1 /*-------------------------------------------------------------------------
4 * This program acts as a clearing house for requests to the
5 * POSTGRES system. Frontend programs send a startup message
6 * to the Postmaster and the postmaster uses the info in the
7 * message to setup a backend process.
9 * The postmaster also manages system-wide operations such as
10 * startup and shutdown. The postmaster itself doesn't do those
11 * operations, mind you --- it just forks off a subprocess to do them
12 * at the right times. It also takes care of resetting the system
13 * if a backend crashes.
15 * The postmaster process creates the shared memory and semaphore
16 * pools during startup, but as a rule does not touch them itself.
17 * In particular, it is not a member of the PGPROC array of backends
18 * and so it cannot participate in lock-manager operations. Keeping
19 * the postmaster away from shared memory operations makes it simpler
20 * and more reliable. The postmaster is almost always able to recover
21 * from crashes of individual backends by resetting shared memory;
22 * if it did much with shared memory then it would be prone to crashing
23 * along with the backends.
25 * When a request message is received, we now fork() immediately.
26 * The child process performs authentication of the request, and
27 * then becomes a backend if successful. This allows the auth code
28 * to be written in a simple single-threaded style (as opposed to the
29 * crufty "poor man's multitasking" code that used to be needed).
30 * More importantly, it ensures that blockages in non-multithreaded
31 * libraries like SSL or PAM cannot cause denial of service to other
35 * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
36 * Portions Copyright (c) 1994, Regents of the University of California
40 * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.399 2004/05/28 15:14:03 tgl Exp $
45 * The Postmaster sets up a few shared memory data structures
46 * for the backends. It should at the very least initialize the
50 * The Postmaster shares memory with the backends but should avoid
51 * touching shared memory, so as not to become stuck if a crashing
52 * backend screws up locks or shared memory. Likewise, the Postmaster
53 * should never block on messages from frontend clients.
56 * The Postmaster cleans up after backends if they have an emergency
57 * exit and/or core dump.
59 *-------------------------------------------------------------------------
69 #include <sys/socket.h>
72 #include <sys/param.h>
73 #include <netinet/in.h>
74 #include <arpa/inet.h>
78 #ifdef HAVE_SYS_SELECT_H
79 #include <sys/select.h>
87 #include <DNSServiceDiscovery/DNSServiceDiscovery.h>
90 #include "catalog/pg_database.h"
91 #include "commands/async.h"
92 #include "lib/dllist.h"
93 #include "libpq/auth.h"
94 #include "libpq/crypt.h"
95 #include "libpq/libpq.h"
96 #include "libpq/pqcomm.h"
97 #include "libpq/pqsignal.h"
98 #include "miscadmin.h"
99 #include "nodes/nodes.h"
101 #include "storage/fd.h"
102 #include "storage/ipc.h"
103 #include "storage/pg_shmem.h"
104 #include "storage/pmsignal.h"
105 #include "storage/proc.h"
106 #include "storage/bufmgr.h"
107 #include "access/xlog.h"
108 #include "tcop/tcopprot.h"
109 #include "utils/guc.h"
110 #include "utils/memutils.h"
111 #include "utils/ps_status.h"
112 #include "bootstrap/bootstrap.h"
116 #ifdef HAVE_SIGPROCMASK
128 * List of active backends (or child processes anyway; we don't actually
129 * know whether a given child has become a backend or is still in the
130 * authorization phase). This is used mainly to keep track of how many
131 * children we have and send them appropriate signals when necessary.
135 pid_t pid; /* process id of backend */
136 long cancel_key; /* cancel key for cancels for this backend */
139 static Dllist *BackendList;
142 #define NUM_BACKENDARRAY_ELEMS (2*MaxBackends)
143 static Backend *ShmemBackendArray;
146 /* The socket number we are listening for connections on */
149 char *ListenAddresses;
152 * MaxBackends is the limit on the number of backends we can start.
153 * Note that a larger MaxBackends value will increase the size of the
154 * shared memory area as well as cause the postmaster to grab more
155 * kernel semaphores, even if you never actually use that many
161 * ReservedBackends is the number of backends reserved for superuser use.
162 * This number is taken out of the pool size given by MaxBackends so
163 * number of backend slots available to non-superusers is
164 * (MaxBackends - ReservedBackends). Note what this really means is
165 * "if there are <= ReservedBackends connections available, only superusers
166 * can make new connections" --- pre-existing superuser connections don't
167 * count against the limit.
169 int ReservedBackends;
172 static const char *progname = NULL;
174 /* The socket(s) we're listening to. */
176 static int ListenSocket[MAXLISTEN];
179 * Set by the -o option
181 static char ExtraOptions[MAXPGPATH];
184 * These globals control the behavior of the postmaster in case some
185 * backend dumps core. Normally, it kills all peers of the dead backend
186 * and reinitializes shared memory. By specifying -s or -n, we can have
187 * the postmaster stop (rather than kill) peers and not reinitialize
188 * shared data structures.
190 static bool Reinit = true;
191 static int SendStop = false;
193 /* still more option variables */
194 bool EnableSSL = false;
195 bool SilentMode = false; /* silent mode (-S) */
197 int PreAuthDelay = 0;
198 int AuthenticationTimeout = 60;
199 int CheckPointTimeout = 300;
200 int CheckPointWarning = 30;
201 time_t LastSignalledCheckpoint = 0;
203 bool log_hostname; /* for ps display and logging */
204 bool Log_connections = false;
205 bool Db_user_namespace = false;
207 char *rendezvous_name;
209 /* list of library:init-function to be preloaded */
210 char *preload_libraries_string = NULL;
212 /* Startup/shutdown state */
213 static pid_t StartupPID = 0,
217 static time_t checkpointed = 0;
220 #define SmartShutdown 1
221 #define FastShutdown 2
223 static int Shutdown = NoShutdown;
225 static bool FatalError = false; /* T if recovering from backend crash */
227 bool ClientAuthInProgress = false; /* T during new-client
231 * State for assigning random salts and cancel keys.
232 * Also, the global MyCancelKey passes the cancel key assigned to a given
233 * backend from the postmaster to that backend (via fork).
236 static unsigned int random_seed = 0;
238 static int debug_flag = 0;
244 #ifdef HAVE_INT_OPTRESET
249 * postmaster.c - function prototypes
251 static void checkDataDir(const char *checkdir);
252 #ifdef USE_RENDEZVOUS
253 static void reg_reply(DNSServiceRegistrationReplyErrorType errorCode,
256 static void pmdaemonize(void);
257 static Port *ConnCreate(int serverFd);
258 static void ConnFree(Port *port);
259 static void reset_shared(unsigned short port);
260 static void SIGHUP_handler(SIGNAL_ARGS);
261 static void pmdie(SIGNAL_ARGS);
262 static void reaper(SIGNAL_ARGS);
263 static void sigusr1_handler(SIGNAL_ARGS);
264 static void dummy_handler(SIGNAL_ARGS);
265 static void CleanupProc(int pid, int exitstatus);
266 static void LogChildExit(int lev, const char *procname,
267 int pid, int exitstatus);
268 static int BackendRun(Port *port);
269 static void ExitPostmaster(int status);
270 static void usage(const char *);
271 static int ServerLoop(void);
272 static int BackendStartup(Port *port);
273 static int ProcessStartupPacket(Port *port, bool SSLdone);
274 static void processCancelRequest(Port *port, void *pkt);
275 static int initMasks(fd_set *rmask);
276 static void report_fork_failure_to_client(Port *port, int errnum);
277 static enum CAC_state canAcceptConnections(void);
278 static long PostmasterRandom(void);
279 static void RandomSalt(char *cryptSalt, char *md5Salt);
280 static void SignalChildren(int signal);
281 static int CountChildren(void);
282 static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
283 static pid_t SSDataBase(int xlop);
285 postmaster_error(const char *fmt,...)
286 /* This lets gcc check the format string for consistency. */
287 __attribute__((format(printf, 1, 2)));
292 static pid_t win32_forkexec(const char *path, char *argv[]);
293 static void win32_AddChild(pid_t pid, HANDLE handle);
294 static void win32_RemoveChild(pid_t pid);
295 static pid_t win32_waitpid(int *exitstatus);
296 static DWORD WINAPI win32_sigchld_waiter(LPVOID param);
298 static pid_t *win32_childPIDArray;
299 static HANDLE *win32_childHNDArray;
300 static unsigned long win32_numChildren = 0;
303 static pid_t backend_forkexec(Port *port);
304 static pid_t internal_forkexec(int argc, char *argv[], Port *port);
306 static void read_backend_variables(char *filename, Port *port);
307 static bool write_backend_variables(char *filename, Port *port);
309 static void ShmemBackendArrayAdd(Backend *bn);
310 static void ShmemBackendArrayRemove(pid_t pid);
312 #endif /* EXEC_BACKEND */
314 #define StartupDataBase() SSDataBase(BS_XLOG_STARTUP)
315 #define CheckPointDataBase() SSDataBase(BS_XLOG_CHECKPOINT)
316 #define StartBackgroundWriter() SSDataBase(BS_XLOG_BGWRITER)
317 #define ShutdownDataBase() SSDataBase(BS_XLOG_SHUTDOWN)
321 * Postmaster main entry point
324 PostmasterMain(int argc, char *argv[])
328 char original_extraoptions[MAXPGPATH];
329 char *potential_DataDir = NULL;
332 *original_extraoptions = '\0';
334 progname = get_progname(argv[0]);
336 IsPostmasterEnvironment = true;
339 * Catch standard options before doing much else. This even works on
340 * systems without getopt_long.
344 if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
349 if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
351 puts("postmaster (PostgreSQL) " PG_VERSION);
357 * for security, no dir or file created can be group or other
360 umask((mode_t) 0077);
362 MyProcPid = PostmasterPid = getpid();
365 * Fire up essential subsystems: memory management
370 * By default, palloc() requests in the postmaster will be allocated
371 * in the PostmasterContext, which is space that can be recycled by
372 * backends. Allocated data that needs to be available to backends
373 * should be allocated in TopMemoryContext.
375 PostmasterContext = AllocSetContextCreate(TopMemoryContext,
377 ALLOCSET_DEFAULT_MINSIZE,
378 ALLOCSET_DEFAULT_INITSIZE,
379 ALLOCSET_DEFAULT_MAXSIZE);
380 MemoryContextSwitchTo(PostmasterContext);
382 IgnoreSystemIndexes(false);
384 if (find_my_exec(argv[0], my_exec_path) < 0)
385 elog(FATAL, "%s: could not locate my own executable path",
388 get_pkglib_path(my_exec_path, pkglib_path);
393 InitializeGUCOptions();
395 potential_DataDir = getenv("PGDATA"); /* default value */
399 while ((opt = getopt(argc, argv, "A:a:B:b:c:D:d:Fh:ik:lm:MN:no:p:Ss-:")) != -1)
404 #ifdef USE_ASSERT_CHECKING
405 SetConfigOption("debug_assertions", optarg, PGC_POSTMASTER, PGC_S_ARGV);
407 postmaster_error("assert checking is not compiled in");
411 /* Can no longer set authentication method. */
414 SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
417 /* Can no longer set the backend executable file to use. */
420 potential_DataDir = optarg;
424 /* Turn on debugging for the postmaster. */
425 char *debugstr = palloc(strlen("debug") + strlen(optarg) + 1);
427 sprintf(debugstr, "debug%s", optarg);
428 SetConfigOption("log_min_messages", debugstr,
429 PGC_POSTMASTER, PGC_S_ARGV);
431 debug_flag = atoi(optarg);
435 SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
438 SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
441 SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
444 SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV);
448 SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
452 /* Multiplexed backends no longer supported. */
457 * ignore this flag. This may be passed in because the
458 * program was run as 'postgres -M' instead of
463 /* The max number of backends to start. */
464 SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
467 /* Don't reinit shared mem after abnormal exit */
473 * Other options to pass to the backend on the command
474 * line -- useful only for debugging.
476 strcat(ExtraOptions, " ");
477 strcat(ExtraOptions, optarg);
478 strcpy(original_extraoptions, optarg);
481 SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
486 * Start in 'S'ilent mode (disassociate from controlling
487 * tty). You may also think of this as 'S'ysV mode since
488 * it's most badly needed on SysV-derived systems like
491 SetConfigOption("silent_mode", "true", PGC_POSTMASTER, PGC_S_ARGV);
496 * In the event that some backend dumps core, send
497 * SIGSTOP, rather than SIGQUIT, to all its peers. This
498 * lets the wily post_hacker collect core dumps from
509 ParseLongOption(optarg, &name, &value);
514 (errcode(ERRCODE_SYNTAX_ERROR),
515 errmsg("--%s requires a value",
519 (errcode(ERRCODE_SYNTAX_ERROR),
520 errmsg("-c %s requires a value",
524 SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
533 gettext("Try \"%s --help\" for more information.\n"),
540 * Postmaster accepts no non-option switch arguments.
544 postmaster_error("invalid argument: \"%s\"", argv[optind]);
546 gettext("Try \"%s --help\" for more information.\n"),
552 * Now we can set the data directory, and then read postgresql.conf.
554 checkDataDir(potential_DataDir); /* issues error messages */
555 SetDataDir(potential_DataDir);
557 ProcessConfigFile(PGC_POSTMASTER);
559 /* If timezone is not set, determine what the OS uses */
560 pg_timezone_initialize();
563 write_nondefault_variables(PGC_POSTMASTER);
567 * Check for invalid combinations of GUC settings.
569 if (NBuffers < 2 * MaxBackends || NBuffers < 16)
572 * Do not accept -B so small that backends are likely to starve
573 * for lack of buffers. The specific choices here are somewhat
576 postmaster_error("the number of buffers (-B) must be at least twice the number of allowed connections (-N) and at least 16");
580 if (ReservedBackends >= MaxBackends)
582 postmaster_error("superuser_reserved_connections must be less than max_connections");
587 * Other one-time internal sanity checks can go here.
589 if (!CheckDateTokenTables())
591 postmaster_error("invalid datetoken tables, please fix");
596 * Now that we are done processing the postmaster arguments, reset
597 * getopt(3) library so that it will work correctly in subprocesses.
600 #ifdef HAVE_INT_OPTRESET
601 optreset = 1; /* some systems need this too */
604 /* For debugging: display postmaster environment */
606 extern char **environ;
610 (errmsg_internal("%s: PostmasterMain: initial environ dump:",
613 (errmsg_internal("-----------------------------------------")));
614 for (p = environ; *p; ++p)
616 (errmsg_internal("\t%s", *p)));
618 (errmsg_internal("-----------------------------------------")));
622 if (find_other_exec(argv[0], "postgres", PG_VERSIONSTR,
623 postgres_exec_path) < 0)
625 (errmsg("%s: could not locate matching postgres executable",
630 * Initialize SSL library, if specified.
638 * process any libraries that should be preloaded and optionally
641 if (preload_libraries_string)
642 process_preload_libraries(preload_libraries_string);
645 * Fork away from controlling terminal, if -S specified.
647 * Must do this before we grab any interlock files, else the interlocks
648 * will show the wrong PID.
654 * Create lockfile for data directory.
656 * We want to do this before we try to grab the input sockets, because
657 * the data directory interlock is more reliable than the socket-file
658 * interlock (thanks to whoever decided to put socket files in /tmp
659 * :-(). For the same reason, it's best to grab the TCP socket before
662 CreateDataDirLockFile(DataDir, true);
665 * Remove old temporary files. At this point there can be no other
666 * Postgres processes running in this directory, so this should be
672 * Establish input sockets.
674 for (i = 0; i < MAXLISTEN; i++)
675 ListenSocket[i] = -1;
683 curhost = ListenAddresses;
686 /* ignore whitespace */
687 while (isspace((unsigned char) *curhost))
689 if (*curhost == '\0')
692 while (*endptr != '\0' && !isspace((unsigned char) *endptr))
696 if (strcmp(curhost, "*") == 0)
697 status = StreamServerPort(AF_UNSPEC, NULL,
698 (unsigned short) PostPortNumber,
700 ListenSocket, MAXLISTEN);
702 status = StreamServerPort(AF_UNSPEC, curhost,
703 (unsigned short) PostPortNumber,
705 ListenSocket, MAXLISTEN);
706 if (status != STATUS_OK)
708 (errmsg("could not create listen socket for \"%s\"",
712 curhost = endptr + 1;
718 #ifdef USE_RENDEZVOUS
719 /* Register for Rendezvous only if we opened TCP socket(s) */
720 if (ListenSocket[0] != -1 && rendezvous_name != NULL)
722 DNSServiceRegistrationCreate(rendezvous_name,
725 htonl(PostPortNumber),
727 (DNSServiceRegistrationReply) reg_reply,
732 #ifdef HAVE_UNIX_SOCKETS
733 status = StreamServerPort(AF_UNIX, NULL,
734 (unsigned short) PostPortNumber,
736 ListenSocket, MAXLISTEN);
737 if (status != STATUS_OK)
739 (errmsg("could not create Unix-domain socket")));
743 * check that we have some socket to listen on
745 if (ListenSocket[0] == -1)
747 (errmsg("no socket created for listening")));
752 * Set up shared memory and semaphores.
754 reset_shared(PostPortNumber);
757 * Estimate number of openable files. This must happen after setting
758 * up semaphores, because on some platforms semaphores count as open
764 * Initialize the list of active backends.
766 BackendList = DLNewList();
771 * Initialize the child pid/HANDLE arrays
773 win32_childPIDArray = (pid_t *) malloc(NUM_BACKENDARRAY_ELEMS * sizeof(pid_t));
774 win32_childHNDArray = (HANDLE *) malloc(NUM_BACKENDARRAY_ELEMS * sizeof(HANDLE));
775 if (!win32_childPIDArray || !win32_childHNDArray)
777 (errcode(ERRCODE_OUT_OF_MEMORY),
778 errmsg("out of memory")));
782 * Record postmaster options. We delay this till now to avoid
783 * recording bogus options (eg, NBuffers too high for available
786 if (!CreateOptsFile(argc, argv, my_exec_path))
790 * Set up signal handlers for the postmaster process.
792 * CAUTION: when changing this list, check for side-effects on the signal
793 * handling setup of child processes. See tcop/postgres.c,
794 * bootstrap/bootstrap.c, and postmaster/pgstat.c.
797 PG_SETMASK(&BlockSig);
799 pqsignal(SIGHUP, SIGHUP_handler); /* reread config file and have
800 * children do same */
801 pqsignal(SIGINT, pmdie); /* send SIGTERM and ShutdownDataBase */
802 pqsignal(SIGQUIT, pmdie); /* send SIGQUIT and die */
803 pqsignal(SIGTERM, pmdie); /* wait for children and ShutdownDataBase */
804 pqsignal(SIGALRM, SIG_IGN); /* ignored */
805 pqsignal(SIGPIPE, SIG_IGN); /* ignored */
806 pqsignal(SIGUSR1, sigusr1_handler); /* message from child process */
807 pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
808 pqsignal(SIGCHLD, reaper); /* handle child termination */
809 pqsignal(SIGTTIN, SIG_IGN); /* ignored */
810 pqsignal(SIGTTOU, SIG_IGN); /* ignored */
811 /* ignore SIGXFSZ, so that ulimit violations work like disk full */
813 pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
817 * Reset whereToSendOutput from Debug (its starting state) to None.
818 * This prevents ereport from sending log messages to stderr unless
819 * the syslog/stderr switch permits. We don't do this until the
820 * postmaster is fully launched, since startup failures may as well be
821 * reported to stderr.
823 whereToSendOutput = None;
826 * On many platforms, the first call of localtime() incurs significant
827 * overhead to load timezone info from the system configuration files.
828 * By doing it once in the postmaster, we avoid having to do it in
829 * every started child process. The savings are not huge, but they
833 time_t now = time(NULL);
835 (void) pg_localtime(&now);
839 * Initialize and try to startup the statistics collector process
845 * Load cached files for client authentication.
853 * We're ready to rock and roll...
855 StartupPID = StartupDataBase();
857 status = ServerLoop();
860 * ServerLoop probably shouldn't ever return, but if it does, close
863 ExitPostmaster(status != STATUS_OK);
865 return 0; /* not reached */
870 * Validate the proposed data directory
873 checkDataDir(const char *checkdir)
875 char path[MAXPGPATH];
877 struct stat stat_buf;
879 if (checkdir == NULL)
882 gettext("%s does not know where to find the database system data.\n"
883 "You must specify the directory that contains the database system\n"
884 "either by specifying the -D invocation option or by setting the\n"
885 "PGDATA environment variable.\n"),
890 if (stat(checkdir, &stat_buf) == -1)
894 (errcode_for_file_access(),
895 errmsg("data directory \"%s\" does not exist",
899 (errcode_for_file_access(),
900 errmsg("could not read permissions of directory \"%s\": %m",
905 * Check if the directory has group or world access. If so, reject.
907 * XXX temporarily suppress check when on Windows, because there may not
908 * be proper support for Unix-y file permissions. Need to think of a
909 * reasonable check to apply on Windows.
911 #if !defined(__CYGWIN__) && !defined(WIN32)
912 if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
914 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
915 errmsg("data directory \"%s\" has group or world access",
917 errdetail("Permissions should be u=rwx (0700).")));
920 /* Look for PG_VERSION before looking for pg_control */
921 ValidatePgVersion(checkdir);
923 snprintf(path, sizeof(path), "%s/global/pg_control", checkdir);
925 fp = AllocateFile(path, PG_BINARY_R);
929 gettext("%s: could not find the database system\n"
930 "Expected to find it in the directory \"%s\",\n"
931 "but could not open file \"%s\": %s\n"),
932 progname, checkdir, path, strerror(errno));
939 #ifdef USE_RENDEZVOUS
942 * empty callback function for DNSServiceRegistrationCreate()
945 reg_reply(DNSServiceRegistrationReplyErrorType errorCode, void *context)
950 #endif /* USE_RENDEZVOUS */
954 * Fork away from the controlling terminal (-S option)
961 elog(FATAL, "SilentMode not supported under WIN32");
967 struct itimerval prof_itimer;
971 /* see comments in BackendStartup */
972 getitimer(ITIMER_PROF, &prof_itimer);
976 if (pid == (pid_t) -1)
978 postmaster_error("could not fork background process: %s",
984 /* Parent should just exit, without doing any atexit cleanup */
989 setitimer(ITIMER_PROF, &prof_itimer, NULL);
992 MyProcPid = getpid(); /* reset MyProcPid to child */
994 /* GH: If there's no setsid(), we hopefully don't need silent mode.
995 * Until there's a better solution.
1000 postmaster_error("could not dissociate from controlling TTY: %s",
1005 i = open(NULL_DEV, O_RDWR | PG_BINARY);
1015 * Print out help message
1018 usage(const char *progname)
1020 printf(gettext("%s is the PostgreSQL server.\n\n"), progname);
1021 printf(gettext("Usage:\n %s [OPTION]...\n\n"), progname);
1022 printf(gettext("Options:\n"));
1023 #ifdef USE_ASSERT_CHECKING
1024 printf(gettext(" -A 1|0 enable/disable run-time assert checking\n"));
1026 printf(gettext(" -B NBUFFERS number of shared buffers\n"));
1027 printf(gettext(" -c NAME=VALUE set run-time parameter\n"));
1028 printf(gettext(" -d 1-5 debugging level\n"));
1029 printf(gettext(" -D DATADIR database directory\n"));
1030 printf(gettext(" -F turn fsync off\n"));
1031 printf(gettext(" -h HOSTNAME host name or IP address to listen on\n"));
1032 printf(gettext(" -i enable TCP/IP connections\n"));
1033 printf(gettext(" -k DIRECTORY Unix-domain socket location\n"));
1035 printf(gettext(" -l enable SSL connections\n"));
1037 printf(gettext(" -N MAX-CONNECT maximum number of allowed connections\n"));
1038 printf(gettext(" -o OPTIONS pass \"OPTIONS\" to each server process\n"));
1039 printf(gettext(" -p PORT port number to listen on\n"));
1040 printf(gettext(" -S silent mode (start in background without logging output)\n"));
1041 printf(gettext(" --help show this help, then exit\n"));
1042 printf(gettext(" --version output version information, then exit\n"));
1044 printf(gettext("\nDeveloper options:\n"));
1045 printf(gettext(" -n do not reinitialize shared memory after abnormal exit\n"));
1046 printf(gettext(" -s send SIGSTOP to all backend servers if one dies\n"));
1048 printf(gettext("\nPlease read the documentation for the complete list of run-time\n"
1049 "configuration settings and how to set them on the command line or in\n"
1050 "the configuration file.\n\n"
1051 "Report bugs to <pgsql-bugs@postgresql.org>.\n"));
1056 * Main loop of postmaster
1068 gettimeofday(&now, &tz);
1070 nSockets = initMasks(&readmask);
1076 struct timeval timeout;
1079 * The timeout for the select() below is normally set on the basis
1080 * of the time to the next checkpoint. However, if for some
1081 * reason we don't have a next-checkpoint time, time out after 60
1082 * seconds. This keeps checkpoint scheduling from locking up when
1083 * we get new connection requests infrequently (since we are
1084 * likely to detect checkpoint completion just after enabling
1085 * signals below, after we've already made the decision about how
1086 * long to wait this time).
1088 timeout.tv_sec = 60;
1089 timeout.tv_usec = 0;
1091 if (CheckPointPID == 0 && checkpointed &&
1092 StartupPID == 0 && Shutdown == NoShutdown &&
1093 !FatalError && random_seed != 0)
1095 time_t now = time(NULL);
1097 if (CheckPointTimeout + checkpointed > now)
1100 * Not time for checkpoint yet, so set select timeout
1102 timeout.tv_sec = CheckPointTimeout + checkpointed - now;
1106 /* Time to make the checkpoint... */
1107 CheckPointPID = CheckPointDataBase();
1110 * if fork failed, schedule another try at 0.1 normal
1113 if (CheckPointPID == 0)
1115 timeout.tv_sec = CheckPointTimeout / 10;
1116 checkpointed = now + timeout.tv_sec - CheckPointTimeout;
1122 * If no background writer process is running and we should do
1123 * background writing, start one. It doesn't matter if this fails,
1124 * we'll just try again later.
1126 if (BgWriterPID == 0 && BgWriterPercent > 0 &&
1127 StartupPID == 0 && Shutdown == NoShutdown &&
1128 !FatalError && random_seed != 0)
1129 BgWriterPID = StartBackgroundWriter();
1132 * Wait for something to happen.
1134 memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
1136 PG_SETMASK(&UnBlockSig);
1138 if (select(nSockets, &rmask, NULL, NULL, &timeout) < 0)
1140 PG_SETMASK(&BlockSig);
1141 if (errno == EINTR || errno == EWOULDBLOCK)
1144 (errcode_for_socket_access(),
1145 errmsg("select() failed in postmaster: %m")));
1146 return STATUS_ERROR;
1150 * Block all signals until we wait again. (This makes it safe for
1151 * our signal handlers to do nontrivial work.)
1153 PG_SETMASK(&BlockSig);
1156 * Select a random seed at the time of first receiving a request.
1158 while (random_seed == 0)
1160 gettimeofday(&later, &tz);
1163 * We are not sure how much precision is in tv_usec, so we
1164 * swap the nibbles of 'later' and XOR them with 'now'. On the
1165 * off chance that the result is 0, we loop until it isn't.
1167 random_seed = now.tv_usec ^
1168 ((later.tv_usec << 16) |
1169 ((later.tv_usec >> 16) & 0xffff));
1173 * New connection pending on any of our sockets? If so, fork a
1174 * child process to deal with it.
1176 for (i = 0; i < MAXLISTEN; i++)
1178 if (ListenSocket[i] == -1)
1180 if (FD_ISSET(ListenSocket[i], &rmask))
1182 port = ConnCreate(ListenSocket[i]);
1185 BackendStartup(port);
1188 * We no longer need the open socket or port structure
1191 StreamClose(port->sock);
1197 /* If we have lost the stats collector, try to start a new one */
1198 if (!pgstat_is_running)
1205 * Initialise the masks for select() for the ports
1206 * we are listening on. Return the number of sockets to listen on.
1209 initMasks(fd_set *rmask)
1216 for (i = 0; i < MAXLISTEN; i++)
1218 int fd = ListenSocket[i];
1232 * Read the startup packet and do something according to it.
1234 * Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
1235 * not return at all.
1237 * (Note that ereport(FATAL) stuff is sent to the client, so only use it
1238 * if that's what you want. Return STATUS_ERROR if you don't want to
1239 * send anything to the client, which would typically be appropriate
1240 * if we detect a communications failure.)
1243 ProcessStartupPacket(Port *port, bool SSLdone)
1247 ProtocolVersion proto;
1248 MemoryContext oldcontext;
1250 if (pq_getbytes((char *) &len, 4) == EOF)
1253 * EOF after SSLdone probably means the client didn't like our
1254 * response to NEGOTIATE_SSL_CODE. That's not an error condition,
1255 * so don't clutter the log with a complaint.
1259 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1260 errmsg("incomplete startup packet")));
1261 return STATUS_ERROR;
1267 if (len < (int32) sizeof(ProtocolVersion) ||
1268 len > MAX_STARTUP_PACKET_LENGTH)
1271 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1272 errmsg("invalid length of startup packet")));
1273 return STATUS_ERROR;
1277 * Allocate at least the size of an old-style startup packet, plus one
1278 * extra byte, and make sure all are zeroes. This ensures we will
1279 * have null termination of all strings, in both fixed- and
1280 * variable-length packet layouts.
1282 if (len <= (int32) sizeof(StartupPacket))
1283 buf = palloc0(sizeof(StartupPacket) + 1);
1285 buf = palloc0(len + 1);
1287 if (pq_getbytes(buf, len) == EOF)
1290 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1291 errmsg("incomplete startup packet")));
1292 return STATUS_ERROR;
1296 * The first field is either a protocol version number or a special
1299 port->proto = proto = ntohl(*((ProtocolVersion *) buf));
1301 if (proto == CANCEL_REQUEST_CODE)
1303 processCancelRequest(port, buf);
1304 return 127; /* XXX */
1307 if (proto == NEGOTIATE_SSL_CODE && !SSLdone)
1312 /* No SSL when disabled or on Unix sockets */
1313 if (!EnableSSL || IS_AF_UNIX(port->laddr.addr.ss_family))
1316 SSLok = 'S'; /* Support for SSL */
1318 SSLok = 'N'; /* No support for SSL */
1320 if (send(port->sock, &SSLok, 1, 0) != 1)
1323 (errcode_for_socket_access(),
1324 errmsg("failed to send SSL negotiation response: %m")));
1325 return STATUS_ERROR; /* close the connection */
1329 if (SSLok == 'S' && secure_open_server(port) == -1)
1330 return STATUS_ERROR;
1332 /* regular startup packet, cancel, etc packet should follow... */
1333 /* but not another SSL negotiation request */
1334 return ProcessStartupPacket(port, true);
1337 /* Could add additional special packet types here */
1340 * Set FrontendProtocol now so that ereport() knows what format to
1341 * send if we fail during startup.
1343 FrontendProtocol = proto;
1345 /* Check we can handle the protocol the frontend is using. */
1347 if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
1348 PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) ||
1349 (PG_PROTOCOL_MAJOR(proto) == PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) &&
1350 PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST)))
1352 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1353 errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
1354 PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
1355 PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
1356 PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
1357 PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));
1360 * Now fetch parameters out of startup packet and save them into the
1361 * Port structure. All data structures attached to the Port struct
1362 * must be allocated in TopMemoryContext so that they won't disappear
1363 * when we pass them to PostgresMain (see BackendRun). We need not
1364 * worry about leaking this storage on failure, since we aren't in the
1365 * postmaster process anymore.
1367 oldcontext = MemoryContextSwitchTo(TopMemoryContext);
1369 if (PG_PROTOCOL_MAJOR(proto) >= 3)
1371 int32 offset = sizeof(ProtocolVersion);
1374 * Scan packet body for name/option pairs. We can assume any
1375 * string beginning within the packet body is null-terminated,
1376 * thanks to zeroing extra byte above.
1378 port->guc_options = NIL;
1380 while (offset < len)
1382 char *nameptr = ((char *) buf) + offset;
1386 if (*nameptr == '\0')
1387 break; /* found packet terminator */
1388 valoffset = offset + strlen(nameptr) + 1;
1389 if (valoffset >= len)
1390 break; /* missing value, will complain below */
1391 valptr = ((char *) buf) + valoffset;
1393 if (strcmp(nameptr, "database") == 0)
1394 port->database_name = pstrdup(valptr);
1395 else if (strcmp(nameptr, "user") == 0)
1396 port->user_name = pstrdup(valptr);
1397 else if (strcmp(nameptr, "options") == 0)
1398 port->cmdline_options = pstrdup(valptr);
1401 /* Assume it's a generic GUC option */
1402 port->guc_options = lappend(port->guc_options,
1404 port->guc_options = lappend(port->guc_options,
1407 offset = valoffset + strlen(valptr) + 1;
1411 * If we didn't find a packet terminator exactly at the end of the
1412 * given packet length, complain.
1414 if (offset != len - 1)
1416 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1417 errmsg("invalid startup packet layout: expected terminator as last byte")));
1422 * Get the parameters from the old-style, fixed-width-fields
1423 * startup packet as C strings. The packet destination was
1424 * cleared first so a short packet has zeros silently added. We
1425 * have to be prepared to truncate the pstrdup result for oversize
1428 StartupPacket *packet = (StartupPacket *) buf;
1430 port->database_name = pstrdup(packet->database);
1431 if (strlen(port->database_name) > sizeof(packet->database))
1432 port->database_name[sizeof(packet->database)] = '\0';
1433 port->user_name = pstrdup(packet->user);
1434 if (strlen(port->user_name) > sizeof(packet->user))
1435 port->user_name[sizeof(packet->user)] = '\0';
1436 port->cmdline_options = pstrdup(packet->options);
1437 if (strlen(port->cmdline_options) > sizeof(packet->options))
1438 port->cmdline_options[sizeof(packet->options)] = '\0';
1439 port->guc_options = NIL;
1442 /* Check a user name was given. */
1443 if (port->user_name == NULL || port->user_name[0] == '\0')
1445 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1446 errmsg("no PostgreSQL user name specified in startup packet")));
1448 /* The database defaults to the user name. */
1449 if (port->database_name == NULL || port->database_name[0] == '\0')
1450 port->database_name = pstrdup(port->user_name);
1452 if (Db_user_namespace)
1455 * If user@, it is a global user, remove '@'. We only want to do
1456 * this if there is an '@' at the end and no earlier in the user
1457 * string or they may fake as a local user of another database
1458 * attaching to this database.
1460 if (strchr(port->user_name, '@') ==
1461 port->user_name + strlen(port->user_name) - 1)
1462 *strchr(port->user_name, '@') = '\0';
1465 /* Append '@' and dbname */
1468 db_user = palloc(strlen(port->user_name) +
1469 strlen(port->database_name) + 2);
1470 sprintf(db_user, "%s@%s", port->user_name, port->database_name);
1471 port->user_name = db_user;
1476 * Truncate given database and user names to length of a Postgres
1477 * name. This avoids lookup failures when overlength names are given.
1479 if (strlen(port->database_name) >= NAMEDATALEN)
1480 port->database_name[NAMEDATALEN - 1] = '\0';
1481 if (strlen(port->user_name) >= NAMEDATALEN)
1482 port->user_name[NAMEDATALEN - 1] = '\0';
1485 * Done putting stuff in TopMemoryContext.
1487 MemoryContextSwitchTo(oldcontext);
1490 * If we're going to reject the connection due to database state, say
1491 * so now instead of wasting cycles on an authentication exchange.
1492 * (This also allows a pg_ping utility to be written.)
1494 switch (port->canAcceptConnections)
1498 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1499 errmsg("the database system is starting up")));
1503 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1504 errmsg("the database system is shutting down")));
1508 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1509 errmsg("the database system is in recovery mode")));
1513 (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
1514 errmsg("sorry, too many clients already")));
1526 * The client has sent a cancel request packet, not a normal
1527 * start-a-new-connection packet. Perform the necessary processing.
1528 * Nothing is sent back to the client.
1531 processCancelRequest(Port *port, void *pkt)
1533 CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
1535 long cancelAuthCode;
1537 #ifndef EXEC_BACKEND
1543 backendPID = (int) ntohl(canc->backendPID);
1544 cancelAuthCode = (long) ntohl(canc->cancelAuthCode);
1546 if (backendPID == CheckPointPID)
1549 (errmsg_internal("ignoring cancel request for checkpoint process %d",
1553 else if (backendPID == BgWriterPID)
1556 (errmsg_internal("ignoring cancel request for bgwriter process %d",
1562 * See if we have a matching backend. In the EXEC_BACKEND case, we
1563 * can no longer access the postmaster's own backend list, and must
1564 * rely on the backup array in shared memory.
1566 #ifndef EXEC_BACKEND
1567 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
1569 bp = (Backend *) DLE_VAL(curr);
1571 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
1573 bp = (Backend *) &ShmemBackendArray[i];
1575 if (bp->pid == backendPID)
1577 if (bp->cancel_key == cancelAuthCode)
1579 /* Found a match; signal that backend to cancel current op */
1581 (errmsg_internal("processing cancel request: sending SIGINT to process %d",
1583 kill(bp->pid, SIGINT);
1586 /* Right PID, wrong key: no way, Jose */
1588 (errmsg_internal("bad key in cancel request for process %d",
1594 /* No matching backend */
1596 (errmsg_internal("bad pid in cancel request for process %d",
1601 * canAcceptConnections --- check to see if database state allows connections.
1603 static enum CAC_state
1604 canAcceptConnections(void)
1606 /* Can't start backends when in startup/shutdown/recovery state. */
1607 if (Shutdown > NoShutdown)
1608 return CAC_SHUTDOWN;
1612 return CAC_RECOVERY;
1615 * Don't start too many children.
1617 * We allow more connections than we can have backends here because some
1618 * might still be authenticating; they might fail auth, or some
1619 * existing backend might exit before the auth cycle is completed. The
1620 * exact MaxBackends limit is enforced when a new backend tries to
1621 * join the shared-inval backend array.
1623 if (CountChildren() >= 2 * MaxBackends)
1631 * ConnCreate -- create a local connection data structure
1634 ConnCreate(int serverFd)
1638 if (!(port = (Port *) calloc(1, sizeof(Port))))
1641 (errcode(ERRCODE_OUT_OF_MEMORY),
1642 errmsg("out of memory")));
1646 if (StreamConnection(serverFd, port) != STATUS_OK)
1648 StreamClose(port->sock);
1655 * Precompute password salt values to use for this connection.
1656 * It's slightly annoying to do this long in advance of knowing
1657 * whether we'll need 'em or not, but we must do the random()
1658 * calls before we fork, not after. Else the postmaster's random
1659 * sequence won't get advanced, and all backends would end up
1660 * using the same salt...
1662 RandomSalt(port->cryptSalt, port->md5Salt);
1670 * ConnFree -- free a local connection data structure
1673 ConnFree(Port *conn)
1683 * ClosePostmasterPorts -- close all the postmaster's open sockets
1685 * This is called during child process startup to release file descriptors
1686 * that are not needed by that child process. The postmaster still has
1687 * them open, of course.
1690 ClosePostmasterPorts(bool pgstat_too)
1694 /* Close the listen sockets */
1695 for (i = 0; i < MAXLISTEN; i++)
1697 if (ListenSocket[i] != -1)
1699 StreamClose(ListenSocket[i]);
1700 ListenSocket[i] = -1;
1704 /* Close pgstat control sockets, unless we're starting pgstat itself */
1706 pgstat_close_sockets();
1711 * reset_shared -- reset shared memory and semaphores
1714 reset_shared(unsigned short port)
1717 * Create or re-create shared memory and semaphores.
1719 * Note: in each "cycle of life" we will normally assign the same IPC
1720 * keys (if using SysV shmem and/or semas), since the port number is
1721 * used to determine IPC keys. This helps ensure that we will clean
1722 * up dead IPC objects if the postmaster crashes and is restarted.
1724 CreateSharedMemoryAndSemaphores(false, MaxBackends, port);
1729 * SIGHUP -- reread config files, and tell children to do same
1732 SIGHUP_handler(SIGNAL_ARGS)
1734 int save_errno = errno;
1736 PG_SETMASK(&BlockSig);
1738 if (Shutdown <= SmartShutdown)
1741 (errmsg("received SIGHUP, reloading configuration files")));
1742 ProcessConfigFile(PGC_SIGHUP);
1743 SignalChildren(SIGHUP);
1748 /* Update the starting-point file for future children */
1749 write_nondefault_variables(PGC_SIGHUP);
1753 * Tell the background writer to terminate so that we will start a
1754 * new one with a possibly changed config
1756 if (BgWriterPID != 0)
1757 kill(BgWriterPID, SIGTERM);
1760 PG_SETMASK(&UnBlockSig);
1767 * pmdie -- signal handler for processing various postmaster signals.
1772 int save_errno = errno;
1774 PG_SETMASK(&BlockSig);
1777 (errmsg_internal("postmaster received signal %d",
1778 postgres_signal_arg)));
1780 switch (postgres_signal_arg)
1787 * Wait for children to end their work and ShutdownDataBase.
1789 if (Shutdown >= SmartShutdown)
1791 Shutdown = SmartShutdown;
1793 (errmsg("received smart shutdown request")));
1795 /* Must tell bgwriter to quit, or it never will... */
1796 if (BgWriterPID != 0)
1797 kill(BgWriterPID, SIGTERM);
1799 if (DLGetHead(BackendList)) /* let reaper() handle this */
1803 * No children left. Shutdown data base system.
1805 if (StartupPID > 0 || FatalError) /* let reaper() handle
1808 if (ShutdownPID > 0)
1810 elog(PANIC, "shutdown process %d already running",
1815 ShutdownPID = ShutdownDataBase();
1823 * Abort all children with SIGTERM (rollback active transactions
1824 * and exit) and ShutdownDataBase when they are gone.
1826 if (Shutdown >= FastShutdown)
1828 Shutdown = FastShutdown;
1830 (errmsg("received fast shutdown request")));
1832 if (DLGetHead(BackendList))
1837 (errmsg("aborting any active transactions")));
1838 SignalChildren(SIGTERM);
1839 /* reaper() does the rest */
1845 * No children left. Shutdown data base system.
1847 * Unlike the previous case, it is not an error for the shutdown
1848 * process to be running already (we could get SIGTERM
1849 * followed shortly later by SIGINT).
1851 if (StartupPID > 0 || FatalError) /* let reaper() handle
1854 if (ShutdownPID == 0)
1855 ShutdownPID = ShutdownDataBase();
1861 * Immediate Shutdown:
1863 * abort all children with SIGQUIT and exit without attempt to
1864 * properly shutdown data base system.
1867 (errmsg("received immediate shutdown request")));
1868 if (ShutdownPID > 0)
1869 kill(ShutdownPID, SIGQUIT);
1871 kill(StartupPID, SIGQUIT);
1872 if (DLGetHead(BackendList))
1873 SignalChildren(SIGQUIT);
1878 PG_SETMASK(&UnBlockSig);
1884 * Reaper -- signal handler to cleanup after a backend (child) dies.
1889 int save_errno = errno;
1892 int status; /* backend exit status */
1896 union wait status; /* backend exit status */
1900 int pid; /* process id of dead backend */
1902 PG_SETMASK(&BlockSig);
1905 (errmsg_internal("reaping dead processes")));
1907 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
1909 exitstatus = status;
1912 while ((pid = wait3(&status, WNOHANG, NULL)) > 0)
1914 exitstatus = status.w_status;
1916 while ((pid = win32_waitpid(&exitstatus)) > 0)
1919 * We need to do this here, and not in CleanupProc, since this is
1920 * to be called on all children when we are done with them. Could
1921 * move to LogChildExit, but that seems like asking for future
1924 win32_RemoveChild(pid);
1926 #endif /* HAVE_WAITPID */
1929 * Check if this child was the statistics collector. If so, try to
1930 * start a new one. (If fail, we'll try again in future cycles of
1933 if (pgstat_ispgstat(pid))
1935 LogChildExit(LOG, gettext("statistics collector process"),
1942 * Check if this child was a shutdown or startup process.
1944 if (ShutdownPID > 0 && pid == ShutdownPID)
1946 if (exitstatus != 0)
1948 LogChildExit(LOG, gettext("shutdown process"),
1952 /* Normal postmaster exit is here */
1956 if (StartupPID > 0 && pid == StartupPID)
1958 if (exitstatus != 0)
1960 LogChildExit(LOG, gettext("startup process"),
1963 (errmsg("aborting startup due to startup process failure")));
1969 * Startup succeeded - we are done with system startup or recovery.
1974 * Arrange for first checkpoint to occur after standard delay.
1977 checkpointed = time(NULL);
1980 * Go to shutdown mode if a shutdown request was pending.
1982 if (Shutdown > NoShutdown)
1984 if (ShutdownPID > 0)
1986 elog(PANIC, "startup process %d died while shutdown process %d already running",
1987 pid, (int) ShutdownPID);
1990 ShutdownPID = ShutdownDataBase();
1997 * Else do standard child cleanup.
1999 CleanupProc(pid, exitstatus);
2001 } /* loop over pending child-death reports */
2006 * Wait for all children exit, then reset shmem and
2009 if (DLGetHead(BackendList) || StartupPID > 0 || ShutdownPID > 0)
2012 (errmsg("all server processes terminated; reinitializing")));
2015 reset_shared(PostPortNumber);
2017 StartupPID = StartupDataBase();
2022 if (Shutdown > NoShutdown)
2024 if (DLGetHead(BackendList))
2026 if (StartupPID > 0 || ShutdownPID > 0)
2028 ShutdownPID = ShutdownDataBase();
2032 PG_SETMASK(&UnBlockSig);
2039 * CleanupProc -- cleanup after terminated backend.
2041 * Remove all local state associated with backend.
2044 CleanupProc(int pid,
2045 int exitstatus) /* child's exit status. */
2051 LogChildExit(DEBUG2, gettext("child process"), pid, exitstatus);
2054 * If a backend dies in an ugly way (i.e. exit status not 0) then we
2055 * must signal all other backends to quickdie. If exit status is zero
2056 * we assume everything is hunky dory and simply remove the backend
2057 * from the active backend list.
2059 if (exitstatus == 0)
2061 curr = DLGetHead(BackendList);
2064 bp = (Backend *) DLE_VAL(curr);
2068 ShmemBackendArrayRemove(bp->pid);
2075 curr = DLGetSucc(curr);
2078 if (pid == CheckPointPID)
2083 checkpointed = time(NULL);
2086 else if (pid == BgWriterPID)
2094 /* below here we're dealing with a non-normal exit */
2096 /* Make log entry unless we did so already */
2100 (pid == CheckPointPID) ? gettext("checkpoint process") :
2101 (pid == BgWriterPID) ? gettext("bgwriter process") :
2102 gettext("server process"),
2105 (errmsg("terminating any other active server processes")));
2108 curr = DLGetHead(BackendList);
2111 next = DLGetSucc(curr);
2112 bp = (Backend *) DLE_VAL(curr);
2116 * This backend is still alive. Unless we did so already,
2117 * tell it to commit hara-kiri.
2119 * SIGQUIT is the special signal that says exit without proc_exit
2120 * and let the user know what's going on. But if SendStop is
2121 * set (-s on command line), then we send SIGSTOP instead, so
2122 * that we can get core dumps from all backends by hand.
2127 (errmsg_internal("sending %s to process %d",
2128 (SendStop ? "SIGSTOP" : "SIGQUIT"),
2130 kill(bp->pid, (SendStop ? SIGSTOP : SIGQUIT));
2136 * Found entry for freshly-dead backend, so remove it.
2139 ShmemBackendArrayRemove(bp->pid);
2148 if (pid == CheckPointPID)
2153 else if (pid == BgWriterPID)
2158 * Tell the collector about backend termination
2167 * Log the death of a child process.
2170 LogChildExit(int lev, const char *procname, int pid, int exitstatus)
2172 if (WIFEXITED(exitstatus))
2176 * translator: %s is a noun phrase describing a child process,
2177 * such as "server process"
2179 (errmsg("%s (PID %d) exited with exit code %d",
2180 procname, pid, WEXITSTATUS(exitstatus))));
2181 else if (WIFSIGNALED(exitstatus))
2185 * translator: %s is a noun phrase describing a child process,
2186 * such as "server process"
2188 (errmsg("%s (PID %d) was terminated by signal %d",
2189 procname, pid, WTERMSIG(exitstatus))));
2194 * translator: %s is a noun phrase describing a child process,
2195 * such as "server process"
2197 (errmsg("%s (PID %d) exited with unexpected status %d",
2198 procname, pid, exitstatus)));
2202 * Send a signal to all backend children.
2205 SignalChildren(int signal)
2211 curr = DLGetHead(BackendList);
2214 next = DLGetSucc(curr);
2215 bp = (Backend *) DLE_VAL(curr);
2217 if (bp->pid != MyProcPid)
2220 (errmsg_internal("sending signal %d to process %d",
2223 kill(bp->pid, signal);
2231 * BackendStartup -- start backend process
2233 * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
2236 BackendStartup(Port *port)
2238 Backend *bn; /* for backend cleanup */
2241 #ifdef LINUX_PROFILE
2242 struct itimerval prof_itimer;
2246 * Compute the cancel key that will be assigned to this backend. The
2247 * backend will have its own copy in the forked-off process' value of
2248 * MyCancelKey, so that it can transmit the key to the frontend.
2250 MyCancelKey = PostmasterRandom();
2253 * Make room for backend data structure. Better before the fork() so
2254 * we can handle failure cleanly.
2256 bn = (Backend *) malloc(sizeof(Backend));
2260 (errcode(ERRCODE_OUT_OF_MEMORY),
2261 errmsg("out of memory")));
2262 return STATUS_ERROR;
2265 /* Pass down canAcceptConnections state (kluge for EXEC_BACKEND case) */
2266 port->canAcceptConnections = canAcceptConnections();
2269 * Flush stdio channels just before fork, to avoid double-output
2270 * problems. Ideally we'd use fflush(NULL) here, but there are still a
2271 * few non-ANSI stdio libraries out there (like SunOS 4.1.x) that
2272 * coredump if we do. Presently stdout and stderr are the only stdio
2273 * output channels used by the postmaster, so fflush'ing them should
2281 pid = backend_forkexec(port);
2283 #else /* !EXEC_BACKEND */
2285 #ifdef LINUX_PROFILE
2288 * Linux's fork() resets the profiling timer in the child process. If
2289 * we want to profile child processes then we need to save and restore
2290 * the timer setting. This is a waste of time if not profiling,
2291 * however, so only do it if commanded by specific -DLINUX_PROFILE
2294 getitimer(ITIMER_PROF, &prof_itimer);
2298 /* Specific beos actions before backend startup */
2299 beos_before_backend_startup();
2304 if (pid == 0) /* child */
2306 #ifdef LINUX_PROFILE
2307 setitimer(ITIMER_PROF, &prof_itimer, NULL);
2311 /* Specific beos backend startup actions */
2312 beos_backend_startup();
2316 proc_exit(BackendRun(port));
2319 #endif /* EXEC_BACKEND */
2323 /* in parent, fork failed */
2324 int save_errno = errno;
2327 /* Specific beos backend startup actions */
2328 beos_backend_startup_failed();
2333 (errmsg("could not fork new process for connection: %m")));
2334 report_fork_failure_to_client(port, save_errno);
2335 return STATUS_ERROR;
2338 /* in parent, successful fork */
2340 (errmsg_internal("forked new backend, pid=%d socket=%d",
2341 (int) pid, port->sock)));
2344 * Everything's been successful, it's safe to add this backend to our
2348 bn->cancel_key = MyCancelKey;
2350 ShmemBackendArrayAdd(bn);
2352 DLAddHead(BackendList, DLNewElem(bn));
2358 * Try to report backend fork() failure to client before we close the
2359 * connection. Since we do not care to risk blocking the postmaster on
2360 * this connection, we set the connection to non-blocking and try only once.
2362 * This is grungy special-purpose code; we cannot use backend libpq since
2363 * it's not up and running.
2366 report_fork_failure_to_client(Port *port, int errnum)
2370 /* Format the error message packet (always V2 protocol) */
2371 snprintf(buffer, sizeof(buffer), "E%s%s\n",
2372 gettext("could not fork new process for connection: "),
2375 /* Set port to non-blocking. Don't do send() if this fails */
2376 if (!set_noblock(port->sock))
2379 send(port->sock, buffer, strlen(buffer) + 1, 0);
2384 * split_opts -- split a string of options and append it to an argv array
2386 * NB: the string is destructively modified!
2388 * Since no current POSTGRES arguments require any quoting characters,
2389 * we can use the simple-minded tactic of assuming each set of space-
2390 * delimited characters is a separate argv element.
2392 * If you don't like that, well, we *used* to pass the whole option string
2393 * as ONE argument to execl(), which was even less intelligent...
2396 split_opts(char **argv, int *argcp, char *s)
2400 while (isspace((unsigned char) *s))
2404 argv[(*argcp)++] = s;
2405 while (*s && !isspace((unsigned char) *s))
2414 * BackendRun -- perform authentication, and if successful,
2415 * set up the backend's argument list and invoke PostgresMain()
2418 * Shouldn't return at all.
2419 * If PostgresMain() fails, return status.
2422 BackendRun(Port *port)
2427 char remote_host[NI_MAXHOST];
2428 char remote_port[NI_MAXSERV];
2429 char remote_ps_data[NI_MAXHOST];
2437 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
2440 * Let's clean up ourselves as the postmaster child, and close the
2441 * postmaster's other sockets
2443 ClosePostmasterPorts(true);
2445 /* We don't want the postmaster's proc_exit() handlers */
2449 * Signal handlers setting is moved to tcop/postgres...
2452 /* Save port etc. for ps status */
2455 /* Reset MyProcPid to new backend's pid */
2456 MyProcPid = getpid();
2459 * PreAuthDelay is a debugging aid for investigating problems in the
2460 * authentication cycle: it can be set in postgresql.conf to allow
2461 * time to attach to the newly-forked backend with a debugger. (See
2462 * also the -W backend switch, which we allow clients to pass through
2463 * PGOPTIONS, but it is not honored until after authentication.)
2465 if (PreAuthDelay > 0)
2466 pg_usleep(PreAuthDelay * 1000000L);
2468 ClientAuthInProgress = true; /* limit visibility of log messages */
2470 /* save start time for end of session reporting */
2471 gettimeofday(&(port->session_start), NULL);
2473 /* set these to empty in case they are needed before we set them up */
2474 port->remote_host = "";
2475 port->remote_port = "";
2476 port->commandTag = "";
2479 * Initialize libpq and enable reporting of ereport errors to the
2480 * client. Must do this now because authentication uses libpq to send
2483 pq_init(); /* initialize libpq to talk to client */
2484 whereToSendOutput = Remote; /* now safe to ereport to client */
2487 * We arrange for a simple exit(0) if we receive SIGTERM or SIGQUIT
2488 * during any client authentication related communication. Otherwise
2489 * the postmaster cannot shutdown the database FAST or IMMED cleanly
2490 * if a buggy client blocks a backend during authentication.
2492 pqsignal(SIGTERM, authdie);
2493 pqsignal(SIGQUIT, authdie);
2494 pqsignal(SIGALRM, authdie);
2495 PG_SETMASK(&AuthBlockSig);
2498 * Get the remote host name and port for logging and status display.
2500 remote_host[0] = '\0';
2501 remote_port[0] = '\0';
2502 if (getnameinfo_all(&port->raddr.addr, port->raddr.salen,
2503 remote_host, sizeof(remote_host),
2504 remote_port, sizeof(remote_port),
2505 (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV))
2507 int ret = getnameinfo_all(&port->raddr.addr, port->raddr.salen,
2508 remote_host, sizeof(remote_host),
2509 remote_port, sizeof(remote_port),
2510 NI_NUMERICHOST | NI_NUMERICSERV);
2514 (errmsg("getnameinfo_all() failed: %s",
2515 gai_strerror(ret))));
2517 snprintf(remote_ps_data, sizeof(remote_ps_data),
2518 remote_port[0] == '\0' ? "%s" : "%s(%s)",
2519 remote_host, remote_port);
2521 if (Log_connections)
2523 (errmsg("connection received: host=%s port=%s",
2524 remote_host, remote_port)));
2527 * save remote_host and remote_port in port stucture
2529 port->remote_host = strdup(remote_host);
2530 port->remote_port = strdup(remote_port);
2533 * In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.c
2534 * etcetera from the postmaster, and have to load them ourselves.
2535 * Build the PostmasterContext (which didn't exist before, in this
2536 * process) to contain the data.
2538 * FIXME: [fork/exec] Ugh. Is there a way around this overhead?
2541 Assert(PostmasterContext == NULL);
2542 PostmasterContext = AllocSetContextCreate(TopMemoryContext,
2544 ALLOCSET_DEFAULT_MINSIZE,
2545 ALLOCSET_DEFAULT_INITSIZE,
2546 ALLOCSET_DEFAULT_MAXSIZE);
2547 MemoryContextSwitchTo(PostmasterContext);
2556 * Ready to begin client interaction. We will give up and exit(0)
2557 * after a time delay, so that a broken client can't hog a connection
2558 * indefinitely. PreAuthDelay doesn't count against the time limit.
2560 if (!enable_sig_alarm(AuthenticationTimeout * 1000, false))
2561 elog(FATAL, "could not set timer for authorization timeout");
2564 * Receive the startup packet (which might turn out to be a cancel
2567 status = ProcessStartupPacket(port, false);
2569 if (status != STATUS_OK)
2573 * Now that we have the user and database name, we can set the process
2574 * title for ps. It's good to do this as early as possible in
2577 init_ps_display(port->user_name, port->database_name, remote_ps_data);
2578 set_ps_display("authentication");
2581 * Now perform authentication exchange.
2583 ClientAuthentication(port); /* might not return, if failure */
2586 * Done with authentication. Disable timeout, and prevent
2587 * SIGTERM/SIGQUIT again until backend startup is complete.
2589 if (!disable_sig_alarm(false))
2590 elog(FATAL, "could not disable timer for authorization timeout");
2591 PG_SETMASK(&BlockSig);
2593 if (Log_connections)
2595 (errmsg("connection authorized: user=%s database=%s",
2596 port->user_name, port->database_name)));
2599 * Don't want backend to be able to see the postmaster random number
2600 * generator state. We have to clobber the static random_seed *and*
2601 * start a new random sequence in the random() library function.
2604 gettimeofday(&now, &tz);
2605 srandom((unsigned int) now.tv_usec);
2609 * Now, build the argv vector that will be given to PostgresMain.
2611 * The layout of the command line is
2612 * postgres [secure switches] -p databasename [insecure switches]
2613 * where the switches after -p come from the client request.
2615 * The maximum possible number of commandline arguments that could come
2616 * from ExtraOptions or port->cmdline_options is (strlen + 1) / 2; see
2620 maxac = 10; /* for fixed args supplied below */
2621 maxac += (strlen(ExtraOptions) + 1) / 2;
2622 if (port->cmdline_options)
2623 maxac += (strlen(port->cmdline_options) + 1) / 2;
2625 av = (char **) MemoryContextAlloc(TopMemoryContext,
2626 maxac * sizeof(char *));
2629 av[ac++] = "postgres";
2632 * Pass the requested debugging level along to the backend.
2636 snprintf(debugbuf, sizeof(debugbuf), "-d%d", debug_flag);
2637 av[ac++] = debugbuf;
2641 * Pass any backend switches specified with -o in the postmaster's own
2642 * command line. We assume these are secure. (It's OK to mangle
2643 * ExtraOptions now, since we're safely inside a subprocess.)
2645 split_opts(av, &ac, ExtraOptions);
2647 /* Tell the backend what protocol the frontend is using. */
2648 snprintf(protobuf, sizeof(protobuf), "-v%u", port->proto);
2649 av[ac++] = protobuf;
2652 * Tell the backend it is being called from the postmaster, and which
2653 * database to use. -p marks the end of secure switches.
2656 av[ac++] = port->database_name;
2659 * Pass the (insecure) option switches from the connection request.
2660 * (It's OK to mangle port->cmdline_options now.)
2662 if (port->cmdline_options)
2663 split_opts(av, &ac, port->cmdline_options);
2670 * Release postmaster's working memory context so that backend can
2671 * recycle the space. Note this does not trash *MyProcPort, because
2672 * ConnCreate() allocated that space with malloc() ... else we'd need
2673 * to copy the Port data here. Also, subsidiary data such as the
2674 * username isn't lost either; see ProcessStartupPacket().
2676 MemoryContextSwitchTo(TopMemoryContext);
2677 MemoryContextDelete(PostmasterContext);
2678 PostmasterContext = NULL;
2681 * Debug: print arguments being passed to backend
2684 (errmsg_internal("%s child[%d]: starting with (",
2685 progname, getpid())));
2686 for (i = 0; i < ac; ++i)
2688 (errmsg_internal("\t%s", av[i])));
2690 (errmsg_internal(")")));
2692 ClientAuthInProgress = false; /* client_min_messages is active
2695 return (PostgresMain(ac, av, port->user_name));
2702 * postmaster_forkexec -- fork and exec a postmaster subprocess
2704 * The caller must have set up the argv array already, except for argv[2]
2705 * which will be filled with the name of the temp variable file.
2707 * Returns the child process PID, or -1 on fork failure (a suitable error
2708 * message has been logged on failure).
2710 * All uses of this routine will dispatch to SubPostmasterMain in the
2714 postmaster_forkexec(int argc, char *argv[])
2718 /* This entry point passes dummy values for the Port variables */
2719 memset(&port, 0, sizeof(port));
2720 return internal_forkexec(argc, argv, &port);
2724 * backend_forkexec -- fork/exec off a backend process
2726 * returns the pid of the fork/exec'd process, or -1 on failure
2729 backend_forkexec(Port *port)
2734 av[ac++] = "postgres";
2735 av[ac++] = "-forkbackend";
2736 av[ac++] = NULL; /* filled in by internal_forkexec */
2739 Assert(ac < lengthof(av));
2741 return internal_forkexec(ac, av, port);
2745 internal_forkexec(int argc, char *argv[], Port *port)
2748 char tmpfilename[MAXPGPATH];
2750 if (!write_backend_variables(tmpfilename, port))
2751 return -1; /* log made by write_backend_variables */
2753 /* Make sure caller set up argv properly */
2755 Assert(argv[argc] == NULL);
2756 Assert(strncmp(argv[1], "-fork", 5) == 0);
2757 Assert(argv[2] == NULL);
2759 /* Insert temp file name after -fork argument */
2760 argv[2] = tmpfilename;
2763 pid = win32_forkexec(postgres_exec_path, argv);
2765 /* Fire off execv in child */
2766 if ((pid = fork()) == 0)
2768 if (execv(postgres_exec_path, argv) < 0)
2771 (errmsg("could not exec backend process \"%s\": %m",
2772 postgres_exec_path)));
2773 /* We're already in the child process here, can't return */
2779 return pid; /* Parent returns pid, or -1 on fork failure */
2783 * SubPostmasterMain -- Get the fork/exec'd process into a state equivalent
2784 * to what it would be if we'd simply forked on Unix, and then
2785 * dispatch to the appropriate place.
2787 * The first two command line arguments are expected to be "-forkFOO"
2788 * (where FOO indicates which postmaster child we are to become), and
2789 * the name of a variables file that we can read to load data that would
2790 * have been inherited by fork() on Unix. Remaining arguments go to the
2791 * subprocess FooMain() routine.
2794 SubPostmasterMain(int argc, char *argv[])
2798 /* Do this sooner rather than later... */
2799 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
2801 MyProcPid = getpid(); /* reset MyProcPid */
2803 /* In EXEC_BACKEND case we will not have inherited these settings */
2804 IsPostmasterEnvironment = true;
2805 whereToSendOutput = None;
2807 PG_SETMASK(&BlockSig);
2809 /* Setup essential subsystems */
2810 MemoryContextInit();
2811 InitializeGUCOptions();
2813 /* Check we got appropriate args */
2815 elog(FATAL, "invalid subpostmaster invocation");
2817 /* Read in file-based context */
2818 memset(&port, 0, sizeof(Port));
2819 read_backend_variables(argv[2], &port);
2820 read_nondefault_variables();
2822 /* Run backend or appropriate child */
2823 if (strcmp(argv[1], "-forkbackend") == 0)
2825 /* BackendRun will close sockets */
2827 /* Attach process to shared segments */
2828 CreateSharedMemoryAndSemaphores(false, MaxBackends, 0);
2830 Assert(argc == 3); /* shouldn't be any more args */
2831 proc_exit(BackendRun(&port));
2833 if (strcmp(argv[1], "-forkboot") == 0)
2835 /* Close the postmaster's sockets */
2836 ClosePostmasterPorts(true);
2838 /* Attach process to shared segments */
2839 CreateSharedMemoryAndSemaphores(false, MaxBackends, 0);
2841 BootstrapMain(argc - 2, argv + 2);
2844 if (strcmp(argv[1], "-forkbuf") == 0)
2846 /* Close the postmaster's sockets */
2847 ClosePostmasterPorts(false);
2849 /* Do not want to attach to shared memory */
2851 PgstatBufferMain(argc, argv);
2854 if (strcmp(argv[1], "-forkcol") == 0)
2857 * Do NOT close postmaster sockets here, because we are forking from
2858 * pgstat buffer process, which already did it.
2861 /* Do not want to attach to shared memory */
2863 PgstatCollectorMain(argc, argv);
2867 return 1; /* shouldn't get here */
2870 #endif /* EXEC_BACKEND */
2874 * ExitPostmaster -- cleanup
2876 * Do NOT call exit() directly --- always go through here!
2879 ExitPostmaster(int status)
2881 /* should cleanup shared memory and kill all backends */
2884 * Not sure of the semantics here. When the Postmaster dies, should
2885 * the backends all be killed? probably not.
2887 * MUST -- vadim 05-10-1999
2889 /* Should I use true instead? */
2890 ClosePostmasterPorts(false);
2896 * sigusr1_handler - handle signal conditions from child processes
2899 sigusr1_handler(SIGNAL_ARGS)
2901 int save_errno = errno;
2903 PG_SETMASK(&BlockSig);
2905 if (CheckPostmasterSignal(PMSIGNAL_DO_CHECKPOINT))
2907 if (CheckPointWarning != 0)
2910 * This only times checkpoints forced by running out of
2911 * segment files. Other checkpoints could reduce the
2912 * frequency of forced checkpoints.
2914 time_t now = time(NULL);
2916 if (LastSignalledCheckpoint != 0)
2918 int elapsed_secs = now - LastSignalledCheckpoint;
2920 if (elapsed_secs < CheckPointWarning)
2922 (errmsg("checkpoints are occurring too frequently (%d seconds apart)",
2924 errhint("Consider increasing the configuration parameter \"checkpoint_segments\".")));
2926 LastSignalledCheckpoint = now;
2930 * Request to schedule a checkpoint
2932 * Ignore request if checkpoint is already running or checkpointing
2933 * is currently disabled
2935 if (CheckPointPID == 0 && checkpointed &&
2936 StartupPID == 0 && Shutdown == NoShutdown &&
2937 !FatalError && random_seed != 0)
2939 CheckPointPID = CheckPointDataBase();
2940 /* note: if fork fails, CheckPointPID stays 0; nothing happens */
2944 if (CheckPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE))
2947 * Password or group file has changed.
2953 if (CheckPostmasterSignal(PMSIGNAL_WAKEN_CHILDREN))
2956 * Send SIGUSR1 to all children (triggers
2957 * CatchupInterruptHandler). See storage/ipc/sinval[adt].c for the
2960 if (Shutdown == NoShutdown)
2961 SignalChildren(SIGUSR1);
2964 PG_SETMASK(&UnBlockSig);
2971 * Dummy signal handler
2973 * We use this for signals that we don't actually use in the postmaster,
2974 * but we do use in backends. If we SIG_IGN such signals in the postmaster,
2975 * then a newly started backend might drop a signal that arrives before it's
2976 * able to reconfigure its signal processing. (See notes in postgres.c.)
2979 dummy_handler(SIGNAL_ARGS)
2985 * CharRemap: given an int in range 0..61, produce textual encoding of it
2986 * per crypt(3) conventions.
3010 RandomSalt(char *cryptSalt, char *md5Salt)
3012 long rand = PostmasterRandom();
3014 cryptSalt[0] = CharRemap(rand % 62);
3015 cryptSalt[1] = CharRemap(rand / 62);
3018 * It's okay to reuse the first random value for one of the MD5 salt
3019 * bytes, since only one of the two salts will be sent to the client.
3020 * After that we need to compute more random bits.
3022 * We use % 255, sacrificing one possible byte value, so as to ensure
3023 * that all bits of the random() value participate in the result.
3024 * While at it, add one to avoid generating any null bytes.
3026 md5Salt[0] = (rand % 255) + 1;
3027 rand = PostmasterRandom();
3028 md5Salt[1] = (rand % 255) + 1;
3029 rand = PostmasterRandom();
3030 md5Salt[2] = (rand % 255) + 1;
3031 rand = PostmasterRandom();
3032 md5Salt[3] = (rand % 255) + 1;
3039 PostmasterRandom(void)
3041 static bool initialized = false;
3045 Assert(random_seed != 0);
3046 srandom(random_seed);
3054 * Count up number of child processes.
3063 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
3065 bp = (Backend *) DLE_VAL(curr);
3066 if (bp->pid != MyProcPid)
3069 /* Checkpoint and bgwriter will be in the list, discount them */
3070 if (CheckPointPID != 0)
3072 if (BgWriterPID != 0)
3079 * SSDataBase -- start a non-backend child process for the postmaster
3081 * xlog determines what kind of child will be started. All child types
3082 * initially go to BootstrapMain, which will handle common setup.
3084 * Return value of SSDataBase is subprocess' PID, or 0 if failed to start
3085 * subprocess (0 is returned only for checkpoint/bgwriter cases).
3088 SSDataBase(int xlop)
3095 #ifdef LINUX_PROFILE
3096 struct itimerval prof_itimer;
3100 * Set up command-line arguments for subprocess
3102 av[ac++] = "postgres";
3105 av[ac++] = "-forkboot";
3106 av[ac++] = NULL; /* filled in by postmaster_forkexec */
3109 snprintf(xlbuf, sizeof(xlbuf), "-x%d", xlop);
3113 av[ac++] = "template1";
3116 Assert(ac < lengthof(av));
3119 * Flush stdio channels (see comments in BackendStartup)
3126 pid = postmaster_forkexec(ac, av);
3128 #else /* !EXEC_BACKEND */
3130 #ifdef LINUX_PROFILE
3131 /* see comments in BackendStartup */
3132 getitimer(ITIMER_PROF, &prof_itimer);
3136 /* Specific beos actions before backend startup */
3137 beos_before_backend_startup();
3142 if (pid == 0) /* child */
3144 #ifdef LINUX_PROFILE
3145 setitimer(ITIMER_PROF, &prof_itimer, NULL);
3149 /* Specific beos actions after backend startup */
3150 beos_backend_startup();
3153 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
3155 /* Close the postmaster's sockets */
3156 ClosePostmasterPorts(true);
3158 /* Lose the postmaster's on-exit routines and port connections */
3161 BootstrapMain(ac, av);
3165 #endif /* EXEC_BACKEND */
3169 /* in parent, fork failed */
3170 int save_errno = errno;
3173 /* Specific beos actions before backend startup */
3174 beos_backend_startup_failed();
3179 case BS_XLOG_STARTUP:
3181 (errmsg("could not fork startup process: %m")));
3183 case BS_XLOG_CHECKPOINT:
3185 (errmsg("could not fork checkpoint process: %m")));
3187 case BS_XLOG_BGWRITER:
3189 (errmsg("could not fork bgwriter process: %m")));
3191 case BS_XLOG_SHUTDOWN:
3193 (errmsg("could not fork shutdown process: %m")));
3197 (errmsg("could not fork process: %m")));
3202 * fork failure is fatal during startup/shutdown, but there's no
3203 * need to choke if a routine checkpoint or starting a background
3206 if (xlop == BS_XLOG_CHECKPOINT)
3208 if (xlop == BS_XLOG_BGWRITER)
3214 * in parent, successful fork
3216 * The startup and shutdown processes are not considered normal
3217 * backends, but the checkpoint and bgwriter processes are. They must
3218 * be added to the list of backends.
3220 if (xlop == BS_XLOG_CHECKPOINT || xlop == BS_XLOG_BGWRITER)
3222 if (!(bn = (Backend *) malloc(sizeof(Backend))))
3225 (errcode(ERRCODE_OUT_OF_MEMORY),
3226 errmsg("out of memory")));
3231 bn->cancel_key = PostmasterRandom();
3233 ShmemBackendArrayAdd(bn);
3235 DLAddHead(BackendList, DLNewElem(bn));
3238 * Since this code is executed periodically, it's a fine place to
3239 * do other actions that should happen every now and then on no
3240 * particular schedule. Such as...
3243 TouchSocketLockFile();
3251 * Create the opts file
3254 CreateOptsFile(int argc, char *argv[], char *fullprogname)
3256 char filename[MAXPGPATH];
3260 snprintf(filename, sizeof(filename), "%s/postmaster.opts", DataDir);
3262 if ((fp = fopen(filename, "w")) == NULL)
3264 elog(LOG, "could not create file \"%s\": %m", filename);
3268 fprintf(fp, "%s", fullprogname);
3269 for (i = 1; i < argc; i++)
3270 fprintf(fp, " '%s'", argv[i]);
3275 elog(LOG, "could not write file \"%s\": %m", filename);
3283 * This should be used only for reporting "interactive" errors (essentially,
3284 * bogus arguments on the command line). Once the postmaster is launched,
3285 * use ereport. In particular, don't use this for anything that occurs
3286 * after pmdaemonize.
3289 postmaster_error(const char *fmt,...)
3293 fprintf(stderr, "%s: ", progname);
3295 vfprintf(stderr, gettext(fmt), ap);
3297 fprintf(stderr, "\n");
3304 * The following need to be available to the read/write_backend_variables
3307 #include "storage/spin.h"
3309 extern slock_t *ShmemLock;
3310 extern slock_t *ShmemIndexLock;
3311 extern void *ShmemIndexAlloc;
3312 typedef struct LWLock LWLock;
3313 extern LWLock *LWLockArray;
3314 extern slock_t *ProcStructLock;
3315 extern int pgStatSock;
3317 #define write_var(var,fp) fwrite((void*)&(var),sizeof(var),1,fp)
3318 #define read_var(var,fp) fread((void*)&(var),sizeof(var),1,fp)
3321 write_backend_variables(char *filename, Port *port)
3323 static unsigned long tmpBackendFileNum = 0;
3325 char str_buf[MAXPGPATH];
3327 /* Calculate name for temp file in caller's buffer */
3329 snprintf(filename, MAXPGPATH, "%s/%s/%s.backend_var.%lu",
3330 DataDir, PG_TEMP_FILES_DIR, PG_TEMP_FILE_PREFIX,
3331 ++tmpBackendFileNum);
3334 fp = AllocateFile(filename, PG_BINARY_W);
3337 /* As per OpenTemporaryFile... */
3338 char dirname[MAXPGPATH];
3340 snprintf(dirname, MAXPGPATH, "%s/%s", DataDir, PG_TEMP_FILES_DIR);
3341 mkdir(dirname, S_IRWXU);
3343 fp = AllocateFile(filename, PG_BINARY_W);
3347 (errcode_for_file_access(),
3348 errmsg("could not create file \"%s\": %m",
3355 write_var(port->sock, fp);
3356 write_var(port->proto, fp);
3357 write_var(port->laddr, fp);
3358 write_var(port->raddr, fp);
3359 write_var(port->canAcceptConnections, fp);
3360 write_var(port->cryptSalt, fp);
3361 write_var(port->md5Salt, fp);
3364 * XXX FIXME later: writing these strings as MAXPGPATH bytes always is
3365 * probably a waste of resources
3368 StrNCpy(str_buf, DataDir, MAXPGPATH);
3369 fwrite((void *) str_buf, MAXPGPATH, 1, fp);
3371 write_var(MyCancelKey, fp);
3373 write_var(UsedShmemSegID, fp);
3374 write_var(UsedShmemSegAddr, fp);
3376 write_var(ShmemLock, fp);
3377 write_var(ShmemIndexLock, fp);
3378 write_var(ShmemVariableCache, fp);
3379 write_var(ShmemIndexAlloc, fp);
3380 write_var(ShmemBackendArray, fp);
3382 write_var(LWLockArray, fp);
3383 write_var(ProcStructLock, fp);
3384 write_var(pgStatSock, fp);
3386 write_var(debug_flag, fp);
3387 write_var(PostmasterPid, fp);
3389 fwrite((void *) my_exec_path, MAXPGPATH, 1, fp);
3391 fwrite((void *) ExtraOptions, sizeof(ExtraOptions), 1, fp);
3393 StrNCpy(str_buf, setlocale(LC_COLLATE, NULL), MAXPGPATH);
3394 fwrite((void *) str_buf, MAXPGPATH, 1, fp);
3395 StrNCpy(str_buf, setlocale(LC_CTYPE, NULL), MAXPGPATH);
3396 fwrite((void *) str_buf, MAXPGPATH, 1, fp);
3402 (errcode_for_file_access(),
3403 errmsg("could not write to file \"%s\": %m", filename)));
3411 read_backend_variables(char *filename, Port *port)
3414 char str_buf[MAXPGPATH];
3417 fp = AllocateFile(filename, PG_BINARY_R);
3420 (errcode_for_file_access(),
3421 errmsg("could not read from backend variables file \"%s\": %m",
3425 read_var(port->sock, fp);
3426 read_var(port->proto, fp);
3427 read_var(port->laddr, fp);
3428 read_var(port->raddr, fp);
3429 read_var(port->canAcceptConnections, fp);
3430 read_var(port->cryptSalt, fp);
3431 read_var(port->md5Salt, fp);
3433 fread((void *) str_buf, MAXPGPATH, 1, fp);
3434 SetDataDir(str_buf);
3436 read_var(MyCancelKey, fp);
3438 read_var(UsedShmemSegID, fp);
3439 read_var(UsedShmemSegAddr, fp);
3441 read_var(ShmemLock, fp);
3442 read_var(ShmemIndexLock, fp);
3443 read_var(ShmemVariableCache, fp);
3444 read_var(ShmemIndexAlloc, fp);
3445 read_var(ShmemBackendArray, fp);
3447 read_var(LWLockArray, fp);
3448 read_var(ProcStructLock, fp);
3449 read_var(pgStatSock, fp);
3451 read_var(debug_flag, fp);
3452 read_var(PostmasterPid, fp);
3454 fread((void *) my_exec_path, MAXPGPATH, 1, fp);
3456 fread((void *) ExtraOptions, sizeof(ExtraOptions), 1, fp);
3458 fread((void *) str_buf, MAXPGPATH, 1, fp);
3459 setlocale(LC_COLLATE, str_buf);
3460 fread((void *) str_buf, MAXPGPATH, 1, fp);
3461 setlocale(LC_CTYPE, str_buf);
3465 if (unlink(filename) != 0)
3467 (errcode_for_file_access(),
3468 errmsg("could not remove file \"%s\": %m", filename)));
3473 ShmemBackendArraySize(void)
3475 return (NUM_BACKENDARRAY_ELEMS * sizeof(Backend));
3479 ShmemBackendArrayAllocation(void)
3481 size_t size = ShmemBackendArraySize();
3483 ShmemBackendArray = (Backend *) ShmemAlloc(size);
3484 memset(ShmemBackendArray, 0, size);
3488 ShmemBackendArrayAdd(Backend *bn)
3492 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
3494 /* Find an empty slot */
3495 if (ShmemBackendArray[i].pid == 0)
3497 ShmemBackendArray[i] = *bn;
3503 (errmsg_internal("unable to add backend entry")));
3507 ShmemBackendArrayRemove(pid_t pid)
3511 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
3513 if (ShmemBackendArray[i].pid == pid)
3515 /* Mark the slot as empty */
3516 ShmemBackendArray[i].pid = 0;
3522 (errmsg_internal("unable to find backend entry with pid %d",
3526 #endif /* EXEC_BACKEND */
3532 win32_forkexec(const char *path, char *argv[])
3535 PROCESS_INFORMATION pi;
3538 char cmdLine[MAXPGPATH * 2];
3539 HANDLE childHandleCopy;
3540 HANDLE waiterThread;
3542 /* Format the cmd line */
3543 cmdLine[sizeof(cmdLine)-1] = '\0';
3544 cmdLine[sizeof(cmdLine)-2] = '\0';
3545 snprintf(cmdLine, sizeof(cmdLine)-1, "\"%s\"", path);
3547 while (argv[++i] != NULL)
3549 j = strlen(cmdLine);
3550 snprintf(cmdLine+j, sizeof(cmdLine)-1-j, " \"%s\"", argv[i]);
3552 if (cmdLine[sizeof(cmdLine)-2] != '\0')
3554 elog(LOG, "subprocess command line too long");
3558 memset(&pi, 0, sizeof(pi));
3559 memset(&si, 0, sizeof(si));
3561 if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi))
3563 elog(LOG, "CreateProcess call failed (%d): %m", (int) GetLastError());
3567 if (!IsUnderPostmaster)
3569 /* We are the Postmaster creating a child... */
3570 win32_AddChild(pi.dwProcessId, pi.hProcess);
3573 if (!DuplicateHandle(GetCurrentProcess(),
3575 GetCurrentProcess(),
3579 DUPLICATE_SAME_ACCESS))
3581 (errmsg_internal("failed to duplicate child handle: %d",
3582 (int) GetLastError())));
3584 waiterThread = CreateThread(NULL, 64 * 1024, win32_sigchld_waiter,
3585 (LPVOID) childHandleCopy, 0, NULL);
3588 (errmsg_internal("failed to create sigchld waiter thread: %d",
3589 (int) GetLastError())));
3590 CloseHandle(waiterThread);
3592 if (IsUnderPostmaster)
3593 CloseHandle(pi.hProcess);
3594 CloseHandle(pi.hThread);
3596 return pi.dwProcessId;
3600 * Note: The following three functions must not be interrupted (eg. by signals).
3601 * As the Postgres Win32 signalling architecture (currently) requires polling,
3602 * or APC checking functions which aren't used here, this is not an issue.
3604 * We keep two separate arrays, instead of a single array of pid/HANDLE structs,
3605 * to avoid having to re-create a handle array for WaitForMultipleObjects on
3606 * each call to win32_waitpid.
3610 win32_AddChild(pid_t pid, HANDLE handle)
3612 Assert(win32_childPIDArray && win32_childHNDArray);
3613 if (win32_numChildren < NUM_BACKENDARRAY_ELEMS)
3615 win32_childPIDArray[win32_numChildren] = pid;
3616 win32_childHNDArray[win32_numChildren] = handle;
3617 ++win32_numChildren;
3621 (errmsg_internal("unable to add child entry with pid %lu",
3622 (unsigned long) pid)));
3626 win32_RemoveChild(pid_t pid)
3630 Assert(win32_childPIDArray && win32_childHNDArray);
3632 for (i = 0; i < win32_numChildren; i++)
3634 if (win32_childPIDArray[i] == pid)
3636 CloseHandle(win32_childHNDArray[i]);
3638 /* Swap last entry into the "removed" one */
3639 --win32_numChildren;
3640 win32_childPIDArray[i] = win32_childPIDArray[win32_numChildren];
3641 win32_childHNDArray[i] = win32_childHNDArray[win32_numChildren];
3647 (errmsg_internal("unable to find child entry with pid %lu",
3648 (unsigned long) pid)));
3652 win32_waitpid(int *exitstatus)
3654 Assert(win32_childPIDArray && win32_childHNDArray);
3655 elog(DEBUG3, "waiting on %lu children", win32_numChildren);
3657 if (win32_numChildren > 0)
3660 * Note: Do NOT use WaitForMultipleObjectsEx, as we don't want to
3661 * run queued APCs here.
3665 DWORD ret = WaitForMultipleObjects(win32_numChildren, win32_childHNDArray, FALSE, 0);
3671 (errmsg_internal("failed to wait on %lu children: %i",
3672 win32_numChildren, (int) GetLastError())));
3673 /* Fall through to WAIT_TIMEOUTs return */
3676 /* No children have finished */
3682 * Get the exit code, and return the PID of, the
3683 * respective process
3685 index = ret - WAIT_OBJECT_0;
3686 Assert(index >= 0 && index < win32_numChildren);
3687 if (!GetExitCodeProcess(win32_childHNDArray[index], &exitCode))
3690 * If we get this far, this should never happen, but,
3691 * then again... No choice other than to assume a
3692 * catastrophic failure.
3695 (errmsg_internal("failed to get exit code for child %lu",
3696 win32_childPIDArray[index])));
3697 *exitstatus = (int) exitCode;
3698 return win32_childPIDArray[index];
3706 /* Note! Code belows executes on separate threads, one for
3707 each child process created */
3709 win32_sigchld_waiter(LPVOID param)
3711 HANDLE procHandle = (HANDLE) param;
3713 DWORD r = WaitForSingleObject(procHandle, INFINITE);
3715 if (r == WAIT_OBJECT_0)
3716 pg_queue_signal(SIGCHLD);
3718 fprintf(stderr, "ERROR: Failed to wait on child process handle: %i\n",
3719 (int) GetLastError());
3720 CloseHandle(procHandle);