1 /*-------------------------------------------------------------------------
4 * Two-phase commit support functions.
6 * Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group
7 * Portions Copyright (c) 1994, Regents of the University of California
10 * src/backend/access/transam/twophase.c
13 * Each global transaction is associated with a global transaction
14 * identifier (GID). The client assigns a GID to a postgres
15 * transaction with the PREPARE TRANSACTION command.
17 * We keep all active global transactions in a shared memory array.
18 * When the PREPARE TRANSACTION command is issued, the GID is
19 * reserved for the transaction in the array. This is done before
20 * a WAL entry is made, because the reservation checks for duplicate
21 * GIDs and aborts the transaction if there already is a global
22 * transaction in prepared state with the same GID.
24 * A global transaction (gxact) also has a dummy PGPROC that is entered
25 * into the ProcArray array; this is what keeps the XID considered
26 * running by TransactionIdIsInProgress. It is also convenient as a
27 * PGPROC to hook the gxact's locks to.
29 * In order to survive crashes and shutdowns, all prepared
30 * transactions must be stored in permanent storage. This includes
31 * locking information, pending notifications etc. All that state
32 * information is written to the per-transaction state file in
33 * the pg_twophase directory.
35 *-------------------------------------------------------------------------
41 #include <sys/types.h>
45 #include "access/htup.h"
46 #include "access/subtrans.h"
47 #include "access/transam.h"
48 #include "access/twophase.h"
49 #include "access/twophase_rmgr.h"
50 #include "access/xact.h"
51 #include "access/xlogutils.h"
52 #include "catalog/pg_type.h"
53 #include "catalog/storage.h"
55 #include "miscadmin.h"
58 #include "replication/walsender.h"
59 #include "storage/fd.h"
60 #include "storage/procarray.h"
61 #include "storage/sinvaladt.h"
62 #include "storage/smgr.h"
63 #include "utils/builtins.h"
64 #include "utils/memutils.h"
68 * Directory where Two-phase commit files reside within PGDATA
70 #define TWOPHASE_DIR "pg_twophase"
72 /* GUC variable, can't be changed after startup */
73 int max_prepared_xacts = 0;
76 * This struct describes one global transaction that is in prepared state
77 * or attempting to become prepared.
79 * The first component of the struct is a dummy PGPROC that is inserted
80 * into the global ProcArray so that the transaction appears to still be
81 * running and holding locks. It must be first because we cast pointers
82 * to PGPROC and pointers to GlobalTransactionData back and forth.
84 * The lifecycle of a global transaction is:
86 * 1. After checking that the requested GID is not in use, set up an
87 * entry in the TwoPhaseState->prepXacts array with the correct XID and GID,
88 * with locking_xid = my own XID and valid = false.
90 * 2. After successfully completing prepare, set valid = true and enter the
91 * contained PGPROC into the global ProcArray.
93 * 3. To begin COMMIT PREPARED or ROLLBACK PREPARED, check that the entry
94 * is valid and its locking_xid is no longer active, then store my current
95 * XID into locking_xid. This prevents concurrent attempts to commit or
96 * rollback the same prepared xact.
98 * 4. On completion of COMMIT PREPARED or ROLLBACK PREPARED, remove the entry
99 * from the ProcArray and the TwoPhaseState->prepXacts array and return it to
102 * Note that if the preparing transaction fails between steps 1 and 2, the
103 * entry will remain in prepXacts until recycled. We can detect recyclable
104 * entries by checking for valid = false and locking_xid no longer active.
106 * typedef struct GlobalTransactionData *GlobalTransaction appears in
111 typedef struct GlobalTransactionData
113 PGPROC proc; /* dummy proc */
114 BackendId dummyBackendId; /* similar to backend id for backends */
115 TimestampTz prepared_at; /* time of preparation */
116 XLogRecPtr prepare_lsn; /* XLOG offset of prepare record */
117 Oid owner; /* ID of user that executed the xact */
118 TransactionId locking_xid; /* top-level XID of backend working on xact */
119 bool valid; /* TRUE if fully prepared */
120 char gid[GIDSIZE]; /* The GID assigned to the prepared xact */
121 } GlobalTransactionData;
124 * Two Phase Commit shared state. Access to this struct is protected
125 * by TwoPhaseStateLock.
127 typedef struct TwoPhaseStateData
129 /* Head of linked list of free GlobalTransactionData structs */
130 GlobalTransaction freeGXacts;
132 /* Number of valid prepXacts entries. */
136 * There are max_prepared_xacts items in this array, but C wants a
139 GlobalTransaction prepXacts[1]; /* VARIABLE LENGTH ARRAY */
140 } TwoPhaseStateData; /* VARIABLE LENGTH STRUCT */
142 static TwoPhaseStateData *TwoPhaseState;
145 static void RecordTransactionCommitPrepared(TransactionId xid,
147 TransactionId *children,
151 SharedInvalidationMessage *invalmsgs,
153 static void RecordTransactionAbortPrepared(TransactionId xid,
155 TransactionId *children,
158 static void ProcessRecords(char *bufptr, TransactionId xid,
159 const TwoPhaseCallback callbacks[]);
163 * Initialization of shared memory
166 TwoPhaseShmemSize(void)
170 /* Need the fixed struct, the array of pointers, and the GTD structs */
171 size = offsetof(TwoPhaseStateData, prepXacts);
172 size = add_size(size, mul_size(max_prepared_xacts,
173 sizeof(GlobalTransaction)));
174 size = MAXALIGN(size);
175 size = add_size(size, mul_size(max_prepared_xacts,
176 sizeof(GlobalTransactionData)));
182 TwoPhaseShmemInit(void)
186 TwoPhaseState = ShmemInitStruct("Prepared Transaction Table",
189 if (!IsUnderPostmaster)
191 GlobalTransaction gxacts;
195 TwoPhaseState->freeGXacts = NULL;
196 TwoPhaseState->numPrepXacts = 0;
199 * Initialize the linked list of free GlobalTransactionData structs
201 gxacts = (GlobalTransaction)
202 ((char *) TwoPhaseState +
203 MAXALIGN(offsetof(TwoPhaseStateData, prepXacts) +
204 sizeof(GlobalTransaction) * max_prepared_xacts));
205 for (i = 0; i < max_prepared_xacts; i++)
207 gxacts[i].proc.links.next = (SHM_QUEUE *) TwoPhaseState->freeGXacts;
208 TwoPhaseState->freeGXacts = &gxacts[i];
211 * Assign a unique ID for each dummy proc, so that the range of
212 * dummy backend IDs immediately follows the range of normal
213 * backend IDs. We don't dare to assign a real backend ID to dummy
214 * procs, because prepared transactions don't take part in cache
215 * invalidation like a real backend ID would imply, but having a
216 * unique ID for them is nevertheless handy. This arrangement
217 * allows you to allocate an array of size (MaxBackends +
218 * max_prepared_xacts + 1), and have a slot for every backend and
219 * prepared transaction. Currently multixact.c uses that
222 gxacts[i].dummyBackendId = MaxBackends + 1 + i;
232 * Reserve the GID for the given transaction.
234 * Internally, this creates a gxact struct and puts it into the active array.
235 * NOTE: this is also used when reloading a gxact after a crash; so avoid
236 * assuming that we can use very much backend context.
239 MarkAsPreparing(TransactionId xid, const char *gid,
240 TimestampTz prepared_at, Oid owner, Oid databaseid)
242 GlobalTransaction gxact;
245 if (strlen(gid) >= GIDSIZE)
247 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
248 errmsg("transaction identifier \"%s\" is too long",
251 /* fail immediately if feature is disabled */
252 if (max_prepared_xacts == 0)
254 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
255 errmsg("prepared transactions are disabled"),
256 errhint("Set max_prepared_transactions to a nonzero value.")));
258 LWLockAcquire(TwoPhaseStateLock, LW_EXCLUSIVE);
261 * First, find and recycle any gxacts that failed during prepare. We do
262 * this partly to ensure we don't mistakenly say their GIDs are still
263 * reserved, and partly so we don't fail on out-of-slots unnecessarily.
265 for (i = 0; i < TwoPhaseState->numPrepXacts; i++)
267 gxact = TwoPhaseState->prepXacts[i];
268 if (!gxact->valid && !TransactionIdIsActive(gxact->locking_xid))
270 /* It's dead Jim ... remove from the active array */
271 TwoPhaseState->numPrepXacts--;
272 TwoPhaseState->prepXacts[i] = TwoPhaseState->prepXacts[TwoPhaseState->numPrepXacts];
273 /* and put it back in the freelist */
274 gxact->proc.links.next = (SHM_QUEUE *) TwoPhaseState->freeGXacts;
275 TwoPhaseState->freeGXacts = gxact;
276 /* Back up index count too, so we don't miss scanning one */
281 /* Check for conflicting GID */
282 for (i = 0; i < TwoPhaseState->numPrepXacts; i++)
284 gxact = TwoPhaseState->prepXacts[i];
285 if (strcmp(gxact->gid, gid) == 0)
288 (errcode(ERRCODE_DUPLICATE_OBJECT),
289 errmsg("transaction identifier \"%s\" is already in use",
294 /* Get a free gxact from the freelist */
295 if (TwoPhaseState->freeGXacts == NULL)
297 (errcode(ERRCODE_OUT_OF_MEMORY),
298 errmsg("maximum number of prepared transactions reached"),
299 errhint("Increase max_prepared_transactions (currently %d).",
300 max_prepared_xacts)));
301 gxact = TwoPhaseState->freeGXacts;
302 TwoPhaseState->freeGXacts = (GlobalTransaction) gxact->proc.links.next;
305 MemSet(&gxact->proc, 0, sizeof(PGPROC));
306 SHMQueueElemInit(&(gxact->proc.links));
307 gxact->proc.waitStatus = STATUS_OK;
308 /* We set up the gxact's VXID as InvalidBackendId/XID */
309 gxact->proc.lxid = (LocalTransactionId) xid;
310 gxact->proc.xid = xid;
311 gxact->proc.xmin = InvalidTransactionId;
313 gxact->proc.backendId = InvalidBackendId;
314 gxact->proc.databaseId = databaseid;
315 gxact->proc.roleId = owner;
316 gxact->proc.inCommit = false;
317 gxact->proc.vacuumFlags = 0;
318 gxact->proc.lwWaiting = false;
319 gxact->proc.lwExclusive = false;
320 gxact->proc.lwWaitLink = NULL;
321 gxact->proc.waitLock = NULL;
322 gxact->proc.waitProcLock = NULL;
323 for (i = 0; i < NUM_LOCK_PARTITIONS; i++)
324 SHMQueueInit(&(gxact->proc.myProcLocks[i]));
325 /* subxid data must be filled later by GXactLoadSubxactData */
326 gxact->proc.subxids.overflowed = false;
327 gxact->proc.subxids.nxids = 0;
329 gxact->prepared_at = prepared_at;
330 /* initialize LSN to 0 (start of WAL) */
331 gxact->prepare_lsn.xlogid = 0;
332 gxact->prepare_lsn.xrecoff = 0;
333 gxact->owner = owner;
334 gxact->locking_xid = xid;
335 gxact->valid = false;
336 strcpy(gxact->gid, gid);
338 /* And insert it into the active array */
339 Assert(TwoPhaseState->numPrepXacts < max_prepared_xacts);
340 TwoPhaseState->prepXacts[TwoPhaseState->numPrepXacts++] = gxact;
342 LWLockRelease(TwoPhaseStateLock);
348 * GXactLoadSubxactData
350 * If the transaction being persisted had any subtransactions, this must
351 * be called before MarkAsPrepared() to load information into the dummy
355 GXactLoadSubxactData(GlobalTransaction gxact, int nsubxacts,
356 TransactionId *children)
358 /* We need no extra lock since the GXACT isn't valid yet */
359 if (nsubxacts > PGPROC_MAX_CACHED_SUBXIDS)
361 gxact->proc.subxids.overflowed = true;
362 nsubxacts = PGPROC_MAX_CACHED_SUBXIDS;
366 memcpy(gxact->proc.subxids.xids, children,
367 nsubxacts * sizeof(TransactionId));
368 gxact->proc.subxids.nxids = nsubxacts;
374 * Mark the GXACT as fully valid, and enter it into the global ProcArray.
377 MarkAsPrepared(GlobalTransaction gxact)
379 /* Lock here may be overkill, but I'm not convinced of that ... */
380 LWLockAcquire(TwoPhaseStateLock, LW_EXCLUSIVE);
381 Assert(!gxact->valid);
383 LWLockRelease(TwoPhaseStateLock);
386 * Put it into the global ProcArray so TransactionIdIsInProgress considers
387 * the XID as still running.
389 ProcArrayAdd(&gxact->proc);
394 * Locate the prepared transaction and mark it busy for COMMIT or PREPARE.
396 static GlobalTransaction
397 LockGXact(const char *gid, Oid user)
401 LWLockAcquire(TwoPhaseStateLock, LW_EXCLUSIVE);
403 for (i = 0; i < TwoPhaseState->numPrepXacts; i++)
405 GlobalTransaction gxact = TwoPhaseState->prepXacts[i];
407 /* Ignore not-yet-valid GIDs */
410 if (strcmp(gxact->gid, gid) != 0)
413 /* Found it, but has someone else got it locked? */
414 if (TransactionIdIsValid(gxact->locking_xid))
416 if (TransactionIdIsActive(gxact->locking_xid))
418 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
419 errmsg("prepared transaction with identifier \"%s\" is busy",
421 gxact->locking_xid = InvalidTransactionId;
424 if (user != gxact->owner && !superuser_arg(user))
426 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
427 errmsg("permission denied to finish prepared transaction"),
428 errhint("Must be superuser or the user that prepared the transaction.")));
431 * Note: it probably would be possible to allow committing from
432 * another database; but at the moment NOTIFY is known not to work and
433 * there may be some other issues as well. Hence disallow until
434 * someone gets motivated to make it work.
436 if (MyDatabaseId != gxact->proc.databaseId)
438 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
439 errmsg("prepared transaction belongs to another database"),
440 errhint("Connect to the database where the transaction was prepared to finish it.")));
442 /* OK for me to lock it */
443 gxact->locking_xid = GetTopTransactionId();
445 LWLockRelease(TwoPhaseStateLock);
450 LWLockRelease(TwoPhaseStateLock);
453 (errcode(ERRCODE_UNDEFINED_OBJECT),
454 errmsg("prepared transaction with identifier \"%s\" does not exist",
463 * Remove the prepared transaction from the shared memory array.
465 * NB: caller should have already removed it from ProcArray
468 RemoveGXact(GlobalTransaction gxact)
472 LWLockAcquire(TwoPhaseStateLock, LW_EXCLUSIVE);
474 for (i = 0; i < TwoPhaseState->numPrepXacts; i++)
476 if (gxact == TwoPhaseState->prepXacts[i])
478 /* remove from the active array */
479 TwoPhaseState->numPrepXacts--;
480 TwoPhaseState->prepXacts[i] = TwoPhaseState->prepXacts[TwoPhaseState->numPrepXacts];
482 /* and put it back in the freelist */
483 gxact->proc.links.next = (SHM_QUEUE *) TwoPhaseState->freeGXacts;
484 TwoPhaseState->freeGXacts = gxact;
486 LWLockRelease(TwoPhaseStateLock);
492 LWLockRelease(TwoPhaseStateLock);
494 elog(ERROR, "failed to find %p in GlobalTransaction array", gxact);
498 * TransactionIdIsPrepared
499 * True iff transaction associated with the identifier is prepared
500 * for two-phase commit
502 * Note: only gxacts marked "valid" are considered; but notice we do not
503 * check the locking status.
505 * This is not currently exported, because it is only needed internally.
508 TransactionIdIsPrepared(TransactionId xid)
513 LWLockAcquire(TwoPhaseStateLock, LW_SHARED);
515 for (i = 0; i < TwoPhaseState->numPrepXacts; i++)
517 GlobalTransaction gxact = TwoPhaseState->prepXacts[i];
519 if (gxact->valid && gxact->proc.xid == xid)
526 LWLockRelease(TwoPhaseStateLock);
532 * Returns an array of all prepared transactions for the user-level
533 * function pg_prepared_xact.
535 * The returned array and all its elements are copies of internal data
536 * structures, to minimize the time we need to hold the TwoPhaseStateLock.
538 * WARNING -- we return even those transactions that are not fully prepared
539 * yet. The caller should filter them out if he doesn't want them.
541 * The returned array is palloc'd.
544 GetPreparedTransactionList(GlobalTransaction *gxacts)
546 GlobalTransaction array;
550 LWLockAcquire(TwoPhaseStateLock, LW_SHARED);
552 if (TwoPhaseState->numPrepXacts == 0)
554 LWLockRelease(TwoPhaseStateLock);
560 num = TwoPhaseState->numPrepXacts;
561 array = (GlobalTransaction) palloc(sizeof(GlobalTransactionData) * num);
563 for (i = 0; i < num; i++)
564 memcpy(array + i, TwoPhaseState->prepXacts[i],
565 sizeof(GlobalTransactionData));
567 LWLockRelease(TwoPhaseStateLock);
573 /* Working status for pg_prepared_xact */
576 GlobalTransaction array;
583 * Produce a view with one row per prepared transaction.
585 * This function is here so we don't have to export the
586 * GlobalTransactionData struct definition.
589 pg_prepared_xact(PG_FUNCTION_ARGS)
591 FuncCallContext *funcctx;
592 Working_State *status;
594 if (SRF_IS_FIRSTCALL())
597 MemoryContext oldcontext;
599 /* create a function context for cross-call persistence */
600 funcctx = SRF_FIRSTCALL_INIT();
603 * Switch to memory context appropriate for multiple function calls
605 oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
607 /* build tupdesc for result tuples */
608 /* this had better match pg_prepared_xacts view in system_views.sql */
609 tupdesc = CreateTemplateTupleDesc(5, false);
610 TupleDescInitEntry(tupdesc, (AttrNumber) 1, "transaction",
612 TupleDescInitEntry(tupdesc, (AttrNumber) 2, "gid",
614 TupleDescInitEntry(tupdesc, (AttrNumber) 3, "prepared",
615 TIMESTAMPTZOID, -1, 0);
616 TupleDescInitEntry(tupdesc, (AttrNumber) 4, "ownerid",
618 TupleDescInitEntry(tupdesc, (AttrNumber) 5, "dbid",
621 funcctx->tuple_desc = BlessTupleDesc(tupdesc);
624 * Collect all the 2PC status information that we will format and send
625 * out as a result set.
627 status = (Working_State *) palloc(sizeof(Working_State));
628 funcctx->user_fctx = (void *) status;
630 status->ngxacts = GetPreparedTransactionList(&status->array);
633 MemoryContextSwitchTo(oldcontext);
636 funcctx = SRF_PERCALL_SETUP();
637 status = (Working_State *) funcctx->user_fctx;
639 while (status->array != NULL && status->currIdx < status->ngxacts)
641 GlobalTransaction gxact = &status->array[status->currIdx++];
651 * Form tuple with appropriate data.
653 MemSet(values, 0, sizeof(values));
654 MemSet(nulls, 0, sizeof(nulls));
656 values[0] = TransactionIdGetDatum(gxact->proc.xid);
657 values[1] = CStringGetTextDatum(gxact->gid);
658 values[2] = TimestampTzGetDatum(gxact->prepared_at);
659 values[3] = ObjectIdGetDatum(gxact->owner);
660 values[4] = ObjectIdGetDatum(gxact->proc.databaseId);
662 tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
663 result = HeapTupleGetDatum(tuple);
664 SRF_RETURN_NEXT(funcctx, result);
667 SRF_RETURN_DONE(funcctx);
671 * TwoPhaseGetDummyProc
672 * Get the dummy backend ID for prepared transaction specified by XID
674 * Dummy backend IDs are similar to real backend IDs of real backends.
675 * They start at MaxBackends + 1, and are unique across all currently active
676 * real backends and prepared transactions.
679 TwoPhaseGetDummyBackendId(TransactionId xid)
681 PGPROC *proc = TwoPhaseGetDummyProc(xid);
683 return ((GlobalTransaction) proc)->dummyBackendId;
687 * TwoPhaseGetDummyProc
688 * Get the PGPROC that represents a prepared transaction specified by XID
691 TwoPhaseGetDummyProc(TransactionId xid)
693 PGPROC *result = NULL;
696 static TransactionId cached_xid = InvalidTransactionId;
697 static PGPROC *cached_proc = NULL;
700 * During a recovery, COMMIT PREPARED, or ABORT PREPARED, we'll be called
701 * repeatedly for the same XID. We can save work with a simple cache.
703 if (xid == cached_xid)
706 LWLockAcquire(TwoPhaseStateLock, LW_SHARED);
708 for (i = 0; i < TwoPhaseState->numPrepXacts; i++)
710 GlobalTransaction gxact = TwoPhaseState->prepXacts[i];
712 if (gxact->proc.xid == xid)
714 result = &gxact->proc;
719 LWLockRelease(TwoPhaseStateLock);
721 if (result == NULL) /* should not happen */
722 elog(ERROR, "failed to find dummy PGPROC for xid %u", xid);
725 cached_proc = result;
730 /************************************************************************/
731 /* State file support */
732 /************************************************************************/
734 #define TwoPhaseFilePath(path, xid) \
735 snprintf(path, MAXPGPATH, TWOPHASE_DIR "/%08X", xid)
738 * 2PC state file format:
740 * 1. TwoPhaseFileHeader
741 * 2. TransactionId[] (subtransactions)
742 * 3. RelFileNode[] (files to be deleted at commit)
743 * 4. RelFileNode[] (files to be deleted at abort)
744 * 5. SharedInvalidationMessage[] (inval messages to be sent at commit)
745 * 6. TwoPhaseRecordOnDisk
747 * 8. TwoPhaseRecordOnDisk (end sentinel, rmid == TWOPHASE_RM_END_ID)
750 * Each segment except the final CRC32 is MAXALIGN'd.
754 * Header for a 2PC state file
756 #define TWOPHASE_MAGIC 0x57F94532 /* format identifier */
758 typedef struct TwoPhaseFileHeader
760 uint32 magic; /* format identifier */
761 uint32 total_len; /* actual file length */
762 TransactionId xid; /* original transaction XID */
763 Oid database; /* OID of database it was in */
764 TimestampTz prepared_at; /* time of preparation */
765 Oid owner; /* user running the transaction */
766 int32 nsubxacts; /* number of following subxact XIDs */
767 int32 ncommitrels; /* number of delete-on-commit rels */
768 int32 nabortrels; /* number of delete-on-abort rels */
769 int32 ninvalmsgs; /* number of cache invalidation messages */
770 bool initfileinval; /* does relcache init file need invalidation? */
771 char gid[GIDSIZE]; /* GID for transaction */
772 } TwoPhaseFileHeader;
775 * Header for each record in a state file
777 * NOTE: len counts only the rmgr data, not the TwoPhaseRecordOnDisk header.
778 * The rmgr data will be stored starting on a MAXALIGN boundary.
780 typedef struct TwoPhaseRecordOnDisk
782 uint32 len; /* length of rmgr data */
783 TwoPhaseRmgrId rmid; /* resource manager for this record */
784 uint16 info; /* flag bits for use by rmgr */
785 } TwoPhaseRecordOnDisk;
788 * During prepare, the state file is assembled in memory before writing it
789 * to WAL and the actual state file. We use a chain of XLogRecData blocks
790 * so that we will be able to pass the state file contents directly to
795 XLogRecData *head; /* first data block in the chain */
796 XLogRecData *tail; /* last block in chain */
797 uint32 bytes_free; /* free bytes left in tail block */
798 uint32 total_len; /* total data bytes in chain */
803 * Append a block of data to records data structure.
805 * NB: each block is padded to a MAXALIGN multiple. This must be
806 * accounted for when the file is later read!
808 * The data is copied, so the caller is free to modify it afterwards.
811 save_state_data(const void *data, uint32 len)
813 uint32 padlen = MAXALIGN(len);
815 if (padlen > records.bytes_free)
817 records.tail->next = palloc0(sizeof(XLogRecData));
818 records.tail = records.tail->next;
819 records.tail->buffer = InvalidBuffer;
820 records.tail->len = 0;
821 records.tail->next = NULL;
823 records.bytes_free = Max(padlen, 512);
824 records.tail->data = palloc(records.bytes_free);
827 memcpy(((char *) records.tail->data) + records.tail->len, data, len);
828 records.tail->len += padlen;
829 records.bytes_free -= padlen;
830 records.total_len += padlen;
834 * Start preparing a state file.
836 * Initializes data structure and inserts the 2PC file header record.
839 StartPrepare(GlobalTransaction gxact)
841 TransactionId xid = gxact->proc.xid;
842 TwoPhaseFileHeader hdr;
843 TransactionId *children;
844 RelFileNode *commitrels;
845 RelFileNode *abortrels;
846 SharedInvalidationMessage *invalmsgs;
848 /* Initialize linked list */
849 records.head = palloc0(sizeof(XLogRecData));
850 records.head->buffer = InvalidBuffer;
851 records.head->len = 0;
852 records.head->next = NULL;
854 records.bytes_free = Max(sizeof(TwoPhaseFileHeader), 512);
855 records.head->data = palloc(records.bytes_free);
857 records.tail = records.head;
859 records.total_len = 0;
862 hdr.magic = TWOPHASE_MAGIC;
863 hdr.total_len = 0; /* EndPrepare will fill this in */
865 hdr.database = gxact->proc.databaseId;
866 hdr.prepared_at = gxact->prepared_at;
867 hdr.owner = gxact->owner;
868 hdr.nsubxacts = xactGetCommittedChildren(&children);
869 hdr.ncommitrels = smgrGetPendingDeletes(true, &commitrels);
870 hdr.nabortrels = smgrGetPendingDeletes(false, &abortrels);
871 hdr.ninvalmsgs = xactGetCommittedInvalidationMessages(&invalmsgs,
873 StrNCpy(hdr.gid, gxact->gid, GIDSIZE);
875 save_state_data(&hdr, sizeof(TwoPhaseFileHeader));
878 * Add the additional info about subxacts, deletable files and cache
879 * invalidation messages.
881 if (hdr.nsubxacts > 0)
883 save_state_data(children, hdr.nsubxacts * sizeof(TransactionId));
884 /* While we have the child-xact data, stuff it in the gxact too */
885 GXactLoadSubxactData(gxact, hdr.nsubxacts, children);
887 if (hdr.ncommitrels > 0)
889 save_state_data(commitrels, hdr.ncommitrels * sizeof(RelFileNode));
892 if (hdr.nabortrels > 0)
894 save_state_data(abortrels, hdr.nabortrels * sizeof(RelFileNode));
897 if (hdr.ninvalmsgs > 0)
899 save_state_data(invalmsgs,
900 hdr.ninvalmsgs * sizeof(SharedInvalidationMessage));
906 * Finish preparing state file.
908 * Calculates CRC and writes state file to WAL and in pg_twophase directory.
911 EndPrepare(GlobalTransaction gxact)
913 TransactionId xid = gxact->proc.xid;
914 TwoPhaseFileHeader *hdr;
915 char path[MAXPGPATH];
917 pg_crc32 statefile_crc;
921 /* Add the end sentinel to the list of 2PC records */
922 RegisterTwoPhaseRecord(TWOPHASE_RM_END_ID, 0,
925 /* Go back and fill in total_len in the file header record */
926 hdr = (TwoPhaseFileHeader *) records.head->data;
927 Assert(hdr->magic == TWOPHASE_MAGIC);
928 hdr->total_len = records.total_len + sizeof(pg_crc32);
931 * If the file size exceeds MaxAllocSize, we won't be able to read it in
932 * ReadTwoPhaseFile. Check for that now, rather than fail at commit time.
934 if (hdr->total_len > MaxAllocSize)
936 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
937 errmsg("two-phase state file maximum length exceeded")));
940 * Create the 2PC state file.
942 * Note: because we use BasicOpenFile(), we are responsible for ensuring
943 * the FD gets closed in any error exit path. Once we get into the
944 * critical section, though, it doesn't matter since any failure causes
947 TwoPhaseFilePath(path, xid);
949 fd = BasicOpenFile(path,
950 O_CREAT | O_EXCL | O_WRONLY | PG_BINARY,
954 (errcode_for_file_access(),
955 errmsg("could not create two-phase state file \"%s\": %m",
958 /* Write data to file, and calculate CRC as we pass over it */
959 INIT_CRC32(statefile_crc);
961 for (record = records.head; record != NULL; record = record->next)
963 COMP_CRC32(statefile_crc, record->data, record->len);
964 if ((write(fd, record->data, record->len)) != record->len)
968 (errcode_for_file_access(),
969 errmsg("could not write two-phase state file: %m")));
973 FIN_CRC32(statefile_crc);
976 * Write a deliberately bogus CRC to the state file; this is just paranoia
977 * to catch the case where four more bytes will run us out of disk space.
979 bogus_crc = ~statefile_crc;
981 if ((write(fd, &bogus_crc, sizeof(pg_crc32))) != sizeof(pg_crc32))
985 (errcode_for_file_access(),
986 errmsg("could not write two-phase state file: %m")));
989 /* Back up to prepare for rewriting the CRC */
990 if (lseek(fd, -((off_t) sizeof(pg_crc32)), SEEK_CUR) < 0)
994 (errcode_for_file_access(),
995 errmsg("could not seek in two-phase state file: %m")));
999 * The state file isn't valid yet, because we haven't written the correct
1000 * CRC yet. Before we do that, insert entry in WAL and flush it to disk.
1002 * Between the time we have written the WAL entry and the time we write
1003 * out the correct state file CRC, we have an inconsistency: the xact is
1004 * prepared according to WAL but not according to our on-disk state. We
1005 * use a critical section to force a PANIC if we are unable to complete
1006 * the write --- then, WAL replay should repair the inconsistency. The
1007 * odds of a PANIC actually occurring should be very tiny given that we
1008 * were able to write the bogus CRC above.
1010 * We have to set inCommit here, too; otherwise a checkpoint starting
1011 * immediately after the WAL record is inserted could complete without
1012 * fsync'ing our state file. (This is essentially the same kind of race
1013 * condition as the COMMIT-to-clog-write case that RecordTransactionCommit
1014 * uses inCommit for; see notes there.)
1016 * We save the PREPARE record's location in the gxact for later use by
1017 * CheckPointTwoPhase.
1019 START_CRIT_SECTION();
1021 MyProc->inCommit = true;
1023 gxact->prepare_lsn = XLogInsert(RM_XACT_ID, XLOG_XACT_PREPARE,
1025 XLogFlush(gxact->prepare_lsn);
1027 /* If we crash now, we have prepared: WAL replay will fix things */
1030 * Wake up all walsenders to send WAL up to the PREPARE record
1031 * immediately if replication is enabled
1033 if (max_wal_senders > 0)
1036 /* write correct CRC and close file */
1037 if ((write(fd, &statefile_crc, sizeof(pg_crc32))) != sizeof(pg_crc32))
1041 (errcode_for_file_access(),
1042 errmsg("could not write two-phase state file: %m")));
1047 (errcode_for_file_access(),
1048 errmsg("could not close two-phase state file: %m")));
1051 * Mark the prepared transaction as valid. As soon as xact.c marks MyProc
1052 * as not running our XID (which it will do immediately after this
1053 * function returns), others can commit/rollback the xact.
1055 * NB: a side effect of this is to make a dummy ProcArray entry for the
1056 * prepared XID. This must happen before we clear the XID from MyProc,
1057 * else there is a window where the XID is not running according to
1058 * TransactionIdIsInProgress, and onlookers would be entitled to assume
1059 * the xact crashed. Instead we have a window where the same XID appears
1060 * twice in ProcArray, which is OK.
1062 MarkAsPrepared(gxact);
1065 * Now we can mark ourselves as out of the commit critical section: a
1066 * checkpoint starting after this will certainly see the gxact as a
1067 * candidate for fsyncing.
1069 MyProc->inCommit = false;
1073 records.tail = records.head = NULL;
1077 * Register a 2PC record to be written to state file.
1080 RegisterTwoPhaseRecord(TwoPhaseRmgrId rmid, uint16 info,
1081 const void *data, uint32 len)
1083 TwoPhaseRecordOnDisk record;
1088 save_state_data(&record, sizeof(TwoPhaseRecordOnDisk));
1090 save_state_data(data, len);
1095 * Read and validate the state file for xid.
1097 * If it looks OK (has a valid magic number and CRC), return the palloc'd
1098 * contents of the file. Otherwise return NULL.
1101 ReadTwoPhaseFile(TransactionId xid, bool give_warnings)
1103 char path[MAXPGPATH];
1105 TwoPhaseFileHeader *hdr;
1112 TwoPhaseFilePath(path, xid);
1114 fd = BasicOpenFile(path, O_RDONLY | PG_BINARY, 0);
1119 (errcode_for_file_access(),
1120 errmsg("could not open two-phase state file \"%s\": %m",
1126 * Check file length. We can determine a lower bound pretty easily. We
1127 * set an upper bound to avoid palloc() failure on a corrupt file, though
1128 * we can't guarantee that we won't get an out of memory error anyway,
1129 * even on a valid file.
1131 if (fstat(fd, &stat))
1136 (errcode_for_file_access(),
1137 errmsg("could not stat two-phase state file \"%s\": %m",
1142 if (stat.st_size < (MAXALIGN(sizeof(TwoPhaseFileHeader)) +
1143 MAXALIGN(sizeof(TwoPhaseRecordOnDisk)) +
1144 sizeof(pg_crc32)) ||
1145 stat.st_size > MaxAllocSize)
1151 crc_offset = stat.st_size - sizeof(pg_crc32);
1152 if (crc_offset != MAXALIGN(crc_offset))
1159 * OK, slurp in the file.
1161 buf = (char *) palloc(stat.st_size);
1163 if (read(fd, buf, stat.st_size) != stat.st_size)
1168 (errcode_for_file_access(),
1169 errmsg("could not read two-phase state file \"%s\": %m",
1177 hdr = (TwoPhaseFileHeader *) buf;
1178 if (hdr->magic != TWOPHASE_MAGIC || hdr->total_len != stat.st_size)
1184 INIT_CRC32(calc_crc);
1185 COMP_CRC32(calc_crc, buf, crc_offset);
1186 FIN_CRC32(calc_crc);
1188 file_crc = *((pg_crc32 *) (buf + crc_offset));
1190 if (!EQ_CRC32(calc_crc, file_crc))
1200 * Confirms an xid is prepared, during recovery
1203 StandbyTransactionIdIsPrepared(TransactionId xid)
1206 TwoPhaseFileHeader *hdr;
1209 Assert(TransactionIdIsValid(xid));
1211 if (max_prepared_xacts <= 0)
1212 return false; /* nothing to do */
1214 /* Read and validate file */
1215 buf = ReadTwoPhaseFile(xid, false);
1219 /* Check header also */
1220 hdr = (TwoPhaseFileHeader *) buf;
1221 result = TransactionIdEquals(hdr->xid, xid);
1228 * FinishPreparedTransaction: execute COMMIT PREPARED or ROLLBACK PREPARED
1231 FinishPreparedTransaction(const char *gid, bool isCommit)
1233 GlobalTransaction gxact;
1237 TwoPhaseFileHeader *hdr;
1238 TransactionId latestXid;
1239 TransactionId *children;
1240 RelFileNode *commitrels;
1241 RelFileNode *abortrels;
1242 RelFileNode *delrels;
1244 SharedInvalidationMessage *invalmsgs;
1248 * Validate the GID, and lock the GXACT to ensure that two backends do not
1249 * try to commit the same GID at once.
1251 gxact = LockGXact(gid, GetUserId());
1252 xid = gxact->proc.xid;
1255 * Read and validate the state file
1257 buf = ReadTwoPhaseFile(xid, true);
1260 (errcode(ERRCODE_DATA_CORRUPTED),
1261 errmsg("two-phase state file for transaction %u is corrupt",
1265 * Disassemble the header area
1267 hdr = (TwoPhaseFileHeader *) buf;
1268 Assert(TransactionIdEquals(hdr->xid, xid));
1269 bufptr = buf + MAXALIGN(sizeof(TwoPhaseFileHeader));
1270 children = (TransactionId *) bufptr;
1271 bufptr += MAXALIGN(hdr->nsubxacts * sizeof(TransactionId));
1272 commitrels = (RelFileNode *) bufptr;
1273 bufptr += MAXALIGN(hdr->ncommitrels * sizeof(RelFileNode));
1274 abortrels = (RelFileNode *) bufptr;
1275 bufptr += MAXALIGN(hdr->nabortrels * sizeof(RelFileNode));
1276 invalmsgs = (SharedInvalidationMessage *) bufptr;
1277 bufptr += MAXALIGN(hdr->ninvalmsgs * sizeof(SharedInvalidationMessage));
1279 /* compute latestXid among all children */
1280 latestXid = TransactionIdLatest(xid, hdr->nsubxacts, children);
1283 * The order of operations here is critical: make the XLOG entry for
1284 * commit or abort, then mark the transaction committed or aborted in
1285 * pg_clog, then remove its PGPROC from the global ProcArray (which means
1286 * TransactionIdIsInProgress will stop saying the prepared xact is in
1287 * progress), then run the post-commit or post-abort callbacks. The
1288 * callbacks will release the locks the transaction held.
1291 RecordTransactionCommitPrepared(xid,
1292 hdr->nsubxacts, children,
1293 hdr->ncommitrels, commitrels,
1294 hdr->ninvalmsgs, invalmsgs,
1295 hdr->initfileinval);
1297 RecordTransactionAbortPrepared(xid,
1298 hdr->nsubxacts, children,
1299 hdr->nabortrels, abortrels);
1301 ProcArrayRemove(&gxact->proc, latestXid);
1304 * In case we fail while running the callbacks, mark the gxact invalid so
1305 * no one else will try to commit/rollback, and so it can be recycled
1306 * properly later. It is still locked by our XID so it won't go away yet.
1308 * (We assume it's safe to do this without taking TwoPhaseStateLock.)
1310 gxact->valid = false;
1313 * We have to remove any files that were supposed to be dropped. For
1314 * consistency with the regular xact.c code paths, must do this before
1315 * releasing locks, so do it before running the callbacks.
1317 * NB: this code knows that we couldn't be dropping any temp rels ...
1321 delrels = commitrels;
1322 ndelrels = hdr->ncommitrels;
1326 delrels = abortrels;
1327 ndelrels = hdr->nabortrels;
1329 for (i = 0; i < ndelrels; i++)
1331 SMgrRelation srel = smgropen(delrels[i], InvalidBackendId);
1334 for (fork = 0; fork <= MAX_FORKNUM; fork++)
1336 if (smgrexists(srel, fork))
1337 smgrdounlink(srel, fork, false);
1343 * Handle cache invalidation messages.
1345 * Relcache init file invalidation requires processing both before and
1346 * after we send the SI messages. See AtEOXact_Inval()
1348 if (hdr->initfileinval)
1349 RelationCacheInitFileInvalidate(true);
1350 SendSharedInvalidMessages(invalmsgs, hdr->ninvalmsgs);
1351 if (hdr->initfileinval)
1352 RelationCacheInitFileInvalidate(false);
1354 /* And now do the callbacks */
1356 ProcessRecords(bufptr, xid, twophase_postcommit_callbacks);
1358 ProcessRecords(bufptr, xid, twophase_postabort_callbacks);
1360 /* Count the prepared xact as committed or aborted */
1361 AtEOXact_PgStat(isCommit);
1364 * And now we can clean up our mess.
1366 RemoveTwoPhaseFile(xid, true);
1374 * Scan a 2PC state file (already read into memory by ReadTwoPhaseFile)
1375 * and call the indicated callbacks for each 2PC record.
1378 ProcessRecords(char *bufptr, TransactionId xid,
1379 const TwoPhaseCallback callbacks[])
1383 TwoPhaseRecordOnDisk *record = (TwoPhaseRecordOnDisk *) bufptr;
1385 Assert(record->rmid <= TWOPHASE_RM_MAX_ID);
1386 if (record->rmid == TWOPHASE_RM_END_ID)
1389 bufptr += MAXALIGN(sizeof(TwoPhaseRecordOnDisk));
1391 if (callbacks[record->rmid] != NULL)
1392 callbacks[record->rmid] (xid, record->info,
1393 (void *) bufptr, record->len);
1395 bufptr += MAXALIGN(record->len);
1400 * Remove the 2PC file for the specified XID.
1402 * If giveWarning is false, do not complain about file-not-present;
1403 * this is an expected case during WAL replay.
1406 RemoveTwoPhaseFile(TransactionId xid, bool giveWarning)
1408 char path[MAXPGPATH];
1410 TwoPhaseFilePath(path, xid);
1412 if (errno != ENOENT || giveWarning)
1414 (errcode_for_file_access(),
1415 errmsg("could not remove two-phase state file \"%s\": %m",
1420 * Recreates a state file. This is used in WAL replay.
1422 * Note: content and len don't include CRC.
1425 RecreateTwoPhaseFile(TransactionId xid, void *content, int len)
1427 char path[MAXPGPATH];
1428 pg_crc32 statefile_crc;
1432 INIT_CRC32(statefile_crc);
1433 COMP_CRC32(statefile_crc, content, len);
1434 FIN_CRC32(statefile_crc);
1436 TwoPhaseFilePath(path, xid);
1438 fd = BasicOpenFile(path,
1439 O_CREAT | O_TRUNC | O_WRONLY | PG_BINARY,
1443 (errcode_for_file_access(),
1444 errmsg("could not recreate two-phase state file \"%s\": %m",
1447 /* Write content and CRC */
1448 if (write(fd, content, len) != len)
1452 (errcode_for_file_access(),
1453 errmsg("could not write two-phase state file: %m")));
1455 if (write(fd, &statefile_crc, sizeof(pg_crc32)) != sizeof(pg_crc32))
1459 (errcode_for_file_access(),
1460 errmsg("could not write two-phase state file: %m")));
1464 * We must fsync the file because the end-of-replay checkpoint will not do
1465 * so, there being no GXACT in shared memory yet to tell it to.
1467 if (pg_fsync(fd) != 0)
1471 (errcode_for_file_access(),
1472 errmsg("could not fsync two-phase state file: %m")));
1477 (errcode_for_file_access(),
1478 errmsg("could not close two-phase state file: %m")));
1482 * CheckPointTwoPhase -- handle 2PC component of checkpointing.
1484 * We must fsync the state file of any GXACT that is valid and has a PREPARE
1485 * LSN <= the checkpoint's redo horizon. (If the gxact isn't valid yet or
1486 * has a later LSN, this checkpoint is not responsible for fsyncing it.)
1488 * This is deliberately run as late as possible in the checkpoint sequence,
1489 * because GXACTs ordinarily have short lifespans, and so it is quite
1490 * possible that GXACTs that were valid at checkpoint start will no longer
1491 * exist if we wait a little bit.
1493 * If a GXACT remains valid across multiple checkpoints, it'll be fsynced
1494 * each time. This is considered unusual enough that we don't bother to
1495 * expend any extra code to avoid the redundant fsyncs. (They should be
1496 * reasonably cheap anyway, since they won't cause I/O.)
1499 CheckPointTwoPhase(XLogRecPtr redo_horizon)
1501 TransactionId *xids;
1503 char path[MAXPGPATH];
1507 * We don't want to hold the TwoPhaseStateLock while doing I/O, so we grab
1508 * it just long enough to make a list of the XIDs that require fsyncing,
1509 * and then do the I/O afterwards.
1511 * This approach creates a race condition: someone else could delete a
1512 * GXACT between the time we release TwoPhaseStateLock and the time we try
1513 * to open its state file. We handle this by special-casing ENOENT
1514 * failures: if we see that, we verify that the GXACT is no longer valid,
1515 * and if so ignore the failure.
1517 if (max_prepared_xacts <= 0)
1518 return; /* nothing to do */
1520 TRACE_POSTGRESQL_TWOPHASE_CHECKPOINT_START();
1522 xids = (TransactionId *) palloc(max_prepared_xacts * sizeof(TransactionId));
1525 LWLockAcquire(TwoPhaseStateLock, LW_SHARED);
1527 for (i = 0; i < TwoPhaseState->numPrepXacts; i++)
1529 GlobalTransaction gxact = TwoPhaseState->prepXacts[i];
1532 XLByteLE(gxact->prepare_lsn, redo_horizon))
1533 xids[nxids++] = gxact->proc.xid;
1536 LWLockRelease(TwoPhaseStateLock);
1538 for (i = 0; i < nxids; i++)
1540 TransactionId xid = xids[i];
1543 TwoPhaseFilePath(path, xid);
1545 fd = BasicOpenFile(path, O_RDWR | PG_BINARY, 0);
1548 if (errno == ENOENT)
1550 /* OK if gxact is no longer valid */
1551 if (!TransactionIdIsPrepared(xid))
1553 /* Restore errno in case it was changed */
1557 (errcode_for_file_access(),
1558 errmsg("could not open two-phase state file \"%s\": %m",
1562 if (pg_fsync(fd) != 0)
1566 (errcode_for_file_access(),
1567 errmsg("could not fsync two-phase state file \"%s\": %m",
1573 (errcode_for_file_access(),
1574 errmsg("could not close two-phase state file \"%s\": %m",
1580 TRACE_POSTGRESQL_TWOPHASE_CHECKPOINT_DONE();
1584 * PrescanPreparedTransactions
1586 * Scan the pg_twophase directory and determine the range of valid XIDs
1587 * present. This is run during database startup, after we have completed
1588 * reading WAL. ShmemVariableCache->nextXid has been set to one more than
1589 * the highest XID for which evidence exists in WAL.
1591 * We throw away any prepared xacts with main XID beyond nextXid --- if any
1592 * are present, it suggests that the DBA has done a PITR recovery to an
1593 * earlier point in time without cleaning out pg_twophase. We dare not
1594 * try to recover such prepared xacts since they likely depend on database
1595 * state that doesn't exist now.
1597 * However, we will advance nextXid beyond any subxact XIDs belonging to
1598 * valid prepared xacts. We need to do this since subxact commit doesn't
1599 * write a WAL entry, and so there might be no evidence in WAL of those
1602 * Our other responsibility is to determine and return the oldest valid XID
1603 * among the prepared xacts (if none, return ShmemVariableCache->nextXid).
1604 * This is needed to synchronize pg_subtrans startup properly.
1606 * If xids_p and nxids_p are not NULL, pointer to a palloc'd array of all
1607 * top-level xids is stored in *xids_p. The number of entries in the array
1608 * is returned in *nxids_p.
1611 PrescanPreparedTransactions(TransactionId **xids_p, int *nxids_p)
1613 TransactionId origNextXid = ShmemVariableCache->nextXid;
1614 TransactionId result = origNextXid;
1616 struct dirent *clde;
1617 TransactionId *xids = NULL;
1621 cldir = AllocateDir(TWOPHASE_DIR);
1622 while ((clde = ReadDir(cldir, TWOPHASE_DIR)) != NULL)
1624 if (strlen(clde->d_name) == 8 &&
1625 strspn(clde->d_name, "0123456789ABCDEF") == 8)
1629 TwoPhaseFileHeader *hdr;
1630 TransactionId *subxids;
1633 xid = (TransactionId) strtoul(clde->d_name, NULL, 16);
1635 /* Reject XID if too new */
1636 if (TransactionIdFollowsOrEquals(xid, origNextXid))
1639 (errmsg("removing future two-phase state file \"%s\"",
1641 RemoveTwoPhaseFile(xid, true);
1646 * Note: we can't check if already processed because clog
1647 * subsystem isn't up yet.
1650 /* Read and validate file */
1651 buf = ReadTwoPhaseFile(xid, true);
1655 (errmsg("removing corrupt two-phase state file \"%s\"",
1657 RemoveTwoPhaseFile(xid, true);
1661 /* Deconstruct header */
1662 hdr = (TwoPhaseFileHeader *) buf;
1663 if (!TransactionIdEquals(hdr->xid, xid))
1666 (errmsg("removing corrupt two-phase state file \"%s\"",
1668 RemoveTwoPhaseFile(xid, true);
1674 * OK, we think this file is valid. Incorporate xid into the
1675 * running-minimum result.
1677 if (TransactionIdPrecedes(xid, result))
1681 * Examine subtransaction XIDs ... they should all follow main
1682 * XID, and they may force us to advance nextXid.
1684 subxids = (TransactionId *)
1685 (buf + MAXALIGN(sizeof(TwoPhaseFileHeader)));
1686 for (i = 0; i < hdr->nsubxacts; i++)
1688 TransactionId subxid = subxids[i];
1690 Assert(TransactionIdFollows(subxid, xid));
1691 if (TransactionIdFollowsOrEquals(subxid,
1692 ShmemVariableCache->nextXid))
1694 ShmemVariableCache->nextXid = subxid;
1695 TransactionIdAdvance(ShmemVariableCache->nextXid);
1702 if (nxids == allocsize)
1707 xids = palloc(allocsize * sizeof(TransactionId));
1711 allocsize = allocsize * 2;
1712 xids = repalloc(xids, allocsize * sizeof(TransactionId));
1715 xids[nxids++] = xid;
1733 * StandbyRecoverPreparedTransactions
1735 * Scan the pg_twophase directory and setup all the required information to
1736 * allow standby queries to treat prepared transactions as still active.
1737 * This is never called at the end of recovery - we use
1738 * RecoverPreparedTransactions() at that point.
1740 * Currently we simply call SubTransSetParent() for any subxids of prepared
1741 * transactions. If overwriteOK is true, it's OK if some XIDs have already
1742 * been marked in pg_subtrans.
1745 StandbyRecoverPreparedTransactions(bool overwriteOK)
1748 struct dirent *clde;
1750 cldir = AllocateDir(TWOPHASE_DIR);
1751 while ((clde = ReadDir(cldir, TWOPHASE_DIR)) != NULL)
1753 if (strlen(clde->d_name) == 8 &&
1754 strspn(clde->d_name, "0123456789ABCDEF") == 8)
1758 TwoPhaseFileHeader *hdr;
1759 TransactionId *subxids;
1762 xid = (TransactionId) strtoul(clde->d_name, NULL, 16);
1764 /* Already processed? */
1765 if (TransactionIdDidCommit(xid) || TransactionIdDidAbort(xid))
1768 (errmsg("removing stale two-phase state file \"%s\"",
1770 RemoveTwoPhaseFile(xid, true);
1774 /* Read and validate file */
1775 buf = ReadTwoPhaseFile(xid, true);
1779 (errmsg("removing corrupt two-phase state file \"%s\"",
1781 RemoveTwoPhaseFile(xid, true);
1785 /* Deconstruct header */
1786 hdr = (TwoPhaseFileHeader *) buf;
1787 if (!TransactionIdEquals(hdr->xid, xid))
1790 (errmsg("removing corrupt two-phase state file \"%s\"",
1792 RemoveTwoPhaseFile(xid, true);
1798 * Examine subtransaction XIDs ... they should all follow main
1801 subxids = (TransactionId *)
1802 (buf + MAXALIGN(sizeof(TwoPhaseFileHeader)));
1803 for (i = 0; i < hdr->nsubxacts; i++)
1805 TransactionId subxid = subxids[i];
1807 Assert(TransactionIdFollows(subxid, xid));
1808 SubTransSetParent(xid, subxid, overwriteOK);
1816 * RecoverPreparedTransactions
1818 * Scan the pg_twophase directory and reload shared-memory state for each
1819 * prepared transaction (reacquire locks, etc). This is run during database
1823 RecoverPreparedTransactions(void)
1825 char dir[MAXPGPATH];
1827 struct dirent *clde;
1828 bool overwriteOK = false;
1830 snprintf(dir, MAXPGPATH, "%s", TWOPHASE_DIR);
1832 cldir = AllocateDir(dir);
1833 while ((clde = ReadDir(cldir, dir)) != NULL)
1835 if (strlen(clde->d_name) == 8 &&
1836 strspn(clde->d_name, "0123456789ABCDEF") == 8)
1841 TwoPhaseFileHeader *hdr;
1842 TransactionId *subxids;
1843 GlobalTransaction gxact;
1846 xid = (TransactionId) strtoul(clde->d_name, NULL, 16);
1848 /* Already processed? */
1849 if (TransactionIdDidCommit(xid) || TransactionIdDidAbort(xid))
1852 (errmsg("removing stale two-phase state file \"%s\"",
1854 RemoveTwoPhaseFile(xid, true);
1858 /* Read and validate file */
1859 buf = ReadTwoPhaseFile(xid, true);
1863 (errmsg("removing corrupt two-phase state file \"%s\"",
1865 RemoveTwoPhaseFile(xid, true);
1870 (errmsg("recovering prepared transaction %u", xid)));
1872 /* Deconstruct header */
1873 hdr = (TwoPhaseFileHeader *) buf;
1874 Assert(TransactionIdEquals(hdr->xid, xid));
1875 bufptr = buf + MAXALIGN(sizeof(TwoPhaseFileHeader));
1876 subxids = (TransactionId *) bufptr;
1877 bufptr += MAXALIGN(hdr->nsubxacts * sizeof(TransactionId));
1878 bufptr += MAXALIGN(hdr->ncommitrels * sizeof(RelFileNode));
1879 bufptr += MAXALIGN(hdr->nabortrels * sizeof(RelFileNode));
1880 bufptr += MAXALIGN(hdr->ninvalmsgs * sizeof(SharedInvalidationMessage));
1883 * It's possible that SubTransSetParent has been set before, if
1884 * the prepared transaction generated xid assignment records. Test
1885 * here must match one used in AssignTransactionId().
1887 if (InHotStandby && hdr->nsubxacts >= PGPROC_MAX_CACHED_SUBXIDS)
1891 * Reconstruct subtrans state for the transaction --- needed
1892 * because pg_subtrans is not preserved over a restart. Note that
1893 * we are linking all the subtransactions directly to the
1894 * top-level XID; there may originally have been a more complex
1895 * hierarchy, but there's no need to restore that exactly.
1897 for (i = 0; i < hdr->nsubxacts; i++)
1898 SubTransSetParent(subxids[i], xid, overwriteOK);
1901 * Recreate its GXACT and dummy PGPROC
1903 * Note: since we don't have the PREPARE record's WAL location at
1904 * hand, we leave prepare_lsn zeroes. This means the GXACT will
1905 * be fsync'd on every future checkpoint. We assume this
1906 * situation is infrequent enough that the performance cost is
1907 * negligible (especially since we know the state file has already
1910 gxact = MarkAsPreparing(xid, hdr->gid,
1912 hdr->owner, hdr->database);
1913 GXactLoadSubxactData(gxact, hdr->nsubxacts, subxids);
1914 MarkAsPrepared(gxact);
1917 * Recover other state (notably locks) using resource managers
1919 ProcessRecords(bufptr, xid, twophase_recover_callbacks);
1922 * Release locks held by the standby process after we process each
1923 * prepared transaction. As a result, we don't need too many
1924 * additional locks at any one time.
1927 StandbyReleaseLockTree(xid, hdr->nsubxacts, subxids);
1936 * RecordTransactionCommitPrepared
1938 * This is basically the same as RecordTransactionCommit: in particular,
1939 * we must set the inCommit flag to avoid a race condition.
1941 * We know the transaction made at least one XLOG entry (its PREPARE),
1942 * so it is never possible to optimize out the commit record.
1945 RecordTransactionCommitPrepared(TransactionId xid,
1947 TransactionId *children,
1951 SharedInvalidationMessage *invalmsgs,
1954 XLogRecData rdata[4];
1956 xl_xact_commit_prepared xlrec;
1959 START_CRIT_SECTION();
1961 /* See notes in RecordTransactionCommit */
1962 MyProc->inCommit = true;
1964 /* Emit the XLOG commit record */
1966 xlrec.crec.xact_time = GetCurrentTimestamp();
1967 xlrec.crec.xinfo = initfileinval ? XACT_COMPLETION_UPDATE_RELCACHE_FILE : 0;
1968 xlrec.crec.nmsgs = 0;
1969 xlrec.crec.nrels = nrels;
1970 xlrec.crec.nsubxacts = nchildren;
1971 xlrec.crec.nmsgs = ninvalmsgs;
1973 rdata[0].data = (char *) (&xlrec);
1974 rdata[0].len = MinSizeOfXactCommitPrepared;
1975 rdata[0].buffer = InvalidBuffer;
1976 /* dump rels to delete */
1979 rdata[0].next = &(rdata[1]);
1980 rdata[1].data = (char *) rels;
1981 rdata[1].len = nrels * sizeof(RelFileNode);
1982 rdata[1].buffer = InvalidBuffer;
1985 /* dump committed child Xids */
1988 rdata[lastrdata].next = &(rdata[2]);
1989 rdata[2].data = (char *) children;
1990 rdata[2].len = nchildren * sizeof(TransactionId);
1991 rdata[2].buffer = InvalidBuffer;
1994 /* dump cache invalidation messages */
1997 rdata[lastrdata].next = &(rdata[3]);
1998 rdata[3].data = (char *) invalmsgs;
1999 rdata[3].len = ninvalmsgs * sizeof(SharedInvalidationMessage);
2000 rdata[3].buffer = InvalidBuffer;
2003 rdata[lastrdata].next = NULL;
2005 recptr = XLogInsert(RM_XACT_ID, XLOG_XACT_COMMIT_PREPARED, rdata);
2008 * We don't currently try to sleep before flush here ... nor is there any
2009 * support for async commit of a prepared xact (the very idea is probably
2013 /* Flush XLOG to disk */
2017 * Wake up all walsenders to send WAL up to the COMMIT PREPARED record
2018 * immediately if replication is enabled
2020 if (max_wal_senders > 0)
2023 /* Mark the transaction committed in pg_clog */
2024 TransactionIdCommitTree(xid, nchildren, children);
2026 /* Checkpoint can proceed now */
2027 MyProc->inCommit = false;
2033 * RecordTransactionAbortPrepared
2035 * This is basically the same as RecordTransactionAbort.
2037 * We know the transaction made at least one XLOG entry (its PREPARE),
2038 * so it is never possible to optimize out the abort record.
2041 RecordTransactionAbortPrepared(TransactionId xid,
2043 TransactionId *children,
2047 XLogRecData rdata[3];
2049 xl_xact_abort_prepared xlrec;
2053 * Catch the scenario where we aborted partway through
2054 * RecordTransactionCommitPrepared ...
2056 if (TransactionIdDidCommit(xid))
2057 elog(PANIC, "cannot abort transaction %u, it was already committed",
2060 START_CRIT_SECTION();
2062 /* Emit the XLOG abort record */
2064 xlrec.arec.xact_time = GetCurrentTimestamp();
2065 xlrec.arec.nrels = nrels;
2066 xlrec.arec.nsubxacts = nchildren;
2067 rdata[0].data = (char *) (&xlrec);
2068 rdata[0].len = MinSizeOfXactAbortPrepared;
2069 rdata[0].buffer = InvalidBuffer;
2070 /* dump rels to delete */
2073 rdata[0].next = &(rdata[1]);
2074 rdata[1].data = (char *) rels;
2075 rdata[1].len = nrels * sizeof(RelFileNode);
2076 rdata[1].buffer = InvalidBuffer;
2079 /* dump committed child Xids */
2082 rdata[lastrdata].next = &(rdata[2]);
2083 rdata[2].data = (char *) children;
2084 rdata[2].len = nchildren * sizeof(TransactionId);
2085 rdata[2].buffer = InvalidBuffer;
2088 rdata[lastrdata].next = NULL;
2090 recptr = XLogInsert(RM_XACT_ID, XLOG_XACT_ABORT_PREPARED, rdata);
2092 /* Always flush, since we're about to remove the 2PC state file */
2096 * Wake up all walsenders to send WAL up to the ABORT PREPARED record
2097 * immediately if replication is enabled
2099 if (max_wal_senders > 0)
2103 * Mark the transaction aborted in clog. This is not absolutely necessary
2104 * but we may as well do it while we are here.
2106 TransactionIdAbortTree(xid, nchildren, children);