1 /*-------------------------------------------------------------------------
4 * This code manages relations that reside on magnetic disk.
6 * Or at least, that was what the Berkeley folk had in mind when they named
7 * this file. In reality, what this code provides is an interface from
8 * the smgr API to Unix-like filesystem APIs, so it will work with any type
9 * of device for which the operating system provides filesystem support.
10 * It doesn't matter whether the bits are on spinning rust or some other
13 * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
14 * Portions Copyright (c) 1994, Regents of the University of California
18 * src/backend/storage/smgr/md.c
20 *-------------------------------------------------------------------------
28 #include "miscadmin.h"
29 #include "access/xlog.h"
30 #include "catalog/catalog.h"
32 #include "portability/instr_time.h"
33 #include "postmaster/bgwriter.h"
34 #include "storage/fd.h"
35 #include "storage/bufmgr.h"
36 #include "storage/relfilenode.h"
37 #include "storage/smgr.h"
38 #include "utils/hsearch.h"
39 #include "utils/memutils.h"
43 /* intervals for calling AbsorbFsyncRequests in mdsync and mdpostckpt */
44 #define FSYNCS_PER_ABSORB 10
45 #define UNLINKS_PER_ABSORB 10
48 * Special values for the segno arg to RememberFsyncRequest.
50 * Note that CompactCheckpointerRequestQueue assumes that it's OK to remove an
51 * fsync request from the queue if an identical, subsequent request is found.
52 * See comments there before making changes here.
54 #define FORGET_RELATION_FSYNC (InvalidBlockNumber)
55 #define FORGET_DATABASE_FSYNC (InvalidBlockNumber-1)
56 #define UNLINK_RELATION_REQUEST (InvalidBlockNumber-2)
59 * On Windows, we have to interpret EACCES as possibly meaning the same as
60 * ENOENT, because if a file is unlinked-but-not-yet-gone on that platform,
61 * that's what you get. Ugh. This code is designed so that we don't
62 * actually believe these cases are okay without further evidence (namely,
63 * a pending fsync request getting canceled ... see mdsync).
66 #define FILE_POSSIBLY_DELETED(err) ((err) == ENOENT)
68 #define FILE_POSSIBLY_DELETED(err) ((err) == ENOENT || (err) == EACCES)
72 * The magnetic disk storage manager keeps track of open file
73 * descriptors in its own descriptor pool. This is done to make it
74 * easier to support relations that are larger than the operating
75 * system's file size limit (often 2GBytes). In order to do that,
76 * we break relations up into "segment" files that are each shorter than
77 * the OS file size limit. The segment size is set by the RELSEG_SIZE
78 * configuration constant in pg_config.h.
80 * On disk, a relation must consist of consecutively numbered segment
81 * files in the pattern
82 * -- Zero or more full segments of exactly RELSEG_SIZE blocks each
83 * -- Exactly one partial segment of size 0 <= size < RELSEG_SIZE blocks
84 * -- Optionally, any number of inactive segments of size 0 blocks.
85 * The full and partial segments are collectively the "active" segments.
86 * Inactive segments are those that once contained data but are currently
87 * not needed because of an mdtruncate() operation. The reason for leaving
88 * them present at size zero, rather than unlinking them, is that other
89 * backends and/or the checkpointer might be holding open file references to
90 * such segments. If the relation expands again after mdtruncate(), such
91 * that a deactivated segment becomes active again, it is important that
92 * such file references still be valid --- else data might get written
93 * out to an unlinked old copy of a segment file that will eventually
96 * File descriptors are stored in the per-fork md_seg_fds arrays inside
97 * SMgrRelation. The length of these arrays is stored in md_num_open_segs.
98 * Note that a fork's md_num_open_segs having a specific value does not
99 * necessarily mean the relation doesn't have additional segments; we may
100 * just not have opened the next segment yet. (We could not have "all
101 * segments are in the array" as an invariant anyway, since another backend
102 * could extend the relation while we aren't looking.) We do not have
103 * entries for inactive segments, however; as soon as we find a partial
104 * segment, we assume that any subsequent segments are inactive.
106 * The entire MdfdVec array is palloc'd in the MdCxt memory context.
109 typedef struct _MdfdVec
111 File mdfd_vfd; /* fd number in fd.c's pool */
112 BlockNumber mdfd_segno; /* segment number, from 0 */
115 static MemoryContext MdCxt; /* context for all MdfdVec objects */
119 * In some contexts (currently, standalone backends and the checkpointer)
120 * we keep track of pending fsync operations: we need to remember all relation
121 * segments that have been written since the last checkpoint, so that we can
122 * fsync them down to disk before completing the next checkpoint. This hash
123 * table remembers the pending operations. We use a hash table mostly as
124 * a convenient way of merging duplicate requests.
126 * We use a similar mechanism to remember no-longer-needed files that can
127 * be deleted after the next checkpoint, but we use a linked list instead of
128 * a hash table, because we don't expect there to be any duplicate requests.
130 * These mechanisms are only used for non-temp relations; we never fsync
131 * temp rels, nor do we need to postpone their deletion (see comments in
134 * (Regular backends do not track pending operations locally, but forward
135 * them to the checkpointer.)
137 typedef uint16 CycleCtr; /* can be any convenient integer size */
141 RelFileNode rnode; /* hash table key (must be first!) */
142 CycleCtr cycle_ctr; /* mdsync_cycle_ctr of oldest request */
143 /* requests[f] has bit n set if we need to fsync segment n of fork f */
144 Bitmapset *requests[MAX_FORKNUM + 1];
145 /* canceled[f] is true if we canceled fsyncs for fork "recently" */
146 bool canceled[MAX_FORKNUM + 1];
147 } PendingOperationEntry;
151 RelFileNode rnode; /* the dead relation to delete */
152 CycleCtr cycle_ctr; /* mdckpt_cycle_ctr when request was made */
153 } PendingUnlinkEntry;
155 static HTAB *pendingOpsTable = NULL;
156 static List *pendingUnlinks = NIL;
157 static MemoryContext pendingOpsCxt; /* context for the above */
159 static CycleCtr mdsync_cycle_ctr = 0;
160 static CycleCtr mdckpt_cycle_ctr = 0;
163 /*** behavior for mdopen & _mdfd_getseg ***/
164 /* ereport if segment not present */
165 #define EXTENSION_FAIL (1 << 0)
166 /* return NULL if segment not present */
167 #define EXTENSION_RETURN_NULL (1 << 1)
168 /* create new segments as needed */
169 #define EXTENSION_CREATE (1 << 2)
170 /* create new segments if needed during recovery */
171 #define EXTENSION_CREATE_RECOVERY (1 << 3)
173 * Allow opening segments which are preceded by segments smaller than
174 * RELSEG_SIZE, e.g. inactive segments (see above). Note that this is breaks
175 * mdnblocks() and related functionality henceforth - which currently is ok,
176 * because this is only required in the checkpointer which never uses
179 #define EXTENSION_DONT_CHECK_SIZE (1 << 4)
183 static void mdunlinkfork(RelFileNodeBackend rnode, ForkNumber forkNum,
185 static MdfdVec *mdopen(SMgrRelation reln, ForkNumber forknum, int behavior);
186 static void register_dirty_segment(SMgrRelation reln, ForkNumber forknum,
188 static void register_unlink(RelFileNodeBackend rnode);
189 static void _fdvec_resize(SMgrRelation reln,
192 static char *_mdfd_segpath(SMgrRelation reln, ForkNumber forknum,
194 static MdfdVec *_mdfd_openseg(SMgrRelation reln, ForkNumber forkno,
195 BlockNumber segno, int oflags);
196 static MdfdVec *_mdfd_getseg(SMgrRelation reln, ForkNumber forkno,
197 BlockNumber blkno, bool skipFsync, int behavior);
198 static BlockNumber _mdnblocks(SMgrRelation reln, ForkNumber forknum,
203 * mdinit() -- Initialize private state for magnetic disk storage manager.
208 MdCxt = AllocSetContextCreate(TopMemoryContext,
210 ALLOCSET_DEFAULT_SIZES);
213 * Create pending-operations hashtable if we need it. Currently, we need
214 * it if we are standalone (not under a postmaster) or if we are a startup
215 * or checkpointer auxiliary process.
217 if (!IsUnderPostmaster || AmStartupProcess() || AmCheckpointerProcess())
222 * XXX: The checkpointer needs to add entries to the pending ops table
223 * when absorbing fsync requests. That is done within a critical
224 * section, which isn't usually allowed, but we make an exception. It
225 * means that there's a theoretical possibility that you run out of
226 * memory while absorbing fsync requests, which leads to a PANIC.
227 * Fortunately the hash table is small so that's unlikely to happen in
230 pendingOpsCxt = AllocSetContextCreate(MdCxt,
231 "Pending ops context",
232 ALLOCSET_DEFAULT_SIZES);
233 MemoryContextAllowInCriticalSection(pendingOpsCxt, true);
235 MemSet(&hash_ctl, 0, sizeof(hash_ctl));
236 hash_ctl.keysize = sizeof(RelFileNode);
237 hash_ctl.entrysize = sizeof(PendingOperationEntry);
238 hash_ctl.hcxt = pendingOpsCxt;
239 pendingOpsTable = hash_create("Pending Ops Table",
242 HASH_ELEM | HASH_BLOBS | HASH_CONTEXT);
243 pendingUnlinks = NIL;
248 * In archive recovery, we rely on checkpointer to do fsyncs, but we will have
249 * already created the pendingOpsTable during initialization of the startup
250 * process. Calling this function drops the local pendingOpsTable so that
251 * subsequent requests will be forwarded to checkpointer.
254 SetForwardFsyncRequests(void)
256 /* Perform any pending fsyncs we may have queued up, then drop table */
260 hash_destroy(pendingOpsTable);
262 pendingOpsTable = NULL;
265 * We should not have any pending unlink requests, since mdunlink doesn't
266 * queue unlink requests when isRedo.
268 Assert(pendingUnlinks == NIL);
272 * mdexists() -- Does the physical file exist?
274 * Note: this will return true for lingering files, with pending deletions
277 mdexists(SMgrRelation reln, ForkNumber forkNum)
280 * Close it first, to ensure that we notice if the fork has been unlinked
281 * since we opened it.
283 mdclose(reln, forkNum);
285 return (mdopen(reln, forkNum, EXTENSION_RETURN_NULL) != NULL);
289 * mdcreate() -- Create a new relation on magnetic disk.
291 * If isRedo is true, it's okay for the relation to exist already.
294 mdcreate(SMgrRelation reln, ForkNumber forkNum, bool isRedo)
300 if (isRedo && reln->md_num_open_segs[forkNum] > 0)
301 return; /* created and opened already... */
303 Assert(reln->md_num_open_segs[forkNum] == 0);
305 path = relpath(reln->smgr_rnode, forkNum);
307 fd = PathNameOpenFile(path, O_RDWR | O_CREAT | O_EXCL | PG_BINARY, 0600);
311 int save_errno = errno;
314 * During bootstrap, there are cases where a system relation will be
315 * accessed (by internal backend processes) before the bootstrap
316 * script nominally creates it. Therefore, allow the file to exist
317 * already, even if isRedo is not set. (See also mdopen)
319 if (isRedo || IsBootstrapProcessingMode())
320 fd = PathNameOpenFile(path, O_RDWR | PG_BINARY, 0600);
323 /* be sure to report the error reported by create, not open */
326 (errcode_for_file_access(),
327 errmsg("could not create file \"%s\": %m", path)));
333 _fdvec_resize(reln, forkNum, 1);
334 mdfd = &reln->md_seg_fds[forkNum][0];
336 mdfd->mdfd_segno = 0;
340 * mdunlink() -- Unlink a relation.
342 * Note that we're passed a RelFileNodeBackend --- by the time this is called,
343 * there won't be an SMgrRelation hashtable entry anymore.
345 * forkNum can be a fork number to delete a specific fork, or InvalidForkNumber
346 * to delete all forks.
348 * For regular relations, we don't unlink the first segment file of the rel,
349 * but just truncate it to zero length, and record a request to unlink it after
350 * the next checkpoint. Additional segments can be unlinked immediately,
351 * however. Leaving the empty file in place prevents that relfilenode
352 * number from being reused. The scenario this protects us from is:
353 * 1. We delete a relation (and commit, and actually remove its file).
354 * 2. We create a new relation, which by chance gets the same relfilenode as
355 * the just-deleted one (OIDs must've wrapped around for that to happen).
356 * 3. We crash before another checkpoint occurs.
357 * During replay, we would delete the file and then recreate it, which is fine
358 * if the contents of the file were repopulated by subsequent WAL entries.
359 * But if we didn't WAL-log insertions, but instead relied on fsyncing the
360 * file after populating it (as for instance CLUSTER and CREATE INDEX do),
361 * the contents of the file would be lost forever. By leaving the empty file
362 * until after the next checkpoint, we prevent reassignment of the relfilenode
363 * number until it's safe, because relfilenode assignment skips over any
366 * We do not need to go through this dance for temp relations, though, because
367 * we never make WAL entries for temp rels, and so a temp rel poses no threat
368 * to the health of a regular rel that has taken over its relfilenode number.
369 * The fact that temp rels and regular rels have different file naming
370 * patterns provides additional safety.
372 * All the above applies only to the relation's main fork; other forks can
373 * just be removed immediately, since they are not needed to prevent the
374 * relfilenode number from being recycled. Also, we do not carefully
375 * track whether other forks have been created or not, but just attempt to
376 * unlink them unconditionally; so we should never complain about ENOENT.
378 * If isRedo is true, it's unsurprising for the relation to be already gone.
379 * Also, we should remove the file immediately instead of queuing a request
380 * for later, since during redo there's no possibility of creating a
381 * conflicting relation.
383 * Note: any failure should be reported as WARNING not ERROR, because
384 * we are usually not in a transaction anymore when this is called.
387 mdunlink(RelFileNodeBackend rnode, ForkNumber forkNum, bool isRedo)
390 * We have to clean out any pending fsync requests for the doomed
391 * relation, else the next mdsync() will fail. There can't be any such
392 * requests for a temp relation, though. We can send just one request
393 * even when deleting multiple forks, since the fsync queuing code accepts
394 * the "InvalidForkNumber = all forks" convention.
396 if (!RelFileNodeBackendIsTemp(rnode))
397 ForgetRelationFsyncRequests(rnode.node, forkNum);
399 /* Now do the per-fork work */
400 if (forkNum == InvalidForkNumber)
402 for (forkNum = 0; forkNum <= MAX_FORKNUM; forkNum++)
403 mdunlinkfork(rnode, forkNum, isRedo);
406 mdunlinkfork(rnode, forkNum, isRedo);
410 mdunlinkfork(RelFileNodeBackend rnode, ForkNumber forkNum, bool isRedo)
415 path = relpath(rnode, forkNum);
418 * Delete or truncate the first segment.
420 if (isRedo || forkNum != MAIN_FORKNUM || RelFileNodeBackendIsTemp(rnode))
423 if (ret < 0 && errno != ENOENT)
425 (errcode_for_file_access(),
426 errmsg("could not remove file \"%s\": %m", path)));
430 /* truncate(2) would be easier here, but Windows hasn't got it */
433 fd = OpenTransientFile(path, O_RDWR | PG_BINARY, 0);
438 ret = ftruncate(fd, 0);
440 CloseTransientFile(fd);
445 if (ret < 0 && errno != ENOENT)
447 (errcode_for_file_access(),
448 errmsg("could not truncate file \"%s\": %m", path)));
450 /* Register request to unlink first segment later */
451 register_unlink(rnode);
455 * Delete any additional segments.
459 char *segpath = (char *) palloc(strlen(path) + 12);
463 * Note that because we loop until getting ENOENT, we will correctly
464 * remove all inactive segments as well as active ones.
466 for (segno = 1;; segno++)
468 sprintf(segpath, "%s.%u", path, segno);
469 if (unlink(segpath) < 0)
471 /* ENOENT is expected after the last segment... */
474 (errcode_for_file_access(),
475 errmsg("could not remove file \"%s\": %m", segpath)));
486 * mdextend() -- Add a block to the specified relation.
488 * The semantics are nearly the same as mdwrite(): write at the
489 * specified position. However, this is to be used for the case of
490 * extending a relation (i.e., blocknum is at or beyond the current
491 * EOF). Note that we assume writing a block beyond current EOF
492 * causes intervening file space to become filled with zeroes.
495 mdextend(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
496 char *buffer, bool skipFsync)
502 /* This assert is too expensive to have on normally ... */
503 #ifdef CHECK_WRITE_VS_EXTEND
504 Assert(blocknum >= mdnblocks(reln, forknum));
508 * If a relation manages to grow to 2^32-1 blocks, refuse to extend it any
509 * more --- we mustn't create a block whose number actually is
510 * InvalidBlockNumber.
512 if (blocknum == InvalidBlockNumber)
514 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
515 errmsg("cannot extend file \"%s\" beyond %u blocks",
516 relpath(reln->smgr_rnode, forknum),
517 InvalidBlockNumber)));
519 v = _mdfd_getseg(reln, forknum, blocknum, skipFsync, EXTENSION_CREATE);
521 seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
523 Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
526 * Note: because caller usually obtained blocknum by calling mdnblocks,
527 * which did a seek(SEEK_END), this seek is often redundant and will be
528 * optimized away by fd.c. It's not redundant, however, if there is a
529 * partial page at the end of the file. In that case we want to try to
530 * overwrite the partial page with a full page. It's also not redundant
531 * if bufmgr.c had to dump another buffer of the same file to make room
532 * for the new page's buffer.
534 if (FileSeek(v->mdfd_vfd, seekpos, SEEK_SET) != seekpos)
536 (errcode_for_file_access(),
537 errmsg("could not seek to block %u in file \"%s\": %m",
538 blocknum, FilePathName(v->mdfd_vfd))));
540 if ((nbytes = FileWrite(v->mdfd_vfd, buffer, BLCKSZ, WAIT_EVENT_DATA_FILE_EXTEND)) != BLCKSZ)
544 (errcode_for_file_access(),
545 errmsg("could not extend file \"%s\": %m",
546 FilePathName(v->mdfd_vfd)),
547 errhint("Check free disk space.")));
548 /* short write: complain appropriately */
550 (errcode(ERRCODE_DISK_FULL),
551 errmsg("could not extend file \"%s\": wrote only %d of %d bytes at block %u",
552 FilePathName(v->mdfd_vfd),
553 nbytes, BLCKSZ, blocknum),
554 errhint("Check free disk space.")));
557 if (!skipFsync && !SmgrIsTemp(reln))
558 register_dirty_segment(reln, forknum, v);
560 Assert(_mdnblocks(reln, forknum, v) <= ((BlockNumber) RELSEG_SIZE));
564 * mdopen() -- Open the specified relation.
566 * Note we only open the first segment, when there are multiple segments.
568 * If first segment is not present, either ereport or return NULL according
569 * to "behavior". We treat EXTENSION_CREATE the same as EXTENSION_FAIL;
570 * EXTENSION_CREATE means it's OK to extend an existing relation, not to
571 * invent one out of whole cloth.
574 mdopen(SMgrRelation reln, ForkNumber forknum, int behavior)
580 /* No work if already open */
581 if (reln->md_num_open_segs[forknum] > 0)
582 return &reln->md_seg_fds[forknum][0];
584 path = relpath(reln->smgr_rnode, forknum);
586 fd = PathNameOpenFile(path, O_RDWR | PG_BINARY, 0600);
591 * During bootstrap, there are cases where a system relation will be
592 * accessed (by internal backend processes) before the bootstrap
593 * script nominally creates it. Therefore, accept mdopen() as a
594 * substitute for mdcreate() in bootstrap mode only. (See mdcreate)
596 if (IsBootstrapProcessingMode())
597 fd = PathNameOpenFile(path, O_RDWR | O_CREAT | O_EXCL | PG_BINARY, 0600);
600 if ((behavior & EXTENSION_RETURN_NULL) &&
601 FILE_POSSIBLY_DELETED(errno))
607 (errcode_for_file_access(),
608 errmsg("could not open file \"%s\": %m", path)));
614 _fdvec_resize(reln, forknum, 1);
615 mdfd = &reln->md_seg_fds[forknum][0];
617 mdfd->mdfd_segno = 0;
619 Assert(_mdnblocks(reln, forknum, mdfd) <= ((BlockNumber) RELSEG_SIZE));
625 * mdclose() -- Close the specified relation, if it isn't closed already.
628 mdclose(SMgrRelation reln, ForkNumber forknum)
630 int nopensegs = reln->md_num_open_segs[forknum];
632 /* No work if already closed */
636 /* close segments starting from the end */
637 while (nopensegs > 0)
639 MdfdVec *v = &reln->md_seg_fds[forknum][nopensegs - 1];
641 /* if not closed already */
642 if (v->mdfd_vfd >= 0)
644 FileClose(v->mdfd_vfd);
651 /* resize just once, avoids pointless reallocations */
652 _fdvec_resize(reln, forknum, 0);
656 * mdprefetch() -- Initiate asynchronous read of the specified block of a relation
659 mdprefetch(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum)
665 v = _mdfd_getseg(reln, forknum, blocknum, false, EXTENSION_FAIL);
667 seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
669 Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
671 (void) FilePrefetch(v->mdfd_vfd, seekpos, BLCKSZ, WAIT_EVENT_DATA_FILE_PREFETCH);
672 #endif /* USE_PREFETCH */
676 * mdwriteback() -- Tell the kernel to write pages back to storage.
678 * This accepts a range of blocks because flushing several pages at once is
679 * considerably more efficient than doing so individually.
682 mdwriteback(SMgrRelation reln, ForkNumber forknum,
683 BlockNumber blocknum, BlockNumber nblocks)
686 * Issue flush requests in as few requests as possible; have to split at
687 * segment boundaries though, since those are actually separate files.
691 BlockNumber nflush = nblocks;
697 v = _mdfd_getseg(reln, forknum, blocknum, true /* not used */ ,
698 EXTENSION_RETURN_NULL);
701 * We might be flushing buffers of already removed relations, that's
702 * ok, just ignore that case.
707 /* compute offset inside the current segment */
708 segnum_start = blocknum / RELSEG_SIZE;
710 /* compute number of desired writes within the current segment */
711 segnum_end = (blocknum + nblocks - 1) / RELSEG_SIZE;
712 if (segnum_start != segnum_end)
713 nflush = RELSEG_SIZE - (blocknum % ((BlockNumber) RELSEG_SIZE));
716 Assert(nflush <= nblocks);
718 seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
720 FileWriteback(v->mdfd_vfd, seekpos, (off_t) BLCKSZ * nflush, WAIT_EVENT_DATA_FILE_FLUSH);
728 * mdread() -- Read the specified block from a relation.
731 mdread(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
738 TRACE_POSTGRESQL_SMGR_MD_READ_START(forknum, blocknum,
739 reln->smgr_rnode.node.spcNode,
740 reln->smgr_rnode.node.dbNode,
741 reln->smgr_rnode.node.relNode,
742 reln->smgr_rnode.backend);
744 v = _mdfd_getseg(reln, forknum, blocknum, false,
745 EXTENSION_FAIL | EXTENSION_CREATE_RECOVERY);
747 seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
749 Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
751 if (FileSeek(v->mdfd_vfd, seekpos, SEEK_SET) != seekpos)
753 (errcode_for_file_access(),
754 errmsg("could not seek to block %u in file \"%s\": %m",
755 blocknum, FilePathName(v->mdfd_vfd))));
757 nbytes = FileRead(v->mdfd_vfd, buffer, BLCKSZ, WAIT_EVENT_DATA_FILE_READ);
759 TRACE_POSTGRESQL_SMGR_MD_READ_DONE(forknum, blocknum,
760 reln->smgr_rnode.node.spcNode,
761 reln->smgr_rnode.node.dbNode,
762 reln->smgr_rnode.node.relNode,
763 reln->smgr_rnode.backend,
767 if (nbytes != BLCKSZ)
771 (errcode_for_file_access(),
772 errmsg("could not read block %u in file \"%s\": %m",
773 blocknum, FilePathName(v->mdfd_vfd))));
776 * Short read: we are at or past EOF, or we read a partial block at
777 * EOF. Normally this is an error; upper levels should never try to
778 * read a nonexistent block. However, if zero_damaged_pages is ON or
779 * we are InRecovery, we should instead return zeroes without
780 * complaining. This allows, for example, the case of trying to
781 * update a block that was later truncated away.
783 if (zero_damaged_pages || InRecovery)
784 MemSet(buffer, 0, BLCKSZ);
787 (errcode(ERRCODE_DATA_CORRUPTED),
788 errmsg("could not read block %u in file \"%s\": read only %d of %d bytes",
789 blocknum, FilePathName(v->mdfd_vfd),
795 * mdwrite() -- Write the supplied block at the appropriate location.
797 * This is to be used only for updating already-existing blocks of a
798 * relation (ie, those before the current EOF). To extend a relation,
802 mdwrite(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
803 char *buffer, bool skipFsync)
809 /* This assert is too expensive to have on normally ... */
810 #ifdef CHECK_WRITE_VS_EXTEND
811 Assert(blocknum < mdnblocks(reln, forknum));
814 TRACE_POSTGRESQL_SMGR_MD_WRITE_START(forknum, blocknum,
815 reln->smgr_rnode.node.spcNode,
816 reln->smgr_rnode.node.dbNode,
817 reln->smgr_rnode.node.relNode,
818 reln->smgr_rnode.backend);
820 v = _mdfd_getseg(reln, forknum, blocknum, skipFsync,
821 EXTENSION_FAIL | EXTENSION_CREATE_RECOVERY);
823 seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
825 Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
827 if (FileSeek(v->mdfd_vfd, seekpos, SEEK_SET) != seekpos)
829 (errcode_for_file_access(),
830 errmsg("could not seek to block %u in file \"%s\": %m",
831 blocknum, FilePathName(v->mdfd_vfd))));
833 nbytes = FileWrite(v->mdfd_vfd, buffer, BLCKSZ, WAIT_EVENT_DATA_FILE_WRITE);
835 TRACE_POSTGRESQL_SMGR_MD_WRITE_DONE(forknum, blocknum,
836 reln->smgr_rnode.node.spcNode,
837 reln->smgr_rnode.node.dbNode,
838 reln->smgr_rnode.node.relNode,
839 reln->smgr_rnode.backend,
843 if (nbytes != BLCKSZ)
847 (errcode_for_file_access(),
848 errmsg("could not write block %u in file \"%s\": %m",
849 blocknum, FilePathName(v->mdfd_vfd))));
850 /* short write: complain appropriately */
852 (errcode(ERRCODE_DISK_FULL),
853 errmsg("could not write block %u in file \"%s\": wrote only %d of %d bytes",
855 FilePathName(v->mdfd_vfd),
857 errhint("Check free disk space.")));
860 if (!skipFsync && !SmgrIsTemp(reln))
861 register_dirty_segment(reln, forknum, v);
865 * mdnblocks() -- Get the number of blocks stored in a relation.
867 * Important side effect: all active segments of the relation are opened
868 * and added to the mdfd_seg_fds array. If this routine has not been
869 * called, then only segments up to the last one actually touched
870 * are present in the array.
873 mdnblocks(SMgrRelation reln, ForkNumber forknum)
875 MdfdVec *v = mdopen(reln, forknum, EXTENSION_FAIL);
877 BlockNumber segno = 0;
879 /* mdopen has opened the first segment */
880 Assert(reln->md_num_open_segs[forknum] > 0);
883 * Start from the last open segments, to avoid redundant seeks. We have
884 * previously verified that these segments are exactly RELSEG_SIZE long,
885 * and it's useless to recheck that each time.
887 * NOTE: this assumption could only be wrong if another backend has
888 * truncated the relation. We rely on higher code levels to handle that
889 * scenario by closing and re-opening the md fd, which is handled via
890 * relcache flush. (Since the checkpointer doesn't participate in
891 * relcache flush, it could have segment entries for inactive segments;
892 * that's OK because the checkpointer never needs to compute relation
895 segno = reln->md_num_open_segs[forknum] - 1;
896 v = &reln->md_seg_fds[forknum][segno];
900 nblocks = _mdnblocks(reln, forknum, v);
901 if (nblocks > ((BlockNumber) RELSEG_SIZE))
902 elog(FATAL, "segment too big");
903 if (nblocks < ((BlockNumber) RELSEG_SIZE))
904 return (segno * ((BlockNumber) RELSEG_SIZE)) + nblocks;
907 * If segment is exactly RELSEG_SIZE, advance to next one.
912 * We used to pass O_CREAT here, but that's has the disadvantage that
913 * it might create a segment which has vanished through some operating
914 * system misadventure. In such a case, creating the segment here
915 * undermines _mdfd_getseg's attempts to notice and report an error
916 * upon access to a missing segment.
918 v = _mdfd_openseg(reln, forknum, segno, 0);
920 return segno * ((BlockNumber) RELSEG_SIZE);
925 * mdtruncate() -- Truncate relation to specified number of blocks.
928 mdtruncate(SMgrRelation reln, ForkNumber forknum, BlockNumber nblocks)
931 BlockNumber priorblocks;
935 * NOTE: mdnblocks makes sure we have opened all active segments, so that
936 * truncation loop will get them all!
938 curnblk = mdnblocks(reln, forknum);
939 if (nblocks > curnblk)
941 /* Bogus request ... but no complaint if InRecovery */
945 (errmsg("could not truncate file \"%s\" to %u blocks: it's only %u blocks now",
946 relpath(reln->smgr_rnode, forknum),
949 if (nblocks == curnblk)
950 return; /* no work */
953 * Truncate segments, starting at the last one. Starting at the end makes
954 * managing the memory for the fd array easier, should there be errors.
956 curopensegs = reln->md_num_open_segs[forknum];
957 while (curopensegs > 0)
961 priorblocks = (curopensegs - 1) * RELSEG_SIZE;
963 v = &reln->md_seg_fds[forknum][curopensegs - 1];
965 if (priorblocks > nblocks)
968 * This segment is no longer active. We truncate the file, but do
969 * not delete it, for reasons explained in the header comments.
971 if (FileTruncate(v->mdfd_vfd, 0, WAIT_EVENT_DATA_FILE_TRUNCATE) < 0)
973 (errcode_for_file_access(),
974 errmsg("could not truncate file \"%s\": %m",
975 FilePathName(v->mdfd_vfd))));
977 if (!SmgrIsTemp(reln))
978 register_dirty_segment(reln, forknum, v);
980 /* we never drop the 1st segment */
981 Assert(v != &reln->md_seg_fds[forknum][0]);
983 FileClose(v->mdfd_vfd);
984 _fdvec_resize(reln, forknum, curopensegs - 1);
986 else if (priorblocks + ((BlockNumber) RELSEG_SIZE) > nblocks)
989 * This is the last segment we want to keep. Truncate the file to
990 * the right length. NOTE: if nblocks is exactly a multiple K of
991 * RELSEG_SIZE, we will truncate the K+1st segment to 0 length but
992 * keep it. This adheres to the invariant given in the header
995 BlockNumber lastsegblocks = nblocks - priorblocks;
997 if (FileTruncate(v->mdfd_vfd, (off_t) lastsegblocks * BLCKSZ, WAIT_EVENT_DATA_FILE_TRUNCATE) < 0)
999 (errcode_for_file_access(),
1000 errmsg("could not truncate file \"%s\" to %u blocks: %m",
1001 FilePathName(v->mdfd_vfd),
1003 if (!SmgrIsTemp(reln))
1004 register_dirty_segment(reln, forknum, v);
1009 * We still need this segment, so nothing to do for this and any
1019 * mdimmedsync() -- Immediately sync a relation to stable storage.
1021 * Note that only writes already issued are synced; this routine knows
1022 * nothing of dirty buffers that may exist inside the buffer manager.
1025 mdimmedsync(SMgrRelation reln, ForkNumber forknum)
1030 * NOTE: mdnblocks makes sure we have opened all active segments, so that
1031 * fsync loop will get them all!
1033 mdnblocks(reln, forknum);
1035 segno = reln->md_num_open_segs[forknum];
1039 MdfdVec *v = &reln->md_seg_fds[forknum][segno - 1];
1041 if (FileSync(v->mdfd_vfd, WAIT_EVENT_DATA_FILE_IMMEDIATE_SYNC) < 0)
1043 (errcode_for_file_access(),
1044 errmsg("could not fsync file \"%s\": %m",
1045 FilePathName(v->mdfd_vfd))));
1051 * mdsync() -- Sync previous writes to stable storage.
1056 static bool mdsync_in_progress = false;
1058 HASH_SEQ_STATUS hstat;
1059 PendingOperationEntry *entry;
1062 /* Statistics on sync times */
1064 instr_time sync_start,
1069 uint64 total_elapsed = 0;
1072 * This is only called during checkpoints, and checkpoints should only
1073 * occur in processes that have created a pendingOpsTable.
1075 if (!pendingOpsTable)
1076 elog(ERROR, "cannot sync without a pendingOpsTable");
1079 * If we are in the checkpointer, the sync had better include all fsync
1080 * requests that were queued by backends up to this point. The tightest
1081 * race condition that could occur is that a buffer that must be written
1082 * and fsync'd for the checkpoint could have been dumped by a backend just
1083 * before it was visited by BufferSync(). We know the backend will have
1084 * queued an fsync request before clearing the buffer's dirtybit, so we
1085 * are safe as long as we do an Absorb after completing BufferSync().
1087 AbsorbFsyncRequests();
1090 * To avoid excess fsync'ing (in the worst case, maybe a never-terminating
1091 * checkpoint), we want to ignore fsync requests that are entered into the
1092 * hashtable after this point --- they should be processed next time,
1093 * instead. We use mdsync_cycle_ctr to tell old entries apart from new
1094 * ones: new ones will have cycle_ctr equal to the incremented value of
1097 * In normal circumstances, all entries present in the table at this point
1098 * will have cycle_ctr exactly equal to the current (about to be old)
1099 * value of mdsync_cycle_ctr. However, if we fail partway through the
1100 * fsync'ing loop, then older values of cycle_ctr might remain when we
1101 * come back here to try again. Repeated checkpoint failures would
1102 * eventually wrap the counter around to the point where an old entry
1103 * might appear new, causing us to skip it, possibly allowing a checkpoint
1104 * to succeed that should not have. To forestall wraparound, any time the
1105 * previous mdsync() failed to complete, run through the table and
1106 * forcibly set cycle_ctr = mdsync_cycle_ctr.
1108 * Think not to merge this loop with the main loop, as the problem is
1109 * exactly that that loop may fail before having visited all the entries.
1110 * From a performance point of view it doesn't matter anyway, as this path
1111 * will never be taken in a system that's functioning normally.
1113 if (mdsync_in_progress)
1115 /* prior try failed, so update any stale cycle_ctr values */
1116 hash_seq_init(&hstat, pendingOpsTable);
1117 while ((entry = (PendingOperationEntry *) hash_seq_search(&hstat)) != NULL)
1119 entry->cycle_ctr = mdsync_cycle_ctr;
1123 /* Advance counter so that new hashtable entries are distinguishable */
1126 /* Set flag to detect failure if we don't reach the end of the loop */
1127 mdsync_in_progress = true;
1129 /* Now scan the hashtable for fsync requests to process */
1130 absorb_counter = FSYNCS_PER_ABSORB;
1131 hash_seq_init(&hstat, pendingOpsTable);
1132 while ((entry = (PendingOperationEntry *) hash_seq_search(&hstat)) != NULL)
1137 * If the entry is new then don't process it this time; it might
1138 * contain multiple fsync-request bits, but they are all new. Note
1139 * "continue" bypasses the hash-remove call at the bottom of the loop.
1141 if (entry->cycle_ctr == mdsync_cycle_ctr)
1144 /* Else assert we haven't missed it */
1145 Assert((CycleCtr) (entry->cycle_ctr + 1) == mdsync_cycle_ctr);
1148 * Scan over the forks and segments represented by the entry.
1150 * The bitmap manipulations are slightly tricky, because we can call
1151 * AbsorbFsyncRequests() inside the loop and that could result in
1152 * bms_add_member() modifying and even re-palloc'ing the bitmapsets.
1153 * This is okay because we unlink each bitmapset from the hashtable
1154 * entry before scanning it. That means that any incoming fsync
1155 * requests will be processed now if they reach the table before we
1156 * begin to scan their fork.
1158 for (forknum = 0; forknum <= MAX_FORKNUM; forknum++)
1160 Bitmapset *requests = entry->requests[forknum];
1163 entry->requests[forknum] = NULL;
1164 entry->canceled[forknum] = false;
1166 while ((segno = bms_first_member(requests)) >= 0)
1171 * If fsync is off then we don't have to bother opening the
1172 * file at all. (We delay checking until this point so that
1173 * changing fsync on the fly behaves sensibly.)
1179 * If in checkpointer, we want to absorb pending requests
1180 * every so often to prevent overflow of the fsync request
1181 * queue. It is unspecified whether newly-added entries will
1182 * be visited by hash_seq_search, but we don't care since we
1183 * don't need to process them anyway.
1185 if (--absorb_counter <= 0)
1187 AbsorbFsyncRequests();
1188 absorb_counter = FSYNCS_PER_ABSORB;
1192 * The fsync table could contain requests to fsync segments
1193 * that have been deleted (unlinked) by the time we get to
1194 * them. Rather than just hoping an ENOENT (or EACCES on
1195 * Windows) error can be ignored, what we do on error is
1196 * absorb pending requests and then retry. Since mdunlink()
1197 * queues a "cancel" message before actually unlinking, the
1198 * fsync request is guaranteed to be marked canceled after the
1199 * absorb if it really was this case. DROP DATABASE likewise
1200 * has to tell us to forget fsync requests before it starts
1203 for (failures = 0;; failures++) /* loop exits at "break" */
1211 * Find or create an smgr hash entry for this relation.
1212 * This may seem a bit unclean -- md calling smgr? But
1213 * it's really the best solution. It ensures that the
1214 * open file reference isn't permanently leaked if we get
1215 * an error here. (You may say "but an unreferenced
1216 * SMgrRelation is still a leak!" Not really, because the
1217 * only case in which a checkpoint is done by a process
1218 * that isn't about to shut down is in the checkpointer,
1219 * and it will periodically do smgrcloseall(). This fact
1220 * justifies our not closing the reln in the success path
1221 * either, which is a good thing since in non-checkpointer
1222 * cases we couldn't safely do that.)
1224 reln = smgropen(entry->rnode, InvalidBackendId);
1226 /* Attempt to open and fsync the target segment */
1227 seg = _mdfd_getseg(reln, forknum,
1228 (BlockNumber) segno * (BlockNumber) RELSEG_SIZE,
1230 EXTENSION_RETURN_NULL
1231 | EXTENSION_DONT_CHECK_SIZE);
1233 INSTR_TIME_SET_CURRENT(sync_start);
1236 FileSync(seg->mdfd_vfd, WAIT_EVENT_DATA_FILE_SYNC) >= 0)
1238 /* Success; update statistics about sync timing */
1239 INSTR_TIME_SET_CURRENT(sync_end);
1240 sync_diff = sync_end;
1241 INSTR_TIME_SUBTRACT(sync_diff, sync_start);
1242 elapsed = INSTR_TIME_GET_MICROSEC(sync_diff);
1243 if (elapsed > longest)
1245 total_elapsed += elapsed;
1247 if (log_checkpoints)
1248 elog(DEBUG1, "checkpoint sync: number=%d file=%s time=%.3f msec",
1250 FilePathName(seg->mdfd_vfd),
1251 (double) elapsed / 1000);
1253 break; /* out of retry loop */
1256 /* Compute file name for use in message */
1258 path = _mdfd_segpath(reln, forknum, (BlockNumber) segno);
1262 * It is possible that the relation has been dropped or
1263 * truncated since the fsync request was entered.
1264 * Therefore, allow ENOENT, but only if we didn't fail
1265 * already on this file. This applies both for
1266 * _mdfd_getseg() and for FileSync, since fd.c might have
1267 * closed the file behind our back.
1269 * XXX is there any point in allowing more than one retry?
1270 * Don't see one at the moment, but easy to change the
1273 if (!FILE_POSSIBLY_DELETED(errno) ||
1276 (errcode_for_file_access(),
1277 errmsg("could not fsync file \"%s\": %m",
1281 (errcode_for_file_access(),
1282 errmsg("could not fsync file \"%s\" but retrying: %m",
1287 * Absorb incoming requests and check to see if a cancel
1288 * arrived for this relation fork.
1290 AbsorbFsyncRequests();
1291 absorb_counter = FSYNCS_PER_ABSORB; /* might as well... */
1293 if (entry->canceled[forknum])
1295 } /* end retry loop */
1301 * We've finished everything that was requested before we started to
1302 * scan the entry. If no new requests have been inserted meanwhile,
1303 * remove the entry. Otherwise, update its cycle counter, as all the
1304 * requests now in it must have arrived during this cycle.
1306 for (forknum = 0; forknum <= MAX_FORKNUM; forknum++)
1308 if (entry->requests[forknum] != NULL)
1311 if (forknum <= MAX_FORKNUM)
1312 entry->cycle_ctr = mdsync_cycle_ctr;
1315 /* Okay to remove it */
1316 if (hash_search(pendingOpsTable, &entry->rnode,
1317 HASH_REMOVE, NULL) == NULL)
1318 elog(ERROR, "pendingOpsTable corrupted");
1320 } /* end loop over hashtable entries */
1322 /* Return sync performance metrics for report at checkpoint end */
1323 CheckpointStats.ckpt_sync_rels = processed;
1324 CheckpointStats.ckpt_longest_sync = longest;
1325 CheckpointStats.ckpt_agg_sync_time = total_elapsed;
1327 /* Flag successful completion of mdsync */
1328 mdsync_in_progress = false;
1332 * mdpreckpt() -- Do pre-checkpoint work
1334 * To distinguish unlink requests that arrived before this checkpoint
1335 * started from those that arrived during the checkpoint, we use a cycle
1336 * counter similar to the one we use for fsync requests. That cycle
1337 * counter is incremented here.
1339 * This must be called *before* the checkpoint REDO point is determined.
1340 * That ensures that we won't delete files too soon.
1342 * Note that we can't do anything here that depends on the assumption
1343 * that the checkpoint will be completed.
1349 * Any unlink requests arriving after this point will be assigned the next
1350 * cycle counter, and won't be unlinked until next checkpoint.
1356 * mdpostckpt() -- Do post-checkpoint work
1358 * Remove any lingering files that can now be safely removed.
1365 absorb_counter = UNLINKS_PER_ABSORB;
1366 while (pendingUnlinks != NIL)
1368 PendingUnlinkEntry *entry = (PendingUnlinkEntry *) linitial(pendingUnlinks);
1372 * New entries are appended to the end, so if the entry is new we've
1373 * reached the end of old entries.
1375 * Note: if just the right number of consecutive checkpoints fail, we
1376 * could be fooled here by cycle_ctr wraparound. However, the only
1377 * consequence is that we'd delay unlinking for one more checkpoint,
1378 * which is perfectly tolerable.
1380 if (entry->cycle_ctr == mdckpt_cycle_ctr)
1383 /* Unlink the file */
1384 path = relpathperm(entry->rnode, MAIN_FORKNUM);
1385 if (unlink(path) < 0)
1388 * There's a race condition, when the database is dropped at the
1389 * same time that we process the pending unlink requests. If the
1390 * DROP DATABASE deletes the file before we do, we will get ENOENT
1391 * here. rmtree() also has to ignore ENOENT errors, to deal with
1392 * the possibility that we delete the file first.
1394 if (errno != ENOENT)
1396 (errcode_for_file_access(),
1397 errmsg("could not remove file \"%s\": %m", path)));
1401 /* And remove the list entry */
1402 pendingUnlinks = list_delete_first(pendingUnlinks);
1406 * As in mdsync, we don't want to stop absorbing fsync requests for a
1407 * long time when there are many deletions to be done. We can safely
1408 * call AbsorbFsyncRequests() at this point in the loop (note it might
1409 * try to delete list entries).
1411 if (--absorb_counter <= 0)
1413 AbsorbFsyncRequests();
1414 absorb_counter = UNLINKS_PER_ABSORB;
1420 * register_dirty_segment() -- Mark a relation segment as needing fsync
1422 * If there is a local pending-ops table, just make an entry in it for
1423 * mdsync to process later. Otherwise, try to pass off the fsync request
1424 * to the checkpointer process. If that fails, just do the fsync
1425 * locally before returning (we hope this will not happen often enough
1426 * to be a performance problem).
1429 register_dirty_segment(SMgrRelation reln, ForkNumber forknum, MdfdVec *seg)
1431 /* Temp relations should never be fsync'd */
1432 Assert(!SmgrIsTemp(reln));
1434 if (pendingOpsTable)
1436 /* push it into local pending-ops table */
1437 RememberFsyncRequest(reln->smgr_rnode.node, forknum, seg->mdfd_segno);
1441 if (ForwardFsyncRequest(reln->smgr_rnode.node, forknum, seg->mdfd_segno))
1442 return; /* passed it off successfully */
1445 (errmsg("could not forward fsync request because request queue is full")));
1447 if (FileSync(seg->mdfd_vfd, WAIT_EVENT_DATA_FILE_SYNC) < 0)
1449 (errcode_for_file_access(),
1450 errmsg("could not fsync file \"%s\": %m",
1451 FilePathName(seg->mdfd_vfd))));
1456 * register_unlink() -- Schedule a file to be deleted after next checkpoint
1458 * We don't bother passing in the fork number, because this is only used
1461 * As with register_dirty_segment, this could involve either a local or
1462 * a remote pending-ops table.
1465 register_unlink(RelFileNodeBackend rnode)
1467 /* Should never be used with temp relations */
1468 Assert(!RelFileNodeBackendIsTemp(rnode));
1470 if (pendingOpsTable)
1472 /* push it into local pending-ops table */
1473 RememberFsyncRequest(rnode.node, MAIN_FORKNUM,
1474 UNLINK_RELATION_REQUEST);
1479 * Notify the checkpointer about it. If we fail to queue the request
1480 * message, we have to sleep and try again, because we can't simply
1481 * delete the file now. Ugly, but hopefully won't happen often.
1483 * XXX should we just leave the file orphaned instead?
1485 Assert(IsUnderPostmaster);
1486 while (!ForwardFsyncRequest(rnode.node, MAIN_FORKNUM,
1487 UNLINK_RELATION_REQUEST))
1488 pg_usleep(10000L); /* 10 msec seems a good number */
1493 * RememberFsyncRequest() -- callback from checkpointer side of fsync request
1495 * We stuff fsync requests into the local hash table for execution
1496 * during the checkpointer's next checkpoint. UNLINK requests go into a
1497 * separate linked list, however, because they get processed separately.
1499 * The range of possible segment numbers is way less than the range of
1500 * BlockNumber, so we can reserve high values of segno for special purposes.
1502 * - FORGET_RELATION_FSYNC means to cancel pending fsyncs for a relation,
1503 * either for one fork, or all forks if forknum is InvalidForkNumber
1504 * - FORGET_DATABASE_FSYNC means to cancel pending fsyncs for a whole database
1505 * - UNLINK_RELATION_REQUEST is a request to delete the file after the next
1507 * Note also that we're assuming real segment numbers don't exceed INT_MAX.
1509 * (Handling FORGET_DATABASE_FSYNC requests is a tad slow because the hash
1510 * table has to be searched linearly, but dropping a database is a pretty
1511 * heavyweight operation anyhow, so we'll live with it.)
1514 RememberFsyncRequest(RelFileNode rnode, ForkNumber forknum, BlockNumber segno)
1516 Assert(pendingOpsTable);
1518 if (segno == FORGET_RELATION_FSYNC)
1520 /* Remove any pending requests for the relation (one or all forks) */
1521 PendingOperationEntry *entry;
1523 entry = (PendingOperationEntry *) hash_search(pendingOpsTable,
1530 * We can't just delete the entry since mdsync could have an
1531 * active hashtable scan. Instead we delete the bitmapsets; this
1532 * is safe because of the way mdsync is coded. We also set the
1533 * "canceled" flags so that mdsync can tell that a cancel arrived
1536 if (forknum == InvalidForkNumber)
1538 /* remove requests for all forks */
1539 for (forknum = 0; forknum <= MAX_FORKNUM; forknum++)
1541 bms_free(entry->requests[forknum]);
1542 entry->requests[forknum] = NULL;
1543 entry->canceled[forknum] = true;
1548 /* remove requests for single fork */
1549 bms_free(entry->requests[forknum]);
1550 entry->requests[forknum] = NULL;
1551 entry->canceled[forknum] = true;
1555 else if (segno == FORGET_DATABASE_FSYNC)
1557 /* Remove any pending requests for the entire database */
1558 HASH_SEQ_STATUS hstat;
1559 PendingOperationEntry *entry;
1564 /* Remove fsync requests */
1565 hash_seq_init(&hstat, pendingOpsTable);
1566 while ((entry = (PendingOperationEntry *) hash_seq_search(&hstat)) != NULL)
1568 if (entry->rnode.dbNode == rnode.dbNode)
1570 /* remove requests for all forks */
1571 for (forknum = 0; forknum <= MAX_FORKNUM; forknum++)
1573 bms_free(entry->requests[forknum]);
1574 entry->requests[forknum] = NULL;
1575 entry->canceled[forknum] = true;
1580 /* Remove unlink requests */
1582 for (cell = list_head(pendingUnlinks); cell; cell = next)
1584 PendingUnlinkEntry *entry = (PendingUnlinkEntry *) lfirst(cell);
1587 if (entry->rnode.dbNode == rnode.dbNode)
1589 pendingUnlinks = list_delete_cell(pendingUnlinks, cell, prev);
1596 else if (segno == UNLINK_RELATION_REQUEST)
1598 /* Unlink request: put it in the linked list */
1599 MemoryContext oldcxt = MemoryContextSwitchTo(pendingOpsCxt);
1600 PendingUnlinkEntry *entry;
1602 /* PendingUnlinkEntry doesn't store forknum, since it's always MAIN */
1603 Assert(forknum == MAIN_FORKNUM);
1605 entry = palloc(sizeof(PendingUnlinkEntry));
1606 entry->rnode = rnode;
1607 entry->cycle_ctr = mdckpt_cycle_ctr;
1609 pendingUnlinks = lappend(pendingUnlinks, entry);
1611 MemoryContextSwitchTo(oldcxt);
1615 /* Normal case: enter a request to fsync this segment */
1616 MemoryContext oldcxt = MemoryContextSwitchTo(pendingOpsCxt);
1617 PendingOperationEntry *entry;
1620 entry = (PendingOperationEntry *) hash_search(pendingOpsTable,
1624 /* if new entry, initialize it */
1627 entry->cycle_ctr = mdsync_cycle_ctr;
1628 MemSet(entry->requests, 0, sizeof(entry->requests));
1629 MemSet(entry->canceled, 0, sizeof(entry->canceled));
1633 * NB: it's intentional that we don't change cycle_ctr if the entry
1634 * already exists. The cycle_ctr must represent the oldest fsync
1635 * request that could be in the entry.
1638 entry->requests[forknum] = bms_add_member(entry->requests[forknum],
1641 MemoryContextSwitchTo(oldcxt);
1646 * ForgetRelationFsyncRequests -- forget any fsyncs for a relation fork
1648 * forknum == InvalidForkNumber means all forks, although this code doesn't
1649 * actually know that, since it's just forwarding the request elsewhere.
1652 ForgetRelationFsyncRequests(RelFileNode rnode, ForkNumber forknum)
1654 if (pendingOpsTable)
1656 /* standalone backend or startup process: fsync state is local */
1657 RememberFsyncRequest(rnode, forknum, FORGET_RELATION_FSYNC);
1659 else if (IsUnderPostmaster)
1662 * Notify the checkpointer about it. If we fail to queue the cancel
1663 * message, we have to sleep and try again ... ugly, but hopefully
1664 * won't happen often.
1666 * XXX should we CHECK_FOR_INTERRUPTS in this loop? Escaping with an
1667 * error would leave the no-longer-used file still present on disk,
1668 * which would be bad, so I'm inclined to assume that the checkpointer
1669 * will always empty the queue soon.
1671 while (!ForwardFsyncRequest(rnode, forknum, FORGET_RELATION_FSYNC))
1672 pg_usleep(10000L); /* 10 msec seems a good number */
1675 * Note we don't wait for the checkpointer to actually absorb the
1676 * cancel message; see mdsync() for the implications.
1682 * ForgetDatabaseFsyncRequests -- forget any fsyncs and unlinks for a DB
1685 ForgetDatabaseFsyncRequests(Oid dbid)
1689 rnode.dbNode = dbid;
1693 if (pendingOpsTable)
1695 /* standalone backend or startup process: fsync state is local */
1696 RememberFsyncRequest(rnode, InvalidForkNumber, FORGET_DATABASE_FSYNC);
1698 else if (IsUnderPostmaster)
1700 /* see notes in ForgetRelationFsyncRequests */
1701 while (!ForwardFsyncRequest(rnode, InvalidForkNumber,
1702 FORGET_DATABASE_FSYNC))
1703 pg_usleep(10000L); /* 10 msec seems a good number */
1709 * _fdvec_resize() -- Resize the fork's open segments array
1712 _fdvec_resize(SMgrRelation reln,
1718 if (reln->md_num_open_segs[forknum] > 0)
1720 pfree(reln->md_seg_fds[forknum]);
1721 reln->md_seg_fds[forknum] = NULL;
1724 else if (reln->md_num_open_segs[forknum] == 0)
1726 reln->md_seg_fds[forknum] =
1727 MemoryContextAlloc(MdCxt, sizeof(MdfdVec) * nseg);
1732 * It doesn't seem worthwhile complicating the code by having a more
1733 * aggressive growth strategy here; the number of segments doesn't
1734 * grow that fast, and the memory context internally will sometimes
1735 * avoid doing an actual reallocation.
1737 reln->md_seg_fds[forknum] =
1738 repalloc(reln->md_seg_fds[forknum],
1739 sizeof(MdfdVec) * nseg);
1742 reln->md_num_open_segs[forknum] = nseg;
1746 * Return the filename for the specified segment of the relation. The
1747 * returned string is palloc'd.
1750 _mdfd_segpath(SMgrRelation reln, ForkNumber forknum, BlockNumber segno)
1755 path = relpath(reln->smgr_rnode, forknum);
1759 fullpath = psprintf("%s.%u", path, segno);
1769 * Open the specified segment of the relation,
1770 * and make a MdfdVec object for it. Returns NULL on failure.
1773 _mdfd_openseg(SMgrRelation reln, ForkNumber forknum, BlockNumber segno,
1780 fullpath = _mdfd_segpath(reln, forknum, segno);
1783 fd = PathNameOpenFile(fullpath, O_RDWR | PG_BINARY | oflags, 0600);
1790 if (segno <= reln->md_num_open_segs[forknum])
1791 _fdvec_resize(reln, forknum, segno + 1);
1793 /* fill the entry */
1794 v = &reln->md_seg_fds[forknum][segno];
1796 v->mdfd_segno = segno;
1798 Assert(_mdnblocks(reln, forknum, v) <= ((BlockNumber) RELSEG_SIZE));
1805 * _mdfd_getseg() -- Find the segment of the relation holding the
1808 * If the segment doesn't exist, we ereport, return NULL, or create the
1809 * segment, according to "behavior". Note: skipFsync is only used in the
1810 * EXTENSION_CREATE case.
1813 _mdfd_getseg(SMgrRelation reln, ForkNumber forknum, BlockNumber blkno,
1814 bool skipFsync, int behavior)
1817 BlockNumber targetseg;
1818 BlockNumber nextsegno;
1820 /* some way to handle non-existent segments needs to be specified */
1822 (EXTENSION_FAIL | EXTENSION_CREATE | EXTENSION_RETURN_NULL));
1824 targetseg = blkno / ((BlockNumber) RELSEG_SIZE);
1826 /* if an existing and opened segment, we're done */
1827 if (targetseg < reln->md_num_open_segs[forknum])
1829 v = &reln->md_seg_fds[forknum][targetseg];
1834 * The target segment is not yet open. Iterate over all the segments
1835 * between the last opened and the target segment. This way missing
1836 * segments either raise an error, or get created (according to
1837 * 'behavior'). Start with either the last opened, or the first segment if
1838 * none was opened before.
1840 if (reln->md_num_open_segs[forknum] > 0)
1841 v = &reln->md_seg_fds[forknum][reln->md_num_open_segs[forknum] - 1];
1844 v = mdopen(reln, forknum, behavior);
1846 return NULL; /* if behavior & EXTENSION_RETURN_NULL */
1849 for (nextsegno = reln->md_num_open_segs[forknum];
1850 nextsegno <= targetseg; nextsegno++)
1852 BlockNumber nblocks = _mdnblocks(reln, forknum, v);
1855 Assert(nextsegno == v->mdfd_segno + 1);
1857 if (nblocks > ((BlockNumber) RELSEG_SIZE))
1858 elog(FATAL, "segment too big");
1860 if ((behavior & EXTENSION_CREATE) ||
1861 (InRecovery && (behavior & EXTENSION_CREATE_RECOVERY)))
1864 * Normally we will create new segments only if authorized by the
1865 * caller (i.e., we are doing mdextend()). But when doing WAL
1866 * recovery, create segments anyway; this allows cases such as
1867 * replaying WAL data that has a write into a high-numbered
1868 * segment of a relation that was later deleted. We want to go
1869 * ahead and create the segments so we can finish out the replay.
1870 * However if the caller has specified
1871 * EXTENSION_REALLY_RETURN_NULL, then extension is not desired
1872 * even in recovery; we won't reach this point in that case.
1874 * We have to maintain the invariant that segments before the last
1875 * active segment are of size RELSEG_SIZE; therefore, if
1876 * extending, pad them out with zeroes if needed. (This only
1877 * matters if in recovery, or if the caller is extending the
1878 * relation discontiguously, but that can happen in hash indexes.)
1880 if (nblocks < ((BlockNumber) RELSEG_SIZE))
1882 char *zerobuf = palloc0(BLCKSZ);
1884 mdextend(reln, forknum,
1885 nextsegno * ((BlockNumber) RELSEG_SIZE) - 1,
1886 zerobuf, skipFsync);
1891 else if (!(behavior & EXTENSION_DONT_CHECK_SIZE) &&
1892 nblocks < ((BlockNumber) RELSEG_SIZE))
1895 * When not extending (or explicitly including truncated
1896 * segments), only open the next segment if the current one is
1897 * exactly RELSEG_SIZE. If not (this branch), either return NULL
1900 if (behavior & EXTENSION_RETURN_NULL)
1903 * Some callers discern between reasons for _mdfd_getseg()
1904 * returning NULL based on errno. As there's no failing
1905 * syscall involved in this case, explicitly set errno to
1906 * ENOENT, as that seems the closest interpretation.
1913 (errcode_for_file_access(),
1914 errmsg("could not open file \"%s\" (target block %u): previous segment is only %u blocks",
1915 _mdfd_segpath(reln, forknum, nextsegno),
1919 v = _mdfd_openseg(reln, forknum, nextsegno, flags);
1923 if ((behavior & EXTENSION_RETURN_NULL) &&
1924 FILE_POSSIBLY_DELETED(errno))
1927 (errcode_for_file_access(),
1928 errmsg("could not open file \"%s\" (target block %u): %m",
1929 _mdfd_segpath(reln, forknum, nextsegno),
1938 * Get number of blocks present in a single disk file
1941 _mdnblocks(SMgrRelation reln, ForkNumber forknum, MdfdVec *seg)
1945 len = FileSeek(seg->mdfd_vfd, 0L, SEEK_END);
1948 (errcode_for_file_access(),
1949 errmsg("could not seek to end of file \"%s\": %m",
1950 FilePathName(seg->mdfd_vfd))));
1951 /* note that this calculation will ignore any partial block at EOF */
1952 return (BlockNumber) (len / BLCKSZ);