1 /*-------------------------------------------------------------------------
4 * This program acts as a clearing house for requests to the
5 * POSTGRES system. Frontend programs send a startup message
6 * to the Postmaster and the postmaster uses the info in the
7 * message to setup a backend process.
9 * The postmaster also manages system-wide operations such as
10 * startup and shutdown. The postmaster itself doesn't do those
11 * operations, mind you --- it just forks off a subprocess to do them
12 * at the right times. It also takes care of resetting the system
13 * if a backend crashes.
15 * The postmaster process creates the shared memory and semaphore
16 * pools during startup, but as a rule does not touch them itself.
17 * In particular, it is not a member of the PGPROC array of backends
18 * and so it cannot participate in lock-manager operations. Keeping
19 * the postmaster away from shared memory operations makes it simpler
20 * and more reliable. The postmaster is almost always able to recover
21 * from crashes of individual backends by resetting shared memory;
22 * if it did much with shared memory then it would be prone to crashing
23 * along with the backends.
25 * When a request message is received, we now fork() immediately.
26 * The child process performs authentication of the request, and
27 * then becomes a backend if successful. This allows the auth code
28 * to be written in a simple single-threaded style (as opposed to the
29 * crufty "poor man's multitasking" code that used to be needed).
30 * More importantly, it ensures that blockages in non-multithreaded
31 * libraries like SSL or PAM cannot cause denial of service to other
35 * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
36 * Portions Copyright (c) 1994, Regents of the University of California
40 * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.403 2004/06/11 03:54:43 momjian Exp $
45 * The Postmaster sets up shared memory data structures
49 * The Postmaster shares memory with the backends but should avoid
50 * touching shared memory, so as not to become stuck if a crashing
51 * backend screws up locks or shared memory. Likewise, the Postmaster
52 * should never block on messages from frontend clients.
55 * The Postmaster cleans up after backends if they have an emergency
56 * exit and/or core dump.
58 *-------------------------------------------------------------------------
69 #include <sys/socket.h>
72 #include <sys/param.h>
73 #include <netinet/in.h>
74 #include <arpa/inet.h>
78 #ifdef HAVE_SYS_SELECT_H
79 #include <sys/select.h>
87 #include <DNSServiceDiscovery/DNSServiceDiscovery.h>
90 #include "catalog/pg_database.h"
91 #include "commands/async.h"
92 #include "lib/dllist.h"
93 #include "libpq/auth.h"
94 #include "libpq/crypt.h"
95 #include "libpq/libpq.h"
96 #include "libpq/pqcomm.h"
97 #include "libpq/pqsignal.h"
98 #include "miscadmin.h"
99 #include "nodes/nodes.h"
100 #include "postmaster/postmaster.h"
101 #include "storage/fd.h"
102 #include "storage/ipc.h"
103 #include "storage/pg_shmem.h"
104 #include "storage/pmsignal.h"
105 #include "storage/proc.h"
106 #include "storage/bufmgr.h"
107 #include "access/xlog.h"
108 #include "tcop/tcopprot.h"
109 #include "utils/guc.h"
110 #include "utils/memutils.h"
111 #include "utils/ps_status.h"
112 #include "bootstrap/bootstrap.h"
117 * List of active backends (or child processes anyway; we don't actually
118 * know whether a given child has become a backend or is still in the
119 * authorization phase). This is used mainly to keep track of how many
120 * children we have and send them appropriate signals when necessary.
122 * "Special" children such as the startup and bgwriter tasks are not in
127 pid_t pid; /* process id of backend */
128 long cancel_key; /* cancel key for cancels for this backend */
131 static Dllist *BackendList;
134 #define NUM_BACKENDARRAY_ELEMS (2*MaxBackends)
135 static Backend *ShmemBackendArray;
138 /* The socket number we are listening for connections on */
141 char *ListenAddresses;
144 * ReservedBackends is the number of backends reserved for superuser use.
145 * This number is taken out of the pool size given by MaxBackends so
146 * number of backend slots available to non-superusers is
147 * (MaxBackends - ReservedBackends). Note what this really means is
148 * "if there are <= ReservedBackends connections available, only superusers
149 * can make new connections" --- pre-existing superuser connections don't
150 * count against the limit.
152 int ReservedBackends;
155 static const char *progname = NULL;
157 /* The socket(s) we're listening to. */
159 static int ListenSocket[MAXLISTEN];
162 * Set by the -o option
164 static char ExtraOptions[MAXPGPATH];
167 * These globals control the behavior of the postmaster in case some
168 * backend dumps core. Normally, it kills all peers of the dead backend
169 * and reinitializes shared memory. By specifying -s or -n, we can have
170 * the postmaster stop (rather than kill) peers and not reinitialize
171 * shared data structures.
173 static bool Reinit = true;
174 static int SendStop = false;
176 /* still more option variables */
177 bool EnableSSL = false;
178 bool SilentMode = false; /* silent mode (-S) */
180 int PreAuthDelay = 0;
181 int AuthenticationTimeout = 60;
183 bool log_hostname; /* for ps display and logging */
184 bool Log_connections = false;
185 bool Db_user_namespace = false;
187 char *rendezvous_name;
189 /* list of library:init-function to be preloaded */
190 char *preload_libraries_string = NULL;
192 /* PIDs of special child processes; 0 when not running */
193 static pid_t StartupPID = 0,
196 /* Startup/shutdown state */
198 #define SmartShutdown 1
199 #define FastShutdown 2
201 static int Shutdown = NoShutdown;
203 static bool FatalError = false; /* T if recovering from backend crash */
205 bool ClientAuthInProgress = false; /* T during new-client
209 * State for assigning random salts and cancel keys.
210 * Also, the global MyCancelKey passes the cancel key assigned to a given
211 * backend from the postmaster to that backend (via fork).
213 static unsigned int random_seed = 0;
215 static int debug_flag = 0;
221 #ifdef HAVE_INT_OPTRESET
226 * postmaster.c - function prototypes
228 static void checkDataDir(const char *checkdir);
229 #ifdef USE_RENDEZVOUS
230 static void reg_reply(DNSServiceRegistrationReplyErrorType errorCode,
233 static void pmdaemonize(void);
234 static Port *ConnCreate(int serverFd);
235 static void ConnFree(Port *port);
236 static void reset_shared(unsigned short port);
237 static void SIGHUP_handler(SIGNAL_ARGS);
238 static void pmdie(SIGNAL_ARGS);
239 static void reaper(SIGNAL_ARGS);
240 static void sigusr1_handler(SIGNAL_ARGS);
241 static void dummy_handler(SIGNAL_ARGS);
242 static void CleanupProc(int pid, int exitstatus);
243 static void HandleChildCrash(int pid, int exitstatus);
244 static void LogChildExit(int lev, const char *procname,
245 int pid, int exitstatus);
246 static int BackendRun(Port *port);
247 static void ExitPostmaster(int status);
248 static void usage(const char *);
249 static int ServerLoop(void);
250 static int BackendStartup(Port *port);
251 static int ProcessStartupPacket(Port *port, bool SSLdone);
252 static void processCancelRequest(Port *port, void *pkt);
253 static int initMasks(fd_set *rmask);
254 static void report_fork_failure_to_client(Port *port, int errnum);
255 static enum CAC_state canAcceptConnections(void);
256 static long PostmasterRandom(void);
257 static void RandomSalt(char *cryptSalt, char *md5Salt);
258 static void SignalChildren(int signal);
259 static int CountChildren(void);
260 static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
261 static pid_t StartChildProcess(int xlop);
263 postmaster_error(const char *fmt,...)
264 /* This lets gcc check the format string for consistency. */
265 __attribute__((format(printf, 1, 2)));
270 static pid_t win32_forkexec(const char *path, char *argv[]);
271 static void win32_AddChild(pid_t pid, HANDLE handle);
272 static void win32_RemoveChild(pid_t pid);
273 static pid_t win32_waitpid(int *exitstatus);
274 static DWORD WINAPI win32_sigchld_waiter(LPVOID param);
276 static pid_t *win32_childPIDArray;
277 static HANDLE *win32_childHNDArray;
278 static unsigned long win32_numChildren = 0;
280 HANDLE PostmasterHandle;
283 static pid_t backend_forkexec(Port *port);
284 static pid_t internal_forkexec(int argc, char *argv[], Port *port);
286 static void read_backend_variables(char *filename, Port *port);
287 static bool write_backend_variables(char *filename, Port *port);
289 static void ShmemBackendArrayAdd(Backend *bn);
290 static void ShmemBackendArrayRemove(pid_t pid);
292 #endif /* EXEC_BACKEND */
294 #define StartupDataBase() StartChildProcess(BS_XLOG_STARTUP)
295 #define StartBackgroundWriter() StartChildProcess(BS_XLOG_BGWRITER)
299 * Postmaster main entry point
302 PostmasterMain(int argc, char *argv[])
306 char *potential_DataDir = NULL;
309 progname = get_progname(argv[0]);
311 MyProcPid = PostmasterPid = getpid();
313 IsPostmasterEnvironment = true;
316 * Catch standard options before doing much else. This even works on
317 * systems without getopt_long.
321 if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
326 if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
328 puts("postmaster (PostgreSQL) " PG_VERSION);
334 * for security, no dir or file created can be group or other
337 umask((mode_t) 0077);
340 * Fire up essential subsystems: memory management
345 * By default, palloc() requests in the postmaster will be allocated
346 * in the PostmasterContext, which is space that can be recycled by
347 * backends. Allocated data that needs to be available to backends
348 * should be allocated in TopMemoryContext.
350 PostmasterContext = AllocSetContextCreate(TopMemoryContext,
352 ALLOCSET_DEFAULT_MINSIZE,
353 ALLOCSET_DEFAULT_INITSIZE,
354 ALLOCSET_DEFAULT_MAXSIZE);
355 MemoryContextSwitchTo(PostmasterContext);
357 IgnoreSystemIndexes(false);
359 if (find_my_exec(argv[0], my_exec_path) < 0)
360 elog(FATAL, "%s: could not locate my own executable path",
363 get_pkglib_path(my_exec_path, pkglib_path);
368 InitializeGUCOptions();
370 potential_DataDir = getenv("PGDATA"); /* default value */
374 while ((opt = getopt(argc, argv, "A:a:B:b:c:D:d:Fh:ik:lm:MN:no:p:Ss-:")) != -1)
379 #ifdef USE_ASSERT_CHECKING
380 SetConfigOption("debug_assertions", optarg, PGC_POSTMASTER, PGC_S_ARGV);
382 postmaster_error("assert checking is not compiled in");
386 /* Can no longer set authentication method. */
389 SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
392 /* Can no longer set the backend executable file to use. */
395 potential_DataDir = optarg;
399 /* Turn on debugging for the postmaster. */
400 char *debugstr = palloc(strlen("debug") + strlen(optarg) + 1);
402 sprintf(debugstr, "debug%s", optarg);
403 SetConfigOption("log_min_messages", debugstr,
404 PGC_POSTMASTER, PGC_S_ARGV);
406 debug_flag = atoi(optarg);
410 SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
413 SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
416 SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
419 SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV);
423 SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
427 /* Multiplexed backends no longer supported. */
432 * ignore this flag. This may be passed in because the
433 * program was run as 'postgres -M' instead of
438 /* The max number of backends to start. */
439 SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
442 /* Don't reinit shared mem after abnormal exit */
448 * Other options to pass to the backend on the command line
450 strcat(ExtraOptions, " ");
451 strcat(ExtraOptions, optarg);
454 SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
459 * Start in 'S'ilent mode (disassociate from controlling
460 * tty). You may also think of this as 'S'ysV mode since
461 * it's most badly needed on SysV-derived systems like
464 SetConfigOption("silent_mode", "true", PGC_POSTMASTER, PGC_S_ARGV);
469 * In the event that some backend dumps core, send
470 * SIGSTOP, rather than SIGQUIT, to all its peers. This
471 * lets the wily post_hacker collect core dumps from
482 ParseLongOption(optarg, &name, &value);
487 (errcode(ERRCODE_SYNTAX_ERROR),
488 errmsg("--%s requires a value",
492 (errcode(ERRCODE_SYNTAX_ERROR),
493 errmsg("-c %s requires a value",
497 SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
506 gettext("Try \"%s --help\" for more information.\n"),
513 * Postmaster accepts no non-option switch arguments.
517 postmaster_error("invalid argument: \"%s\"", argv[optind]);
519 gettext("Try \"%s --help\" for more information.\n"),
525 * Now we can set the data directory, and then read postgresql.conf.
527 checkDataDir(potential_DataDir); /* issues error messages */
528 SetDataDir(potential_DataDir);
530 ProcessConfigFile(PGC_POSTMASTER);
532 /* If timezone is not set, determine what the OS uses */
533 pg_timezone_initialize();
536 write_nondefault_variables(PGC_POSTMASTER);
540 * Check for invalid combinations of GUC settings.
542 if (NBuffers < 2 * MaxBackends || NBuffers < 16)
545 * Do not accept -B so small that backends are likely to starve
546 * for lack of buffers. The specific choices here are somewhat
549 postmaster_error("the number of buffers (-B) must be at least twice the number of allowed connections (-N) and at least 16");
553 if (ReservedBackends >= MaxBackends)
555 postmaster_error("superuser_reserved_connections must be less than max_connections");
560 * Other one-time internal sanity checks can go here.
562 if (!CheckDateTokenTables())
564 postmaster_error("invalid datetoken tables, please fix");
569 * Now that we are done processing the postmaster arguments, reset
570 * getopt(3) library so that it will work correctly in subprocesses.
573 #ifdef HAVE_INT_OPTRESET
574 optreset = 1; /* some systems need this too */
577 /* For debugging: display postmaster environment */
579 extern char **environ;
583 (errmsg_internal("%s: PostmasterMain: initial environ dump:",
586 (errmsg_internal("-----------------------------------------")));
587 for (p = environ; *p; ++p)
589 (errmsg_internal("\t%s", *p)));
591 (errmsg_internal("-----------------------------------------")));
595 if (find_other_exec(argv[0], "postgres", PG_VERSIONSTR,
596 postgres_exec_path) < 0)
598 (errmsg("%s: could not locate matching postgres executable",
603 * Initialize SSL library, if specified.
611 * process any libraries that should be preloaded and optionally
614 if (preload_libraries_string)
615 process_preload_libraries(preload_libraries_string);
618 * Fork away from controlling terminal, if -S specified.
620 * Must do this before we grab any interlock files, else the interlocks
621 * will show the wrong PID.
627 * Create lockfile for data directory.
629 * We want to do this before we try to grab the input sockets, because
630 * the data directory interlock is more reliable than the socket-file
631 * interlock (thanks to whoever decided to put socket files in /tmp
632 * :-(). For the same reason, it's best to grab the TCP socket(s) before
635 CreateDataDirLockFile(DataDir, true);
638 * Remove old temporary files. At this point there can be no other
639 * Postgres processes running in this directory, so this should be
645 * Establish input sockets.
647 for (i = 0; i < MAXLISTEN; i++)
648 ListenSocket[i] = -1;
656 curhost = ListenAddresses;
659 /* ignore whitespace */
660 while (isspace((unsigned char) *curhost))
662 if (*curhost == '\0')
665 while (*endptr != '\0' && !isspace((unsigned char) *endptr))
669 if (strcmp(curhost, "*") == 0)
670 status = StreamServerPort(AF_UNSPEC, NULL,
671 (unsigned short) PostPortNumber,
673 ListenSocket, MAXLISTEN);
675 status = StreamServerPort(AF_UNSPEC, curhost,
676 (unsigned short) PostPortNumber,
678 ListenSocket, MAXLISTEN);
679 if (status != STATUS_OK)
681 (errmsg("could not create listen socket for \"%s\"",
685 curhost = endptr + 1;
691 #ifdef USE_RENDEZVOUS
692 /* Register for Rendezvous only if we opened TCP socket(s) */
693 if (ListenSocket[0] != -1 && rendezvous_name != NULL)
695 DNSServiceRegistrationCreate(rendezvous_name,
698 htonl(PostPortNumber),
700 (DNSServiceRegistrationReply) reg_reply,
705 #ifdef HAVE_UNIX_SOCKETS
706 status = StreamServerPort(AF_UNIX, NULL,
707 (unsigned short) PostPortNumber,
709 ListenSocket, MAXLISTEN);
710 if (status != STATUS_OK)
712 (errmsg("could not create Unix-domain socket")));
716 * check that we have some socket to listen on
718 if (ListenSocket[0] == -1)
720 (errmsg("no socket created for listening")));
725 * Set up shared memory and semaphores.
727 reset_shared(PostPortNumber);
730 * Estimate number of openable files. This must happen after setting
731 * up semaphores, because on some platforms semaphores count as open
737 * Initialize the list of active backends.
739 BackendList = DLNewList();
743 * Initialize the child pid/HANDLE arrays for signal handling.
745 win32_childPIDArray = (pid_t *)
746 malloc(NUM_BACKENDARRAY_ELEMS * sizeof(pid_t));
747 win32_childHNDArray = (HANDLE *)
748 malloc(NUM_BACKENDARRAY_ELEMS * sizeof(HANDLE));
749 if (!win32_childPIDArray || !win32_childHNDArray)
751 (errcode(ERRCODE_OUT_OF_MEMORY),
752 errmsg("out of memory")));
755 * Set up a handle that child processes can use to check whether the
756 * postmaster is still running.
758 if (DuplicateHandle(GetCurrentProcess(),
764 DUPLICATE_SAME_ACCESS) == 0)
766 (errmsg_internal("could not duplicate postmaster handle: %d",
767 (int) GetLastError())));
771 * Record postmaster options. We delay this till now to avoid
772 * recording bogus options (eg, NBuffers too high for available
775 if (!CreateOptsFile(argc, argv, my_exec_path))
779 * Set up signal handlers for the postmaster process.
781 * CAUTION: when changing this list, check for side-effects on the signal
782 * handling setup of child processes. See tcop/postgres.c,
783 * bootstrap/bootstrap.c, postmaster/bgwriter.c, and postmaster/pgstat.c.
786 PG_SETMASK(&BlockSig);
788 pqsignal(SIGHUP, SIGHUP_handler); /* reread config file and have
789 * children do same */
790 pqsignal(SIGINT, pmdie); /* send SIGTERM and shut down */
791 pqsignal(SIGQUIT, pmdie); /* send SIGQUIT and die */
792 pqsignal(SIGTERM, pmdie); /* wait for children and shut down */
793 pqsignal(SIGALRM, SIG_IGN); /* ignored */
794 pqsignal(SIGPIPE, SIG_IGN); /* ignored */
795 pqsignal(SIGUSR1, sigusr1_handler); /* message from child process */
796 pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
797 pqsignal(SIGCHLD, reaper); /* handle child termination */
798 pqsignal(SIGTTIN, SIG_IGN); /* ignored */
799 pqsignal(SIGTTOU, SIG_IGN); /* ignored */
800 /* ignore SIGXFSZ, so that ulimit violations work like disk full */
802 pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
806 * Reset whereToSendOutput from Debug (its starting state) to None.
807 * This prevents ereport from sending log messages to stderr unless
808 * the syslog/stderr switch permits. We don't do this until the
809 * postmaster is fully launched, since startup failures may as well be
810 * reported to stderr.
812 whereToSendOutput = None;
815 * Initialize and try to startup the statistics collector process
821 * Load cached files for client authentication.
829 * We're ready to rock and roll...
831 StartupPID = StartupDataBase();
834 write_nondefault_variables(PGC_POSTMASTER);
837 status = ServerLoop();
840 * ServerLoop probably shouldn't ever return, but if it does, close
843 ExitPostmaster(status != STATUS_OK);
845 return 0; /* not reached */
850 * Validate the proposed data directory
853 checkDataDir(const char *checkdir)
855 char path[MAXPGPATH];
857 struct stat stat_buf;
859 if (checkdir == NULL)
862 gettext("%s does not know where to find the database system data.\n"
863 "You must specify the directory that contains the database system\n"
864 "either by specifying the -D invocation option or by setting the\n"
865 "PGDATA environment variable.\n"),
870 if (stat(checkdir, &stat_buf) == -1)
874 (errcode_for_file_access(),
875 errmsg("data directory \"%s\" does not exist",
879 (errcode_for_file_access(),
880 errmsg("could not read permissions of directory \"%s\": %m",
885 * Check if the directory has group or world access. If so, reject.
887 * XXX temporarily suppress check when on Windows, because there may not
888 * be proper support for Unix-y file permissions. Need to think of a
889 * reasonable check to apply on Windows.
891 #if !defined(__CYGWIN__) && !defined(WIN32)
892 if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
894 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
895 errmsg("data directory \"%s\" has group or world access",
897 errdetail("Permissions should be u=rwx (0700).")));
900 /* Look for PG_VERSION before looking for pg_control */
901 ValidatePgVersion(checkdir);
903 snprintf(path, sizeof(path), "%s/global/pg_control", checkdir);
905 fp = AllocateFile(path, PG_BINARY_R);
909 gettext("%s: could not find the database system\n"
910 "Expected to find it in the directory \"%s\",\n"
911 "but could not open file \"%s\": %s\n"),
912 progname, checkdir, path, strerror(errno));
919 #ifdef USE_RENDEZVOUS
922 * empty callback function for DNSServiceRegistrationCreate()
925 reg_reply(DNSServiceRegistrationReplyErrorType errorCode, void *context)
930 #endif /* USE_RENDEZVOUS */
934 * Fork away from the controlling terminal (-S option)
944 struct itimerval prof_itimer;
948 /* see comments in BackendStartup */
949 getitimer(ITIMER_PROF, &prof_itimer);
953 if (pid == (pid_t) -1)
955 postmaster_error("could not fork background process: %s",
961 /* Parent should just exit, without doing any atexit cleanup */
966 setitimer(ITIMER_PROF, &prof_itimer, NULL);
969 MyProcPid = PostmasterPid = getpid(); /* reset PID vars to child */
971 /* GH: If there's no setsid(), we hopefully don't need silent mode.
972 * Until there's a better solution.
977 postmaster_error("could not dissociate from controlling TTY: %s",
982 i = open(NULL_DEV, O_RDWR | PG_BINARY);
989 elog(FATAL, "SilentMode not supported under WIN32");
995 * Print out help message
998 usage(const char *progname)
1000 printf(gettext("%s is the PostgreSQL server.\n\n"), progname);
1001 printf(gettext("Usage:\n %s [OPTION]...\n\n"), progname);
1002 printf(gettext("Options:\n"));
1003 #ifdef USE_ASSERT_CHECKING
1004 printf(gettext(" -A 1|0 enable/disable run-time assert checking\n"));
1006 printf(gettext(" -B NBUFFERS number of shared buffers\n"));
1007 printf(gettext(" -c NAME=VALUE set run-time parameter\n"));
1008 printf(gettext(" -d 1-5 debugging level\n"));
1009 printf(gettext(" -D DATADIR database directory\n"));
1010 printf(gettext(" -F turn fsync off\n"));
1011 printf(gettext(" -h HOSTNAME host name or IP address to listen on\n"));
1012 printf(gettext(" -i enable TCP/IP connections\n"));
1013 printf(gettext(" -k DIRECTORY Unix-domain socket location\n"));
1015 printf(gettext(" -l enable SSL connections\n"));
1017 printf(gettext(" -N MAX-CONNECT maximum number of allowed connections\n"));
1018 printf(gettext(" -o OPTIONS pass \"OPTIONS\" to each server process\n"));
1019 printf(gettext(" -p PORT port number to listen on\n"));
1020 printf(gettext(" -S silent mode (start in background without logging output)\n"));
1021 printf(gettext(" --help show this help, then exit\n"));
1022 printf(gettext(" --version output version information, then exit\n"));
1024 printf(gettext("\nDeveloper options:\n"));
1025 printf(gettext(" -n do not reinitialize shared memory after abnormal exit\n"));
1026 printf(gettext(" -s send SIGSTOP to all backend servers if one dies\n"));
1028 printf(gettext("\nPlease read the documentation for the complete list of run-time\n"
1029 "configuration settings and how to set them on the command line or in\n"
1030 "the configuration file.\n\n"
1031 "Report bugs to <pgsql-bugs@postgresql.org>.\n"));
1036 * Main idle loop of postmaster
1045 struct timeval earlier,
1049 gettimeofday(&earlier, &tz);
1050 last_touch_time = time(NULL);
1052 nSockets = initMasks(&readmask);
1058 struct timeval timeout;
1063 * Wait for something to happen.
1065 * We wait at most one minute, to ensure that the other background
1066 * tasks handled below get done even when no requests are arriving.
1068 memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
1070 timeout.tv_sec = 60;
1071 timeout.tv_usec = 0;
1073 PG_SETMASK(&UnBlockSig);
1075 selres = select(nSockets, &rmask, NULL, NULL, &timeout);
1078 * Block all signals until we wait again. (This makes it safe for
1079 * our signal handlers to do nontrivial work.)
1081 PG_SETMASK(&BlockSig);
1085 if (errno == EINTR || errno == EWOULDBLOCK)
1088 (errcode_for_socket_access(),
1089 errmsg("select() failed in postmaster: %m")));
1090 return STATUS_ERROR;
1094 * New connection pending on any of our sockets? If so, fork a
1095 * child process to deal with it.
1100 * Select a random seed at the time of first receiving a request.
1102 while (random_seed == 0)
1104 gettimeofday(&later, &tz);
1107 * We are not sure how much precision is in tv_usec, so we
1108 * swap the nibbles of 'later' and XOR them with 'earlier'. On
1109 * the off chance that the result is 0, we loop until it isn't.
1111 random_seed = earlier.tv_usec ^
1112 ((later.tv_usec << 16) |
1113 ((later.tv_usec >> 16) & 0xffff));
1116 for (i = 0; i < MAXLISTEN; i++)
1118 if (ListenSocket[i] == -1)
1120 if (FD_ISSET(ListenSocket[i], &rmask))
1122 port = ConnCreate(ListenSocket[i]);
1125 BackendStartup(port);
1128 * We no longer need the open socket or port structure
1131 StreamClose(port->sock);
1139 * If no background writer process is running, and we are not in
1140 * a state that prevents it, start one. It doesn't matter if this
1141 * fails, we'll just try again later.
1143 if (BgWriterPID == 0 && StartupPID == 0 && !FatalError)
1145 BgWriterPID = StartBackgroundWriter();
1146 /* If shutdown is pending, set it going */
1147 if (Shutdown > NoShutdown && BgWriterPID != 0)
1148 kill(BgWriterPID, SIGUSR2);
1151 /* If we have lost the stats collector, try to start a new one */
1152 if (!pgstat_is_running)
1156 * Touch the socket and lock file at least every ten minutes, to ensure
1157 * that they are not removed by overzealous /tmp-cleaning tasks.
1160 if (now - last_touch_time >= 10 * 60)
1163 TouchSocketLockFile();
1164 last_touch_time = now;
1171 * Initialise the masks for select() for the ports we are listening on.
1172 * Return the number of sockets to listen on.
1175 initMasks(fd_set *rmask)
1182 for (i = 0; i < MAXLISTEN; i++)
1184 int fd = ListenSocket[i];
1198 * Read the startup packet and do something according to it.
1200 * Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
1201 * not return at all.
1203 * (Note that ereport(FATAL) stuff is sent to the client, so only use it
1204 * if that's what you want. Return STATUS_ERROR if you don't want to
1205 * send anything to the client, which would typically be appropriate
1206 * if we detect a communications failure.)
1209 ProcessStartupPacket(Port *port, bool SSLdone)
1213 ProtocolVersion proto;
1214 MemoryContext oldcontext;
1216 if (pq_getbytes((char *) &len, 4) == EOF)
1219 * EOF after SSLdone probably means the client didn't like our
1220 * response to NEGOTIATE_SSL_CODE. That's not an error condition,
1221 * so don't clutter the log with a complaint.
1225 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1226 errmsg("incomplete startup packet")));
1227 return STATUS_ERROR;
1233 if (len < (int32) sizeof(ProtocolVersion) ||
1234 len > MAX_STARTUP_PACKET_LENGTH)
1237 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1238 errmsg("invalid length of startup packet")));
1239 return STATUS_ERROR;
1243 * Allocate at least the size of an old-style startup packet, plus one
1244 * extra byte, and make sure all are zeroes. This ensures we will
1245 * have null termination of all strings, in both fixed- and
1246 * variable-length packet layouts.
1248 if (len <= (int32) sizeof(StartupPacket))
1249 buf = palloc0(sizeof(StartupPacket) + 1);
1251 buf = palloc0(len + 1);
1253 if (pq_getbytes(buf, len) == EOF)
1256 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1257 errmsg("incomplete startup packet")));
1258 return STATUS_ERROR;
1262 * The first field is either a protocol version number or a special
1265 port->proto = proto = ntohl(*((ProtocolVersion *) buf));
1267 if (proto == CANCEL_REQUEST_CODE)
1269 processCancelRequest(port, buf);
1270 return 127; /* XXX */
1273 if (proto == NEGOTIATE_SSL_CODE && !SSLdone)
1278 /* No SSL when disabled or on Unix sockets */
1279 if (!EnableSSL || IS_AF_UNIX(port->laddr.addr.ss_family))
1282 SSLok = 'S'; /* Support for SSL */
1284 SSLok = 'N'; /* No support for SSL */
1286 if (send(port->sock, &SSLok, 1, 0) != 1)
1289 (errcode_for_socket_access(),
1290 errmsg("failed to send SSL negotiation response: %m")));
1291 return STATUS_ERROR; /* close the connection */
1295 if (SSLok == 'S' && secure_open_server(port) == -1)
1296 return STATUS_ERROR;
1298 /* regular startup packet, cancel, etc packet should follow... */
1299 /* but not another SSL negotiation request */
1300 return ProcessStartupPacket(port, true);
1303 /* Could add additional special packet types here */
1306 * Set FrontendProtocol now so that ereport() knows what format to
1307 * send if we fail during startup.
1309 FrontendProtocol = proto;
1311 /* Check we can handle the protocol the frontend is using. */
1313 if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
1314 PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) ||
1315 (PG_PROTOCOL_MAJOR(proto) == PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) &&
1316 PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST)))
1318 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1319 errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
1320 PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
1321 PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
1322 PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
1323 PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));
1326 * Now fetch parameters out of startup packet and save them into the
1327 * Port structure. All data structures attached to the Port struct
1328 * must be allocated in TopMemoryContext so that they won't disappear
1329 * when we pass them to PostgresMain (see BackendRun). We need not
1330 * worry about leaking this storage on failure, since we aren't in the
1331 * postmaster process anymore.
1333 oldcontext = MemoryContextSwitchTo(TopMemoryContext);
1335 if (PG_PROTOCOL_MAJOR(proto) >= 3)
1337 int32 offset = sizeof(ProtocolVersion);
1340 * Scan packet body for name/option pairs. We can assume any
1341 * string beginning within the packet body is null-terminated,
1342 * thanks to zeroing extra byte above.
1344 port->guc_options = NIL;
1346 while (offset < len)
1348 char *nameptr = ((char *) buf) + offset;
1352 if (*nameptr == '\0')
1353 break; /* found packet terminator */
1354 valoffset = offset + strlen(nameptr) + 1;
1355 if (valoffset >= len)
1356 break; /* missing value, will complain below */
1357 valptr = ((char *) buf) + valoffset;
1359 if (strcmp(nameptr, "database") == 0)
1360 port->database_name = pstrdup(valptr);
1361 else if (strcmp(nameptr, "user") == 0)
1362 port->user_name = pstrdup(valptr);
1363 else if (strcmp(nameptr, "options") == 0)
1364 port->cmdline_options = pstrdup(valptr);
1367 /* Assume it's a generic GUC option */
1368 port->guc_options = lappend(port->guc_options,
1370 port->guc_options = lappend(port->guc_options,
1373 offset = valoffset + strlen(valptr) + 1;
1377 * If we didn't find a packet terminator exactly at the end of the
1378 * given packet length, complain.
1380 if (offset != len - 1)
1382 (errcode(ERRCODE_PROTOCOL_VIOLATION),
1383 errmsg("invalid startup packet layout: expected terminator as last byte")));
1388 * Get the parameters from the old-style, fixed-width-fields
1389 * startup packet as C strings. The packet destination was
1390 * cleared first so a short packet has zeros silently added. We
1391 * have to be prepared to truncate the pstrdup result for oversize
1394 StartupPacket *packet = (StartupPacket *) buf;
1396 port->database_name = pstrdup(packet->database);
1397 if (strlen(port->database_name) > sizeof(packet->database))
1398 port->database_name[sizeof(packet->database)] = '\0';
1399 port->user_name = pstrdup(packet->user);
1400 if (strlen(port->user_name) > sizeof(packet->user))
1401 port->user_name[sizeof(packet->user)] = '\0';
1402 port->cmdline_options = pstrdup(packet->options);
1403 if (strlen(port->cmdline_options) > sizeof(packet->options))
1404 port->cmdline_options[sizeof(packet->options)] = '\0';
1405 port->guc_options = NIL;
1408 /* Check a user name was given. */
1409 if (port->user_name == NULL || port->user_name[0] == '\0')
1411 (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1412 errmsg("no PostgreSQL user name specified in startup packet")));
1414 /* The database defaults to the user name. */
1415 if (port->database_name == NULL || port->database_name[0] == '\0')
1416 port->database_name = pstrdup(port->user_name);
1418 if (Db_user_namespace)
1421 * If user@, it is a global user, remove '@'. We only want to do
1422 * this if there is an '@' at the end and no earlier in the user
1423 * string or they may fake as a local user of another database
1424 * attaching to this database.
1426 if (strchr(port->user_name, '@') ==
1427 port->user_name + strlen(port->user_name) - 1)
1428 *strchr(port->user_name, '@') = '\0';
1431 /* Append '@' and dbname */
1434 db_user = palloc(strlen(port->user_name) +
1435 strlen(port->database_name) + 2);
1436 sprintf(db_user, "%s@%s", port->user_name, port->database_name);
1437 port->user_name = db_user;
1442 * Truncate given database and user names to length of a Postgres
1443 * name. This avoids lookup failures when overlength names are given.
1445 if (strlen(port->database_name) >= NAMEDATALEN)
1446 port->database_name[NAMEDATALEN - 1] = '\0';
1447 if (strlen(port->user_name) >= NAMEDATALEN)
1448 port->user_name[NAMEDATALEN - 1] = '\0';
1451 * Done putting stuff in TopMemoryContext.
1453 MemoryContextSwitchTo(oldcontext);
1456 * If we're going to reject the connection due to database state, say
1457 * so now instead of wasting cycles on an authentication exchange.
1458 * (This also allows a pg_ping utility to be written.)
1460 switch (port->canAcceptConnections)
1464 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1465 errmsg("the database system is starting up")));
1469 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1470 errmsg("the database system is shutting down")));
1474 (errcode(ERRCODE_CANNOT_CONNECT_NOW),
1475 errmsg("the database system is in recovery mode")));
1479 (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
1480 errmsg("sorry, too many clients already")));
1492 * The client has sent a cancel request packet, not a normal
1493 * start-a-new-connection packet. Perform the necessary processing.
1494 * Nothing is sent back to the client.
1497 processCancelRequest(Port *port, void *pkt)
1499 CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
1501 long cancelAuthCode;
1503 #ifndef EXEC_BACKEND
1509 backendPID = (int) ntohl(canc->backendPID);
1510 cancelAuthCode = (long) ntohl(canc->cancelAuthCode);
1512 if (backendPID == BgWriterPID)
1515 (errmsg_internal("ignoring cancel request for bgwriter process %d",
1521 * See if we have a matching backend. In the EXEC_BACKEND case, we
1522 * can no longer access the postmaster's own backend list, and must
1523 * rely on the duplicate array in shared memory.
1525 #ifndef EXEC_BACKEND
1526 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
1528 bp = (Backend *) DLE_VAL(curr);
1530 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
1532 bp = (Backend *) &ShmemBackendArray[i];
1534 if (bp->pid == backendPID)
1536 if (bp->cancel_key == cancelAuthCode)
1538 /* Found a match; signal that backend to cancel current op */
1540 (errmsg_internal("processing cancel request: sending SIGINT to process %d",
1542 kill(bp->pid, SIGINT);
1545 /* Right PID, wrong key: no way, Jose */
1547 (errmsg_internal("bad key in cancel request for process %d",
1553 /* No matching backend */
1555 (errmsg_internal("bad pid in cancel request for process %d",
1560 * canAcceptConnections --- check to see if database state allows connections.
1562 static enum CAC_state
1563 canAcceptConnections(void)
1565 /* Can't start backends when in startup/shutdown/recovery state. */
1566 if (Shutdown > NoShutdown)
1567 return CAC_SHUTDOWN;
1571 return CAC_RECOVERY;
1574 * Don't start too many children.
1576 * We allow more connections than we can have backends here because some
1577 * might still be authenticating; they might fail auth, or some
1578 * existing backend might exit before the auth cycle is completed. The
1579 * exact MaxBackends limit is enforced when a new backend tries to
1580 * join the shared-inval backend array.
1582 if (CountChildren() >= 2 * MaxBackends)
1590 * ConnCreate -- create a local connection data structure
1593 ConnCreate(int serverFd)
1597 if (!(port = (Port *) calloc(1, sizeof(Port))))
1600 (errcode(ERRCODE_OUT_OF_MEMORY),
1601 errmsg("out of memory")));
1605 if (StreamConnection(serverFd, port) != STATUS_OK)
1607 StreamClose(port->sock);
1614 * Precompute password salt values to use for this connection.
1615 * It's slightly annoying to do this long in advance of knowing
1616 * whether we'll need 'em or not, but we must do the random()
1617 * calls before we fork, not after. Else the postmaster's random
1618 * sequence won't get advanced, and all backends would end up
1619 * using the same salt...
1621 RandomSalt(port->cryptSalt, port->md5Salt);
1629 * ConnFree -- free a local connection data structure
1632 ConnFree(Port *conn)
1642 * ClosePostmasterPorts -- close all the postmaster's open sockets
1644 * This is called during child process startup to release file descriptors
1645 * that are not needed by that child process. The postmaster still has
1646 * them open, of course.
1649 ClosePostmasterPorts(void)
1653 /* Close the listen sockets */
1654 for (i = 0; i < MAXLISTEN; i++)
1656 if (ListenSocket[i] != -1)
1658 StreamClose(ListenSocket[i]);
1659 ListenSocket[i] = -1;
1666 * reset_shared -- reset shared memory and semaphores
1669 reset_shared(unsigned short port)
1672 * Create or re-create shared memory and semaphores.
1674 * Note: in each "cycle of life" we will normally assign the same IPC
1675 * keys (if using SysV shmem and/or semas), since the port number is
1676 * used to determine IPC keys. This helps ensure that we will clean
1677 * up dead IPC objects if the postmaster crashes and is restarted.
1679 CreateSharedMemoryAndSemaphores(false, MaxBackends, port);
1684 * SIGHUP -- reread config files, and tell children to do same
1687 SIGHUP_handler(SIGNAL_ARGS)
1689 int save_errno = errno;
1691 PG_SETMASK(&BlockSig);
1693 if (Shutdown <= SmartShutdown)
1696 (errmsg("received SIGHUP, reloading configuration files")));
1697 ProcessConfigFile(PGC_SIGHUP);
1698 SignalChildren(SIGHUP);
1699 if (BgWriterPID != 0)
1700 kill(BgWriterPID, SIGHUP);
1705 /* Update the starting-point file for future children */
1706 write_nondefault_variables(PGC_SIGHUP);
1710 PG_SETMASK(&UnBlockSig);
1717 * pmdie -- signal handler for processing various postmaster signals.
1722 int save_errno = errno;
1724 PG_SETMASK(&BlockSig);
1727 (errmsg_internal("postmaster received signal %d",
1728 postgres_signal_arg)));
1730 switch (postgres_signal_arg)
1736 * Wait for children to end their work, then shut down.
1738 if (Shutdown >= SmartShutdown)
1740 Shutdown = SmartShutdown;
1742 (errmsg("received smart shutdown request")));
1744 if (DLGetHead(BackendList))
1745 break; /* let reaper() handle this */
1748 * No children left. Begin shutdown of data base system.
1750 if (StartupPID != 0 || FatalError)
1751 break; /* let reaper() handle this */
1752 /* Start the bgwriter if not running */
1753 if (BgWriterPID == 0)
1754 BgWriterPID = StartBackgroundWriter();
1755 /* And tell it to shut down */
1756 if (BgWriterPID != 0)
1757 kill(BgWriterPID, SIGUSR2);
1764 * Abort all children with SIGTERM (rollback active transactions
1765 * and exit) and shut down when they are gone.
1767 if (Shutdown >= FastShutdown)
1769 Shutdown = FastShutdown;
1771 (errmsg("received fast shutdown request")));
1773 if (DLGetHead(BackendList))
1778 (errmsg("aborting any active transactions")));
1779 SignalChildren(SIGTERM);
1780 /* reaper() does the rest */
1786 * No children left. Begin shutdown of data base system.
1788 * Note: if we previously got SIGTERM then we may send SIGUSR2
1789 * to the bgwriter a second time here. This should be harmless.
1791 if (StartupPID != 0 || FatalError)
1792 break; /* let reaper() handle this */
1793 /* Start the bgwriter if not running */
1794 if (BgWriterPID == 0)
1795 BgWriterPID = StartBackgroundWriter();
1796 /* And tell it to shut down */
1797 if (BgWriterPID != 0)
1798 kill(BgWriterPID, SIGUSR2);
1803 * Immediate Shutdown:
1805 * abort all children with SIGQUIT and exit without attempt to
1806 * properly shut down data base system.
1809 (errmsg("received immediate shutdown request")));
1810 if (StartupPID != 0)
1811 kill(StartupPID, SIGQUIT);
1812 if (BgWriterPID != 0)
1813 kill(BgWriterPID, SIGQUIT);
1814 if (DLGetHead(BackendList))
1815 SignalChildren(SIGQUIT);
1820 PG_SETMASK(&UnBlockSig);
1826 * Reaper -- signal handler to cleanup after a backend (child) dies.
1831 int save_errno = errno;
1834 int status; /* backend exit status */
1838 union wait status; /* backend exit status */
1842 int pid; /* process id of dead backend */
1844 PG_SETMASK(&BlockSig);
1847 (errmsg_internal("reaping dead processes")));
1849 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
1851 exitstatus = status;
1854 while ((pid = wait3(&status, WNOHANG, NULL)) > 0)
1856 exitstatus = status.w_status;
1858 while ((pid = win32_waitpid(&exitstatus)) > 0)
1861 * We need to do this here, and not in CleanupProc, since this is
1862 * to be called on all children when we are done with them. Could
1863 * move to LogChildExit, but that seems like asking for future
1866 win32_RemoveChild(pid);
1868 #endif /* HAVE_WAITPID */
1871 * Check if this child was the statistics collector. If so, try to
1872 * start a new one. (If fail, we'll try again in future cycles of
1875 if (pgstat_ispgstat(pid))
1877 LogChildExit(LOG, gettext("statistics collector process"),
1884 * Check if this child was a startup process.
1886 if (StartupPID != 0 && pid == StartupPID)
1889 if (exitstatus != 0)
1891 LogChildExit(LOG, gettext("startup process"),
1894 (errmsg("aborting startup due to startup process failure")));
1899 * Startup succeeded - we are done with system startup or recovery.
1904 * Crank up the background writer. It doesn't matter if this
1905 * fails, we'll just try again later.
1907 Assert(BgWriterPID == 0);
1908 BgWriterPID = StartBackgroundWriter();
1911 * Go to shutdown mode if a shutdown request was pending.
1913 if (Shutdown > NoShutdown && BgWriterPID != 0)
1914 kill(BgWriterPID, SIGUSR2);
1920 * Was it the bgwriter?
1922 if (BgWriterPID != 0 && pid == BgWriterPID)
1924 if (exitstatus == 0 && Shutdown > NoShutdown &&
1925 !FatalError && !DLGetHead(BackendList))
1928 * Normal postmaster exit is here: we've seen normal
1929 * exit of the bgwriter after it's been told to shut down.
1930 * We expect that it wrote a shutdown checkpoint. (If
1931 * for some reason it didn't, recovery will occur on next
1932 * postmaster start.)
1937 * Any unexpected exit of the bgwriter is treated as a crash.
1939 LogChildExit(DEBUG2, gettext("background writer process"),
1941 HandleChildCrash(pid, exitstatus);
1946 * Else do standard backend child cleanup.
1948 CleanupProc(pid, exitstatus);
1949 } /* loop over pending child-death reports */
1954 * Wait for all children exit, then reset shmem and
1957 if (DLGetHead(BackendList) || StartupPID != 0 || BgWriterPID != 0)
1960 (errmsg("all server processes terminated; reinitializing")));
1963 reset_shared(PostPortNumber);
1965 StartupPID = StartupDataBase();
1970 if (Shutdown > NoShutdown)
1972 if (DLGetHead(BackendList) || StartupPID != 0)
1974 /* Start the bgwriter if not running */
1975 if (BgWriterPID == 0)
1976 BgWriterPID = StartBackgroundWriter();
1977 /* And tell it to shut down */
1978 if (BgWriterPID != 0)
1979 kill(BgWriterPID, SIGUSR2);
1983 PG_SETMASK(&UnBlockSig);
1990 * CleanupProc -- cleanup after terminated backend.
1992 * Remove all local state associated with backend.
1995 CleanupProc(int pid,
1996 int exitstatus) /* child's exit status. */
2000 LogChildExit(DEBUG2, gettext("server process"), pid, exitstatus);
2003 * If a backend dies in an ugly way (i.e. exit status not 0) then we
2004 * must signal all other backends to quickdie. If exit status is zero
2005 * we assume everything is hunky dory and simply remove the backend
2006 * from the active backend list.
2008 if (exitstatus != 0)
2010 HandleChildCrash(pid, exitstatus);
2014 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
2016 Backend *bp = (Backend *) DLE_VAL(curr);
2024 ShmemBackendArrayRemove(pid);
2026 /* Tell the collector about backend termination */
2034 * HandleChildCrash -- cleanup after failed backend or bgwriter.
2036 * The objectives here are to clean up our local state about the child
2037 * process, and to signal all other remaining children to quickdie.
2040 HandleChildCrash(int pid,
2041 int exitstatus) /* child's exit status. */
2048 * Make log entry unless there was a previous crash (if so, nonzero
2049 * exit status is to be expected in SIGQUIT response; don't clutter log)
2054 (pid == BgWriterPID) ?
2055 gettext("background writer process") :
2056 gettext("server process"),
2059 (errmsg("terminating any other active server processes")));
2062 /* Process regular backends */
2063 for (curr = DLGetHead(BackendList); curr; curr = next)
2065 next = DLGetSucc(curr);
2066 bp = (Backend *) DLE_VAL(curr);
2070 * Found entry for freshly-dead backend, so remove it.
2076 ShmemBackendArrayRemove(pid);
2078 /* Tell the collector about backend termination */
2080 /* Keep looping so we can signal remaining backends */
2085 * This backend is still alive. Unless we did so already,
2086 * tell it to commit hara-kiri.
2088 * SIGQUIT is the special signal that says exit without proc_exit
2089 * and let the user know what's going on. But if SendStop is
2090 * set (-s on command line), then we send SIGSTOP instead, so
2091 * that we can get core dumps from all backends by hand.
2096 (errmsg_internal("sending %s to process %d",
2097 (SendStop ? "SIGSTOP" : "SIGQUIT"),
2099 kill(bp->pid, (SendStop ? SIGSTOP : SIGQUIT));
2104 /* Take care of the bgwriter too */
2105 if (pid == BgWriterPID)
2107 else if (BgWriterPID != 0 && !FatalError)
2110 (errmsg_internal("sending %s to process %d",
2111 (SendStop ? "SIGSTOP" : "SIGQUIT"),
2112 (int) BgWriterPID)));
2113 kill(BgWriterPID, (SendStop ? SIGSTOP : SIGQUIT));
2120 * Log the death of a child process.
2123 LogChildExit(int lev, const char *procname, int pid, int exitstatus)
2125 if (WIFEXITED(exitstatus))
2129 * translator: %s is a noun phrase describing a child process,
2130 * such as "server process"
2132 (errmsg("%s (PID %d) exited with exit code %d",
2133 procname, pid, WEXITSTATUS(exitstatus))));
2134 else if (WIFSIGNALED(exitstatus))
2138 * translator: %s is a noun phrase describing a child process,
2139 * such as "server process"
2141 (errmsg("%s (PID %d) was terminated by signal %d",
2142 procname, pid, WTERMSIG(exitstatus))));
2147 * translator: %s is a noun phrase describing a child process,
2148 * such as "server process"
2150 (errmsg("%s (PID %d) exited with unexpected status %d",
2151 procname, pid, exitstatus)));
2155 * Send a signal to all backend children.
2158 SignalChildren(int signal)
2162 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
2164 Backend *bp = (Backend *) DLE_VAL(curr);
2167 (errmsg_internal("sending signal %d to process %d",
2168 signal, (int) bp->pid)));
2169 kill(bp->pid, signal);
2174 * BackendStartup -- start backend process
2176 * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
2179 BackendStartup(Port *port)
2181 Backend *bn; /* for backend cleanup */
2184 #ifdef LINUX_PROFILE
2185 struct itimerval prof_itimer;
2189 * Compute the cancel key that will be assigned to this backend. The
2190 * backend will have its own copy in the forked-off process' value of
2191 * MyCancelKey, so that it can transmit the key to the frontend.
2193 MyCancelKey = PostmasterRandom();
2196 * Make room for backend data structure. Better before the fork() so
2197 * we can handle failure cleanly.
2199 bn = (Backend *) malloc(sizeof(Backend));
2203 (errcode(ERRCODE_OUT_OF_MEMORY),
2204 errmsg("out of memory")));
2205 return STATUS_ERROR;
2208 /* Pass down canAcceptConnections state (kluge for EXEC_BACKEND case) */
2209 port->canAcceptConnections = canAcceptConnections();
2212 * Flush stdio channels just before fork, to avoid double-output
2213 * problems. Ideally we'd use fflush(NULL) here, but there are still a
2214 * few non-ANSI stdio libraries out there (like SunOS 4.1.x) that
2215 * coredump if we do. Presently stdout and stderr are the only stdio
2216 * output channels used by the postmaster, so fflush'ing them should
2224 pid = backend_forkexec(port);
2226 #else /* !EXEC_BACKEND */
2228 #ifdef LINUX_PROFILE
2231 * Linux's fork() resets the profiling timer in the child process. If
2232 * we want to profile child processes then we need to save and restore
2233 * the timer setting. This is a waste of time if not profiling,
2234 * however, so only do it if commanded by specific -DLINUX_PROFILE
2237 getitimer(ITIMER_PROF, &prof_itimer);
2241 /* Specific beos actions before backend startup */
2242 beos_before_backend_startup();
2247 if (pid == 0) /* child */
2249 #ifdef LINUX_PROFILE
2250 setitimer(ITIMER_PROF, &prof_itimer, NULL);
2254 /* Specific beos backend startup actions */
2255 beos_backend_startup();
2259 proc_exit(BackendRun(port));
2262 #endif /* EXEC_BACKEND */
2266 /* in parent, fork failed */
2267 int save_errno = errno;
2270 /* Specific beos backend startup actions */
2271 beos_backend_startup_failed();
2276 (errmsg("could not fork new process for connection: %m")));
2277 report_fork_failure_to_client(port, save_errno);
2278 return STATUS_ERROR;
2281 /* in parent, successful fork */
2283 (errmsg_internal("forked new backend, pid=%d socket=%d",
2284 (int) pid, port->sock)));
2287 * Everything's been successful, it's safe to add this backend to our
2291 bn->cancel_key = MyCancelKey;
2292 DLAddHead(BackendList, DLNewElem(bn));
2294 ShmemBackendArrayAdd(bn);
2301 * Try to report backend fork() failure to client before we close the
2302 * connection. Since we do not care to risk blocking the postmaster on
2303 * this connection, we set the connection to non-blocking and try only once.
2305 * This is grungy special-purpose code; we cannot use backend libpq since
2306 * it's not up and running.
2309 report_fork_failure_to_client(Port *port, int errnum)
2313 /* Format the error message packet (always V2 protocol) */
2314 snprintf(buffer, sizeof(buffer), "E%s%s\n",
2315 gettext("could not fork new process for connection: "),
2318 /* Set port to non-blocking. Don't do send() if this fails */
2319 if (!set_noblock(port->sock))
2322 send(port->sock, buffer, strlen(buffer) + 1, 0);
2327 * split_opts -- split a string of options and append it to an argv array
2329 * NB: the string is destructively modified!
2331 * Since no current POSTGRES arguments require any quoting characters,
2332 * we can use the simple-minded tactic of assuming each set of space-
2333 * delimited characters is a separate argv element.
2335 * If you don't like that, well, we *used* to pass the whole option string
2336 * as ONE argument to execl(), which was even less intelligent...
2339 split_opts(char **argv, int *argcp, char *s)
2343 while (isspace((unsigned char) *s))
2347 argv[(*argcp)++] = s;
2348 while (*s && !isspace((unsigned char) *s))
2357 * BackendRun -- perform authentication, and if successful,
2358 * set up the backend's argument list and invoke PostgresMain()
2361 * Shouldn't return at all.
2362 * If PostgresMain() fails, return status.
2365 BackendRun(Port *port)
2370 char remote_host[NI_MAXHOST];
2371 char remote_port[NI_MAXSERV];
2372 char remote_ps_data[NI_MAXHOST];
2380 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
2383 * Let's clean up ourselves as the postmaster child, and close the
2384 * postmaster's listen sockets
2386 ClosePostmasterPorts();
2388 /* We don't want the postmaster's proc_exit() handlers */
2392 * Signal handlers setting is moved to tcop/postgres...
2395 /* Save port etc. for ps status */
2398 /* Reset MyProcPid to new backend's pid */
2399 MyProcPid = getpid();
2402 * PreAuthDelay is a debugging aid for investigating problems in the
2403 * authentication cycle: it can be set in postgresql.conf to allow
2404 * time to attach to the newly-forked backend with a debugger. (See
2405 * also the -W backend switch, which we allow clients to pass through
2406 * PGOPTIONS, but it is not honored until after authentication.)
2408 if (PreAuthDelay > 0)
2409 pg_usleep(PreAuthDelay * 1000000L);
2411 ClientAuthInProgress = true; /* limit visibility of log messages */
2413 /* save start time for end of session reporting */
2414 gettimeofday(&(port->session_start), NULL);
2416 /* set these to empty in case they are needed before we set them up */
2417 port->remote_host = "";
2418 port->remote_port = "";
2419 port->commandTag = "";
2422 * Initialize libpq and enable reporting of ereport errors to the
2423 * client. Must do this now because authentication uses libpq to send
2426 pq_init(); /* initialize libpq to talk to client */
2427 whereToSendOutput = Remote; /* now safe to ereport to client */
2430 * We arrange for a simple exit(0) if we receive SIGTERM or SIGQUIT
2431 * during any client authentication related communication. Otherwise
2432 * the postmaster cannot shutdown the database FAST or IMMED cleanly
2433 * if a buggy client blocks a backend during authentication.
2435 pqsignal(SIGTERM, authdie);
2436 pqsignal(SIGQUIT, authdie);
2437 pqsignal(SIGALRM, authdie);
2438 PG_SETMASK(&AuthBlockSig);
2441 * Get the remote host name and port for logging and status display.
2443 remote_host[0] = '\0';
2444 remote_port[0] = '\0';
2445 if (getnameinfo_all(&port->raddr.addr, port->raddr.salen,
2446 remote_host, sizeof(remote_host),
2447 remote_port, sizeof(remote_port),
2448 (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV))
2450 int ret = getnameinfo_all(&port->raddr.addr, port->raddr.salen,
2451 remote_host, sizeof(remote_host),
2452 remote_port, sizeof(remote_port),
2453 NI_NUMERICHOST | NI_NUMERICSERV);
2457 (errmsg("getnameinfo_all() failed: %s",
2458 gai_strerror(ret))));
2460 snprintf(remote_ps_data, sizeof(remote_ps_data),
2461 remote_port[0] == '\0' ? "%s" : "%s(%s)",
2462 remote_host, remote_port);
2464 if (Log_connections)
2466 (errmsg("connection received: host=%s port=%s",
2467 remote_host, remote_port)));
2470 * save remote_host and remote_port in port stucture
2472 port->remote_host = strdup(remote_host);
2473 port->remote_port = strdup(remote_port);
2476 * In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.c
2477 * etcetera from the postmaster, and have to load them ourselves.
2478 * Build the PostmasterContext (which didn't exist before, in this
2479 * process) to contain the data.
2481 * FIXME: [fork/exec] Ugh. Is there a way around this overhead?
2484 Assert(PostmasterContext == NULL);
2485 PostmasterContext = AllocSetContextCreate(TopMemoryContext,
2487 ALLOCSET_DEFAULT_MINSIZE,
2488 ALLOCSET_DEFAULT_INITSIZE,
2489 ALLOCSET_DEFAULT_MAXSIZE);
2490 MemoryContextSwitchTo(PostmasterContext);
2499 * Ready to begin client interaction. We will give up and exit(0)
2500 * after a time delay, so that a broken client can't hog a connection
2501 * indefinitely. PreAuthDelay doesn't count against the time limit.
2503 if (!enable_sig_alarm(AuthenticationTimeout * 1000, false))
2504 elog(FATAL, "could not set timer for authorization timeout");
2507 * Receive the startup packet (which might turn out to be a cancel
2510 status = ProcessStartupPacket(port, false);
2512 if (status != STATUS_OK)
2516 * Now that we have the user and database name, we can set the process
2517 * title for ps. It's good to do this as early as possible in
2520 init_ps_display(port->user_name, port->database_name, remote_ps_data);
2521 set_ps_display("authentication");
2524 * Now perform authentication exchange.
2526 ClientAuthentication(port); /* might not return, if failure */
2529 * Done with authentication. Disable timeout, and prevent
2530 * SIGTERM/SIGQUIT again until backend startup is complete.
2532 if (!disable_sig_alarm(false))
2533 elog(FATAL, "could not disable timer for authorization timeout");
2534 PG_SETMASK(&BlockSig);
2536 if (Log_connections)
2538 (errmsg("connection authorized: user=%s database=%s",
2539 port->user_name, port->database_name)));
2542 * Don't want backend to be able to see the postmaster random number
2543 * generator state. We have to clobber the static random_seed *and*
2544 * start a new random sequence in the random() library function.
2547 gettimeofday(&now, &tz);
2548 srandom((unsigned int) now.tv_usec);
2552 * Now, build the argv vector that will be given to PostgresMain.
2554 * The layout of the command line is
2555 * postgres [secure switches] -p databasename [insecure switches]
2556 * where the switches after -p come from the client request.
2558 * The maximum possible number of commandline arguments that could come
2559 * from ExtraOptions or port->cmdline_options is (strlen + 1) / 2; see
2563 maxac = 10; /* for fixed args supplied below */
2564 maxac += (strlen(ExtraOptions) + 1) / 2;
2565 if (port->cmdline_options)
2566 maxac += (strlen(port->cmdline_options) + 1) / 2;
2568 av = (char **) MemoryContextAlloc(TopMemoryContext,
2569 maxac * sizeof(char *));
2572 av[ac++] = "postgres";
2575 * Pass the requested debugging level along to the backend.
2579 snprintf(debugbuf, sizeof(debugbuf), "-d%d", debug_flag);
2580 av[ac++] = debugbuf;
2584 * Pass any backend switches specified with -o in the postmaster's own
2585 * command line. We assume these are secure. (It's OK to mangle
2586 * ExtraOptions now, since we're safely inside a subprocess.)
2588 split_opts(av, &ac, ExtraOptions);
2590 /* Tell the backend what protocol the frontend is using. */
2591 snprintf(protobuf, sizeof(protobuf), "-v%u", port->proto);
2592 av[ac++] = protobuf;
2595 * Tell the backend it is being called from the postmaster, and which
2596 * database to use. -p marks the end of secure switches.
2599 av[ac++] = port->database_name;
2602 * Pass the (insecure) option switches from the connection request.
2603 * (It's OK to mangle port->cmdline_options now.)
2605 if (port->cmdline_options)
2606 split_opts(av, &ac, port->cmdline_options);
2613 * Release postmaster's working memory context so that backend can
2614 * recycle the space. Note this does not trash *MyProcPort, because
2615 * ConnCreate() allocated that space with malloc() ... else we'd need
2616 * to copy the Port data here. Also, subsidiary data such as the
2617 * username isn't lost either; see ProcessStartupPacket().
2619 MemoryContextSwitchTo(TopMemoryContext);
2620 MemoryContextDelete(PostmasterContext);
2621 PostmasterContext = NULL;
2624 * Debug: print arguments being passed to backend
2627 (errmsg_internal("%s child[%d]: starting with (",
2628 progname, getpid())));
2629 for (i = 0; i < ac; ++i)
2631 (errmsg_internal("\t%s", av[i])));
2633 (errmsg_internal(")")));
2635 ClientAuthInProgress = false; /* client_min_messages is active
2638 return (PostgresMain(ac, av, port->user_name));
2645 * postmaster_forkexec -- fork and exec a postmaster subprocess
2647 * The caller must have set up the argv array already, except for argv[2]
2648 * which will be filled with the name of the temp variable file.
2650 * Returns the child process PID, or -1 on fork failure (a suitable error
2651 * message has been logged on failure).
2653 * All uses of this routine will dispatch to SubPostmasterMain in the
2657 postmaster_forkexec(int argc, char *argv[])
2661 /* This entry point passes dummy values for the Port variables */
2662 memset(&port, 0, sizeof(port));
2663 return internal_forkexec(argc, argv, &port);
2667 * backend_forkexec -- fork/exec off a backend process
2669 * returns the pid of the fork/exec'd process, or -1 on failure
2672 backend_forkexec(Port *port)
2677 av[ac++] = "postgres";
2678 av[ac++] = "-forkbackend";
2679 av[ac++] = NULL; /* filled in by internal_forkexec */
2682 Assert(ac < lengthof(av));
2684 return internal_forkexec(ac, av, port);
2688 internal_forkexec(int argc, char *argv[], Port *port)
2691 char tmpfilename[MAXPGPATH];
2693 if (!write_backend_variables(tmpfilename, port))
2694 return -1; /* log made by write_backend_variables */
2696 /* Make sure caller set up argv properly */
2698 Assert(argv[argc] == NULL);
2699 Assert(strncmp(argv[1], "-fork", 5) == 0);
2700 Assert(argv[2] == NULL);
2702 /* Insert temp file name after -fork argument */
2703 argv[2] = tmpfilename;
2706 pid = win32_forkexec(postgres_exec_path, argv);
2708 /* Fire off execv in child */
2709 if ((pid = fork()) == 0)
2711 if (execv(postgres_exec_path, argv) < 0)
2714 (errmsg("could not exec backend process \"%s\": %m",
2715 postgres_exec_path)));
2716 /* We're already in the child process here, can't return */
2722 return pid; /* Parent returns pid, or -1 on fork failure */
2726 * SubPostmasterMain -- Get the fork/exec'd process into a state equivalent
2727 * to what it would be if we'd simply forked on Unix, and then
2728 * dispatch to the appropriate place.
2730 * The first two command line arguments are expected to be "-forkFOO"
2731 * (where FOO indicates which postmaster child we are to become), and
2732 * the name of a variables file that we can read to load data that would
2733 * have been inherited by fork() on Unix. Remaining arguments go to the
2734 * subprocess FooMain() routine.
2737 SubPostmasterMain(int argc, char *argv[])
2741 /* Do this sooner rather than later... */
2742 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
2744 MyProcPid = getpid(); /* reset MyProcPid */
2746 /* In EXEC_BACKEND case we will not have inherited these settings */
2747 IsPostmasterEnvironment = true;
2748 whereToSendOutput = None;
2750 PG_SETMASK(&BlockSig);
2752 /* Setup essential subsystems */
2753 MemoryContextInit();
2754 InitializeGUCOptions();
2756 /* Check we got appropriate args */
2758 elog(FATAL, "invalid subpostmaster invocation");
2760 /* Read in file-based context */
2761 memset(&port, 0, sizeof(Port));
2762 read_backend_variables(argv[2], &port);
2763 read_nondefault_variables();
2765 /* Run backend or appropriate child */
2766 if (strcmp(argv[1], "-forkbackend") == 0)
2768 /* BackendRun will close sockets */
2770 /* Attach process to shared segments */
2771 CreateSharedMemoryAndSemaphores(false, MaxBackends, 0);
2773 Assert(argc == 3); /* shouldn't be any more args */
2774 proc_exit(BackendRun(&port));
2776 if (strcmp(argv[1], "-forkboot") == 0)
2778 /* Close the postmaster's sockets */
2779 ClosePostmasterPorts();
2781 /* Attach process to shared segments */
2782 CreateSharedMemoryAndSemaphores(false, MaxBackends, 0);
2784 BootstrapMain(argc - 2, argv + 2);
2787 if (strcmp(argv[1], "-forkbuf") == 0)
2789 /* Close the postmaster's sockets */
2790 ClosePostmasterPorts();
2792 /* Do not want to attach to shared memory */
2794 PgstatBufferMain(argc, argv);
2797 if (strcmp(argv[1], "-forkcol") == 0)
2800 * Do NOT close postmaster sockets here, because we are forking from
2801 * pgstat buffer process, which already did it.
2804 /* Do not want to attach to shared memory */
2806 PgstatCollectorMain(argc, argv);
2810 return 1; /* shouldn't get here */
2813 #endif /* EXEC_BACKEND */
2817 * ExitPostmaster -- cleanup
2819 * Do NOT call exit() directly --- always go through here!
2822 ExitPostmaster(int status)
2824 /* should cleanup shared memory and kill all backends */
2827 * Not sure of the semantics here. When the Postmaster dies, should
2828 * the backends all be killed? probably not.
2830 * MUST -- vadim 05-10-1999
2837 * sigusr1_handler - handle signal conditions from child processes
2840 sigusr1_handler(SIGNAL_ARGS)
2842 int save_errno = errno;
2844 PG_SETMASK(&BlockSig);
2846 if (CheckPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE))
2849 * Password or group file has changed.
2855 if (CheckPostmasterSignal(PMSIGNAL_WAKEN_CHILDREN))
2858 * Send SIGUSR1 to all children (triggers
2859 * CatchupInterruptHandler). See storage/ipc/sinval[adt].c for the
2862 if (Shutdown <= SmartShutdown)
2863 SignalChildren(SIGUSR1);
2866 PG_SETMASK(&UnBlockSig);
2873 * Dummy signal handler
2875 * We use this for signals that we don't actually use in the postmaster,
2876 * but we do use in backends. If we were to SIG_IGN such signals in the
2877 * postmaster, then a newly started backend might drop a signal that arrives
2878 * before it's able to reconfigure its signal processing. (See notes in
2882 dummy_handler(SIGNAL_ARGS)
2888 * CharRemap: given an int in range 0..61, produce textual encoding of it
2889 * per crypt(3) conventions.
2913 RandomSalt(char *cryptSalt, char *md5Salt)
2915 long rand = PostmasterRandom();
2917 cryptSalt[0] = CharRemap(rand % 62);
2918 cryptSalt[1] = CharRemap(rand / 62);
2921 * It's okay to reuse the first random value for one of the MD5 salt
2922 * bytes, since only one of the two salts will be sent to the client.
2923 * After that we need to compute more random bits.
2925 * We use % 255, sacrificing one possible byte value, so as to ensure
2926 * that all bits of the random() value participate in the result.
2927 * While at it, add one to avoid generating any null bytes.
2929 md5Salt[0] = (rand % 255) + 1;
2930 rand = PostmasterRandom();
2931 md5Salt[1] = (rand % 255) + 1;
2932 rand = PostmasterRandom();
2933 md5Salt[2] = (rand % 255) + 1;
2934 rand = PostmasterRandom();
2935 md5Salt[3] = (rand % 255) + 1;
2942 PostmasterRandom(void)
2944 static bool initialized = false;
2948 Assert(random_seed != 0);
2949 srandom(random_seed);
2957 * Count up number of child processes.
2965 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
2974 * StartChildProcess -- start a non-backend child process for the postmaster
2976 * xlog determines what kind of child will be started. All child types
2977 * initially go to BootstrapMain, which will handle common setup.
2979 * Return value of StartChildProcess is subprocess' PID, or 0 if failed
2980 * to start subprocess.
2983 StartChildProcess(int xlop)
2989 #ifdef LINUX_PROFILE
2990 struct itimerval prof_itimer;
2994 * Set up command-line arguments for subprocess
2996 av[ac++] = "postgres";
2999 av[ac++] = "-forkboot";
3000 av[ac++] = NULL; /* filled in by postmaster_forkexec */
3003 snprintf(xlbuf, sizeof(xlbuf), "-x%d", xlop);
3007 av[ac++] = "template1";
3010 Assert(ac < lengthof(av));
3013 * Flush stdio channels (see comments in BackendStartup)
3020 pid = postmaster_forkexec(ac, av);
3022 #else /* !EXEC_BACKEND */
3024 #ifdef LINUX_PROFILE
3025 /* see comments in BackendStartup */
3026 getitimer(ITIMER_PROF, &prof_itimer);
3030 /* Specific beos actions before backend startup */
3031 beos_before_backend_startup();
3036 if (pid == 0) /* child */
3038 #ifdef LINUX_PROFILE
3039 setitimer(ITIMER_PROF, &prof_itimer, NULL);
3043 /* Specific beos actions after backend startup */
3044 beos_backend_startup();
3047 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
3049 /* Close the postmaster's sockets */
3050 ClosePostmasterPorts();
3052 /* Lose the postmaster's on-exit routines and port connections */
3055 BootstrapMain(ac, av);
3059 #endif /* EXEC_BACKEND */
3063 /* in parent, fork failed */
3064 int save_errno = errno;
3067 /* Specific beos actions before backend startup */
3068 beos_backend_startup_failed();
3073 case BS_XLOG_STARTUP:
3075 (errmsg("could not fork startup process: %m")));
3077 case BS_XLOG_BGWRITER:
3079 (errmsg("could not fork background writer process: %m")));
3083 (errmsg("could not fork process: %m")));
3088 * fork failure is fatal during startup, but there's no need
3089 * to choke immediately if starting other child types fails.
3091 if (xlop == BS_XLOG_STARTUP)
3097 * in parent, successful fork
3104 * Create the opts file
3107 CreateOptsFile(int argc, char *argv[], char *fullprogname)
3109 char filename[MAXPGPATH];
3113 snprintf(filename, sizeof(filename), "%s/postmaster.opts", DataDir);
3115 if ((fp = fopen(filename, "w")) == NULL)
3117 elog(LOG, "could not create file \"%s\": %m", filename);
3121 fprintf(fp, "%s", fullprogname);
3122 for (i = 1; i < argc; i++)
3123 fprintf(fp, " '%s'", argv[i]);
3128 elog(LOG, "could not write file \"%s\": %m", filename);
3136 * This should be used only for reporting "interactive" errors (essentially,
3137 * bogus arguments on the command line). Once the postmaster is launched,
3138 * use ereport. In particular, don't use this for anything that occurs
3139 * after pmdaemonize.
3142 postmaster_error(const char *fmt,...)
3146 fprintf(stderr, "%s: ", progname);
3148 vfprintf(stderr, gettext(fmt), ap);
3150 fprintf(stderr, "\n");
3157 * The following need to be available to the read/write_backend_variables
3160 #include "storage/spin.h"
3162 extern slock_t *ShmemLock;
3163 extern slock_t *ShmemIndexLock;
3164 extern void *ShmemIndexAlloc;
3165 typedef struct LWLock LWLock;
3166 extern LWLock *LWLockArray;
3167 extern slock_t *ProcStructLock;
3168 extern int pgStatSock;
3170 #define write_var(var,fp) fwrite((void*)&(var),sizeof(var),1,fp)
3171 #define read_var(var,fp) fread((void*)&(var),sizeof(var),1,fp)
3172 #define write_array_var(var,fp) fwrite((void*)(var),sizeof(var),1,fp)
3173 #define read_array_var(var,fp) fread((void*)(var),sizeof(var),1,fp)
3176 write_backend_variables(char *filename, Port *port)
3178 static unsigned long tmpBackendFileNum = 0;
3180 char str_buf[MAXPGPATH];
3182 /* Calculate name for temp file in caller's buffer */
3184 snprintf(filename, MAXPGPATH, "%s/%s/%s.backend_var.%d.%lu",
3185 DataDir, PG_TEMP_FILES_DIR, PG_TEMP_FILE_PREFIX,
3186 MyProcPid, ++tmpBackendFileNum);
3189 fp = AllocateFile(filename, PG_BINARY_W);
3192 /* As per OpenTemporaryFile... */
3193 char dirname[MAXPGPATH];
3195 snprintf(dirname, MAXPGPATH, "%s/%s", DataDir, PG_TEMP_FILES_DIR);
3196 mkdir(dirname, S_IRWXU);
3198 fp = AllocateFile(filename, PG_BINARY_W);
3202 (errcode_for_file_access(),
3203 errmsg("could not create file \"%s\": %m",
3210 write_var(port->sock, fp);
3211 write_var(port->proto, fp);
3212 write_var(port->laddr, fp);
3213 write_var(port->raddr, fp);
3214 write_var(port->canAcceptConnections, fp);
3215 write_var(port->cryptSalt, fp);
3216 write_var(port->md5Salt, fp);
3219 * XXX FIXME later: writing these strings as MAXPGPATH bytes always is
3220 * probably a waste of resources
3223 StrNCpy(str_buf, DataDir, MAXPGPATH);
3224 write_array_var(str_buf, fp);
3226 write_array_var(ListenSocket, fp);
3228 write_var(MyCancelKey, fp);
3230 write_var(UsedShmemSegID, fp);
3231 write_var(UsedShmemSegAddr, fp);
3233 write_var(ShmemLock, fp);
3234 write_var(ShmemIndexLock, fp);
3235 write_var(ShmemVariableCache, fp);
3236 write_var(ShmemIndexAlloc, fp);
3237 write_var(ShmemBackendArray, fp);
3239 write_var(LWLockArray, fp);
3240 write_var(ProcStructLock, fp);
3241 write_var(pgStatSock, fp);
3243 write_var(debug_flag, fp);
3244 write_var(PostmasterPid, fp);
3246 write_var(PostmasterHandle, fp);
3249 StrNCpy(str_buf, my_exec_path, MAXPGPATH);
3250 write_array_var(str_buf, fp);
3252 write_array_var(ExtraOptions, fp);
3254 StrNCpy(str_buf, setlocale(LC_COLLATE, NULL), MAXPGPATH);
3255 write_array_var(str_buf, fp);
3256 StrNCpy(str_buf, setlocale(LC_CTYPE, NULL), MAXPGPATH);
3257 write_array_var(str_buf, fp);
3263 (errcode_for_file_access(),
3264 errmsg("could not write to file \"%s\": %m", filename)));
3272 read_backend_variables(char *filename, Port *port)
3275 char str_buf[MAXPGPATH];
3278 fp = AllocateFile(filename, PG_BINARY_R);
3281 (errcode_for_file_access(),
3282 errmsg("could not read from backend variables file \"%s\": %m",
3286 read_var(port->sock, fp);
3287 read_var(port->proto, fp);
3288 read_var(port->laddr, fp);
3289 read_var(port->raddr, fp);
3290 read_var(port->canAcceptConnections, fp);
3291 read_var(port->cryptSalt, fp);
3292 read_var(port->md5Salt, fp);
3294 read_array_var(str_buf, fp);
3295 SetDataDir(str_buf);
3297 read_array_var(ListenSocket, fp);
3299 read_var(MyCancelKey, fp);
3301 read_var(UsedShmemSegID, fp);
3302 read_var(UsedShmemSegAddr, fp);
3304 read_var(ShmemLock, fp);
3305 read_var(ShmemIndexLock, fp);
3306 read_var(ShmemVariableCache, fp);
3307 read_var(ShmemIndexAlloc, fp);
3308 read_var(ShmemBackendArray, fp);
3310 read_var(LWLockArray, fp);
3311 read_var(ProcStructLock, fp);
3312 read_var(pgStatSock, fp);
3314 read_var(debug_flag, fp);
3315 read_var(PostmasterPid, fp);
3317 read_var(PostmasterHandle, fp);
3320 read_array_var(str_buf, fp);
3321 StrNCpy(my_exec_path, str_buf, MAXPGPATH);
3323 read_array_var(ExtraOptions, fp);
3325 read_array_var(str_buf, fp);
3326 setlocale(LC_COLLATE, str_buf);
3327 read_array_var(str_buf, fp);
3328 setlocale(LC_CTYPE, str_buf);
3332 if (unlink(filename) != 0)
3334 (errcode_for_file_access(),
3335 errmsg("could not remove file \"%s\": %m", filename)));
3340 ShmemBackendArraySize(void)
3342 return (NUM_BACKENDARRAY_ELEMS * sizeof(Backend));
3346 ShmemBackendArrayAllocation(void)
3348 size_t size = ShmemBackendArraySize();
3350 ShmemBackendArray = (Backend *) ShmemAlloc(size);
3351 /* Mark all slots as empty */
3352 memset(ShmemBackendArray, 0, size);
3356 ShmemBackendArrayAdd(Backend *bn)
3360 /* Find an empty slot */
3361 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
3363 if (ShmemBackendArray[i].pid == 0)
3365 ShmemBackendArray[i] = *bn;
3371 (errmsg_internal("no free slots in shmem backend array")));
3375 ShmemBackendArrayRemove(pid_t pid)
3379 for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
3381 if (ShmemBackendArray[i].pid == pid)
3383 /* Mark the slot as empty */
3384 ShmemBackendArray[i].pid = 0;
3390 (errmsg_internal("could not find backend entry with pid %d",
3394 #endif /* EXEC_BACKEND */
3400 win32_forkexec(const char *path, char *argv[])
3403 PROCESS_INFORMATION pi;
3406 char cmdLine[MAXPGPATH * 2];
3407 HANDLE childHandleCopy;
3408 HANDLE waiterThread;
3410 /* Format the cmd line */
3411 cmdLine[sizeof(cmdLine)-1] = '\0';
3412 cmdLine[sizeof(cmdLine)-2] = '\0';
3413 snprintf(cmdLine, sizeof(cmdLine)-1, "\"%s\"", path);
3415 while (argv[++i] != NULL)
3417 j = strlen(cmdLine);
3418 snprintf(cmdLine+j, sizeof(cmdLine)-1-j, " \"%s\"", argv[i]);
3420 if (cmdLine[sizeof(cmdLine)-2] != '\0')
3422 elog(LOG, "subprocess command line too long");
3426 memset(&pi, 0, sizeof(pi));
3427 memset(&si, 0, sizeof(si));
3429 if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi))
3431 elog(LOG, "CreateProcess call failed (%d): %m", (int) GetLastError());
3435 if (!IsUnderPostmaster)
3437 /* We are the Postmaster creating a child... */
3438 win32_AddChild(pi.dwProcessId, pi.hProcess);
3441 if (DuplicateHandle(GetCurrentProcess(),
3443 GetCurrentProcess(),
3447 DUPLICATE_SAME_ACCESS) == 0)
3449 (errmsg_internal("could not duplicate child handle: %d",
3450 (int) GetLastError())));
3452 waiterThread = CreateThread(NULL, 64 * 1024, win32_sigchld_waiter,
3453 (LPVOID) childHandleCopy, 0, NULL);
3456 (errmsg_internal("could not create sigchld waiter thread: %d",
3457 (int) GetLastError())));
3458 CloseHandle(waiterThread);
3460 if (IsUnderPostmaster)
3461 CloseHandle(pi.hProcess);
3462 CloseHandle(pi.hThread);
3464 return pi.dwProcessId;
3468 * Note: The following three functions must not be interrupted (eg. by
3469 * signals). As the Postgres Win32 signalling architecture (currently)
3470 * requires polling, or APC checking functions which aren't used here, this
3473 * We keep two separate arrays, instead of a single array of pid/HANDLE
3474 * structs, to avoid having to re-create a handle array for
3475 * WaitForMultipleObjects on each call to win32_waitpid.
3479 win32_AddChild(pid_t pid, HANDLE handle)
3481 Assert(win32_childPIDArray && win32_childHNDArray);
3482 if (win32_numChildren < NUM_BACKENDARRAY_ELEMS)
3484 win32_childPIDArray[win32_numChildren] = pid;
3485 win32_childHNDArray[win32_numChildren] = handle;
3486 ++win32_numChildren;
3490 (errmsg_internal("no room for child entry with pid %lu",
3491 (unsigned long) pid)));
3495 win32_RemoveChild(pid_t pid)
3499 Assert(win32_childPIDArray && win32_childHNDArray);
3501 for (i = 0; i < win32_numChildren; i++)
3503 if (win32_childPIDArray[i] == pid)
3505 CloseHandle(win32_childHNDArray[i]);
3507 /* Swap last entry into the "removed" one */
3508 --win32_numChildren;
3509 win32_childPIDArray[i] = win32_childPIDArray[win32_numChildren];
3510 win32_childHNDArray[i] = win32_childHNDArray[win32_numChildren];
3516 (errmsg_internal("could not find child entry with pid %lu",
3517 (unsigned long) pid)));
3521 win32_waitpid(int *exitstatus)
3523 Assert(win32_childPIDArray && win32_childHNDArray);
3524 elog(DEBUG3, "waiting on %lu children", win32_numChildren);
3526 if (win32_numChildren > 0)
3529 * Note: Do NOT use WaitForMultipleObjectsEx, as we don't want to
3530 * run queued APCs here.
3536 ret = WaitForMultipleObjects(win32_numChildren, win32_childHNDArray,
3542 (errmsg_internal("failed to wait on %lu children: %d",
3543 win32_numChildren, (int) GetLastError())));
3547 /* No children have finished */
3553 * Get the exit code, and return the PID of, the
3554 * respective process
3556 index = ret - WAIT_OBJECT_0;
3557 Assert(index >= 0 && index < win32_numChildren);
3558 if (!GetExitCodeProcess(win32_childHNDArray[index], &exitCode))
3561 * If we get this far, this should never happen, but,
3562 * then again... No choice other than to assume a
3563 * catastrophic failure.
3566 (errmsg_internal("failed to get exit code for child %lu",
3567 win32_childPIDArray[index])));
3569 *exitstatus = (int) exitCode;
3570 return win32_childPIDArray[index];
3579 * Note! Code below executes on separate threads, one for
3580 * each child process created
3583 win32_sigchld_waiter(LPVOID param)
3585 HANDLE procHandle = (HANDLE) param;
3587 DWORD r = WaitForSingleObject(procHandle, INFINITE);
3589 if (r == WAIT_OBJECT_0)
3590 pg_queue_signal(SIGCHLD);
3592 fprintf(stderr, "ERROR: failed to wait on child process handle: %d\n",
3593 (int) GetLastError());
3594 CloseHandle(procHandle);