PostgreSQL Source Code  git master
connection.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * connection.c
4  * Connection management functions for postgres_fdw
5  *
6  * Portions Copyright (c) 2012-2019, PostgreSQL Global Development Group
7  *
8  * IDENTIFICATION
9  * contrib/postgres_fdw/connection.c
10  *
11  *-------------------------------------------------------------------------
12  */
13 #include "postgres.h"
14 
15 #include "postgres_fdw.h"
16 
17 #include "access/htup_details.h"
18 #include "access/xact.h"
20 #include "mb/pg_wchar.h"
21 #include "miscadmin.h"
22 #include "pgstat.h"
23 #include "storage/latch.h"
24 #include "utils/hsearch.h"
25 #include "utils/inval.h"
26 #include "utils/memutils.h"
27 #include "utils/syscache.h"
28 
29 
30 /*
31  * Connection cache hash table entry
32  *
33  * The lookup key in this hash table is the user mapping OID. We use just one
34  * connection per user mapping ID, which ensures that all the scans use the
35  * same snapshot during a query. Using the user mapping OID rather than
36  * the foreign server OID + user OID avoids creating multiple connections when
37  * the public user mapping applies to all user OIDs.
38  *
39  * The "conn" pointer can be NULL if we don't currently have a live connection.
40  * When we do have a connection, xact_depth tracks the current depth of
41  * transactions and subtransactions open on the remote side. We need to issue
42  * commands at the same nesting depth on the remote as we're executing at
43  * ourselves, so that rolling back a subtransaction will kill the right
44  * queries and not the wrong ones.
45  */
46 typedef Oid ConnCacheKey;
47 
48 typedef struct ConnCacheEntry
49 {
50  ConnCacheKey key; /* hash key (must be first) */
51  PGconn *conn; /* connection to foreign server, or NULL */
52  /* Remaining fields are invalid when conn is NULL: */
53  int xact_depth; /* 0 = no xact open, 1 = main xact open, 2 =
54  * one level of subxact open, etc */
55  bool have_prep_stmt; /* have we prepared any stmts in this xact? */
56  bool have_error; /* have any subxacts aborted in this xact? */
57  bool changing_xact_state; /* xact state change in process */
58  bool invalidated; /* true if reconnect is pending */
59  uint32 server_hashvalue; /* hash value of foreign server OID */
60  uint32 mapping_hashvalue; /* hash value of user mapping OID */
62 
63 /*
64  * Connection cache (initialized on first use)
65  */
66 static HTAB *ConnectionHash = NULL;
67 
68 /* for assigning cursor numbers and prepared statement numbers */
69 static unsigned int cursor_number = 0;
70 static unsigned int prep_stmt_number = 0;
71 
72 /* tracks whether any work is needed in callback functions */
73 static bool xact_got_connection = false;
74 
75 /* prototypes of private functions */
77 static void disconnect_pg_server(ConnCacheEntry *entry);
78 static void check_conn_params(const char **keywords, const char **values, UserMapping *user);
80 static void do_sql_command(PGconn *conn, const char *sql);
81 static void begin_remote_xact(ConnCacheEntry *entry);
82 static void pgfdw_xact_callback(XactEvent event, void *arg);
83 static void pgfdw_subxact_callback(SubXactEvent event,
84  SubTransactionId mySubid,
85  SubTransactionId parentSubid,
86  void *arg);
87 static void pgfdw_inval_callback(Datum arg, int cacheid, uint32 hashvalue);
89 static bool pgfdw_cancel_query(PGconn *conn);
90 static bool pgfdw_exec_cleanup_query(PGconn *conn, const char *query,
91  bool ignore_errors);
92 static bool pgfdw_get_cleanup_result(PGconn *conn, TimestampTz endtime,
93  PGresult **result);
94 
95 
96 /*
97  * Get a PGconn which can be used to execute queries on the remote PostgreSQL
98  * server with the user's authorization. A new connection is established
99  * if we don't already have a suitable one, and a transaction is opened at
100  * the right subtransaction nesting depth if we didn't do that already.
101  *
102  * will_prep_stmt must be true if caller intends to create any prepared
103  * statements. Since those don't go away automatically at transaction end
104  * (not even on error), we need this flag to cue manual cleanup.
105  */
106 PGconn *
107 GetConnection(UserMapping *user, bool will_prep_stmt)
108 {
109  bool found;
110  ConnCacheEntry *entry;
112 
113  /* First time through, initialize connection cache hashtable */
114  if (ConnectionHash == NULL)
115  {
116  HASHCTL ctl;
117 
118  MemSet(&ctl, 0, sizeof(ctl));
119  ctl.keysize = sizeof(ConnCacheKey);
120  ctl.entrysize = sizeof(ConnCacheEntry);
121  /* allocate ConnectionHash in the cache context */
122  ctl.hcxt = CacheMemoryContext;
123  ConnectionHash = hash_create("postgres_fdw connections", 8,
124  &ctl,
126 
127  /*
128  * Register some callback functions that manage connection cleanup.
129  * This should be done just once in each backend.
130  */
137  }
138 
139  /* Set flag that we did GetConnection during the current transaction */
140  xact_got_connection = true;
141 
142  /* Create hash key for the entry. Assume no pad bytes in key struct */
143  key = user->umid;
144 
145  /*
146  * Find or create cached entry for requested connection.
147  */
148  entry = hash_search(ConnectionHash, &key, HASH_ENTER, &found);
149  if (!found)
150  {
151  /*
152  * We need only clear "conn" here; remaining fields will be filled
153  * later when "conn" is set.
154  */
155  entry->conn = NULL;
156  }
157 
158  /* Reject further use of connections which failed abort cleanup. */
160 
161  /*
162  * If the connection needs to be remade due to invalidation, disconnect as
163  * soon as we're out of all transactions.
164  */
165  if (entry->conn != NULL && entry->invalidated && entry->xact_depth == 0)
166  {
167  elog(DEBUG3, "closing connection %p for option changes to take effect",
168  entry->conn);
169  disconnect_pg_server(entry);
170  }
171 
172  /*
173  * We don't check the health of cached connection here, because it would
174  * require some overhead. Broken connection will be detected when the
175  * connection is actually used.
176  */
177 
178  /*
179  * If cache entry doesn't have a connection, we have to establish a new
180  * connection. (If connect_pg_server throws an error, the cache entry
181  * will remain in a valid empty state, ie conn == NULL.)
182  */
183  if (entry->conn == NULL)
184  {
185  ForeignServer *server = GetForeignServer(user->serverid);
186 
187  /* Reset all transient state fields, to be sure all are clean */
188  entry->xact_depth = 0;
189  entry->have_prep_stmt = false;
190  entry->have_error = false;
191  entry->changing_xact_state = false;
192  entry->invalidated = false;
193  entry->server_hashvalue =
195  ObjectIdGetDatum(server->serverid));
196  entry->mapping_hashvalue =
198  ObjectIdGetDatum(user->umid));
199 
200  /* Now try to make the connection */
201  entry->conn = connect_pg_server(server, user);
202 
203  elog(DEBUG3, "new postgres_fdw connection %p for server \"%s\" (user mapping oid %u, userid %u)",
204  entry->conn, server->servername, user->umid, user->userid);
205  }
206 
207  /*
208  * Start a new transaction or subtransaction if needed.
209  */
210  begin_remote_xact(entry);
211 
212  /* Remember if caller will prepare statements */
213  entry->have_prep_stmt |= will_prep_stmt;
214 
215  return entry->conn;
216 }
217 
218 /*
219  * Connect to remote server using specified server and user mapping properties.
220  */
221 static PGconn *
223 {
224  PGconn *volatile conn = NULL;
225 
226  /*
227  * Use PG_TRY block to ensure closing connection on error.
228  */
229  PG_TRY();
230  {
231  const char **keywords;
232  const char **values;
233  int n;
234 
235  /*
236  * Construct connection params from generic options of ForeignServer
237  * and UserMapping. (Some of them might not be libpq options, in
238  * which case we'll just waste a few array slots.) Add 3 extra slots
239  * for fallback_application_name, client_encoding, end marker.
240  */
241  n = list_length(server->options) + list_length(user->options) + 3;
242  keywords = (const char **) palloc(n * sizeof(char *));
243  values = (const char **) palloc(n * sizeof(char *));
244 
245  n = 0;
246  n += ExtractConnectionOptions(server->options,
247  keywords + n, values + n);
249  keywords + n, values + n);
250 
251  /* Use "postgres_fdw" as fallback_application_name. */
252  keywords[n] = "fallback_application_name";
253  values[n] = "postgres_fdw";
254  n++;
255 
256  /* Set client_encoding so that libpq can convert encoding properly. */
257  keywords[n] = "client_encoding";
258  values[n] = GetDatabaseEncodingName();
259  n++;
260 
261  keywords[n] = values[n] = NULL;
262 
263  /* verify connection parameters and make connection */
264  check_conn_params(keywords, values, user);
265 
266  conn = PQconnectdbParams(keywords, values, false);
267  if (!conn || PQstatus(conn) != CONNECTION_OK)
268  ereport(ERROR,
269  (errcode(ERRCODE_SQLCLIENT_UNABLE_TO_ESTABLISH_SQLCONNECTION),
270  errmsg("could not connect to server \"%s\"",
271  server->servername),
272  errdetail_internal("%s", pchomp(PQerrorMessage(conn)))));
273 
274  /*
275  * Check that non-superuser has used password to establish connection;
276  * otherwise, he's piggybacking on the postgres server's user
277  * identity. See also dblink_security_check() in contrib/dblink.
278  */
279  if (!superuser_arg(user->userid) && !PQconnectionUsedPassword(conn))
280  ereport(ERROR,
281  (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED),
282  errmsg("password is required"),
283  errdetail("Non-superuser cannot connect if the server does not request a password."),
284  errhint("Target server's authentication method must be changed.")));
285 
286  /* Prepare new session for use */
288 
289  pfree(keywords);
290  pfree(values);
291  }
292  PG_CATCH();
293  {
294  /* Release PGconn data structure if we managed to create one */
295  if (conn)
296  PQfinish(conn);
297  PG_RE_THROW();
298  }
299  PG_END_TRY();
300 
301  return conn;
302 }
303 
304 /*
305  * Disconnect any open connection for a connection cache entry.
306  */
307 static void
309 {
310  if (entry->conn != NULL)
311  {
312  PQfinish(entry->conn);
313  entry->conn = NULL;
314  }
315 }
316 
317 /*
318  * For non-superusers, insist that the connstr specify a password. This
319  * prevents a password from being picked up from .pgpass, a service file,
320  * the environment, etc. We don't want the postgres user's passwords
321  * to be accessible to non-superusers. (See also dblink_connstr_check in
322  * contrib/dblink.)
323  */
324 static void
325 check_conn_params(const char **keywords, const char **values, UserMapping *user)
326 {
327  int i;
328 
329  /* no check required if superuser */
330  if (superuser_arg(user->userid))
331  return;
332 
333  /* ok if params contain a non-empty password */
334  for (i = 0; keywords[i] != NULL; i++)
335  {
336  if (strcmp(keywords[i], "password") == 0 && values[i][0] != '\0')
337  return;
338  }
339 
340  ereport(ERROR,
341  (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED),
342  errmsg("password is required"),
343  errdetail("Non-superusers must provide a password in the user mapping.")));
344 }
345 
346 /*
347  * Issue SET commands to make sure remote session is configured properly.
348  *
349  * We do this just once at connection, assuming nothing will change the
350  * values later. Since we'll never send volatile function calls to the
351  * remote, there shouldn't be any way to break this assumption from our end.
352  * It's possible to think of ways to break it at the remote end, eg making
353  * a foreign table point to a view that includes a set_config call ---
354  * but once you admit the possibility of a malicious view definition,
355  * there are any number of ways to break things.
356  */
357 static void
359 {
360  int remoteversion = PQserverVersion(conn);
361 
362  /* Force the search path to contain only pg_catalog (see deparse.c) */
363  do_sql_command(conn, "SET search_path = pg_catalog");
364 
365  /*
366  * Set remote timezone; this is basically just cosmetic, since all
367  * transmitted and returned timestamptzs should specify a zone explicitly
368  * anyway. However it makes the regression test outputs more predictable.
369  *
370  * We don't risk setting remote zone equal to ours, since the remote
371  * server might use a different timezone database. Instead, use UTC
372  * (quoted, because very old servers are picky about case).
373  */
374  do_sql_command(conn, "SET timezone = 'UTC'");
375 
376  /*
377  * Set values needed to ensure unambiguous data output from remote. (This
378  * logic should match what pg_dump does. See also set_transmission_modes
379  * in postgres_fdw.c.)
380  */
381  do_sql_command(conn, "SET datestyle = ISO");
382  if (remoteversion >= 80400)
383  do_sql_command(conn, "SET intervalstyle = postgres");
384  if (remoteversion >= 90000)
385  do_sql_command(conn, "SET extra_float_digits = 3");
386  else
387  do_sql_command(conn, "SET extra_float_digits = 2");
388 }
389 
390 /*
391  * Convenience subroutine to issue a non-data-returning SQL command to remote
392  */
393 static void
394 do_sql_command(PGconn *conn, const char *sql)
395 {
396  PGresult *res;
397 
398  if (!PQsendQuery(conn, sql))
399  pgfdw_report_error(ERROR, NULL, conn, false, sql);
400  res = pgfdw_get_result(conn, sql);
401  if (PQresultStatus(res) != PGRES_COMMAND_OK)
402  pgfdw_report_error(ERROR, res, conn, true, sql);
403  PQclear(res);
404 }
405 
406 /*
407  * Start remote transaction or subtransaction, if needed.
408  *
409  * Note that we always use at least REPEATABLE READ in the remote session.
410  * This is so that, if a query initiates multiple scans of the same or
411  * different foreign tables, we will get snapshot-consistent results from
412  * those scans. A disadvantage is that we can't provide sane emulation of
413  * READ COMMITTED behavior --- it would be nice if we had some other way to
414  * control which remote queries share a snapshot.
415  */
416 static void
418 {
419  int curlevel = GetCurrentTransactionNestLevel();
420 
421  /* Start main transaction if we haven't yet */
422  if (entry->xact_depth <= 0)
423  {
424  const char *sql;
425 
426  elog(DEBUG3, "starting remote transaction on connection %p",
427  entry->conn);
428 
430  sql = "START TRANSACTION ISOLATION LEVEL SERIALIZABLE";
431  else
432  sql = "START TRANSACTION ISOLATION LEVEL REPEATABLE READ";
433  entry->changing_xact_state = true;
434  do_sql_command(entry->conn, sql);
435  entry->xact_depth = 1;
436  entry->changing_xact_state = false;
437  }
438 
439  /*
440  * If we're in a subtransaction, stack up savepoints to match our level.
441  * This ensures we can rollback just the desired effects when a
442  * subtransaction aborts.
443  */
444  while (entry->xact_depth < curlevel)
445  {
446  char sql[64];
447 
448  snprintf(sql, sizeof(sql), "SAVEPOINT s%d", entry->xact_depth + 1);
449  entry->changing_xact_state = true;
450  do_sql_command(entry->conn, sql);
451  entry->xact_depth++;
452  entry->changing_xact_state = false;
453  }
454 }
455 
456 /*
457  * Release connection reference count created by calling GetConnection.
458  */
459 void
461 {
462  /*
463  * Currently, we don't actually track connection references because all
464  * cleanup is managed on a transaction or subtransaction basis instead. So
465  * there's nothing to do here.
466  */
467 }
468 
469 /*
470  * Assign a "unique" number for a cursor.
471  *
472  * These really only need to be unique per connection within a transaction.
473  * For the moment we ignore the per-connection point and assign them across
474  * all connections in the transaction, but we ask for the connection to be
475  * supplied in case we want to refine that.
476  *
477  * Note that even if wraparound happens in a very long transaction, actual
478  * collisions are highly improbable; just be sure to use %u not %d to print.
479  */
480 unsigned int
482 {
483  return ++cursor_number;
484 }
485 
486 /*
487  * Assign a "unique" number for a prepared statement.
488  *
489  * This works much like GetCursorNumber, except that we never reset the counter
490  * within a session. That's because we can't be 100% sure we've gotten rid
491  * of all prepared statements on all connections, and it's not really worth
492  * increasing the risk of prepared-statement name collisions by resetting.
493  */
494 unsigned int
496 {
497  return ++prep_stmt_number;
498 }
499 
500 /*
501  * Submit a query and wait for the result.
502  *
503  * This function is interruptible by signals.
504  *
505  * Caller is responsible for the error handling on the result.
506  */
507 PGresult *
508 pgfdw_exec_query(PGconn *conn, const char *query)
509 {
510  /*
511  * Submit a query. Since we don't use non-blocking mode, this also can
512  * block. But its risk is relatively small, so we ignore that for now.
513  */
514  if (!PQsendQuery(conn, query))
515  pgfdw_report_error(ERROR, NULL, conn, false, query);
516 
517  /* Wait for the result. */
518  return pgfdw_get_result(conn, query);
519 }
520 
521 /*
522  * Wait for the result from a prior asynchronous execution function call.
523  *
524  * This function offers quick responsiveness by checking for any interruptions.
525  *
526  * This function emulates PQexec()'s behavior of returning the last result
527  * when there are many.
528  *
529  * Caller is responsible for the error handling on the result.
530  */
531 PGresult *
532 pgfdw_get_result(PGconn *conn, const char *query)
533 {
534  PGresult *volatile last_res = NULL;
535 
536  /* In what follows, do not leak any PGresults on an error. */
537  PG_TRY();
538  {
539  for (;;)
540  {
541  PGresult *res;
542 
543  while (PQisBusy(conn))
544  {
545  int wc;
546 
547  /* Sleep until there's something to do */
551  PQsocket(conn),
552  -1L, PG_WAIT_EXTENSION);
554 
556 
557  /* Data available in socket? */
558  if (wc & WL_SOCKET_READABLE)
559  {
560  if (!PQconsumeInput(conn))
561  pgfdw_report_error(ERROR, NULL, conn, false, query);
562  }
563  }
564 
565  res = PQgetResult(conn);
566  if (res == NULL)
567  break; /* query is complete */
568 
569  PQclear(last_res);
570  last_res = res;
571  }
572  }
573  PG_CATCH();
574  {
575  PQclear(last_res);
576  PG_RE_THROW();
577  }
578  PG_END_TRY();
579 
580  return last_res;
581 }
582 
583 /*
584  * Report an error we got from the remote server.
585  *
586  * elevel: error level to use (typically ERROR, but might be less)
587  * res: PGresult containing the error
588  * conn: connection we did the query on
589  * clear: if true, PQclear the result (otherwise caller will handle it)
590  * sql: NULL, or text of remote command we tried to execute
591  *
592  * Note: callers that choose not to throw ERROR for a remote error are
593  * responsible for making sure that the associated ConnCacheEntry gets
594  * marked with have_error = true.
595  */
596 void
598  bool clear, const char *sql)
599 {
600  /* If requested, PGresult must be released before leaving this function. */
601  PG_TRY();
602  {
603  char *diag_sqlstate = PQresultErrorField(res, PG_DIAG_SQLSTATE);
604  char *message_primary = PQresultErrorField(res, PG_DIAG_MESSAGE_PRIMARY);
605  char *message_detail = PQresultErrorField(res, PG_DIAG_MESSAGE_DETAIL);
606  char *message_hint = PQresultErrorField(res, PG_DIAG_MESSAGE_HINT);
607  char *message_context = PQresultErrorField(res, PG_DIAG_CONTEXT);
608  int sqlstate;
609 
610  if (diag_sqlstate)
611  sqlstate = MAKE_SQLSTATE(diag_sqlstate[0],
612  diag_sqlstate[1],
613  diag_sqlstate[2],
614  diag_sqlstate[3],
615  diag_sqlstate[4]);
616  else
617  sqlstate = ERRCODE_CONNECTION_FAILURE;
618 
619  /*
620  * If we don't get a message from the PGresult, try the PGconn. This
621  * is needed because for connection-level failures, PQexec may just
622  * return NULL, not a PGresult at all.
623  */
624  if (message_primary == NULL)
625  message_primary = pchomp(PQerrorMessage(conn));
626 
627  ereport(elevel,
628  (errcode(sqlstate),
629  message_primary ? errmsg_internal("%s", message_primary) :
630  errmsg("could not obtain message string for remote error"),
631  message_detail ? errdetail_internal("%s", message_detail) : 0,
632  message_hint ? errhint("%s", message_hint) : 0,
633  message_context ? errcontext("%s", message_context) : 0,
634  sql ? errcontext("remote SQL command: %s", sql) : 0));
635  }
636  PG_CATCH();
637  {
638  if (clear)
639  PQclear(res);
640  PG_RE_THROW();
641  }
642  PG_END_TRY();
643  if (clear)
644  PQclear(res);
645 }
646 
647 /*
648  * pgfdw_xact_callback --- cleanup at main-transaction end.
649  */
650 static void
652 {
653  HASH_SEQ_STATUS scan;
654  ConnCacheEntry *entry;
655 
656  /* Quick exit if no connections were touched in this transaction. */
657  if (!xact_got_connection)
658  return;
659 
660  /*
661  * Scan all connection cache entries to find open remote transactions, and
662  * close them.
663  */
664  hash_seq_init(&scan, ConnectionHash);
665  while ((entry = (ConnCacheEntry *) hash_seq_search(&scan)))
666  {
667  PGresult *res;
668 
669  /* Ignore cache entry if no open connection right now */
670  if (entry->conn == NULL)
671  continue;
672 
673  /* If it has an open remote transaction, try to close it */
674  if (entry->xact_depth > 0)
675  {
676  bool abort_cleanup_failure = false;
677 
678  elog(DEBUG3, "closing remote transaction on connection %p",
679  entry->conn);
680 
681  switch (event)
682  {
685 
686  /*
687  * If abort cleanup previously failed for this connection,
688  * we can't issue any more commands against it.
689  */
691 
692  /* Commit all remote transactions during pre-commit */
693  entry->changing_xact_state = true;
694  do_sql_command(entry->conn, "COMMIT TRANSACTION");
695  entry->changing_xact_state = false;
696 
697  /*
698  * If there were any errors in subtransactions, and we
699  * made prepared statements, do a DEALLOCATE ALL to make
700  * sure we get rid of all prepared statements. This is
701  * annoying and not terribly bulletproof, but it's
702  * probably not worth trying harder.
703  *
704  * DEALLOCATE ALL only exists in 8.3 and later, so this
705  * constrains how old a server postgres_fdw can
706  * communicate with. We intentionally ignore errors in
707  * the DEALLOCATE, so that we can hobble along to some
708  * extent with older servers (leaking prepared statements
709  * as we go; but we don't really support update operations
710  * pre-8.3 anyway).
711  */
712  if (entry->have_prep_stmt && entry->have_error)
713  {
714  res = PQexec(entry->conn, "DEALLOCATE ALL");
715  PQclear(res);
716  }
717  entry->have_prep_stmt = false;
718  entry->have_error = false;
719  break;
721 
722  /*
723  * We disallow remote transactions that modified anything,
724  * since it's not very reasonable to hold them open until
725  * the prepared transaction is committed. For the moment,
726  * throw error unconditionally; later we might allow
727  * read-only cases. Note that the error will cause us to
728  * come right back here with event == XACT_EVENT_ABORT, so
729  * we'll clean up the connection state at that point.
730  */
731  ereport(ERROR,
732  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
733  errmsg("cannot prepare a transaction that modified remote tables")));
734  break;
736  case XACT_EVENT_COMMIT:
737  case XACT_EVENT_PREPARE:
738  /* Pre-commit should have closed the open transaction */
739  elog(ERROR, "missed cleaning up connection during pre-commit");
740  break;
742  case XACT_EVENT_ABORT:
743 
744  /*
745  * Don't try to clean up the connection if we're already
746  * in error recursion trouble.
747  */
749  entry->changing_xact_state = true;
750 
751  /*
752  * If connection is already unsalvageable, don't touch it
753  * further.
754  */
755  if (entry->changing_xact_state)
756  break;
757 
758  /*
759  * Mark this connection as in the process of changing
760  * transaction state.
761  */
762  entry->changing_xact_state = true;
763 
764  /* Assume we might have lost track of prepared statements */
765  entry->have_error = true;
766 
767  /*
768  * If a command has been submitted to the remote server by
769  * using an asynchronous execution function, the command
770  * might not have yet completed. Check to see if a
771  * command is still being processed by the remote server,
772  * and if so, request cancellation of the command.
773  */
774  if (PQtransactionStatus(entry->conn) == PQTRANS_ACTIVE &&
775  !pgfdw_cancel_query(entry->conn))
776  {
777  /* Unable to cancel running query. */
778  abort_cleanup_failure = true;
779  }
780  else if (!pgfdw_exec_cleanup_query(entry->conn,
781  "ABORT TRANSACTION",
782  false))
783  {
784  /* Unable to abort remote transaction. */
785  abort_cleanup_failure = true;
786  }
787  else if (entry->have_prep_stmt && entry->have_error &&
789  "DEALLOCATE ALL",
790  true))
791  {
792  /* Trouble clearing prepared statements. */
793  abort_cleanup_failure = true;
794  }
795  else
796  {
797  entry->have_prep_stmt = false;
798  entry->have_error = false;
799  }
800 
801  /* Disarm changing_xact_state if it all worked. */
802  entry->changing_xact_state = abort_cleanup_failure;
803  break;
804  }
805  }
806 
807  /* Reset state to show we're out of a transaction */
808  entry->xact_depth = 0;
809 
810  /*
811  * If the connection isn't in a good idle state, discard it to
812  * recover. Next GetConnection will open a new connection.
813  */
814  if (PQstatus(entry->conn) != CONNECTION_OK ||
816  entry->changing_xact_state)
817  {
818  elog(DEBUG3, "discarding connection %p", entry->conn);
819  disconnect_pg_server(entry);
820  }
821  }
822 
823  /*
824  * Regardless of the event type, we can now mark ourselves as out of the
825  * transaction. (Note: if we are here during PRE_COMMIT or PRE_PREPARE,
826  * this saves a useless scan of the hashtable during COMMIT or PREPARE.)
827  */
828  xact_got_connection = false;
829 
830  /* Also reset cursor numbering for next transaction */
831  cursor_number = 0;
832 }
833 
834 /*
835  * pgfdw_subxact_callback --- cleanup at subtransaction end.
836  */
837 static void
839  SubTransactionId parentSubid, void *arg)
840 {
841  HASH_SEQ_STATUS scan;
842  ConnCacheEntry *entry;
843  int curlevel;
844 
845  /* Nothing to do at subxact start, nor after commit. */
846  if (!(event == SUBXACT_EVENT_PRE_COMMIT_SUB ||
847  event == SUBXACT_EVENT_ABORT_SUB))
848  return;
849 
850  /* Quick exit if no connections were touched in this transaction. */
851  if (!xact_got_connection)
852  return;
853 
854  /*
855  * Scan all connection cache entries to find open remote subtransactions
856  * of the current level, and close them.
857  */
858  curlevel = GetCurrentTransactionNestLevel();
859  hash_seq_init(&scan, ConnectionHash);
860  while ((entry = (ConnCacheEntry *) hash_seq_search(&scan)))
861  {
862  char sql[100];
863 
864  /*
865  * We only care about connections with open remote subtransactions of
866  * the current level.
867  */
868  if (entry->conn == NULL || entry->xact_depth < curlevel)
869  continue;
870 
871  if (entry->xact_depth > curlevel)
872  elog(ERROR, "missed cleaning up remote subtransaction at level %d",
873  entry->xact_depth);
874 
875  if (event == SUBXACT_EVENT_PRE_COMMIT_SUB)
876  {
877  /*
878  * If abort cleanup previously failed for this connection, we
879  * can't issue any more commands against it.
880  */
882 
883  /* Commit all remote subtransactions during pre-commit */
884  snprintf(sql, sizeof(sql), "RELEASE SAVEPOINT s%d", curlevel);
885  entry->changing_xact_state = true;
886  do_sql_command(entry->conn, sql);
887  entry->changing_xact_state = false;
888  }
889  else if (in_error_recursion_trouble())
890  {
891  /*
892  * Don't try to clean up the connection if we're already in error
893  * recursion trouble.
894  */
895  entry->changing_xact_state = true;
896  }
897  else if (!entry->changing_xact_state)
898  {
899  bool abort_cleanup_failure = false;
900 
901  /* Remember that abort cleanup is in progress. */
902  entry->changing_xact_state = true;
903 
904  /* Assume we might have lost track of prepared statements */
905  entry->have_error = true;
906 
907  /*
908  * If a command has been submitted to the remote server by using
909  * an asynchronous execution function, the command might not have
910  * yet completed. Check to see if a command is still being
911  * processed by the remote server, and if so, request cancellation
912  * of the command.
913  */
914  if (PQtransactionStatus(entry->conn) == PQTRANS_ACTIVE &&
915  !pgfdw_cancel_query(entry->conn))
916  abort_cleanup_failure = true;
917  else
918  {
919  /* Rollback all remote subtransactions during abort */
920  snprintf(sql, sizeof(sql),
921  "ROLLBACK TO SAVEPOINT s%d; RELEASE SAVEPOINT s%d",
922  curlevel, curlevel);
923  if (!pgfdw_exec_cleanup_query(entry->conn, sql, false))
924  abort_cleanup_failure = true;
925  }
926 
927  /* Disarm changing_xact_state if it all worked. */
928  entry->changing_xact_state = abort_cleanup_failure;
929  }
930 
931  /* OK, we're outta that level of subtransaction */
932  entry->xact_depth--;
933  }
934 }
935 
936 /*
937  * Connection invalidation callback function
938  *
939  * After a change to a pg_foreign_server or pg_user_mapping catalog entry,
940  * mark connections depending on that entry as needing to be remade.
941  * We can't immediately destroy them, since they might be in the midst of
942  * a transaction, but we'll remake them at the next opportunity.
943  *
944  * Although most cache invalidation callbacks blow away all the related stuff
945  * regardless of the given hashvalue, connections are expensive enough that
946  * it's worth trying to avoid that.
947  *
948  * NB: We could avoid unnecessary disconnection more strictly by examining
949  * individual option values, but it seems too much effort for the gain.
950  */
951 static void
952 pgfdw_inval_callback(Datum arg, int cacheid, uint32 hashvalue)
953 {
954  HASH_SEQ_STATUS scan;
955  ConnCacheEntry *entry;
956 
957  Assert(cacheid == FOREIGNSERVEROID || cacheid == USERMAPPINGOID);
958 
959  /* ConnectionHash must exist already, if we're registered */
960  hash_seq_init(&scan, ConnectionHash);
961  while ((entry = (ConnCacheEntry *) hash_seq_search(&scan)))
962  {
963  /* Ignore invalid entries */
964  if (entry->conn == NULL)
965  continue;
966 
967  /* hashvalue == 0 means a cache reset, must clear all state */
968  if (hashvalue == 0 ||
969  (cacheid == FOREIGNSERVEROID &&
970  entry->server_hashvalue == hashvalue) ||
971  (cacheid == USERMAPPINGOID &&
972  entry->mapping_hashvalue == hashvalue))
973  entry->invalidated = true;
974  }
975 }
976 
977 /*
978  * Raise an error if the given connection cache entry is marked as being
979  * in the middle of an xact state change. This should be called at which no
980  * such change is expected to be in progress; if one is found to be in
981  * progress, it means that we aborted in the middle of a previous state change
982  * and now don't know what the remote transaction state actually is.
983  * Such connections can't safely be further used. Re-establishing the
984  * connection would change the snapshot and roll back any writes already
985  * performed, so that's not an option, either. Thus, we must abort.
986  */
987 static void
989 {
990  HeapTuple tup;
991  Form_pg_user_mapping umform;
992  ForeignServer *server;
993 
994  /* nothing to do for inactive entries and entries of sane state */
995  if (entry->conn == NULL || !entry->changing_xact_state)
996  return;
997 
998  /* make sure this entry is inactive */
999  disconnect_pg_server(entry);
1000 
1001  /* find server name to be shown in the message below */
1003  ObjectIdGetDatum(entry->key));
1004  if (!HeapTupleIsValid(tup))
1005  elog(ERROR, "cache lookup failed for user mapping %u", entry->key);
1006  umform = (Form_pg_user_mapping) GETSTRUCT(tup);
1007  server = GetForeignServer(umform->umserver);
1008  ReleaseSysCache(tup);
1009 
1010  ereport(ERROR,
1011  (errcode(ERRCODE_CONNECTION_EXCEPTION),
1012  errmsg("connection to server \"%s\" was lost",
1013  server->servername)));
1014 }
1015 
1016 /*
1017  * Cancel the currently-in-progress query (whose query text we do not have)
1018  * and ignore the result. Returns true if we successfully cancel the query
1019  * and discard any pending result, and false if not.
1020  */
1021 static bool
1023 {
1024  PGcancel *cancel;
1025  char errbuf[256];
1026  PGresult *result = NULL;
1027  TimestampTz endtime;
1028 
1029  /*
1030  * If it takes too long to cancel the query and discard the result, assume
1031  * the connection is dead.
1032  */
1034 
1035  /*
1036  * Issue cancel request. Unfortunately, there's no good way to limit the
1037  * amount of time that we might block inside PQgetCancel().
1038  */
1039  if ((cancel = PQgetCancel(conn)))
1040  {
1041  if (!PQcancel(cancel, errbuf, sizeof(errbuf)))
1042  {
1043  ereport(WARNING,
1044  (errcode(ERRCODE_CONNECTION_FAILURE),
1045  errmsg("could not send cancel request: %s",
1046  errbuf)));
1047  PQfreeCancel(cancel);
1048  return false;
1049  }
1050  PQfreeCancel(cancel);
1051  }
1052 
1053  /* Get and discard the result of the query. */
1054  if (pgfdw_get_cleanup_result(conn, endtime, &result))
1055  return false;
1056  PQclear(result);
1057 
1058  return true;
1059 }
1060 
1061 /*
1062  * Submit a query during (sub)abort cleanup and wait up to 30 seconds for the
1063  * result. If the query is executed without error, the return value is true.
1064  * If the query is executed successfully but returns an error, the return
1065  * value is true if and only if ignore_errors is set. If the query can't be
1066  * sent or times out, the return value is false.
1067  */
1068 static bool
1069 pgfdw_exec_cleanup_query(PGconn *conn, const char *query, bool ignore_errors)
1070 {
1071  PGresult *result = NULL;
1072  TimestampTz endtime;
1073 
1074  /*
1075  * If it takes too long to execute a cleanup query, assume the connection
1076  * is dead. It's fairly likely that this is why we aborted in the first
1077  * place (e.g. statement timeout, user cancel), so the timeout shouldn't
1078  * be too long.
1079  */
1081 
1082  /*
1083  * Submit a query. Since we don't use non-blocking mode, this also can
1084  * block. But its risk is relatively small, so we ignore that for now.
1085  */
1086  if (!PQsendQuery(conn, query))
1087  {
1088  pgfdw_report_error(WARNING, NULL, conn, false, query);
1089  return false;
1090  }
1091 
1092  /* Get the result of the query. */
1093  if (pgfdw_get_cleanup_result(conn, endtime, &result))
1094  return false;
1095 
1096  /* Issue a warning if not successful. */
1097  if (PQresultStatus(result) != PGRES_COMMAND_OK)
1098  {
1099  pgfdw_report_error(WARNING, result, conn, true, query);
1100  return ignore_errors;
1101  }
1102  PQclear(result);
1103 
1104  return true;
1105 }
1106 
1107 /*
1108  * Get, during abort cleanup, the result of a query that is in progress. This
1109  * might be a query that is being interrupted by transaction abort, or it might
1110  * be a query that was initiated as part of transaction abort to get the remote
1111  * side back to the appropriate state.
1112  *
1113  * It's not a huge problem if we throw an ERROR here, but if we get into error
1114  * recursion trouble, we'll end up slamming the connection shut, which will
1115  * necessitate failing the entire toplevel transaction even if subtransactions
1116  * were used. Try to use WARNING where we can.
1117  *
1118  * endtime is the time at which we should give up and assume the remote
1119  * side is dead. Returns true if the timeout expired, otherwise false.
1120  * Sets *result except in case of a timeout.
1121  */
1122 static bool
1124 {
1125  volatile bool timed_out = false;
1126  PGresult *volatile last_res = NULL;
1127 
1128  /* In what follows, do not leak any PGresults on an error. */
1129  PG_TRY();
1130  {
1131  for (;;)
1132  {
1133  PGresult *res;
1134 
1135  while (PQisBusy(conn))
1136  {
1137  int wc;
1139  long secs;
1140  int microsecs;
1141  long cur_timeout;
1142 
1143  /* If timeout has expired, give up, else get sleep time. */
1144  if (now >= endtime)
1145  {
1146  timed_out = true;
1147  goto exit;
1148  }
1149  TimestampDifference(now, endtime, &secs, &microsecs);
1150 
1151  /* To protect against clock skew, limit sleep to one minute. */
1152  cur_timeout = Min(60000, secs * USECS_PER_SEC + microsecs);
1153 
1154  /* Sleep until there's something to do */
1158  PQsocket(conn),
1159  cur_timeout, PG_WAIT_EXTENSION);
1161 
1163 
1164  /* Data available in socket? */
1165  if (wc & WL_SOCKET_READABLE)
1166  {
1167  if (!PQconsumeInput(conn))
1168  {
1169  /* connection trouble; treat the same as a timeout */
1170  timed_out = true;
1171  goto exit;
1172  }
1173  }
1174  }
1175 
1176  res = PQgetResult(conn);
1177  if (res == NULL)
1178  break; /* query is complete */
1179 
1180  PQclear(last_res);
1181  last_res = res;
1182  }
1183 exit: ;
1184  }
1185  PG_CATCH();
1186  {
1187  PQclear(last_res);
1188  PG_RE_THROW();
1189  }
1190  PG_END_TRY();
1191 
1192  if (timed_out)
1193  PQclear(last_res);
1194  else
1195  *result = last_res;
1196  return timed_out;
1197 }
Oid umid
Definition: foreign.h:47
XactEvent
Definition: xact.h:108
char * PQerrorMessage(const PGconn *conn)
Definition: fe-connect.c:6578
static void configure_remote_session(PGconn *conn)
Definition: connection.c:358
int errhint(const char *fmt,...)
Definition: elog.c:974
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define PG_DIAG_MESSAGE_PRIMARY
Definition: postgres_ext.h:58
#define HASH_CONTEXT
Definition: hsearch.h:93
#define HASH_ELEM
Definition: hsearch.h:87
#define WL_TIMEOUT
Definition: latch.h:127
MemoryContext hcxt
Definition: hsearch.h:78
static bool pgfdw_get_cleanup_result(PGconn *conn, TimestampTz endtime, PGresult **result)
Definition: connection.c:1123
#define DEBUG3
Definition: elog.h:23
#define PG_DIAG_MESSAGE_DETAIL
Definition: postgres_ext.h:59
#define USECS_PER_SEC
Definition: timestamp.h:94
TimestampTz GetCurrentTimestamp(void)
Definition: timestamp.c:1569
struct ConnCacheEntry ConnCacheEntry
int64 TimestampTz
Definition: timestamp.h:39
#define MAKE_SQLSTATE(ch1, ch2, ch3, ch4, ch5)
Definition: elog.h:62
void PQfreeCancel(PGcancel *cancel)
Definition: fe-connect.c:4224
ConnCacheKey key
Definition: connection.c:50
#define Min(x, y)
Definition: c.h:904
Size entrysize
Definition: hsearch.h:73
static void check_conn_params(const char **keywords, const char **values, UserMapping *user)
Definition: connection.c:325
int errcode(int sqlerrcode)
Definition: elog.c:570
void PQfinish(PGconn *conn)
Definition: fe-connect.c:4080
#define MemSet(start, val, len)
Definition: c.h:955
#define WL_SOCKET_READABLE
Definition: latch.h:125
bool have_prep_stmt
Definition: connection.c:55
#define GetSysCacheHashValue1(cacheId, key1)
Definition: syscache.h:201
uint32 server_hashvalue
Definition: connection.c:59
uint32 SubTransactionId
Definition: c.h:511
void * hash_search(HTAB *hashp, const void *keyPtr, HASHACTION action, bool *foundPtr)
Definition: dynahash.c:906
unsigned int Oid
Definition: postgres_ext.h:31
int PQserverVersion(const PGconn *conn)
Definition: fe-connect.c:6568
#define PG_DIAG_SQLSTATE
Definition: postgres_ext.h:57
Oid userid
Definition: foreign.h:48
ExecStatusType PQresultStatus(const PGresult *res)
Definition: fe-exec.c:2693
void ResetLatch(Latch *latch)
Definition: latch.c:519
PGconn * PQconnectdbParams(const char *const *keywords, const char *const *values, int expand_dbname)
Definition: fe-connect.c:613
int errdetail_internal(const char *fmt,...)
Definition: elog.c:887
void ReleaseConnection(PGconn *conn)
Definition: connection.c:460
char * pchomp(const char *in)
Definition: mcxt.c:1189
int PQsendQuery(PGconn *conn, const char *query)
Definition: fe-exec.c:1235
Definition: dynahash.c:208
void pfree(void *pointer)
Definition: mcxt.c:1031
static unsigned int prep_stmt_number
Definition: connection.c:70
int ExtractConnectionOptions(List *defelems, const char **keywords, const char **values)
Definition: option.c:297
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
bool changing_xact_state
Definition: connection.c:57
static void do_sql_command(PGconn *conn, const char *sql)
Definition: connection.c:394
FormData_pg_user_mapping * Form_pg_user_mapping
PGcancel * PQgetCancel(PGconn *conn)
Definition: fe-connect.c:4201
int errdetail(const char *fmt,...)
Definition: elog.c:860
List * options
Definition: foreign.h:50
int WaitLatchOrSocket(Latch *latch, int wakeEvents, pgsocket sock, long timeout, uint32 wait_event_info)
Definition: latch.c:369
unsigned int uint32
Definition: c.h:358
void pgfdw_report_error(int elevel, PGresult *res, PGconn *conn, bool clear, const char *sql)
Definition: connection.c:597
static unsigned int cursor_number
Definition: connection.c:69
#define ereport(elevel, rest)
Definition: elog.h:141
bool invalidated
Definition: connection.c:58
bool superuser_arg(Oid roleid)
Definition: superuser.c:57
PGTransactionStatusType PQtransactionStatus(const PGconn *conn)
Definition: fe-connect.c:6533
#define WARNING
Definition: elog.h:40
static bool pgfdw_exec_cleanup_query(PGconn *conn, const char *query, bool ignore_errors)
Definition: connection.c:1069
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1124
static void pgfdw_inval_callback(Datum arg, int cacheid, uint32 hashvalue)
Definition: connection.c:952
static int elevel
Definition: vacuumlazy.c:143
#define HASH_BLOBS
Definition: hsearch.h:88
SubXactEvent
Definition: xact.h:122
void CacheRegisterSyscacheCallback(int cacheid, SyscacheCallbackFunction func, Datum arg)
Definition: inval.c:1426
static void pgfdw_xact_callback(XactEvent event, void *arg)
Definition: connection.c:651
static HTAB * ConnectionHash
Definition: connection.c:66
ForeignServer * GetForeignServer(Oid serverid)
Definition: foreign.c:109
HTAB * hash_create(const char *tabname, long nelem, HASHCTL *info, int flags)
Definition: dynahash.c:316
uintptr_t Datum
Definition: postgres.h:367
void RegisterSubXactCallback(SubXactCallback callback, void *arg)
Definition: xact.c:3532
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1172
static bool pgfdw_cancel_query(PGconn *conn)
Definition: connection.c:1022
#define PG_WAIT_EXTENSION
Definition: pgstat.h:759
int PQconsumeInput(PGconn *conn)
Definition: fe-exec.c:1705
Size keysize
Definition: hsearch.h:72
#define TimestampTzPlusMilliseconds(tz, ms)
Definition: timestamp.h:56
#define PG_DIAG_MESSAGE_HINT
Definition: postgres_ext.h:60
void PQclear(PGresult *res)
Definition: fe-exec.c:695
uint32 mapping_hashvalue
Definition: connection.c:60
int GetCurrentTransactionNestLevel(void)
Definition: xact.c:842
bool in_error_recursion_trouble(void)
Definition: elog.c:193
PGconn * GetConnection(UserMapping *user, bool will_prep_stmt)
Definition: connection.c:107
int errmsg_internal(const char *fmt,...)
Definition: elog.c:814
#define PG_CATCH()
Definition: elog.h:310
PGconn * conn
Definition: connection.c:51
PGresult * pgfdw_get_result(PGconn *conn, const char *query)
Definition: connection.c:532
char * PQresultErrorField(const PGresult *res, int fieldcode)
Definition: fe-exec.c:2755
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
static void disconnect_pg_server(ConnCacheEntry *entry)
Definition: connection.c:308
#define Assert(condition)
Definition: c.h:732
const char * GetDatabaseEncodingName(void)
Definition: mbutils.c:1002
void RegisterXactCallback(XactCallback callback, void *arg)
Definition: xact.c:3477
int PQisBusy(PGconn *conn)
Definition: fe-exec.c:1755
static void pgfdw_reject_incomplete_xact_state_change(ConnCacheEntry *entry)
Definition: connection.c:988
static bool xact_got_connection
Definition: connection.c:73
unsigned int GetCursorNumber(PGconn *conn)
Definition: connection.c:481
static int list_length(const List *l)
Definition: pg_list.h:169
Oid serverid
Definition: foreign.h:49
#define PG_RE_THROW()
Definition: elog.h:331
void * hash_seq_search(HASH_SEQ_STATUS *status)
Definition: dynahash.c:1389
void hash_seq_init(HASH_SEQ_STATUS *status, HTAB *hashp)
Definition: dynahash.c:1379
static Datum values[MAXATTR]
Definition: bootstrap.c:167
int PQconnectionUsedPassword(const PGconn *conn)
Definition: fe-connect.c:6627
int PQcancel(PGcancel *cancel, char *errbuf, int errbufsize)
Definition: fe-connect.c:4356
static char * user
Definition: pg_regress.c:95
void * palloc(Size size)
Definition: mcxt.c:924
int errmsg(const char *fmt,...)
Definition: elog.c:784
#define IsolationIsSerializable()
Definition: xact.h:52
char * servername
Definition: foreign.h:39
#define elog(elevel,...)
Definition: elog.h:226
int i
#define errcontext
Definition: elog.h:183
PGresult * PQexec(PGconn *conn, const char *query)
Definition: fe-exec.c:1940
void * arg
struct Latch * MyLatch
Definition: globals.c:54
#define CHECK_FOR_INTERRUPTS()
Definition: miscadmin.h:99
unsigned int GetPrepStmtNumber(PGconn *conn)
Definition: connection.c:495
static void pgfdw_subxact_callback(SubXactEvent event, SubTransactionId mySubid, SubTransactionId parentSubid, void *arg)
Definition: connection.c:838
ConnStatusType PQstatus(const PGconn *conn)
Definition: fe-connect.c:6525
void TimestampDifference(TimestampTz start_time, TimestampTz stop_time, long *secs, int *microsecs)
Definition: timestamp.c:1643
#define PG_TRY()
Definition: elog.h:301
static void begin_remote_xact(ConnCacheEntry *entry)
Definition: connection.c:417
Oid ConnCacheKey
Definition: connection.c:46
PGresult * pgfdw_exec_query(PGconn *conn, const char *query)
Definition: connection.c:508
#define snprintf
Definition: port.h:192
List * options
Definition: foreign.h:42
#define WL_LATCH_SET
Definition: latch.h:124
int PQsocket(const PGconn *conn)
Definition: fe-connect.c:6596
Datum now(PG_FUNCTION_ARGS)
Definition: timestamp.c:1533
PGresult * PQgetResult(PGconn *conn)
Definition: fe-exec.c:1779
Oid serverid
Definition: foreign.h:36
#define PG_END_TRY()
Definition: elog.h:317
#define PG_DIAG_CONTEXT
Definition: postgres_ext.h:64
#define WL_EXIT_ON_PM_DEATH
Definition: latch.h:129
MemoryContext CacheMemoryContext
Definition: mcxt.c:47
static PGconn * connect_pg_server(ForeignServer *server, UserMapping *user)
Definition: connection.c:222