From: Tom Lane Date: Fri, 2 Jun 2000 03:58:34 +0000 (+0000) Subject: Create an fd.c entry point that is just like plain open(2) except that X-Git-Tag: REL7_1_BETA~1206 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b659ab07a2b4067b7210c8f2f6daa947817a2bfe;p=postgresql Create an fd.c entry point that is just like plain open(2) except that it will close VFDs if necessary to surmount ENFILE or EMFILE failures. Make use of this in md.c, xlog.c, and user.c routines that were formerly vulnerable to these failures. In particular, this should handle failures of mdblindwrt() that have been observed under heavy load conditions. (By golly, every other process on the system may crash after Postgres eats up all the kernel FDs, but Postgres will keep going!) --- diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index b672cf2c7a..07a8392c4e 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Header: /cvsroot/pgsql/src/backend/access/transam/xlog.c,v 1.13 2000/04/12 17:14:53 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/access/transam/xlog.c,v 1.14 2000/06/02 03:58:34 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -44,8 +44,6 @@ bool StopIfError = false; SPINLOCK ControlFileLockId; SPINLOCK XidGenLockId; -extern bool ReleaseDataFile(void); - extern VariableCache ShmemVariableCache; #define MinXLOGbuffers 4 @@ -738,22 +736,13 @@ XLogFileInit(uint32 log, uint32 seg) XLogFileName(path, log, seg); unlink(path); -tryAgain: #ifndef __CYGWIN__ - fd = open(path, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); + fd = BasicOpenFile(path, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); #else - fd = open(path, O_RDWR | O_CREAT | O_EXCL | O_BINARY, S_IRUSR | S_IWUSR); + fd = BasicOpenFile(path, O_RDWR | O_CREAT | O_EXCL | O_BINARY, S_IRUSR | S_IWUSR); #endif - if (fd < 0 && (errno == EMFILE || errno == ENFILE)) - { - fd = errno; - if (!ReleaseDataFile()) - elog(STOP, "Create(logfile %u seg %u) failed: %d (and no one data file can be closed)", - logId, logSeg, fd); - goto tryAgain; - } if (fd < 0) - elog(STOP, "Init(logfile %u seg %u) failed: %d", + elog(STOP, "Open(logfile %u seg %u) failed: %d", logId, logSeg, errno); if (lseek(fd, XLogSegSize - 1, SEEK_SET) != (off_t) (XLogSegSize - 1)) @@ -783,20 +772,11 @@ XLogFileOpen(uint32 log, uint32 seg, bool econt) XLogFileName(path, log, seg); -tryAgain: #ifndef __CYGWIN__ - fd = open(path, O_RDWR); + fd = BasicOpenFile(path, O_RDWR, S_IRUSR | S_IWUSR); #else - fd = open(path, O_RDWR | O_BINARY); + fd = BasicOpenFile(path, O_RDWR | O_BINARY, S_IRUSR | S_IWUSR); #endif - if (fd < 0 && (errno == EMFILE || errno == ENFILE)) - { - fd = errno; - if (!ReleaseDataFile()) - elog(STOP, "Open(logfile %u seg %u) failed: %d (and no one data file can be closed)", - logId, logSeg, fd); - goto tryAgain; - } if (fd < 0) { if (econt && errno == ENOENT) @@ -1102,20 +1082,11 @@ UpdateControlFile() { int fd; -tryAgain: #ifndef __CYGWIN__ - fd = open(ControlFilePath, O_RDWR); + fd = BasicOpenFile(ControlFilePath, O_RDWR, S_IRUSR | S_IWUSR); #else - fd = open(ControlFilePath, O_RDWR | O_BINARY); + fd = BasicOpenFile(ControlFilePath, O_RDWR | O_BINARY, S_IRUSR | S_IWUSR); #endif - if (fd < 0 && (errno == EMFILE || errno == ENFILE)) - { - fd = errno; - if (!ReleaseDataFile()) - elog(STOP, "Open(cntlfile) failed: %d (and no one data file can be closed)", - fd); - goto tryAgain; - } if (fd < 0) elog(STOP, "Open(cntlfile) failed: %d", errno); @@ -1174,9 +1145,9 @@ BootStrapXLOG() #endif #ifndef __CYGWIN__ - fd = open(ControlFilePath, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); + fd = BasicOpenFile(ControlFilePath, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); #else - fd = open(ControlFilePath, O_RDWR | O_CREAT | O_EXCL | O_BINARY, S_IRUSR | S_IWUSR); + fd = BasicOpenFile(ControlFilePath, O_RDWR | O_CREAT | O_EXCL | O_BINARY, S_IRUSR | S_IWUSR); #endif if (fd < 0) elog(STOP, "BootStrapXLOG failed to create control file (%s): %d", @@ -1288,20 +1259,11 @@ StartupXLOG() /* * Open/read Control file */ -tryAgain: #ifndef __CYGWIN__ - fd = open(ControlFilePath, O_RDWR); + fd = BasicOpenFile(ControlFilePath, O_RDWR, S_IRUSR | S_IWUSR); #else - fd = open(ControlFilePath, O_RDWR | O_BINARY); + fd = BasicOpenFile(ControlFilePath, O_RDWR | O_BINARY, S_IRUSR | S_IWUSR); #endif - if (fd < 0 && (errno == EMFILE || errno == ENFILE)) - { - fd = errno; - if (!ReleaseDataFile()) - elog(STOP, "Open(\"%s\") failed: %d (and no one data file can be closed)", - ControlFilePath, fd); - goto tryAgain; - } if (fd < 0) elog(STOP, "Open(\"%s\") failed: %d", ControlFilePath, errno); diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 160fa5353b..04303a54b0 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.56 2000/05/30 00:49:44 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.57 2000/06/02 03:58:33 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -146,13 +146,13 @@ write_password_file(Relation rel) /* * Create a flag file the postmaster will detect the next time it * tries to authenticate a user. The postmaster will know to reload - * the pg_pwd file contents. Note: we used to elog(ERROR) if the - * creat() call failed, but it's a little silly to abort the transaction + * the pg_pwd file contents. Note: we used to elog(ERROR) if the file + * creation failed, but it's a little silly to abort the transaction * at this point, so let's just make it a NOTICE. */ filename = crypt_getpwdreloadfilename(); - flagfd = creat(filename, S_IRUSR | S_IWUSR); - if (flagfd == -1) + flagfd = BasicOpenFile(filename, O_WRONLY | O_CREAT, 0600); + if (flagfd < 0) elog(NOTICE, "%s: %m", filename); else close(flagfd); diff --git a/src/backend/storage/file/fd.c b/src/backend/storage/file/fd.c index 2a6c946636..2d0d733a7c 100644 --- a/src/backend/storage/file/fd.c +++ b/src/backend/storage/file/fd.c @@ -7,7 +7,7 @@ * Portions Copyright (c) 1994, Regents of the University of California * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/storage/file/fd.c,v 1.57 2000/05/31 00:28:27 petere Exp $ + * $Header: /cvsroot/pgsql/src/backend/storage/file/fd.c,v 1.58 2000/06/02 03:58:32 tgl Exp $ * * NOTES: * @@ -202,6 +202,45 @@ pg_fsync(int fd) return 0; } +/* + * BasicOpenFile --- same as open(2) except can free other FDs if needed + * + * This is exported for use by places that really want a plain kernel FD, + * but need to be proof against running out of FDs. Once an FD has been + * successfully returned, it is the caller's responsibility to ensure that + * it will not be leaked on elog()! Most users should *not* call this + * routine directly, but instead use the VFD abstraction level, which + * provides protection against descriptor leaks as well as management of + * files that need to be open for more than a short period of time. + * + * Ideally this should be the *only* direct call of open() in the backend. + * In practice, the postmaster calls open() directly, and there are some + * direct open() calls done early in backend startup. Those are OK since + * this module wouldn't have any open files to close at that point anyway. + */ +int +BasicOpenFile(FileName fileName, int fileFlags, int fileMode) +{ + int fd; + +tryAgain: + fd = open(fileName, fileFlags, fileMode); + + if (fd >= 0) + return fd; /* success! */ + + if ((errno == EMFILE || errno == ENFILE) && nfile > 0) + { + DO_DB(elog(DEBUG, "BasicOpenFile: not enough descs, retry, er= %d", + errno)); + errno = 0; + ReleaseLruFile(); + goto tryAgain; + } + + return -1; /* failure */ +} + /* * pg_nofile: determine number of filedescriptors that fd.c is allowed to use */ @@ -348,7 +387,6 @@ LruInsert(File file) if (FileIsNotOpen(file)) { - while (nfile + numAllocatedFiles >= pg_nofile()) ReleaseLruFile(); @@ -357,15 +395,8 @@ LruInsert(File file) * to overall system file table being full. So, be prepared to * release another FD if necessary... */ -tryAgain: - vfdP->fd = open(vfdP->fileName, vfdP->fileFlags, vfdP->fileMode); - if (vfdP->fd < 0 && (errno == EMFILE || errno == ENFILE)) - { - errno = 0; - ReleaseLruFile(); - goto tryAgain; - } - + vfdP->fd = BasicOpenFile(vfdP->fileName, vfdP->fileFlags, + vfdP->fileMode); if (vfdP->fd < 0) { DO_DB(elog(DEBUG, "RE_OPEN FAILED: %d", @@ -411,22 +442,6 @@ ReleaseLruFile() LruDelete(VfdCache[0].lruMoreRecently); } -/* - * Force one kernel file descriptor to be released (temporarily). - */ -bool -ReleaseDataFile() -{ - DO_DB(elog(DEBUG, "ReleaseDataFile. Opened %d", nfile)); - - if (nfile <= 0) - return (false); - Assert(VfdCache[0].lruMoreRecently != 0); - LruDelete(VfdCache[0].lruMoreRecently); - - return (true); -} - static File AllocateVfd() { @@ -617,16 +632,7 @@ fileNameOpenFile(FileName fileName, while (nfile + numAllocatedFiles >= pg_nofile()) ReleaseLruFile(); -tryAgain: - vfdP->fd = open(fileName, fileFlags, fileMode); - if (vfdP->fd < 0 && (errno == EMFILE || errno == ENFILE)) - { - DO_DB(elog(DEBUG, "fileNameOpenFile: not enough descs, retry, er= %d", - errno)); - errno = 0; - ReleaseLruFile(); - goto tryAgain; - } + vfdP->fd = BasicOpenFile(fileName, fileFlags, fileMode); if (vfdP->fd < 0) { @@ -990,6 +996,8 @@ FileMarkDirty(File file) * fd.c will automatically close all files opened with AllocateFile at * transaction commit or abort; this prevents FD leakage if a routine * that calls AllocateFile is terminated prematurely by elog(ERROR). + * + * Ideally this should be the *only* direct call of fopen() in the backend. */ FILE * @@ -1005,7 +1013,7 @@ AllocateFile(char *name, char *mode) TryAgain: if ((file = fopen(name, mode)) == NULL) { - if (errno == EMFILE || errno == ENFILE) + if ((errno == EMFILE || errno == ENFILE) && nfile > 0) { DO_DB(elog(DEBUG, "AllocateFile: not enough descs, retry, er= %d", errno)); diff --git a/src/backend/storage/smgr/md.c b/src/backend/storage/smgr/md.c index e4fd3120d2..4c1cac5472 100644 --- a/src/backend/storage/smgr/md.c +++ b/src/backend/storage/smgr/md.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/storage/smgr/md.c,v 1.68 2000/05/25 23:30:20 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/storage/smgr/md.c,v 1.69 2000/06/02 03:58:33 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -1129,10 +1129,11 @@ _mdfd_blind_getseg(char *dbname, char *relname, Oid dbid, Oid relid, } #endif + /* call fd.c to allow other FDs to be closed if needed */ #ifndef __CYGWIN32__ - fd = open(path, O_RDWR, 0600); + fd = BasicOpenFile(path, O_RDWR, 0600); #else - fd = open(path, O_RDWR | O_BINARY, 0600); + fd = BasicOpenFile(path, O_RDWR | O_BINARY, 0600); #endif if (fd < 0) diff --git a/src/include/storage/fd.h b/src/include/storage/fd.h index fb45e20456..5456f18372 100644 --- a/src/include/storage/fd.h +++ b/src/include/storage/fd.h @@ -7,7 +7,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: fd.h,v 1.21 2000/04/12 17:16:51 momjian Exp $ + * $Id: fd.h,v 1.22 2000/06/02 03:58:31 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -22,7 +22,7 @@ * Use them for all file activity... * * File fd; - * fd = FilePathOpenFile("foo", O_RDONLY); + * fd = FilePathOpenFile("foo", O_RDONLY, 0600); * * AllocateFile(); * FreeFile(); @@ -64,8 +64,10 @@ extern void FileMarkDirty(File file); extern FILE *AllocateFile(char *name, char *mode); extern void FreeFile(FILE *); +/* If you've really really gotta have a plain kernel FD, use this */ +extern int BasicOpenFile(FileName fileName, int fileFlags, int fileMode); + /* Miscellaneous support routines */ -extern bool ReleaseDataFile(void); extern void closeAllVfds(void); extern void AtEOXact_Files(void); extern int pg_fsync(int fd);