_end children
5280 : * are always excluded).
5281 : */
5282 : static int
4832 heikki.linnakangas 5283 14615 : CountChildren(int target)
5284 : {
5285 : dlist_iter iter;
8835 tgl 5286 14615 : int cnt = 0;
5287 :
3827 alvherre 5288 55262 : dlist_foreach(iter, &BackendList)
5289 : {
5290 40647 : Backend *bp = dlist_container(Backend, elem, iter.cur);
5291 :
4832 heikki.linnakangas 5292 40647 : if (bp->dead_end)
5293 38 : continue;
5294 :
4461 rhaas 5295 ECB : /*
5296 : * Since target == BACKEND_TYPE_ALL is the most common case, we test
4382 bruce 5297 : * it first and avoid touching shared memory for every child.
5298 : */
4461 rhaas 5299 CBC 40609 : if (target != BACKEND_TYPE_ALL)
5300 : {
5301 : /*
3776 alvherre 5302 ECB : * Assign bkend_type for any recently announced WAL Sender
5303 : * processes.
5304 : */
3776 alvherre 5305 CBC 4948 : if (bp->bkend_type == BACKEND_TYPE_NORMAL &&
5306 1548 : IsPostmasterChildWalSender(bp->child_slot))
5307 42 : bp->bkend_type = BACKEND_TYPE_WALSND;
5308 :
5309 3400 : if (!(target & bp->bkend_type))
4461 rhaas 5310 GIC 280 : continue;
5311 : }
5312 :
4832 heikki.linnakangas 5313 CBC 40329 : cnt++;
5314 : }
8835 tgl 5315 GIC 14615 : return cnt;
8835 tgl 5316 EUB : }
5317 :
6890 5318 :
8062 5319 : /*
5320 : * StartChildProcess -- start an auxiliary process for the postmaster
8061 5321 : *
2440 5322 : * "type" determines what kind of child will be started. All child types
5323 : * initially go to AuxiliaryProcessMain, which will handle common setup.
7033 bruce 5324 : *
6889 tgl 5325 : * Return value of StartChildProcess is subprocess' PID, or 0 if failed
5326 : * to start subprocess.
5327 : */
6890 5328 : static pid_t
5877 alvherre 5329 GBC 2540 : StartChildProcess(AuxProcType type)
7045 bruce 5330 EUB : {
5331 : pid_t pid;
5332 :
7011 tgl 5333 : #ifdef EXEC_BACKEND
613 andres 5334 : {
5335 : char *av[10];
5336 : int ac = 0;
5337 : char typebuf[32];
7011 tgl 5338 :
5339 : /*
613 andres 5340 : * Set up command-line arguments for subprocess
5341 : */
5342 : av[ac++] = "postgres";
5343 : av[ac++] = "--forkaux";
5344 : av[ac++] = NULL; /* filled in by postmaster_forkexec */
7011 tgl 5345 :
613 andres 5346 : snprintf(typebuf, sizeof(typebuf), "%d", type);
5347 : av[ac++] = typebuf;
7045 bruce 5348 :
5349 : av[ac] = NULL;
5350 : Assert(ac < lengthof(av));
5351 :
5352 : pid = postmaster_forkexec(ac, av);
5353 : }
5354 : #else /* !EXEC_BACKEND */
6604 neilc 5355 GBC 2540 : pid = fork_process();
7188 bruce 5356 EUB :
6890 tgl 5357 GBC 4322 : if (pid == 0) /* child */
5358 : {
3008 andres 5359 GIC 1782 : InitPostmasterChild();
5360 :
5361 : /* Close the postmaster's sockets */
6821 tgl 5362 1782 : ClosePostmasterPorts(false);
8095 tgl 5363 ECB :
5364 : /* Release postmaster's working memory context */
6826 tgl 5365 GIC 1782 : MemoryContextSwitchTo(TopMemoryContext);
5366 1782 : MemoryContextDelete(PostmasterContext);
5367 1782 : PostmasterContext = NULL;
5368 :
613 andres 5369 1782 : AuxiliaryProcessMain(type); /* does not return */
5370 : }
5371 : #endif /* EXEC_BACKEND */
5372 :
8586 vadim4o 5373 2540 : if (pid < 0)
5374 : {
5375 : /* in parent, fork failed */
6890 tgl 5376 LBC 0 : int save_errno = errno;
5377 :
6890 tgl 5378 UIC 0 : errno = save_errno;
5877 alvherre 5379 0 : switch (type)
5380 : {
5381 0 : case StartupProcess:
7201 tgl 5382 0 : ereport(LOG,
5383 : (errmsg("could not fork startup process: %m")));
7892 peter_e 5384 0 : break;
755 fujii 5385 0 : case ArchiverProcess:
5386 0 : ereport(LOG,
755 fujii 5387 ECB : (errmsg("could not fork archiver process: %m")));
755 fujii 5388 UIC 0 : break;
5877 alvherre 5389 0 : case BgWriterProcess:
7081 JanWieck 5390 0 : ereport(LOG,
5391 : (errmsg("could not fork background writer process: %m")));
7706 tgl 5392 0 : break;
4177 simon 5393 0 : case CheckpointerProcess:
5394 0 : ereport(LOG,
3955 bruce 5395 ECB : (errmsg("could not fork checkpointer process: %m")));
4177 simon 5396 UIC 0 : break;
5738 tgl 5397 UBC 0 : case WalWriterProcess:
5738 tgl 5398 UIC 0 : ereport(LOG,
5399 : (errmsg("could not fork WAL writer process: %m")));
5738 tgl 5400 UBC 0 : break;
4832 heikki.linnakangas 5401 UIC 0 : case WalReceiverProcess:
5402 0 : ereport(LOG,
4832 heikki.linnakangas 5403 ECB : (errmsg("could not fork WAL receiver process: %m")));
4832 heikki.linnakangas 5404 LBC 0 : break;
7892 peter_e 5405 UIC 0 : default:
7201 tgl 5406 LBC 0 : ereport(LOG,
5407 : (errmsg("could not fork process: %m")));
7892 peter_e 5408 UIC 0 : break;
7892 peter_e 5409 ECB : }
8053 bruce 5410 :
8061 tgl 5411 : /*
5412 : * fork failure is fatal during startup, but there's no need to choke
6385 bruce 5413 : * immediately if starting other child types fails.
8061 tgl 5414 : */
5877 alvherre 5415 UIC 0 : if (type == StartupProcess)
6889 tgl 5416 LBC 0 : ExitPostmaster(1);
5417 0 : return 0;
5418 : }
5419 :
5420 : /*
5421 : * in parent, successful fork
8062 tgl 5422 ECB : */
8061 tgl 5423 GIC 2540 : return pid;
5424 : }
5425 :
5426 : /*
5427 : * StartAutovacuumWorker
5428 : * Start an autovac worker process.
5897 alvherre 5429 EUB : *
5430 : * This function is here because it enters the resulting PID into the
5431 : * postmaster's private backends list.
5432 : *
5433 : * NB -- this code very roughly matches BackendStartup.
5434 : */
5435 : static void
5897 alvherre 5436 GIC 16 : StartAutovacuumWorker(void)
5437 : {
5438 : Backend *bn;
5439 :
5440 : /*
5441 : * If not in condition to run a process, don't try, but handle it like a
5442 : * fork failure. This does not normally happen, since the signal is only
5443 : * supposed to be sent by autovacuum launcher when it's OK to do it, but
5444 : * we have to check to avoid race-condition problems during DB state
5445 : * changes.
5446 : */
1280 tgl 5447 GBC 16 : if (canAcceptConnections(BACKEND_TYPE_AUTOVAC) == CAC_OK)
5448 : {
2316 heikki.linnakangas 5449 EUB : /*
2153 bruce 5450 : * Compute the cancel key that will be assigned to this session. We
5451 : * probably don't need cancel keys for autovac workers, but we'd
5452 : * better have something random in the field to prevent unfriendly
5453 : * people from sending cancels to them.
5454 : */
2316 heikki.linnakangas 5455 GIC 16 : if (!RandomCancelKey(&MyCancelKey))
5456 : {
2316 heikki.linnakangas 5457 UIC 0 : ereport(LOG,
5458 : (errcode(ERRCODE_INTERNAL_ERROR),
5459 : errmsg("could not generate random cancel key")));
5460 0 : return;
5461 : }
5462 :
5722 tgl 5463 GIC 16 : bn = (Backend *) malloc(sizeof(Backend));
5464 16 : if (bn)
5465 : {
2364 heikki.linnakangas 5466 16 : bn->cancel_key = MyCancelKey;
5087 tgl 5467 ECB :
5468 : /* Autovac workers are not dead_end and need a child slot */
2364 heikki.linnakangas 5469 CBC 16 : bn->dead_end = false;
5470 16 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
5471 16 : bn->bgworker_notify = false;
5087 tgl 5472 ECB :
2364 heikki.linnakangas 5473 GIC 16 : bn->pid = StartAutoVacWorker();
2364 heikki.linnakangas 5474 CBC 16 : if (bn->pid > 0)
2364 heikki.linnakangas 5475 ECB : {
2364 heikki.linnakangas 5476 CBC 16 : bn->bkend_type = BACKEND_TYPE_AUTOVAC;
2364 heikki.linnakangas 5477 GIC 16 : dlist_push_head(&BackendList, &bn->elem);
5478 : #ifdef EXEC_BACKEND
2364 heikki.linnakangas 5479 ECB : ShmemBackendArrayAdd(bn);
5480 : #endif
5481 : /* all OK */
2364 heikki.linnakangas 5482 GIC 16 : return;
5483 : }
5484 :
5485 : /*
2364 heikki.linnakangas 5486 ECB : * fork failed, fall through to report -- actual error message was
5487 : * logged by StartAutoVacWorker
5488 : */
2364 heikki.linnakangas 5489 UIC 0 : (void) ReleasePostmasterChildSlot(bn->child_slot);
5722 tgl 5490 0 : free(bn);
5491 : }
5492 : else
5722 tgl 5493 LBC 0 : ereport(LOG,
5494 : (errcode(ERRCODE_OUT_OF_MEMORY),
5722 tgl 5495 EUB : errmsg("out of memory")));
5496 : }
5497 :
5498 : /*
5499 : * Report the failure to the launcher, if it's running. (If it's not, we
5500 : * might not even be connected to shared memory, so don't try to call
4976 alvherre 5501 ECB : * AutoVacWorkerFailed.) Note that we also need to signal it so that it
5502 : * responds to the condition, but we don't do that here, instead waiting
1036 peter 5503 : * for ServerLoop to do it. This way we avoid a ping-pong signaling in
4976 alvherre 5504 : * quick succession between the autovac launcher and postmaster in case
5505 : * things get ugly.
5722 tgl 5506 : */
5767 alvherre 5507 UIC 0 : if (AutoVacPID != 0)
5722 tgl 5508 EUB : {
5722 tgl 5509 UIC 0 : AutoVacWorkerFailed();
4976 alvherre 5510 0 : avlauncher_needs_signal = true;
5722 tgl 5511 EUB : }
5512 : }
5513 :
2113 tgl 5514 ECB : /*
5515 : * MaybeStartWalReceiver
5516 : * Start the WAL receiver process, if not running and our state allows.
5517 : *
5518 : * Note: if WalReceiverPID is already nonzero, it might seem that we should
5519 : * clear WalReceiverRequested. However, there's a race condition if the
5520 : * walreceiver terminates and the startup process immediately requests a new
5521 : * one: it's quite possible to get the signal for the request before reaping
5522 : * the dead walreceiver process. Better to risk launching an extra
5523 : * walreceiver than to miss launching one we need. (The walreceiver code
5524 : * has logic to recognize that it should go away if not needed.)
5525 : */
5526 : static void
2113 tgl 5527 GIC 454 : MaybeStartWalReceiver(void)
5528 : {
5529 454 : if (WalReceiverPID == 0 &&
2113 tgl 5530 CBC 212 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
968 tgl 5531 GIC 211 : pmState == PM_HOT_STANDBY) &&
968 tgl 5532 CBC 201 : Shutdown <= SmartShutdown)
2113 tgl 5533 ECB : {
2113 tgl 5534 GIC 201 : WalReceiverPID = StartWalReceiver();
1446 5535 201 : if (WalReceiverPID != 0)
5536 201 : WalReceiverRequested = false;
5537 : /* else leave the flag set, so we'll try again later */
5538 : }
2113 5539 454 : }
2113 tgl 5540 ECB :
5541 :
8525 ishii 5542 : /*
5543 : * Create the opts file
5544 : */
8309 peter_e 5545 : static bool
6905 bruce 5546 GBC 593 : CreateOptsFile(int argc, char *argv[], char *fullprogname)
5547 : {
5548 : FILE *fp;
5549 : int i;
8528 ishii 5550 ECB :
5551 : #define OPTS_FILE "postmaster.opts"
5552 :
6488 tgl 5553 CBC 593 : if ((fp = fopen(OPTS_FILE, "w")) == NULL)
5554 : {
856 peter 5555 UIC 0 : ereport(LOG,
5556 : (errcode_for_file_access(),
856 peter 5557 ECB : errmsg("could not create file \"%s\": %m", OPTS_FILE)));
8309 peter_e 5558 UBC 0 : return false;
5559 : }
8528 ishii 5560 ECB :
8309 peter_e 5561 CBC 593 : fprintf(fp, "%s", fullprogname);
8309 peter_e 5562 GIC 2772 : for (i = 1; i < argc; i++)
5400 bruce 5563 2179 : fprintf(fp, " \"%s\"", argv[i]);
8309 peter_e 5564 593 : fputs("\n", fp);
5565 :
7013 tgl 5566 593 : if (fclose(fp))
8397 bruce 5567 ECB : {
856 peter 5568 UIC 0 : ereport(LOG,
856 peter 5569 ECB : (errcode_for_file_access(),
5570 : errmsg("could not write file \"%s\": %m", OPTS_FILE)));
8309 peter_e 5571 UIC 0 : return false;
8528 ishii 5572 ECB : }
8528 ishii 5573 EUB :
8309 peter_e 5574 GIC 593 : return true;
5575 : }
5576 :
7050 bruce 5577 ECB :
5578 : /*
5579 : * MaxLivePostmasterChildren
5087 tgl 5580 : *
5581 : * This reports the number of entries needed in per-child-process arrays
5582 : * (the PMChildFlags array, and if EXEC_BACKEND the ShmemBackendArray).
5583 : * These arrays include regular backends, autovac workers, walsenders
3776 alvherre 5584 : * and background workers, but not special children nor dead_end children.
3776 alvherre 5585 EUB : * This allows the arrays to have a fixed maximum size, to wit the same
5586 : * too-many-children limit enforced by canAcceptConnections(). The exact value
3776 alvherre 5587 ECB : * isn't too critical as long as it's more than MaxBackends.
5087 tgl 5588 : */
5589 : int
5087 tgl 5590 GIC 19196 : MaxLivePostmasterChildren(void)
5591 : {
3776 alvherre 5592 38392 : return 2 * (MaxConnections + autovacuum_max_workers + 1 +
1517 michael 5593 19196 : max_wal_senders + max_worker_processes);
5087 tgl 5594 EUB : }
5595 :
3776 alvherre 5596 : /*
5597 : * Connect background worker to a database.
5598 : */
5599 : void
1830 magnus 5600 CBC 325 : BackgroundWorkerInitializeConnection(const char *dbname, const char *username, uint32 flags)
5601 : {
3776 alvherre 5602 325 : BackgroundWorker *worker = MyBgworkerEntry;
3776 alvherre 5603 ECB :
5604 : /* XXX is this the right errcode? */
3776 alvherre 5605 GIC 325 : if (!(worker->bgw_flags & BGWORKER_BACKEND_DATABASE_CONNECTION))
3776 alvherre 5606 UIC 0 : ereport(FATAL,
5607 : (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
5608 : errmsg("database connection requirement not indicated during registration")));
5609 :
258 tgl 5610 GIC 325 : InitPostgres(dbname, InvalidOid, /* database to connect to */
5611 : username, InvalidOid, /* role to connect as */
5612 : false, /* never honor session_preload_libraries */
5613 325 : (flags & BGWORKER_BYPASS_ALLOWCONN) != 0, /* ignore datallowconn? */
5614 : NULL); /* no out_dbname */
5615 :
5616 : /* it had better not gotten out of "init" mode yet */
2988 rhaas 5617 323 : if (!IsInitProcessingMode())
2988 rhaas 5618 UIC 0 : ereport(ERROR,
5619 : (errmsg("invalid processing mode in background worker")));
2988 rhaas 5620 GIC 323 : SetProcessingMode(NormalProcessing);
5621 323 : }
5622 :
5623 : /*
5624 : * Connect background worker to a database using OIDs.
5625 : */
5626 : void
1830 magnus 5627 1614 : BackgroundWorkerInitializeConnectionByOid(Oid dboid, Oid useroid, uint32 flags)
5628 : {
2988 rhaas 5629 1614 : BackgroundWorker *worker = MyBgworkerEntry;
5630 :
5631 : /* XXX is this the right errcode? */
5632 1614 : if (!(worker->bgw_flags & BGWORKER_BACKEND_DATABASE_CONNECTION))
2988 rhaas 5633 UIC 0 : ereport(FATAL,
5634 : (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
5635 : errmsg("database connection requirement not indicated during registration")));
2988 rhaas 5636 ECB :
258 tgl 5637 GIC 1614 : InitPostgres(NULL, dboid, /* database to connect to */
5638 : NULL, useroid, /* role to connect as */
5639 : false, /* never honor session_preload_libraries */
258 tgl 5640 CBC 1614 : (flags & BGWORKER_BYPASS_ALLOWCONN) != 0, /* ignore datallowconn? */
5641 : NULL); /* no out_dbname */
5642 :
5643 : /* it had better not gotten out of "init" mode yet */
3776 alvherre 5644 GIC 1611 : if (!IsInitProcessingMode())
3776 alvherre 5645 UIC 0 : ereport(ERROR,
5646 : (errmsg("invalid processing mode in background worker")));
3776 alvherre 5647 GIC 1611 : SetProcessingMode(NormalProcessing);
5648 1611 : }
5649 :
5650 : /*
5651 : * Block/unblock signals in a background worker
3776 alvherre 5652 ECB : */
5653 : void
3776 alvherre 5654 UBC 0 : BackgroundWorkerBlockSignals(void)
3776 alvherre 5655 EUB : {
65 tmunro 5656 UNC 0 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
3776 alvherre 5657 UIC 0 : }
3776 alvherre 5658 ECB :
5659 : void
3776 alvherre 5660 GIC 2012 : BackgroundWorkerUnblockSignals(void)
5661 : {
65 tmunro 5662 GNC 2012 : sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
3776 alvherre 5663 GIC 2012 : }
5664 :
3776 alvherre 5665 ECB : #ifdef EXEC_BACKEND
5666 : static pid_t
5667 : bgworker_forkexec(int shmem_slot)
3776 alvherre 5668 EUB : {
5669 : char *av[10];
5670 : int ac = 0;
5671 : char forkav[MAXPGPATH];
5672 :
3554 rhaas 5673 : snprintf(forkav, MAXPGPATH, "--forkbgworker=%d", shmem_slot);
3776 alvherre 5674 :
5675 : av[ac++] = "postgres";
5676 : av[ac++] = forkav;
5677 : av[ac++] = NULL; /* filled in by postmaster_forkexec */
5678 : av[ac] = NULL;
5679 :
5680 : Assert(ac < lengthof(av));
5681 :
3776 alvherre 5682 ECB : return postmaster_forkexec(ac, av);
5683 : }
5684 : #endif
5685 :
5686 : /*
5687 : * Start a new bgworker.
5688 : * Starting time conditions must have been checked already.
5689 : *
5690 : * Returns true on success, false on failure.
5691 : * In either case, update the RegisteredBgWorker's state appropriately.
5692 : *
5693 : * This code is heavily based on autovacuum.c, q.v.
5694 : */
2176 tgl 5695 : static bool
3523 rhaas 5696 GIC 2153 : do_start_bgworker(RegisteredBgWorker *rw)
5697 : {
3776 alvherre 5698 ECB : pid_t worker_pid;
5699 :
2176 tgl 5700 CBC 2153 : Assert(rw->rw_pid == 0);
5701 :
2176 tgl 5702 ECB : /*
5703 : * Allocate and assign the Backend element. Note we must do this before
5704 : * forking, so that we can handle failures (out of memory or child-process
5705 : * slots) cleanly.
5706 : *
5707 : * Treat failure as though the worker had crashed. That way, the
5708 : * postmaster will wait a bit before attempting to start it again; if we
1280 5709 : * tried again right away, most likely we'd find ourselves hitting the
5710 : * same resource-exhaustion condition.
2176 5711 : */
2176 tgl 5712 GIC 2153 : if (!assign_backendlist_entry(rw))
2176 tgl 5713 ECB : {
2176 tgl 5714 UIC 0 : rw->rw_crashed_at = GetCurrentTimestamp();
5715 0 : return false;
5716 : }
2176 tgl 5717 ECB :
2844 rhaas 5718 GIC 2153 : ereport(DEBUG1,
5719 : (errmsg_internal("starting background worker process \"%s\"",
697 tgl 5720 EUB : rw->rw_worker.bgw_name)));
5721 :
5722 : #ifdef EXEC_BACKEND
5723 : switch ((worker_pid = bgworker_forkexec(rw->rw_shmem_slot)))
5724 : #else
3776 alvherre 5725 GIC 2153 : switch ((worker_pid = fork_process()))
5726 : #endif
5727 : {
3776 alvherre 5728 LBC 0 : case -1:
5729 : /* in postmaster, fork failed ... */
5730 0 : ereport(LOG,
5731 : (errmsg("could not fork worker process: %m")));
2176 tgl 5732 EUB : /* undo what assign_backendlist_entry did */
2176 tgl 5733 UIC 0 : ReleasePostmasterChildSlot(rw->rw_child_slot);
5734 0 : rw->rw_child_slot = 0;
5735 0 : free(rw->rw_backend);
5736 0 : rw->rw_backend = NULL;
5737 : /* mark entry as crashed, so we'll try again later */
2176 tgl 5738 UBC 0 : rw->rw_crashed_at = GetCurrentTimestamp();
2176 tgl 5739 UIC 0 : break;
3776 alvherre 5740 ECB :
5741 : #ifndef EXEC_BACKEND
3776 alvherre 5742 CBC 1948 : case 0:
5743 : /* in postmaster child ... */
3008 andres 5744 GIC 1948 : InitPostmasterChild();
5745 :
3776 alvherre 5746 ECB : /* Close the postmaster's sockets */
3776 alvherre 5747 CBC 1948 : ClosePostmasterPorts(false);
5748 :
5749 : /*
5750 : * Before blowing away PostmasterContext, save this bgworker's
5751 : * data where it can find it.
5752 : */
2440 tgl 5753 1948 : MyBgworkerEntry = (BackgroundWorker *)
2440 tgl 5754 GBC 1948 : MemoryContextAlloc(TopMemoryContext, sizeof(BackgroundWorker));
2440 tgl 5755 GIC 1948 : memcpy(MyBgworkerEntry, &rw->rw_worker, sizeof(BackgroundWorker));
5756 :
5757 : /* Release postmaster's working memory context */
2440 tgl 5758 CBC 1948 : MemoryContextSwitchTo(TopMemoryContext);
2440 tgl 5759 GIC 1948 : MemoryContextDelete(PostmasterContext);
5760 1948 : PostmasterContext = NULL;
5761 :
3523 rhaas 5762 1948 : StartBackgroundWorker();
5763 :
5764 : exit(1); /* should not get here */
5765 : break;
5766 : #endif
3776 alvherre 5767 2153 : default:
5768 : /* in postmaster, fork successful ... */
5769 2153 : rw->rw_pid = worker_pid;
2777 rhaas 5770 CBC 2153 : rw->rw_backend->pid = rw->rw_pid;
3511 rhaas 5771 GIC 2153 : ReportBackgroundWorkerPID(rw);
5772 : /* add new worker to lists of backends */
2176 tgl 5773 2153 : dlist_push_head(&BackendList, &rw->rw_backend->elem);
5774 : #ifdef EXEC_BACKEND
5775 : ShmemBackendArrayAdd(rw->rw_backend);
5776 : #endif
5777 2153 : return true;
5778 : }
2176 tgl 5779 ECB :
2176 tgl 5780 UIC 0 : return false;
3776 alvherre 5781 EUB : }
5782 :
5783 : /*
5784 : * Does the current postmaster state require starting a worker with the
5785 : * specified start_time?
5786 : */
5787 : static bool
3776 alvherre 5788 GIC 2864 : bgworker_should_start_now(BgWorkerStartTime start_time)
5789 : {
5790 2864 : switch (pmState)
5791 : {
3776 alvherre 5792 UIC 0 : case PM_NO_CHILDREN:
3776 alvherre 5793 ECB : case PM_WAIT_DEAD_END:
5794 : case PM_SHUTDOWN_2:
3776 alvherre 5795 EUB : case PM_SHUTDOWN:
5796 : case PM_WAIT_BACKENDS:
5797 : case PM_STOP_BACKENDS:
3776 alvherre 5798 UBC 0 : break;
5799 :
3776 alvherre 5800 GIC 2153 : case PM_RUN:
3776 alvherre 5801 CBC 2153 : if (start_time == BgWorkerStart_RecoveryFinished)
5802 845 : return true;
5803 : /* fall through */
3776 alvherre 5804 EUB :
5805 : case PM_HOT_STANDBY:
3776 alvherre 5806 GIC 1422 : if (start_time == BgWorkerStart_ConsistentState)
3776 alvherre 5807 GBC 1308 : return true;
5808 : /* fall through */
5809 :
3776 alvherre 5810 ECB : case PM_RECOVERY:
5811 : case PM_STARTUP:
5812 : case PM_INIT:
3776 alvherre 5813 CBC 711 : if (start_time == BgWorkerStart_PostmasterStart)
3776 alvherre 5814 LBC 0 : return true;
5815 : /* fall through */
3776 alvherre 5816 ECB : }
5817 :
3776 alvherre 5818 GIC 711 : return false;
3776 alvherre 5819 ECB : }
5820 :
5821 : /*
5822 : * Allocate the Backend struct for a connected background worker, but don't
5823 : * add it to the list of backends just yet.
5824 : *
5825 : * On failure, return false without changing any worker state.
5826 : *
5827 : * Some info from the Backend is copied into the passed rw.
5828 : */
5829 : static bool
3776 alvherre 5830 GIC 2153 : assign_backendlist_entry(RegisteredBgWorker *rw)
5831 : {
5832 : Backend *bn;
5833 :
1280 tgl 5834 ECB : /*
5835 : * Check that database state allows another connection. Currently the
5836 : * only possible failure is CAC_TOOMANY, so we just log an error message
5837 : * based on that rather than checking the error code precisely.
5838 : */
1280 tgl 5839 GIC 2153 : if (canAcceptConnections(BACKEND_TYPE_BGWORKER) != CAC_OK)
5840 : {
1280 tgl 5841 UIC 0 : ereport(LOG,
5842 : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
5843 : errmsg("no slot available for new worker process")));
5844 0 : return false;
1280 tgl 5845 ECB : }
5846 :
2316 heikki.linnakangas 5847 : /*
5848 : * Compute the cancel key that will be assigned to this session. We
5849 : * probably don't need cancel keys for background workers, but we'd better
5850 : * have something random in the field to prevent unfriendly people from
5851 : * sending cancels to them.
5852 : */
2316 heikki.linnakangas 5853 CBC 2153 : if (!RandomCancelKey(&MyCancelKey))
2316 heikki.linnakangas 5854 ECB : {
2316 heikki.linnakangas 5855 UIC 0 : ereport(LOG,
2316 heikki.linnakangas 5856 ECB : (errcode(ERRCODE_INTERNAL_ERROR),
5857 : errmsg("could not generate random cancel key")));
2316 heikki.linnakangas 5858 UIC 0 : return false;
5859 : }
2316 heikki.linnakangas 5860 ECB :
2316 heikki.linnakangas 5861 GIC 2153 : bn = malloc(sizeof(Backend));
3776 alvherre 5862 2153 : if (bn == NULL)
3776 alvherre 5863 ECB : {
3776 alvherre 5864 LBC 0 : ereport(LOG,
5865 : (errcode(ERRCODE_OUT_OF_MEMORY),
5866 : errmsg("out of memory")));
5867 0 : return false;
5868 : }
3776 alvherre 5869 EUB :
3776 alvherre 5870 GBC 2153 : bn->cancel_key = MyCancelKey;
3776 alvherre 5871 GIC 2153 : bn->child_slot = MyPMChildSlot = AssignPostmasterChildSlot();
5872 2153 : bn->bkend_type = BACKEND_TYPE_BGWORKER;
5873 2153 : bn->dead_end = false;
3511 rhaas 5874 2153 : bn->bgworker_notify = false;
5875 :
3776 alvherre 5876 2153 : rw->rw_backend = bn;
5877 2153 : rw->rw_child_slot = bn->child_slot;
5878 :
5879 2153 : return true;
3776 alvherre 5880 ECB : }
5881 :
5882 : /*
2174 tgl 5883 : * If the time is right, start background worker(s).
5884 : *
5885 : * As a side effect, the bgworker control variables are set or reset
5886 : * depending on whether more workers may need to be started.
5887 : *
5888 : * We limit the number of workers started per call, to avoid consuming the
5889 : * postmaster's attention for too long when many such requests are pending.
5890 : * As long as StartWorkerNeeded is true, ServerLoop will not block and will
2176 5891 : * call this function again after dealing with any other issues.
3776 alvherre 5892 : */
5893 : static void
2174 tgl 5894 CBC 5063 : maybe_start_bgworkers(void)
5895 : {
5896 : #define MAX_BGWORKERS_TO_LAUNCH 100
2174 tgl 5897 GIC 5063 : int num_launched = 0;
3776 alvherre 5898 CBC 5063 : TimestampTz now = 0;
2174 tgl 5899 ECB : slist_mutable_iter iter;
5900 :
2176 5901 : /*
5902 : * During crash recovery, we have no need to be called until the state
5903 : * transition out of recovery.
5904 : */
3776 alvherre 5905 CBC 5063 : if (FatalError)
3776 alvherre 5906 ECB : {
3776 alvherre 5907 GIC 4 : StartWorkerNeeded = false;
5908 4 : HaveCrashedWorker = false;
2176 tgl 5909 4 : return;
3776 alvherre 5910 ECB : }
5911 :
5912 : /* Don't need to be called again unless we find a reason for it below */
2176 tgl 5913 CBC 5059 : StartWorkerNeeded = false;
3776 alvherre 5914 GIC 5059 : HaveCrashedWorker = false;
5915 :
3554 rhaas 5916 14440 : slist_foreach_modify(iter, &BackgroundWorkerList)
5917 : {
5918 : RegisteredBgWorker *rw;
5919 :
3776 alvherre 5920 9381 : rw = slist_container(RegisteredBgWorker, rw_lnode, iter.cur);
5921 :
5922 : /* ignore if already running */
5923 9381 : if (rw->rw_pid != 0)
5924 5230 : continue;
5925 :
2176 tgl 5926 ECB : /* if marked for death, clean up and remove from list */
3460 rhaas 5927 GIC 4151 : if (rw->rw_terminate)
3460 rhaas 5928 EUB : {
3460 rhaas 5929 UBC 0 : ForgetBackgroundWorker(&iter);
3460 rhaas 5930 UIC 0 : continue;
5931 : }
5932 :
5933 : /*
5934 : * If this worker has crashed previously, maybe it needs to be
5935 : * restarted (unless on registration it specified it doesn't want to
5936 : * be restarted at all). Check how long ago did a crash last happen.
5937 : * If the last crash is too recent, don't start it right away; let it
3776 alvherre 5938 ECB : * be restarted once enough time has passed.
5939 : */
3776 alvherre 5940 GBC 4151 : if (rw->rw_crashed_at != 0)
3776 alvherre 5941 EUB : {
3776 alvherre 5942 GIC 1287 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
3554 rhaas 5943 6 : {
5944 : int notify_pid;
5945 :
1950 5946 6 : notify_pid = rw->rw_worker.bgw_notify_pid;
5947 :
3546 tgl 5948 6 : ForgetBackgroundWorker(&iter);
5949 :
5950 : /* Report worker is gone now. */
1950 rhaas 5951 6 : if (notify_pid != 0)
5952 6 : kill(notify_pid, SIGUSR1);
1950 rhaas 5953 ECB :
3776 alvherre 5954 GIC 6 : continue;
5955 : }
5956 :
5957 : /* read system time only when needed */
3776 alvherre 5958 CBC 1281 : if (now == 0)
3776 alvherre 5959 GIC 1281 : now = GetCurrentTimestamp();
3776 alvherre 5960 ECB :
3776 alvherre 5961 CBC 1281 : if (!TimestampDifferenceExceeds(rw->rw_crashed_at, now,
2118 tgl 5962 GIC 1281 : rw->rw_worker.bgw_restart_time * 1000))
3776 alvherre 5963 ECB : {
2176 tgl 5964 : /* Set flag to remember that we have workers to start later */
3776 alvherre 5965 GIC 1281 : HaveCrashedWorker = true;
5966 1281 : continue;
3776 alvherre 5967 EUB : }
5968 : }
5969 :
3776 alvherre 5970 GIC 2864 : if (bgworker_should_start_now(rw->rw_worker.bgw_start_time))
5971 : {
5972 : /* reset crash time before trying to start worker */
5973 2153 : rw->rw_crashed_at = 0;
5974 :
5975 : /*
5976 : * Try to start the worker.
5977 : *
5978 : * On failure, give up processing workers for now, but set
5979 : * StartWorkerNeeded so we'll come back here on the next iteration
5980 : * of ServerLoop to try again. (We don't want to wait, because
5981 : * there might be additional ready-to-run workers.) We could set
5982 : * HaveCrashedWorker as well, since this worker is now marked
5983 : * crashed, but there's no need because the next run of this
5984 : * function will do that.
5985 : */
2176 tgl 5986 2153 : if (!do_start_bgworker(rw))
5987 : {
2176 tgl 5988 UIC 0 : StartWorkerNeeded = true;
2777 rhaas 5989 0 : return;
5990 : }
5991 :
5992 : /*
5993 : * If we've launched as many workers as allowed, quit, but have
5994 : * ServerLoop call us again to look for additional ready-to-run
5995 : * workers. There might not be any, but we'll find out the next
5996 : * time we run.
5997 : */
2174 tgl 5998 GIC 2153 : if (++num_launched >= MAX_BGWORKERS_TO_LAUNCH)
5999 : {
2174 tgl 6000 UIC 0 : StartWorkerNeeded = true;
6001 0 : return;
6002 : }
6003 : }
6004 : }
6005 : }
6006 :
6007 : /*
6008 : * When a backend asks to be notified about worker state changes, we
6009 : * set a flag in its backend entry. The background worker machinery needs
6010 : * to know when such backends exit.
6011 : */
6012 : bool
3511 rhaas 6013 GIC 1631 : PostmasterMarkPIDForWorkerNotify(int pid)
6014 : {
6015 : dlist_iter iter;
6016 : Backend *bp;
6017 :
6018 3838 : dlist_foreach(iter, &BackendList)
6019 : {
6020 3838 : bp = dlist_container(Backend, elem, iter.cur);
6021 3838 : if (bp->pid == pid)
6022 : {
6023 1631 : bp->bgworker_notify = true;
6024 1631 : return true;
6025 : }
6026 : }
3511 rhaas 6027 UIC 0 : return false;
6028 : }
6029 :
6030 : #ifdef EXEC_BACKEND
6031 :
6032 : /*
6033 : * The following need to be available to the save/restore_backend_variables
6034 : * functions. They are marked NON_EXEC_STATIC in their home modules.
6035 : */
6036 : extern slock_t *ShmemLock;
6037 : extern slock_t *ProcStructLock;
6038 : extern PGPROC *AuxiliaryProcs;
6039 : extern PMSignalData *PMSignalState;
6040 : extern pg_time_t first_syslogger_file_time;
6041 :
6042 : #ifndef WIN32
6043 : #define write_inheritable_socket(dest, src, childpid) ((*(dest) = (src)), true)
6044 : #define read_inheritable_socket(dest, src) (*(dest) = *(src))
6045 : #else
6046 : static bool write_duplicated_handle(HANDLE *dest, HANDLE src, HANDLE child);
6047 : static bool write_inheritable_socket(InheritableSocket *dest, SOCKET src,
6048 : pid_t childPid);
6049 : static void read_inheritable_socket(SOCKET *dest, InheritableSocket *src);
6050 : #endif
6051 :
6052 :
6053 : /* Save critical backend variables into the BackendParameters struct */
6054 : #ifndef WIN32
6055 : static bool
6056 : save_backend_variables(BackendParameters *param, Port *port)
6057 : #else
6058 : static bool
6059 : save_backend_variables(BackendParameters *param, Port *port,
6060 : HANDLE childProcess, pid_t childPid)
6061 : #endif
6062 : {
6063 : memcpy(¶m->port, port, sizeof(Port));
6064 : if (!write_inheritable_socket(¶m->portsocket, port->sock, childPid))
6065 : return false;
6066 :
6067 : strlcpy(param->DataDir, DataDir, MAXPGPATH);
6068 :
6069 : memcpy(¶m->ListenSocket, &ListenSocket, sizeof(ListenSocket));
6070 :
6071 : param->MyCancelKey = MyCancelKey;
6072 : param->MyPMChildSlot = MyPMChildSlot;
6073 :
6074 : #ifdef WIN32
6075 : param->ShmemProtectiveRegion = ShmemProtectiveRegion;
6076 : #endif
6077 : param->UsedShmemSegID = UsedShmemSegID;
6078 : param->UsedShmemSegAddr = UsedShmemSegAddr;
6079 :
6080 : param->ShmemLock = ShmemLock;
6081 : param->ShmemVariableCache = ShmemVariableCache;
6082 : param->ShmemBackendArray = ShmemBackendArray;
6083 :
6084 : #ifndef HAVE_SPINLOCKS
6085 : param->SpinlockSemaArray = SpinlockSemaArray;
6086 : #endif
6087 : param->NamedLWLockTrancheRequests = NamedLWLockTrancheRequests;
6088 : param->NamedLWLockTrancheArray = NamedLWLockTrancheArray;
6089 : param->MainLWLockArray = MainLWLockArray;
6090 : param->ProcStructLock = ProcStructLock;
6091 : param->ProcGlobal = ProcGlobal;
6092 : param->AuxiliaryProcs = AuxiliaryProcs;
6093 : param->PreparedXactProcs = PreparedXactProcs;
6094 : param->PMSignalState = PMSignalState;
6095 :
6096 : param->PostmasterPid = PostmasterPid;
6097 : param->PgStartTime = PgStartTime;
6098 : param->PgReloadTime = PgReloadTime;
6099 : param->first_syslogger_file_time = first_syslogger_file_time;
6100 :
6101 : param->redirection_done = redirection_done;
6102 : param->IsBinaryUpgrade = IsBinaryUpgrade;
6103 : param->query_id_enabled = query_id_enabled;
6104 : param->max_safe_fds = max_safe_fds;
6105 :
6106 : param->MaxBackends = MaxBackends;
6107 :
6108 : #ifdef WIN32
6109 : param->PostmasterHandle = PostmasterHandle;
6110 : if (!write_duplicated_handle(¶m->initial_signal_pipe,
6111 : pgwin32_create_signal_listener(childPid),
6112 : childProcess))
6113 : return false;
6114 : #else
6115 : memcpy(¶m->postmaster_alive_fds, &postmaster_alive_fds,
6116 : sizeof(postmaster_alive_fds));
6117 : #endif
6118 :
6119 : memcpy(¶m->syslogPipe, &syslogPipe, sizeof(syslogPipe));
6120 :
6121 : strlcpy(param->my_exec_path, my_exec_path, MAXPGPATH);
6122 :
6123 : strlcpy(param->pkglib_path, pkglib_path, MAXPGPATH);
6124 :
6125 : return true;
6126 : }
6127 :
6128 :
6129 : #ifdef WIN32
6130 : /*
6131 : * Duplicate a handle for usage in a child process, and write the child
6132 : * process instance of the handle to the parameter file.
6133 : */
6134 : static bool
6135 : write_duplicated_handle(HANDLE *dest, HANDLE src, HANDLE childProcess)
6136 : {
6137 : HANDLE hChild = INVALID_HANDLE_VALUE;
6138 :
6139 : if (!DuplicateHandle(GetCurrentProcess(),
6140 : src,
6141 : childProcess,
6142 : &hChild,
6143 : 0,
6144 : TRUE,
6145 : DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS))
6146 : {
6147 : ereport(LOG,
6148 : (errmsg_internal("could not duplicate handle to be written to backend parameter file: error code %lu",
6149 : GetLastError())));
6150 : return false;
6151 : }
6152 :
6153 : *dest = hChild;
6154 : return true;
6155 : }
6156 :
6157 : /*
6158 : * Duplicate a socket for usage in a child process, and write the resulting
6159 : * structure to the parameter file.
6160 : * This is required because a number of LSPs (Layered Service Providers) very
6161 : * common on Windows (antivirus, firewalls, download managers etc) break
6162 : * straight socket inheritance.
6163 : */
6164 : static bool
6165 : write_inheritable_socket(InheritableSocket *dest, SOCKET src, pid_t childpid)
6166 : {
6167 : dest->origsocket = src;
6168 : if (src != 0 && src != PGINVALID_SOCKET)
6169 : {
6170 : /* Actual socket */
6171 : if (WSADuplicateSocket(src, childpid, &dest->wsainfo) != 0)
6172 : {
6173 : ereport(LOG,
6174 : (errmsg("could not duplicate socket %d for use in backend: error code %d",
6175 : (int) src, WSAGetLastError())));
6176 : return false;
6177 : }
6178 : }
6179 : return true;
6180 : }
6181 :
6182 : /*
6183 : * Read a duplicate socket structure back, and get the socket descriptor.
6184 : */
6185 : static void
6186 : read_inheritable_socket(SOCKET *dest, InheritableSocket *src)
6187 : {
6188 : SOCKET s;
6189 :
6190 : if (src->origsocket == PGINVALID_SOCKET || src->origsocket == 0)
6191 : {
6192 : /* Not a real socket! */
6193 : *dest = src->origsocket;
6194 : }
6195 : else
6196 : {
6197 : /* Actual socket, so create from structure */
6198 : s = WSASocket(FROM_PROTOCOL_INFO,
6199 : FROM_PROTOCOL_INFO,
6200 : FROM_PROTOCOL_INFO,
6201 : &src->wsainfo,
6202 : 0,
6203 : 0);
6204 : if (s == INVALID_SOCKET)
6205 : {
6206 : write_stderr("could not create inherited socket: error code %d\n",
6207 : WSAGetLastError());
6208 : exit(1);
6209 : }
6210 : *dest = s;
6211 :
6212 : /*
6213 : * To make sure we don't get two references to the same socket, close
6214 : * the original one. (This would happen when inheritance actually
6215 : * works..
6216 : */
6217 : closesocket(src->origsocket);
6218 : }
6219 : }
6220 : #endif
6221 :
6222 : static void
6223 : read_backend_variables(char *id, Port *port)
6224 : {
6225 : BackendParameters param;
6226 :
6227 : #ifndef WIN32
6228 : /* Non-win32 implementation reads from file */
6229 : FILE *fp;
6230 :
6231 : /* Open file */
6232 : fp = AllocateFile(id, PG_BINARY_R);
6233 : if (!fp)
6234 : {
6235 : write_stderr("could not open backend variables file \"%s\": %s\n",
6236 : id, strerror(errno));
6237 : exit(1);
6238 : }
6239 :
6240 : if (fread(¶m, sizeof(param), 1, fp) != 1)
6241 : {
6242 : write_stderr("could not read from backend variables file \"%s\": %s\n",
6243 : id, strerror(errno));
6244 : exit(1);
6245 : }
6246 :
6247 : /* Release file */
6248 : FreeFile(fp);
6249 : if (unlink(id) != 0)
6250 : {
6251 : write_stderr("could not remove file \"%s\": %s\n",
6252 : id, strerror(errno));
6253 : exit(1);
6254 : }
6255 : #else
6256 : /* Win32 version uses mapped file */
6257 : HANDLE paramHandle;
6258 : BackendParameters *paramp;
6259 :
6260 : #ifdef _WIN64
6261 : paramHandle = (HANDLE) _atoi64(id);
6262 : #else
6263 : paramHandle = (HANDLE) atol(id);
6264 : #endif
6265 : paramp = MapViewOfFile(paramHandle, FILE_MAP_READ, 0, 0, 0);
6266 : if (!paramp)
6267 : {
6268 : write_stderr("could not map view of backend variables: error code %lu\n",
6269 : GetLastError());
6270 : exit(1);
6271 : }
6272 :
6273 : memcpy(¶m, paramp, sizeof(BackendParameters));
6274 :
6275 : if (!UnmapViewOfFile(paramp))
6276 : {
6277 : write_stderr("could not unmap view of backend variables: error code %lu\n",
6278 : GetLastError());
6279 : exit(1);
6280 : }
6281 :
6282 : if (!CloseHandle(paramHandle))
6283 : {
6284 : write_stderr("could not close handle to backend parameter variables: error code %lu\n",
6285 : GetLastError());
6286 : exit(1);
6287 : }
6288 : #endif
6289 :
6290 : restore_backend_variables(¶m, port);
6291 : }
6292 :
6293 : /* Restore critical backend variables from the BackendParameters struct */
6294 : static void
6295 : restore_backend_variables(BackendParameters *param, Port *port)
6296 : {
6297 : memcpy(port, ¶m->port, sizeof(Port));
6298 : read_inheritable_socket(&port->sock, ¶m->portsocket);
6299 :
6300 : SetDataDir(param->DataDir);
6301 :
6302 : memcpy(&ListenSocket, ¶m->ListenSocket, sizeof(ListenSocket));
6303 :
6304 : MyCancelKey = param->MyCancelKey;
6305 : MyPMChildSlot = param->MyPMChildSlot;
6306 :
6307 : #ifdef WIN32
6308 : ShmemProtectiveRegion = param->ShmemProtectiveRegion;
6309 : #endif
6310 : UsedShmemSegID = param->UsedShmemSegID;
6311 : UsedShmemSegAddr = param->UsedShmemSegAddr;
6312 :
6313 : ShmemLock = param->ShmemLock;
6314 : ShmemVariableCache = param->ShmemVariableCache;
6315 : ShmemBackendArray = param->ShmemBackendArray;
6316 :
6317 : #ifndef HAVE_SPINLOCKS
6318 : SpinlockSemaArray = param->SpinlockSemaArray;
6319 : #endif
6320 : NamedLWLockTrancheRequests = param->NamedLWLockTrancheRequests;
6321 : NamedLWLockTrancheArray = param->NamedLWLockTrancheArray;
6322 : MainLWLockArray = param->MainLWLockArray;
6323 : ProcStructLock = param->ProcStructLock;
6324 : ProcGlobal = param->ProcGlobal;
6325 : AuxiliaryProcs = param->AuxiliaryProcs;
6326 : PreparedXactProcs = param->PreparedXactProcs;
6327 : PMSignalState = param->PMSignalState;
6328 :
6329 : PostmasterPid = param->PostmasterPid;
6330 : PgStartTime = param->PgStartTime;
6331 : PgReloadTime = param->PgReloadTime;
6332 : first_syslogger_file_time = param->first_syslogger_file_time;
6333 :
6334 : redirection_done = param->redirection_done;
6335 : IsBinaryUpgrade = param->IsBinaryUpgrade;
6336 : query_id_enabled = param->query_id_enabled;
6337 : max_safe_fds = param->max_safe_fds;
6338 :
6339 : MaxBackends = param->MaxBackends;
6340 :
6341 : #ifdef WIN32
6342 : PostmasterHandle = param->PostmasterHandle;
6343 : pgwin32_initial_signal_pipe = param->initial_signal_pipe;
6344 : #else
6345 : memcpy(&postmaster_alive_fds, ¶m->postmaster_alive_fds,
6346 : sizeof(postmaster_alive_fds));
6347 : #endif
6348 :
6349 : memcpy(&syslogPipe, ¶m->syslogPipe, sizeof(syslogPipe));
6350 :
6351 : strlcpy(my_exec_path, param->my_exec_path, MAXPGPATH);
6352 :
6353 : strlcpy(pkglib_path, param->pkglib_path, MAXPGPATH);
6354 :
6355 : /*
6356 : * We need to restore fd.c's counts of externally-opened FDs; to avoid
6357 : * confusion, be sure to do this after restoring max_safe_fds. (Note:
6358 : * BackendInitialize will handle this for port->sock.)
6359 : */
6360 : #ifndef WIN32
6361 : if (postmaster_alive_fds[0] >= 0)
6362 : ReserveExternalFD();
6363 : if (postmaster_alive_fds[1] >= 0)
6364 : ReserveExternalFD();
6365 : #endif
6366 : }
6367 :
6368 :
6369 : Size
6370 : ShmemBackendArraySize(void)
6371 : {
6372 : return mul_size(MaxLivePostmasterChildren(), sizeof(Backend));
6373 : }
6374 :
6375 : void
6376 : ShmemBackendArrayAllocation(void)
6377 : {
6378 : Size size = ShmemBackendArraySize();
6379 :
6380 : ShmemBackendArray = (Backend *) ShmemAlloc(size);
6381 : /* Mark all slots as empty */
6382 : memset(ShmemBackendArray, 0, size);
6383 : }
6384 :
6385 : static void
6386 : ShmemBackendArrayAdd(Backend *bn)
6387 : {
6388 : /* The array slot corresponding to my PMChildSlot should be free */
6389 : int i = bn->child_slot - 1;
6390 :
6391 : Assert(ShmemBackendArray[i].pid == 0);
6392 : ShmemBackendArray[i] = *bn;
6393 : }
6394 :
6395 : static void
6396 : ShmemBackendArrayRemove(Backend *bn)
6397 : {
6398 : int i = bn->child_slot - 1;
6399 :
6400 : Assert(ShmemBackendArray[i].pid == bn->pid);
6401 : /* Mark the slot as empty */
6402 : ShmemBackendArray[i].pid = 0;
6403 : }
6404 : #endif /* EXEC_BACKEND */
6405 :
6406 :
6407 : #ifdef WIN32
6408 :
6409 : /*
6410 : * Subset implementation of waitpid() for Windows. We assume pid is -1
6411 : * (that is, check all child processes) and options is WNOHANG (don't wait).
6412 : */
6413 : static pid_t
6414 : waitpid(pid_t pid, int *exitstatus, int options)
6415 : {
6416 : win32_deadchild_waitinfo *childinfo;
6417 : DWORD exitcode;
6418 : DWORD dwd;
6419 : ULONG_PTR key;
6420 : OVERLAPPED *ovl;
6421 :
6422 : /* Try to consume one win32_deadchild_waitinfo from the queue. */
6423 : if (!GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
6424 : {
6425 : errno = EAGAIN;
6426 : return -1;
6427 : }
6428 :
6429 : childinfo = (win32_deadchild_waitinfo *) key;
6430 : pid = childinfo->procId;
6431 :
6432 : /*
6433 : * Remove handle from wait - required even though it's set to wait only
6434 : * once
6435 : */
6436 : UnregisterWaitEx(childinfo->waitHandle, NULL);
6437 :
6438 : if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
5644 magnus 6439 ECB : {
6440 : /*
6441 : * Should never happen. Inform user and set a fixed exitcode.
6442 : */
6443 : write_stderr("could not read exit code for process\n");
6444 : exitcode = 255;
6445 : }
6446 : *exitstatus = exitcode;
6447 :
6448 : /*
6449 : * Close the process handle. Only after this point can the PID can be
6450 : * recycled by the kernel.
6451 : */
6452 : CloseHandle(childinfo->procHandle);
6453 :
5624 bruce 6454 EUB : /*
6455 : * Free struct that was allocated before the call to
6456 : * RegisterWaitForSingleObject()
6457 : */
6458 : pfree(childinfo);
5644 magnus 6459 ECB :
25 tmunro 6460 : return pid;
6461 : }
6462 :
6463 : /*
6464 : * Note! Code below executes on a thread pool! All operations must
6465 : * be thread safe! Note that elog() and friends must *not* be used.
6466 : */
25 tmunro 6467 EUB : static void WINAPI
6468 : pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
6469 : {
6470 : /* Should never happen, since we use INFINITE as timeout value. */
6471 : if (TimerOrWaitFired)
6472 : return;
6473 :
6474 : /*
6475 : * Post the win32_deadchild_waitinfo object for waitpid() to deal with. If
6476 : * that fails, we leak the object, but we also leak a whole process and
6477 : * get into an unrecoverable state, so there's not much point in worrying
6478 : * about that. We'd like to panic, but we can't use that infrastructure
6479 : * from this thread.
6480 : */
6481 : if (!PostQueuedCompletionStatus(win32ChildQueue,
6482 : 0,
6483 : (ULONG_PTR) lpParameter,
6484 : NULL))
6485 : write_stderr("could not post child completion status\n");
25 tmunro 6486 ECB :
6487 : /* Queue SIGCHLD signal. */
6488 : pg_queue_signal(SIGCHLD);
6489 : }
6490 : #endif /* WIN32 */
6491 :
6492 : /*
6493 : * Initialize one and only handle for monitoring postmaster death.
6494 : *
6495 : * Called once in the postmaster, so that child processes can subsequently
6496 : * monitor if their parent is dead.
6497 : */
6498 : static void
4293 heikki.linnakangas 6499 GIC 593 : InitPostmasterDeathWatchHandle(void)
6500 : {
6501 : #ifndef WIN32
6502 :
6503 : /*
6504 : * Create a pipe. Postmaster holds the write end of the pipe open
6505 : * (POSTMASTER_FD_OWN), and children hold the read end. Children can pass
6506 : * the read file descriptor to select() to wake up in case postmaster
6507 : * dies, or check for postmaster death with a (read() == 0). Children must
6508 : * close the write end as soon as possible after forking, because EOF
6509 : * won't be signaled in the read end until all processes have closed the
6510 : * write fd. That is taken care of in ClosePostmasterPorts().
6511 : */
6512 593 : Assert(MyProcPid == PostmasterPid);
2179 tgl 6513 593 : if (pipe(postmaster_alive_fds) < 0)
4293 heikki.linnakangas 6514 UIC 0 : ereport(FATAL,
6515 : (errcode_for_file_access(),
6516 : errmsg_internal("could not create pipe to monitor postmaster death: %m")));
6517 :
6518 : /* Notify fd.c that we've eaten two FDs for the pipe. */
1140 tgl 6519 GIC 593 : ReserveExternalFD();
6520 593 : ReserveExternalFD();
6521 :
6522 : /*
6523 : * Set O_NONBLOCK to allow testing for the fd's presence with a read()
6524 : * call.
6525 : */
2179 6526 593 : if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFL, O_NONBLOCK) == -1)
4293 heikki.linnakangas 6527 UIC 0 : ereport(FATAL,
6528 : (errcode_for_socket_access(),
6529 : errmsg_internal("could not set postmaster death monitoring pipe to nonblocking mode: %m")));
6530 : #else
6531 :
6532 : /*
6533 : * On Windows, we use a process handle for the same purpose.
6534 : */
6535 : if (DuplicateHandle(GetCurrentProcess(),
6536 : GetCurrentProcess(),
6537 : GetCurrentProcess(),
6538 : &PostmasterHandle,
6539 : 0,
6540 : TRUE,
6541 : DUPLICATE_SAME_ACCESS) == 0)
6542 : ereport(FATAL,
6543 : (errmsg_internal("could not duplicate postmaster handle: error code %lu",
6544 : GetLastError())));
6545 : #endif /* WIN32 */
4293 heikki.linnakangas 6546 GIC 593 : }
|
