Branch data Line data Source code
1 : : /*-------------------------------------------------------------------------
2 : : *
3 : : * postmaster.c
4 : : * This program acts as a clearing house for requests to the
5 : : * POSTGRES system. Frontend programs connect to the Postmaster,
6 : : * and postmaster forks a new backend process to handle the
7 : : * connection.
8 : : *
9 : : * The postmaster also manages system-wide operations such as
10 : : * startup and shutdown. The postmaster itself doesn't do those
11 : : * operations, mind you --- it just forks off a subprocess to do them
12 : : * at the right times. It also takes care of resetting the system
13 : : * if a backend crashes.
14 : : *
15 : : * The postmaster process creates the shared memory and semaphore
16 : : * pools during startup, but as a rule does not touch them itself.
17 : : * In particular, it is not a member of the PGPROC array of backends
18 : : * and so it cannot participate in lock-manager operations. Keeping
19 : : * the postmaster away from shared memory operations makes it simpler
20 : : * and more reliable. The postmaster is almost always able to recover
21 : : * from crashes of individual backends by resetting shared memory;
22 : : * if it did much with shared memory then it would be prone to crashing
23 : : * along with the backends.
24 : : *
25 : : * When a request message is received, we now fork() immediately.
26 : : * The child process performs authentication of the request, and
27 : : * then becomes a backend if successful. This allows the auth code
28 : : * to be written in a simple single-threaded style (as opposed to the
29 : : * crufty "poor man's multitasking" code that used to be needed).
30 : : * More importantly, it ensures that blockages in non-multithreaded
31 : : * libraries like SSL or PAM cannot cause denial of service to other
32 : : * clients.
33 : : *
34 : : *
35 : : * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
36 : : * Portions Copyright (c) 1994, Regents of the University of California
37 : : *
38 : : *
39 : : * IDENTIFICATION
40 : : * src/backend/postmaster/postmaster.c
41 : : *
42 : : * NOTES
43 : : *
44 : : * Initialization:
45 : : * The Postmaster sets up shared memory data structures
46 : : * for the backends.
47 : : *
48 : : * Synchronization:
49 : : * The Postmaster shares memory with the backends but should avoid
50 : : * touching shared memory, so as not to become stuck if a crashing
51 : : * backend screws up locks or shared memory. Likewise, the Postmaster
52 : : * should never block on messages from frontend clients.
53 : : *
54 : : * Garbage Collection:
55 : : * The Postmaster cleans up after backends if they have an emergency
56 : : * exit and/or core dump.
57 : : *
58 : : * Error Reporting:
59 : : * Use write_stderr() only for reporting "interactive" errors
60 : : * (essentially, bogus arguments on the command line). Once the
61 : : * postmaster is launched, use ereport().
62 : : *
63 : : *-------------------------------------------------------------------------
64 : : */
65 : :
66 : : #include "postgres.h"
67 : :
68 : : #include <unistd.h>
69 : : #include <signal.h>
70 : : #include <time.h>
71 : : #include <sys/wait.h>
72 : : #include <ctype.h>
73 : : #include <sys/stat.h>
74 : : #include <sys/socket.h>
75 : : #include <fcntl.h>
76 : : #include <sys/param.h>
77 : : #include <netdb.h>
78 : : #include <limits.h>
79 : :
80 : : #ifdef USE_BONJOUR
81 : : #include <dns_sd.h>
82 : : #endif
83 : :
84 : : #ifdef USE_SYSTEMD
85 : : #include <systemd/sd-daemon.h>
86 : : #endif
87 : :
88 : : #ifdef HAVE_PTHREAD_IS_THREADED_NP
89 : : #include <pthread.h>
90 : : #endif
91 : :
92 : : #include "access/xlog.h"
93 : : #include "access/xlog_internal.h"
94 : : #include "access/xlogrecovery.h"
95 : : #include "common/file_perm.h"
96 : : #include "common/pg_prng.h"
97 : : #include "lib/ilist.h"
98 : : #include "libpq/libpq.h"
99 : : #include "libpq/pqsignal.h"
100 : : #include "pg_getopt.h"
101 : : #include "pgstat.h"
102 : : #include "port/pg_bswap.h"
103 : : #include "postmaster/autovacuum.h"
104 : : #include "postmaster/bgworker_internals.h"
105 : : #include "postmaster/pgarch.h"
106 : : #include "postmaster/postmaster.h"
107 : : #include "postmaster/syslogger.h"
108 : : #include "postmaster/walsummarizer.h"
109 : : #include "replication/logicallauncher.h"
110 : : #include "replication/slotsync.h"
111 : : #include "replication/walsender.h"
112 : : #include "storage/aio_subsys.h"
113 : : #include "storage/fd.h"
114 : : #include "storage/io_worker.h"
115 : : #include "storage/ipc.h"
116 : : #include "storage/pmsignal.h"
117 : : #include "storage/proc.h"
118 : : #include "tcop/backend_startup.h"
119 : : #include "tcop/tcopprot.h"
120 : : #include "utils/datetime.h"
121 : : #include "utils/memutils.h"
122 : : #include "utils/pidfile.h"
123 : : #include "utils/timestamp.h"
124 : : #include "utils/varlena.h"
125 : :
126 : : #ifdef EXEC_BACKEND
127 : : #include "common/file_utils.h"
128 : : #include "storage/pg_shmem.h"
129 : : #endif
130 : :
131 : :
132 : : /*
133 : : * CountChildren and SignalChildren take a bitmask argument to represent
134 : : * BackendTypes to count or signal. Define a separate type and functions to
135 : : * work with the bitmasks, to avoid accidentally passing a plain BackendType
136 : : * in place of a bitmask or vice versa.
137 : : */
138 : : typedef struct
139 : : {
140 : : uint32 mask;
141 : : } BackendTypeMask;
142 : :
143 : : StaticAssertDecl(BACKEND_NUM_TYPES < 32, "too many backend types for uint32");
144 : :
145 : : static const BackendTypeMask BTYPE_MASK_ALL = {(1 << BACKEND_NUM_TYPES) - 1};
146 : : static const BackendTypeMask BTYPE_MASK_NONE = {0};
147 : :
148 : : static inline BackendTypeMask
149 : 3 : btmask(BackendType t)
150 : : {
151 : 3 : BackendTypeMask mask = {.mask = 1 << t};
152 : :
153 : 3 : return mask;
154 : : }
155 : :
156 : : static inline BackendTypeMask
157 : 72 : btmask_add_n(BackendTypeMask mask, int nargs, BackendType *t)
158 : : {
159 [ + + ]: 294 : for (int i = 0; i < nargs; i++)
160 : 222 : mask.mask |= 1 << t[i];
161 : 72 : return mask;
162 : : }
163 : :
164 : : #define btmask_add(mask, ...) \
165 : : btmask_add_n(mask, \
166 : : lengthof(((BackendType[]){__VA_ARGS__})), \
167 : : (BackendType[]){__VA_ARGS__} \
168 : : )
169 : :
170 : : static inline BackendTypeMask
171 : 8 : btmask_del(BackendTypeMask mask, BackendType t)
172 : : {
173 : 8 : mask.mask &= ~(1 << t);
174 : 8 : return mask;
175 : : }
176 : :
177 : : static inline BackendTypeMask
178 : 5 : btmask_all_except_n(int nargs, BackendType *t)
179 : : {
180 : 5 : BackendTypeMask mask = BTYPE_MASK_ALL;
181 : :
182 [ + + ]: 13 : for (int i = 0; i < nargs; i++)
183 : 8 : mask = btmask_del(mask, t[i]);
184 : 5 : return mask;
185 : : }
186 : :
187 : : #define btmask_all_except(...) \
188 : : btmask_all_except_n( \
189 : : lengthof(((BackendType[]){__VA_ARGS__})), \
190 : : (BackendType[]){__VA_ARGS__} \
191 : : )
192 : :
193 : : static inline bool
194 : 237 : btmask_contains(BackendTypeMask mask, BackendType t)
195 : : {
196 : 237 : return (mask.mask & (1 << t)) != 0;
197 : : }
198 : :
199 : :
200 : : BackgroundWorker *MyBgworkerEntry = NULL;
201 : :
202 : : /* The socket number we are listening for connections on */
203 : : int PostPortNumber = DEF_PGPORT;
204 : :
205 : : /* The directory names for Unix socket(s) */
206 : : char *Unix_socket_directories;
207 : :
208 : : /* The TCP listen address(es) */
209 : : char *ListenAddresses;
210 : :
211 : : /*
212 : : * SuperuserReservedConnections is the number of backends reserved for
213 : : * superuser use, and ReservedConnections is the number of backends reserved
214 : : * for use by roles with privileges of the pg_use_reserved_connections
215 : : * predefined role. These are taken out of the pool of MaxConnections backend
216 : : * slots, so the number of backend slots available for roles that are neither
217 : : * superuser nor have privileges of pg_use_reserved_connections is
218 : : * (MaxConnections - SuperuserReservedConnections - ReservedConnections).
219 : : *
220 : : * If the number of remaining slots is less than or equal to
221 : : * SuperuserReservedConnections, only superusers can make new connections. If
222 : : * the number of remaining slots is greater than SuperuserReservedConnections
223 : : * but less than or equal to
224 : : * (SuperuserReservedConnections + ReservedConnections), only superusers and
225 : : * roles with privileges of pg_use_reserved_connections can make new
226 : : * connections. Note that pre-existing superuser and
227 : : * pg_use_reserved_connections connections don't count against the limits.
228 : : */
229 : : int SuperuserReservedConnections;
230 : : int ReservedConnections;
231 : :
232 : : /* The socket(s) we're listening to. */
233 : : #define MAXLISTEN 64
234 : : static int NumListenSockets = 0;
235 : : static pgsocket *ListenSockets = NULL;
236 : :
237 : : /* still more option variables */
238 : : bool EnableSSL = false;
239 : :
240 : : int PreAuthDelay = 0;
241 : : int AuthenticationTimeout = 60;
242 : :
243 : : bool log_hostname; /* for ps display and logging */
244 : :
245 : : bool enable_bonjour = false;
246 : : char *bonjour_name;
247 : : bool restart_after_crash = true;
248 : : bool remove_temp_files_after_crash = true;
249 : :
250 : : /*
251 : : * When terminating child processes after fatal errors, like a crash of a
252 : : * child process, we normally send SIGQUIT -- and most other comments in this
253 : : * file are written on the assumption that we do -- but developers might
254 : : * prefer to use SIGABRT to collect per-child core dumps.
255 : : */
256 : : bool send_abort_for_crash = false;
257 : : bool send_abort_for_kill = false;
258 : :
259 : : /* special child processes; NULL when not running */
260 : : static PMChild *StartupPMChild = NULL,
261 : : *BgWriterPMChild = NULL,
262 : : *CheckpointerPMChild = NULL,
263 : : *WalWriterPMChild = NULL,
264 : : *WalReceiverPMChild = NULL,
265 : : *WalSummarizerPMChild = NULL,
266 : : *AutoVacLauncherPMChild = NULL,
267 : : *PgArchPMChild = NULL,
268 : : *SysLoggerPMChild = NULL,
269 : : *SlotSyncWorkerPMChild = NULL;
270 : :
271 : : /* Startup process's status */
272 : : typedef enum
273 : : {
274 : : STARTUP_NOT_RUNNING,
275 : : STARTUP_RUNNING,
276 : : STARTUP_SIGNALED, /* we sent it a SIGQUIT or SIGKILL */
277 : : STARTUP_CRASHED,
278 : : } StartupStatusEnum;
279 : :
280 : : static StartupStatusEnum StartupStatus = STARTUP_NOT_RUNNING;
281 : :
282 : : /* Startup/shutdown state */
283 : : #define NoShutdown 0
284 : : #define SmartShutdown 1
285 : : #define FastShutdown 2
286 : : #define ImmediateShutdown 3
287 : :
288 : : static int Shutdown = NoShutdown;
289 : :
290 : : static bool FatalError = false; /* T if recovering from backend crash */
291 : :
292 : : /*
293 : : * We use a simple state machine to control startup, shutdown, and
294 : : * crash recovery (which is rather like shutdown followed by startup).
295 : : *
296 : : * After doing all the postmaster initialization work, we enter PM_STARTUP
297 : : * state and the startup process is launched. The startup process begins by
298 : : * reading the control file and other preliminary initialization steps.
299 : : * In a normal startup, or after crash recovery, the startup process exits
300 : : * with exit code 0 and we switch to PM_RUN state. However, archive recovery
301 : : * is handled specially since it takes much longer and we would like to support
302 : : * hot standby during archive recovery.
303 : : *
304 : : * When the startup process is ready to start archive recovery, it signals the
305 : : * postmaster, and we switch to PM_RECOVERY state. The background writer and
306 : : * checkpointer are launched, while the startup process continues applying WAL.
307 : : * If Hot Standby is enabled, then, after reaching a consistent point in WAL
308 : : * redo, startup process signals us again, and we switch to PM_HOT_STANDBY
309 : : * state and begin accepting connections to perform read-only queries. When
310 : : * archive recovery is finished, the startup process exits with exit code 0
311 : : * and we switch to PM_RUN state.
312 : : *
313 : : * Normal child backends can only be launched when we are in PM_RUN or
314 : : * PM_HOT_STANDBY state. (connsAllowed can also restrict launching.)
315 : : * In other states we handle connection requests by launching "dead-end"
316 : : * child processes, which will simply send the client an error message and
317 : : * quit. (We track these in the ActiveChildList so that we can know when they
318 : : * are all gone; this is important because they're still connected to shared
319 : : * memory, and would interfere with an attempt to destroy the shmem segment,
320 : : * possibly leading to SHMALL failure when we try to make a new one.)
321 : : * In PM_WAIT_DEAD_END state we are waiting for all the dead-end children
322 : : * to drain out of the system, and therefore stop accepting connection
323 : : * requests at all until the last existing child has quit (which hopefully
324 : : * will not be very long).
325 : : *
326 : : * Notice that this state variable does not distinguish *why* we entered
327 : : * states later than PM_RUN --- Shutdown and FatalError must be consulted
328 : : * to find that out. FatalError is never true in PM_RECOVERY, PM_HOT_STANDBY,
329 : : * or PM_RUN states, nor in PM_WAIT_XLOG_SHUTDOWN states (because we don't
330 : : * enter those states when trying to recover from a crash). It can be true in
331 : : * PM_STARTUP state, because we don't clear it until we've successfully
332 : : * started WAL redo.
333 : : */
334 : : typedef enum
335 : : {
336 : : PM_INIT, /* postmaster starting */
337 : : PM_STARTUP, /* waiting for startup subprocess */
338 : : PM_RECOVERY, /* in archive recovery mode */
339 : : PM_HOT_STANDBY, /* in hot standby mode */
340 : : PM_RUN, /* normal "database is alive" state */
341 : : PM_STOP_BACKENDS, /* need to stop remaining backends */
342 : : PM_WAIT_BACKENDS, /* waiting for live backends to exit */
343 : : PM_WAIT_XLOG_SHUTDOWN, /* waiting for checkpointer to do shutdown
344 : : * ckpt */
345 : : PM_WAIT_XLOG_ARCHIVAL, /* waiting for archiver and walsenders to
346 : : * finish */
347 : : PM_WAIT_IO_WORKERS, /* waiting for io workers to exit */
348 : : PM_WAIT_CHECKPOINTER, /* waiting for checkpointer to shut down */
349 : : PM_WAIT_DEAD_END, /* waiting for dead-end children to exit */
350 : : PM_NO_CHILDREN, /* all important children have exited */
351 : : } PMState;
352 : :
353 : : static PMState pmState = PM_INIT;
354 : :
355 : : /*
356 : : * While performing a "smart shutdown", we restrict new connections but stay
357 : : * in PM_RUN or PM_HOT_STANDBY state until all the client backends are gone.
358 : : * connsAllowed is a sub-state indicator showing the active restriction.
359 : : * It is of no interest unless pmState is PM_RUN or PM_HOT_STANDBY.
360 : : */
361 : : static bool connsAllowed = true;
362 : :
363 : : /* Start time of SIGKILL timeout during immediate shutdown or child crash */
364 : : /* Zero means timeout is not running */
365 : : static time_t AbortStartTime = 0;
366 : :
367 : : /* Length of said timeout */
368 : : #define SIGKILL_CHILDREN_AFTER_SECS 5
369 : :
370 : : static bool ReachedNormalRunning = false; /* T if we've reached PM_RUN */
371 : :
372 : : bool ClientAuthInProgress = false; /* T during new-client
373 : : * authentication */
374 : :
375 : : bool redirection_done = false; /* stderr redirected for syslogger? */
376 : :
377 : : /* received START_AUTOVAC_LAUNCHER signal */
378 : : static bool start_autovac_launcher = false;
379 : :
380 : : /* the launcher needs to be signaled to communicate some condition */
381 : : static bool avlauncher_needs_signal = false;
382 : :
383 : : /* received START_WALRECEIVER signal */
384 : : static bool WalReceiverRequested = false;
385 : :
386 : : /* set when there's a worker that needs to be started up */
387 : : static bool StartWorkerNeeded = true;
388 : : static bool HaveCrashedWorker = false;
389 : :
390 : : /* set when signals arrive */
391 : : static volatile sig_atomic_t pending_pm_pmsignal;
392 : : static volatile sig_atomic_t pending_pm_child_exit;
393 : : static volatile sig_atomic_t pending_pm_reload_request;
394 : : static volatile sig_atomic_t pending_pm_shutdown_request;
395 : : static volatile sig_atomic_t pending_pm_fast_shutdown_request;
396 : : static volatile sig_atomic_t pending_pm_immediate_shutdown_request;
397 : :
398 : : /* event multiplexing object */
399 : : static WaitEventSet *pm_wait_set;
400 : :
401 : : #ifdef USE_SSL
402 : : /* Set when and if SSL has been initialized properly */
403 : : bool LoadedSSL = false;
404 : : #endif
405 : :
406 : : #ifdef USE_BONJOUR
407 : : static DNSServiceRef bonjour_sdref = NULL;
408 : : #endif
409 : :
410 : : /* State for IO worker management. */
411 : : static int io_worker_count = 0;
412 : : static PMChild *io_worker_children[MAX_IO_WORKERS];
413 : :
414 : : /*
415 : : * postmaster.c - function prototypes
416 : : */
417 : : static void CloseServerPorts(int status, Datum arg);
418 : : static void unlink_external_pid_file(int status, Datum arg);
419 : : static void getInstallationPaths(const char *argv0);
420 : : static void checkControlFile(void);
421 : : static void handle_pm_pmsignal_signal(SIGNAL_ARGS);
422 : : static void handle_pm_child_exit_signal(SIGNAL_ARGS);
423 : : static void handle_pm_reload_request_signal(SIGNAL_ARGS);
424 : : static void handle_pm_shutdown_request_signal(SIGNAL_ARGS);
425 : : static void process_pm_pmsignal(void);
426 : : static void process_pm_child_exit(void);
427 : : static void process_pm_reload_request(void);
428 : : static void process_pm_shutdown_request(void);
429 : : static void dummy_handler(SIGNAL_ARGS);
430 : : static void CleanupBackend(PMChild *bp, int exitstatus);
431 : : static void HandleChildCrash(int pid, int exitstatus, const char *procname);
432 : : static void LogChildExit(int lev, const char *procname,
433 : : int pid, int exitstatus);
434 : : static void PostmasterStateMachine(void);
435 : : static void UpdatePMState(PMState newState);
436 : :
437 : : pg_noreturn static void ExitPostmaster(int status);
438 : : static int ServerLoop(void);
439 : : static int BackendStartup(ClientSocket *client_sock);
440 : : static void report_fork_failure_to_client(ClientSocket *client_sock, int errnum);
441 : : static CAC_state canAcceptConnections(BackendType backend_type);
442 : : static void signal_child(PMChild *pmchild, int signal);
443 : : static bool SignalChildren(int signal, BackendTypeMask targetMask);
444 : : static void TerminateChildren(int signal);
445 : : static int CountChildren(BackendTypeMask targetMask);
446 : : static void LaunchMissingBackgroundProcesses(void);
447 : : static void maybe_start_bgworkers(void);
448 : : static bool maybe_reap_io_worker(int pid);
449 : : static void maybe_adjust_io_workers(void);
450 : : static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
451 : : static PMChild *StartChildProcess(BackendType type);
452 : : static void StartSysLogger(void);
453 : : static void StartAutovacuumWorker(void);
454 : : static bool StartBackgroundWorker(RegisteredBgWorker *rw);
455 : : static void InitPostmasterDeathWatchHandle(void);
456 : :
457 : : #ifdef WIN32
458 : : #define WNOHANG 0 /* ignored, so any integer value will do */
459 : :
460 : : static pid_t waitpid(pid_t pid, int *exitstatus, int options);
461 : : static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
462 : :
463 : : static HANDLE win32ChildQueue;
464 : :
465 : : typedef struct
466 : : {
467 : : HANDLE waitHandle;
468 : : HANDLE procHandle;
469 : : DWORD procId;
470 : : } win32_deadchild_waitinfo;
471 : : #endif /* WIN32 */
472 : :
473 : : /* Macros to check exit status of a child process */
474 : : #define EXIT_STATUS_0(st) ((st) == 0)
475 : : #define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
476 : : #define EXIT_STATUS_3(st) (WIFEXITED(st) && WEXITSTATUS(st) == 3)
477 : :
478 : : #ifndef WIN32
479 : : /*
480 : : * File descriptors for pipe used to monitor if postmaster is alive.
481 : : * First is POSTMASTER_FD_WATCH, second is POSTMASTER_FD_OWN.
482 : : */
483 : : int postmaster_alive_fds[2] = {-1, -1};
484 : : #else
485 : : /* Process handle of postmaster used for the same purpose on Windows */
486 : : HANDLE PostmasterHandle;
487 : : #endif
488 : :
489 : : /*
490 : : * Postmaster main entry point
491 : : */
492 : : void
493 : 2 : PostmasterMain(int argc, char *argv[])
494 : : {
495 : 2 : int opt;
496 : 2 : int status;
497 : 2 : char *userDoption = NULL;
498 : 2 : bool listen_addr_saved = false;
499 : 2 : char *output_config_variable = NULL;
500 : :
501 : 2 : InitProcessGlobals();
502 : :
503 : 2 : PostmasterPid = MyProcPid;
504 : :
505 : 2 : IsPostmasterEnvironment = true;
506 : :
507 : : /*
508 : : * Start our win32 signal implementation
509 : : */
510 : : #ifdef WIN32
511 : : pgwin32_signal_initialize();
512 : : #endif
513 : :
514 : : /*
515 : : * We should not be creating any files or directories before we check the
516 : : * data directory (see checkDataDir()), but just in case set the umask to
517 : : * the most restrictive (owner-only) permissions.
518 : : *
519 : : * checkDataDir() will reset the umask based on the data directory
520 : : * permissions.
521 : : */
522 : 2 : umask(PG_MODE_MASK_OWNER);
523 : :
524 : : /*
525 : : * By default, palloc() requests in the postmaster will be allocated in
526 : : * the PostmasterContext, which is space that can be recycled by backends.
527 : : * Allocated data that needs to be available to backends should be
528 : : * allocated in TopMemoryContext.
529 : : */
530 : 2 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
531 : : "Postmaster",
532 : : ALLOCSET_DEFAULT_SIZES);
533 : 2 : MemoryContextSwitchTo(PostmasterContext);
534 : :
535 : : /* Initialize paths to installation files */
536 : 2 : getInstallationPaths(argv[0]);
537 : :
538 : : /*
539 : : * Set up signal handlers for the postmaster process.
540 : : *
541 : : * CAUTION: when changing this list, check for side-effects on the signal
542 : : * handling setup of child processes. See tcop/postgres.c,
543 : : * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
544 : : * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/syslogger.c,
545 : : * postmaster/bgworker.c and postmaster/checkpointer.c.
546 : : */
547 : 2 : pqinitmask();
548 : 2 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
549 : :
550 : 2 : pqsignal(SIGHUP, handle_pm_reload_request_signal);
551 : 2 : pqsignal(SIGINT, handle_pm_shutdown_request_signal);
552 : 2 : pqsignal(SIGQUIT, handle_pm_shutdown_request_signal);
553 : 2 : pqsignal(SIGTERM, handle_pm_shutdown_request_signal);
554 : 2 : pqsignal(SIGALRM, SIG_IGN); /* ignored */
555 : 2 : pqsignal(SIGPIPE, SIG_IGN); /* ignored */
556 : 2 : pqsignal(SIGUSR1, handle_pm_pmsignal_signal);
557 : 2 : pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
558 : 2 : pqsignal(SIGCHLD, handle_pm_child_exit_signal);
559 : :
560 : : /* This may configure SIGURG, depending on platform. */
561 : 2 : InitializeWaitEventSupport();
562 : 2 : InitProcessLocalLatch();
563 : :
564 : : /*
565 : : * No other place in Postgres should touch SIGTTIN/SIGTTOU handling. We
566 : : * ignore those signals in a postmaster environment, so that there is no
567 : : * risk of a child process freezing up due to writing to stderr. But for
568 : : * a standalone backend, their default handling is reasonable. Hence, all
569 : : * child processes should just allow the inherited settings to stand.
570 : : */
571 : : #ifdef SIGTTIN
572 : 2 : pqsignal(SIGTTIN, SIG_IGN); /* ignored */
573 : : #endif
574 : : #ifdef SIGTTOU
575 : 2 : pqsignal(SIGTTOU, SIG_IGN); /* ignored */
576 : : #endif
577 : :
578 : : /* ignore SIGXFSZ, so that ulimit violations work like disk full */
579 : : #ifdef SIGXFSZ
580 : 2 : pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
581 : : #endif
582 : :
583 : : /* Begin accepting signals. */
584 : 2 : sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
585 : :
586 : : /*
587 : : * Options setup
588 : : */
589 : 2 : InitializeGUCOptions();
590 : :
591 : 2 : opterr = 1;
592 : :
593 : : /*
594 : : * Parse command-line options. CAUTION: keep this in sync with
595 : : * tcop/postgres.c (the option sets should not conflict) and with the
596 : : * common help() function in main/main.c.
597 : : */
598 [ + + ]: 8 : while ((opt = getopt(argc, argv, "B:bC:c:D:d:EeFf:h:ijk:lN:OPp:r:S:sTt:W:-:")) != -1)
599 : : {
600 [ - - - - : 6 : switch (opt)
- - - + -
- + + - -
- + - - +
- - - - -
- - ]
601 : : {
602 : : case 'B':
603 : 0 : SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
604 : 0 : break;
605 : :
606 : : case 'b':
607 : : /* Undocumented flag used for binary upgrades */
608 : 0 : IsBinaryUpgrade = true;
609 : 0 : break;
610 : :
611 : : case 'C':
612 : 0 : output_config_variable = strdup(optarg);
613 : 0 : break;
614 : :
615 : : case '-':
616 : :
617 : : /*
618 : : * Error if the user misplaced a special must-be-first option
619 : : * for dispatching to a subprogram. parse_dispatch_option()
620 : : * returns DISPATCH_POSTMASTER if it doesn't find a match, so
621 : : * error for anything else.
622 : : */
623 [ + - ]: 1 : if (parse_dispatch_option(optarg) != DISPATCH_POSTMASTER)
624 [ # # # # ]: 0 : ereport(ERROR,
625 : : (errcode(ERRCODE_SYNTAX_ERROR),
626 : : errmsg("--%s must be first argument", optarg)));
627 : :
628 : : /* FALLTHROUGH */
629 : : case 'c':
630 : : {
631 : 2 : char *name,
632 : : *value;
633 : :
634 : 2 : ParseLongOption(optarg, &name, &value);
635 [ + - ]: 2 : if (!value)
636 : : {
637 [ # # ]: 0 : if (opt == '-')
638 [ # # # # ]: 0 : ereport(ERROR,
639 : : (errcode(ERRCODE_SYNTAX_ERROR),
640 : : errmsg("--%s requires a value",
641 : : optarg)));
642 : : else
643 [ # # # # ]: 0 : ereport(ERROR,
644 : : (errcode(ERRCODE_SYNTAX_ERROR),
645 : : errmsg("-c %s requires a value",
646 : : optarg)));
647 : 0 : }
648 : :
649 : 2 : SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
650 : 2 : pfree(name);
651 : 2 : pfree(value);
652 : : break;
653 : 2 : }
654 : :
655 : : case 'D':
656 : 2 : userDoption = strdup(optarg);
657 : 2 : break;
658 : :
659 : : case 'd':
660 : 0 : set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
661 : 0 : break;
662 : :
663 : : case 'E':
664 : 0 : SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
665 : 0 : break;
666 : :
667 : : case 'e':
668 : 0 : SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
669 : 0 : break;
670 : :
671 : : case 'F':
672 : 1 : SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
673 : 1 : break;
674 : :
675 : : case 'f':
676 [ # # ]: 0 : if (!set_plan_disabling_options(optarg, PGC_POSTMASTER, PGC_S_ARGV))
677 : : {
678 : 0 : write_stderr("%s: invalid argument for option -f: \"%s\"\n",
679 : 0 : progname, optarg);
680 : 0 : ExitPostmaster(1);
681 : : }
682 : 0 : break;
683 : :
684 : : case 'h':
685 : 0 : SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
686 : 0 : break;
687 : :
688 : : case 'i':
689 : 0 : SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
690 : 0 : break;
691 : :
692 : : case 'j':
693 : : /* only used by interactive backend */
694 : : break;
695 : :
696 : : case 'k':
697 : 1 : SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV);
698 : 1 : break;
699 : :
700 : : case 'l':
701 : 0 : SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
702 : 0 : break;
703 : :
704 : : case 'N':
705 : 0 : SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
706 : 0 : break;
707 : :
708 : : case 'O':
709 : 0 : SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
710 : 0 : break;
711 : :
712 : : case 'P':
713 : 0 : SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
714 : 0 : break;
715 : :
716 : : case 'p':
717 : 0 : SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
718 : 0 : break;
719 : :
720 : : case 'r':
721 : : /* only used by single-user backend */
722 : : break;
723 : :
724 : : case 'S':
725 : 0 : SetConfigOption("work_mem", optarg, PGC_POSTMASTER, PGC_S_ARGV);
726 : 0 : break;
727 : :
728 : : case 's':
729 : 0 : SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
730 : 0 : break;
731 : :
732 : : case 'T':
733 : :
734 : : /*
735 : : * This option used to be defined as sending SIGSTOP after a
736 : : * backend crash, but sending SIGABRT seems more useful.
737 : : */
738 : 0 : SetConfigOption("send_abort_for_crash", "true", PGC_POSTMASTER, PGC_S_ARGV);
739 : 0 : break;
740 : :
741 : : case 't':
742 : : {
743 : 0 : const char *tmp = get_stats_option_name(optarg);
744 : :
745 [ # # ]: 0 : if (tmp)
746 : : {
747 : 0 : SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
748 : 0 : }
749 : : else
750 : : {
751 : 0 : write_stderr("%s: invalid argument for option -t: \"%s\"\n",
752 : 0 : progname, optarg);
753 : 0 : ExitPostmaster(1);
754 : : }
755 : : break;
756 : 0 : }
757 : :
758 : : case 'W':
759 : 0 : SetConfigOption("post_auth_delay", optarg, PGC_POSTMASTER, PGC_S_ARGV);
760 : 0 : break;
761 : :
762 : : default:
763 : 0 : write_stderr("Try \"%s --help\" for more information.\n",
764 : 0 : progname);
765 : 0 : ExitPostmaster(1);
766 : : }
767 : : }
768 : :
769 : : /*
770 : : * Postmaster accepts no non-option switch arguments.
771 : : */
772 [ - + ]: 2 : if (optind < argc)
773 : : {
774 : 0 : write_stderr("%s: invalid argument: \"%s\"\n",
775 : 0 : progname, argv[optind]);
776 : 0 : write_stderr("Try \"%s --help\" for more information.\n",
777 : 0 : progname);
778 : 0 : ExitPostmaster(1);
779 : : }
780 : :
781 : : /*
782 : : * Locate the proper configuration files and data directory, and read
783 : : * postgresql.conf for the first time.
784 : : */
785 [ + - ]: 2 : if (!SelectConfigFiles(userDoption, progname))
786 : 0 : ExitPostmaster(2);
787 : :
788 [ + - ]: 2 : if (output_config_variable != NULL)
789 : : {
790 : : /*
791 : : * If this is a runtime-computed GUC, it hasn't yet been initialized,
792 : : * and the present value is not useful. However, this is a convenient
793 : : * place to print the value for most GUCs because it is safe to run
794 : : * postmaster startup to this point even if the server is already
795 : : * running. For the handful of runtime-computed GUCs that we cannot
796 : : * provide meaningful values for yet, we wait until later in
797 : : * postmaster startup to print the value. We won't be able to use -C
798 : : * on running servers for those GUCs, but using this option now would
799 : : * lead to incorrect results for them.
800 : : */
801 : 0 : int flags = GetConfigOptionFlags(output_config_variable, true);
802 : :
803 [ # # ]: 0 : if ((flags & GUC_RUNTIME_COMPUTED) == 0)
804 : : {
805 : : /*
806 : : * "-C guc" was specified, so print GUC's value and exit. No
807 : : * extra permission check is needed because the user is reading
808 : : * inside the data dir.
809 : : */
810 : 0 : const char *config_val = GetConfigOption(output_config_variable,
811 : : false, false);
812 : :
813 [ # # ]: 0 : puts(config_val ? config_val : "");
814 : 0 : ExitPostmaster(0);
815 : : }
816 : :
817 : : /*
818 : : * A runtime-computed GUC will be printed later on. As we initialize
819 : : * a server startup sequence, silence any log messages that may show
820 : : * up in the output generated. FATAL and more severe messages are
821 : : * useful to show, even if one would only expect at least PANIC. LOG
822 : : * entries are hidden.
823 : : */
824 : 0 : SetConfigOption("log_min_messages", "FATAL", PGC_SUSET,
825 : : PGC_S_OVERRIDE);
826 : 0 : }
827 : :
828 : : /* Verify that DataDir looks reasonable */
829 : 2 : checkDataDir();
830 : :
831 : : /* Check that pg_control exists */
832 : 2 : checkControlFile();
833 : :
834 : : /* And switch working directory into it */
835 : 2 : ChangeToDataDir();
836 : :
837 : : /*
838 : : * Check for invalid combinations of GUC settings.
839 : : */
840 [ - + ]: 2 : if (SuperuserReservedConnections + ReservedConnections >= MaxConnections)
841 : : {
842 : 0 : write_stderr("%s: \"superuser_reserved_connections\" (%d) plus \"reserved_connections\" (%d) must be less than \"max_connections\" (%d)\n",
843 : 0 : progname,
844 : 0 : SuperuserReservedConnections, ReservedConnections,
845 : 0 : MaxConnections);
846 : 0 : ExitPostmaster(1);
847 : : }
848 [ - + # # ]: 2 : if (XLogArchiveMode > ARCHIVE_MODE_OFF && wal_level == WAL_LEVEL_MINIMAL)
849 [ # # # # ]: 0 : ereport(ERROR,
850 : : (errmsg("WAL archival cannot be enabled when \"wal_level\" is \"minimal\"")));
851 [ + + + - ]: 2 : if (max_wal_senders > 0 && wal_level == WAL_LEVEL_MINIMAL)
852 [ # # # # ]: 0 : ereport(ERROR,
853 : : (errmsg("WAL streaming (\"max_wal_senders\" > 0) requires \"wal_level\" to be \"replica\" or \"logical\"")));
854 [ - + # # ]: 2 : if (summarize_wal && wal_level == WAL_LEVEL_MINIMAL)
855 [ # # # # ]: 0 : ereport(ERROR,
856 : : (errmsg("WAL cannot be summarized when \"wal_level\" is \"minimal\"")));
857 [ - + # # ]: 2 : if (sync_replication_slots && wal_level == WAL_LEVEL_MINIMAL)
858 [ # # # # ]: 0 : ereport(ERROR,
859 : : (errmsg("replication slot synchronization (\"sync_replication_slots\" = on) requires \"wal_level\" to be \"replica\" or \"logical\"")));
860 : :
861 : : /*
862 : : * Other one-time internal sanity checks can go here, if they are fast.
863 : : * (Put any slow processing further down, after postmaster.pid creation.)
864 : : */
865 [ + - ]: 2 : if (!CheckDateTokenTables())
866 : : {
867 : 0 : write_stderr("%s: invalid datetoken tables, please fix\n", progname);
868 : 0 : ExitPostmaster(1);
869 : : }
870 : :
871 : : /*
872 : : * Now that we are done processing the postmaster arguments, reset
873 : : * getopt(3) library so that it will work correctly in subprocesses.
874 : : */
875 : 2 : optind = 1;
876 : : #ifdef HAVE_INT_OPTRESET
877 : 2 : optreset = 1; /* some systems need this too */
878 : : #endif
879 : :
880 : : /* For debugging: display postmaster environment */
881 [ + - ]: 2 : if (message_level_is_interesting(DEBUG3))
882 : : {
883 : : #if !defined(WIN32)
884 : : extern char **environ;
885 : : #endif
886 : 0 : char **p;
887 : 0 : StringInfoData si;
888 : :
889 : 0 : initStringInfo(&si);
890 : :
891 : 0 : appendStringInfoString(&si, "initial environment dump:");
892 [ # # ]: 0 : for (p = environ; *p; ++p)
893 : 0 : appendStringInfo(&si, "\n%s", *p);
894 : :
895 [ # # # # ]: 0 : ereport(DEBUG3, errmsg_internal("%s", si.data));
896 : 0 : pfree(si.data);
897 : 0 : }
898 : :
899 : : /*
900 : : * Create lockfile for data directory.
901 : : *
902 : : * We want to do this before we try to grab the input sockets, because the
903 : : * data directory interlock is more reliable than the socket-file
904 : : * interlock (thanks to whoever decided to put socket files in /tmp :-().
905 : : * For the same reason, it's best to grab the TCP socket(s) before the
906 : : * Unix socket(s).
907 : : *
908 : : * Also note that this internally sets up the on_proc_exit function that
909 : : * is responsible for removing both data directory and socket lockfiles;
910 : : * so it must happen before opening sockets so that at exit, the socket
911 : : * lockfiles go away after CloseServerPorts runs.
912 : : */
913 : 2 : CreateDataDirLockFile(true);
914 : :
915 : : /*
916 : : * Read the control file (for error checking and config info).
917 : : *
918 : : * Since we verify the control file's CRC, this has a useful side effect
919 : : * on machines where we need a run-time test for CRC support instructions.
920 : : * The postmaster will do the test once at startup, and then its child
921 : : * processes will inherit the correct function pointer and not need to
922 : : * repeat the test.
923 : : */
924 : 2 : LocalProcessControlFile(false);
925 : :
926 : : /*
927 : : * Register the apply launcher. It's probably a good idea to call this
928 : : * before any modules had a chance to take the background worker slots.
929 : : */
930 : 2 : ApplyLauncherRegister();
931 : :
932 : : /*
933 : : * process any libraries that should be preloaded at postmaster start
934 : : */
935 : 2 : process_shared_preload_libraries();
936 : :
937 : : /*
938 : : * Initialize SSL library, if specified.
939 : : */
940 : : #ifdef USE_SSL
941 [ + - ]: 2 : if (EnableSSL)
942 : : {
943 : 0 : (void) secure_initialize(true);
944 : 0 : LoadedSSL = true;
945 : 0 : }
946 : : #endif
947 : :
948 : : /*
949 : : * Now that loadable modules have had their chance to alter any GUCs,
950 : : * calculate MaxBackends and initialize the machinery to track child
951 : : * processes.
952 : : */
953 : 2 : InitializeMaxBackends();
954 : 2 : InitPostmasterChildSlots();
955 : :
956 : : /*
957 : : * Calculate the size of the PGPROC fast-path lock arrays.
958 : : */
959 : 2 : InitializeFastPathLocks();
960 : :
961 : : /*
962 : : * Give preloaded libraries a chance to request additional shared memory.
963 : : */
964 : 2 : process_shmem_requests();
965 : :
966 : : /*
967 : : * Now that loadable modules have had their chance to request additional
968 : : * shared memory, determine the value of any runtime-computed GUCs that
969 : : * depend on the amount of shared memory required.
970 : : */
971 : 2 : InitializeShmemGUCs();
972 : :
973 : : /*
974 : : * Now that modules have been loaded, we can process any custom resource
975 : : * managers specified in the wal_consistency_checking GUC.
976 : : */
977 : 2 : InitializeWalConsistencyChecking();
978 : :
979 : : /*
980 : : * If -C was specified with a runtime-computed GUC, we held off printing
981 : : * the value earlier, as the GUC was not yet initialized. We handle -C
982 : : * for most GUCs before we lock the data directory so that the option may
983 : : * be used on a running server. However, a handful of GUCs are runtime-
984 : : * computed and do not have meaningful values until after locking the data
985 : : * directory, and we cannot safely calculate their values earlier on a
986 : : * running server. At this point, such GUCs should be properly
987 : : * initialized, and we haven't yet set up shared memory, so this is a good
988 : : * time to handle the -C option for these special GUCs.
989 : : */
990 [ - + ]: 2 : if (output_config_variable != NULL)
991 : : {
992 : 0 : const char *config_val = GetConfigOption(output_config_variable,
993 : : false, false);
994 : :
995 [ # # ]: 0 : puts(config_val ? config_val : "");
996 : 0 : ExitPostmaster(0);
997 : : }
998 : :
999 : : /*
1000 : : * Set up shared memory and semaphores.
1001 : : *
1002 : : * Note: if using SysV shmem and/or semas, each postmaster startup will
1003 : : * normally choose the same IPC keys. This helps ensure that we will
1004 : : * clean up dead IPC objects if the postmaster crashes and is restarted.
1005 : : */
1006 : 2 : CreateSharedMemoryAndSemaphores();
1007 : :
1008 : : /*
1009 : : * Estimate number of openable files. This must happen after setting up
1010 : : * semaphores, because on some platforms semaphores count as open files.
1011 : : */
1012 : 2 : set_max_safe_fds();
1013 : :
1014 : : /*
1015 : : * Initialize pipe (or process handle on Windows) that allows children to
1016 : : * wake up from sleep on postmaster death.
1017 : : */
1018 : 2 : InitPostmasterDeathWatchHandle();
1019 : :
1020 : : #ifdef WIN32
1021 : :
1022 : : /*
1023 : : * Initialize I/O completion port used to deliver list of dead children.
1024 : : */
1025 : : win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
1026 : : if (win32ChildQueue == NULL)
1027 : : ereport(FATAL,
1028 : : (errmsg("could not create I/O completion port for child queue")));
1029 : : #endif
1030 : :
1031 : : #ifdef EXEC_BACKEND
1032 : : /* Write out nondefault GUC settings for child processes to use */
1033 : : write_nondefault_variables(PGC_POSTMASTER);
1034 : :
1035 : : /*
1036 : : * Clean out the temp directory used to transmit parameters to child
1037 : : * processes (see internal_forkexec). We must do this before launching
1038 : : * any child processes, else we have a race condition: we could remove a
1039 : : * parameter file before the child can read it. It should be safe to do
1040 : : * so now, because we verified earlier that there are no conflicting
1041 : : * Postgres processes in this data directory.
1042 : : */
1043 : : RemovePgTempFilesInDir(PG_TEMP_FILES_DIR, true, false);
1044 : : #endif
1045 : :
1046 : : /*
1047 : : * Forcibly remove the files signaling a standby promotion request.
1048 : : * Otherwise, the existence of those files triggers a promotion too early,
1049 : : * whether a user wants that or not.
1050 : : *
1051 : : * This removal of files is usually unnecessary because they can exist
1052 : : * only during a few moments during a standby promotion. However there is
1053 : : * a race condition: if pg_ctl promote is executed and creates the files
1054 : : * during a promotion, the files can stay around even after the server is
1055 : : * brought up to be the primary. Then, if a new standby starts by using
1056 : : * the backup taken from the new primary, the files can exist at server
1057 : : * startup and must be removed in order to avoid an unexpected promotion.
1058 : : *
1059 : : * Note that promotion signal files need to be removed before the startup
1060 : : * process is invoked. Because, after that, they can be used by
1061 : : * postmaster's SIGUSR1 signal handler.
1062 : : */
1063 : 2 : RemovePromoteSignalFiles();
1064 : :
1065 : : /* Do the same for logrotate signal file */
1066 : 2 : RemoveLogrotateSignalFiles();
1067 : :
1068 : : /* Remove any outdated file holding the current log filenames. */
1069 [ + - + - ]: 2 : if (unlink(LOG_METAINFO_DATAFILE) < 0 && errno != ENOENT)
1070 [ # # # # ]: 0 : ereport(LOG,
1071 : : (errcode_for_file_access(),
1072 : : errmsg("could not remove file \"%s\": %m",
1073 : : LOG_METAINFO_DATAFILE)));
1074 : :
1075 : : /*
1076 : : * If enabled, start up syslogger collection subprocess
1077 : : */
1078 [ + - ]: 2 : if (Logging_collector)
1079 : 0 : StartSysLogger();
1080 : :
1081 : : /*
1082 : : * Reset whereToSendOutput from DestDebug (its starting state) to
1083 : : * DestNone. This stops ereport from sending log messages to stderr unless
1084 : : * Log_destination permits. We don't do this until the postmaster is
1085 : : * fully launched, since startup failures may as well be reported to
1086 : : * stderr.
1087 : : *
1088 : : * If we are in fact disabling logging to stderr, first emit a log message
1089 : : * saying so, to provide a breadcrumb trail for users who may not remember
1090 : : * that their logging is configured to go somewhere else.
1091 : : */
1092 [ + - ]: 2 : if (!(Log_destination & LOG_DESTINATION_STDERR))
1093 [ # # # # ]: 0 : ereport(LOG,
1094 : : (errmsg("ending log output to stderr"),
1095 : : errhint("Future log output will go to log destination \"%s\".",
1096 : : Log_destination_string)));
1097 : :
1098 : 2 : whereToSendOutput = DestNone;
1099 : :
1100 : : /*
1101 : : * Report server startup in log. While we could emit this much earlier,
1102 : : * it seems best to do so after starting the log collector, if we intend
1103 : : * to use one.
1104 : : */
1105 [ + - # # ]: 2 : ereport(LOG,
1106 : : (errmsg("starting %s", PG_VERSION_STR)));
1107 : :
1108 : : /*
1109 : : * Establish input sockets.
1110 : : *
1111 : : * First set up an on_proc_exit function that's charged with closing the
1112 : : * sockets again at postmaster shutdown.
1113 : : */
1114 : 2 : ListenSockets = palloc(MAXLISTEN * sizeof(pgsocket));
1115 : 2 : on_proc_exit(CloseServerPorts, 0);
1116 : :
1117 [ - + ]: 2 : if (ListenAddresses)
1118 : : {
1119 : 2 : char *rawstring;
1120 : 2 : List *elemlist;
1121 : 2 : ListCell *l;
1122 : 2 : int success = 0;
1123 : :
1124 : : /* Need a modifiable copy of ListenAddresses */
1125 : 2 : rawstring = pstrdup(ListenAddresses);
1126 : :
1127 : : /* Parse string into list of hostnames */
1128 [ + - ]: 2 : if (!SplitGUCList(rawstring, ',', &elemlist))
1129 : : {
1130 : : /* syntax error in list */
1131 [ # # # # ]: 0 : ereport(FATAL,
1132 : : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1133 : : errmsg("invalid list syntax in parameter \"%s\"",
1134 : : "listen_addresses")));
1135 : 0 : }
1136 : :
1137 [ - + # # : 2 : foreach(l, elemlist)
- + ]
1138 : : {
1139 : 0 : char *curhost = (char *) lfirst(l);
1140 : :
1141 [ # # ]: 0 : if (strcmp(curhost, "*") == 0)
1142 : 0 : status = ListenServerPort(AF_UNSPEC, NULL,
1143 : 0 : (unsigned short) PostPortNumber,
1144 : : NULL,
1145 : 0 : ListenSockets,
1146 : : &NumListenSockets,
1147 : : MAXLISTEN);
1148 : : else
1149 : 0 : status = ListenServerPort(AF_UNSPEC, curhost,
1150 : 0 : (unsigned short) PostPortNumber,
1151 : : NULL,
1152 : 0 : ListenSockets,
1153 : : &NumListenSockets,
1154 : : MAXLISTEN);
1155 : :
1156 [ # # ]: 0 : if (status == STATUS_OK)
1157 : : {
1158 : 0 : success++;
1159 : : /* record the first successful host addr in lockfile */
1160 [ # # ]: 0 : if (!listen_addr_saved)
1161 : : {
1162 : 0 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, curhost);
1163 : 0 : listen_addr_saved = true;
1164 : 0 : }
1165 : 0 : }
1166 : : else
1167 [ # # # # ]: 0 : ereport(WARNING,
1168 : : (errmsg("could not create listen socket for \"%s\"",
1169 : : curhost)));
1170 : 0 : }
1171 : :
1172 [ + - + - ]: 2 : if (!success && elemlist != NIL)
1173 [ # # # # ]: 0 : ereport(FATAL,
1174 : : (errmsg("could not create any TCP/IP sockets")));
1175 : :
1176 : 2 : list_free(elemlist);
1177 : 2 : pfree(rawstring);
1178 : 2 : }
1179 : :
1180 : : #ifdef USE_BONJOUR
1181 : : /* Register for Bonjour only if we opened TCP socket(s) */
1182 [ - + # # ]: 2 : if (enable_bonjour && NumListenSockets > 0)
1183 : : {
1184 : 0 : DNSServiceErrorType err;
1185 : :
1186 : : /*
1187 : : * We pass 0 for interface_index, which will result in registering on
1188 : : * all "applicable" interfaces. It's not entirely clear from the
1189 : : * DNS-SD docs whether this would be appropriate if we have bound to
1190 : : * just a subset of the available network interfaces.
1191 : : */
1192 : 0 : err = DNSServiceRegister(&bonjour_sdref,
1193 : : 0,
1194 : : 0,
1195 : 0 : bonjour_name,
1196 : : "_postgresql._tcp.",
1197 : : NULL,
1198 : : NULL,
1199 : 0 : pg_hton16(PostPortNumber),
1200 : : 0,
1201 : : NULL,
1202 : : NULL,
1203 : : NULL);
1204 [ # # ]: 0 : if (err != kDNSServiceErr_NoError)
1205 [ # # # # ]: 0 : ereport(LOG,
1206 : : (errmsg("DNSServiceRegister() failed: error code %ld",
1207 : : (long) err)));
1208 : :
1209 : : /*
1210 : : * We don't bother to read the mDNS daemon's reply, and we expect that
1211 : : * it will automatically terminate our registration when the socket is
1212 : : * closed at postmaster termination. So there's nothing more to be
1213 : : * done here. However, the bonjour_sdref is kept around so that
1214 : : * forked children can close their copies of the socket.
1215 : : */
1216 : 0 : }
1217 : : #endif
1218 : :
1219 [ - + ]: 2 : if (Unix_socket_directories)
1220 : : {
1221 : 2 : char *rawstring;
1222 : 2 : List *elemlist;
1223 : 2 : ListCell *l;
1224 : 2 : int success = 0;
1225 : :
1226 : : /* Need a modifiable copy of Unix_socket_directories */
1227 : 2 : rawstring = pstrdup(Unix_socket_directories);
1228 : :
1229 : : /* Parse string into list of directories */
1230 [ + - ]: 2 : if (!SplitDirectoriesString(rawstring, ',', &elemlist))
1231 : : {
1232 : : /* syntax error in list */
1233 [ # # # # ]: 0 : ereport(FATAL,
1234 : : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1235 : : errmsg("invalid list syntax in parameter \"%s\"",
1236 : : "unix_socket_directories")));
1237 : 0 : }
1238 : :
1239 [ + - + + : 4 : foreach(l, elemlist)
+ + ]
1240 : : {
1241 : 2 : char *socketdir = (char *) lfirst(l);
1242 : :
1243 : 2 : status = ListenServerPort(AF_UNIX, NULL,
1244 : 2 : (unsigned short) PostPortNumber,
1245 : 2 : socketdir,
1246 : 2 : ListenSockets,
1247 : : &NumListenSockets,
1248 : : MAXLISTEN);
1249 : :
1250 [ - + ]: 2 : if (status == STATUS_OK)
1251 : : {
1252 : 2 : success++;
1253 : : /* record the first successful Unix socket in lockfile */
1254 [ - + ]: 2 : if (success == 1)
1255 : 2 : AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
1256 : 2 : }
1257 : : else
1258 [ # # # # ]: 0 : ereport(WARNING,
1259 : : (errmsg("could not create Unix-domain socket in directory \"%s\"",
1260 : : socketdir)));
1261 : 2 : }
1262 : :
1263 [ - + # # ]: 2 : if (!success && elemlist != NIL)
1264 [ # # # # ]: 0 : ereport(FATAL,
1265 : : (errmsg("could not create any Unix-domain sockets")));
1266 : :
1267 : 2 : list_free_deep(elemlist);
1268 : 2 : pfree(rawstring);
1269 : 2 : }
1270 : :
1271 : : /*
1272 : : * check that we have some socket to listen on
1273 : : */
1274 [ + - ]: 2 : if (NumListenSockets == 0)
1275 [ # # # # ]: 0 : ereport(FATAL,
1276 : : (errmsg("no socket created for listening")));
1277 : :
1278 : : /*
1279 : : * If no valid TCP ports, write an empty line for listen address,
1280 : : * indicating the Unix socket must be used. Note that this line is not
1281 : : * added to the lock file until there is a socket backing it.
1282 : : */
1283 [ - + ]: 2 : if (!listen_addr_saved)
1284 : 2 : AddToDataDirLockFile(LOCK_FILE_LINE_LISTEN_ADDR, "");
1285 : :
1286 : : /*
1287 : : * Record postmaster options. We delay this till now to avoid recording
1288 : : * bogus options (eg, unusable port number).
1289 : : */
1290 [ + - ]: 2 : if (!CreateOptsFile(argc, argv, my_exec_path))
1291 : 0 : ExitPostmaster(1);
1292 : :
1293 : : /*
1294 : : * Write the external PID file if requested
1295 : : */
1296 [ + - ]: 2 : if (external_pid_file)
1297 : : {
1298 : 0 : FILE *fpidfile = fopen(external_pid_file, "w");
1299 : :
1300 [ # # ]: 0 : if (fpidfile)
1301 : : {
1302 : 0 : fprintf(fpidfile, "%d\n", MyProcPid);
1303 : 0 : fclose(fpidfile);
1304 : :
1305 : : /* Make PID file world readable */
1306 [ # # ]: 0 : if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0)
1307 : 0 : write_stderr("%s: could not change permissions of external PID file \"%s\": %m\n",
1308 : 0 : progname, external_pid_file);
1309 : 0 : }
1310 : : else
1311 : 0 : write_stderr("%s: could not write external PID file \"%s\": %m\n",
1312 : 0 : progname, external_pid_file);
1313 : :
1314 : 0 : on_proc_exit(unlink_external_pid_file, 0);
1315 : 0 : }
1316 : :
1317 : : /*
1318 : : * Remove old temporary files. At this point there can be no other
1319 : : * Postgres processes running in this directory, so this should be safe.
1320 : : */
1321 : 2 : RemovePgTempFiles();
1322 : :
1323 : : /*
1324 : : * Initialize the autovacuum subsystem (again, no process start yet)
1325 : : */
1326 : 2 : autovac_init();
1327 : :
1328 : : /*
1329 : : * Load configuration files for client authentication.
1330 : : */
1331 [ + - ]: 2 : if (!load_hba())
1332 : : {
1333 : : /*
1334 : : * It makes no sense to continue if we fail to load the HBA file,
1335 : : * since there is no way to connect to the database in this case.
1336 : : */
1337 [ # # # # ]: 0 : ereport(FATAL,
1338 : : /* translator: %s is a configuration file */
1339 : : (errmsg("could not load %s", HbaFileName)));
1340 : 0 : }
1341 [ + - ]: 2 : if (!load_ident())
1342 : : {
1343 : : /*
1344 : : * We can start up without the IDENT file, although it means that you
1345 : : * cannot log in using any of the authentication methods that need a
1346 : : * user name mapping. load_ident() already logged the details of error
1347 : : * to the log.
1348 : : */
1349 : 0 : }
1350 : :
1351 : : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1352 : :
1353 : : /*
1354 : : * On macOS, libintl replaces setlocale() with a version that calls
1355 : : * CFLocaleCopyCurrent() when its second argument is "" and every relevant
1356 : : * environment variable is unset or empty. CFLocaleCopyCurrent() makes
1357 : : * the process multithreaded. The postmaster calls sigprocmask() and
1358 : : * calls fork() without an immediate exec(), both of which have undefined
1359 : : * behavior in a multithreaded program. A multithreaded postmaster is the
1360 : : * normal case on Windows, which offers neither fork() nor sigprocmask().
1361 : : * Currently, macOS is the only platform having pthread_is_threaded_np(),
1362 : : * so we need not worry whether this HINT is appropriate elsewhere.
1363 : : */
1364 [ + - ]: 2 : if (pthread_is_threaded_np() != 0)
1365 [ # # # # ]: 0 : ereport(FATAL,
1366 : : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1367 : : errmsg("postmaster became multithreaded during startup"),
1368 : : errhint("Set the LC_ALL environment variable to a valid locale.")));
1369 : : #endif
1370 : :
1371 : : /*
1372 : : * Remember postmaster startup time
1373 : : */
1374 : 2 : PgStartTime = GetCurrentTimestamp();
1375 : :
1376 : : /*
1377 : : * Report postmaster status in the postmaster.pid file, to allow pg_ctl to
1378 : : * see what's happening.
1379 : : */
1380 : 2 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STARTING);
1381 : :
1382 : 2 : UpdatePMState(PM_STARTUP);
1383 : :
1384 : : /* Make sure we can perform I/O while starting up. */
1385 : 2 : maybe_adjust_io_workers();
1386 : :
1387 : : /* Start bgwriter and checkpointer so they can help with recovery */
1388 [ - + ]: 2 : if (CheckpointerPMChild == NULL)
1389 : 2 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
1390 [ - + ]: 2 : if (BgWriterPMChild == NULL)
1391 : 2 : BgWriterPMChild = StartChildProcess(B_BG_WRITER);
1392 : :
1393 : : /*
1394 : : * We're ready to rock and roll...
1395 : : */
1396 : 2 : StartupPMChild = StartChildProcess(B_STARTUP);
1397 [ + - ]: 2 : Assert(StartupPMChild != NULL);
1398 : 2 : StartupStatus = STARTUP_RUNNING;
1399 : :
1400 : : /* Some workers may be scheduled to start now */
1401 : 2 : maybe_start_bgworkers();
1402 : :
1403 : 2 : status = ServerLoop();
1404 : :
1405 : : /*
1406 : : * ServerLoop probably shouldn't ever return, but if it does, close down.
1407 : : */
1408 : 2 : ExitPostmaster(status != STATUS_OK);
1409 : :
1410 : : abort(); /* not reached */
1411 : : }
1412 : :
1413 : :
1414 : : /*
1415 : : * on_proc_exit callback to close server's listen sockets
1416 : : */
1417 : : static void
1418 : 2 : CloseServerPorts(int status, Datum arg)
1419 : : {
1420 : 2 : int i;
1421 : :
1422 : : /*
1423 : : * First, explicitly close all the socket FDs. We used to just let this
1424 : : * happen implicitly at postmaster exit, but it's better to close them
1425 : : * before we remove the postmaster.pid lockfile; otherwise there's a race
1426 : : * condition if a new postmaster wants to re-use the TCP port number.
1427 : : */
1428 [ + + ]: 4 : for (i = 0; i < NumListenSockets; i++)
1429 : : {
1430 [ + - ]: 2 : if (closesocket(ListenSockets[i]) != 0)
1431 [ # # # # ]: 0 : elog(LOG, "could not close listen socket: %m");
1432 : 2 : }
1433 : 2 : NumListenSockets = 0;
1434 : :
1435 : : /*
1436 : : * Next, remove any filesystem entries for Unix sockets. To avoid race
1437 : : * conditions against incoming postmasters, this must happen after closing
1438 : : * the sockets and before removing lock files.
1439 : : */
1440 : 2 : RemoveSocketFiles();
1441 : :
1442 : : /*
1443 : : * We don't do anything about socket lock files here; those will be
1444 : : * removed in a later on_proc_exit callback.
1445 : : */
1446 : 2 : }
1447 : :
1448 : : /*
1449 : : * on_proc_exit callback to delete external_pid_file
1450 : : */
1451 : : static void
1452 : 0 : unlink_external_pid_file(int status, Datum arg)
1453 : : {
1454 [ # # ]: 0 : if (external_pid_file)
1455 : 0 : unlink(external_pid_file);
1456 : 0 : }
1457 : :
1458 : :
1459 : : /*
1460 : : * Compute and check the directory paths to files that are part of the
1461 : : * installation (as deduced from the postgres executable's own location)
1462 : : */
1463 : : static void
1464 : 2 : getInstallationPaths(const char *argv0)
1465 : : {
1466 : 2 : DIR *pdir;
1467 : :
1468 : : /* Locate the postgres executable itself */
1469 [ + - ]: 2 : if (find_my_exec(argv0, my_exec_path) < 0)
1470 [ # # # # ]: 0 : ereport(FATAL,
1471 : : (errmsg("%s: could not locate my own executable path", argv0)));
1472 : :
1473 : : #ifdef EXEC_BACKEND
1474 : : /* Locate executable backend before we change working directory */
1475 : : if (find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1476 : : postgres_exec_path) < 0)
1477 : : ereport(FATAL,
1478 : : (errmsg("%s: could not locate matching postgres executable",
1479 : : argv0)));
1480 : : #endif
1481 : :
1482 : : /*
1483 : : * Locate the pkglib directory --- this has to be set early in case we try
1484 : : * to load any modules from it in response to postgresql.conf entries.
1485 : : */
1486 : 2 : get_pkglib_path(my_exec_path, pkglib_path);
1487 : :
1488 : : /*
1489 : : * Verify that there's a readable directory there; otherwise the Postgres
1490 : : * installation is incomplete or corrupt. (A typical cause of this
1491 : : * failure is that the postgres executable has been moved or hardlinked to
1492 : : * some directory that's not a sibling of the installation lib/
1493 : : * directory.)
1494 : : */
1495 : 2 : pdir = AllocateDir(pkglib_path);
1496 [ + - ]: 2 : if (pdir == NULL)
1497 [ # # # # ]: 0 : ereport(ERROR,
1498 : : (errcode_for_file_access(),
1499 : : errmsg("could not open directory \"%s\": %m",
1500 : : pkglib_path),
1501 : : errhint("This may indicate an incomplete PostgreSQL installation, or that the file \"%s\" has been moved away from its proper location.",
1502 : : my_exec_path)));
1503 : 2 : FreeDir(pdir);
1504 : :
1505 : : /*
1506 : : * It's not worth checking the share/ directory. If the lib/ directory is
1507 : : * there, then share/ probably is too.
1508 : : */
1509 : 2 : }
1510 : :
1511 : : /*
1512 : : * Check that pg_control exists in the correct location in the data directory.
1513 : : *
1514 : : * No attempt is made to validate the contents of pg_control here. This is
1515 : : * just a sanity check to see if we are looking at a real data directory.
1516 : : */
1517 : : static void
1518 : 2 : checkControlFile(void)
1519 : : {
1520 : 2 : char path[MAXPGPATH];
1521 : 2 : FILE *fp;
1522 : :
1523 : 2 : snprintf(path, sizeof(path), "%s/%s", DataDir, XLOG_CONTROL_FILE);
1524 : :
1525 : 2 : fp = AllocateFile(path, PG_BINARY_R);
1526 [ + - ]: 2 : if (fp == NULL)
1527 : : {
1528 : 0 : write_stderr("%s: could not find the database system\n"
1529 : : "Expected to find it in the directory \"%s\",\n"
1530 : : "but could not open file \"%s\": %m\n",
1531 : 0 : progname, DataDir, path);
1532 : 0 : ExitPostmaster(2);
1533 : : }
1534 : 2 : FreeFile(fp);
1535 : 2 : }
1536 : :
1537 : : /*
1538 : : * Determine how long should we let ServerLoop sleep, in milliseconds.
1539 : : *
1540 : : * In normal conditions we wait at most one minute, to ensure that the other
1541 : : * background tasks handled by ServerLoop get done even when no requests are
1542 : : * arriving. However, if there are background workers waiting to be started,
1543 : : * we don't actually sleep so that they are quickly serviced. Other exception
1544 : : * cases are as shown in the code.
1545 : : */
1546 : : static int
1547 : 1147 : DetermineSleepTime(void)
1548 : : {
1549 : 1147 : TimestampTz next_wakeup = 0;
1550 : :
1551 : : /*
1552 : : * Normal case: either there are no background workers at all, or we're in
1553 : : * a shutdown sequence (during which we ignore bgworkers altogether).
1554 : : */
1555 [ + + - + ]: 2280 : if (Shutdown > NoShutdown ||
1556 [ + - ]: 1133 : (!StartWorkerNeeded && !HaveCrashedWorker))
1557 : : {
1558 [ + + ]: 1147 : if (AbortStartTime != 0)
1559 : : {
1560 : 5 : time_t curtime = time(NULL);
1561 : 5 : int seconds;
1562 : :
1563 : : /*
1564 : : * time left to abort; clamp to 0 if it already expired, or if
1565 : : * time goes backwards
1566 : : */
1567 [ + - - + ]: 5 : if (curtime < AbortStartTime ||
1568 : 5 : curtime - AbortStartTime >= SIGKILL_CHILDREN_AFTER_SECS)
1569 : 0 : seconds = 0;
1570 : : else
1571 : 5 : seconds = SIGKILL_CHILDREN_AFTER_SECS -
1572 : 5 : (curtime - AbortStartTime);
1573 : :
1574 : 5 : return seconds * 1000;
1575 : 5 : }
1576 : : else
1577 : 1142 : return 60 * 1000;
1578 : : }
1579 : :
1580 [ # # ]: 0 : if (StartWorkerNeeded)
1581 : 0 : return 0;
1582 : :
1583 [ # # ]: 0 : if (HaveCrashedWorker)
1584 : : {
1585 : 0 : dlist_mutable_iter iter;
1586 : :
1587 : : /*
1588 : : * When there are crashed bgworkers, we sleep just long enough that
1589 : : * they are restarted when they request to be. Scan the list to
1590 : : * determine the minimum of all wakeup times according to most recent
1591 : : * crash time and requested restart interval.
1592 : : */
1593 [ # # # # ]: 0 : dlist_foreach_modify(iter, &BackgroundWorkerList)
1594 : : {
1595 : 0 : RegisteredBgWorker *rw;
1596 : 0 : TimestampTz this_wakeup;
1597 : :
1598 : 0 : rw = dlist_container(RegisteredBgWorker, rw_lnode, iter.cur);
1599 : :
1600 [ # # ]: 0 : if (rw->rw_crashed_at == 0)
1601 : 0 : continue;
1602 : :
1603 : 0 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART
1604 [ # # # # ]: 0 : || rw->rw_terminate)
1605 : : {
1606 : 0 : ForgetBackgroundWorker(rw);
1607 : 0 : continue;
1608 : : }
1609 : :
1610 : 0 : this_wakeup = TimestampTzPlusMilliseconds(rw->rw_crashed_at,
1611 : : 1000L * rw->rw_worker.bgw_restart_time);
1612 [ # # # # ]: 0 : if (next_wakeup == 0 || this_wakeup < next_wakeup)
1613 : 0 : next_wakeup = this_wakeup;
1614 [ # # # ]: 0 : }
1615 : 0 : }
1616 : :
1617 [ # # ]: 0 : if (next_wakeup != 0)
1618 : : {
1619 : 0 : int ms;
1620 : :
1621 : : /* result of TimestampDifferenceMilliseconds is in [0, INT_MAX] */
1622 : 0 : ms = (int) TimestampDifferenceMilliseconds(GetCurrentTimestamp(),
1623 : 0 : next_wakeup);
1624 [ # # ]: 0 : return Min(60 * 1000, ms);
1625 : 0 : }
1626 : :
1627 : 0 : return 60 * 1000;
1628 : 1147 : }
1629 : :
1630 : : /*
1631 : : * Activate or deactivate notifications of server socket events. Since we
1632 : : * don't currently have a way to remove events from an existing WaitEventSet,
1633 : : * we'll just destroy and recreate the whole thing. This is called during
1634 : : * shutdown so we can wait for backends to exit without accepting new
1635 : : * connections, and during crash reinitialization when we need to start
1636 : : * listening for new connections again. The WaitEventSet will be freed in fork
1637 : : * children by ClosePostmasterPorts().
1638 : : */
1639 : : static void
1640 : 4 : ConfigurePostmasterWaitSet(bool accept_connections)
1641 : : {
1642 [ + + ]: 4 : if (pm_wait_set)
1643 : 2 : FreeWaitEventSet(pm_wait_set);
1644 : 4 : pm_wait_set = NULL;
1645 : :
1646 : 4 : pm_wait_set = CreateWaitEventSet(NULL,
1647 [ + + ]: 4 : accept_connections ? (1 + NumListenSockets) : 1);
1648 : 4 : AddWaitEventToSet(pm_wait_set, WL_LATCH_SET, PGINVALID_SOCKET, MyLatch,
1649 : : NULL);
1650 : :
1651 [ + + ]: 4 : if (accept_connections)
1652 : : {
1653 [ + + ]: 4 : for (int i = 0; i < NumListenSockets; i++)
1654 : 2 : AddWaitEventToSet(pm_wait_set, WL_SOCKET_ACCEPT, ListenSockets[i],
1655 : : NULL, NULL);
1656 : 2 : }
1657 : 4 : }
1658 : :
1659 : : /*
1660 : : * Main idle loop of postmaster
1661 : : */
1662 : : static int
1663 : 2 : ServerLoop(void)
1664 : : {
1665 : 2 : time_t last_lockfile_recheck_time,
1666 : : last_touch_time;
1667 : 2 : WaitEvent events[MAXLISTEN];
1668 : 2 : int nevents;
1669 : :
1670 : 2 : ConfigurePostmasterWaitSet(true);
1671 : 2 : last_lockfile_recheck_time = last_touch_time = time(NULL);
1672 : :
1673 : 1147 : for (;;)
1674 : : {
1675 : 1147 : time_t now;
1676 : :
1677 : 2294 : nevents = WaitEventSetWait(pm_wait_set,
1678 : 1147 : DetermineSleepTime(),
1679 : 1147 : events,
1680 : : lengthof(events),
1681 : : 0 /* postmaster posts no wait_events */ );
1682 : :
1683 : : /*
1684 : : * Latch set by signal handler, or new connection pending on any of
1685 : : * our sockets? If the latter, fork a child process to deal with it.
1686 : : */
1687 [ + + ]: 2293 : for (int i = 0; i < nevents; i++)
1688 : : {
1689 [ + + ]: 1146 : if (events[i].events & WL_LATCH_SET)
1690 : 832 : ResetLatch(MyLatch);
1691 : :
1692 : : /*
1693 : : * The following requests are handled unconditionally, even if we
1694 : : * didn't see WL_LATCH_SET. This gives high priority to shutdown
1695 : : * and reload requests where the latch happens to appear later in
1696 : : * events[] or will be reported by a later call to
1697 : : * WaitEventSetWait().
1698 : : */
1699 [ + + ]: 1146 : if (pending_pm_shutdown_request)
1700 : 2 : process_pm_shutdown_request();
1701 [ + - ]: 1146 : if (pending_pm_reload_request)
1702 : 0 : process_pm_reload_request();
1703 [ + + ]: 1146 : if (pending_pm_child_exit)
1704 : 601 : process_pm_child_exit();
1705 [ + + ]: 1146 : if (pending_pm_pmsignal)
1706 : 230 : process_pm_pmsignal();
1707 : :
1708 [ + + ]: 1146 : if (events[i].events & WL_SOCKET_ACCEPT)
1709 : : {
1710 : 316 : ClientSocket s;
1711 : :
1712 [ - + ]: 316 : if (AcceptConnection(events[i].fd, &s) == STATUS_OK)
1713 : 316 : BackendStartup(&s);
1714 : :
1715 : : /* We no longer need the open socket in this process */
1716 [ - + ]: 316 : if (s.sock != PGINVALID_SOCKET)
1717 : : {
1718 [ + - ]: 316 : if (closesocket(s.sock) != 0)
1719 [ # # # # ]: 0 : elog(LOG, "could not close client socket: %m");
1720 : 316 : }
1721 : 316 : }
1722 : 1146 : }
1723 : :
1724 : : /*
1725 : : * If we need to launch any background processes after changing state
1726 : : * or because some exited, do so now.
1727 : : */
1728 : 1147 : LaunchMissingBackgroundProcesses();
1729 : :
1730 : : /* If we need to signal the autovacuum launcher, do so now */
1731 [ + - ]: 1147 : if (avlauncher_needs_signal)
1732 : : {
1733 : 0 : avlauncher_needs_signal = false;
1734 [ # # ]: 0 : if (AutoVacLauncherPMChild != NULL)
1735 : 0 : signal_child(AutoVacLauncherPMChild, SIGUSR2);
1736 : 0 : }
1737 : :
1738 : : #ifdef HAVE_PTHREAD_IS_THREADED_NP
1739 : :
1740 : : /*
1741 : : * With assertions enabled, check regularly for appearance of
1742 : : * additional threads. All builds check at start and exit.
1743 : : */
1744 [ + + ]: 1147 : Assert(pthread_is_threaded_np() == 0);
1745 : : #endif
1746 : :
1747 : : /*
1748 : : * Lastly, check to see if it's time to do some things that we don't
1749 : : * want to do every single time through the loop, because they're a
1750 : : * bit expensive. Note that there's up to a minute of slop in when
1751 : : * these tasks will be performed, since DetermineSleepTime() will let
1752 : : * us sleep at most that long; except for SIGKILL timeout which has
1753 : : * special-case logic there.
1754 : : */
1755 : 1145 : now = time(NULL);
1756 : :
1757 : : /*
1758 : : * If we already sent SIGQUIT to children and they are slow to shut
1759 : : * down, it's time to send them SIGKILL (or SIGABRT if requested).
1760 : : * This doesn't happen normally, but under certain conditions backends
1761 : : * can get stuck while shutting down. This is a last measure to get
1762 : : * them unwedged.
1763 : : *
1764 : : * Note we also do this during recovery from a process crash.
1765 : : */
1766 [ + + ]: 1145 : if ((Shutdown >= ImmediateShutdown || FatalError) &&
1767 [ + + + - ]: 1145 : AbortStartTime != 0 &&
1768 : 5 : (now - AbortStartTime) >= SIGKILL_CHILDREN_AFTER_SECS)
1769 : : {
1770 : : /* We were gentle with them before. Not anymore */
1771 [ # # # # ]: 0 : ereport(LOG,
1772 : : /* translator: %s is SIGKILL or SIGABRT */
1773 : : (errmsg("issuing %s to recalcitrant children",
1774 : : send_abort_for_kill ? "SIGABRT" : "SIGKILL")));
1775 : 0 : TerminateChildren(send_abort_for_kill ? SIGABRT : SIGKILL);
1776 : : /* reset flag so we don't SIGKILL again */
1777 : 0 : AbortStartTime = 0;
1778 : 0 : }
1779 : :
1780 : : /*
1781 : : * Once a minute, verify that postmaster.pid hasn't been removed or
1782 : : * overwritten. If it has, we force a shutdown. This avoids having
1783 : : * postmasters and child processes hanging around after their database
1784 : : * is gone, and maybe causing problems if a new database cluster is
1785 : : * created in the same place. It also provides some protection
1786 : : * against a DBA foolishly removing postmaster.pid and manually
1787 : : * starting a new postmaster. Data corruption is likely to ensue from
1788 : : * that anyway, but we can minimize the damage by aborting ASAP.
1789 : : */
1790 [ + - ]: 1145 : if (now - last_lockfile_recheck_time >= 1 * SECS_PER_MINUTE)
1791 : : {
1792 [ # # ]: 0 : if (!RecheckDataDirLockFile())
1793 : : {
1794 [ # # # # ]: 0 : ereport(LOG,
1795 : : (errmsg("performing immediate shutdown because data directory lock file is invalid")));
1796 : 0 : kill(MyProcPid, SIGQUIT);
1797 : 0 : }
1798 : 0 : last_lockfile_recheck_time = now;
1799 : 0 : }
1800 : :
1801 : : /*
1802 : : * Touch Unix socket and lock files every 58 minutes, to ensure that
1803 : : * they are not removed by overzealous /tmp-cleaning tasks. We assume
1804 : : * no one runs cleaners with cutoff times of less than an hour ...
1805 : : */
1806 [ + - ]: 1145 : if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
1807 : : {
1808 : 0 : TouchSocketFiles();
1809 : 0 : TouchSocketLockFiles();
1810 : 0 : last_touch_time = now;
1811 : 0 : }
1812 : 1145 : }
1813 : : }
1814 : :
1815 : : /*
1816 : : * canAcceptConnections --- check to see if database state allows connections
1817 : : * of the specified type. backend_type can be B_BACKEND or B_AUTOVAC_WORKER.
1818 : : * (Note that we don't yet know whether a normal B_BACKEND connection might
1819 : : * turn into a walsender.)
1820 : : */
1821 : : static CAC_state
1822 : 316 : canAcceptConnections(BackendType backend_type)
1823 : : {
1824 : 316 : CAC_state result = CAC_OK;
1825 : :
1826 [ - + # # ]: 316 : Assert(backend_type == B_BACKEND || backend_type == B_AUTOVAC_WORKER);
1827 : :
1828 : : /*
1829 : : * Can't start backends when in startup/shutdown/inconsistent recovery
1830 : : * state. We treat autovac workers the same as user backends for this
1831 : : * purpose.
1832 : : */
1833 [ - + # # ]: 316 : if (pmState != PM_RUN && pmState != PM_HOT_STANDBY)
1834 : : {
1835 [ # # ]: 0 : if (Shutdown > NoShutdown)
1836 : 0 : return CAC_SHUTDOWN; /* shutdown is pending */
1837 [ # # # # ]: 0 : else if (!FatalError && pmState == PM_STARTUP)
1838 : 0 : return CAC_STARTUP; /* normal startup */
1839 [ # # # # ]: 0 : else if (!FatalError && pmState == PM_RECOVERY)
1840 : 0 : return CAC_NOTHOTSTANDBY; /* not yet ready for hot standby */
1841 : : else
1842 : 0 : return CAC_RECOVERY; /* else must be crash recovery */
1843 : : }
1844 : :
1845 : : /*
1846 : : * "Smart shutdown" restrictions are applied only to normal connections,
1847 : : * not to autovac workers.
1848 : : */
1849 [ - + # # ]: 316 : if (!connsAllowed && backend_type == B_BACKEND)
1850 : 0 : return CAC_SHUTDOWN; /* shutdown is pending */
1851 : :
1852 : 316 : return result;
1853 : 316 : }
1854 : :
1855 : : /*
1856 : : * ClosePostmasterPorts -- close all the postmaster's open sockets
1857 : : *
1858 : : * This is called during child process startup to release file descriptors
1859 : : * that are not needed by that child process. The postmaster still has
1860 : : * them open, of course.
1861 : : *
1862 : : * Note: we pass am_syslogger as a boolean because we don't want to set
1863 : : * the global variable yet when this is called.
1864 : : */
1865 : : void
1866 : 804 : ClosePostmasterPorts(bool am_syslogger)
1867 : : {
1868 : : /* Release resources held by the postmaster's WaitEventSet. */
1869 [ + + ]: 804 : if (pm_wait_set)
1870 : : {
1871 : 797 : FreeWaitEventSetAfterFork(pm_wait_set);
1872 : 797 : pm_wait_set = NULL;
1873 : 797 : }
1874 : :
1875 : : #ifndef WIN32
1876 : :
1877 : : /*
1878 : : * Close the write end of postmaster death watch pipe. It's important to
1879 : : * do this as early as possible, so that if postmaster dies, others won't
1880 : : * think that it's still running because we're holding the pipe open.
1881 : : */
1882 [ + - ]: 804 : if (close(postmaster_alive_fds[POSTMASTER_FD_OWN]) != 0)
1883 [ # # # # ]: 0 : ereport(FATAL,
1884 : : (errcode_for_file_access(),
1885 : : errmsg_internal("could not close postmaster death monitoring pipe in child process: %m")));
1886 : 804 : postmaster_alive_fds[POSTMASTER_FD_OWN] = -1;
1887 : : /* Notify fd.c that we released one pipe FD. */
1888 : 804 : ReleaseExternalFD();
1889 : : #endif
1890 : :
1891 : : /*
1892 : : * Close the postmaster's listen sockets. These aren't tracked by fd.c,
1893 : : * so we don't call ReleaseExternalFD() here.
1894 : : *
1895 : : * The listen sockets are marked as FD_CLOEXEC, so this isn't needed in
1896 : : * EXEC_BACKEND mode.
1897 : : */
1898 : : #ifndef EXEC_BACKEND
1899 [ + - ]: 804 : if (ListenSockets)
1900 : : {
1901 [ + + ]: 1610 : for (int i = 0; i < NumListenSockets; i++)
1902 : : {
1903 [ + - ]: 806 : if (closesocket(ListenSockets[i]) != 0)
1904 [ # # # # ]: 0 : elog(LOG, "could not close listen socket: %m");
1905 : 806 : }
1906 : 804 : pfree(ListenSockets);
1907 : 804 : }
1908 : 804 : NumListenSockets = 0;
1909 : 804 : ListenSockets = NULL;
1910 : : #endif
1911 : :
1912 : : /*
1913 : : * If using syslogger, close the read side of the pipe. We don't bother
1914 : : * tracking this in fd.c, either.
1915 : : */
1916 [ - + ]: 804 : if (!am_syslogger)
1917 : : {
1918 : : #ifndef WIN32
1919 [ + - ]: 804 : if (syslogPipe[0] >= 0)
1920 : 0 : close(syslogPipe[0]);
1921 : 804 : syslogPipe[0] = -1;
1922 : : #else
1923 : : if (syslogPipe[0])
1924 : : CloseHandle(syslogPipe[0]);
1925 : : syslogPipe[0] = 0;
1926 : : #endif
1927 : 804 : }
1928 : :
1929 : : #ifdef USE_BONJOUR
1930 : : /* If using Bonjour, close the connection to the mDNS daemon */
1931 [ - + ]: 804 : if (bonjour_sdref)
1932 : 0 : close(DNSServiceRefSockFD(bonjour_sdref));
1933 : : #endif
1934 : 804 : }
1935 : :
1936 : :
1937 : : /*
1938 : : * InitProcessGlobals -- set MyStartTime[stamp], random seeds
1939 : : *
1940 : : * Called early in the postmaster and every backend.
1941 : : */
1942 : : void
1943 : 810 : InitProcessGlobals(void)
1944 : : {
1945 : 810 : MyStartTimestamp = GetCurrentTimestamp();
1946 : 810 : MyStartTime = timestamptz_to_time_t(MyStartTimestamp);
1947 : :
1948 : : /*
1949 : : * Set a different global seed in every process. We want something
1950 : : * unpredictable, so if possible, use high-quality random bits for the
1951 : : * seed. Otherwise, fall back to a seed based on timestamp and PID.
1952 : : */
1953 [ + - + - ]: 810 : if (unlikely(!pg_prng_strong_seed(&pg_global_prng_state)))
1954 : : {
1955 : 0 : uint64 rseed;
1956 : :
1957 : : /*
1958 : : * Since PIDs and timestamps tend to change more frequently in their
1959 : : * least significant bits, shift the timestamp left to allow a larger
1960 : : * total number of seeds in a given time period. Since that would
1961 : : * leave only 20 bits of the timestamp that cycle every ~1 second,
1962 : : * also mix in some higher bits.
1963 : : */
1964 : 0 : rseed = ((uint64) MyProcPid) ^
1965 : 0 : ((uint64) MyStartTimestamp << 12) ^
1966 : 0 : ((uint64) MyStartTimestamp >> 20);
1967 : :
1968 : 0 : pg_prng_seed(&pg_global_prng_state, rseed);
1969 : 0 : }
1970 : :
1971 : : /*
1972 : : * Also make sure that we've set a good seed for random(3). Use of that
1973 : : * is deprecated in core Postgres, but extensions might use it.
1974 : : */
1975 : : #ifndef WIN32
1976 : 810 : srandom(pg_prng_uint32(&pg_global_prng_state));
1977 : : #endif
1978 : 810 : }
1979 : :
1980 : : /*
1981 : : * Child processes use SIGUSR1 to notify us of 'pmsignals'. pg_ctl uses
1982 : : * SIGUSR1 to ask postmaster to check for logrotate and promote files.
1983 : : */
1984 : : static void
1985 : 297 : handle_pm_pmsignal_signal(SIGNAL_ARGS)
1986 : : {
1987 : 297 : pending_pm_pmsignal = true;
1988 : 297 : SetLatch(MyLatch);
1989 : 297 : }
1990 : :
1991 : : /*
1992 : : * pg_ctl uses SIGHUP to request a reload of the configuration files.
1993 : : */
1994 : : static void
1995 : 0 : handle_pm_reload_request_signal(SIGNAL_ARGS)
1996 : : {
1997 : 0 : pending_pm_reload_request = true;
1998 : 0 : SetLatch(MyLatch);
1999 : 0 : }
2000 : :
2001 : : /*
2002 : : * Re-read config files, and tell children to do same.
2003 : : */
2004 : : static void
2005 : 0 : process_pm_reload_request(void)
2006 : : {
2007 : 0 : pending_pm_reload_request = false;
2008 : :
2009 [ # # # # ]: 0 : ereport(DEBUG2,
2010 : : (errmsg_internal("postmaster received reload request signal")));
2011 : :
2012 [ # # ]: 0 : if (Shutdown <= SmartShutdown)
2013 : : {
2014 [ # # # # ]: 0 : ereport(LOG,
2015 : : (errmsg("received SIGHUP, reloading configuration files")));
2016 : 0 : ProcessConfigFile(PGC_SIGHUP);
2017 : 0 : SignalChildren(SIGHUP, btmask_all_except(B_DEAD_END_BACKEND));
2018 : :
2019 : : /* Reload authentication config files too */
2020 [ # # ]: 0 : if (!load_hba())
2021 [ # # # # ]: 0 : ereport(LOG,
2022 : : /* translator: %s is a configuration file */
2023 : : (errmsg("%s was not reloaded", HbaFileName)));
2024 : :
2025 [ # # ]: 0 : if (!load_ident())
2026 [ # # # # ]: 0 : ereport(LOG,
2027 : : (errmsg("%s was not reloaded", IdentFileName)));
2028 : :
2029 : : #ifdef USE_SSL
2030 : : /* Reload SSL configuration as well */
2031 [ # # ]: 0 : if (EnableSSL)
2032 : : {
2033 [ # # ]: 0 : if (secure_initialize(false) == 0)
2034 : 0 : LoadedSSL = true;
2035 : : else
2036 [ # # # # ]: 0 : ereport(LOG,
2037 : : (errmsg("SSL configuration was not reloaded")));
2038 : 0 : }
2039 : : else
2040 : : {
2041 : 0 : secure_destroy();
2042 : 0 : LoadedSSL = false;
2043 : : }
2044 : : #endif
2045 : :
2046 : : #ifdef EXEC_BACKEND
2047 : : /* Update the starting-point file for future children */
2048 : : write_nondefault_variables(PGC_SIGHUP);
2049 : : #endif
2050 : 0 : }
2051 : 0 : }
2052 : :
2053 : : /*
2054 : : * pg_ctl uses SIGTERM, SIGINT and SIGQUIT to request different types of
2055 : : * shutdown.
2056 : : */
2057 : : static void
2058 : 2 : handle_pm_shutdown_request_signal(SIGNAL_ARGS)
2059 : : {
2060 [ + - - + ]: 2 : switch (postgres_signal_arg)
2061 : : {
2062 : : case SIGTERM:
2063 : : /* smart is implied if the other two flags aren't set */
2064 : 0 : pending_pm_shutdown_request = true;
2065 : 0 : break;
2066 : : case SIGINT:
2067 : 1 : pending_pm_fast_shutdown_request = true;
2068 : 1 : pending_pm_shutdown_request = true;
2069 : 1 : break;
2070 : : case SIGQUIT:
2071 : 1 : pending_pm_immediate_shutdown_request = true;
2072 : 1 : pending_pm_shutdown_request = true;
2073 : 1 : break;
2074 : : }
2075 : 2 : SetLatch(MyLatch);
2076 : 2 : }
2077 : :
2078 : : /*
2079 : : * Process shutdown request.
2080 : : */
2081 : : static void
2082 : 2 : process_pm_shutdown_request(void)
2083 : : {
2084 : 2 : int mode;
2085 : :
2086 [ - + - + ]: 2 : ereport(DEBUG2,
2087 : : (errmsg_internal("postmaster received shutdown request signal")));
2088 : :
2089 : 2 : pending_pm_shutdown_request = false;
2090 : :
2091 : : /*
2092 : : * If more than one shutdown request signal arrived since the last server
2093 : : * loop, take the one that is the most immediate. That matches the
2094 : : * priority that would apply if we processed them one by one in any order.
2095 : : */
2096 [ + + ]: 2 : if (pending_pm_immediate_shutdown_request)
2097 : : {
2098 : 1 : pending_pm_immediate_shutdown_request = false;
2099 : 1 : pending_pm_fast_shutdown_request = false;
2100 : 1 : mode = ImmediateShutdown;
2101 : 1 : }
2102 [ + - ]: 1 : else if (pending_pm_fast_shutdown_request)
2103 : : {
2104 : 1 : pending_pm_fast_shutdown_request = false;
2105 : 1 : mode = FastShutdown;
2106 : 1 : }
2107 : : else
2108 : 0 : mode = SmartShutdown;
2109 : :
2110 [ - - + + ]: 2 : switch (mode)
2111 : : {
2112 : : case SmartShutdown:
2113 : :
2114 : : /*
2115 : : * Smart Shutdown:
2116 : : *
2117 : : * Wait for children to end their work, then shut down.
2118 : : */
2119 [ # # ]: 0 : if (Shutdown >= SmartShutdown)
2120 : 0 : break;
2121 : 0 : Shutdown = SmartShutdown;
2122 [ # # # # ]: 0 : ereport(LOG,
2123 : : (errmsg("received smart shutdown request")));
2124 : :
2125 : : /* Report status */
2126 : 0 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2127 : : #ifdef USE_SYSTEMD
2128 : : sd_notify(0, "STOPPING=1");
2129 : : #endif
2130 : :
2131 : : /*
2132 : : * If we reached normal running, we go straight to waiting for
2133 : : * client backends to exit. If already in PM_STOP_BACKENDS or a
2134 : : * later state, do not change it.
2135 : : */
2136 [ # # # # ]: 0 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2137 : 0 : connsAllowed = false;
2138 [ # # # # ]: 0 : else if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2139 : : {
2140 : : /* There should be no clients, so proceed to stop children */
2141 : 0 : UpdatePMState(PM_STOP_BACKENDS);
2142 : 0 : }
2143 : :
2144 : : /*
2145 : : * Now wait for online backup mode to end and backends to exit. If
2146 : : * that is already the case, PostmasterStateMachine will take the
2147 : : * next step.
2148 : : */
2149 : 0 : PostmasterStateMachine();
2150 : 0 : break;
2151 : :
2152 : : case FastShutdown:
2153 : :
2154 : : /*
2155 : : * Fast Shutdown:
2156 : : *
2157 : : * Abort all children with SIGTERM (rollback active transactions
2158 : : * and exit) and shut down when they are gone.
2159 : : */
2160 [ - + ]: 1 : if (Shutdown >= FastShutdown)
2161 : 0 : break;
2162 : 1 : Shutdown = FastShutdown;
2163 [ - + + - ]: 1 : ereport(LOG,
2164 : : (errmsg("received fast shutdown request")));
2165 : :
2166 : : /* Report status */
2167 : 1 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2168 : : #ifdef USE_SYSTEMD
2169 : : sd_notify(0, "STOPPING=1");
2170 : : #endif
2171 : :
2172 [ + - - + ]: 1 : if (pmState == PM_STARTUP || pmState == PM_RECOVERY)
2173 : : {
2174 : : /* Just shut down background processes silently */
2175 : 0 : UpdatePMState(PM_STOP_BACKENDS);
2176 : 0 : }
2177 [ - + # # ]: 1 : else if (pmState == PM_RUN ||
2178 : 0 : pmState == PM_HOT_STANDBY)
2179 : : {
2180 : : /* Report that we're about to zap live client sessions */
2181 [ - + + - ]: 1 : ereport(LOG,
2182 : : (errmsg("aborting any active transactions")));
2183 : 1 : UpdatePMState(PM_STOP_BACKENDS);
2184 : 1 : }
2185 : :
2186 : : /*
2187 : : * PostmasterStateMachine will issue any necessary signals, or
2188 : : * take the next step if no child processes need to be killed.
2189 : : */
2190 : 1 : PostmasterStateMachine();
2191 : 1 : break;
2192 : :
2193 : : case ImmediateShutdown:
2194 : :
2195 : : /*
2196 : : * Immediate Shutdown:
2197 : : *
2198 : : * abort all children with SIGQUIT, wait for them to exit,
2199 : : * terminate remaining ones with SIGKILL, then exit without
2200 : : * attempt to properly shut down the data base system.
2201 : : */
2202 [ - + ]: 1 : if (Shutdown >= ImmediateShutdown)
2203 : 0 : break;
2204 : 1 : Shutdown = ImmediateShutdown;
2205 [ - + + - ]: 1 : ereport(LOG,
2206 : : (errmsg("received immediate shutdown request")));
2207 : :
2208 : : /* Report status */
2209 : 1 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STOPPING);
2210 : : #ifdef USE_SYSTEMD
2211 : : sd_notify(0, "STOPPING=1");
2212 : : #endif
2213 : :
2214 : : /* tell children to shut down ASAP */
2215 : : /* (note we don't apply send_abort_for_crash here) */
2216 : 1 : SetQuitSignalReason(PMQUIT_FOR_STOP);
2217 : 1 : TerminateChildren(SIGQUIT);
2218 : 1 : UpdatePMState(PM_WAIT_BACKENDS);
2219 : :
2220 : : /* set stopwatch for them to die */
2221 : 1 : AbortStartTime = time(NULL);
2222 : :
2223 : : /*
2224 : : * Now wait for backends to exit. If there are none,
2225 : : * PostmasterStateMachine will take the next step.
2226 : : */
2227 : 1 : PostmasterStateMachine();
2228 : 1 : break;
2229 : : }
2230 : 2 : }
2231 : :
2232 : : static void
2233 : 654 : handle_pm_child_exit_signal(SIGNAL_ARGS)
2234 : : {
2235 : 654 : pending_pm_child_exit = true;
2236 : 654 : SetLatch(MyLatch);
2237 : 654 : }
2238 : :
2239 : : /*
2240 : : * Cleanup after a child process dies.
2241 : : */
2242 : : static void
2243 : 601 : process_pm_child_exit(void)
2244 : : {
2245 : 601 : int pid; /* process id of dead child process */
2246 : 601 : int exitstatus; /* its exit status */
2247 : :
2248 : 601 : pending_pm_child_exit = false;
2249 : :
2250 [ - + - + ]: 601 : ereport(DEBUG4,
2251 : : (errmsg_internal("reaping dead processes")));
2252 : :
2253 [ + + ]: 1413 : while ((pid = waitpid(-1, &exitstatus, WNOHANG)) > 0)
2254 : : {
2255 : 812 : PMChild *pmchild;
2256 : :
2257 : : /*
2258 : : * Check if this child was a startup process.
2259 : : */
2260 [ + + - + ]: 812 : if (StartupPMChild && pid == StartupPMChild->pid)
2261 : : {
2262 : 2 : ReleasePostmasterChildSlot(StartupPMChild);
2263 : 2 : StartupPMChild = NULL;
2264 : :
2265 : : /*
2266 : : * Startup process exited in response to a shutdown request (or it
2267 : : * completed normally regardless of the shutdown request).
2268 : : */
2269 [ - + # # ]: 2 : if (Shutdown > NoShutdown &&
2270 [ # # # # ]: 0 : (EXIT_STATUS_0(exitstatus) || EXIT_STATUS_1(exitstatus)))
2271 : : {
2272 : 0 : StartupStatus = STARTUP_NOT_RUNNING;
2273 : 0 : UpdatePMState(PM_WAIT_BACKENDS);
2274 : : /* PostmasterStateMachine logic does the rest */
2275 : 0 : continue;
2276 : : }
2277 : :
2278 [ + - + - ]: 2 : if (EXIT_STATUS_3(exitstatus))
2279 : : {
2280 [ # # # # ]: 0 : ereport(LOG,
2281 : : (errmsg("shutdown at recovery target")));
2282 : 0 : StartupStatus = STARTUP_NOT_RUNNING;
2283 [ # # ]: 0 : Shutdown = Max(Shutdown, SmartShutdown);
2284 : 0 : TerminateChildren(SIGTERM);
2285 : 0 : UpdatePMState(PM_WAIT_BACKENDS);
2286 : : /* PostmasterStateMachine logic does the rest */
2287 : 0 : continue;
2288 : : }
2289 : :
2290 : : /*
2291 : : * Unexpected exit of startup process (including FATAL exit)
2292 : : * during PM_STARTUP is treated as catastrophic. There are no
2293 : : * other processes running yet, so we can just exit.
2294 : : */
2295 [ + - ]: 2 : if (pmState == PM_STARTUP &&
2296 [ + - + - ]: 2 : StartupStatus != STARTUP_SIGNALED &&
2297 : 2 : !EXIT_STATUS_0(exitstatus))
2298 : : {
2299 : 0 : LogChildExit(LOG, _("startup process"),
2300 : 0 : pid, exitstatus);
2301 [ # # # # ]: 0 : ereport(LOG,
2302 : : (errmsg("aborting startup due to startup process failure")));
2303 : 0 : ExitPostmaster(1);
2304 : : }
2305 : :
2306 : : /*
2307 : : * After PM_STARTUP, any unexpected exit (including FATAL exit) of
2308 : : * the startup process is catastrophic, so kill other children,
2309 : : * and set StartupStatus so we don't try to reinitialize after
2310 : : * they're gone. Exception: if StartupStatus is STARTUP_SIGNALED,
2311 : : * then we previously sent the startup process a SIGQUIT; so
2312 : : * that's probably the reason it died, and we do want to try to
2313 : : * restart in that case.
2314 : : *
2315 : : * This stanza also handles the case where we sent a SIGQUIT
2316 : : * during PM_STARTUP due to some dead-end child crashing: in that
2317 : : * situation, if the startup process dies on the SIGQUIT, we need
2318 : : * to transition to PM_WAIT_BACKENDS state which will allow
2319 : : * PostmasterStateMachine to restart the startup process. (On the
2320 : : * other hand, the startup process might complete normally, if we
2321 : : * were too late with the SIGQUIT. In that case we'll fall
2322 : : * through and commence normal operations.)
2323 : : */
2324 [ - + ]: 2 : if (!EXIT_STATUS_0(exitstatus))
2325 : : {
2326 [ # # ]: 0 : if (StartupStatus == STARTUP_SIGNALED)
2327 : : {
2328 : 0 : StartupStatus = STARTUP_NOT_RUNNING;
2329 [ # # ]: 0 : if (pmState == PM_STARTUP)
2330 : 0 : UpdatePMState(PM_WAIT_BACKENDS);
2331 : 0 : }
2332 : : else
2333 : 0 : StartupStatus = STARTUP_CRASHED;
2334 : 0 : HandleChildCrash(pid, exitstatus,
2335 : 0 : _("startup process"));
2336 : 0 : continue;
2337 : : }
2338 : :
2339 : : /*
2340 : : * Startup succeeded, commence normal operations
2341 : : */
2342 : 2 : StartupStatus = STARTUP_NOT_RUNNING;
2343 : 2 : FatalError = false;
2344 : 2 : AbortStartTime = 0;
2345 : 2 : ReachedNormalRunning = true;
2346 : 2 : UpdatePMState(PM_RUN);
2347 : 2 : connsAllowed = true;
2348 : :
2349 : : /*
2350 : : * At the next iteration of the postmaster's main loop, we will
2351 : : * crank up the background tasks like the autovacuum launcher and
2352 : : * background workers that were not started earlier already.
2353 : : */
2354 : 2 : StartWorkerNeeded = true;
2355 : :
2356 : : /* at this point we are really open for business */
2357 [ - + + - ]: 2 : ereport(LOG,
2358 : : (errmsg("database system is ready to accept connections")));
2359 : :
2360 : : /* Report status */
2361 : 2 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
2362 : : #ifdef USE_SYSTEMD
2363 : : sd_notify(0, "READY=1");
2364 : : #endif
2365 : :
2366 : 2 : continue;
2367 : : }
2368 : :
2369 : : /*
2370 : : * Was it the bgwriter? Normal exit can be ignored; we'll start a new
2371 : : * one at the next iteration of the postmaster's main loop, if
2372 : : * necessary. Any other exit condition is treated as a crash.
2373 : : */
2374 [ + + + + ]: 810 : if (BgWriterPMChild && pid == BgWriterPMChild->pid)
2375 : : {
2376 : 2 : ReleasePostmasterChildSlot(BgWriterPMChild);
2377 : 2 : BgWriterPMChild = NULL;
2378 [ + + ]: 2 : if (!EXIT_STATUS_0(exitstatus))
2379 : 2 : HandleChildCrash(pid, exitstatus,
2380 : 1 : _("background writer process"));
2381 : 2 : continue;
2382 : : }
2383 : :
2384 : : /*
2385 : : * Was it the checkpointer?
2386 : : */
2387 [ + - + + ]: 808 : if (CheckpointerPMChild && pid == CheckpointerPMChild->pid)
2388 : : {
2389 : 2 : ReleasePostmasterChildSlot(CheckpointerPMChild);
2390 : 2 : CheckpointerPMChild = NULL;
2391 [ + + - + ]: 2 : if (EXIT_STATUS_0(exitstatus) && pmState == PM_WAIT_CHECKPOINTER)
2392 : : {
2393 : : /*
2394 : : * OK, we saw normal exit of the checkpointer after it's been
2395 : : * told to shut down. We know checkpointer wrote a shutdown
2396 : : * checkpoint, otherwise we'd still be in
2397 : : * PM_WAIT_XLOG_SHUTDOWN state.
2398 : : *
2399 : : * At this point only dead-end children and logger should be
2400 : : * left.
2401 : : */
2402 : 1 : UpdatePMState(PM_WAIT_DEAD_END);
2403 : 1 : ConfigurePostmasterWaitSet(false);
2404 : 1 : SignalChildren(SIGTERM, btmask_all_except(B_LOGGER));
2405 : 1 : }
2406 : : else
2407 : : {
2408 : : /*
2409 : : * Any unexpected exit of the checkpointer (including FATAL
2410 : : * exit) is treated as a crash.
2411 : : */
2412 : 2 : HandleChildCrash(pid, exitstatus,
2413 : 1 : _("checkpointer process"));
2414 : : }
2415 : :
2416 : 2 : continue;
2417 : : }
2418 : :
2419 : : /*
2420 : : * Was it the wal writer? Normal exit can be ignored; we'll start a
2421 : : * new one at the next iteration of the postmaster's main loop, if
2422 : : * necessary. Any other exit condition is treated as a crash.
2423 : : */
2424 [ + + + + ]: 806 : if (WalWriterPMChild && pid == WalWriterPMChild->pid)
2425 : : {
2426 : 2 : ReleasePostmasterChildSlot(WalWriterPMChild);
2427 : 2 : WalWriterPMChild = NULL;
2428 [ + + ]: 2 : if (!EXIT_STATUS_0(exitstatus))
2429 : 2 : HandleChildCrash(pid, exitstatus,
2430 : 1 : _("WAL writer process"));
2431 : 2 : continue;
2432 : : }
2433 : :
2434 : : /*
2435 : : * Was it the wal receiver? If exit status is zero (normal) or one
2436 : : * (FATAL exit), we assume everything is all right just like normal
2437 : : * backends. (If we need a new wal receiver, we'll start one at the
2438 : : * next iteration of the postmaster's main loop.)
2439 : : */
2440 [ - + # # ]: 804 : if (WalReceiverPMChild && pid == WalReceiverPMChild->pid)
2441 : : {
2442 : 0 : ReleasePostmasterChildSlot(WalReceiverPMChild);
2443 : 0 : WalReceiverPMChild = NULL;
2444 [ # # # # : 0 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
# # ]
2445 : 0 : HandleChildCrash(pid, exitstatus,
2446 : 0 : _("WAL receiver process"));
2447 : 0 : continue;
2448 : : }
2449 : :
2450 : : /*
2451 : : * Was it the wal summarizer? Normal exit can be ignored; we'll start
2452 : : * a new one at the next iteration of the postmaster's main loop, if
2453 : : * necessary. Any other exit condition is treated as a crash.
2454 : : */
2455 [ - + # # ]: 804 : if (WalSummarizerPMChild && pid == WalSummarizerPMChild->pid)
2456 : : {
2457 : 0 : ReleasePostmasterChildSlot(WalSummarizerPMChild);
2458 : 0 : WalSummarizerPMChild = NULL;
2459 [ # # ]: 0 : if (!EXIT_STATUS_0(exitstatus))
2460 : 0 : HandleChildCrash(pid, exitstatus,
2461 : 0 : _("WAL summarizer process"));
2462 : 0 : continue;
2463 : : }
2464 : :
2465 : : /*
2466 : : * Was it the autovacuum launcher? Normal exit can be ignored; we'll
2467 : : * start a new one at the next iteration of the postmaster's main
2468 : : * loop, if necessary. Any other exit condition is treated as a
2469 : : * crash.
2470 : : */
2471 [ + + + + ]: 804 : if (AutoVacLauncherPMChild && pid == AutoVacLauncherPMChild->pid)
2472 : : {
2473 : 2 : ReleasePostmasterChildSlot(AutoVacLauncherPMChild);
2474 : 2 : AutoVacLauncherPMChild = NULL;
2475 [ + + ]: 2 : if (!EXIT_STATUS_0(exitstatus))
2476 : 2 : HandleChildCrash(pid, exitstatus,
2477 : 1 : _("autovacuum launcher process"));
2478 : 2 : continue;
2479 : : }
2480 : :
2481 : : /*
2482 : : * Was it the archiver? If exit status is zero (normal) or one (FATAL
2483 : : * exit), we assume everything is all right just like normal backends
2484 : : * and just try to start a new one on the next cycle of the
2485 : : * postmaster's main loop, to retry archiving remaining files.
2486 : : */
2487 [ - + # # ]: 802 : if (PgArchPMChild && pid == PgArchPMChild->pid)
2488 : : {
2489 : 0 : ReleasePostmasterChildSlot(PgArchPMChild);
2490 : 0 : PgArchPMChild = NULL;
2491 [ # # # # : 0 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
# # ]
2492 : 0 : HandleChildCrash(pid, exitstatus,
2493 : 0 : _("archiver process"));
2494 : 0 : continue;
2495 : : }
2496 : :
2497 : : /* Was it the system logger? If so, try to start a new one */
2498 [ - + # # ]: 802 : if (SysLoggerPMChild && pid == SysLoggerPMChild->pid)
2499 : : {
2500 : 0 : ReleasePostmasterChildSlot(SysLoggerPMChild);
2501 : 0 : SysLoggerPMChild = NULL;
2502 : :
2503 : : /* for safety's sake, launch new logger *first* */
2504 [ # # ]: 0 : if (Logging_collector)
2505 : 0 : StartSysLogger();
2506 : :
2507 [ # # ]: 0 : if (!EXIT_STATUS_0(exitstatus))
2508 : 0 : LogChildExit(LOG, _("system logger process"),
2509 : 0 : pid, exitstatus);
2510 : 0 : continue;
2511 : : }
2512 : :
2513 : : /*
2514 : : * Was it the slot sync worker? Normal exit or FATAL exit can be
2515 : : * ignored (FATAL can be caused by libpqwalreceiver on receiving
2516 : : * shutdown request by the startup process during promotion); we'll
2517 : : * start a new one at the next iteration of the postmaster's main
2518 : : * loop, if necessary. Any other exit condition is treated as a crash.
2519 : : */
2520 [ - + # # ]: 802 : if (SlotSyncWorkerPMChild && pid == SlotSyncWorkerPMChild->pid)
2521 : : {
2522 : 0 : ReleasePostmasterChildSlot(SlotSyncWorkerPMChild);
2523 : 0 : SlotSyncWorkerPMChild = NULL;
2524 [ # # # # : 0 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
# # ]
2525 : 0 : HandleChildCrash(pid, exitstatus,
2526 : 0 : _("slot sync worker process"));
2527 : 0 : continue;
2528 : : }
2529 : :
2530 : : /* Was it an IO worker? */
2531 [ + + ]: 802 : if (maybe_reap_io_worker(pid))
2532 : : {
2533 [ + + + - : 6 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
- + ]
2534 : 3 : HandleChildCrash(pid, exitstatus, _("io worker"));
2535 : :
2536 : 6 : maybe_adjust_io_workers();
2537 : 6 : continue;
2538 : : }
2539 : :
2540 : : /*
2541 : : * Was it a backend or a background worker?
2542 : : */
2543 : 796 : pmchild = FindPostmasterChildByPid(pid);
2544 [ + - ]: 796 : if (pmchild)
2545 : : {
2546 : 796 : CleanupBackend(pmchild, exitstatus);
2547 : 796 : }
2548 : :
2549 : : /*
2550 : : * We don't know anything about this child process. That's highly
2551 : : * unexpected, as we do track all the child processes that we fork.
2552 : : */
2553 : : else
2554 : : {
2555 [ # # # # : 0 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
# # ]
2556 : 0 : HandleChildCrash(pid, exitstatus, _("untracked child process"));
2557 : : else
2558 : 0 : LogChildExit(LOG, _("untracked child process"), pid, exitstatus);
2559 : : }
2560 [ - + + ]: 812 : } /* loop over pending child-death reports */
2561 : :
2562 : : /*
2563 : : * After cleaning out the SIGCHLD queue, see if we have any state changes
2564 : : * or actions to make.
2565 : : */
2566 : 601 : PostmasterStateMachine();
2567 : 601 : }
2568 : :
2569 : : /*
2570 : : * CleanupBackend -- cleanup after terminated backend or background worker.
2571 : : *
2572 : : * Remove all local state associated with the child process and release its
2573 : : * PMChild slot.
2574 : : */
2575 : : static void
2576 : 796 : CleanupBackend(PMChild *bp,
2577 : : int exitstatus) /* child's exit status. */
2578 : : {
2579 : 796 : char namebuf[MAXPGPATH];
2580 : 796 : const char *procname;
2581 : 796 : bool crashed = false;
2582 : 796 : bool logged = false;
2583 : 796 : pid_t bp_pid;
2584 : 796 : bool bp_bgworker_notify;
2585 : 796 : BackendType bp_bkend_type;
2586 : 796 : RegisteredBgWorker *rw;
2587 : :
2588 : : /* Construct a process name for the log message */
2589 [ + + ]: 796 : if (bp->bkend_type == B_BG_WORKER)
2590 : : {
2591 : 960 : snprintf(namebuf, MAXPGPATH, _("background worker \"%s\""),
2592 : 480 : bp->rw->rw_worker.bgw_type);
2593 : 480 : procname = namebuf;
2594 : 480 : }
2595 : : else
2596 : 316 : procname = _(GetBackendTypeDesc(bp->bkend_type));
2597 : :
2598 : : /*
2599 : : * If a backend dies in an ugly way then we must signal all other backends
2600 : : * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
2601 : : * assume everything is all right and proceed to remove the backend from
2602 : : * the active child list.
2603 : : */
2604 [ + + + - : 796 : if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
+ + ]
2605 : 2 : crashed = true;
2606 : :
2607 : : #ifdef WIN32
2608 : :
2609 : : /*
2610 : : * On win32, also treat ERROR_WAIT_NO_CHILDREN (128) as nonfatal case,
2611 : : * since that sometimes happens under load when the process fails to start
2612 : : * properly (long before it starts using shared memory). Microsoft reports
2613 : : * it is related to mutex failure:
2614 : : * http://archives.postgresql.org/pgsql-hackers/2010-09/msg00790.php
2615 : : */
2616 : : if (exitstatus == ERROR_WAIT_NO_CHILDREN)
2617 : : {
2618 : : LogChildExit(LOG, procname, bp->pid, exitstatus);
2619 : : logged = true;
2620 : : crashed = false;
2621 : : }
2622 : : #endif
2623 : :
2624 : : /*
2625 : : * Release the PMChild entry.
2626 : : *
2627 : : * If the process attached to shared memory, this also checks that it
2628 : : * detached cleanly.
2629 : : */
2630 : 796 : bp_pid = bp->pid;
2631 : 796 : bp_bgworker_notify = bp->bgworker_notify;
2632 : 796 : bp_bkend_type = bp->bkend_type;
2633 : 796 : rw = bp->rw;
2634 [ + + ]: 796 : if (!ReleasePostmasterChildSlot(bp))
2635 : : {
2636 : : /*
2637 : : * Uh-oh, the child failed to clean itself up. Treat as a crash after
2638 : : * all.
2639 : : */
2640 : 1 : crashed = true;
2641 : 1 : }
2642 : 796 : bp = NULL;
2643 : :
2644 : : /*
2645 : : * In a crash case, exit immediately without resetting background worker
2646 : : * state. However, if restart_after_crash is enabled, the background
2647 : : * worker state (e.g., rw_pid) still needs be reset so the worker can
2648 : : * restart after crash recovery. This reset is handled in
2649 : : * ResetBackgroundWorkerCrashTimes(), not here.
2650 : : */
2651 [ + + ]: 796 : if (crashed)
2652 : : {
2653 : 2 : HandleChildCrash(bp_pid, exitstatus, procname);
2654 : 2 : return;
2655 : : }
2656 : :
2657 : : /*
2658 : : * This backend may have been slated to receive SIGUSR1 when some
2659 : : * background worker started or stopped. Cancel those notifications, as
2660 : : * we don't want to signal PIDs that are not PostgreSQL backends. This
2661 : : * gets skipped in the (probably very common) case where the backend has
2662 : : * never requested any such notifications.
2663 : : */
2664 [ + + ]: 794 : if (bp_bgworker_notify)
2665 : 22 : BackgroundWorkerStopNotifications(bp_pid);
2666 : :
2667 : : /*
2668 : : * If it was an autovacuum worker, wake up the launcher so that it can
2669 : : * immediately launch a new worker or rebalance to cost limit setting of
2670 : : * the remaining workers.
2671 : : */
2672 [ - + # # ]: 794 : if (bp_bkend_type == B_AUTOVAC_WORKER && AutoVacLauncherPMChild != NULL)
2673 : 0 : signal_child(AutoVacLauncherPMChild, SIGUSR2);
2674 : :
2675 : : /*
2676 : : * If it was a background worker, also update its RegisteredBgWorker
2677 : : * entry.
2678 : : */
2679 [ + + ]: 794 : if (bp_bkend_type == B_BG_WORKER)
2680 : : {
2681 [ + + ]: 479 : if (!EXIT_STATUS_0(exitstatus))
2682 : : {
2683 : : /* Record timestamp, so we know when to restart the worker. */
2684 : 4 : rw->rw_crashed_at = GetCurrentTimestamp();
2685 : 4 : }
2686 : : else
2687 : : {
2688 : : /* Zero exit status means terminate */
2689 : 475 : rw->rw_crashed_at = 0;
2690 : 475 : rw->rw_terminate = true;
2691 : : }
2692 : :
2693 : 479 : rw->rw_pid = 0;
2694 : 479 : ReportBackgroundWorkerExit(rw); /* report child death */
2695 : :
2696 [ - + ]: 479 : if (!logged)
2697 : : {
2698 : 958 : LogChildExit(EXIT_STATUS_0(exitstatus) ? DEBUG1 : LOG,
2699 : 479 : procname, bp_pid, exitstatus);
2700 : 479 : logged = true;
2701 : 479 : }
2702 : :
2703 : : /* have it be restarted */
2704 : 479 : HaveCrashedWorker = true;
2705 : 479 : }
2706 : :
2707 [ + + ]: 794 : if (!logged)
2708 : 315 : LogChildExit(DEBUG2, procname, bp_pid, exitstatus);
2709 [ - + ]: 796 : }
2710 : :
2711 : : /*
2712 : : * Transition into FatalError state, in response to something bad having
2713 : : * happened. Commonly the caller will have logged the reason for entering
2714 : : * FatalError state.
2715 : : *
2716 : : * This should only be called when not already in FatalError or
2717 : : * ImmediateShutdown state.
2718 : : */
2719 : : static void
2720 : 0 : HandleFatalError(QuitSignalReason reason, bool consider_sigabrt)
2721 : : {
2722 : 0 : int sigtosend;
2723 : :
2724 [ # # ]: 0 : Assert(!FatalError);
2725 [ # # ]: 0 : Assert(Shutdown != ImmediateShutdown);
2726 : :
2727 : 0 : SetQuitSignalReason(reason);
2728 : :
2729 [ # # # # ]: 0 : if (consider_sigabrt && send_abort_for_crash)
2730 : 0 : sigtosend = SIGABRT;
2731 : : else
2732 : 0 : sigtosend = SIGQUIT;
2733 : :
2734 : : /*
2735 : : * Signal all other child processes to exit.
2736 : : *
2737 : : * We could exclude dead-end children here, but at least when sending
2738 : : * SIGABRT it seems better to include them.
2739 : : */
2740 : 0 : TerminateChildren(sigtosend);
2741 : :
2742 : 0 : FatalError = true;
2743 : :
2744 : : /*
2745 : : * Choose the appropriate new state to react to the fatal error. Unless we
2746 : : * were already in the process of shutting down, we go through
2747 : : * PM_WAIT_BACKENDS. For errors during the shutdown sequence, we directly
2748 : : * switch to PM_WAIT_DEAD_END.
2749 : : */
2750 [ # # # # : 0 : switch (pmState)
# # ]
2751 : : {
2752 : : case PM_INIT:
2753 : : /* shouldn't have any children */
2754 : 0 : Assert(false);
2755 : 0 : break;
2756 : : case PM_STARTUP:
2757 : : /* should have been handled in process_pm_child_exit */
2758 : 0 : Assert(false);
2759 : 0 : break;
2760 : :
2761 : : /* wait for children to die */
2762 : : case PM_RECOVERY:
2763 : : case PM_HOT_STANDBY:
2764 : : case PM_RUN:
2765 : : case PM_STOP_BACKENDS:
2766 : 0 : UpdatePMState(PM_WAIT_BACKENDS);
2767 : 0 : break;
2768 : :
2769 : : case PM_WAIT_BACKENDS:
2770 : : /* there might be more backends to wait for */
2771 : : break;
2772 : :
2773 : : case PM_WAIT_XLOG_SHUTDOWN:
2774 : : case PM_WAIT_XLOG_ARCHIVAL:
2775 : : case PM_WAIT_CHECKPOINTER:
2776 : : case PM_WAIT_IO_WORKERS:
2777 : :
2778 : : /*
2779 : : * NB: Similar code exists in PostmasterStateMachine()'s handling
2780 : : * of FatalError in PM_STOP_BACKENDS/PM_WAIT_BACKENDS states.
2781 : : */
2782 : 0 : ConfigurePostmasterWaitSet(false);
2783 : 0 : UpdatePMState(PM_WAIT_DEAD_END);
2784 : 0 : break;
2785 : :
2786 : : case PM_WAIT_DEAD_END:
2787 : : case PM_NO_CHILDREN:
2788 : 0 : break;
2789 : : }
2790 : :
2791 : : /*
2792 : : * .. and if this doesn't happen quickly enough, now the clock is ticking
2793 : : * for us to kill them without mercy.
2794 : : */
2795 [ # # ]: 0 : if (AbortStartTime == 0)
2796 : 0 : AbortStartTime = time(NULL);
2797 : 0 : }
2798 : :
2799 : : /*
2800 : : * HandleChildCrash -- cleanup after failed backend, bgwriter, checkpointer,
2801 : : * walwriter, autovacuum, archiver, slot sync worker, or background worker.
2802 : : *
2803 : : * The objectives here are to clean up our local state about the child
2804 : : * process, and to signal all other remaining children to quickdie.
2805 : : *
2806 : : * The caller has already released its PMChild slot.
2807 : : */
2808 : : static void
2809 : 9 : HandleChildCrash(int pid, int exitstatus, const char *procname)
2810 : : {
2811 : : /*
2812 : : * We only log messages and send signals if this is the first process
2813 : : * crash and we're not doing an immediate shutdown; otherwise, we're only
2814 : : * here to update postmaster's idea of live processes. If we have already
2815 : : * signaled children, nonzero exit status is to be expected, so don't
2816 : : * clutter log.
2817 : : */
2818 [ + - + - ]: 9 : if (FatalError || Shutdown == ImmediateShutdown)
2819 : 9 : return;
2820 : :
2821 : 0 : LogChildExit(LOG, procname, pid, exitstatus);
2822 [ # # # # ]: 0 : ereport(LOG,
2823 : : (errmsg("terminating any other active server processes")));
2824 : :
2825 : : /*
2826 : : * Switch into error state. The crashed process has already been removed
2827 : : * from ActiveChildList.
2828 : : */
2829 : 0 : HandleFatalError(PMQUIT_FOR_CRASH, true);
2830 : 9 : }
2831 : :
2832 : : /*
2833 : : * Log the death of a child process.
2834 : : */
2835 : : static void
2836 : 794 : LogChildExit(int lev, const char *procname, int pid, int exitstatus)
2837 : : {
2838 : : /*
2839 : : * size of activity_buffer is arbitrary, but set equal to default
2840 : : * track_activity_query_size
2841 : : */
2842 : 794 : char activity_buffer[1024];
2843 : 794 : const char *activity = NULL;
2844 : :
2845 [ + + ]: 794 : if (!EXIT_STATUS_0(exitstatus))
2846 : 8 : activity = pgstat_get_crashed_backend_activity(pid,
2847 : 4 : activity_buffer,
2848 : : sizeof(activity_buffer));
2849 : :
2850 [ - + ]: 794 : if (WIFEXITED(exitstatus))
2851 [ - + # # : 794 : ereport(lev,
+ + - + -
+ # # ]
2852 : :
2853 : : /*------
2854 : : translator: %s is a noun phrase describing a child process, such as
2855 : : "server process" */
2856 : : (errmsg("%s (PID %d) exited with exit code %d",
2857 : : procname, pid, WEXITSTATUS(exitstatus)),
2858 : : activity ? errdetail("Failed process was running: %s", activity) : 0));
2859 [ # # # # ]: 0 : else if (WIFSIGNALED(exitstatus))
2860 : : {
2861 : : #if defined(WIN32)
2862 : : ereport(lev,
2863 : :
2864 : : /*------
2865 : : translator: %s is a noun phrase describing a child process, such as
2866 : : "server process" */
2867 : : (errmsg("%s (PID %d) was terminated by exception 0x%X",
2868 : : procname, pid, WTERMSIG(exitstatus)),
2869 : : errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
2870 : : activity ? errdetail("Failed process was running: %s", activity) : 0));
2871 : : #else
2872 [ # # # # : 0 : ereport(lev,
# # # # #
# # # ]
2873 : :
2874 : : /*------
2875 : : translator: %s is a noun phrase describing a child process, such as
2876 : : "server process" */
2877 : : (errmsg("%s (PID %d) was terminated by signal %d: %s",
2878 : : procname, pid, WTERMSIG(exitstatus),
2879 : : pg_strsignal(WTERMSIG(exitstatus))),
2880 : : activity ? errdetail("Failed process was running: %s", activity) : 0));
2881 : : #endif
2882 : 0 : }
2883 : : else
2884 [ # # # # : 0 : ereport(lev,
# # # # #
# # # ]
2885 : :
2886 : : /*------
2887 : : translator: %s is a noun phrase describing a child process, such as
2888 : : "server process" */
2889 : : (errmsg("%s (PID %d) exited with unrecognized status %d",
2890 : : procname, pid, exitstatus),
2891 : : activity ? errdetail("Failed process was running: %s", activity) : 0));
2892 : 794 : }
2893 : :
2894 : : /*
2895 : : * Advance the postmaster's state machine and take actions as appropriate
2896 : : *
2897 : : * This is common code for process_pm_shutdown_request(),
2898 : : * process_pm_child_exit() and process_pm_pmsignal(), which process the signals
2899 : : * that might mean we need to change state.
2900 : : */
2901 : : static void
2902 : 604 : PostmasterStateMachine(void)
2903 : : {
2904 : : /* If we're doing a smart shutdown, try to advance that state. */
2905 [ + + - + ]: 604 : if (pmState == PM_RUN || pmState == PM_HOT_STANDBY)
2906 : : {
2907 [ + - ]: 588 : if (!connsAllowed)
2908 : : {
2909 : : /*
2910 : : * This state ends when we have no normal client backends running.
2911 : : * Then we're ready to stop other children.
2912 : : */
2913 [ # # ]: 0 : if (CountChildren(btmask(B_BACKEND)) == 0)
2914 : 0 : UpdatePMState(PM_STOP_BACKENDS);
2915 : 0 : }
2916 : 588 : }
2917 : :
2918 : : /*
2919 : : * In the PM_WAIT_BACKENDS state, wait for all the regular backends and
2920 : : * processes like autovacuum and background workers that are comparable to
2921 : : * backends to exit.
2922 : : *
2923 : : * PM_STOP_BACKENDS is a transient state that means the same as
2924 : : * PM_WAIT_BACKENDS, but we signal the processes first, before waiting for
2925 : : * them. Treating it as a distinct pmState allows us to share this code
2926 : : * across multiple shutdown code paths.
2927 : : */
2928 [ + + + + ]: 604 : if (pmState == PM_STOP_BACKENDS || pmState == PM_WAIT_BACKENDS)
2929 : : {
2930 : 11 : BackendTypeMask targetMask = BTYPE_MASK_NONE;
2931 : :
2932 : : /*
2933 : : * PM_WAIT_BACKENDS state ends when we have no regular backends, no
2934 : : * autovac launcher or workers, and no bgworkers (including
2935 : : * unconnected ones).
2936 : : */
2937 : 11 : targetMask = btmask_add(targetMask,
2938 : : B_BACKEND,
2939 : : B_AUTOVAC_LAUNCHER,
2940 : : B_AUTOVAC_WORKER,
2941 : : B_BG_WORKER);
2942 : :
2943 : : /*
2944 : : * No walwriter, bgwriter, slot sync worker, or WAL summarizer either.
2945 : : */
2946 : 11 : targetMask = btmask_add(targetMask,
2947 : : B_WAL_WRITER,
2948 : : B_BG_WRITER,
2949 : : B_SLOTSYNC_WORKER,
2950 : : B_WAL_SUMMARIZER);
2951 : :
2952 : : /* If we're in recovery, also stop startup and walreceiver procs */
2953 : 11 : targetMask = btmask_add(targetMask,
2954 : : B_STARTUP,
2955 : : B_WAL_RECEIVER);
2956 : :
2957 : : /*
2958 : : * If we are doing crash recovery or an immediate shutdown then we
2959 : : * expect archiver, checkpointer, io workers and walsender to exit as
2960 : : * well, otherwise not.
2961 : : */
2962 [ + - + + ]: 11 : if (FatalError || Shutdown >= ImmediateShutdown)
2963 : 6 : targetMask = btmask_add(targetMask,
2964 : : B_CHECKPOINTER,
2965 : : B_ARCHIVER,
2966 : : B_IO_WORKER,
2967 : : B_WAL_SENDER);
2968 : :
2969 : : /*
2970 : : * Normally archiver, checkpointer, IO workers and walsenders will
2971 : : * continue running; they will be terminated later after writing the
2972 : : * checkpoint record. We also let dead-end children to keep running
2973 : : * for now. The syslogger process exits last.
2974 : : *
2975 : : * This assertion checks that we have covered all backend types,
2976 : : * either by including them in targetMask, or by noting here that they
2977 : : * are allowed to continue running.
2978 : : */
2979 : : #ifdef USE_ASSERT_CHECKING
2980 : : {
2981 : 11 : BackendTypeMask remainMask = BTYPE_MASK_NONE;
2982 : :
2983 : 11 : remainMask = btmask_add(remainMask,
2984 : : B_DEAD_END_BACKEND,
2985 : : B_LOGGER);
2986 : :
2987 : : /*
2988 : : * Archiver, checkpointer, IO workers, and walsender may or may
2989 : : * not be in targetMask already.
2990 : : */
2991 : 11 : remainMask = btmask_add(remainMask,
2992 : : B_ARCHIVER,
2993 : : B_CHECKPOINTER,
2994 : : B_IO_WORKER,
2995 : : B_WAL_SENDER);
2996 : :
2997 : : /* these are not real postmaster children */
2998 : 11 : remainMask = btmask_add(remainMask,
2999 : : B_INVALID,
3000 : : B_STANDALONE_BACKEND);
3001 : :
3002 : : /* All types should be included in targetMask or remainMask */
3003 [ + - ]: 11 : Assert((remainMask.mask | targetMask.mask) == BTYPE_MASK_ALL.mask);
3004 : 11 : }
3005 : : #endif
3006 : :
3007 : : /* If we had not yet signaled the processes to exit, do so now */
3008 [ + + ]: 11 : if (pmState == PM_STOP_BACKENDS)
3009 : : {
3010 : : /*
3011 : : * Forget any pending requests for background workers, since we're
3012 : : * no longer willing to launch any new workers. (If additional
3013 : : * requests arrive, BackgroundWorkerStateChange will reject them.)
3014 : : */
3015 : 1 : ForgetUnstartedBackgroundWorkers();
3016 : :
3017 : 1 : SignalChildren(SIGTERM, targetMask);
3018 : :
3019 : 1 : UpdatePMState(PM_WAIT_BACKENDS);
3020 : 1 : }
3021 : :
3022 : : /* Are any of the target processes still running? */
3023 [ + + ]: 11 : if (CountChildren(targetMask) == 0)
3024 : : {
3025 [ + + - + ]: 2 : if (Shutdown >= ImmediateShutdown || FatalError)
3026 : : {
3027 : : /*
3028 : : * Stop any dead-end children and stop creating new ones.
3029 : : *
3030 : : * NB: Similar code exists in HandleFatalError(), when the
3031 : : * error happens in pmState > PM_WAIT_BACKENDS.
3032 : : */
3033 : 1 : UpdatePMState(PM_WAIT_DEAD_END);
3034 : 1 : ConfigurePostmasterWaitSet(false);
3035 : 1 : SignalChildren(SIGQUIT, btmask(B_DEAD_END_BACKEND));
3036 : :
3037 : : /*
3038 : : * We already SIGQUIT'd auxiliary processes (other than
3039 : : * logger), if any, when we started immediate shutdown or
3040 : : * entered FatalError state.
3041 : : */
3042 : 1 : }
3043 : : else
3044 : : {
3045 : : /*
3046 : : * If we get here, we are proceeding with normal shutdown. All
3047 : : * the regular children are gone, and it's time to tell the
3048 : : * checkpointer to do a shutdown checkpoint.
3049 : : */
3050 [ + - ]: 1 : Assert(Shutdown > NoShutdown);
3051 : : /* Start the checkpointer if not running */
3052 [ + - ]: 1 : if (CheckpointerPMChild == NULL)
3053 : 0 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
3054 : : /* And tell it to write the shutdown checkpoint */
3055 [ + - ]: 1 : if (CheckpointerPMChild != NULL)
3056 : : {
3057 : 1 : signal_child(CheckpointerPMChild, SIGINT);
3058 : 1 : UpdatePMState(PM_WAIT_XLOG_SHUTDOWN);
3059 : 1 : }
3060 : : else
3061 : : {
3062 : : /*
3063 : : * If we failed to fork a checkpointer, just shut down.
3064 : : * Any required cleanup will happen at next restart. We
3065 : : * set FatalError so that an "abnormal shutdown" message
3066 : : * gets logged when we exit.
3067 : : *
3068 : : * We don't consult send_abort_for_crash here, as it's
3069 : : * unlikely that dumping cores would illuminate the reason
3070 : : * for checkpointer fork failure.
3071 : : *
3072 : : * XXX: It may be worth to introduce a different PMQUIT
3073 : : * value that signals that the cluster is in a bad state,
3074 : : * without a process having crashed. But right now this
3075 : : * path is very unlikely to be reached, so it isn't
3076 : : * obviously worthwhile adding a distinct error message in
3077 : : * quickdie().
3078 : : */
3079 : 0 : HandleFatalError(PMQUIT_FOR_CRASH, false);
3080 : : }
3081 : : }
3082 : 2 : }
3083 : 11 : }
3084 : :
3085 : : /*
3086 : : * The state transition from PM_WAIT_XLOG_SHUTDOWN to
3087 : : * PM_WAIT_XLOG_ARCHIVAL is in process_pm_pmsignal(), in response to
3088 : : * PMSIGNAL_XLOG_IS_SHUTDOWN.
3089 : : */
3090 : :
3091 [ + + ]: 604 : if (pmState == PM_WAIT_XLOG_ARCHIVAL)
3092 : : {
3093 : : /*
3094 : : * PM_WAIT_XLOG_ARCHIVAL state ends when there are no children other
3095 : : * than checkpointer, io workers and dead-end children left. There
3096 : : * shouldn't be any regular backends left by now anyway; what we're
3097 : : * really waiting for is for walsenders and archiver to exit.
3098 : : */
3099 : 1 : if (CountChildren(btmask_all_except(B_CHECKPOINTER, B_IO_WORKER,
3100 [ - + ]: 1 : B_LOGGER, B_DEAD_END_BACKEND)) == 0)
3101 : : {
3102 : 1 : UpdatePMState(PM_WAIT_IO_WORKERS);
3103 : 1 : SignalChildren(SIGUSR2, btmask(B_IO_WORKER));
3104 : 1 : }
3105 : 1 : }
3106 : :
3107 [ + + ]: 604 : if (pmState == PM_WAIT_IO_WORKERS)
3108 : : {
3109 : : /*
3110 : : * PM_WAIT_IO_WORKERS state ends when there's only checkpointer and
3111 : : * dead-end children left.
3112 : : */
3113 [ + + ]: 4 : if (io_worker_count == 0)
3114 : : {
3115 : 1 : UpdatePMState(PM_WAIT_CHECKPOINTER);
3116 : :
3117 : : /*
3118 : : * Now that the processes mentioned above are gone, tell
3119 : : * checkpointer to shut down too. That allows checkpointer to
3120 : : * perform some last bits of cleanup without other processes
3121 : : * interfering.
3122 : : */
3123 [ - + ]: 1 : if (CheckpointerPMChild != NULL)
3124 : 1 : signal_child(CheckpointerPMChild, SIGUSR2);
3125 : 1 : }
3126 : 4 : }
3127 : :
3128 : : /*
3129 : : * The state transition from PM_WAIT_CHECKPOINTER to PM_WAIT_DEAD_END is
3130 : : * in process_pm_child_exit().
3131 : : */
3132 : :
3133 [ + + ]: 604 : if (pmState == PM_WAIT_DEAD_END)
3134 : : {
3135 : : /*
3136 : : * PM_WAIT_DEAD_END state ends when all other children are gone except
3137 : : * for the logger. During normal shutdown, all that remains are
3138 : : * dead-end backends, but in FatalError processing we jump straight
3139 : : * here with more processes remaining. Note that they have already
3140 : : * been sent appropriate shutdown signals, either during a normal
3141 : : * state transition leading up to PM_WAIT_DEAD_END, or during
3142 : : * FatalError processing.
3143 : : *
3144 : : * The reason we wait is to protect against a new postmaster starting
3145 : : * conflicting subprocesses; this isn't an ironclad protection, but it
3146 : : * at least helps in the shutdown-and-immediately-restart scenario.
3147 : : */
3148 [ - + ]: 2 : if (CountChildren(btmask_all_except(B_LOGGER)) == 0)
3149 : : {
3150 : : /* These other guys should be dead already */
3151 [ + - ]: 2 : Assert(StartupPMChild == NULL);
3152 [ + - ]: 2 : Assert(WalReceiverPMChild == NULL);
3153 [ + - ]: 2 : Assert(WalSummarizerPMChild == NULL);
3154 [ + - ]: 2 : Assert(BgWriterPMChild == NULL);
3155 [ + - ]: 2 : Assert(CheckpointerPMChild == NULL);
3156 [ + - ]: 2 : Assert(WalWriterPMChild == NULL);
3157 [ + - ]: 2 : Assert(AutoVacLauncherPMChild == NULL);
3158 [ + - ]: 2 : Assert(SlotSyncWorkerPMChild == NULL);
3159 : : /* syslogger is not considered here */
3160 : 2 : UpdatePMState(PM_NO_CHILDREN);
3161 : 2 : }
3162 : 2 : }
3163 : :
3164 : : /*
3165 : : * If we've been told to shut down, we exit as soon as there are no
3166 : : * remaining children. If there was a crash, cleanup will occur at the
3167 : : * next startup. (Before PostgreSQL 8.3, we tried to recover from the
3168 : : * crash before exiting, but that seems unwise if we are quitting because
3169 : : * we got SIGTERM from init --- there may well not be time for recovery
3170 : : * before init decides to SIGKILL us.)
3171 : : *
3172 : : * Note that the syslogger continues to run. It will exit when it sees
3173 : : * EOF on its input pipe, which happens when there are no more upstream
3174 : : * processes.
3175 : : */
3176 [ + + + + ]: 604 : if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
3177 : : {
3178 [ - + ]: 2 : if (FatalError)
3179 : : {
3180 [ # # # # ]: 0 : ereport(LOG, (errmsg("abnormal database system shutdown")));
3181 : 0 : ExitPostmaster(1);
3182 : : }
3183 : : else
3184 : : {
3185 : : /*
3186 : : * Normal exit from the postmaster is here. We don't need to log
3187 : : * anything here, since the UnlinkLockFiles proc_exit callback
3188 : : * will do so, and that should be the last user-visible action.
3189 : : */
3190 : 2 : ExitPostmaster(0);
3191 : : }
3192 : : }
3193 : :
3194 : : /*
3195 : : * If the startup process failed, or the user does not want an automatic
3196 : : * restart after backend crashes, wait for all non-syslogger children to
3197 : : * exit, and then exit postmaster. We don't try to reinitialize when the
3198 : : * startup process fails, because more than likely it will just fail again
3199 : : * and we will keep trying forever.
3200 : : */
3201 [ + - ]: 602 : if (pmState == PM_NO_CHILDREN)
3202 : : {
3203 [ # # ]: 0 : if (StartupStatus == STARTUP_CRASHED)
3204 : : {
3205 [ # # # # ]: 0 : ereport(LOG,
3206 : : (errmsg("shutting down due to startup process failure")));
3207 : 0 : ExitPostmaster(1);
3208 : : }
3209 [ # # ]: 0 : if (!restart_after_crash)
3210 : : {
3211 [ # # # # ]: 0 : ereport(LOG,
3212 : : (errmsg("shutting down because \"restart_after_crash\" is off")));
3213 : 0 : ExitPostmaster(1);
3214 : : }
3215 : 0 : }
3216 : :
3217 : : /*
3218 : : * If we need to recover from a crash, wait for all non-syslogger children
3219 : : * to exit, then reset shmem and start the startup process.
3220 : : */
3221 [ - + # # ]: 602 : if (FatalError && pmState == PM_NO_CHILDREN)
3222 : : {
3223 [ # # # # ]: 0 : ereport(LOG,
3224 : : (errmsg("all server processes terminated; reinitializing")));
3225 : :
3226 : : /* remove leftover temporary files after a crash */
3227 [ # # ]: 0 : if (remove_temp_files_after_crash)
3228 : 0 : RemovePgTempFiles();
3229 : :
3230 : : /* allow background workers to immediately restart */
3231 : 0 : ResetBackgroundWorkerCrashTimes();
3232 : :
3233 : 0 : shmem_exit(1);
3234 : :
3235 : : /* re-read control file into local memory */
3236 : 0 : LocalProcessControlFile(true);
3237 : :
3238 : : /* re-create shared memory and semaphores */
3239 : 0 : CreateSharedMemoryAndSemaphores();
3240 : :
3241 : 0 : UpdatePMState(PM_STARTUP);
3242 : :
3243 : : /* Make sure we can perform I/O while starting up. */
3244 : 0 : maybe_adjust_io_workers();
3245 : :
3246 : 0 : StartupPMChild = StartChildProcess(B_STARTUP);
3247 [ # # ]: 0 : Assert(StartupPMChild != NULL);
3248 : 0 : StartupStatus = STARTUP_RUNNING;
3249 : : /* crash recovery started, reset SIGKILL flag */
3250 : 0 : AbortStartTime = 0;
3251 : :
3252 : : /* start accepting server socket connection events again */
3253 : 0 : ConfigurePostmasterWaitSet(true);
3254 : 0 : }
3255 : 602 : }
3256 : :
3257 : : static const char *
3258 : 0 : pmstate_name(PMState state)
3259 : : {
3260 : : #define PM_TOSTR_CASE(sym) case sym: return #sym
3261 [ # # # # : 0 : switch (state)
# # # # #
# # # #
# ]
3262 : : {
3263 : 0 : PM_TOSTR_CASE(PM_INIT);
3264 : 0 : PM_TOSTR_CASE(PM_STARTUP);
3265 : 0 : PM_TOSTR_CASE(PM_RECOVERY);
3266 : 0 : PM_TOSTR_CASE(PM_HOT_STANDBY);
3267 : 0 : PM_TOSTR_CASE(PM_RUN);
3268 : 0 : PM_TOSTR_CASE(PM_STOP_BACKENDS);
3269 : 0 : PM_TOSTR_CASE(PM_WAIT_BACKENDS);
3270 : 0 : PM_TOSTR_CASE(PM_WAIT_XLOG_SHUTDOWN);
3271 : 0 : PM_TOSTR_CASE(PM_WAIT_XLOG_ARCHIVAL);
3272 : 0 : PM_TOSTR_CASE(PM_WAIT_IO_WORKERS);
3273 : 0 : PM_TOSTR_CASE(PM_WAIT_DEAD_END);
3274 : 0 : PM_TOSTR_CASE(PM_WAIT_CHECKPOINTER);
3275 : 0 : PM_TOSTR_CASE(PM_NO_CHILDREN);
3276 : : }
3277 : : #undef PM_TOSTR_CASE
3278 : :
3279 : 0 : pg_unreachable();
3280 : : return ""; /* silence compiler */
3281 : 0 : }
3282 : :
3283 : : /*
3284 : : * Simple wrapper for updating pmState. The main reason to have this wrapper
3285 : : * is that it makes it easy to log all state transitions.
3286 : : */
3287 : : static void
3288 : 15 : UpdatePMState(PMState newState)
3289 : : {
3290 [ - + - + ]: 15 : elog(DEBUG1, "updating PMState from %s to %s",
3291 : : pmstate_name(pmState), pmstate_name(newState));
3292 : 15 : pmState = newState;
3293 : 15 : }
3294 : :
3295 : : /*
3296 : : * Launch background processes after state change, or relaunch after an
3297 : : * existing process has exited.
3298 : : *
3299 : : * Check the current pmState and the status of any background processes. If
3300 : : * there are any background processes missing that should be running in the
3301 : : * current state, but are not, launch them.
3302 : : */
3303 : : static void
3304 : 1145 : LaunchMissingBackgroundProcesses(void)
3305 : : {
3306 : : /* Syslogger is active in all states */
3307 [ + - + - ]: 1145 : if (SysLoggerPMChild == NULL && Logging_collector)
3308 : 0 : StartSysLogger();
3309 : :
3310 : : /*
3311 : : * The number of configured workers might have changed, or a prior start
3312 : : * of a worker might have failed. Check if we need to start/stop any
3313 : : * workers.
3314 : : *
3315 : : * A config file change will always lead to this function being called, so
3316 : : * we always will process the config change in a timely manner.
3317 : : */
3318 : 1145 : maybe_adjust_io_workers();
3319 : :
3320 : : /*
3321 : : * The checkpointer and the background writer are active from the start,
3322 : : * until shutdown is initiated.
3323 : : *
3324 : : * (If the checkpointer is not running when we enter the
3325 : : * PM_WAIT_XLOG_SHUTDOWN state, it is launched one more time to perform
3326 : : * the shutdown checkpoint. That's done in PostmasterStateMachine(), not
3327 : : * here.)
3328 : : */
3329 [ + + + - ]: 1145 : if (pmState == PM_RUN || pmState == PM_RECOVERY ||
3330 [ + - - + ]: 14 : pmState == PM_HOT_STANDBY || pmState == PM_STARTUP)
3331 : : {
3332 [ + - ]: 1131 : if (CheckpointerPMChild == NULL)
3333 : 0 : CheckpointerPMChild = StartChildProcess(B_CHECKPOINTER);
3334 [ + - ]: 1131 : if (BgWriterPMChild == NULL)
3335 : 0 : BgWriterPMChild = StartChildProcess(B_BG_WRITER);
3336 : 1131 : }
3337 : :
3338 : : /*
3339 : : * WAL writer is needed only in normal operation (else we cannot be
3340 : : * writing any new WAL).
3341 : : */
3342 [ + + + + ]: 1145 : if (WalWriterPMChild == NULL && pmState == PM_RUN)
3343 : 2 : WalWriterPMChild = StartChildProcess(B_WAL_WRITER);
3344 : :
3345 : : /*
3346 : : * We don't want autovacuum to run in binary upgrade mode because
3347 : : * autovacuum might update relfrozenxid for empty tables before the
3348 : : * physical files are put in place.
3349 : : */
3350 [ + - + + ]: 1145 : if (!IsBinaryUpgrade && AutoVacLauncherPMChild == NULL &&
3351 [ - + + + ]: 11 : (AutoVacuumingActive() || start_autovac_launcher) &&
3352 : 11 : pmState == PM_RUN)
3353 : : {
3354 : 2 : AutoVacLauncherPMChild = StartChildProcess(B_AUTOVAC_LAUNCHER);
3355 [ - + ]: 2 : if (AutoVacLauncherPMChild != NULL)
3356 : 2 : start_autovac_launcher = false; /* signal processed */
3357 : 2 : }
3358 : :
3359 : : /*
3360 : : * If WAL archiving is enabled always, we are allowed to start archiver
3361 : : * even during recovery.
3362 : : */
3363 [ + - ]: 1145 : if (PgArchPMChild == NULL &&
3364 [ - + # # : 1145 : ((XLogArchivingActive() && pmState == PM_RUN) ||
- + + + ]
3365 [ # # # # : 3435 : (XLogArchivingAlways() && (pmState == PM_RECOVERY || pmState == PM_HOT_STANDBY))) &&
# # + - ]
3366 : 1145 : PgArchCanRestart())
3367 : 0 : PgArchPMChild = StartChildProcess(B_ARCHIVER);
3368 : :
3369 : : /*
3370 : : * If we need to start a slot sync worker, try to do that now
3371 : : *
3372 : : * We allow to start the slot sync worker when we are on a hot standby,
3373 : : * fast or immediate shutdown is not in progress, slot sync parameters are
3374 : : * configured correctly, and it is the first time of worker's launch, or
3375 : : * enough time has passed since the worker was launched last.
3376 : : */
3377 [ + - - + ]: 1145 : if (SlotSyncWorkerPMChild == NULL && pmState == PM_HOT_STANDBY &&
3378 [ # # # # ]: 0 : Shutdown <= SmartShutdown && sync_replication_slots &&
3379 [ # # # # ]: 0 : ValidateSlotSyncParams(LOG) && SlotSyncWorkerCanRestart())
3380 : 0 : SlotSyncWorkerPMChild = StartChildProcess(B_SLOTSYNC_WORKER);
3381 : :
3382 : : /*
3383 : : * If we need to start a WAL receiver, try to do that now
3384 : : *
3385 : : * Note: if a walreceiver process is already running, it might seem that
3386 : : * we should clear WalReceiverRequested. However, there's a race
3387 : : * condition if the walreceiver terminates and the startup process
3388 : : * immediately requests a new one: it's quite possible to get the signal
3389 : : * for the request before reaping the dead walreceiver process. Better to
3390 : : * risk launching an extra walreceiver than to miss launching one we need.
3391 : : * (The walreceiver code has logic to recognize that it should go away if
3392 : : * not needed.)
3393 : : */
3394 [ + - ]: 1145 : if (WalReceiverRequested)
3395 : : {
3396 [ # # ]: 0 : if (WalReceiverPMChild == NULL &&
3397 [ # # # # ]: 0 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
3398 [ # # ]: 0 : pmState == PM_HOT_STANDBY) &&
3399 : 0 : Shutdown <= SmartShutdown)
3400 : : {
3401 : 0 : WalReceiverPMChild = StartChildProcess(B_WAL_RECEIVER);
3402 [ # # ]: 0 : if (WalReceiverPMChild != NULL)
3403 : 0 : WalReceiverRequested = false;
3404 : : /* else leave the flag set, so we'll try again later */
3405 : 0 : }
3406 : 0 : }
3407 : :
3408 : : /* If we need to start a WAL summarizer, try to do that now */
3409 [ - + # # ]: 1145 : if (summarize_wal && WalSummarizerPMChild == NULL &&
3410 [ # # # # ]: 0 : (pmState == PM_RUN || pmState == PM_HOT_STANDBY) &&
3411 : 0 : Shutdown <= SmartShutdown)
3412 : 0 : WalSummarizerPMChild = StartChildProcess(B_WAL_SUMMARIZER);
3413 : :
3414 : : /* Get other worker processes running, if needed */
3415 [ + + + + ]: 1145 : if (StartWorkerNeeded || HaveCrashedWorker)
3416 : 496 : maybe_start_bgworkers();
3417 : 1145 : }
3418 : :
3419 : : /*
3420 : : * Return string representation of signal.
3421 : : *
3422 : : * Because this is only implemented for signals we already rely on in this
3423 : : * file we don't need to deal with unimplemented or same-numeric-value signals
3424 : : * (as we'd e.g. have to for EWOULDBLOCK / EAGAIN).
3425 : : */
3426 : : static const char *
3427 : 0 : pm_signame(int signal)
3428 : : {
3429 : : #define PM_TOSTR_CASE(sym) case sym: return #sym
3430 [ # # # # : 0 : switch (signal)
# # # # #
# ]
3431 : : {
3432 : 0 : PM_TOSTR_CASE(SIGABRT);
3433 : 0 : PM_TOSTR_CASE(SIGCHLD);
3434 : 0 : PM_TOSTR_CASE(SIGHUP);
3435 : 0 : PM_TOSTR_CASE(SIGINT);
3436 : 0 : PM_TOSTR_CASE(SIGKILL);
3437 : 0 : PM_TOSTR_CASE(SIGQUIT);
3438 : 0 : PM_TOSTR_CASE(SIGTERM);
3439 : 0 : PM_TOSTR_CASE(SIGUSR1);
3440 : 0 : PM_TOSTR_CASE(SIGUSR2);
3441 : : default:
3442 : : /* all signals sent by postmaster should be listed here */
3443 : 0 : Assert(false);
3444 : 0 : return "(unknown)";
3445 : : }
3446 : : #undef PM_TOSTR_CASE
3447 : :
3448 : : return ""; /* silence compiler */
3449 : 0 : }
3450 : :
3451 : : /*
3452 : : * Send a signal to a postmaster child process
3453 : : *
3454 : : * On systems that have setsid(), each child process sets itself up as a
3455 : : * process group leader. For signals that are generally interpreted in the
3456 : : * appropriate fashion, we signal the entire process group not just the
3457 : : * direct child process. This allows us to, for example, SIGQUIT a blocked
3458 : : * archive_recovery script, or SIGINT a script being run by a backend via
3459 : : * system().
3460 : : *
3461 : : * There is a race condition for recently-forked children: they might not
3462 : : * have executed setsid() yet. So we signal the child directly as well as
3463 : : * the group. We assume such a child will handle the signal before trying
3464 : : * to spawn any grandchild processes. We also assume that signaling the
3465 : : * child twice will not cause any problems.
3466 : : */
3467 : : static void
3468 : 18 : signal_child(PMChild *pmchild, int signal)
3469 : : {
3470 : 18 : pid_t pid = pmchild->pid;
3471 : :
3472 [ - + - + ]: 18 : ereport(DEBUG3,
3473 : : (errmsg_internal("sending signal %d/%s to %s process with pid %d",
3474 : : signal, pm_signame(signal),
3475 : : GetBackendTypeDesc(pmchild->bkend_type),
3476 : : (int) pmchild->pid)));
3477 : :
3478 [ + - ]: 18 : if (kill(pid, signal) < 0)
3479 [ # # # # ]: 0 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
3480 : : #ifdef HAVE_SETSID
3481 [ + + ]: 18 : switch (signal)
3482 : : {
3483 : : case SIGINT:
3484 : : case SIGTERM:
3485 : : case SIGQUIT:
3486 : : case SIGKILL:
3487 : : case SIGABRT:
3488 [ + - ]: 14 : if (kill(-pid, signal) < 0)
3489 [ # # # # ]: 0 : elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
3490 : 14 : break;
3491 : : default:
3492 : 4 : break;
3493 : : }
3494 : : #endif
3495 : 18 : }
3496 : :
3497 : : /*
3498 : : * Send a signal to the targeted children.
3499 : : */
3500 : : static bool
3501 : 6 : SignalChildren(int signal, BackendTypeMask targetMask)
3502 : : {
3503 : 6 : dlist_iter iter;
3504 : 6 : bool signaled = false;
3505 : :
3506 [ + - + + ]: 31 : dlist_foreach(iter, &ActiveChildList)
3507 : : {
3508 : 25 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
3509 : :
3510 : : /*
3511 : : * If we need to distinguish between B_BACKEND and B_WAL_SENDER, check
3512 : : * if any B_BACKEND backends have recently announced that they are
3513 : : * actually WAL senders.
3514 : : */
3515 [ + + + - ]: 25 : if (btmask_contains(targetMask, B_WAL_SENDER) != btmask_contains(targetMask, B_BACKEND) &&
3516 : 12 : bp->bkend_type == B_BACKEND)
3517 : : {
3518 [ # # ]: 0 : if (IsPostmasterChildWalSender(bp->child_slot))
3519 : 0 : bp->bkend_type = B_WAL_SENDER;
3520 : 0 : }
3521 : :
3522 [ + + ]: 25 : if (!btmask_contains(targetMask, bp->bkend_type))
3523 : 9 : continue;
3524 : :
3525 : 16 : signal_child(bp, signal);
3526 : 16 : signaled = true;
3527 [ - + + ]: 25 : }
3528 : 12 : return signaled;
3529 : 6 : }
3530 : :
3531 : : /*
3532 : : * Send a termination signal to children. This considers all of our children
3533 : : * processes, except syslogger.
3534 : : */
3535 : : static void
3536 : 1 : TerminateChildren(int signal)
3537 : : {
3538 : 1 : SignalChildren(signal, btmask_all_except(B_LOGGER));
3539 [ + - ]: 1 : if (StartupPMChild != NULL)
3540 : : {
3541 [ # # # # : 0 : if (signal == SIGQUIT || signal == SIGKILL || signal == SIGABRT)
# # ]
3542 : 0 : StartupStatus = STARTUP_SIGNALED;
3543 : 0 : }
3544 : 1 : }
3545 : :
3546 : : /*
3547 : : * BackendStartup -- start backend process
3548 : : *
3549 : : * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
3550 : : *
3551 : : * Note: if you change this code, also consider StartAutovacuumWorker and
3552 : : * StartBackgroundWorker.
3553 : : */
3554 : : static int
3555 : 316 : BackendStartup(ClientSocket *client_sock)
3556 : : {
3557 : 316 : PMChild *bn = NULL;
3558 : 316 : pid_t pid;
3559 : 316 : BackendStartupData startup_data;
3560 : 316 : CAC_state cac;
3561 : :
3562 : : /*
3563 : : * Capture time that Postmaster got a socket from accept (for logging
3564 : : * connection establishment and setup total duration).
3565 : : */
3566 : 316 : startup_data.socket_created = GetCurrentTimestamp();
3567 : :
3568 : : /*
3569 : : * Allocate and assign the child slot. Note we must do this before
3570 : : * forking, so that we can handle failures (out of memory or child-process
3571 : : * slots) cleanly.
3572 : : */
3573 : 316 : cac = canAcceptConnections(B_BACKEND);
3574 [ - + ]: 316 : if (cac == CAC_OK)
3575 : : {
3576 : : /* Can change later to B_WAL_SENDER */
3577 : 316 : bn = AssignPostmasterChildSlot(B_BACKEND);
3578 [ + - ]: 316 : if (!bn)
3579 : : {
3580 : : /*
3581 : : * Too many regular child processes; launch a dead-end child
3582 : : * process instead.
3583 : : */
3584 : 0 : cac = CAC_TOOMANY;
3585 : 0 : }
3586 : 316 : }
3587 [ + - ]: 316 : if (!bn)
3588 : : {
3589 : 0 : bn = AllocDeadEndChild();
3590 [ # # ]: 0 : if (!bn)
3591 : : {
3592 [ # # # # ]: 0 : ereport(LOG,
3593 : : (errcode(ERRCODE_OUT_OF_MEMORY),
3594 : : errmsg("out of memory")));
3595 : 0 : return STATUS_ERROR;
3596 : : }
3597 : 0 : }
3598 : :
3599 : : /* Pass down canAcceptConnections state */
3600 : 316 : startup_data.canAcceptConnections = cac;
3601 : 316 : bn->rw = NULL;
3602 : :
3603 : : /* Hasn't asked to be notified about any bgworkers yet */
3604 : 316 : bn->bgworker_notify = false;
3605 : :
3606 : 632 : pid = postmaster_child_launch(bn->bkend_type, bn->child_slot,
3607 : : &startup_data, sizeof(startup_data),
3608 : 316 : client_sock);
3609 [ + - ]: 316 : if (pid < 0)
3610 : : {
3611 : : /* in parent, fork failed */
3612 : 0 : int save_errno = errno;
3613 : :
3614 : 0 : (void) ReleasePostmasterChildSlot(bn);
3615 : 0 : errno = save_errno;
3616 [ # # # # ]: 0 : ereport(LOG,
3617 : : (errmsg("could not fork new process for connection: %m")));
3618 : 0 : report_fork_failure_to_client(client_sock, save_errno);
3619 : 0 : return STATUS_ERROR;
3620 : 0 : }
3621 : :
3622 : : /* in parent, successful fork */
3623 [ - + - + ]: 316 : ereport(DEBUG2,
3624 : : (errmsg_internal("forked new %s, pid=%d socket=%d",
3625 : : GetBackendTypeDesc(bn->bkend_type),
3626 : : (int) pid, (int) client_sock->sock)));
3627 : :
3628 : : /*
3629 : : * Everything's been successful, it's safe to add this backend to our list
3630 : : * of backends.
3631 : : */
3632 : 316 : bn->pid = pid;
3633 : 316 : return STATUS_OK;
3634 : 316 : }
3635 : :
3636 : : /*
3637 : : * Try to report backend fork() failure to client before we close the
3638 : : * connection. Since we do not care to risk blocking the postmaster on
3639 : : * this connection, we set the connection to non-blocking and try only once.
3640 : : *
3641 : : * This is grungy special-purpose code; we cannot use backend libpq since
3642 : : * it's not up and running.
3643 : : */
3644 : : static void
3645 : 0 : report_fork_failure_to_client(ClientSocket *client_sock, int errnum)
3646 : : {
3647 : 0 : char buffer[1000];
3648 : 0 : int rc;
3649 : :
3650 : : /* Format the error message packet (always V2 protocol) */
3651 : 0 : snprintf(buffer, sizeof(buffer), "E%s%s\n",
3652 : 0 : _("could not fork new process for connection: "),
3653 : 0 : strerror(errnum));
3654 : :
3655 : : /* Set port to non-blocking. Don't do send() if this fails */
3656 [ # # ]: 0 : if (!pg_set_noblock(client_sock->sock))
3657 : 0 : return;
3658 : :
3659 : : /* We'll retry after EINTR, but ignore all other failures */
3660 : 0 : do
3661 : : {
3662 : 0 : rc = send(client_sock->sock, buffer, strlen(buffer) + 1, 0);
3663 [ # # # # ]: 0 : } while (rc < 0 && errno == EINTR);
3664 [ # # ]: 0 : }
3665 : :
3666 : : /*
3667 : : * ExitPostmaster -- cleanup
3668 : : *
3669 : : * Do NOT call exit() directly --- always go through here!
3670 : : */
3671 : : static void
3672 : 2 : ExitPostmaster(int status)
3673 : : {
3674 : : #ifdef HAVE_PTHREAD_IS_THREADED_NP
3675 : :
3676 : : /*
3677 : : * There is no known cause for a postmaster to become multithreaded after
3678 : : * startup. However, we might reach here via an error exit before
3679 : : * reaching the test in PostmasterMain, so provide the same hint as there.
3680 : : * This message uses LOG level, because an unclean shutdown at this point
3681 : : * would usually not look much different from a clean shutdown.
3682 : : */
3683 [ + - ]: 2 : if (pthread_is_threaded_np() != 0)
3684 [ # # # # ]: 0 : ereport(LOG,
3685 : : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
3686 : : errmsg("postmaster became multithreaded"),
3687 : : errhint("Set the LC_ALL environment variable to a valid locale.")));
3688 : : #endif
3689 : :
3690 : : /* should cleanup shared memory and kill all backends */
3691 : :
3692 : : /*
3693 : : * Not sure of the semantics here. When the Postmaster dies, should the
3694 : : * backends all be killed? probably not.
3695 : : *
3696 : : * MUST -- vadim 05-10-1999
3697 : : */
3698 : :
3699 : 2 : proc_exit(status);
3700 : : }
3701 : :
3702 : : /*
3703 : : * Handle pmsignal conditions representing requests from backends,
3704 : : * and check for promote and logrotate requests from pg_ctl.
3705 : : */
3706 : : static void
3707 : 230 : process_pm_pmsignal(void)
3708 : : {
3709 : 230 : bool request_state_update = false;
3710 : :
3711 : 230 : pending_pm_pmsignal = false;
3712 : :
3713 [ - + - + ]: 230 : ereport(DEBUG2,
3714 : : (errmsg_internal("postmaster received pmsignal signal")));
3715 : :
3716 : : /*
3717 : : * RECOVERY_STARTED and BEGIN_HOT_STANDBY signals are ignored in
3718 : : * unexpected states. If the startup process quickly starts up, completes
3719 : : * recovery, exits, we might process the death of the startup process
3720 : : * first. We don't want to go back to recovery in that case.
3721 : : */
3722 [ - + ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_STARTED) &&
3723 [ # # # # ]: 0 : pmState == PM_STARTUP && Shutdown == NoShutdown)
3724 : : {
3725 : : /* WAL redo has started. We're out of reinitialization. */
3726 : 0 : FatalError = false;
3727 : 0 : AbortStartTime = 0;
3728 : 0 : reachedConsistency = false;
3729 : :
3730 : : /*
3731 : : * Start the archiver if we're responsible for (re-)archiving received
3732 : : * files.
3733 : : */
3734 [ # # ]: 0 : Assert(PgArchPMChild == NULL);
3735 [ # # # # : 0 : if (XLogArchivingAlways())
# # ]
3736 : 0 : PgArchPMChild = StartChildProcess(B_ARCHIVER);
3737 : :
3738 : : /*
3739 : : * If we aren't planning to enter hot standby mode later, treat
3740 : : * RECOVERY_STARTED as meaning we're out of startup, and report status
3741 : : * accordingly.
3742 : : */
3743 [ # # ]: 0 : if (!EnableHotStandby)
3744 : : {
3745 : 0 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_STANDBY);
3746 : : #ifdef USE_SYSTEMD
3747 : : sd_notify(0, "READY=1");
3748 : : #endif
3749 : 0 : }
3750 : :
3751 : 0 : UpdatePMState(PM_RECOVERY);
3752 : 0 : }
3753 : :
3754 [ - + ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_RECOVERY_CONSISTENT) &&
3755 [ # # # # ]: 0 : pmState == PM_RECOVERY && Shutdown == NoShutdown)
3756 : : {
3757 : 0 : reachedConsistency = true;
3758 : 0 : }
3759 : :
3760 [ - + # # ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY) &&
3761 [ # # ]: 0 : (pmState == PM_RECOVERY && Shutdown == NoShutdown))
3762 : : {
3763 [ # # # # ]: 0 : ereport(LOG,
3764 : : (errmsg("database system is ready to accept read-only connections")));
3765 : :
3766 : : /* Report status */
3767 : 0 : AddToDataDirLockFile(LOCK_FILE_LINE_PM_STATUS, PM_STATUS_READY);
3768 : : #ifdef USE_SYSTEMD
3769 : : sd_notify(0, "READY=1");
3770 : : #endif
3771 : :
3772 : 0 : UpdatePMState(PM_HOT_STANDBY);
3773 : 0 : connsAllowed = true;
3774 : :
3775 : : /* Some workers may be scheduled to start now */
3776 : 0 : StartWorkerNeeded = true;
3777 : 0 : }
3778 : :
3779 : : /* Process background worker state changes. */
3780 [ + + ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_BACKGROUND_WORKER_CHANGE))
3781 : : {
3782 : : /* Accept new worker requests only if not stopping. */
3783 : 207 : BackgroundWorkerStateChange(pmState < PM_STOP_BACKENDS);
3784 : 207 : StartWorkerNeeded = true;
3785 : 207 : }
3786 : :
3787 : : /* Tell syslogger to rotate logfile if requested */
3788 [ + - ]: 230 : if (SysLoggerPMChild != NULL)
3789 : : {
3790 [ # # ]: 0 : if (CheckLogrotateSignal())
3791 : : {
3792 : 0 : signal_child(SysLoggerPMChild, SIGUSR1);
3793 : 0 : RemoveLogrotateSignalFiles();
3794 : 0 : }
3795 [ # # ]: 0 : else if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE))
3796 : : {
3797 : 0 : signal_child(SysLoggerPMChild, SIGUSR1);
3798 : 0 : }
3799 : 0 : }
3800 : :
3801 [ - + ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER) &&
3802 [ # # # # ]: 0 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
3803 : : {
3804 : : /*
3805 : : * Start one iteration of the autovacuum daemon, even if autovacuuming
3806 : : * is nominally not enabled. This is so we can have an active defense
3807 : : * against transaction ID wraparound. We set a flag for the main loop
3808 : : * to do it rather than trying to do it here --- this is because the
3809 : : * autovac process itself may send the signal, and we want to handle
3810 : : * that by launching another iteration as soon as the current one
3811 : : * completes.
3812 : : */
3813 : 0 : start_autovac_launcher = true;
3814 : 0 : }
3815 : :
3816 [ - + ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER) &&
3817 [ # # # # ]: 0 : Shutdown <= SmartShutdown && pmState < PM_STOP_BACKENDS)
3818 : : {
3819 : : /* The autovacuum launcher wants us to start a worker process. */
3820 : 0 : StartAutovacuumWorker();
3821 : 0 : }
3822 : :
3823 [ + - ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_START_WALRECEIVER))
3824 : : {
3825 : : /* Startup Process wants us to start the walreceiver process. */
3826 : 0 : WalReceiverRequested = true;
3827 : 0 : }
3828 : :
3829 [ + + ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_XLOG_IS_SHUTDOWN))
3830 : : {
3831 : : /* Checkpointer completed the shutdown checkpoint */
3832 [ + - ]: 1 : if (pmState == PM_WAIT_XLOG_SHUTDOWN)
3833 : : {
3834 : : /*
3835 : : * If we have an archiver subprocess, tell it to do a last archive
3836 : : * cycle and quit. Likewise, if we have walsender processes, tell
3837 : : * them to send any remaining WAL and quit.
3838 : : */
3839 [ + - ]: 1 : Assert(Shutdown > NoShutdown);
3840 : :
3841 : : /* Waken archiver for the last time */
3842 [ + - ]: 1 : if (PgArchPMChild != NULL)
3843 : 0 : signal_child(PgArchPMChild, SIGUSR2);
3844 : :
3845 : : /*
3846 : : * Waken walsenders for the last time. No regular backends should
3847 : : * be around anymore.
3848 : : */
3849 : 1 : SignalChildren(SIGUSR2, btmask(B_WAL_SENDER));
3850 : :
3851 : 1 : UpdatePMState(PM_WAIT_XLOG_ARCHIVAL);
3852 : 1 : }
3853 [ # # # # ]: 0 : else if (!FatalError && Shutdown != ImmediateShutdown)
3854 : : {
3855 : : /*
3856 : : * Checkpointer only ought to perform the shutdown checkpoint
3857 : : * during shutdown. If somehow checkpointer did so in another
3858 : : * situation, we have no choice but to crash-restart.
3859 : : *
3860 : : * It's possible however that we get PMSIGNAL_XLOG_IS_SHUTDOWN
3861 : : * outside of PM_WAIT_XLOG_SHUTDOWN if an orderly shutdown was
3862 : : * "interrupted" by a crash or an immediate shutdown.
3863 : : */
3864 [ # # # # ]: 0 : ereport(LOG,
3865 : : (errmsg("WAL was shut down unexpectedly")));
3866 : :
3867 : : /*
3868 : : * Doesn't seem likely to help to take send_abort_for_crash into
3869 : : * account here.
3870 : : */
3871 : 0 : HandleFatalError(PMQUIT_FOR_CRASH, false);
3872 : 0 : }
3873 : :
3874 : : /*
3875 : : * Need to run PostmasterStateMachine() to check if we already can go
3876 : : * to the next state.
3877 : : */
3878 : 1 : request_state_update = true;
3879 : 1 : }
3880 : :
3881 : : /*
3882 : : * Try to advance postmaster's state machine, if a child requests it.
3883 : : */
3884 [ + - ]: 230 : if (CheckPostmasterSignal(PMSIGNAL_ADVANCE_STATE_MACHINE))
3885 : : {
3886 : 0 : request_state_update = true;
3887 : 0 : }
3888 : :
3889 : : /*
3890 : : * Be careful about the order of this action relative to this function's
3891 : : * other actions. Generally, this should be after other actions, in case
3892 : : * they have effects PostmasterStateMachine would need to know about.
3893 : : * However, we should do it before the CheckPromoteSignal step, which
3894 : : * cannot have any (immediate) effect on the state machine, but does
3895 : : * depend on what state we're in now.
3896 : : */
3897 [ + + ]: 230 : if (request_state_update)
3898 : : {
3899 : 1 : PostmasterStateMachine();
3900 : 1 : }
3901 : :
3902 [ - + ]: 230 : if (StartupPMChild != NULL &&
3903 [ # # # # ]: 0 : (pmState == PM_STARTUP || pmState == PM_RECOVERY ||
3904 [ # # ]: 0 : pmState == PM_HOT_STANDBY) &&
3905 : 0 : CheckPromoteSignal())
3906 : : {
3907 : : /*
3908 : : * Tell startup process to finish recovery.
3909 : : *
3910 : : * Leave the promote signal file in place and let the Startup process
3911 : : * do the unlink.
3912 : : */
3913 : 0 : signal_child(StartupPMChild, SIGUSR2);
3914 : 0 : }
3915 : 230 : }
3916 : :
3917 : : /*
3918 : : * Dummy signal handler
3919 : : *
3920 : : * We use this for signals that we don't actually use in the postmaster,
3921 : : * but we do use in backends. If we were to SIG_IGN such signals in the
3922 : : * postmaster, then a newly started backend might drop a signal that arrives
3923 : : * before it's able to reconfigure its signal processing. (See notes in
3924 : : * tcop/postgres.c.)
3925 : : */
3926 : : static void
3927 : 0 : dummy_handler(SIGNAL_ARGS)
3928 : : {
3929 : 0 : }
3930 : :
3931 : : /*
3932 : : * Count up number of child processes of specified types.
3933 : : */
3934 : : static int
3935 : 14 : CountChildren(BackendTypeMask targetMask)
3936 : : {
3937 : 14 : dlist_iter iter;
3938 : 14 : int cnt = 0;
3939 : :
3940 [ + - + + ]: 68 : dlist_foreach(iter, &ActiveChildList)
3941 : : {
3942 : 54 : PMChild *bp = dlist_container(PMChild, elem, iter.cur);
3943 : :
3944 : : /*
3945 : : * If we need to distinguish between B_BACKEND and B_WAL_SENDER, check
3946 : : * if any B_BACKEND backends have recently announced that they are
3947 : : * actually WAL senders.
3948 : : */
3949 [ + + + - ]: 54 : if (btmask_contains(targetMask, B_WAL_SENDER) != btmask_contains(targetMask, B_BACKEND) &&
3950 : 30 : bp->bkend_type == B_BACKEND)
3951 : : {
3952 [ # # ]: 0 : if (IsPostmasterChildWalSender(bp->child_slot))
3953 : 0 : bp->bkend_type = B_WAL_SENDER;
3954 : 0 : }
3955 : :
3956 [ + + ]: 54 : if (!btmask_contains(targetMask, bp->bkend_type))
3957 : 24 : continue;
3958 : :
3959 [ - + - + ]: 30 : ereport(DEBUG4,
3960 : : (errmsg_internal("%s process %d is still running",
3961 : : GetBackendTypeDesc(bp->bkend_type), (int) bp->pid)));
3962 : :
3963 : 30 : cnt++;
3964 [ - + + ]: 54 : }
3965 : 28 : return cnt;
3966 : 14 : }
3967 : :
3968 : :
3969 : : /*
3970 : : * StartChildProcess -- start an auxiliary process for the postmaster
3971 : : *
3972 : : * "type" determines what kind of child will be started. All child types
3973 : : * initially go to AuxiliaryProcessMain, which will handle common setup.
3974 : : *
3975 : : * Return value of StartChildProcess is subprocess' PMChild entry, or NULL on
3976 : : * failure.
3977 : : */
3978 : : static PMChild *
3979 : 16 : StartChildProcess(BackendType type)
3980 : : {
3981 : 16 : PMChild *pmchild;
3982 : 16 : pid_t pid;
3983 : :
3984 : 16 : pmchild = AssignPostmasterChildSlot(type);
3985 [ + - ]: 16 : if (!pmchild)
3986 : : {
3987 [ # # ]: 0 : if (type == B_AUTOVAC_WORKER)
3988 [ # # # # ]: 0 : ereport(LOG,
3989 : : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
3990 : : errmsg("no slot available for new autovacuum worker process")));
3991 : : else
3992 : : {
3993 : : /* shouldn't happen because we allocate enough slots */
3994 [ # # # # ]: 0 : elog(LOG, "no postmaster child slot available for aux process");
3995 : : }
3996 : 0 : return NULL;
3997 : : }
3998 : :
3999 : 16 : pid = postmaster_child_launch(type, pmchild->child_slot, NULL, 0, NULL);
4000 [ + - ]: 16 : if (pid < 0)
4001 : : {
4002 : : /* in parent, fork failed */
4003 : 0 : ReleasePostmasterChildSlot(pmchild);
4004 [ # # # # ]: 0 : ereport(LOG,
4005 : : (errmsg("could not fork \"%s\" process: %m", PostmasterChildName(type))));
4006 : :
4007 : : /*
4008 : : * fork failure is fatal during startup, but there's no need to choke
4009 : : * immediately if starting other child types fails.
4010 : : */
4011 [ # # ]: 0 : if (type == B_STARTUP)
4012 : 0 : ExitPostmaster(1);
4013 : 0 : return NULL;
4014 : : }
4015 : :
4016 : : /* in parent, successful fork */
4017 : 16 : pmchild->pid = pid;
4018 : 16 : return pmchild;
4019 : 16 : }
4020 : :
4021 : : /*
4022 : : * StartSysLogger -- start the syslogger process
4023 : : */
4024 : : void
4025 : 0 : StartSysLogger(void)
4026 : : {
4027 [ # # ]: 0 : Assert(SysLoggerPMChild == NULL);
4028 : :
4029 : 0 : SysLoggerPMChild = AssignPostmasterChildSlot(B_LOGGER);
4030 [ # # ]: 0 : if (!SysLoggerPMChild)
4031 [ # # # # ]: 0 : elog(PANIC, "no postmaster child slot available for syslogger");
4032 : 0 : SysLoggerPMChild->pid = SysLogger_Start(SysLoggerPMChild->child_slot);
4033 [ # # ]: 0 : if (SysLoggerPMChild->pid == 0)
4034 : : {
4035 : 0 : ReleasePostmasterChildSlot(SysLoggerPMChild);
4036 : 0 : SysLoggerPMChild = NULL;
4037 : 0 : }
4038 : 0 : }
4039 : :
4040 : : /*
4041 : : * StartAutovacuumWorker
4042 : : * Start an autovac worker process.
4043 : : *
4044 : : * This function is here because it enters the resulting PID into the
4045 : : * postmaster's private backends list.
4046 : : *
4047 : : * NB -- this code very roughly matches BackendStartup.
4048 : : */
4049 : : static void
4050 : 0 : StartAutovacuumWorker(void)
4051 : : {
4052 : 0 : PMChild *bn;
4053 : :
4054 : : /*
4055 : : * If not in condition to run a process, don't try, but handle it like a
4056 : : * fork failure. This does not normally happen, since the signal is only
4057 : : * supposed to be sent by autovacuum launcher when it's OK to do it, but
4058 : : * we have to check to avoid race-condition problems during DB state
4059 : : * changes.
4060 : : */
4061 [ # # ]: 0 : if (canAcceptConnections(B_AUTOVAC_WORKER) == CAC_OK)
4062 : : {
4063 : 0 : bn = StartChildProcess(B_AUTOVAC_WORKER);
4064 [ # # ]: 0 : if (bn)
4065 : : {
4066 : 0 : bn->bgworker_notify = false;
4067 : 0 : bn->rw = NULL;
4068 : 0 : return;
4069 : : }
4070 : : else
4071 : : {
4072 : : /*
4073 : : * fork failed, fall through to report -- actual error message was
4074 : : * logged by StartChildProcess
4075 : : */
4076 : : }
4077 : 0 : }
4078 : :
4079 : : /*
4080 : : * Report the failure to the launcher, if it's running. (If it's not, we
4081 : : * might not even be connected to shared memory, so don't try to call
4082 : : * AutoVacWorkerFailed.) Note that we also need to signal it so that it
4083 : : * responds to the condition, but we don't do that here, instead waiting
4084 : : * for ServerLoop to do it. This way we avoid a ping-pong signaling in
4085 : : * quick succession between the autovac launcher and postmaster in case
4086 : : * things get ugly.
4087 : : */
4088 [ # # ]: 0 : if (AutoVacLauncherPMChild != NULL)
4089 : : {
4090 : 0 : AutoVacWorkerFailed();
4091 : 0 : avlauncher_needs_signal = true;
4092 : 0 : }
4093 [ # # ]: 0 : }
4094 : :
4095 : :
4096 : : /*
4097 : : * Create the opts file
4098 : : */
4099 : : static bool
4100 : 2 : CreateOptsFile(int argc, char *argv[], char *fullprogname)
4101 : : {
4102 : 2 : FILE *fp;
4103 : 2 : int i;
4104 : :
4105 : : #define OPTS_FILE "postmaster.opts"
4106 : :
4107 [ + - ]: 2 : if ((fp = fopen(OPTS_FILE, "w")) == NULL)
4108 : : {
4109 [ # # # # ]: 0 : ereport(LOG,
4110 : : (errcode_for_file_access(),
4111 : : errmsg("could not create file \"%s\": %m", OPTS_FILE)));
4112 : 0 : return false;
4113 : : }
4114 : :
4115 : 2 : fprintf(fp, "%s", fullprogname);
4116 [ + + ]: 12 : for (i = 1; i < argc; i++)
4117 : 10 : fprintf(fp, " \"%s\"", argv[i]);
4118 : 2 : fputs("\n", fp);
4119 : :
4120 [ - + ]: 2 : if (fclose(fp))
4121 : : {
4122 [ # # # # ]: 0 : ereport(LOG,
4123 : : (errcode_for_file_access(),
4124 : : errmsg("could not write file \"%s\": %m", OPTS_FILE)));
4125 : 0 : return false;
4126 : : }
4127 : :
4128 : 2 : return true;
4129 : 2 : }
4130 : :
4131 : :
4132 : : /*
4133 : : * Start a new bgworker.
4134 : : * Starting time conditions must have been checked already.
4135 : : *
4136 : : * Returns true on success, false on failure.
4137 : : * In either case, update the RegisteredBgWorker's state appropriately.
4138 : : *
4139 : : * NB -- this code very roughly matches BackendStartup.
4140 : : */
4141 : : static bool
4142 : 480 : StartBackgroundWorker(RegisteredBgWorker *rw)
4143 : : {
4144 : 480 : PMChild *bn;
4145 : 480 : pid_t worker_pid;
4146 : :
4147 [ + - ]: 480 : Assert(rw->rw_pid == 0);
4148 : :
4149 : : /*
4150 : : * Allocate and assign the child slot. Note we must do this before
4151 : : * forking, so that we can handle failures (out of memory or child-process
4152 : : * slots) cleanly.
4153 : : *
4154 : : * Treat failure as though the worker had crashed. That way, the
4155 : : * postmaster will wait a bit before attempting to start it again; if we
4156 : : * tried again right away, most likely we'd find ourselves hitting the
4157 : : * same resource-exhaustion condition.
4158 : : */
4159 : 480 : bn = AssignPostmasterChildSlot(B_BG_WORKER);
4160 [ + - ]: 480 : if (bn == NULL)
4161 : : {
4162 [ # # # # ]: 0 : ereport(LOG,
4163 : : (errcode(ERRCODE_CONFIGURATION_LIMIT_EXCEEDED),
4164 : : errmsg("no slot available for new background worker process")));
4165 : 0 : rw->rw_crashed_at = GetCurrentTimestamp();
4166 : 0 : return false;
4167 : : }
4168 : 480 : bn->rw = rw;
4169 : 480 : bn->bkend_type = B_BG_WORKER;
4170 : 480 : bn->bgworker_notify = false;
4171 : :
4172 [ - + - + ]: 480 : ereport(DEBUG1,
4173 : : (errmsg_internal("starting background worker process \"%s\"",
4174 : : rw->rw_worker.bgw_name)));
4175 : :
4176 : 960 : worker_pid = postmaster_child_launch(B_BG_WORKER, bn->child_slot,
4177 : 480 : &rw->rw_worker, sizeof(BackgroundWorker), NULL);
4178 [ + - ]: 480 : if (worker_pid == -1)
4179 : : {
4180 : : /* in postmaster, fork failed ... */
4181 [ # # # # ]: 0 : ereport(LOG,
4182 : : (errmsg("could not fork background worker process: %m")));
4183 : : /* undo what AssignPostmasterChildSlot did */
4184 : 0 : ReleasePostmasterChildSlot(bn);
4185 : :
4186 : : /* mark entry as crashed, so we'll try again later */
4187 : 0 : rw->rw_crashed_at = GetCurrentTimestamp();
4188 : 0 : return false;
4189 : : }
4190 : :
4191 : : /* in postmaster, fork successful ... */
4192 : 480 : rw->rw_pid = worker_pid;
4193 : 480 : bn->pid = rw->rw_pid;
4194 : 480 : ReportBackgroundWorkerPID(rw);
4195 : 480 : return true;
4196 : 480 : }
4197 : :
4198 : : /*
4199 : : * Does the current postmaster state require starting a worker with the
4200 : : * specified start_time?
4201 : : */
4202 : : static bool
4203 : 482 : bgworker_should_start_now(BgWorkerStartTime start_time)
4204 : : {
4205 [ - + - - : 482 : switch (pmState)
+ ]
4206 : : {
4207 : : case PM_NO_CHILDREN:
4208 : : case PM_WAIT_CHECKPOINTER:
4209 : : case PM_WAIT_DEAD_END:
4210 : : case PM_WAIT_XLOG_ARCHIVAL:
4211 : : case PM_WAIT_XLOG_SHUTDOWN:
4212 : : case PM_WAIT_IO_WORKERS:
4213 : : case PM_WAIT_BACKENDS:
4214 : : case PM_STOP_BACKENDS:
4215 : 0 : break;
4216 : :
4217 : : case PM_RUN:
4218 [ + + ]: 480 : if (start_time == BgWorkerStart_RecoveryFinished)
4219 : 3 : return true;
4220 : : /* fall through */
4221 : :
4222 : : case PM_HOT_STANDBY:
4223 [ + - ]: 477 : if (start_time == BgWorkerStart_ConsistentState)
4224 : 477 : return true;
4225 : : /* fall through */
4226 : :
4227 : : case PM_RECOVERY:
4228 : : case PM_STARTUP:
4229 : : case PM_INIT:
4230 [ + - ]: 2 : if (start_time == BgWorkerStart_PostmasterStart)
4231 : 0 : return true;
4232 : : /* fall through */
4233 : 2 : }
4234 : :
4235 : 2 : return false;
4236 : 482 : }
4237 : :
4238 : : /*
4239 : : * If the time is right, start background worker(s).
4240 : : *
4241 : : * As a side effect, the bgworker control variables are set or reset
4242 : : * depending on whether more workers may need to be started.
4243 : : *
4244 : : * We limit the number of workers started per call, to avoid consuming the
4245 : : * postmaster's attention for too long when many such requests are pending.
4246 : : * As long as StartWorkerNeeded is true, ServerLoop will not block and will
4247 : : * call this function again after dealing with any other issues.
4248 : : */
4249 : : static void
4250 : 498 : maybe_start_bgworkers(void)
4251 : : {
4252 : : #define MAX_BGWORKERS_TO_LAUNCH 100
4253 : 498 : int num_launched = 0;
4254 : 498 : TimestampTz now = 0;
4255 : 498 : dlist_mutable_iter iter;
4256 : :
4257 : : /*
4258 : : * During crash recovery, we have no need to be called until the state
4259 : : * transition out of recovery.
4260 : : */
4261 [ - + ]: 498 : if (FatalError)
4262 : : {
4263 : 0 : StartWorkerNeeded = false;
4264 : 0 : HaveCrashedWorker = false;
4265 : 0 : return;
4266 : : }
4267 : :
4268 : : /* Don't need to be called again unless we find a reason for it below */
4269 : 498 : StartWorkerNeeded = false;
4270 : 498 : HaveCrashedWorker = false;
4271 : :
4272 [ + - + + ]: 1747 : dlist_foreach_modify(iter, &BackgroundWorkerList)
4273 : : {
4274 : 1249 : RegisteredBgWorker *rw;
4275 : :
4276 : 1249 : rw = dlist_container(RegisteredBgWorker, rw_lnode, iter.cur);
4277 : :
4278 : : /* ignore if already running */
4279 [ + + ]: 1249 : if (rw->rw_pid != 0)
4280 : 761 : continue;
4281 : :
4282 : : /* if marked for death, clean up and remove from list */
4283 [ - + ]: 488 : if (rw->rw_terminate)
4284 : : {
4285 : 0 : ForgetBackgroundWorker(rw);
4286 : 0 : continue;
4287 : : }
4288 : :
4289 : : /*
4290 : : * If this worker has crashed previously, maybe it needs to be
4291 : : * restarted (unless on registration it specified it doesn't want to
4292 : : * be restarted at all). Check how long ago did a crash last happen.
4293 : : * If the last crash is too recent, don't start it right away; let it
4294 : : * be restarted once enough time has passed.
4295 : : */
4296 [ + + ]: 488 : if (rw->rw_crashed_at != 0)
4297 : : {
4298 [ + - ]: 6 : if (rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
4299 : : {
4300 : 0 : int notify_pid;
4301 : :
4302 : 0 : notify_pid = rw->rw_worker.bgw_notify_pid;
4303 : :
4304 : 0 : ForgetBackgroundWorker(rw);
4305 : :
4306 : : /* Report worker is gone now. */
4307 [ # # ]: 0 : if (notify_pid != 0)
4308 : 0 : kill(notify_pid, SIGUSR1);
4309 : :
4310 : : continue;
4311 : 0 : }
4312 : :
4313 : : /* read system time only when needed */
4314 [ - + ]: 6 : if (now == 0)
4315 : 6 : now = GetCurrentTimestamp();
4316 : :
4317 [ - + - + ]: 12 : if (!TimestampDifferenceExceeds(rw->rw_crashed_at, now,
4318 : 6 : rw->rw_worker.bgw_restart_time * 1000))
4319 : : {
4320 : : /* Set flag to remember that we have workers to start later */
4321 : 6 : HaveCrashedWorker = true;
4322 : 6 : continue;
4323 : : }
4324 : 0 : }
4325 : :
4326 [ + + ]: 482 : if (bgworker_should_start_now(rw->rw_worker.bgw_start_time))
4327 : : {
4328 : : /* reset crash time before trying to start worker */
4329 : 480 : rw->rw_crashed_at = 0;
4330 : :
4331 : : /*
4332 : : * Try to start the worker.
4333 : : *
4334 : : * On failure, give up processing workers for now, but set
4335 : : * StartWorkerNeeded so we'll come back here on the next iteration
4336 : : * of ServerLoop to try again. (We don't want to wait, because
4337 : : * there might be additional ready-to-run workers.) We could set
4338 : : * HaveCrashedWorker as well, since this worker is now marked
4339 : : * crashed, but there's no need because the next run of this
4340 : : * function will do that.
4341 : : */
4342 [ + - ]: 480 : if (!StartBackgroundWorker(rw))
4343 : : {
4344 : 0 : StartWorkerNeeded = true;
4345 : 0 : return;
4346 : : }
4347 : :
4348 : : /*
4349 : : * If we've launched as many workers as allowed, quit, but have
4350 : : * ServerLoop call us again to look for additional ready-to-run
4351 : : * workers. There might not be any, but we'll find out the next
4352 : : * time we run.
4353 : : */
4354 [ - + ]: 480 : if (++num_launched >= MAX_BGWORKERS_TO_LAUNCH)
4355 : : {
4356 : 0 : StartWorkerNeeded = true;
4357 : 0 : return;
4358 : : }
4359 : 480 : }
4360 [ + - + ]: 1249 : }
4361 [ - + ]: 498 : }
4362 : :
4363 : : static bool
4364 : 802 : maybe_reap_io_worker(int pid)
4365 : : {
4366 [ + + - + : 26286 : for (int i = 0; i < MAX_IO_WORKERS; ++i)
+ ]
4367 : : {
4368 [ + + + + ]: 25484 : if (io_worker_children[i] &&
4369 : 2399 : io_worker_children[i]->pid == pid)
4370 : : {
4371 : 6 : ReleasePostmasterChildSlot(io_worker_children[i]);
4372 : :
4373 : 6 : --io_worker_count;
4374 : 6 : io_worker_children[i] = NULL;
4375 : 6 : return true;
4376 : : }
4377 : 25478 : }
4378 : 796 : return false;
4379 : 802 : }
4380 : :
4381 : : /*
4382 : : * Start or stop IO workers, to close the gap between the number of running
4383 : : * workers and the number of configured workers. Used to respond to change of
4384 : : * the io_workers GUC (by increasing and decreasing the number of workers), as
4385 : : * well as workers terminating in response to errors (by starting
4386 : : * "replacement" workers).
4387 : : */
4388 : : static void
4389 : 1153 : maybe_adjust_io_workers(void)
4390 : : {
4391 [ + - ]: 1153 : if (!pgaio_workers_enabled())
4392 : 0 : return;
4393 : :
4394 : : /*
4395 : : * If we're in final shutting down state, then we're just waiting for all
4396 : : * processes to exit.
4397 : : */
4398 [ + + ]: 1153 : if (pmState >= PM_WAIT_IO_WORKERS)
4399 : 7 : return;
4400 : :
4401 : : /* Don't start new workers during an immediate shutdown either. */
4402 [ + + ]: 1146 : if (Shutdown >= ImmediateShutdown)
4403 : 8 : return;
4404 : :
4405 : : /*
4406 : : * Don't start new workers if we're in the shutdown phase of a crash
4407 : : * restart. But we *do* need to start if we're already starting up again.
4408 : : */
4409 [ - + # # ]: 1138 : if (FatalError && pmState >= PM_STOP_BACKENDS)
4410 : 0 : return;
4411 : :
4412 [ + - ]: 1138 : Assert(pmState < PM_WAIT_IO_WORKERS);
4413 : :
4414 : : /* Not enough running? */
4415 [ + + ]: 1144 : while (io_worker_count < io_workers)
4416 : : {
4417 : 6 : PMChild *child;
4418 : 6 : int i;
4419 : :
4420 : : /* find unused entry in io_worker_children array */
4421 [ - + ]: 12 : for (i = 0; i < MAX_IO_WORKERS; ++i)
4422 : : {
4423 [ + + ]: 12 : if (io_worker_children[i] == NULL)
4424 : 6 : break;
4425 : 6 : }
4426 [ + - ]: 6 : if (i == MAX_IO_WORKERS)
4427 [ # # # # ]: 0 : elog(ERROR, "could not find a free IO worker slot");
4428 : :
4429 : : /* Try to launch one. */
4430 : 6 : child = StartChildProcess(B_IO_WORKER);
4431 [ + - ]: 6 : if (child != NULL)
4432 : : {
4433 : 6 : io_worker_children[i] = child;
4434 : 6 : ++io_worker_count;
4435 : 6 : }
4436 : : else
4437 : 0 : break; /* try again next time */
4438 [ - - + ]: 6 : }
4439 : :
4440 : : /* Too many running? */
4441 [ + - ]: 1138 : if (io_worker_count > io_workers)
4442 : : {
4443 : : /* ask the IO worker in the highest slot to exit */
4444 [ # # ]: 0 : for (int i = MAX_IO_WORKERS - 1; i >= 0; --i)
4445 : : {
4446 [ # # ]: 0 : if (io_worker_children[i] != NULL)
4447 : : {
4448 : 0 : kill(io_worker_children[i]->pid, SIGUSR2);
4449 : 0 : break;
4450 : : }
4451 : 0 : }
4452 : 0 : }
4453 : 1153 : }
4454 : :
4455 : :
4456 : : /*
4457 : : * When a backend asks to be notified about worker state changes, we
4458 : : * set a flag in its backend entry. The background worker machinery needs
4459 : : * to know when such backends exit.
4460 : : */
4461 : : bool
4462 : 478 : PostmasterMarkPIDForWorkerNotify(int pid)
4463 : : {
4464 : 478 : dlist_iter iter;
4465 : 478 : PMChild *bp;
4466 : :
4467 [ + - + - ]: 1136 : dlist_foreach(iter, &ActiveChildList)
4468 : : {
4469 : 1136 : bp = dlist_container(PMChild, elem, iter.cur);
4470 [ + + ]: 1136 : if (bp->pid == pid)
4471 : : {
4472 : 478 : bp->bgworker_notify = true;
4473 : 478 : return true;
4474 : : }
4475 : 658 : }
4476 : 0 : return false;
4477 : 478 : }
4478 : :
4479 : : #ifdef WIN32
4480 : :
4481 : : /*
4482 : : * Subset implementation of waitpid() for Windows. We assume pid is -1
4483 : : * (that is, check all child processes) and options is WNOHANG (don't wait).
4484 : : */
4485 : : static pid_t
4486 : : waitpid(pid_t pid, int *exitstatus, int options)
4487 : : {
4488 : : win32_deadchild_waitinfo *childinfo;
4489 : : DWORD exitcode;
4490 : : DWORD dwd;
4491 : : ULONG_PTR key;
4492 : : OVERLAPPED *ovl;
4493 : :
4494 : : /* Try to consume one win32_deadchild_waitinfo from the queue. */
4495 : : if (!GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
4496 : : {
4497 : : errno = EAGAIN;
4498 : : return -1;
4499 : : }
4500 : :
4501 : : childinfo = (win32_deadchild_waitinfo *) key;
4502 : : pid = childinfo->procId;
4503 : :
4504 : : /*
4505 : : * Remove handle from wait - required even though it's set to wait only
4506 : : * once
4507 : : */
4508 : : UnregisterWaitEx(childinfo->waitHandle, NULL);
4509 : :
4510 : : if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
4511 : : {
4512 : : /*
4513 : : * Should never happen. Inform user and set a fixed exitcode.
4514 : : */
4515 : : write_stderr("could not read exit code for process\n");
4516 : : exitcode = 255;
4517 : : }
4518 : : *exitstatus = exitcode;
4519 : :
4520 : : /*
4521 : : * Close the process handle. Only after this point can the PID can be
4522 : : * recycled by the kernel.
4523 : : */
4524 : : CloseHandle(childinfo->procHandle);
4525 : :
4526 : : /*
4527 : : * Free struct that was allocated before the call to
4528 : : * RegisterWaitForSingleObject()
4529 : : */
4530 : : pfree(childinfo);
4531 : :
4532 : : return pid;
4533 : : }
4534 : :
4535 : : /*
4536 : : * Note! Code below executes on a thread pool! All operations must
4537 : : * be thread safe! Note that elog() and friends must *not* be used.
4538 : : */
4539 : : static void WINAPI
4540 : : pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
4541 : : {
4542 : : /* Should never happen, since we use INFINITE as timeout value. */
4543 : : if (TimerOrWaitFired)
4544 : : return;
4545 : :
4546 : : /*
4547 : : * Post the win32_deadchild_waitinfo object for waitpid() to deal with. If
4548 : : * that fails, we leak the object, but we also leak a whole process and
4549 : : * get into an unrecoverable state, so there's not much point in worrying
4550 : : * about that. We'd like to panic, but we can't use that infrastructure
4551 : : * from this thread.
4552 : : */
4553 : : if (!PostQueuedCompletionStatus(win32ChildQueue,
4554 : : 0,
4555 : : (ULONG_PTR) lpParameter,
4556 : : NULL))
4557 : : write_stderr("could not post child completion status\n");
4558 : :
4559 : : /* Queue SIGCHLD signal. */
4560 : : pg_queue_signal(SIGCHLD);
4561 : : }
4562 : :
4563 : : /*
4564 : : * Queue a waiter to signal when this child dies. The wait will be handled
4565 : : * automatically by an operating system thread pool. The memory and the
4566 : : * process handle will be freed by a later call to waitpid().
4567 : : */
4568 : : void
4569 : : pgwin32_register_deadchild_callback(HANDLE procHandle, DWORD procId)
4570 : : {
4571 : : win32_deadchild_waitinfo *childinfo;
4572 : :
4573 : : childinfo = palloc_object(win32_deadchild_waitinfo);
4574 : : childinfo->procHandle = procHandle;
4575 : : childinfo->procId = procId;
4576 : :
4577 : : if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
4578 : : procHandle,
4579 : : pgwin32_deadchild_callback,
4580 : : childinfo,
4581 : : INFINITE,
4582 : : WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
4583 : : ereport(FATAL,
4584 : : (errmsg_internal("could not register process for wait: error code %lu",
4585 : : GetLastError())));
4586 : : }
4587 : :
4588 : : #endif /* WIN32 */
4589 : :
4590 : : /*
4591 : : * Initialize one and only handle for monitoring postmaster death.
4592 : : *
4593 : : * Called once in the postmaster, so that child processes can subsequently
4594 : : * monitor if their parent is dead.
4595 : : */
4596 : : static void
4597 : 2 : InitPostmasterDeathWatchHandle(void)
4598 : : {
4599 : : #ifndef WIN32
4600 : :
4601 : : /*
4602 : : * Create a pipe. Postmaster holds the write end of the pipe open
4603 : : * (POSTMASTER_FD_OWN), and children hold the read end. Children can pass
4604 : : * the read file descriptor to select() to wake up in case postmaster
4605 : : * dies, or check for postmaster death with a (read() == 0). Children must
4606 : : * close the write end as soon as possible after forking, because EOF
4607 : : * won't be signaled in the read end until all processes have closed the
4608 : : * write fd. That is taken care of in ClosePostmasterPorts().
4609 : : */
4610 [ + - ]: 2 : Assert(MyProcPid == PostmasterPid);
4611 [ + - ]: 2 : if (pipe(postmaster_alive_fds) < 0)
4612 [ # # # # ]: 0 : ereport(FATAL,
4613 : : (errcode_for_file_access(),
4614 : : errmsg_internal("could not create pipe to monitor postmaster death: %m")));
4615 : :
4616 : : /* Notify fd.c that we've eaten two FDs for the pipe. */
4617 : 2 : ReserveExternalFD();
4618 : 2 : ReserveExternalFD();
4619 : :
4620 : : /*
4621 : : * Set O_NONBLOCK to allow testing for the fd's presence with a read()
4622 : : * call.
4623 : : */
4624 [ + - ]: 2 : if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFL, O_NONBLOCK) == -1)
4625 [ # # # # ]: 0 : ereport(FATAL,
4626 : : (errcode_for_socket_access(),
4627 : : errmsg_internal("could not set postmaster death monitoring pipe to nonblocking mode: %m")));
4628 : : #else
4629 : :
4630 : : /*
4631 : : * On Windows, we use a process handle for the same purpose.
4632 : : */
4633 : : if (DuplicateHandle(GetCurrentProcess(),
4634 : : GetCurrentProcess(),
4635 : : GetCurrentProcess(),
4636 : : &PostmasterHandle,
4637 : : 0,
4638 : : TRUE,
4639 : : DUPLICATE_SAME_ACCESS) == 0)
4640 : : ereport(FATAL,
4641 : : (errmsg_internal("could not duplicate postmaster handle: error code %lu",
4642 : : GetLastError())));
4643 : : #endif /* WIN32 */
4644 : 2 : }
|
