1 /*-------------------------------------------------------------------------
4 * This program acts as a clearing house for requests to the
5 * POSTGRES system. Frontend programs send a startup message
6 * to the Postmaster and the postmaster uses the info in the
7 * message to setup a backend process.
9 * The postmaster also manages system-wide operations such as
10 * startup and shutdown. The postmaster itself doesn't do those
11 * operations, mind you --- it just forks off a subprocess to do them
12 * at the right times. It also takes care of resetting the system
13 * if a backend crashes.
15 * The postmaster process creates the shared memory and semaphore
16 * pools during startup, but as a rule does not touch them itself.
17 * In particular, it is not a member of the PGPROC array of backends
18 * and so it cannot participate in lock-manager operations. Keeping
19 * the postmaster away from shared memory operations makes it simpler
20 * and more reliable. The postmaster is almost always able to recover
21 * from crashes of individual backends by resetting shared memory;
22 * if it did much with shared memory then it would be prone to crashing
23 * along with the backends.
25 * When a request message is received, we now fork() immediately.
26 * The child process performs authentication of the request, and
27 * then becomes a backend if successful. This allows the auth code
28 * to be written in a simple single-threaded style (as opposed to the
29 * crufty "poor man's multitasking" code that used to be needed).
30 * More importantly, it ensures that blockages in non-multithreaded
31 * libraries like SSL or PAM cannot cause denial of service to other
35 * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
36 * Portions Copyright (c) 1994, Regents of the University of California
40 * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.550 2008/01/01 19:45:51 momjian Exp $
45 * The Postmaster sets up shared memory data structures
49 * The Postmaster shares memory with the backends but should avoid
50 * touching shared memory, so as not to become stuck if a crashing
51 * backend screws up locks or shared memory. Likewise, the Postmaster
52 * should never block on messages from frontend clients.
55 * The Postmaster cleans up after backends if they have an emergency
56 * exit and/or core dump.
59 * Use write_stderr() only for reporting "interactive" errors
60 * (essentially, bogus arguments on the command line). Once the
61 * postmaster is launched, use ereport(). In particular, don't use
62 * write_stderr() for anything that occurs after pmdaemonize.
64 *-------------------------------------------------------------------------
75 #include <sys/socket.h>
77 #include <sys/param.h>
78 #include <netinet/in.h>
79 #include <arpa/inet.h>
83 #ifdef HAVE_SYS_SELECT_H
84 #include <sys/select.h>
92 #include <DNSServiceDiscovery/DNSServiceDiscovery.h>
95 #include "access/transam.h"
96 #include "bootstrap/bootstrap.h"
97 #include "catalog/pg_control.h"
98 #include "lib/dllist.h"
99 #include "libpq/auth.h"
100 #include "libpq/ip.h"
101 #include "libpq/libpq.h"
102 #include "libpq/pqsignal.h"
103 #include "miscadmin.h"
105 #include "postmaster/autovacuum.h"
106 #include "postmaster/fork_process.h"
107 #include "postmaster/pgarch.h"
108 #include "postmaster/postmaster.h"
109 #include "postmaster/syslogger.h"
110 #include "storage/fd.h"
111 #include "storage/ipc.h"
112 #include "storage/pg_shmem.h"
113 #include "storage/pmsignal.h"
114 #include "storage/proc.h"
115 #include "tcop/tcopprot.h"
116 #include "utils/builtins.h"
117 #include "utils/datetime.h"
118 #include "utils/memutils.h"
119 #include "utils/ps_status.h"
122 #include "storage/spin.h"
127 * List of active backends (or child processes anyway; we don't actually
128 * know whether a given child has become a backend or is still in the
129 * authorization phase). This is used mainly to keep track of how many
130 * children we have and send them appropriate signals when necessary.
132 * "Special" children such as the startup, bgwriter and autovacuum launcher
133 * tasks are not in this list. Autovacuum worker processes are in it.
134 * Also, "dead_end" children are in it: these are children launched just
135 * for the purpose of sending a friendly rejection message to a would-be
136 * client. We must track them because they are attached to shared memory,
137 * but we know they will never become live backends.
141 pid_t pid; /* process id of backend */
142 long cancel_key; /* cancel key for cancels for this backend */
143 bool is_autovacuum; /* is it an autovacuum process? */
144 bool dead_end; /* is it going to send an error and quit? */
147 static Dllist *BackendList;
151 * Number of entries in the shared-memory backend table. This table is used
152 * only for sending cancels, and therefore only includes children we allow
153 * cancels on: regular backends and autovac workers. In particular we exclude
154 * dead_end children, allowing the table to have a known maximum size, to wit
155 * the same too-many-children limit enforced by canAcceptConnections().
157 #define NUM_BACKENDARRAY_ELEMS (2*MaxBackends)
159 static Backend *ShmemBackendArray;
162 /* The socket number we are listening for connections on */
165 char *ListenAddresses;
168 * ReservedBackends is the number of backends reserved for superuser use.
169 * This number is taken out of the pool size given by MaxBackends so
170 * number of backend slots available to non-superusers is
171 * (MaxBackends - ReservedBackends). Note what this really means is
172 * "if there are <= ReservedBackends connections available, only superusers
173 * can make new connections" --- pre-existing superuser connections don't
174 * count against the limit.
176 int ReservedBackends;
178 /* The socket(s) we're listening to. */
180 static int ListenSocket[MAXLISTEN];
183 * Set by the -o option
185 static char ExtraOptions[MAXPGPATH];
188 * These globals control the behavior of the postmaster in case some
189 * backend dumps core. Normally, it kills all peers of the dead backend
190 * and reinitializes shared memory. By specifying -s or -n, we can have
191 * the postmaster stop (rather than kill) peers and not reinitialize
192 * shared data structures. (Reinit is currently dead code, though.)
194 static bool Reinit = true;
195 static int SendStop = false;
197 /* still more option variables */
198 bool EnableSSL = false;
199 bool SilentMode = false; /* silent mode (-S) */
201 int PreAuthDelay = 0;
202 int AuthenticationTimeout = 60;
204 bool log_hostname; /* for ps display and logging */
205 bool Log_connections = false;
206 bool Db_user_namespace = false;
210 /* PIDs of special child processes; 0 when not running */
211 static pid_t StartupPID = 0,
219 /* Startup/shutdown state */
221 #define SmartShutdown 1
222 #define FastShutdown 2
224 static int Shutdown = NoShutdown;
226 static bool FatalError = false; /* T if recovering from backend crash */
229 * We use a simple state machine to control startup, shutdown, and
230 * crash recovery (which is rather like shutdown followed by startup).
232 * Normal child backends can only be launched when we are in PM_RUN state.
233 * In other states we handle connection requests by launching "dead_end"
234 * child processes, which will simply send the client an error message and
235 * quit. (We track these in the BackendList so that we can know when they
236 * are all gone; this is important because they're still connected to shared
237 * memory, and would interfere with an attempt to destroy the shmem segment,
238 * possibly leading to SHMALL failure when we try to make a new one.)
239 * In PM_WAIT_DEAD_END state we are waiting for all the dead_end children
240 * to drain out of the system, and therefore stop accepting connection
241 * requests at all until the last existing child has quit (which hopefully
242 * will not be very long).
244 * Notice that this state variable does not distinguish *why* we entered
245 * PM_WAIT_BACKENDS or later states --- Shutdown and FatalError must be
246 * consulted to find that out. FatalError is never true in PM_RUN state, nor
247 * in PM_SHUTDOWN state (because we don't enter that state when trying to
248 * recover from a crash). It can be true in PM_STARTUP state, because we
249 * don't clear it until we've successfully recovered.
253 PM_INIT, /* postmaster starting */
254 PM_STARTUP, /* waiting for startup subprocess */
255 PM_RUN, /* normal "database is alive" state */
256 PM_WAIT_BACKENDS, /* waiting for live backends to exit */
257 PM_SHUTDOWN, /* waiting for bgwriter to do shutdown ckpt */
258 PM_WAIT_DEAD_END, /* waiting for dead_end children to exit */
259 PM_NO_CHILDREN /* all important children have exited */
262 static PMState pmState = PM_INIT;
264 bool ClientAuthInProgress = false; /* T during new-client
267 bool redirection_done = false; /* stderr redirected for syslogger? */
269 /* received START_AUTOVAC_LAUNCHER signal */
270 static volatile sig_atomic_t start_autovac_launcher = false;
273 * State for assigning random salts and cancel keys.
274 * Also, the global MyCancelKey passes the cancel key assigned to a given
275 * backend from the postmaster to that backend (via fork).
277 static unsigned int random_seed = 0;
278 static struct timeval random_start_time;
284 #ifdef HAVE_INT_OPTRESET
289 * postmaster.c - function prototypes
291 static void checkDataDir(void);
294 static void reg_reply(DNSServiceRegistrationReplyErrorType errorCode,
297 static void pmdaemonize(void);
298 static Port *ConnCreate(int serverFd);
299 static void ConnFree(Port *port);
300 static void reset_shared(int port);
301 static void SIGHUP_handler(SIGNAL_ARGS);
302 static void pmdie(SIGNAL_ARGS);
303 static void reaper(SIGNAL_ARGS);
304 static void sigusr1_handler(SIGNAL_ARGS);
305 static void dummy_handler(SIGNAL_ARGS);
306 static void CleanupBackend(int pid, int exitstatus);
307 static void HandleChildCrash(int pid, int exitstatus, const char *procname);
308 static void LogChildExit(int lev, const char *procname,
309 int pid, int exitstatus);
310 static void PostmasterStateMachine(void);
311 static void BackendInitialize(Port *port);
312 static int BackendRun(Port *port);
313 static void ExitPostmaster(int status);
314 static int ServerLoop(void);
315 static int BackendStartup(Port *port);
316 static int ProcessStartupPacket(Port *port, bool SSLdone);
317 static void processCancelRequest(Port *port, void *pkt);
318 static int initMasks(fd_set *rmask);
319 static void report_fork_failure_to_client(Port *port, int errnum);
320 static enum CAC_state canAcceptConnections(void);
321 static long PostmasterRandom(void);
322 static void RandomSalt(char *cryptSalt, char *md5Salt);
323 static void signal_child(pid_t pid, int signal);
324 static void SignalSomeChildren(int signal, bool only_autovac);
326 #define SignalChildren(sig) SignalSomeChildren(sig, false)
327 #define SignalAutovacWorkers(sig) SignalSomeChildren(sig, true)
328 static int CountChildren(void);
329 static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
330 static pid_t StartChildProcess(AuxProcType type);
331 static void StartAutovacuumWorker(void);
336 static pid_t win32_waitpid(int *exitstatus);
337 static void WINAPI pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired);
339 static HANDLE win32ChildQueue;
346 } win32_deadchild_waitinfo;
348 HANDLE PostmasterHandle;
351 static pid_t backend_forkexec(Port *port);
352 static pid_t internal_forkexec(int argc, char *argv[], Port *port);
354 /* Type for a socket that can be inherited to a client process */
358 SOCKET origsocket; /* Original socket value, or -1 if not a
360 WSAPROTOCOL_INFO wsainfo;
363 typedef int InheritableSocket;
366 typedef struct LWLock LWLock; /* ugly kluge */
369 * Structure contains all variables passed to exec:ed backends
374 InheritableSocket portsocket;
375 char DataDir[MAXPGPATH];
376 int ListenSocket[MAXLISTEN];
378 unsigned long UsedShmemSegID;
379 void *UsedShmemSegAddr;
381 VariableCache ShmemVariableCache;
382 Backend *ShmemBackendArray;
384 slock_t *ProcStructLock;
385 PROC_HDR *ProcGlobal;
386 PGPROC *AuxiliaryProcs;
387 InheritableSocket pgStatSock;
389 TimestampTz PgStartTime;
390 bool redirection_done;
392 HANDLE PostmasterHandle;
393 HANDLE initial_signal_pipe;
394 HANDLE syslogPipe[2];
398 char my_exec_path[MAXPGPATH];
399 char pkglib_path[MAXPGPATH];
400 char ExtraOptions[MAXPGPATH];
401 char lc_collate[LOCALE_NAME_BUFLEN];
402 char lc_ctype[LOCALE_NAME_BUFLEN];
405 static void read_backend_variables(char *id, Port *port);
406 static void restore_backend_variables(BackendParameters * param, Port *port);
409 static bool save_backend_variables(BackendParameters * param, Port *port);
411 static bool save_backend_variables(BackendParameters * param, Port *port,
412 HANDLE childProcess, pid_t childPid);
415 static void ShmemBackendArrayAdd(Backend *bn);
416 static void ShmemBackendArrayRemove(pid_t pid);
417 #endif /* EXEC_BACKEND */
419 #define StartupDataBase() StartChildProcess(StartupProcess)
420 #define StartBackgroundWriter() StartChildProcess(BgWriterProcess)
421 #define StartWalWriter() StartChildProcess(WalWriterProcess)
423 /* Macros to check exit status of a child process */
424 #define EXIT_STATUS_0(st) ((st) == 0)
425 #define EXIT_STATUS_1(st) (WIFEXITED(st) && WEXITSTATUS(st) == 1)
429 * Postmaster main entry point
432 PostmasterMain(int argc, char *argv[])
436 char *userDoption = NULL;
439 MyProcPid = PostmasterPid = getpid();
441 MyStartTime = time(NULL);
443 IsPostmasterEnvironment = true;
446 * for security, no dir or file created can be group or other accessible
448 umask((mode_t) 0077);
451 * Fire up essential subsystems: memory management
456 * By default, palloc() requests in the postmaster will be allocated in
457 * the PostmasterContext, which is space that can be recycled by backends.
458 * Allocated data that needs to be available to backends should be
459 * allocated in TopMemoryContext.
461 PostmasterContext = AllocSetContextCreate(TopMemoryContext,
463 ALLOCSET_DEFAULT_MINSIZE,
464 ALLOCSET_DEFAULT_INITSIZE,
465 ALLOCSET_DEFAULT_MAXSIZE);
466 MemoryContextSwitchTo(PostmasterContext);
468 if (find_my_exec(argv[0], my_exec_path) < 0)
469 elog(FATAL, "%s: could not locate my own executable path",
472 get_pkglib_path(my_exec_path, pkglib_path);
477 InitializeGUCOptions();
482 * Parse command-line options. CAUTION: keep this in sync with
483 * tcop/postgres.c (the option sets should not conflict) and with the
484 * common help() function in main/main.c.
486 while ((opt = getopt(argc, argv, "A:B:c:D:d:EeFf:h:ijk:lN:nOo:Pp:r:S:sTt:W:-:")) != -1)
491 SetConfigOption("debug_assertions", optarg, PGC_POSTMASTER, PGC_S_ARGV);
495 SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
499 userDoption = optarg;
503 set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV);
507 SetConfigOption("log_statement", "all", PGC_POSTMASTER, PGC_S_ARGV);
511 SetConfigOption("datestyle", "euro", PGC_POSTMASTER, PGC_S_ARGV);
515 SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
519 if (!set_plan_disabling_options(optarg, PGC_POSTMASTER, PGC_S_ARGV))
521 write_stderr("%s: invalid argument for option -f: \"%s\"\n",
528 SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
532 SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
536 /* only used by interactive backend */
540 SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV);
544 SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
548 SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
552 /* Don't reinit shared mem after abnormal exit */
557 SetConfigOption("allow_system_table_mods", "true", PGC_POSTMASTER, PGC_S_ARGV);
561 /* Other options to pass to the backend on the command line */
562 snprintf(ExtraOptions + strlen(ExtraOptions),
563 sizeof(ExtraOptions) - strlen(ExtraOptions),
568 SetConfigOption("ignore_system_indexes", "true", PGC_POSTMASTER, PGC_S_ARGV);
572 SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
576 /* only used by single-user backend */
580 SetConfigOption("work_mem", optarg, PGC_POSTMASTER, PGC_S_ARGV);
584 SetConfigOption("log_statement_stats", "true", PGC_POSTMASTER, PGC_S_ARGV);
590 * In the event that some backend dumps core, send SIGSTOP,
591 * rather than SIGQUIT, to all its peers. This lets the wily
592 * post_hacker collect core dumps from everyone.
599 const char *tmp = get_stats_option_name(optarg);
603 SetConfigOption(tmp, "true", PGC_POSTMASTER, PGC_S_ARGV);
607 write_stderr("%s: invalid argument for option -t: \"%s\"\n",
615 SetConfigOption("post_auth_delay", optarg, PGC_POSTMASTER, PGC_S_ARGV);
624 ParseLongOption(optarg, &name, &value);
629 (errcode(ERRCODE_SYNTAX_ERROR),
630 errmsg("--%s requires a value",
634 (errcode(ERRCODE_SYNTAX_ERROR),
635 errmsg("-c %s requires a value",
639 SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
647 write_stderr("Try \"%s --help\" for more information.\n",
654 * Postmaster accepts no non-option switch arguments.
658 write_stderr("%s: invalid argument: \"%s\"\n",
659 progname, argv[optind]);
660 write_stderr("Try \"%s --help\" for more information.\n",
666 /* Locate executable backend before we change working directory */
667 if (find_other_exec(argv[0], "postgres", PG_VERSIONSTR,
668 postgres_exec_path) < 0)
670 (errmsg("%s: could not locate matching postgres executable",
675 * Locate the proper configuration files and data directory, and read
676 * postgresql.conf for the first time.
678 if (!SelectConfigFiles(userDoption, progname))
681 /* Verify that DataDir looks reasonable */
684 /* And switch working directory into it */
688 * Check for invalid combinations of GUC settings.
690 if (NBuffers < 2 * MaxBackends || NBuffers < 16)
693 * Do not accept -B so small that backends are likely to starve for
694 * lack of buffers. The specific choices here are somewhat arbitrary.
696 write_stderr("%s: the number of buffers (-B) must be at least twice the number of allowed connections (-N) and at least 16\n", progname);
700 if (ReservedBackends >= MaxBackends)
702 write_stderr("%s: superuser_reserved_connections must be less than max_connections\n", progname);
707 * Other one-time internal sanity checks can go here, if they are fast.
708 * (Put any slow processing further down, after postmaster.pid creation.)
710 if (!CheckDateTokenTables())
712 write_stderr("%s: invalid datetoken tables, please fix\n", progname);
717 * Now that we are done processing the postmaster arguments, reset
718 * getopt(3) library so that it will work correctly in subprocesses.
721 #ifdef HAVE_INT_OPTRESET
722 optreset = 1; /* some systems need this too */
725 /* For debugging: display postmaster environment */
727 extern char **environ;
731 (errmsg_internal("%s: PostmasterMain: initial environ dump:",
734 (errmsg_internal("-----------------------------------------")));
735 for (p = environ; *p; ++p)
737 (errmsg_internal("\t%s", *p)));
739 (errmsg_internal("-----------------------------------------")));
743 * Fork away from controlling terminal, if -S specified.
745 * Must do this before we grab any interlock files, else the interlocks
746 * will show the wrong PID.
752 * Create lockfile for data directory.
754 * We want to do this before we try to grab the input sockets, because the
755 * data directory interlock is more reliable than the socket-file
756 * interlock (thanks to whoever decided to put socket files in /tmp :-().
757 * For the same reason, it's best to grab the TCP socket(s) before the
760 CreateDataDirLockFile(true);
763 * If timezone is not set, determine what the OS uses. (In theory this
764 * should be done during GUC initialization, but because it can take as
765 * much as several seconds, we delay it until after we've created the
766 * postmaster.pid file. This prevents problems with boot scripts that
767 * expect the pidfile to appear quickly. Also, we avoid problems with
768 * trying to locate the timezone files too early in initialization.)
770 pg_timezone_initialize();
773 * Likewise, init timezone_abbreviations if not already set.
775 pg_timezone_abbrev_initialize();
778 * Initialize SSL library, if specified.
786 * process any libraries that should be preloaded at postmaster start
788 process_shared_preload_libraries();
791 * Remove old temporary files. At this point there can be no other
792 * Postgres processes running in this directory, so this should be safe.
797 * Establish input sockets.
799 for (i = 0; i < MAXLISTEN; i++)
800 ListenSocket[i] = -1;
809 /* Need a modifiable copy of ListenAddresses */
810 rawstring = pstrdup(ListenAddresses);
812 /* Parse string into list of identifiers */
813 if (!SplitIdentifierString(rawstring, ',', &elemlist))
815 /* syntax error in list */
817 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
818 errmsg("invalid list syntax for \"listen_addresses\"")));
823 char *curhost = (char *) lfirst(l);
825 if (strcmp(curhost, "*") == 0)
826 status = StreamServerPort(AF_UNSPEC, NULL,
827 (unsigned short) PostPortNumber,
829 ListenSocket, MAXLISTEN);
831 status = StreamServerPort(AF_UNSPEC, curhost,
832 (unsigned short) PostPortNumber,
834 ListenSocket, MAXLISTEN);
835 if (status == STATUS_OK)
839 (errmsg("could not create listen socket for \"%s\"",
843 if (!success && list_length(elemlist))
845 (errmsg("could not create any TCP/IP sockets")));
852 /* Register for Bonjour only if we opened TCP socket(s) */
853 if (ListenSocket[0] != -1 && bonjour_name != NULL)
855 DNSServiceRegistrationCreate(bonjour_name,
858 htons(PostPortNumber),
860 (DNSServiceRegistrationReply) reg_reply,
865 #ifdef HAVE_UNIX_SOCKETS
866 status = StreamServerPort(AF_UNIX, NULL,
867 (unsigned short) PostPortNumber,
869 ListenSocket, MAXLISTEN);
870 if (status != STATUS_OK)
872 (errmsg("could not create Unix-domain socket")));
876 * check that we have some socket to listen on
878 if (ListenSocket[0] == -1)
880 (errmsg("no socket created for listening")));
883 * Set up shared memory and semaphores.
885 reset_shared(PostPortNumber);
888 * Estimate number of openable files. This must happen after setting up
889 * semaphores, because on some platforms semaphores count as open files.
894 * Load configuration files for client authentication.
900 * Initialize the list of active backends.
902 BackendList = DLNewList();
907 * Initialize I/O completion port used to deliver list of dead children.
909 win32ChildQueue = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 1);
910 if (win32ChildQueue == NULL)
912 (errmsg("could not create I/O completion port for child queue")));
915 * Set up a handle that child processes can use to check whether the
916 * postmaster is still running.
918 if (DuplicateHandle(GetCurrentProcess(),
924 DUPLICATE_SAME_ACCESS) == 0)
926 (errmsg_internal("could not duplicate postmaster handle: error code %d",
927 (int) GetLastError())));
931 * Record postmaster options. We delay this till now to avoid recording
932 * bogus options (eg, NBuffers too high for available memory).
934 if (!CreateOptsFile(argc, argv, my_exec_path))
938 /* Write out nondefault GUC settings for child processes to use */
939 write_nondefault_variables(PGC_POSTMASTER);
943 * Write the external PID file if requested
945 if (external_pid_file)
947 FILE *fpidfile = fopen(external_pid_file, "w");
951 fprintf(fpidfile, "%d\n", MyProcPid);
953 /* Should we remove the pid file on postmaster exit? */
956 write_stderr("%s: could not write external PID file \"%s\": %s\n",
957 progname, external_pid_file, strerror(errno));
961 * Set up signal handlers for the postmaster process.
963 * CAUTION: when changing this list, check for side-effects on the signal
964 * handling setup of child processes. See tcop/postgres.c,
965 * bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/walwriter.c,
966 * postmaster/autovacuum.c, postmaster/pgarch.c, postmaster/pgstat.c, and
967 * postmaster/syslogger.c.
970 PG_SETMASK(&BlockSig);
972 pqsignal(SIGHUP, SIGHUP_handler); /* reread config file and have
973 * children do same */
974 pqsignal(SIGINT, pmdie); /* send SIGTERM and shut down */
975 pqsignal(SIGQUIT, pmdie); /* send SIGQUIT and die */
976 pqsignal(SIGTERM, pmdie); /* wait for children and shut down */
977 pqsignal(SIGALRM, SIG_IGN); /* ignored */
978 pqsignal(SIGPIPE, SIG_IGN); /* ignored */
979 pqsignal(SIGUSR1, sigusr1_handler); /* message from child process */
980 pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
981 pqsignal(SIGCHLD, reaper); /* handle child termination */
982 pqsignal(SIGTTIN, SIG_IGN); /* ignored */
983 pqsignal(SIGTTOU, SIG_IGN); /* ignored */
984 /* ignore SIGXFSZ, so that ulimit violations work like disk full */
986 pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
990 * If enabled, start up syslogger collection subprocess
992 SysLoggerPID = SysLogger_Start();
995 * Reset whereToSendOutput from DestDebug (its starting state) to
996 * DestNone. This stops ereport from sending log messages to stderr unless
997 * Log_destination permits. We don't do this until the postmaster is
998 * fully launched, since startup failures may as well be reported to
1001 whereToSendOutput = DestNone;
1004 * Initialize stats collection subsystem (this does NOT start the
1005 * collector process!)
1010 * Initialize the autovacuum subsystem (again, no process start yet)
1015 * Remember postmaster startup time
1017 PgStartTime = GetCurrentTimestamp();
1018 /* PostmasterRandom wants its own copy */
1019 gettimeofday(&random_start_time, NULL);
1022 * We're ready to rock and roll...
1024 StartupPID = StartupDataBase();
1025 Assert(StartupPID != 0);
1026 pmState = PM_STARTUP;
1028 status = ServerLoop();
1031 * ServerLoop probably shouldn't ever return, but if it does, close down.
1033 ExitPostmaster(status != STATUS_OK);
1035 return 0; /* not reached */
1040 * Validate the proposed data directory
1045 char path[MAXPGPATH];
1047 struct stat stat_buf;
1051 if (stat(DataDir, &stat_buf) != 0)
1053 if (errno == ENOENT)
1055 (errcode_for_file_access(),
1056 errmsg("data directory \"%s\" does not exist",
1060 (errcode_for_file_access(),
1061 errmsg("could not read permissions of directory \"%s\": %m",
1066 * Check that the directory belongs to my userid; if not, reject.
1068 * This check is an essential part of the interlock that prevents two
1069 * postmasters from starting in the same directory (see CreateLockFile()).
1070 * Do not remove or weaken it.
1072 * XXX can we safely enable this check on Windows?
1074 #if !defined(WIN32) && !defined(__CYGWIN__)
1075 if (stat_buf.st_uid != geteuid())
1077 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1078 errmsg("data directory \"%s\" has wrong ownership",
1080 errhint("The server must be started by the user that owns the data directory.")));
1084 * Check if the directory has group or world access. If so, reject.
1086 * It would be possible to allow weaker constraints (for example, allow
1087 * group access) but we cannot make a general assumption that that is
1088 * okay; for example there are platforms where nearly all users
1089 * customarily belong to the same group. Perhaps this test should be
1092 * XXX temporarily suppress check when on Windows, because there may not
1093 * be proper support for Unix-y file permissions. Need to think of a
1094 * reasonable check to apply on Windows.
1096 #if !defined(WIN32) && !defined(__CYGWIN__)
1097 if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
1099 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1100 errmsg("data directory \"%s\" has group or world access",
1102 errdetail("Permissions should be u=rwx (0700).")));
1105 /* Look for PG_VERSION before looking for pg_control */
1106 ValidatePgVersion(DataDir);
1108 snprintf(path, sizeof(path), "%s/global/pg_control", DataDir);
1110 fp = AllocateFile(path, PG_BINARY_R);
1113 write_stderr("%s: could not find the database system\n"
1114 "Expected to find it in the directory \"%s\",\n"
1115 "but could not open file \"%s\": %s\n",
1116 progname, DataDir, path, strerror(errno));
1126 * empty callback function for DNSServiceRegistrationCreate()
1129 reg_reply(DNSServiceRegistrationReplyErrorType errorCode, void *context)
1132 #endif /* USE_BONJOUR */
1136 * Fork away from the controlling terminal (-S option)
1145 pid = fork_process();
1146 if (pid == (pid_t) -1)
1148 write_stderr("%s: could not fork background process: %s\n",
1149 progname, strerror(errno));
1154 /* Parent should just exit, without doing any atexit cleanup */
1158 MyProcPid = PostmasterPid = getpid(); /* reset PID vars to child */
1160 MyStartTime = time(NULL);
1163 * GH: If there's no setsid(), we hopefully don't need silent mode. Until
1164 * there's a better solution.
1169 write_stderr("%s: could not dissociate from controlling TTY: %s\n",
1170 progname, strerror(errno));
1174 i = open(NULL_DEV, O_RDWR, 0);
1181 elog(FATAL, "SilentMode not supported under WIN32");
1187 * Main idle loop of postmaster
1197 last_touch_time = time(NULL);
1199 nSockets = initMasks(&readmask);
1207 * Wait for a connection request to arrive.
1209 * We wait at most one minute, to ensure that the other background
1210 * tasks handled below get done even when no requests are arriving.
1212 * If we are in PM_WAIT_DEAD_END state, then we don't want to accept
1213 * any new connections, so we don't call select() at all; just sleep
1214 * for a little bit with signals unblocked.
1216 memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
1218 PG_SETMASK(&UnBlockSig);
1220 if (pmState == PM_WAIT_DEAD_END)
1222 pg_usleep(100000L); /* 100 msec seems reasonable */
1227 /* must set timeout each time; some OSes change it! */
1228 struct timeval timeout;
1230 timeout.tv_sec = 60;
1231 timeout.tv_usec = 0;
1233 selres = select(nSockets, &rmask, NULL, NULL, &timeout);
1237 * Block all signals until we wait again. (This makes it safe for our
1238 * signal handlers to do nontrivial work.)
1240 PG_SETMASK(&BlockSig);
1242 /* Now check the select() result */
1245 if (errno != EINTR && errno != EWOULDBLOCK)
1248 (errcode_for_socket_access(),
1249 errmsg("select() failed in postmaster: %m")));
1250 return STATUS_ERROR;
1255 * New connection pending on any of our sockets? If so, fork a child
1256 * process to deal with it.
1262 for (i = 0; i < MAXLISTEN; i++)
1264 if (ListenSocket[i] == -1)
1266 if (FD_ISSET(ListenSocket[i], &rmask))
1270 port = ConnCreate(ListenSocket[i]);
1273 BackendStartup(port);
1276 * We no longer need the open socket or port structure
1279 StreamClose(port->sock);
1286 /* If we have lost the log collector, try to start a new one */
1287 if (SysLoggerPID == 0 && Logging_collector)
1288 SysLoggerPID = SysLogger_Start();
1291 * If no background writer process is running, and we are not in a
1292 * state that prevents it, start one. It doesn't matter if this
1293 * fails, we'll just try again later.
1295 if (BgWriterPID == 0 && pmState == PM_RUN)
1296 BgWriterPID = StartBackgroundWriter();
1299 * Likewise, if we have lost the walwriter process, try to start a new
1302 if (WalWriterPID == 0 && pmState == PM_RUN)
1303 WalWriterPID = StartWalWriter();
1305 /* If we have lost the autovacuum launcher, try to start a new one */
1306 if (AutoVacPID == 0 &&
1307 (AutoVacuumingActive() || start_autovac_launcher) &&
1310 AutoVacPID = StartAutoVacLauncher();
1311 if (AutoVacPID != 0)
1312 start_autovac_launcher = false; /* signal processed */
1316 * If we have lost the archiver, try to start a new one. We do this
1317 * even if we are shutting down, to allow archiver to take care of any
1318 * remaining WAL files.
1320 if (XLogArchivingActive() && PgArchPID == 0 && pmState >= PM_RUN)
1321 PgArchPID = pgarch_start();
1323 /* If we have lost the stats collector, try to start a new one */
1324 if (PgStatPID == 0 && pmState == PM_RUN)
1325 PgStatPID = pgstat_start();
1328 * Touch the socket and lock file every 58 minutes, to ensure that
1329 * they are not removed by overzealous /tmp-cleaning tasks. We assume
1330 * no one runs cleaners with cutoff times of less than an hour ...
1333 if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
1336 TouchSocketLockFile();
1337 last_touch_time = now;
1344 * Initialise the masks for select() for the ports we are listening on.
1345 * Return the number of sockets to listen on.
1348 initMasks(fd_set *rmask)
1355 for (i = 0; i < MAXLISTEN; i++)
1357 int fd = ListenSocket[i];
1371 * Read a client's startup packet and do something according to it.
1373 * Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
1374 * not return at all.
1376 * (Note that ereport(FATAL) stuff is sent to the client, so only use it
1377 * if that's what you want. Return STATUS_ERROR if you don't want to
1378 * send anything to the client, which would typically be appropriate
1379 * if we detect a communications failure.)
1382 ProcessStartupPacket(Port *port, bool SSLdone)
1386 ProtocolVersion proto;
1387 MemoryContext oldcontext;
1389 if (pq_getbytes((char *) &len, 4) == EOF)
1392 * EOF after SSLdone probably means the client didn't like our
1393 * response to NEGOTIATE_SSL_CODE. That's not an error condition, so
1394 * don't clutter the log with a complaint.
1398 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1399 errmsg("incomplete startup packet")));
1400 return STATUS_ERROR;
1406 if (len < (int32) sizeof(ProtocolVersion) ||
1407 len > MAX_STARTUP_PACKET_LENGTH)
1410 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1411 errmsg("invalid length of startup packet")));
1412 return STATUS_ERROR;
1416 * Allocate at least the size of an old-style startup packet, plus one
1417 * extra byte, and make sure all are zeroes. This ensures we will have
1418 * null termination of all strings, in both fixed- and variable-length
1421 if (len <= (int32) sizeof(StartupPacket))
1422 buf = palloc0(sizeof(StartupPacket) + 1);
1424 buf = palloc0(len + 1);
1426 if (pq_getbytes(buf, len) == EOF)
1429 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1430 errmsg("incomplete startup packet")));
1431 return STATUS_ERROR;
1435 * The first field is either a protocol version number or a special
1438 port->proto = proto = ntohl(*((ProtocolVersion *) buf));
1440 if (proto == CANCEL_REQUEST_CODE)
1442 processCancelRequest(port, buf);
1443 return 127; /* XXX */
1446 if (proto == NEGOTIATE_SSL_CODE && !SSLdone)
1451 /* No SSL when disabled or on Unix sockets */
1452 if (!EnableSSL || IS_AF_UNIX(port->laddr.addr.ss_family))
1455 SSLok = 'S'; /* Support for SSL */
1457 SSLok = 'N'; /* No support for SSL */
1461 if (send(port->sock, &SSLok, 1, 0) != 1)
1464 goto retry1; /* if interrupted, just retry */
1466 (errcode_for_socket_access(),
1467 errmsg("failed to send SSL negotiation response: %m")));
1468 return STATUS_ERROR; /* close the connection */
1472 if (SSLok == 'S' && secure_open_server(port) == -1)
1473 return STATUS_ERROR;
1475 /* regular startup packet, cancel, etc packet should follow... */
1476 /* but not another SSL negotiation request */
1477 return ProcessStartupPacket(port, true);
1480 /* Could add additional special packet types here */
1483 * Set FrontendProtocol now so that ereport() knows what format to send if
1484 * we fail during startup.
1486 FrontendProtocol = proto;
1488 /* Check we can handle the protocol the frontend is using. */
1490 if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
1491 PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) ||
1492 (PG_PROTOCOL_MAJOR(proto) == PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) &&
1493 PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST)))
1495 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1496 errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
1497 PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
1498 PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
1499 PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
1500 PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));
1503 * Now fetch parameters out of startup packet and save them into the Port
1504 * structure. All data structures attached to the Port struct must be
1505 * allocated in TopMemoryContext so that they won't disappear when we pass
1506 * them to PostgresMain (see BackendRun). We need not worry about leaking
1507 * this storage on failure, since we aren't in the postmaster process
1510 oldcontext = MemoryContextSwitchTo(TopMemoryContext);
1512 if (PG_PROTOCOL_MAJOR(proto) >= 3)
1514 int32 offset = sizeof(ProtocolVersion);
1517 * Scan packet body for name/option pairs. We can assume any string
1518 * beginning within the packet body is null-terminated, thanks to
1519 * zeroing extra byte above.
1521 port->guc_options = NIL;
1523 while (offset < len)
1525 char *nameptr = ((char *) buf) + offset;
1529 if (*nameptr == '\0')
1530 break; /* found packet terminator */
1531 valoffset = offset + strlen(nameptr) + 1;
1532 if (valoffset >= len)
1533 break; /* missing value, will complain below */
1534 valptr = ((char *) buf) + valoffset;
1536 if (strcmp(nameptr, "database") == 0)
1537 port->database_name = pstrdup(valptr);
1538 else if (strcmp(nameptr, "user") == 0)
1539 port->user_name = pstrdup(valptr);
1540 else if (strcmp(nameptr, "options") == 0)
1541 port->cmdline_options = pstrdup(valptr);
1544 /* Assume it's a generic GUC option */
1545 port->guc_options = lappend(port->guc_options,
1547 port->guc_options = lappend(port->guc_options,
1550 offset = valoffset + strlen(valptr) + 1;
1554 * If we didn't find a packet terminator exactly at the end of the
1555 * given packet length, complain.
1557 if (offset != len - 1)
1559 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1560 errmsg("invalid startup packet layout: expected terminator as last byte")));
1565 * Get the parameters from the old-style, fixed-width-fields startup
1566 * packet as C strings. The packet destination was cleared first so a
1567 * short packet has zeros silently added. We have to be prepared to
1568 * truncate the pstrdup result for oversize fields, though.
1570 StartupPacket *packet = (StartupPacket *) buf;
1572 port->database_name = pstrdup(packet->database);
1573 if (strlen(port->database_name) > sizeof(packet->database))
1574 port->database_name[sizeof(packet->database)] = '\0';
1575 port->user_name = pstrdup(packet->user);
1576 if (strlen(port->user_name) > sizeof(packet->user))
1577 port->user_name[sizeof(packet->user)] = '\0';
1578 port->cmdline_options = pstrdup(packet->options);
1579 if (strlen(port->cmdline_options) > sizeof(packet->options))
1580 port->cmdline_options[sizeof(packet->options)] = '\0';
1581 port->guc_options = NIL;
1584 /* Check a user name was given. */
1585 if (port->user_name == NULL || port->user_name[0] == '\0')
1587 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1588 errmsg("no PostgreSQL user name specified in startup packet")));
1590 /* The database defaults to the user name. */
1591 if (port->database_name == NULL || port->database_name[0] == '\0')
1592 port->database_name = pstrdup(port->user_name);
1594 if (Db_user_namespace)
1597 * If user@, it is a global user, remove '@'. We only want to do this
1598 * if there is an '@' at the end and no earlier in the user string or
1599 * they may fake as a local user of another database attaching to this
1602 if (strchr(port->user_name, '@') ==
1603 port->user_name + strlen(port->user_name) - 1)
1604 *strchr(port->user_name, '@') = '\0';
1607 /* Append '@' and dbname */
1610 db_user = palloc(strlen(port->user_name) +
1611 strlen(port->database_name) + 2);
1612 sprintf(db_user, "%s@%s", port->user_name, port->database_name);
1613 port->user_name = db_user;
1618 * Truncate given database and user names to length of a Postgres name.
1619 * This avoids lookup failures when overlength names are given.
1621 if (strlen(port->database_name) >= NAMEDATALEN)
1622 port->database_name[NAMEDATALEN - 1] = '\0';
1623 if (strlen(port->user_name) >= NAMEDATALEN)
1624 port->user_name[NAMEDATALEN - 1] = '\0';
1627 * Done putting stuff in TopMemoryContext.
1629 MemoryContextSwitchTo(oldcontext);
1632 * If we're going to reject the connection due to database state, say so
1633 * now instead of wasting cycles on an authentication exchange. (This also
1634 * allows a pg_ping utility to be written.)
1636 switch (port->canAcceptConnections)
1640 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1641 errmsg("the database system is starting up")));
1645 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1646 errmsg("the database system is shutting down")));
1650 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1651 errmsg("the database system is in recovery mode")));
1655 (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
1656 errmsg("sorry, too many clients already")));
1667 * The client has sent a cancel request packet, not a normal
1668 * start-a-new-connection packet. Perform the necessary processing.
1669 * Nothing is sent back to the client.
1672 processCancelRequest(Port *port, void *pkt)
1674 CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
1676 long cancelAuthCode;
1679 #ifndef EXEC_BACKEND
1685 backendPID = (int) ntohl(canc->backendPID);
1686 cancelAuthCode = (long) ntohl(canc->cancelAuthCode);
1689 * See if we have a matching backend. In the EXEC_BACKEND case, we can no
1690 * longer access the postmaster's own backend list, and must rely on the
1691 * duplicate array in shared memory.
1693 #ifndef EXEC_BACKEND
1694 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
1696 bp = (Backend *) DLE_VAL(curr);
1698 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
1700 bp = (Backend *) &ShmemBackendArray[i];
1702 if (bp->pid == backendPID)
1704 if (bp->cancel_key == cancelAuthCode)
1706 /* Found a match; signal that backend to cancel current op */
1708 (errmsg_internal("processing cancel request: sending SIGINT to process %d",
1710 signal_child(bp->pid, SIGINT);
1713 /* Right PID, wrong key: no way, Jose */
1715 (errmsg("wrong key in cancel request for process %d",
1721 /* No matching backend */
1723 (errmsg("PID %d in cancel request did not match any process",
1728 * canAcceptConnections --- check to see if database state allows connections.
1730 static enum CAC_state
1731 canAcceptConnections(void)
1733 /* Can't start backends when in startup/shutdown/recovery state. */
1734 if (pmState != PM_RUN)
1736 if (Shutdown > NoShutdown)
1737 return CAC_SHUTDOWN; /* shutdown is pending */
1738 if (pmState == PM_STARTUP && !FatalError)
1739 return CAC_STARTUP; /* normal startup */
1740 return CAC_RECOVERY; /* else must be crash recovery */
1744 * Don't start too many children.
1746 * We allow more connections than we can have backends here because some
1747 * might still be authenticating; they might fail auth, or some existing
1748 * backend might exit before the auth cycle is completed. The exact
1749 * MaxBackends limit is enforced when a new backend tries to join the
1750 * shared-inval backend array.
1752 * In the EXEC_BACKEND case, the limit here must match the size of the
1753 * ShmemBackendArray, since all these processes will have cancel codes.
1755 if (CountChildren() >= 2 * MaxBackends)
1763 * ConnCreate -- create a local connection data structure
1766 ConnCreate(int serverFd)
1770 if (!(port = (Port *) calloc(1, sizeof(Port))))
1773 (errcode(ERRCODE_OUT_OF_MEMORY),
1774 errmsg("out of memory")));
1778 if (StreamConnection(serverFd, port) != STATUS_OK)
1780 if (port->sock >= 0)
1781 StreamClose(port->sock);
1788 * Precompute password salt values to use for this connection. It's
1789 * slightly annoying to do this long in advance of knowing whether
1790 * we'll need 'em or not, but we must do the random() calls before we
1791 * fork, not after. Else the postmaster's random sequence won't get
1792 * advanced, and all backends would end up using the same salt...
1794 RandomSalt(port->cryptSalt, port->md5Salt);
1798 * Allocate GSSAPI specific state struct
1800 #ifndef EXEC_BACKEND
1801 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
1802 port->gss = (pg_gssinfo *) calloc(1, sizeof(pg_gssinfo));
1806 (errcode(ERRCODE_OUT_OF_MEMORY),
1807 errmsg("out of memory")));
1818 * ConnFree -- free a local connection data structure
1821 ConnFree(Port *conn)
1833 * ClosePostmasterPorts -- close all the postmaster's open sockets
1835 * This is called during child process startup to release file descriptors
1836 * that are not needed by that child process. The postmaster still has
1837 * them open, of course.
1839 * Note: we pass am_syslogger as a boolean because we don't want to set
1840 * the global variable yet when this is called.
1843 ClosePostmasterPorts(bool am_syslogger)
1847 /* Close the listen sockets */
1848 for (i = 0; i < MAXLISTEN; i++)
1850 if (ListenSocket[i] != -1)
1852 StreamClose(ListenSocket[i]);
1853 ListenSocket[i] = -1;
1857 /* If using syslogger, close the read side of the pipe */
1861 if (syslogPipe[0] >= 0)
1862 close(syslogPipe[0]);
1866 CloseHandle(syslogPipe[0]);
1874 * reset_shared -- reset shared memory and semaphores
1877 reset_shared(int port)
1880 * Create or re-create shared memory and semaphores.
1882 * Note: in each "cycle of life" we will normally assign the same IPC keys
1883 * (if using SysV shmem and/or semas), since the port number is used to
1884 * determine IPC keys. This helps ensure that we will clean up dead IPC
1885 * objects if the postmaster crashes and is restarted.
1887 CreateSharedMemoryAndSemaphores(false, port);
1892 * SIGHUP -- reread config files, and tell children to do same
1895 SIGHUP_handler(SIGNAL_ARGS)
1897 int save_errno = errno;
1899 PG_SETMASK(&BlockSig);
1901 if (Shutdown <= SmartShutdown)
1904 (errmsg("received SIGHUP, reloading configuration files")));
1905 ProcessConfigFile(PGC_SIGHUP);
1906 SignalChildren(SIGHUP);
1907 if (BgWriterPID != 0)
1908 signal_child(BgWriterPID, SIGHUP);
1909 if (WalWriterPID != 0)
1910 signal_child(WalWriterPID, SIGHUP);
1911 if (AutoVacPID != 0)
1912 signal_child(AutoVacPID, SIGHUP);
1914 signal_child(PgArchPID, SIGHUP);
1915 if (SysLoggerPID != 0)
1916 signal_child(SysLoggerPID, SIGHUP);
1917 /* PgStatPID does not currently need SIGHUP */
1919 /* Reload authentication config files too */
1924 /* Update the starting-point file for future children */
1925 write_nondefault_variables(PGC_SIGHUP);
1929 PG_SETMASK(&UnBlockSig);
1936 * pmdie -- signal handler for processing various postmaster signals.
1941 int save_errno = errno;
1943 PG_SETMASK(&BlockSig);
1946 (errmsg_internal("postmaster received signal %d",
1947 postgres_signal_arg)));
1949 switch (postgres_signal_arg)
1956 * Wait for children to end their work, then shut down.
1958 if (Shutdown >= SmartShutdown)
1960 Shutdown = SmartShutdown;
1962 (errmsg("received smart shutdown request")));
1964 if (pmState == PM_RUN)
1966 /* autovacuum workers are told to shut down immediately */
1967 SignalAutovacWorkers(SIGTERM);
1968 /* and the autovac launcher too */
1969 if (AutoVacPID != 0)
1970 signal_child(AutoVacPID, SIGTERM);
1971 /* and the walwriter too */
1972 if (WalWriterPID != 0)
1973 signal_child(WalWriterPID, SIGTERM);
1974 pmState = PM_WAIT_BACKENDS;
1978 * Now wait for backends to exit. If there are none,
1979 * PostmasterStateMachine will take the next step.
1981 PostmasterStateMachine();
1989 * Abort all children with SIGTERM (rollback active transactions
1990 * and exit) and shut down when they are gone.
1992 if (Shutdown >= FastShutdown)
1994 Shutdown = FastShutdown;
1996 (errmsg("received fast shutdown request")));
1998 if (StartupPID != 0)
1999 signal_child(StartupPID, SIGTERM);
2000 if (pmState == PM_RUN)
2003 (errmsg("aborting any active transactions")));
2004 /* shut down all backends and autovac workers */
2005 SignalChildren(SIGTERM);
2006 /* and the autovac launcher too */
2007 if (AutoVacPID != 0)
2008 signal_child(AutoVacPID, SIGTERM);
2009 /* and the walwriter too */
2010 if (WalWriterPID != 0)
2011 signal_child(WalWriterPID, SIGTERM);
2012 pmState = PM_WAIT_BACKENDS;
2016 * Now wait for backends to exit. If there are none,
2017 * PostmasterStateMachine will take the next step.
2019 PostmasterStateMachine();
2025 * Immediate Shutdown:
2027 * abort all children with SIGQUIT and exit without attempt to
2028 * properly shut down data base system.
2031 (errmsg("received immediate shutdown request")));
2032 SignalChildren(SIGQUIT);
2033 if (StartupPID != 0)
2034 signal_child(StartupPID, SIGQUIT);
2035 if (BgWriterPID != 0)
2036 signal_child(BgWriterPID, SIGQUIT);
2037 if (WalWriterPID != 0)
2038 signal_child(WalWriterPID, SIGQUIT);
2039 if (AutoVacPID != 0)
2040 signal_child(AutoVacPID, SIGQUIT);
2042 signal_child(PgArchPID, SIGQUIT);
2044 signal_child(PgStatPID, SIGQUIT);
2049 PG_SETMASK(&UnBlockSig);
2055 * Reaper -- signal handler to cleanup after a child process dies.
2060 int save_errno = errno;
2061 int pid; /* process id of dead child process */
2062 int exitstatus; /* its exit status */
2064 /* These macros hide platform variations in getting child status */
2066 int status; /* child exit status */
2068 #define LOOPTEST() ((pid = waitpid(-1, &status, WNOHANG)) > 0)
2069 #define LOOPHEADER() (exitstatus = status)
2070 #else /* !HAVE_WAITPID */
2072 union wait status; /* child exit status */
2074 #define LOOPTEST() ((pid = wait3(&status, WNOHANG, NULL)) > 0)
2075 #define LOOPHEADER() (exitstatus = status.w_status)
2077 #define LOOPTEST() ((pid = win32_waitpid(&exitstatus)) > 0)
2078 #define LOOPHEADER()
2080 #endif /* HAVE_WAITPID */
2082 PG_SETMASK(&BlockSig);
2085 (errmsg_internal("reaping dead processes")));
2092 * Check if this child was a startup process.
2094 if (pid == StartupPID)
2097 Assert(pmState == PM_STARTUP);
2099 /* FATAL exit of startup is treated as catastrophic */
2100 if (!EXIT_STATUS_0(exitstatus))
2102 LogChildExit(LOG, _("startup process"),
2105 (errmsg("aborting startup due to startup process failure")));
2110 * Startup succeeded - we are done with system startup or
2116 * Go to shutdown mode if a shutdown request was pending.
2118 if (Shutdown > NoShutdown)
2120 pmState = PM_WAIT_BACKENDS;
2121 /* PostmasterStateMachine logic does the rest */
2126 * Otherwise, commence normal operations.
2131 * Load the flat authorization file into postmaster's cache. The
2132 * startup process has recomputed this from the database contents,
2133 * so we wait till it finishes before loading it.
2138 * Crank up the background writer. It doesn't matter if this
2139 * fails, we'll just try again later.
2141 Assert(BgWriterPID == 0);
2142 BgWriterPID = StartBackgroundWriter();
2145 * Likewise, start other special children as needed. In a restart
2146 * situation, some of them may be alive already.
2148 if (WalWriterPID == 0)
2149 WalWriterPID = StartWalWriter();
2150 if (AutoVacuumingActive() && AutoVacPID == 0)
2151 AutoVacPID = StartAutoVacLauncher();
2152 if (XLogArchivingActive() && PgArchPID == 0)
2153 PgArchPID = pgarch_start();
2155 PgStatPID = pgstat_start();
2157 /* at this point we are really open for business */
2159 (errmsg("database system is ready to accept connections")));
2165 * Was it the bgwriter?
2167 if (pid == BgWriterPID)
2170 if (EXIT_STATUS_0(exitstatus) && pmState == PM_SHUTDOWN)
2173 * OK, we saw normal exit of the bgwriter after it's been told
2174 * to shut down. We expect that it wrote a shutdown
2175 * checkpoint. (If for some reason it didn't, recovery will
2176 * occur on next postmaster start.)
2178 * At this point we should have no normal children left (else
2179 * we'd not be in PM_SHUTDOWN state) but we might have
2180 * dead_end children.
2182 Assert(Shutdown > NoShutdown);
2183 pmState = PM_WAIT_DEAD_END;
2188 * Any unexpected exit of the bgwriter (including FATAL exit)
2189 * is treated as a crash.
2191 HandleChildCrash(pid, exitstatus,
2192 _("background writer process"));
2199 * Was it the wal writer? Normal exit can be ignored; we'll start a
2200 * new one at the next iteration of the postmaster's main loop, if
2201 * necessary. Any other exit condition is treated as a crash.
2203 if (pid == WalWriterPID)
2206 if (!EXIT_STATUS_0(exitstatus))
2207 HandleChildCrash(pid, exitstatus,
2208 _("WAL writer process"));
2213 * Was it the autovacuum launcher? Normal exit can be ignored; we'll
2214 * start a new one at the next iteration of the postmaster's main
2215 * loop, if necessary. Any other exit condition is treated as a
2218 if (pid == AutoVacPID)
2221 if (!EXIT_STATUS_0(exitstatus))
2222 HandleChildCrash(pid, exitstatus,
2223 _("autovacuum launcher process"));
2228 * Was it the archiver? If so, just try to start a new one; no need
2229 * to force reset of the rest of the system. (If fail, we'll try
2230 * again in future cycles of the main loop.)
2232 if (pid == PgArchPID)
2235 if (!EXIT_STATUS_0(exitstatus))
2236 LogChildExit(LOG, _("archiver process"),
2238 if (XLogArchivingActive() && pmState >= PM_RUN)
2239 PgArchPID = pgarch_start();
2244 * Was it the statistics collector? If so, just try to start a new
2245 * one; no need to force reset of the rest of the system. (If fail,
2246 * we'll try again in future cycles of the main loop.)
2248 if (pid == PgStatPID)
2251 if (!EXIT_STATUS_0(exitstatus))
2252 LogChildExit(LOG, _("statistics collector process"),
2254 if (pmState == PM_RUN)
2255 PgStatPID = pgstat_start();
2259 /* Was it the system logger? If so, try to start a new one */
2260 if (pid == SysLoggerPID)
2263 /* for safety's sake, launch new logger *first* */
2264 SysLoggerPID = SysLogger_Start();
2265 if (!EXIT_STATUS_0(exitstatus))
2266 LogChildExit(LOG, _("system logger process"),
2272 * Else do standard backend child cleanup.
2274 CleanupBackend(pid, exitstatus);
2275 } /* loop over pending child-death reports */
2278 * After cleaning out the SIGCHLD queue, see if we have any state changes
2279 * or actions to make.
2281 PostmasterStateMachine();
2283 /* Done with signal handler */
2284 PG_SETMASK(&UnBlockSig);
2291 * CleanupBackend -- cleanup after terminated backend.
2293 * Remove all local state associated with backend.
2296 CleanupBackend(int pid,
2297 int exitstatus) /* child's exit status. */
2301 LogChildExit(DEBUG2, _("server process"), pid, exitstatus);
2304 * If a backend dies in an ugly way then we must signal all other backends
2305 * to quickdie. If exit status is zero (normal) or one (FATAL exit), we
2306 * assume everything is all right and simply remove the backend from the
2307 * active backend list.
2309 if (!EXIT_STATUS_0(exitstatus) && !EXIT_STATUS_1(exitstatus))
2311 HandleChildCrash(pid, exitstatus, _("server process"));
2315 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
2317 Backend *bp = (Backend *) DLE_VAL(curr);
2323 ShmemBackendArrayRemove(pid);
2334 * HandleChildCrash -- cleanup after failed backend, bgwriter, walwriter,
2337 * The objectives here are to clean up our local state about the child
2338 * process, and to signal all other remaining children to quickdie.
2341 HandleChildCrash(int pid, int exitstatus, const char *procname)
2348 * Make log entry unless there was a previous crash (if so, nonzero exit
2349 * status is to be expected in SIGQUIT response; don't clutter log)
2353 LogChildExit(LOG, procname, pid, exitstatus);
2355 (errmsg("terminating any other active server processes")));
2358 /* Process regular backends */
2359 for (curr = DLGetHead(BackendList); curr; curr = next)
2361 next = DLGetSucc(curr);
2362 bp = (Backend *) DLE_VAL(curr);
2366 * Found entry for freshly-dead backend, so remove it.
2370 ShmemBackendArrayRemove(pid);
2375 /* Keep looping so we can signal remaining backends */
2380 * This backend is still alive. Unless we did so already, tell it
2381 * to commit hara-kiri.
2383 * SIGQUIT is the special signal that says exit without proc_exit
2384 * and let the user know what's going on. But if SendStop is set
2385 * (-s on command line), then we send SIGSTOP instead, so that we
2386 * can get core dumps from all backends by hand.
2388 * We could exclude dead_end children here, but at least in the
2389 * SIGSTOP case it seems better to include them.
2394 (errmsg_internal("sending %s to process %d",
2395 (SendStop ? "SIGSTOP" : "SIGQUIT"),
2397 signal_child(bp->pid, (SendStop ? SIGSTOP : SIGQUIT));
2402 /* Take care of the bgwriter too */
2403 if (pid == BgWriterPID)
2405 else if (BgWriterPID != 0 && !FatalError)
2408 (errmsg_internal("sending %s to process %d",
2409 (SendStop ? "SIGSTOP" : "SIGQUIT"),
2410 (int) BgWriterPID)));
2411 signal_child(BgWriterPID, (SendStop ? SIGSTOP : SIGQUIT));
2414 /* Take care of the walwriter too */
2415 if (pid == WalWriterPID)
2417 else if (WalWriterPID != 0 && !FatalError)
2420 (errmsg_internal("sending %s to process %d",
2421 (SendStop ? "SIGSTOP" : "SIGQUIT"),
2422 (int) WalWriterPID)));
2423 signal_child(WalWriterPID, (SendStop ? SIGSTOP : SIGQUIT));
2426 /* Take care of the autovacuum launcher too */
2427 if (pid == AutoVacPID)
2429 else if (AutoVacPID != 0 && !FatalError)
2432 (errmsg_internal("sending %s to process %d",
2433 (SendStop ? "SIGSTOP" : "SIGQUIT"),
2434 (int) AutoVacPID)));
2435 signal_child(AutoVacPID, (SendStop ? SIGSTOP : SIGQUIT));
2439 * Force a power-cycle of the pgarch process too. (This isn't absolutely
2440 * necessary, but it seems like a good idea for robustness, and it
2441 * simplifies the state-machine logic in the case where a shutdown request
2442 * arrives during crash processing.)
2444 if (PgArchPID != 0 && !FatalError)
2447 (errmsg_internal("sending %s to process %d",
2450 signal_child(PgArchPID, SIGQUIT);
2454 * Force a power-cycle of the pgstat process too. (This isn't absolutely
2455 * necessary, but it seems like a good idea for robustness, and it
2456 * simplifies the state-machine logic in the case where a shutdown request
2457 * arrives during crash processing.)
2459 if (PgStatPID != 0 && !FatalError)
2462 (errmsg_internal("sending %s to process %d",
2465 signal_child(PgStatPID, SIGQUIT);
2466 allow_immediate_pgstat_restart();
2469 /* We do NOT restart the syslogger */
2472 /* We now transit into a state of waiting for children to die */
2473 if (pmState == PM_RUN || pmState == PM_SHUTDOWN)
2474 pmState = PM_WAIT_BACKENDS;
2478 * Log the death of a child process.
2481 LogChildExit(int lev, const char *procname, int pid, int exitstatus)
2483 if (WIFEXITED(exitstatus))
2487 translator: %s is a noun phrase describing a child process, such as
2489 (errmsg("%s (PID %d) exited with exit code %d",
2490 procname, pid, WEXITSTATUS(exitstatus))));
2491 else if (WIFSIGNALED(exitstatus))
2496 translator: %s is a noun phrase describing a child process, such as
2498 (errmsg("%s (PID %d) was terminated by exception 0x%X",
2499 procname, pid, WTERMSIG(exitstatus)),
2500 errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value.")));
2501 #elif defined(HAVE_DECL_SYS_SIGLIST) && HAVE_DECL_SYS_SIGLIST
2505 translator: %s is a noun phrase describing a child process, such as
2507 (errmsg("%s (PID %d) was terminated by signal %d: %s",
2508 procname, pid, WTERMSIG(exitstatus),
2509 WTERMSIG(exitstatus) < NSIG ?
2510 sys_siglist[WTERMSIG(exitstatus)] : "(unknown)")));
2515 translator: %s is a noun phrase describing a child process, such as
2517 (errmsg("%s (PID %d) was terminated by signal %d",
2518 procname, pid, WTERMSIG(exitstatus))));
2524 translator: %s is a noun phrase describing a child process, such as
2526 (errmsg("%s (PID %d) exited with unrecognized status %d",
2527 procname, pid, exitstatus)));
2531 * Advance the postmaster's state machine and take actions as appropriate
2533 * This is common code for pmdie() and reaper(), which receive the signals
2534 * that might mean we need to change state.
2537 PostmasterStateMachine(void)
2540 * If we are in a state-machine state that implies waiting for backends to
2541 * exit, see if they're all gone, and change state if so.
2543 if (pmState == PM_WAIT_BACKENDS)
2546 * PM_WAIT_BACKENDS state ends when we have no regular backends
2547 * (including autovac workers) and no walwriter or autovac launcher.
2548 * If we are doing crash recovery then we expect the bgwriter to exit
2549 * too, otherwise not. The archiver, stats, and syslogger processes
2550 * are disregarded since they are not connected to shared memory; we
2551 * also disregard dead_end children here.
2553 if (CountChildren() == 0 &&
2555 (BgWriterPID == 0 || !FatalError) &&
2556 WalWriterPID == 0 &&
2562 * Start waiting for dead_end children to die. This state
2563 * change causes ServerLoop to stop creating new ones.
2565 pmState = PM_WAIT_DEAD_END;
2570 * If we get here, we are proceeding with normal shutdown. All
2571 * the regular children are gone, and it's time to tell the
2572 * bgwriter to do a shutdown checkpoint.
2574 Assert(Shutdown > NoShutdown);
2575 /* Start the bgwriter if not running */
2576 if (BgWriterPID == 0)
2577 BgWriterPID = StartBackgroundWriter();
2578 /* And tell it to shut down */
2579 if (BgWriterPID != 0)
2581 signal_child(BgWriterPID, SIGUSR2);
2582 pmState = PM_SHUTDOWN;
2587 * If we failed to fork a bgwriter, just shut down. Any
2588 * required cleanup will happen at next restart. We set
2589 * FatalError so that an "abnormal shutdown" message gets
2590 * logged when we exit.
2593 pmState = PM_WAIT_DEAD_END;
2595 /* Tell pgarch to shut down too; nothing left for it to do */
2597 signal_child(PgArchPID, SIGQUIT);
2598 /* Tell pgstat to shut down too; nothing left for it to do */
2600 signal_child(PgStatPID, SIGQUIT);
2605 if (pmState == PM_WAIT_DEAD_END)
2608 * PM_WAIT_DEAD_END state ends when the BackendList is entirely empty
2609 * (ie, no dead_end children remain).
2611 if (!DLGetHead(BackendList))
2613 /* These other guys should be dead already */
2614 Assert(StartupPID == 0);
2615 Assert(BgWriterPID == 0);
2616 Assert(WalWriterPID == 0);
2617 Assert(AutoVacPID == 0);
2618 /* archiver, stats, and syslogger are not considered here */
2619 pmState = PM_NO_CHILDREN;
2624 * If we've been told to shut down, we exit as soon as there are no
2625 * remaining children. If there was a crash, cleanup will occur at the
2626 * next startup. (Before PostgreSQL 8.3, we tried to recover from the
2627 * crash before exiting, but that seems unwise if we are quitting because
2628 * we got SIGTERM from init --- there may well not be time for recovery
2629 * before init decides to SIGKILL us.)
2631 * Note: we do not wait around for exit of the archiver or stats
2632 * processes. They've been sent SIGQUIT by this point (either when we
2633 * entered PM_SHUTDOWN state, or when we set FatalError, and at least one
2634 * of those must have happened by now). In any case they contain logic to
2635 * commit hara-kiri if they notice the postmaster is gone. Since they
2636 * aren't connected to shared memory, they pose no problem for shutdown.
2637 * The syslogger is not considered either, since it's intended to survive
2638 * till the postmaster exits.
2640 if (Shutdown > NoShutdown && pmState == PM_NO_CHILDREN)
2644 ereport(LOG, (errmsg("abnormal database system shutdown")));
2649 /* Normal exit from the postmaster is here */
2655 * If we need to recover from a crash, wait for all shmem-connected
2656 * children to exit, then reset shmem and StartupDataBase. (We can ignore
2657 * the archiver and stats processes here since they are not connected to
2660 if (FatalError && pmState == PM_NO_CHILDREN)
2663 (errmsg("all server processes terminated; reinitializing")));
2666 reset_shared(PostPortNumber);
2668 StartupPID = StartupDataBase();
2669 Assert(StartupPID != 0);
2670 pmState = PM_STARTUP;
2676 * Send a signal to a postmaster child process
2678 * On systems that have setsid(), each child process sets itself up as a
2679 * process group leader. For signals that are generally interpreted in the
2680 * appropriate fashion, we signal the entire process group not just the
2681 * direct child process. This allows us to, for example, SIGQUIT a blocked
2682 * archive_recovery script, or SIGINT a script being run by a backend via
2685 * There is a race condition for recently-forked children: they might not
2686 * have executed setsid() yet. So we signal the child directly as well as
2687 * the group. We assume such a child will handle the signal before trying
2688 * to spawn any grandchild processes. We also assume that signaling the
2689 * child twice will not cause any problems.
2692 signal_child(pid_t pid, int signal)
2694 if (kill(pid, signal) < 0)
2695 elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) pid, signal);
2703 if (kill(-pid, signal) < 0)
2704 elog(DEBUG3, "kill(%ld,%d) failed: %m", (long) (-pid), signal);
2713 * Send a signal to all backend children, including autovacuum workers
2714 * (but NOT special children; dead_end children are never signaled, either).
2715 * If only_autovac is TRUE, only the autovacuum worker processes are signalled.
2718 SignalSomeChildren(int signal, bool only_autovac)
2722 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
2724 Backend *bp = (Backend *) DLE_VAL(curr);
2728 if (only_autovac && !bp->is_autovacuum)
2732 (errmsg_internal("sending signal %d to process %d",
2733 signal, (int) bp->pid)));
2734 signal_child(bp->pid, signal);
2739 * BackendStartup -- start backend process
2741 * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
2743 * Note: if you change this code, also consider StartAutovacuumWorker.
2746 BackendStartup(Port *port)
2748 Backend *bn; /* for backend cleanup */
2752 * Compute the cancel key that will be assigned to this backend. The
2753 * backend will have its own copy in the forked-off process' value of
2754 * MyCancelKey, so that it can transmit the key to the frontend.
2756 MyCancelKey = PostmasterRandom();
2759 * Make room for backend data structure. Better before the fork() so we
2760 * can handle failure cleanly.
2762 bn = (Backend *) malloc(sizeof(Backend));
2766 (errcode(ERRCODE_OUT_OF_MEMORY),
2767 errmsg("out of memory")));
2768 return STATUS_ERROR;
2771 /* Pass down canAcceptConnections state (kluge for EXEC_BACKEND case) */
2772 port->canAcceptConnections = canAcceptConnections();
2775 pid = backend_forkexec(port);
2776 #else /* !EXEC_BACKEND */
2777 pid = fork_process();
2778 if (pid == 0) /* child */
2783 * Let's clean up ourselves as the postmaster child, and close the
2784 * postmaster's listen sockets. (In EXEC_BACKEND case this is all
2785 * done in SubPostmasterMain.)
2787 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
2789 MyProcPid = getpid(); /* reset MyProcPid */
2791 MyStartTime = time(NULL);
2793 /* We don't want the postmaster's proc_exit() handlers */
2796 /* Close the postmaster's sockets */
2797 ClosePostmasterPorts(false);
2799 /* Perform additional initialization and client authentication */
2800 BackendInitialize(port);
2802 /* And run the backend */
2803 proc_exit(BackendRun(port));
2805 #endif /* EXEC_BACKEND */
2809 /* in parent, fork failed */
2810 int save_errno = errno;
2815 (errmsg("could not fork new process for connection: %m")));
2816 report_fork_failure_to_client(port, save_errno);
2817 return STATUS_ERROR;
2820 /* in parent, successful fork */
2822 (errmsg_internal("forked new backend, pid=%d socket=%d",
2823 (int) pid, port->sock)));
2826 * Everything's been successful, it's safe to add this backend to our list
2830 bn->cancel_key = MyCancelKey;
2831 bn->is_autovacuum = false;
2832 bn->dead_end = (port->canAcceptConnections != CAC_OK);
2833 DLAddHead(BackendList, DLNewElem(bn));
2836 ShmemBackendArrayAdd(bn);
2843 * Try to report backend fork() failure to client before we close the
2844 * connection. Since we do not care to risk blocking the postmaster on
2845 * this connection, we set the connection to non-blocking and try only once.
2847 * This is grungy special-purpose code; we cannot use backend libpq since
2848 * it's not up and running.
2851 report_fork_failure_to_client(Port *port, int errnum)
2856 /* Format the error message packet (always V2 protocol) */
2857 snprintf(buffer, sizeof(buffer), "E%s%s\n",
2858 _("could not fork new process for connection: "),
2861 /* Set port to non-blocking. Don't do send() if this fails */
2862 if (!pg_set_noblock(port->sock))
2865 /* We'll retry after EINTR, but ignore all other failures */
2868 rc = send(port->sock, buffer, strlen(buffer) + 1, 0);
2869 } while (rc < 0 && errno == EINTR);
2874 * split_opts -- split a string of options and append it to an argv array
2876 * NB: the string is destructively modified!
2878 * Since no current POSTGRES arguments require any quoting characters,
2879 * we can use the simple-minded tactic of assuming each set of space-
2880 * delimited characters is a separate argv element.
2882 * If you don't like that, well, we *used* to pass the whole option string
2883 * as ONE argument to execl(), which was even less intelligent...
2886 split_opts(char **argv, int *argcp, char *s)
2890 while (isspace((unsigned char) *s))
2894 argv[(*argcp)++] = s;
2895 while (*s && !isspace((unsigned char) *s))
2904 * BackendInitialize -- initialize an interactive (postmaster-child)
2905 * backend process, and perform client authentication.
2907 * returns: nothing. Will not return at all if there's any failure.
2909 * Note: this code does not depend on having any access to shared memory.
2910 * In the EXEC_BACKEND case, we are physically attached to shared memory
2911 * but have not yet set up most of our local pointers to shmem structures.
2914 BackendInitialize(Port *port)
2917 char remote_host[NI_MAXHOST];
2918 char remote_port[NI_MAXSERV];
2919 char remote_ps_data[NI_MAXHOST];
2921 /* Save port etc. for ps status */
2925 * PreAuthDelay is a debugging aid for investigating problems in the
2926 * authentication cycle: it can be set in postgresql.conf to allow time to
2927 * attach to the newly-forked backend with a debugger. (See also the -W
2928 * backend switch, which we allow clients to pass through PGOPTIONS, but
2929 * it is not honored until after authentication.)
2931 if (PreAuthDelay > 0)
2932 pg_usleep(PreAuthDelay * 1000000L);
2934 ClientAuthInProgress = true; /* limit visibility of log messages */
2936 /* save process start time */
2937 port->SessionStartTime = GetCurrentTimestamp();
2938 MyStartTime = timestamptz_to_time_t(port->SessionStartTime);
2940 /* set these to empty in case they are needed before we set them up */
2941 port->remote_host = "";
2942 port->remote_port = "";
2945 * Initialize libpq and enable reporting of ereport errors to the client.
2946 * Must do this now because authentication uses libpq to send messages.
2948 pq_init(); /* initialize libpq to talk to client */
2949 whereToSendOutput = DestRemote; /* now safe to ereport to client */
2952 * If possible, make this process a group leader, so that the postmaster
2953 * can signal any child processes too. (We do this now on the off chance
2954 * that something might spawn a child process during authentication.)
2958 elog(FATAL, "setsid() failed: %m");
2962 * We arrange for a simple exit(1) if we receive SIGTERM or SIGQUIT during
2963 * any client authentication related communication. Otherwise the
2964 * postmaster cannot shutdown the database FAST or IMMED cleanly if a
2965 * buggy client blocks a backend during authentication.
2967 pqsignal(SIGTERM, authdie);
2968 pqsignal(SIGQUIT, authdie);
2969 pqsignal(SIGALRM, authdie);
2970 PG_SETMASK(&AuthBlockSig);
2973 * Get the remote host name and port for logging and status display.
2975 remote_host[0] = '\0';
2976 remote_port[0] = '\0';
2977 if (pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
2978 remote_host, sizeof(remote_host),
2979 remote_port, sizeof(remote_port),
2980 (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV))
2982 int ret = pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
2983 remote_host, sizeof(remote_host),
2984 remote_port, sizeof(remote_port),
2985 NI_NUMERICHOST | NI_NUMERICSERV);
2989 (errmsg_internal("pg_getnameinfo_all() failed: %s",
2990 gai_strerror(ret))));
2992 snprintf(remote_ps_data, sizeof(remote_ps_data),
2993 remote_port[0] == '\0' ? "%s" : "%s(%s)",
2994 remote_host, remote_port);
2996 if (Log_connections)
2998 (errmsg("connection received: host=%s%s%s",
2999 remote_host, remote_port[0] ? " port=" : "",
3003 * save remote_host and remote_port in port structure
3005 port->remote_host = strdup(remote_host);
3006 port->remote_port = strdup(remote_port);
3009 * In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.conf
3010 * etcetera from the postmaster, and have to load them ourselves. Build
3011 * the PostmasterContext (which didn't exist before, in this process) to
3014 * FIXME: [fork/exec] Ugh. Is there a way around this overhead?
3017 Assert(PostmasterContext == NULL);
3018 PostmasterContext = AllocSetContextCreate(TopMemoryContext,
3020 ALLOCSET_DEFAULT_MINSIZE,
3021 ALLOCSET_DEFAULT_INITSIZE,
3022 ALLOCSET_DEFAULT_MAXSIZE);
3023 MemoryContextSwitchTo(PostmasterContext);
3031 * Ready to begin client interaction. We will give up and exit(0) after a
3032 * time delay, so that a broken client can't hog a connection
3033 * indefinitely. PreAuthDelay doesn't count against the time limit.
3035 if (!enable_sig_alarm(AuthenticationTimeout * 1000, false))
3036 elog(FATAL, "could not set timer for authorization timeout");
3039 * Receive the startup packet (which might turn out to be a cancel request
3042 status = ProcessStartupPacket(port, false);
3044 if (status != STATUS_OK)
3048 * Now that we have the user and database name, we can set the process
3049 * title for ps. It's good to do this as early as possible in startup.
3051 init_ps_display(port->user_name, port->database_name, remote_ps_data,
3052 update_process_title ? "authentication" : "");
3055 * Now perform authentication exchange.
3057 ClientAuthentication(port); /* might not return, if failure */
3060 * Done with authentication. Disable timeout, and prevent SIGTERM/SIGQUIT
3061 * again until backend startup is complete.
3063 if (!disable_sig_alarm(false))
3064 elog(FATAL, "could not disable timer for authorization timeout");
3065 PG_SETMASK(&BlockSig);
3067 if (Log_connections)
3069 (errmsg("connection authorized: user=%s database=%s",
3070 port->user_name, port->database_name)));
3075 * BackendRun -- set up the backend's argument list and invoke PostgresMain()
3078 * Shouldn't return at all.
3079 * If PostgresMain() fails, return status.
3082 BackendRun(Port *port)
3093 * Don't want backend to be able to see the postmaster random number
3094 * generator state. We have to clobber the static random_seed *and* start
3095 * a new random sequence in the random() library function.
3098 random_start_time.tv_usec = 0;
3099 /* slightly hacky way to get integer microseconds part of timestamptz */
3100 TimestampDifference(0, port->SessionStartTime, &secs, &usecs);
3101 srandom((unsigned int) (MyProcPid ^ usecs));
3104 * Now, build the argv vector that will be given to PostgresMain.
3106 * The layout of the command line is
3107 * postgres [secure switches] -y databasename [insecure switches]
3108 * where the switches after -y come from the client request.
3110 * The maximum possible number of commandline arguments that could come
3111 * from ExtraOptions or port->cmdline_options is (strlen + 1) / 2; see
3115 maxac = 10; /* for fixed args supplied below */
3116 maxac += (strlen(ExtraOptions) + 1) / 2;
3117 if (port->cmdline_options)
3118 maxac += (strlen(port->cmdline_options) + 1) / 2;
3120 av = (char **) MemoryContextAlloc(TopMemoryContext,
3121 maxac * sizeof(char *));
3124 av[ac++] = "postgres";
3127 * Pass any backend switches specified with -o in the postmaster's own
3128 * command line. We assume these are secure. (It's OK to mangle
3129 * ExtraOptions now, since we're safely inside a subprocess.)
3131 split_opts(av, &ac, ExtraOptions);
3133 /* Tell the backend what protocol the frontend is using. */
3134 snprintf(protobuf, sizeof(protobuf), "-v%u", port->proto);
3135 av[ac++] = protobuf;
3138 * Tell the backend it is being called from the postmaster, and which
3139 * database to use. -y marks the end of secure switches.
3142 av[ac++] = port->database_name;
3145 * Pass the (insecure) option switches from the connection request. (It's
3146 * OK to mangle port->cmdline_options now.)
3148 if (port->cmdline_options)
3149 split_opts(av, &ac, port->cmdline_options);
3156 * Release postmaster's working memory context so that backend can recycle
3157 * the space. Note this does not trash *MyProcPort, because ConnCreate()
3158 * allocated that space with malloc() ... else we'd need to copy the Port
3159 * data here. Also, subsidiary data such as the username isn't lost
3160 * either; see ProcessStartupPacket().
3162 MemoryContextSwitchTo(TopMemoryContext);
3163 MemoryContextDelete(PostmasterContext);
3164 PostmasterContext = NULL;
3167 * Debug: print arguments being passed to backend
3170 (errmsg_internal("%s child[%d]: starting with (",
3171 progname, (int) getpid())));
3172 for (i = 0; i < ac; ++i)
3174 (errmsg_internal("\t%s", av[i])));
3176 (errmsg_internal(")")));
3178 ClientAuthInProgress = false; /* client_min_messages is active now */
3180 return (PostgresMain(ac, av, port->user_name));
3187 * postmaster_forkexec -- fork and exec a postmaster subprocess
3189 * The caller must have set up the argv array already, except for argv[2]
3190 * which will be filled with the name of the temp variable file.
3192 * Returns the child process PID, or -1 on fork failure (a suitable error
3193 * message has been logged on failure).
3195 * All uses of this routine will dispatch to SubPostmasterMain in the
3199 postmaster_forkexec(int argc, char *argv[])
3203 /* This entry point passes dummy values for the Port variables */
3204 memset(&port, 0, sizeof(port));
3205 return internal_forkexec(argc, argv, &port);
3209 * backend_forkexec -- fork/exec off a backend process
3211 * returns the pid of the fork/exec'd process, or -1 on failure
3214 backend_forkexec(Port *port)
3219 av[ac++] = "postgres";
3220 av[ac++] = "--forkbackend";
3221 av[ac++] = NULL; /* filled in by internal_forkexec */
3224 Assert(ac < lengthof(av));
3226 return internal_forkexec(ac, av, port);
3232 * internal_forkexec non-win32 implementation
3234 * - writes out backend variables to the parameter file
3235 * - fork():s, and then exec():s the child process
3238 internal_forkexec(int argc, char *argv[], Port *port)
3240 static unsigned long tmpBackendFileNum = 0;
3242 char tmpfilename[MAXPGPATH];
3243 BackendParameters param;
3246 if (!save_backend_variables(¶m, port))
3247 return -1; /* log made by save_backend_variables */
3249 /* Calculate name for temp file */
3250 snprintf(tmpfilename, MAXPGPATH, "%s/%s.backend_var.%d.%lu",
3251 PG_TEMP_FILES_DIR, PG_TEMP_FILE_PREFIX,
3252 MyProcPid, ++tmpBackendFileNum);
3255 fp = AllocateFile(tmpfilename, PG_BINARY_W);
3258 /* As in OpenTemporaryFile, try to make the temp-file directory */
3259 mkdir(PG_TEMP_FILES_DIR, S_IRWXU);
3261 fp = AllocateFile(tmpfilename, PG_BINARY_W);
3265 (errcode_for_file_access(),
3266 errmsg("could not create file \"%s\": %m",
3272 if (fwrite(¶m, sizeof(param), 1, fp) != 1)
3275 (errcode_for_file_access(),
3276 errmsg("could not write to file \"%s\": %m", tmpfilename)));
3285 (errcode_for_file_access(),
3286 errmsg("could not write to file \"%s\": %m", tmpfilename)));
3290 /* Make sure caller set up argv properly */
3292 Assert(argv[argc] == NULL);
3293 Assert(strncmp(argv[1], "--fork", 6) == 0);
3294 Assert(argv[2] == NULL);
3296 /* Insert temp file name after --fork argument */
3297 argv[2] = tmpfilename;
3299 /* Fire off execv in child */
3300 if ((pid = fork_process()) == 0)
3302 if (execv(postgres_exec_path, argv) < 0)
3305 (errmsg("could not execute server process \"%s\": %m",
3306 postgres_exec_path)));
3307 /* We're already in the child process here, can't return */
3312 return pid; /* Parent returns pid, or -1 on fork failure */
3317 * internal_forkexec win32 implementation
3319 * - starts backend using CreateProcess(), in suspended state
3320 * - writes out backend variables to the parameter file
3321 * - during this, duplicates handles and sockets required for
3322 * inheritance into the new process
3323 * - resumes execution of the new process once the backend parameter
3327 internal_forkexec(int argc, char *argv[], Port *port)
3330 PROCESS_INFORMATION pi;
3333 char cmdLine[MAXPGPATH * 2];
3335 BackendParameters *param;
3336 SECURITY_ATTRIBUTES sa;
3337 char paramHandleStr[32];
3338 win32_deadchild_waitinfo *childinfo;
3340 /* Make sure caller set up argv properly */
3342 Assert(argv[argc] == NULL);
3343 Assert(strncmp(argv[1], "--fork", 6) == 0);
3344 Assert(argv[2] == NULL);
3346 /* Set up shared memory for parameter passing */
3347 ZeroMemory(&sa, sizeof(sa));
3348 sa.nLength = sizeof(sa);
3349 sa.bInheritHandle = TRUE;
3350 paramHandle = CreateFileMapping(INVALID_HANDLE_VALUE,
3354 sizeof(BackendParameters),
3356 if (paramHandle == INVALID_HANDLE_VALUE)
3358 elog(LOG, "could not create backend parameter file mapping: error code %d",
3359 (int) GetLastError());
3363 param = MapViewOfFile(paramHandle, FILE_MAP_WRITE, 0, 0, sizeof(BackendParameters));
3366 elog(LOG, "could not map backend parameter memory: error code %d",
3367 (int) GetLastError());
3368 CloseHandle(paramHandle);
3372 /* Insert temp file name after --fork argument */
3373 sprintf(paramHandleStr, "%lu", (DWORD) paramHandle);
3374 argv[2] = paramHandleStr;
3376 /* Format the cmd line */
3377 cmdLine[sizeof(cmdLine) - 1] = '\0';
3378 cmdLine[sizeof(cmdLine) - 2] = '\0';
3379 snprintf(cmdLine, sizeof(cmdLine) - 1, "\"%s\"", postgres_exec_path);
3381 while (argv[++i] != NULL)
3383 j = strlen(cmdLine);
3384 snprintf(cmdLine + j, sizeof(cmdLine) - 1 - j, " \"%s\"", argv[i]);
3386 if (cmdLine[sizeof(cmdLine) - 2] != '\0')
3388 elog(LOG, "subprocess command line too long");
3392 memset(&pi, 0, sizeof(pi));
3393 memset(&si, 0, sizeof(si));
3397 * Create the subprocess in a suspended state. This will be resumed later,
3398 * once we have written out the parameter file.
3400 if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED,
3401 NULL, NULL, &si, &pi))
3403 elog(LOG, "CreateProcess call failed: %m (error code %d)",
3404 (int) GetLastError());
3408 if (!save_backend_variables(param, port, pi.hProcess, pi.dwProcessId))
3411 * log made by save_backend_variables, but we have to clean up the
3412 * mess with the half-started process
3414 if (!TerminateProcess(pi.hProcess, 255))
3416 (errmsg_internal("could not terminate unstarted process: error code %d",
3417 (int) GetLastError())));
3418 CloseHandle(pi.hProcess);
3419 CloseHandle(pi.hThread);
3420 return -1; /* log made by save_backend_variables */
3423 /* Drop the shared memory that is now inherited to the backend */
3424 if (!UnmapViewOfFile(param))
3425 elog(LOG, "could not unmap view of backend parameter file: error code %d",
3426 (int) GetLastError());
3427 if (!CloseHandle(paramHandle))
3428 elog(LOG, "could not close handle to backend parameter file: error code %d",
3429 (int) GetLastError());
3432 * Now that the backend variables are written out, we start the child
3433 * thread so it can start initializing while we set up the rest of the
3436 if (ResumeThread(pi.hThread) == -1)
3438 if (!TerminateProcess(pi.hProcess, 255))
3441 (errmsg_internal("could not terminate unstartable process: error code %d",
3442 (int) GetLastError())));
3443 CloseHandle(pi.hProcess);
3444 CloseHandle(pi.hThread);
3447 CloseHandle(pi.hProcess);
3448 CloseHandle(pi.hThread);
3450 (errmsg_internal("could not resume thread of unstarted process: error code %d",
3451 (int) GetLastError())));
3456 * Queue a waiter for to signal when this child dies. The wait will be
3457 * handled automatically by an operating system thread pool.
3459 * Note: use malloc instead of palloc, since it needs to be thread-safe.
3460 * Struct will be free():d from the callback function that runs on a
3463 childinfo = malloc(sizeof(win32_deadchild_waitinfo));
3466 (errcode(ERRCODE_OUT_OF_MEMORY),
3467 errmsg("out of memory")));
3469 childinfo->procHandle = pi.hProcess;
3470 childinfo->procId = pi.dwProcessId;
3472 if (!RegisterWaitForSingleObject(&childinfo->waitHandle,
3474 pgwin32_deadchild_callback,
3477 WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD))
3479 (errmsg_internal("could not register process for wait: error code %d",
3480 (int) GetLastError())));
3482 /* Don't close pi.hProcess here - the wait thread needs access to it */
3484 CloseHandle(pi.hThread);
3486 return pi.dwProcessId;
3492 * SubPostmasterMain -- Get the fork/exec'd process into a state equivalent
3493 * to what it would be if we'd simply forked on Unix, and then
3494 * dispatch to the appropriate place.
3496 * The first two command line arguments are expected to be "--forkFOO"
3497 * (where FOO indicates which postmaster child we are to become), and
3498 * the name of a variables file that we can read to load data that would
3499 * have been inherited by fork() on Unix. Remaining arguments go to the
3500 * subprocess FooMain() routine.
3503 SubPostmasterMain(int argc, char *argv[])
3507 /* Do this sooner rather than later... */
3508 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
3510 MyProcPid = getpid(); /* reset MyProcPid */
3512 MyStartTime = time(NULL);
3515 * make sure stderr is in binary mode before anything can possibly be
3516 * written to it, in case it's actually the syslogger pipe, so the pipe
3517 * chunking protocol isn't disturbed. Non-logpipe data gets translated on
3518 * redirection (e.g. via pg_ctl -l) anyway.
3521 _setmode(fileno(stderr), _O_BINARY);
3524 /* Lose the postmaster's on-exit routines (really a no-op) */
3527 /* In EXEC_BACKEND case we will not have inherited these settings */
3528 IsPostmasterEnvironment = true;
3529 whereToSendOutput = DestNone;
3531 /* Setup essential subsystems (to ensure elog() behaves sanely) */
3532 MemoryContextInit();
3533 InitializeGUCOptions();
3535 /* Read in the variables file */
3536 memset(&port, 0, sizeof(Port));
3537 read_backend_variables(argv[2], &port);
3540 * Set up memory area for GSS information. Mirrors the code in ConnCreate
3541 * for the non-exec case.
3543 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
3544 port.gss = (pg_gssinfo *) calloc(1, sizeof(pg_gssinfo));
3547 (errcode(ERRCODE_OUT_OF_MEMORY),
3548 errmsg("out of memory")));
3552 /* Check we got appropriate args */
3554 elog(FATAL, "invalid subpostmaster invocation");
3557 * If appropriate, physically re-attach to shared memory segment. We want
3558 * to do this before going any further to ensure that we can attach at the
3559 * same address the postmaster used.
3561 if (strcmp(argv[1], "--forkbackend") == 0 ||
3562 strcmp(argv[1], "--forkavlauncher") == 0 ||
3563 strcmp(argv[1], "--forkavworker") == 0 ||
3564 strcmp(argv[1], "--forkboot") == 0)
3565 PGSharedMemoryReAttach();
3567 /* autovacuum needs this set before calling InitProcess */
3568 if (strcmp(argv[1], "--forkavlauncher") == 0)
3569 AutovacuumLauncherIAm();
3570 if (strcmp(argv[1], "--forkavworker") == 0)
3571 AutovacuumWorkerIAm();
3574 * Start our win32 signal implementation. This has to be done after we
3575 * read the backend variables, because we need to pick up the signal pipe
3576 * from the parent process.
3579 pgwin32_signal_initialize();
3582 /* In EXEC_BACKEND case we will not have inherited these settings */
3584 PG_SETMASK(&BlockSig);
3586 /* Read in remaining GUC variables */
3587 read_nondefault_variables();
3589 /* Run backend or appropriate child */
3590 if (strcmp(argv[1], "--forkbackend") == 0)
3592 Assert(argc == 3); /* shouldn't be any more args */
3594 /* Close the postmaster's sockets */
3595 ClosePostmasterPorts(false);
3598 * Need to reinitialize the SSL library in the backend, since the
3599 * context structures contain function pointers and cannot be passed
3600 * through the parameter file.
3604 secure_initialize();
3608 * process any libraries that should be preloaded at postmaster start
3610 * NOTE: we have to re-load the shared_preload_libraries here because
3611 * this backend is not fork()ed so we can't inherit any shared
3612 * libraries / DLL's from our parent (the postmaster).
3614 process_shared_preload_libraries();
3617 * Perform additional initialization and client authentication.
3619 * We want to do this before InitProcess() for a couple of reasons: 1.
3620 * so that we aren't eating up a PGPROC slot while waiting on the
3621 * client. 2. so that if InitProcess() fails due to being out of
3622 * PGPROC slots, we have already initialized libpq and are able to
3623 * report the error to the client.
3625 BackendInitialize(&port);
3627 /* Restore basic shared memory pointers */
3628 InitShmemAccess(UsedShmemSegAddr);
3630 /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
3634 * Attach process to shared data structures. If testing EXEC_BACKEND
3635 * on Linux, you must run this as root before starting the postmaster:
3637 * echo 0 >/proc/sys/kernel/randomize_va_space
3639 * This prevents a randomized stack base address that causes child
3640 * shared memory to be at a different address than the parent, making
3641 * it impossible to attached to shared memory. Return the value to
3642 * '1' when finished.
3644 CreateSharedMemoryAndSemaphores(false, 0);
3646 /* And run the backend */
3647 proc_exit(BackendRun(&port));
3649 if (strcmp(argv[1], "--forkboot") == 0)
3651 /* Close the postmaster's sockets */
3652 ClosePostmasterPorts(false);
3654 /* Restore basic shared memory pointers */
3655 InitShmemAccess(UsedShmemSegAddr);
3657 /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
3658 InitAuxiliaryProcess();
3660 /* Attach process to shared data structures */
3661 CreateSharedMemoryAndSemaphores(false, 0);
3663 AuxiliaryProcessMain(argc - 2, argv + 2);
3666 if (strcmp(argv[1], "--forkavlauncher") == 0)
3668 /* Close the postmaster's sockets */
3669 ClosePostmasterPorts(false);
3671 /* Restore basic shared memory pointers */
3672 InitShmemAccess(UsedShmemSegAddr);
3674 /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
3675 InitAuxiliaryProcess();
3677 /* Attach process to shared data structures */
3678 CreateSharedMemoryAndSemaphores(false, 0);
3680 AutoVacLauncherMain(argc - 2, argv + 2);
3683 if (strcmp(argv[1], "--forkavworker") == 0)
3685 /* Close the postmaster's sockets */
3686 ClosePostmasterPorts(false);
3688 /* Restore basic shared memory pointers */
3689 InitShmemAccess(UsedShmemSegAddr);
3691 /* Need a PGPROC to run CreateSharedMemoryAndSemaphores */
3694 /* Attach process to shared data structures */
3695 CreateSharedMemoryAndSemaphores(false, 0);
3697 AutoVacWorkerMain(argc - 2, argv + 2);
3700 if (strcmp(argv[1], "--forkarch") == 0)
3702 /* Close the postmaster's sockets */
3703 ClosePostmasterPorts(false);
3705 /* Do not want to attach to shared memory */
3707 PgArchiverMain(argc, argv);
3710 if (strcmp(argv[1], "--forkcol") == 0)
3712 /* Close the postmaster's sockets */
3713 ClosePostmasterPorts(false);
3715 /* Do not want to attach to shared memory */
3717 PgstatCollectorMain(argc, argv);
3720 if (strcmp(argv[1], "--forklog") == 0)
3722 /* Close the postmaster's sockets */
3723 ClosePostmasterPorts(true);
3725 /* Do not want to attach to shared memory */
3727 SysLoggerMain(argc, argv);
3731 return 1; /* shouldn't get here */
3733 #endif /* EXEC_BACKEND */
3737 * ExitPostmaster -- cleanup
3739 * Do NOT call exit() directly --- always go through here!
3742 ExitPostmaster(int status)
3744 /* should cleanup shared memory and kill all backends */
3747 * Not sure of the semantics here. When the Postmaster dies, should the
3748 * backends all be killed? probably not.
3750 * MUST -- vadim 05-10-1999
3757 * sigusr1_handler - handle signal conditions from child processes
3760 sigusr1_handler(SIGNAL_ARGS)
3762 int save_errno = errno;
3764 PG_SETMASK(&BlockSig);
3766 if (CheckPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE))
3769 * Authorization file has changed.
3774 if (CheckPostmasterSignal(PMSIGNAL_WAKEN_CHILDREN))
3777 * Send SIGUSR1 to all children (triggers CatchupInterruptHandler).
3778 * See storage/ipc/sinval[adt].c for the use of this.
3780 if (Shutdown <= SmartShutdown)
3781 SignalChildren(SIGUSR1);
3784 if (CheckPostmasterSignal(PMSIGNAL_WAKEN_ARCHIVER) &&
3785 PgArchPID != 0 && Shutdown <= SmartShutdown)
3788 * Send SIGUSR1 to archiver process, to wake it up and begin archiving
3789 * next transaction log file.
3791 signal_child(PgArchPID, SIGUSR1);
3794 if (CheckPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE) &&
3797 /* Tell syslogger to rotate logfile */
3798 signal_child(SysLoggerPID, SIGUSR1);
3801 if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER))
3804 * Start one iteration of the autovacuum daemon, even if autovacuuming
3805 * is nominally not enabled. This is so we can have an active defense
3806 * against transaction ID wraparound. We set a flag for the main loop
3807 * to do it rather than trying to do it here --- this is because the
3808 * autovac process itself may send the signal, and we want to handle
3809 * that by launching another iteration as soon as the current one
3812 start_autovac_launcher = true;
3815 if (CheckPostmasterSignal(PMSIGNAL_START_AUTOVAC_WORKER))
3817 /* The autovacuum launcher wants us to start a worker process. */
3818 StartAutovacuumWorker();
3821 PG_SETMASK(&UnBlockSig);
3828 * Dummy signal handler
3830 * We use this for signals that we don't actually use in the postmaster,
3831 * but we do use in backends. If we were to SIG_IGN such signals in the
3832 * postmaster, then a newly started backend might drop a signal that arrives
3833 * before it's able to reconfigure its signal processing. (See notes in
3837 dummy_handler(SIGNAL_ARGS)
3843 * CharRemap: given an int in range 0..61, produce textual encoding of it
3844 * per crypt(3) conventions.
3868 RandomSalt(char *cryptSalt, char *md5Salt)
3870 long rand = PostmasterRandom();
3872 cryptSalt[0] = CharRemap(rand % 62);
3873 cryptSalt[1] = CharRemap(rand / 62);
3876 * It's okay to reuse the first random value for one of the MD5 salt
3877 * bytes, since only one of the two salts will be sent to the client.
3878 * After that we need to compute more random bits.
3880 * We use % 255, sacrificing one possible byte value, so as to ensure that
3881 * all bits of the random() value participate in the result. While at it,
3882 * add one to avoid generating any null bytes.
3884 md5Salt[0] = (rand % 255) + 1;
3885 rand = PostmasterRandom();
3886 md5Salt[1] = (rand % 255) + 1;
3887 rand = PostmasterRandom();
3888 md5Salt[2] = (rand % 255) + 1;
3889 rand = PostmasterRandom();
3890 md5Salt[3] = (rand % 255) + 1;
3897 PostmasterRandom(void)
3900 * Select a random seed at the time of first receiving a request.
3902 if (random_seed == 0)
3906 struct timeval random_stop_time;
3908 gettimeofday(&random_stop_time, NULL);
3911 * We are not sure how much precision is in tv_usec, so we swap
3912 * the high and low 16 bits of 'random_stop_time' and XOR them
3913 * with 'random_start_time'. On the off chance that the result is
3914 * 0, we loop until it isn't.
3916 random_seed = random_start_time.tv_usec ^
3917 ((random_stop_time.tv_usec << 16) |
3918 ((random_stop_time.tv_usec >> 16) & 0xffff));
3920 while (random_seed == 0);
3922 srandom(random_seed);
3929 * Count up number of child processes (excluding special children and
3930 * dead_end children)
3938 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
3940 Backend *bp = (Backend *) DLE_VAL(curr);
3950 * StartChildProcess -- start an auxiliary process for the postmaster
3952 * xlop determines what kind of child will be started. All child types
3953 * initially go to AuxiliaryProcessMain, which will handle common setup.
3955 * Return value of StartChildProcess is subprocess' PID, or 0 if failed
3956 * to start subprocess.
3959 StartChildProcess(AuxProcType type)
3967 * Set up command-line arguments for subprocess
3969 av[ac++] = "postgres";
3972 av[ac++] = "--forkboot";
3973 av[ac++] = NULL; /* filled in by postmaster_forkexec */
3976 snprintf(typebuf, sizeof(typebuf), "-x%d", type);
3980 Assert(ac < lengthof(av));
3983 pid = postmaster_forkexec(ac, av);
3984 #else /* !EXEC_BACKEND */
3985 pid = fork_process();
3987 if (pid == 0) /* child */
3989 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
3991 /* Close the postmaster's sockets */
3992 ClosePostmasterPorts(false);
3994 /* Lose the postmaster's on-exit routines and port connections */
3997 /* Release postmaster's working memory context */
3998 MemoryContextSwitchTo(TopMemoryContext);
3999 MemoryContextDelete(PostmasterContext);
4000 PostmasterContext = NULL;
4002 AuxiliaryProcessMain(ac, av);
4005 #endif /* EXEC_BACKEND */
4009 /* in parent, fork failed */
4010 int save_errno = errno;
4015 case StartupProcess:
4017 (errmsg("could not fork startup process: %m")));
4019 case BgWriterProcess:
4021 (errmsg("could not fork background writer process: %m")));
4023 case WalWriterProcess:
4025 (errmsg("could not fork WAL writer process: %m")));
4029 (errmsg("could not fork process: %m")));
4034 * fork failure is fatal during startup, but there's no need to choke
4035 * immediately if starting other child types fails.
4037 if (type == StartupProcess)
4043 * in parent, successful fork
4049 * StartAutovacuumWorker
4050 * Start an autovac worker process.
4052 * This function is here because it enters the resulting PID into the
4053 * postmaster's private backends list.
4055 * NB -- this code very roughly matches BackendStartup.
4058 StartAutovacuumWorker(void)
4063 * If not in condition to run a process, don't try, but handle it like a
4064 * fork failure. This does not normally happen, since the signal is only
4065 * supposed to be sent by autovacuum launcher when it's OK to do it, but
4066 * we have to check to avoid race-condition problems during DB state
4069 if (canAcceptConnections() == CAC_OK)
4072 * Compute the cancel key that will be assigned to this session. We
4073 * probably don't need cancel keys for autovac workers, but we'd
4074 * better have something random in the field to prevent unfriendly
4075 * people from sending cancels to them.
4077 MyCancelKey = PostmasterRandom();
4079 bn = (Backend *) malloc(sizeof(Backend));
4082 bn->pid = StartAutoVacWorker();
4085 bn->cancel_key = MyCancelKey;
4086 bn->is_autovacuum = true;
4087 bn->dead_end = false;
4088 DLAddHead(BackendList, DLNewElem(bn));
4090 ShmemBackendArrayAdd(bn);
4097 * fork failed, fall through to report -- actual error message was
4098 * logged by StartAutoVacWorker
4104 (errcode(ERRCODE_OUT_OF_MEMORY),
4105 errmsg("out of memory")));
4109 * Report the failure to the launcher, if it's running. (If it's not, we
4110 * might not even be connected to shared memory, so don't try to call
4111 * AutoVacWorkerFailed.)
4113 if (AutoVacPID != 0)
4115 AutoVacWorkerFailed();
4116 kill(AutoVacPID, SIGUSR1);
4121 * Create the opts file
4124 CreateOptsFile(int argc, char *argv[], char *fullprogname)
4129 #define OPTS_FILE "postmaster.opts"
4131 if ((fp = fopen(OPTS_FILE, "w")) == NULL)
4133 elog(LOG, "could not create file \"%s\": %m", OPTS_FILE);
4137 fprintf(fp, "%s", fullprogname);
4138 for (i = 1; i < argc; i++)
4139 fprintf(fp, " %s%s%s", SYSTEMQUOTE, argv[i], SYSTEMQUOTE);
4144 elog(LOG, "could not write file \"%s\": %m", OPTS_FILE);
4155 * The following need to be available to the save/restore_backend_variables
4158 extern slock_t *ShmemLock;
4159 extern LWLock *LWLockArray;
4160 extern slock_t *ProcStructLock;
4161 extern PROC_HDR *ProcGlobal;
4162 extern PGPROC *AuxiliaryProcs;
4163 extern int pgStatSock;
4166 #define write_inheritable_socket(dest, src, childpid) (*(dest) = (src))
4167 #define read_inheritable_socket(dest, src) (*(dest) = *(src))
4169 static void write_duplicated_handle(HANDLE * dest, HANDLE src, HANDLE child);
4170 static void write_inheritable_socket(InheritableSocket * dest, SOCKET src,
4172 static void read_inheritable_socket(SOCKET * dest, InheritableSocket * src);
4176 /* Save critical backend variables into the BackendParameters struct */
4179 save_backend_variables(BackendParameters * param, Port *port)
4182 save_backend_variables(BackendParameters * param, Port *port,
4183 HANDLE childProcess, pid_t childPid)
4186 memcpy(¶m->port, port, sizeof(Port));
4187 write_inheritable_socket(¶m->portsocket, port->sock, childPid);
4189 strlcpy(param->DataDir, DataDir, MAXPGPATH);
4191 memcpy(¶m->ListenSocket, &ListenSocket, sizeof(ListenSocket));
4193 param->MyCancelKey = MyCancelKey;
4195 param->UsedShmemSegID = UsedShmemSegID;
4196 param->UsedShmemSegAddr = UsedShmemSegAddr;
4198 param->ShmemLock = ShmemLock;
4199 param->ShmemVariableCache = ShmemVariableCache;
4200 param->ShmemBackendArray = ShmemBackendArray;
4202 param->LWLockArray = LWLockArray;
4203 param->ProcStructLock = ProcStructLock;
4204 param->ProcGlobal = ProcGlobal;
4205 param->AuxiliaryProcs = AuxiliaryProcs;
4206 write_inheritable_socket(¶m->pgStatSock, pgStatSock, childPid);
4208 param->PostmasterPid = PostmasterPid;
4209 param->PgStartTime = PgStartTime;
4211 param->redirection_done = redirection_done;
4214 param->PostmasterHandle = PostmasterHandle;
4215 write_duplicated_handle(¶m->initial_signal_pipe,
4216 pgwin32_create_signal_listener(childPid),
4220 memcpy(¶m->syslogPipe, &syslogPipe, sizeof(syslogPipe));
4222 strlcpy(param->my_exec_path, my_exec_path, MAXPGPATH);
4224 strlcpy(param->pkglib_path, pkglib_path, MAXPGPATH);
4226 strlcpy(param->ExtraOptions, ExtraOptions, MAXPGPATH);
4228 strlcpy(param->lc_collate, setlocale(LC_COLLATE, NULL), LOCALE_NAME_BUFLEN);
4229 strlcpy(param->lc_ctype, setlocale(LC_CTYPE, NULL), LOCALE_NAME_BUFLEN);
4237 * Duplicate a handle for usage in a child process, and write the child
4238 * process instance of the handle to the parameter file.
4241 write_duplicated_handle(HANDLE * dest, HANDLE src, HANDLE childProcess)
4243 HANDLE hChild = INVALID_HANDLE_VALUE;
4245 if (!DuplicateHandle(GetCurrentProcess(),
4251 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS))
4253 (errmsg_internal("could not duplicate handle to be written to backend parameter file: error code %d",
4254 (int) GetLastError())));
4260 * Duplicate a socket for usage in a child process, and write the resulting
4261 * structure to the parameter file.
4262 * This is required because a number of LSPs (Layered Service Providers) very
4263 * common on Windows (antivirus, firewalls, download managers etc) break
4264 * straight socket inheritance.
4267 write_inheritable_socket(InheritableSocket * dest, SOCKET src, pid_t childpid)
4269 dest->origsocket = src;
4270 if (src != 0 && src != -1)
4273 if (WSADuplicateSocket(src, childpid, &dest->wsainfo) != 0)
4275 (errmsg("could not duplicate socket %d for use in backend: error code %d",
4276 src, WSAGetLastError())));
4281 * Read a duplicate socket structure back, and get the socket descriptor.
4284 read_inheritable_socket(SOCKET * dest, InheritableSocket * src)
4288 if (src->origsocket == -1 || src->origsocket == 0)
4290 /* Not a real socket! */
4291 *dest = src->origsocket;
4295 /* Actual socket, so create from structure */
4296 s = WSASocket(FROM_PROTOCOL_INFO,
4302 if (s == INVALID_SOCKET)
4304 write_stderr("could not create inherited socket: error code %d\n",
4311 * To make sure we don't get two references to the same socket, close
4312 * the original one. (This would happen when inheritance actually
4315 closesocket(src->origsocket);
4321 read_backend_variables(char *id, Port *port)
4323 BackendParameters param;
4326 /* Non-win32 implementation reads from file */
4330 fp = AllocateFile(id, PG_BINARY_R);
4333 write_stderr("could not read from backend variables file \"%s\": %s\n",
4334 id, strerror(errno));
4338 if (fread(¶m, sizeof(param), 1, fp) != 1)
4340 write_stderr("could not read from backend variables file \"%s\": %s\n",
4341 id, strerror(errno));
4347 if (unlink(id) != 0)
4349 write_stderr("could not remove file \"%s\": %s\n",
4350 id, strerror(errno));
4354 /* Win32 version uses mapped file */
4356 BackendParameters *paramp;
4358 paramHandle = (HANDLE) atol(id);
4359 paramp = MapViewOfFile(paramHandle, FILE_MAP_READ, 0, 0, 0);
4362 write_stderr("could not map view of backend variables: error code %d\n",
4363 (int) GetLastError());
4367 memcpy(¶m, paramp, sizeof(BackendParameters));
4369 if (!UnmapViewOfFile(paramp))
4371 write_stderr("could not unmap view of backend variables: error code %d\n",
4372 (int) GetLastError());
4376 if (!CloseHandle(paramHandle))
4378 write_stderr("could not close handle to backend parameter variables: error code %d\n",
4379 (int) GetLastError());
4384 restore_backend_variables(¶m, port);
4387 /* Restore critical backend variables from the BackendParameters struct */
4389 restore_backend_variables(BackendParameters * param, Port *port)
4391 memcpy(port, ¶m->port, sizeof(Port));
4392 read_inheritable_socket(&port->sock, ¶m->portsocket);
4394 SetDataDir(param->DataDir);
4396 memcpy(&ListenSocket, ¶m->ListenSocket, sizeof(ListenSocket));
4398 MyCancelKey = param->MyCancelKey;
4400 UsedShmemSegID = param->UsedShmemSegID;
4401 UsedShmemSegAddr = param->UsedShmemSegAddr;
4403 ShmemLock = param->ShmemLock;
4404 ShmemVariableCache = param->ShmemVariableCache;
4405 ShmemBackendArray = param->ShmemBackendArray;
4407 LWLockArray = param->LWLockArray;
4408 ProcStructLock = param->ProcStructLock;
4409 ProcGlobal = param->ProcGlobal;
4410 AuxiliaryProcs = param->AuxiliaryProcs;
4411 read_inheritable_socket(&pgStatSock, ¶m->pgStatSock);
4413 PostmasterPid = param->PostmasterPid;
4414 PgStartTime = param->PgStartTime;
4416 redirection_done = param->redirection_done;
4419 PostmasterHandle = param->PostmasterHandle;
4420 pgwin32_initial_signal_pipe = param->initial_signal_pipe;
4423 memcpy(&syslogPipe, ¶m->syslogPipe, sizeof(syslogPipe));
4425 strlcpy(my_exec_path, param->my_exec_path, MAXPGPATH);
4427 strlcpy(pkglib_path, param->pkglib_path, MAXPGPATH);
4429 strlcpy(ExtraOptions, param->ExtraOptions, MAXPGPATH);
4431 setlocale(LC_COLLATE, param->lc_collate);
4432 setlocale(LC_CTYPE, param->lc_ctype);
4437 ShmemBackendArraySize(void)
4439 return mul_size(NUM_BACKENDARRAY_ELEMS, sizeof(Backend));
4443 ShmemBackendArrayAllocation(void)
4445 Size size = ShmemBackendArraySize();
4447 ShmemBackendArray = (Backend *) ShmemAlloc(size);
4448 /* Mark all slots as empty */
4449 memset(ShmemBackendArray, 0, size);
4453 ShmemBackendArrayAdd(Backend *bn)
4457 /* Find an empty slot */
4458 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
4460 if (ShmemBackendArray[i].pid == 0)
4462 ShmemBackendArray[i] = *bn;
4468 (errmsg_internal("no free slots in shmem backend array")));
4472 ShmemBackendArrayRemove(pid_t pid)
4476 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
4478 if (ShmemBackendArray[i].pid == pid)
4480 /* Mark the slot as empty */
4481 ShmemBackendArray[i].pid = 0;
4487 (errmsg_internal("could not find backend entry with pid %d",
4490 #endif /* EXEC_BACKEND */
4496 win32_waitpid(int *exitstatus)
4503 * Check if there are any dead children. If there are, return the pid of
4504 * the first one that died.
4506 if (GetQueuedCompletionStatus(win32ChildQueue, &dwd, &key, &ovl, 0))
4508 *exitstatus = (int) key;
4516 * Note! Code below executes on a thread pool! All operations must
4517 * be thread safe! Note that elog() and friends must *not* be used.
4520 pgwin32_deadchild_callback(PVOID lpParameter, BOOLEAN TimerOrWaitFired)
4522 win32_deadchild_waitinfo *childinfo = (win32_deadchild_waitinfo *) lpParameter;
4525 if (TimerOrWaitFired)
4526 return; /* timeout. Should never happen, since we use
4527 * INFINITE as timeout value. */
4530 * Remove handle from wait - required even though it's set to wait only
4533 UnregisterWaitEx(childinfo->waitHandle, NULL);
4535 if (!GetExitCodeProcess(childinfo->procHandle, &exitcode))
4538 * Should never happen. Inform user and set a fixed exitcode.
4540 write_stderr("could not read exit code for process\n");
4544 if (!PostQueuedCompletionStatus(win32ChildQueue, childinfo->procId, (ULONG_PTR) exitcode, NULL))
4545 write_stderr("could not post child completion status\n");
4548 * Handle is per-process, so we close it here instead of in the
4549 * originating thread
4551 CloseHandle(childinfo->procHandle);
4554 * Free struct that was allocated before the call to
4555 * RegisterWaitForSingleObject()
4559 /* Queue SIGCHLD signal */
4560 pg_queue_signal(SIGCHLD);