md.c

Go to the documentation of this file.

/*-------------------------------------------------------------------------
 *
 * md.c
 *    This code manages relations that reside on magnetic disk.
 *
 * Or at least, that was what the Berkeley folk had in mind when they named
 * this file.  In reality, what this code provides is an interface from
 * the smgr API to Unix-like filesystem APIs, so it will work with any type
 * of device for which the operating system provides filesystem support.
 * It doesn't matter whether the bits are on spinning rust or some other
 * storage technology.
 *
 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
 *
 * IDENTIFICATION
 *    src/backend/storage/smgr/md.c
 *
 *-------------------------------------------------------------------------
 */
#include "postgres.h"
 
#include <unistd.h>
#include <fcntl.h>
#include <sys/file.h>
 
#include "access/xlogutils.h"
#include "commands/tablespace.h"
#include "common/file_utils.h"
#include "miscadmin.h"
#include "pg_trace.h"
#include "pgstat.h"
#include "storage/aio.h"
#include "storage/bufmgr.h"
#include "storage/fd.h"
#include "storage/md.h"
#include "storage/relfilelocator.h"
#include "storage/smgr.h"
#include "storage/sync.h"
#include "utils/memutils.h"
 
/*
 * The magnetic disk storage manager keeps track of open file
 * descriptors in its own descriptor pool.  This is done to make it
 * easier to support relations that are larger than the operating
 * system's file size limit (often 2GBytes).  In order to do that,
 * we break relations up into "segment" files that are each shorter than
 * the OS file size limit.  The segment size is set by the RELSEG_SIZE
 * configuration constant in pg_config.h.
 *
 * On disk, a relation must consist of consecutively numbered segment
 * files in the pattern
 *  -- Zero or more full segments of exactly RELSEG_SIZE blocks each
 *  -- Exactly one partial segment of size 0 <= size < RELSEG_SIZE blocks
 *  -- Optionally, any number of inactive segments of size 0 blocks.
 * The full and partial segments are collectively the "active" segments.
 * Inactive segments are those that once contained data but are currently
 * not needed because of an mdtruncate() operation.  The reason for leaving
 * them present at size zero, rather than unlinking them, is that other
 * backends and/or the checkpointer might be holding open file references to
 * such segments.  If the relation expands again after mdtruncate(), such
 * that a deactivated segment becomes active again, it is important that
 * such file references still be valid --- else data might get written
 * out to an unlinked old copy of a segment file that will eventually
 * disappear.
 *
 * File descriptors are stored in the per-fork md_seg_fds arrays inside
 * SMgrRelation. The length of these arrays is stored in md_num_open_segs.
 * Note that a fork's md_num_open_segs having a specific value does not
 * necessarily mean the relation doesn't have additional segments; we may
 * just not have opened the next segment yet.  (We could not have "all
 * segments are in the array" as an invariant anyway, since another backend
 * could extend the relation while we aren't looking.)  We do not have
 * entries for inactive segments, however; as soon as we find a partial
 * segment, we assume that any subsequent segments are inactive.
 *
 * The entire MdfdVec array is palloc'd in the MdCxt memory context.
 */
 
typedef struct _MdfdVec
{
    File        mdfd_vfd;       /* fd number in fd.c's pool */
    BlockNumber mdfd_segno;     /* segment number, from 0 */
} MdfdVec;
 
static MemoryContext MdCxt;     /* context for all MdfdVec objects */
 
 
/* Populate a file tag describing an md.c segment file. */
#define INIT_MD_FILETAG(a,xx_rlocator,xx_forknum,xx_segno) \
( \
    memset(&(a), 0, sizeof(FileTag)), \
    (a).handler = SYNC_HANDLER_MD, \
    (a).rlocator = (xx_rlocator), \
    (a).forknum = (xx_forknum), \
    (a).segno = (xx_segno) \
)
 
 
/*** behavior for mdopen & _mdfd_getseg ***/
/* ereport if segment not present */
#define EXTENSION_FAIL              (1 << 0)
/* return NULL if segment not present */
#define EXTENSION_RETURN_NULL       (1 << 1)
/* create new segments as needed */
#define EXTENSION_CREATE            (1 << 2)
/* create new segments if needed during recovery */
#define EXTENSION_CREATE_RECOVERY   (1 << 3)
/* don't try to open a segment, if not already open */
#define EXTENSION_DONT_OPEN         (1 << 5)
 
 
/*
 * Fixed-length string to represent paths to files that need to be built by
 * md.c.
 *
 * The maximum number of segments is MaxBlockNumber / RELSEG_SIZE, where
 * RELSEG_SIZE can be set to 1 (for testing only).
 */
#define SEGMENT_CHARS   OIDCHARS
#define MD_PATH_STR_MAXLEN \
    (\
        REL_PATH_STR_MAXLEN \
        + sizeof((char)'.') \
        + SEGMENT_CHARS \
    )
typedef struct MdPathStr
{
    char        str[MD_PATH_STR_MAXLEN + 1];
} MdPathStr;
 
 
/* local routines */
static void mdunlinkfork(RelFileLocatorBackend rlocator, ForkNumber forknum,
                         bool isRedo);
static MdfdVec *mdopenfork(SMgrRelation reln, ForkNumber forknum, int behavior);
static void register_dirty_segment(SMgrRelation reln, ForkNumber forknum,
                                   MdfdVec *seg);
static void register_unlink_segment(RelFileLocatorBackend rlocator, ForkNumber forknum,
                                    BlockNumber segno);
static void register_forget_request(RelFileLocatorBackend rlocator, ForkNumber forknum,
                                    BlockNumber segno);
static void _fdvec_resize(SMgrRelation reln,
                          ForkNumber forknum,
                          int nseg);
static MdPathStr _mdfd_segpath(SMgrRelation reln, ForkNumber forknum,
                               BlockNumber segno);
static MdfdVec *_mdfd_openseg(SMgrRelation reln, ForkNumber forknum,
                              BlockNumber segno, int oflags);
static MdfdVec *_mdfd_getseg(SMgrRelation reln, ForkNumber forknum,
                             BlockNumber blkno, bool skipFsync, int behavior);
static BlockNumber _mdnblocks(SMgrRelation reln, ForkNumber forknum,
                              MdfdVec *seg);
 
static PgAioResult md_readv_complete(PgAioHandle *ioh, PgAioResult prior_result, uint8 cb_data);
static void md_readv_report(PgAioResult result, const PgAioTargetData *td, int elevel);
 
const PgAioHandleCallbacks aio_md_readv_cb = {
    .complete_shared = md_readv_complete,
    .report = md_readv_report,
};
 
 
static inline int
_mdfd_open_flags(void)
{
    int         flags = O_RDWR | PG_BINARY;
 
    if (io_direct_flags & IO_DIRECT_DATA)
        flags |= PG_O_DIRECT;
 
    return flags;
}
 
/*
 * mdinit() -- Initialize private state for magnetic disk storage manager.
 */
void
mdinit(void)
{
    MdCxt = AllocSetContextCreate(TopMemoryContext,
                                  "MdSmgr",
                                  ALLOCSET_DEFAULT_SIZES);
}
 
/*
 * mdexists() -- Does the physical file exist?
 *
 * Note: this will return true for lingering files, with pending deletions
 */
bool
mdexists(SMgrRelation reln, ForkNumber forknum)
{
    /*
     * Close it first, to ensure that we notice if the fork has been unlinked
     * since we opened it.  As an optimization, we can skip that in recovery,
     * which already closes relations when dropping them.
     */
    if (!InRecovery)
        mdclose(reln, forknum);
 
    return (mdopenfork(reln, forknum, EXTENSION_RETURN_NULL) != NULL);
}
 
/*
 * mdcreate() -- Create a new relation on magnetic disk.
 *
 * If isRedo is true, it's okay for the relation to exist already.
 */
void
mdcreate(SMgrRelation reln, ForkNumber forknum, bool isRedo)
{
    MdfdVec    *mdfd;
    RelPathStr  path;
    File        fd;
 
    if (isRedo && reln->md_num_open_segs[forknum] > 0)
        return;                 /* created and opened already... */
 
    Assert(reln->md_num_open_segs[forknum] == 0);
 
    /*
     * We may be using the target table space for the first time in this
     * database, so create a per-database subdirectory if needed.
     *
     * XXX this is a fairly ugly violation of module layering, but this seems
     * to be the best place to put the check.  Maybe TablespaceCreateDbspace
     * should be here and not in commands/tablespace.c?  But that would imply
     * importing a lot of stuff that smgr.c oughtn't know, either.
     */
    TablespaceCreateDbspace(reln->smgr_rlocator.locator.spcOid,
                            reln->smgr_rlocator.locator.dbOid,
                            isRedo);
 
    path = relpath(reln->smgr_rlocator, forknum);
 
    fd = PathNameOpenFile(path.str, _mdfd_open_flags() | O_CREAT | O_EXCL);
 
    if (fd < 0)
    {
        int         save_errno = errno;
 
        if (isRedo)
            fd = PathNameOpenFile(path.str, _mdfd_open_flags());
        if (fd < 0)
        {
            /* be sure to report the error reported by create, not open */
            errno = save_errno;
            ereport(ERROR,
                    (errcode_for_file_access(),
                     errmsg("could not create file \"%s\": %m", path.str)));
        }
    }
 
    _fdvec_resize(reln, forknum, 1);
    mdfd = &reln->md_seg_fds[forknum][0];
    mdfd->mdfd_vfd = fd;
    mdfd->mdfd_segno = 0;
 
    if (!SmgrIsTemp(reln))
        register_dirty_segment(reln, forknum, mdfd);
}
 
/*
 * mdunlink() -- Unlink a relation.
 *
 * Note that we're passed a RelFileLocatorBackend --- by the time this is called,
 * there won't be an SMgrRelation hashtable entry anymore.
 *
 * forknum can be a fork number to delete a specific fork, or InvalidForkNumber
 * to delete all forks.
 *
 * For regular relations, we don't unlink the first segment file of the rel,
 * but just truncate it to zero length, and record a request to unlink it after
 * the next checkpoint.  Additional segments can be unlinked immediately,
 * however.  Leaving the empty file in place prevents that relfilenumber
 * from being reused.  The scenario this protects us from is:
 * 1. We delete a relation (and commit, and actually remove its file).
 * 2. We create a new relation, which by chance gets the same relfilenumber as
 *    the just-deleted one (OIDs must've wrapped around for that to happen).
 * 3. We crash before another checkpoint occurs.
 * During replay, we would delete the file and then recreate it, which is fine
 * if the contents of the file were repopulated by subsequent WAL entries.
 * But if we didn't WAL-log insertions, but instead relied on fsyncing the
 * file after populating it (as we do at wal_level=minimal), the contents of
 * the file would be lost forever.  By leaving the empty file until after the
 * next checkpoint, we prevent reassignment of the relfilenumber until it's
 * safe, because relfilenumber assignment skips over any existing file.
 *
 * Additional segments, if any, are truncated and then unlinked.  The reason
 * for truncating is that other backends may still hold open FDs for these at
 * the smgr level, so that the kernel can't remove the file yet.  We want to
 * reclaim the disk space right away despite that.
 *
 * We do not need to go through this dance for temp relations, though, because
 * we never make WAL entries for temp rels, and so a temp rel poses no threat
 * to the health of a regular rel that has taken over its relfilenumber.
 * The fact that temp rels and regular rels have different file naming
 * patterns provides additional safety.  Other backends shouldn't have open
 * FDs for them, either.
 *
 * We also don't do it while performing a binary upgrade.  There is no reuse
 * hazard in that case, since after a crash or even a simple ERROR, the
 * upgrade fails and the whole cluster must be recreated from scratch.
 * Furthermore, it is important to remove the files from disk immediately,
 * because we may be about to reuse the same relfilenumber.
 *
 * All the above applies only to the relation's main fork; other forks can
 * just be removed immediately, since they are not needed to prevent the
 * relfilenumber from being recycled.  Also, we do not carefully
 * track whether other forks have been created or not, but just attempt to
 * unlink them unconditionally; so we should never complain about ENOENT.
 *
 * If isRedo is true, it's unsurprising for the relation to be already gone.
 * Also, we should remove the file immediately instead of queuing a request
 * for later, since during redo there's no possibility of creating a
 * conflicting relation.
 *
 * Note: we currently just never warn about ENOENT at all.  We could warn in
 * the main-fork, non-isRedo case, but it doesn't seem worth the trouble.
 *
 * Note: any failure should be reported as WARNING not ERROR, because
 * we are usually not in a transaction anymore when this is called.
 */
void
mdunlink(RelFileLocatorBackend rlocator, ForkNumber forknum, bool isRedo)
{
    /* Now do the per-fork work */
    if (forknum == InvalidForkNumber)
    {
        for (forknum = 0; forknum <= MAX_FORKNUM; forknum++)
            mdunlinkfork(rlocator, forknum, isRedo);
    }
    else
        mdunlinkfork(rlocator, forknum, isRedo);
}
 
/*
 * Truncate a file to release disk space.
 */
static int
do_truncate(const char *path)
{
    int         save_errno;
    int         ret;
 
    ret = pg_truncate(path, 0);
 
    /* Log a warning here to avoid repetition in callers. */
    if (ret < 0 && errno != ENOENT)
    {
        save_errno = errno;
        ereport(WARNING,
                (errcode_for_file_access(),
                 errmsg("could not truncate file \"%s\": %m", path)));
        errno = save_errno;
    }
 
    return ret;
}
 
static void
mdunlinkfork(RelFileLocatorBackend rlocator, ForkNumber forknum, bool isRedo)
{
    RelPathStr  path;
    int         ret;
    int         save_errno;
 
    path = relpath(rlocator, forknum);
 
    /*
     * Truncate and then unlink the first segment, or just register a request
     * to unlink it later, as described in the comments for mdunlink().
     */
    if (isRedo || IsBinaryUpgrade || forknum != MAIN_FORKNUM ||
        RelFileLocatorBackendIsTemp(rlocator))
    {
        if (!RelFileLocatorBackendIsTemp(rlocator))
        {
            /* Prevent other backends' fds from holding on to the disk space */
            ret = do_truncate(path.str);
 
            /* Forget any pending sync requests for the first segment */
            save_errno = errno;
            register_forget_request(rlocator, forknum, 0 /* first seg */ );
            errno = save_errno;
        }
        else
            ret = 0;
 
        /* Next unlink the file, unless it was already found to be missing */
        if (ret >= 0 || errno != ENOENT)
        {
            ret = unlink(path.str);
            if (ret < 0 && errno != ENOENT)
            {
                save_errno = errno;
                ereport(WARNING,
                        (errcode_for_file_access(),
                         errmsg("could not remove file \"%s\": %m", path.str)));
                errno = save_errno;
            }
        }
    }
    else
    {
        /* Prevent other backends' fds from holding on to the disk space */
        ret = do_truncate(path.str);
 
        /* Register request to unlink first segment later */
        save_errno = errno;
        register_unlink_segment(rlocator, forknum, 0 /* first seg */ );
        errno = save_errno;
    }
 
    /*
     * Delete any additional segments.
     *
     * Note that because we loop until getting ENOENT, we will correctly
     * remove all inactive segments as well as active ones.  Ideally we'd
     * continue the loop until getting exactly that errno, but that risks an
     * infinite loop if the problem is directory-wide (for instance, if we
     * suddenly can't read the data directory itself).  We compromise by
     * continuing after a non-ENOENT truncate error, but stopping after any
     * unlink error.  If there is indeed a directory-wide problem, additional
     * unlink attempts wouldn't work anyway.
     */
    if (ret >= 0 || errno != ENOENT)
    {
        MdPathStr   segpath;
        BlockNumber segno;
 
        for (segno = 1;; segno++)
        {
            sprintf(segpath.str, "%s.%u", path.str, segno);
 
            if (!RelFileLocatorBackendIsTemp(rlocator))
            {
                /*
                 * Prevent other backends' fds from holding on to the disk
                 * space.  We're done if we see ENOENT, though.
                 */
                if (do_truncate(segpath.str) < 0 && errno == ENOENT)
                    break;
 
                /*
                 * Forget any pending sync requests for this segment before we
                 * try to unlink.
                 */
                register_forget_request(rlocator, forknum, segno);
            }
 
            if (unlink(segpath.str) < 0)
            {
                /* ENOENT is expected after the last segment... */
                if (errno != ENOENT)
                    ereport(WARNING,
                            (errcode_for_file_access(),
                             errmsg("could not remove file \"%s\": %m", segpath.str)));
                break;
            }
        }
    }
}
 
/*
 * mdextend() -- Add a block to the specified relation.
 *
 * The semantics are nearly the same as mdwrite(): write at the
 * specified position.  However, this is to be used for the case of
 * extending a relation (i.e., blocknum is at or beyond the current
 * EOF).  Note that we assume writing a block beyond current EOF
 * causes intervening file space to become filled with zeroes.
 */
void
mdextend(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
         const void *buffer, bool skipFsync)
{
    off_t       seekpos;
    int         nbytes;
    MdfdVec    *v;
 
    /* If this build supports direct I/O, the buffer must be I/O aligned. */
    if (PG_O_DIRECT != 0 && PG_IO_ALIGN_SIZE <= BLCKSZ)
        Assert((uintptr_t) buffer == TYPEALIGN(PG_IO_ALIGN_SIZE, buffer));
 
    /* This assert is too expensive to have on normally ... */
#ifdef CHECK_WRITE_VS_EXTEND
    Assert(blocknum >= mdnblocks(reln, forknum));
#endif
 
    /*
     * If a relation manages to grow to 2^32-1 blocks, refuse to extend it any
     * more --- we mustn't create a block whose number actually is
     * InvalidBlockNumber.  (Note that this failure should be unreachable
     * because of upstream checks in bufmgr.c.)
     */
    if (blocknum == InvalidBlockNumber)
        ereport(ERROR,
                (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
                 errmsg("cannot extend file \"%s\" beyond %u blocks",
                        relpath(reln->smgr_rlocator, forknum).str,
                        InvalidBlockNumber)));
 
    v = _mdfd_getseg(reln, forknum, blocknum, skipFsync, EXTENSION_CREATE);
 
    seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
 
    Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
 
    if ((nbytes = FileWrite(v->mdfd_vfd, buffer, BLCKSZ, seekpos, WAIT_EVENT_DATA_FILE_EXTEND)) != BLCKSZ)
    {
        if (nbytes < 0)
            ereport(ERROR,
                    (errcode_for_file_access(),
                     errmsg("could not extend file \"%s\": %m",
                            FilePathName(v->mdfd_vfd)),
                     errhint("Check free disk space.")));
        /* short write: complain appropriately */
        ereport(ERROR,
                (errcode(ERRCODE_DISK_FULL),
                 errmsg("could not extend file \"%s\": wrote only %d of %d bytes at block %u",
                        FilePathName(v->mdfd_vfd),
                        nbytes, BLCKSZ, blocknum),
                 errhint("Check free disk space.")));
    }
 
    if (!skipFsync && !SmgrIsTemp(reln))
        register_dirty_segment(reln, forknum, v);
 
    Assert(_mdnblocks(reln, forknum, v) <= ((BlockNumber) RELSEG_SIZE));
}
 
/*
 * mdzeroextend() -- Add new zeroed out blocks to the specified relation.
 *
 * Similar to mdextend(), except the relation can be extended by multiple
 * blocks at once and the added blocks will be filled with zeroes.
 */
void
mdzeroextend(SMgrRelation reln, ForkNumber forknum,
             BlockNumber blocknum, int nblocks, bool skipFsync)
{
    MdfdVec    *v;
    BlockNumber curblocknum = blocknum;
    int         remblocks = nblocks;
 
    Assert(nblocks > 0);
 
    /* This assert is too expensive to have on normally ... */
#ifdef CHECK_WRITE_VS_EXTEND
    Assert(blocknum >= mdnblocks(reln, forknum));
#endif
 
    /*
     * If a relation manages to grow to 2^32-1 blocks, refuse to extend it any
     * more --- we mustn't create a block whose number actually is
     * InvalidBlockNumber or larger.
     */
    if ((uint64) blocknum + nblocks >= (uint64) InvalidBlockNumber)
        ereport(ERROR,
                (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
                 errmsg("cannot extend file \"%s\" beyond %u blocks",
                        relpath(reln->smgr_rlocator, forknum).str,
                        InvalidBlockNumber)));
 
    while (remblocks > 0)
    {
        BlockNumber segstartblock = curblocknum % ((BlockNumber) RELSEG_SIZE);
        off_t       seekpos = (off_t) BLCKSZ * segstartblock;
        int         numblocks;
 
        if (segstartblock + remblocks > RELSEG_SIZE)
            numblocks = RELSEG_SIZE - segstartblock;
        else
            numblocks = remblocks;
 
        v = _mdfd_getseg(reln, forknum, curblocknum, skipFsync, EXTENSION_CREATE);
 
        Assert(segstartblock < RELSEG_SIZE);
        Assert(segstartblock + numblocks <= RELSEG_SIZE);
 
        /*
         * If available and useful, use posix_fallocate() (via
         * FileFallocate()) to extend the relation. That's often more
         * efficient than using write(), as it commonly won't cause the kernel
         * to allocate page cache space for the extended pages.
         *
         * However, we don't use FileFallocate() for small extensions, as it
         * defeats delayed allocation on some filesystems. Not clear where
         * that decision should be made though? For now just use a cutoff of
         * 8, anything between 4 and 8 worked OK in some local testing.
         */
        if (numblocks > 8)
        {
            int         ret;
 
            ret = FileFallocate(v->mdfd_vfd,
                                seekpos, (off_t) BLCKSZ * numblocks,
                                WAIT_EVENT_DATA_FILE_EXTEND);
            if (ret != 0)
            {
                ereport(ERROR,
                        errcode_for_file_access(),
                        errmsg("could not extend file \"%s\" with FileFallocate(): %m",
                               FilePathName(v->mdfd_vfd)),
                        errhint("Check free disk space."));
            }
        }
        else
        {
            int         ret;
 
            /*
             * Even if we don't want to use fallocate, we can still extend a
             * bit more efficiently than writing each 8kB block individually.
             * pg_pwrite_zeros() (via FileZero()) uses pg_pwritev_with_retry()
             * to avoid multiple writes or needing a zeroed buffer for the
             * whole length of the extension.
             */
            ret = FileZero(v->mdfd_vfd,
                           seekpos, (off_t) BLCKSZ * numblocks,
                           WAIT_EVENT_DATA_FILE_EXTEND);
            if (ret < 0)
                ereport(ERROR,
                        errcode_for_file_access(),
                        errmsg("could not extend file \"%s\": %m",
                               FilePathName(v->mdfd_vfd)),
                        errhint("Check free disk space."));
        }
 
        if (!skipFsync && !SmgrIsTemp(reln))
            register_dirty_segment(reln, forknum, v);
 
        Assert(_mdnblocks(reln, forknum, v) <= ((BlockNumber) RELSEG_SIZE));
 
        remblocks -= numblocks;
        curblocknum += numblocks;
    }
}
 
/*
 * mdopenfork() -- Open one fork of the specified relation.
 *
 * Note we only open the first segment, when there are multiple segments.
 *
 * If first segment is not present, either ereport or return NULL according
 * to "behavior".  We treat EXTENSION_CREATE the same as EXTENSION_FAIL;
 * EXTENSION_CREATE means it's OK to extend an existing relation, not to
 * invent one out of whole cloth.
 */
static MdfdVec *
mdopenfork(SMgrRelation reln, ForkNumber forknum, int behavior)
{
    MdfdVec    *mdfd;
    RelPathStr  path;
    File        fd;
 
    /* No work if already open */
    if (reln->md_num_open_segs[forknum] > 0)
        return &reln->md_seg_fds[forknum][0];
 
    path = relpath(reln->smgr_rlocator, forknum);
 
    fd = PathNameOpenFile(path.str, _mdfd_open_flags());
 
    if (fd < 0)
    {
        if ((behavior & EXTENSION_RETURN_NULL) &&
            FILE_POSSIBLY_DELETED(errno))
            return NULL;
        ereport(ERROR,
                (errcode_for_file_access(),
                 errmsg("could not open file \"%s\": %m", path.str)));
    }
 
    _fdvec_resize(reln, forknum, 1);
    mdfd = &reln->md_seg_fds[forknum][0];
    mdfd->mdfd_vfd = fd;
    mdfd->mdfd_segno = 0;
 
    Assert(_mdnblocks(reln, forknum, mdfd) <= ((BlockNumber) RELSEG_SIZE));
 
    return mdfd;
}
 
/*
 * mdopen() -- Initialize newly-opened relation.
 */
void
mdopen(SMgrRelation reln)
{
    /* mark it not open */
    for (int forknum = 0; forknum <= MAX_FORKNUM; forknum++)
        reln->md_num_open_segs[forknum] = 0;
}
 
/*
 * mdclose() -- Close the specified relation, if it isn't closed already.
 */
void
mdclose(SMgrRelation reln, ForkNumber forknum)
{
    int         nopensegs = reln->md_num_open_segs[forknum];
 
    /* No work if already closed */
    if (nopensegs == 0)
        return;
 
    /* close segments starting from the end */
    while (nopensegs > 0)
    {
        MdfdVec    *v = &reln->md_seg_fds[forknum][nopensegs - 1];
 
        FileClose(v->mdfd_vfd);
        _fdvec_resize(reln, forknum, nopensegs - 1);
        nopensegs--;
    }
}
 
/*
 * mdprefetch() -- Initiate asynchronous read of the specified blocks of a relation
 */
bool
mdprefetch(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
           int nblocks)
{
#ifdef USE_PREFETCH
 
    Assert((io_direct_flags & IO_DIRECT_DATA) == 0);
 
    if ((uint64) blocknum + nblocks > (uint64) MaxBlockNumber + 1)
        return false;
 
    while (nblocks > 0)
    {
        off_t       seekpos;
        MdfdVec    *v;
        int         nblocks_this_segment;
 
        v = _mdfd_getseg(reln, forknum, blocknum, false,
                         InRecovery ? EXTENSION_RETURN_NULL : EXTENSION_FAIL);
        if (v == NULL)
            return false;
 
        seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
 
        Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
 
        nblocks_this_segment =
            Min(nblocks,
                RELSEG_SIZE - (blocknum % ((BlockNumber) RELSEG_SIZE)));
 
        (void) FilePrefetch(v->mdfd_vfd, seekpos, BLCKSZ * nblocks_this_segment,
                            WAIT_EVENT_DATA_FILE_PREFETCH);
 
        blocknum += nblocks_this_segment;
        nblocks -= nblocks_this_segment;
    }
#endif                          /* USE_PREFETCH */
 
    return true;
}
 
/*
 * Convert an array of buffer address into an array of iovec objects, and
 * return the number that were required.  'iov' must have enough space for up
 * to 'nblocks' elements, but the number used may be less depending on
 * merging.  In the case of a run of fully contiguous buffers, a single iovec
 * will be populated that can be handled as a plain non-vectored I/O.
 */
static int
buffers_to_iovec(struct iovec *iov, void **buffers, int nblocks)
{
    struct iovec *iovp;
    int         iovcnt;
 
    Assert(nblocks >= 1);
 
    /* If this build supports direct I/O, buffers must be I/O aligned. */
    for (int i = 0; i < nblocks; ++i)
    {
        if (PG_O_DIRECT != 0 && PG_IO_ALIGN_SIZE <= BLCKSZ)
            Assert((uintptr_t) buffers[i] ==
                   TYPEALIGN(PG_IO_ALIGN_SIZE, buffers[i]));
    }
 
    /* Start the first iovec off with the first buffer. */
    iovp = &iov[0];
    iovp->iov_base = buffers[0];
    iovp->iov_len = BLCKSZ;
    iovcnt = 1;
 
    /* Try to merge the rest. */
    for (int i = 1; i < nblocks; ++i)
    {
        void       *buffer = buffers[i];
 
        if (((char *) iovp->iov_base + iovp->iov_len) == buffer)
        {
            /* Contiguous with the last iovec. */
            iovp->iov_len += BLCKSZ;
        }
        else
        {
            /* Need a new iovec. */
            iovp++;
            iovp->iov_base = buffer;
            iovp->iov_len = BLCKSZ;
            iovcnt++;
        }
    }
 
    return iovcnt;
}
 
/*
 * mdmaxcombine() -- Return the maximum number of total blocks that can be
 *               combined with an IO starting at blocknum.
 */
uint32
mdmaxcombine(SMgrRelation reln, ForkNumber forknum,
             BlockNumber blocknum)
{
    BlockNumber segoff;
 
    segoff = blocknum % ((BlockNumber) RELSEG_SIZE);
 
    return RELSEG_SIZE - segoff;
}
 
/*
 * mdreadv() -- Read the specified blocks from a relation.
 */
void
mdreadv(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
        void **buffers, BlockNumber nblocks)
{
    while (nblocks > 0)
    {
        struct iovec iov[PG_IOV_MAX];
        int         iovcnt;
        off_t       seekpos;
        int         nbytes;
        MdfdVec    *v;
        BlockNumber nblocks_this_segment;
        size_t      transferred_this_segment;
        size_t      size_this_segment;
 
        v = _mdfd_getseg(reln, forknum, blocknum, false,
                         EXTENSION_FAIL | EXTENSION_CREATE_RECOVERY);
 
        seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
 
        Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
 
        nblocks_this_segment =
            Min(nblocks,
                RELSEG_SIZE - (blocknum % ((BlockNumber) RELSEG_SIZE)));
        nblocks_this_segment = Min(nblocks_this_segment, lengthof(iov));
 
        if (nblocks_this_segment != nblocks)
            elog(ERROR, "read crosses segment boundary");
 
        iovcnt = buffers_to_iovec(iov, buffers, nblocks_this_segment);
        size_this_segment = nblocks_this_segment * BLCKSZ;
        transferred_this_segment = 0;
 
        /*
         * Inner loop to continue after a short read.  We'll keep going until
         * we hit EOF rather than assuming that a short read means we hit the
         * end.
         */
        for (;;)
        {
            TRACE_POSTGRESQL_SMGR_MD_READ_START(forknum, blocknum,
                                                reln->smgr_rlocator.locator.spcOid,
                                                reln->smgr_rlocator.locator.dbOid,
                                                reln->smgr_rlocator.locator.relNumber,
                                                reln->smgr_rlocator.backend);
            nbytes = FileReadV(v->mdfd_vfd, iov, iovcnt, seekpos,
                               WAIT_EVENT_DATA_FILE_READ);
            TRACE_POSTGRESQL_SMGR_MD_READ_DONE(forknum, blocknum,
                                               reln->smgr_rlocator.locator.spcOid,
                                               reln->smgr_rlocator.locator.dbOid,
                                               reln->smgr_rlocator.locator.relNumber,
                                               reln->smgr_rlocator.backend,
                                               nbytes,
                                               size_this_segment - transferred_this_segment);
 
#ifdef SIMULATE_SHORT_READ
            nbytes = Min(nbytes, 4096);
#endif
 
            if (nbytes < 0)
                ereport(ERROR,
                        (errcode_for_file_access(),
                         errmsg("could not read blocks %u..%u in file \"%s\": %m",
                                blocknum,
                                blocknum + nblocks_this_segment - 1,
                                FilePathName(v->mdfd_vfd))));
 
            if (nbytes == 0)
            {
                /*
                 * We are at or past EOF, or we read a partial block at EOF.
                 * Normally this is an error; upper levels should never try to
                 * read a nonexistent block.  However, if zero_damaged_pages
                 * is ON or we are InRecovery, we should instead return zeroes
                 * without complaining.  This allows, for example, the case of
                 * trying to update a block that was later truncated away.
                 *
                 * NB: We think that this codepath is unreachable in recovery
                 * and incomplete with zero_damaged_pages, as missing segments
                 * are not created. Putting blocks into the buffer-pool that
                 * do not exist on disk is rather problematic, as it will not
                 * be found by scans that rely on smgrnblocks(), as they are
                 * beyond EOF. It also can cause weird problems with relation
                 * extension, as relation extension does not expect blocks
                 * beyond EOF to exist.
                 *
                 * Therefore we do not want to copy the logic into
                 * mdstartreadv(), where it would have to be more complicated
                 * due to potential differences in the zero_damaged_pages
                 * setting between the definer and completor of IO.
                 *
                 * For PG 18, we are putting an Assert(false) in mdreadv()
                 * (triggering failures in assertion-enabled builds, but
                 * continuing to work in production builds). Afterwards we
                 * plan to remove this code entirely.
                 */
                if (zero_damaged_pages || InRecovery)
                {
                    Assert(false);  /* see comment above */
 
                    for (BlockNumber i = transferred_this_segment / BLCKSZ;
                         i < nblocks_this_segment;
                         ++i)
                        memset(buffers[i], 0, BLCKSZ);
                    break;
                }
                else
                    ereport(ERROR,
                            (errcode(ERRCODE_DATA_CORRUPTED),
                             errmsg("could not read blocks %u..%u in file \"%s\": read only %zu of %zu bytes",
                                    blocknum,
                                    blocknum + nblocks_this_segment - 1,
                                    FilePathName(v->mdfd_vfd),
                                    transferred_this_segment,
                                    size_this_segment)));
            }
 
            /* One loop should usually be enough. */
            transferred_this_segment += nbytes;
            Assert(transferred_this_segment <= size_this_segment);
            if (transferred_this_segment == size_this_segment)
                break;
 
            /* Adjust position and vectors after a short read. */
            seekpos += nbytes;
            iovcnt = compute_remaining_iovec(iov, iov, iovcnt, nbytes);
        }
 
        nblocks -= nblocks_this_segment;
        buffers += nblocks_this_segment;
        blocknum += nblocks_this_segment;
    }
}
 
/*
 * mdstartreadv() -- Asynchronous version of mdreadv().
 */
void
mdstartreadv(PgAioHandle *ioh,
             SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
             void **buffers, BlockNumber nblocks)
{
    off_t       seekpos;
    MdfdVec    *v;
    BlockNumber nblocks_this_segment;
    struct iovec *iov;
    int         iovcnt;
    int         ret;
 
    v = _mdfd_getseg(reln, forknum, blocknum, false,
                     EXTENSION_FAIL | EXTENSION_CREATE_RECOVERY);
 
    seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
 
    Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
 
    nblocks_this_segment =
        Min(nblocks,
            RELSEG_SIZE - (blocknum % ((BlockNumber) RELSEG_SIZE)));
 
    if (nblocks_this_segment != nblocks)
        elog(ERROR, "read crossing segment boundary");
 
    iovcnt = pgaio_io_get_iovec(ioh, &iov);
 
    Assert(nblocks <= iovcnt);
 
    iovcnt = buffers_to_iovec(iov, buffers, nblocks_this_segment);
 
    Assert(iovcnt <= nblocks_this_segment);
 
    if (!(io_direct_flags & IO_DIRECT_DATA))
        pgaio_io_set_flag(ioh, PGAIO_HF_BUFFERED);
 
    pgaio_io_set_target_smgr(ioh,
                             reln,
                             forknum,
                             blocknum,
                             nblocks,
                             false);
    pgaio_io_register_callbacks(ioh, PGAIO_HCB_MD_READV, 0);
 
    ret = FileStartReadV(ioh, v->mdfd_vfd, iovcnt, seekpos, WAIT_EVENT_DATA_FILE_READ);
    if (ret != 0)
        ereport(ERROR,
                (errcode_for_file_access(),
                 errmsg("could not start reading blocks %u..%u in file \"%s\": %m",
                        blocknum,
                        blocknum + nblocks_this_segment - 1,
                        FilePathName(v->mdfd_vfd))));
 
    /*
     * The error checks corresponding to the post-read checks in mdreadv() are
     * in md_readv_complete().
     *
     * However we chose, at least for now, to not implement the
     * zero_damaged_pages logic present in mdreadv(). As outlined in mdreadv()
     * that logic is rather problematic, and we want to get rid of it. Here
     * equivalent logic would have to be more complicated due to potential
     * differences in the zero_damaged_pages setting between the definer and
     * completor of IO.
     */
}
 
/*
 * mdwritev() -- Write the supplied blocks at the appropriate location.
 *
 * This is to be used only for updating already-existing blocks of a
 * relation (ie, those before the current EOF).  To extend a relation,
 * use mdextend().
 */
void
mdwritev(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum,
         const void **buffers, BlockNumber nblocks, bool skipFsync)
{
    /* This assert is too expensive to have on normally ... */
#ifdef CHECK_WRITE_VS_EXTEND
    Assert((uint64) blocknum + (uint64) nblocks <= (uint64) mdnblocks(reln, forknum));
#endif
 
    while (nblocks > 0)
    {
        struct iovec iov[PG_IOV_MAX];
        int         iovcnt;
        off_t       seekpos;
        int         nbytes;
        MdfdVec    *v;
        BlockNumber nblocks_this_segment;
        size_t      transferred_this_segment;
        size_t      size_this_segment;
 
        v = _mdfd_getseg(reln, forknum, blocknum, skipFsync,
                         EXTENSION_FAIL | EXTENSION_CREATE_RECOVERY);
 
        seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
 
        Assert(seekpos < (off_t) BLCKSZ * RELSEG_SIZE);
 
        nblocks_this_segment =
            Min(nblocks,
                RELSEG_SIZE - (blocknum % ((BlockNumber) RELSEG_SIZE)));
        nblocks_this_segment = Min(nblocks_this_segment, lengthof(iov));
 
        if (nblocks_this_segment != nblocks)
            elog(ERROR, "write crosses segment boundary");
 
        iovcnt = buffers_to_iovec(iov, (void **) buffers, nblocks_this_segment);
        size_this_segment = nblocks_this_segment * BLCKSZ;
        transferred_this_segment = 0;
 
        /*
         * Inner loop to continue after a short write.  If the reason is that
         * we're out of disk space, a future attempt should get an ENOSPC
         * error from the kernel.
         */
        for (;;)
        {
            TRACE_POSTGRESQL_SMGR_MD_WRITE_START(forknum, blocknum,
                                                 reln->smgr_rlocator.locator.spcOid,
                                                 reln->smgr_rlocator.locator.dbOid,
                                                 reln->smgr_rlocator.locator.relNumber,
                                                 reln->smgr_rlocator.backend);
            nbytes = FileWriteV(v->mdfd_vfd, iov, iovcnt, seekpos,
                                WAIT_EVENT_DATA_FILE_WRITE);
            TRACE_POSTGRESQL_SMGR_MD_WRITE_DONE(forknum, blocknum,
                                                reln->smgr_rlocator.locator.spcOid,
                                                reln->smgr_rlocator.locator.dbOid,
                                                reln->smgr_rlocator.locator.relNumber,
                                                reln->smgr_rlocator.backend,
                                                nbytes,
                                                size_this_segment - transferred_this_segment);
 
#ifdef SIMULATE_SHORT_WRITE
            nbytes = Min(nbytes, 4096);
#endif
 
            if (nbytes < 0)
            {
                bool        enospc = errno == ENOSPC;
 
                ereport(ERROR,
                        (errcode_for_file_access(),
                         errmsg("could not write blocks %u..%u in file \"%s\": %m",
                                blocknum,
                                blocknum + nblocks_this_segment - 1,
                                FilePathName(v->mdfd_vfd)),
                         enospc ? errhint("Check free disk space.") : 0));
            }
 
            /* One loop should usually be enough. */
            transferred_this_segment += nbytes;
            Assert(transferred_this_segment <= size_this_segment);
            if (transferred_this_segment == size_this_segment)
                break;
 
            /* Adjust position and iovecs after a short write. */
            seekpos += nbytes;
            iovcnt = compute_remaining_iovec(iov, iov, iovcnt, nbytes);
        }
 
        if (!skipFsync && !SmgrIsTemp(reln))
            register_dirty_segment(reln, forknum, v);
 
        nblocks -= nblocks_this_segment;
        buffers += nblocks_this_segment;
        blocknum += nblocks_this_segment;
    }
}
 
 
/*
 * mdwriteback() -- Tell the kernel to write pages back to storage.
 *
 * This accepts a range of blocks because flushing several pages at once is
 * considerably more efficient than doing so individually.
 */
void
mdwriteback(SMgrRelation reln, ForkNumber forknum,
            BlockNumber blocknum, BlockNumber nblocks)
{
    Assert((io_direct_flags & IO_DIRECT_DATA) == 0);
 
    /*
     * Issue flush requests in as few requests as possible; have to split at
     * segment boundaries though, since those are actually separate files.
     */
    while (nblocks > 0)
    {
        BlockNumber nflush = nblocks;
        off_t       seekpos;
        MdfdVec    *v;
        int         segnum_start,
                    segnum_end;
 
        v = _mdfd_getseg(reln, forknum, blocknum, true /* not used */ ,
                         EXTENSION_DONT_OPEN);
 
        /*
         * We might be flushing buffers of already removed relations, that's
         * ok, just ignore that case.  If the segment file wasn't open already
         * (ie from a recent mdwrite()), then we don't want to re-open it, to
         * avoid a race with PROCSIGNAL_BARRIER_SMGRRELEASE that might leave
         * us with a descriptor to a file that is about to be unlinked.
         */
        if (!v)
            return;
 
        /* compute offset inside the current segment */
        segnum_start = blocknum / RELSEG_SIZE;
 
        /* compute number of desired writes within the current segment */
        segnum_end = (blocknum + nblocks - 1) / RELSEG_SIZE;
        if (segnum_start != segnum_end)
            nflush = RELSEG_SIZE - (blocknum % ((BlockNumber) RELSEG_SIZE));
 
        Assert(nflush >= 1);
        Assert(nflush <= nblocks);
 
        seekpos = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
 
        FileWriteback(v->mdfd_vfd, seekpos, (off_t) BLCKSZ * nflush, WAIT_EVENT_DATA_FILE_FLUSH);
 
        nblocks -= nflush;
        blocknum += nflush;
    }
}
 
/*
 * mdnblocks() -- Get the number of blocks stored in a relation.
 *
 * Important side effect: all active segments of the relation are opened
 * and added to the md_seg_fds array.  If this routine has not been
 * called, then only segments up to the last one actually touched
 * are present in the array.
 */
BlockNumber
mdnblocks(SMgrRelation reln, ForkNumber forknum)
{
    MdfdVec    *v;
    BlockNumber nblocks;
    BlockNumber segno;
 
    mdopenfork(reln, forknum, EXTENSION_FAIL);
 
    /* mdopen has opened the first segment */
    Assert(reln->md_num_open_segs[forknum] > 0);
 
    /*
     * Start from the last open segments, to avoid redundant seeks.  We have
     * previously verified that these segments are exactly RELSEG_SIZE long,
     * and it's useless to recheck that each time.
     *
     * NOTE: this assumption could only be wrong if another backend has
     * truncated the relation.  We rely on higher code levels to handle that
     * scenario by closing and re-opening the md fd, which is handled via
     * relcache flush.  (Since the checkpointer doesn't participate in
     * relcache flush, it could have segment entries for inactive segments;
     * that's OK because the checkpointer never needs to compute relation
     * size.)
     */
    segno = reln->md_num_open_segs[forknum] - 1;
    v = &reln->md_seg_fds[forknum][segno];
 
    for (;;)
    {
        nblocks = _mdnblocks(reln, forknum, v);
        if (nblocks > ((BlockNumber) RELSEG_SIZE))
            elog(FATAL, "segment too big");
        if (nblocks < ((BlockNumber) RELSEG_SIZE))
            return (segno * ((BlockNumber) RELSEG_SIZE)) + nblocks;
 
        /*
         * If segment is exactly RELSEG_SIZE, advance to next one.
         */
        segno++;
 
        /*
         * We used to pass O_CREAT here, but that has the disadvantage that it
         * might create a segment which has vanished through some operating
         * system misadventure.  In such a case, creating the segment here
         * undermines _mdfd_getseg's attempts to notice and report an error
         * upon access to a missing segment.
         */
        v = _mdfd_openseg(reln, forknum, segno, 0);
        if (v == NULL)
            return segno * ((BlockNumber) RELSEG_SIZE);
    }
}
 
/*
 * mdtruncate() -- Truncate relation to specified number of blocks.
 *
 * Guaranteed not to allocate memory, so it can be used in a critical section.
 * Caller must have called smgrnblocks() to obtain curnblk while holding a
 * sufficient lock to prevent a change in relation size, and not used any smgr
 * functions for this relation or handled interrupts in between.  This makes
 * sure we have opened all active segments, so that truncate loop will get
 * them all!
 */
void
mdtruncate(SMgrRelation reln, ForkNumber forknum,
           BlockNumber curnblk, BlockNumber nblocks)
{
    BlockNumber priorblocks;
    int         curopensegs;
 
    if (nblocks > curnblk)
    {
        /* Bogus request ... but no complaint if InRecovery */
        if (InRecovery)
            return;
        ereport(ERROR,
                (errmsg("could not truncate file \"%s\" to %u blocks: it's only %u blocks now",
                        relpath(reln->smgr_rlocator, forknum).str,
                        nblocks, curnblk)));
    }
    if (nblocks == curnblk)
        return;                 /* no work */
 
    /*
     * Truncate segments, starting at the last one. Starting at the end makes
     * managing the memory for the fd array easier, should there be errors.
     */
    curopensegs = reln->md_num_open_segs[forknum];
    while (curopensegs > 0)
    {
        MdfdVec    *v;
 
        priorblocks = (curopensegs - 1) * RELSEG_SIZE;
 
        v = &reln->md_seg_fds[forknum][curopensegs - 1];
 
        if (priorblocks > nblocks)
        {
            /*
             * This segment is no longer active. We truncate the file, but do
             * not delete it, for reasons explained in the header comments.
             */
            if (FileTruncate(v->mdfd_vfd, 0, WAIT_EVENT_DATA_FILE_TRUNCATE) < 0)
                ereport(ERROR,
                        (errcode_for_file_access(),
                         errmsg("could not truncate file \"%s\": %m",
                                FilePathName(v->mdfd_vfd))));
 
            if (!SmgrIsTemp(reln))
                register_dirty_segment(reln, forknum, v);
 
            /* we never drop the 1st segment */
            Assert(v != &reln->md_seg_fds[forknum][0]);
 
            FileClose(v->mdfd_vfd);
            _fdvec_resize(reln, forknum, curopensegs - 1);
        }
        else if (priorblocks + ((BlockNumber) RELSEG_SIZE) > nblocks)
        {
            /*
             * This is the last segment we want to keep. Truncate the file to
             * the right length. NOTE: if nblocks is exactly a multiple K of
             * RELSEG_SIZE, we will truncate the K+1st segment to 0 length but
             * keep it. This adheres to the invariant given in the header
             * comments.
             */
            BlockNumber lastsegblocks = nblocks - priorblocks;
 
            if (FileTruncate(v->mdfd_vfd, (off_t) lastsegblocks * BLCKSZ, WAIT_EVENT_DATA_FILE_TRUNCATE) < 0)
                ereport(ERROR,
                        (errcode_for_file_access(),
                         errmsg("could not truncate file \"%s\" to %u blocks: %m",
                                FilePathName(v->mdfd_vfd),
                                nblocks)));
            if (!SmgrIsTemp(reln))
                register_dirty_segment(reln, forknum, v);
        }
        else
        {
            /*
             * We still need this segment, so nothing to do for this and any
             * earlier segment.
             */
            break;
        }
        curopensegs--;
    }
}
 
/*
 * mdregistersync() -- Mark whole relation as needing fsync
 */
void
mdregistersync(SMgrRelation reln, ForkNumber forknum)
{
    int         segno;
    int         min_inactive_seg;
 
    /*
     * NOTE: mdnblocks makes sure we have opened all active segments, so that
     * the loop below will get them all!
     */
    mdnblocks(reln, forknum);
 
    min_inactive_seg = segno = reln->md_num_open_segs[forknum];
 
    /*
     * Temporarily open inactive segments, then close them after sync.  There
     * may be some inactive segments left opened after error, but that is
     * harmless.  We don't bother to clean them up and take a risk of further
     * trouble.  The next mdclose() will soon close them.
     */
    while (_mdfd_openseg(reln, forknum, segno, 0) != NULL)
        segno++;
 
    while (segno > 0)
    {
        MdfdVec    *v = &reln->md_seg_fds[forknum][segno - 1];
 
        register_dirty_segment(reln, forknum, v);
 
        /* Close inactive segments immediately */
        if (segno > min_inactive_seg)
        {
            FileClose(v->mdfd_vfd);
            _fdvec_resize(reln, forknum, segno - 1);
        }
 
        segno--;
    }
}
 
/*
 * mdimmedsync() -- Immediately sync a relation to stable storage.
 *
 * Note that only writes already issued are synced; this routine knows
 * nothing of dirty buffers that may exist inside the buffer manager.  We
 * sync active and inactive segments; smgrDoPendingSyncs() relies on this.
 * Consider a relation skipping WAL.  Suppose a checkpoint syncs blocks of
 * some segment, then mdtruncate() renders that segment inactive.  If we
 * crash before the next checkpoint syncs the newly-inactive segment, that
 * segment may survive recovery, reintroducing unwanted data into the table.
 */
void
mdimmedsync(SMgrRelation reln, ForkNumber forknum)
{
    int         segno;
    int         min_inactive_seg;
 
    /*
     * NOTE: mdnblocks makes sure we have opened all active segments, so that
     * the loop below will get them all!
     */
    mdnblocks(reln, forknum);
 
    min_inactive_seg = segno = reln->md_num_open_segs[forknum];
 
    /*
     * Temporarily open inactive segments, then close them after sync.  There
     * may be some inactive segments left opened after fsync() error, but that
     * is harmless.  We don't bother to clean them up and take a risk of
     * further trouble.  The next mdclose() will soon close them.
     */
    while (_mdfd_openseg(reln, forknum, segno, 0) != NULL)
        segno++;
 
    while (segno > 0)
    {
        MdfdVec    *v = &reln->md_seg_fds[forknum][segno - 1];
 
        /*
         * fsyncs done through mdimmedsync() should be tracked in a separate
         * IOContext than those done through mdsyncfiletag() to differentiate
         * between unavoidable client backend fsyncs (e.g. those done during
         * index build) and those which ideally would have been done by the
         * checkpointer. Since other IO operations bypassing the buffer
         * manager could also be tracked in such an IOContext, wait until
         * these are also tracked to track immediate fsyncs.
         */
        if (FileSync(v->mdfd_vfd, WAIT_EVENT_DATA_FILE_IMMEDIATE_SYNC) < 0)
            ereport(data_sync_elevel(ERROR),
                    (errcode_for_file_access(),
                     errmsg("could not fsync file \"%s\": %m",
                            FilePathName(v->mdfd_vfd))));
 
        /* Close inactive segments immediately */
        if (segno > min_inactive_seg)
        {
            FileClose(v->mdfd_vfd);
            _fdvec_resize(reln, forknum, segno - 1);
        }
 
        segno--;
    }
}
 
int
mdfd(SMgrRelation reln, ForkNumber forknum, BlockNumber blocknum, uint32 *off)
{
    MdfdVec    *v = mdopenfork(reln, forknum, EXTENSION_FAIL);
 
    v = _mdfd_getseg(reln, forknum, blocknum, false,
                     EXTENSION_FAIL);
 
    *off = (off_t) BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE));
 
    Assert(*off < (off_t) BLCKSZ * RELSEG_SIZE);
 
    return FileGetRawDesc(v->mdfd_vfd);
}
 
/*
 * register_dirty_segment() -- Mark a relation segment as needing fsync
 *
 * If there is a local pending-ops table, just make an entry in it for
 * ProcessSyncRequests to process later.  Otherwise, try to pass off the
 * fsync request to the checkpointer process.  If that fails, just do the
 * fsync locally before returning (we hope this will not happen often
 * enough to be a performance problem).
 */
static void
register_dirty_segment(SMgrRelation reln, ForkNumber forknum, MdfdVec *seg)
{
    FileTag     tag;
 
    INIT_MD_FILETAG(tag, reln->smgr_rlocator.locator, forknum, seg->mdfd_segno);
 
    /* Temp relations should never be fsync'd */
    Assert(!SmgrIsTemp(reln));
 
    if (!RegisterSyncRequest(&tag, SYNC_REQUEST, false /* retryOnError */ ))
    {
        instr_time  io_start;
 
        ereport(DEBUG1,
                (errmsg_internal("could not forward fsync request because request queue is full")));
 
        io_start = pgstat_prepare_io_time(track_io_timing);
 
        if (FileSync(seg->mdfd_vfd, WAIT_EVENT_DATA_FILE_SYNC) < 0)
            ereport(data_sync_elevel(ERROR),
                    (errcode_for_file_access(),
                     errmsg("could not fsync file \"%s\": %m",
                            FilePathName(seg->mdfd_vfd))));
 
        /*
         * We have no way of knowing if the current IOContext is
         * IOCONTEXT_NORMAL or IOCONTEXT_[BULKREAD, BULKWRITE, VACUUM] at this
         * point, so count the fsync as being in the IOCONTEXT_NORMAL
         * IOContext. This is probably okay, because the number of backend
         * fsyncs doesn't say anything about the efficacy of the
         * BufferAccessStrategy. And counting both fsyncs done in
         * IOCONTEXT_NORMAL and IOCONTEXT_[BULKREAD, BULKWRITE, VACUUM] under
         * IOCONTEXT_NORMAL is likely clearer when investigating the number of
         * backend fsyncs.
         */
        pgstat_count_io_op_time(IOOBJECT_RELATION, IOCONTEXT_NORMAL,
                                IOOP_FSYNC, io_start, 1, 0);
    }
}
 
/*
 * register_unlink_segment() -- Schedule a file to be deleted after next checkpoint
 */
static void
register_unlink_segment(RelFileLocatorBackend rlocator, ForkNumber forknum,
                        BlockNumber segno)
{
    FileTag     tag;
 
    INIT_MD_FILETAG(tag, rlocator.locator, forknum, segno);
 
    /* Should never be used with temp relations */
    Assert(!RelFileLocatorBackendIsTemp(rlocator));
 
    RegisterSyncRequest(&tag, SYNC_UNLINK_REQUEST, true /* retryOnError */ );
}
 
/*
 * register_forget_request() -- forget any fsyncs for a relation fork's segment
 */
static void
register_forget_request(RelFileLocatorBackend rlocator, ForkNumber forknum,
                        BlockNumber segno)
{
    FileTag     tag;
 
    INIT_MD_FILETAG(tag, rlocator.locator, forknum, segno);
 
    RegisterSyncRequest(&tag, SYNC_FORGET_REQUEST, true /* retryOnError */ );
}
 
/*
 * ForgetDatabaseSyncRequests -- forget any fsyncs and unlinks for a DB
 */
void
ForgetDatabaseSyncRequests(Oid dbid)
{
    FileTag     tag;
    RelFileLocator rlocator;
 
    rlocator.dbOid = dbid;
    rlocator.spcOid = 0;
    rlocator.relNumber = 0;
 
    INIT_MD_FILETAG(tag, rlocator, InvalidForkNumber, InvalidBlockNumber);
 
    RegisterSyncRequest(&tag, SYNC_FILTER_REQUEST, true /* retryOnError */ );
}
 
/*
 * DropRelationFiles -- drop files of all given relations
 */
void
DropRelationFiles(RelFileLocator *delrels, int ndelrels, bool isRedo)
{
    SMgrRelation *srels;
    int         i;
 
    srels = palloc(sizeof(SMgrRelation) * ndelrels);
    for (i = 0; i < ndelrels; i++)
    {
        SMgrRelation srel = smgropen(delrels[i], INVALID_PROC_NUMBER);
 
        if (isRedo)
        {
            ForkNumber  fork;
 
            for (fork = 0; fork <= MAX_FORKNUM; fork++)
                XLogDropRelation(delrels[i], fork);
        }
        srels[i] = srel;
    }
 
    smgrdounlinkall(srels, ndelrels, isRedo);
 
    for (i = 0; i < ndelrels; i++)
        smgrclose(srels[i]);
    pfree(srels);
}
 
 
/*
 * _fdvec_resize() -- Resize the fork's open segments array
 */
static void
_fdvec_resize(SMgrRelation reln,
              ForkNumber forknum,
              int nseg)
{
    if (nseg == 0)
    {
        if (reln->md_num_open_segs[forknum] > 0)
        {
            pfree(reln->md_seg_fds[forknum]);
            reln->md_seg_fds[forknum] = NULL;
        }
    }
    else if (reln->md_num_open_segs[forknum] == 0)
    {
        reln->md_seg_fds[forknum] =
            MemoryContextAlloc(MdCxt, sizeof(MdfdVec) * nseg);
    }
    else if (nseg > reln->md_num_open_segs[forknum])
    {
        /*
         * It doesn't seem worthwhile complicating the code to amortize
         * repalloc() calls.  Those are far faster than PathNameOpenFile() or
         * FileClose(), and the memory context internally will sometimes avoid
         * doing an actual reallocation.
         */
        reln->md_seg_fds[forknum] =
            repalloc(reln->md_seg_fds[forknum],
                     sizeof(MdfdVec) * nseg);
    }
    else
    {
        /*
         * We don't reallocate a smaller array, because we want mdtruncate()
         * to be able to promise that it won't allocate memory, so that it is
         * allowed in a critical section.  This means that a bit of space in
         * the array is now wasted, until the next time we add a segment and
         * reallocate.
         */
    }
 
    reln->md_num_open_segs[forknum] = nseg;
}
 
/*
 * Return the filename for the specified segment of the relation. The
 * returned string is palloc'd.
 */
static MdPathStr
_mdfd_segpath(SMgrRelation reln, ForkNumber forknum, BlockNumber segno)
{
    RelPathStr  path;
    MdPathStr   fullpath;
 
    path = relpath(reln->smgr_rlocator, forknum);
 
    if (segno > 0)
        sprintf(fullpath.str, "%s.%u", path.str, segno);
    else
        strcpy(fullpath.str, path.str);
 
    return fullpath;
}
 
/*
 * Open the specified segment of the relation,
 * and make a MdfdVec object for it.  Returns NULL on failure.
 */
static MdfdVec *
_mdfd_openseg(SMgrRelation reln, ForkNumber forknum, BlockNumber segno,
              int oflags)
{
    MdfdVec    *v;
    File        fd;
    MdPathStr   fullpath;
 
    fullpath = _mdfd_segpath(reln, forknum, segno);
 
    /* open the file */
    fd = PathNameOpenFile(fullpath.str, _mdfd_open_flags() | oflags);
 
    if (fd < 0)
        return NULL;
 
    /*
     * Segments are always opened in order from lowest to highest, so we must
     * be adding a new one at the end.
     */
    Assert(segno == reln->md_num_open_segs[forknum]);
 
    _fdvec_resize(reln, forknum, segno + 1);
 
    /* fill the entry */
    v = &reln->md_seg_fds[forknum][segno];
    v->mdfd_vfd = fd;
    v->mdfd_segno = segno;
 
    Assert(_mdnblocks(reln, forknum, v) <= ((BlockNumber) RELSEG_SIZE));
 
    /* all done */
    return v;
}
 
/*
 * _mdfd_getseg() -- Find the segment of the relation holding the
 *                   specified block.
 *
 * If the segment doesn't exist, we ereport, return NULL, or create the
 * segment, according to "behavior".  Note: skipFsync is only used in the
 * EXTENSION_CREATE case.
 */
static MdfdVec *
_mdfd_getseg(SMgrRelation reln, ForkNumber forknum, BlockNumber blkno,
             bool skipFsync, int behavior)
{
    MdfdVec    *v;
    BlockNumber targetseg;
    BlockNumber nextsegno;
 
    /* some way to handle non-existent segments needs to be specified */
    Assert(behavior &
           (EXTENSION_FAIL | EXTENSION_CREATE | EXTENSION_RETURN_NULL |
            EXTENSION_DONT_OPEN));
 
    targetseg = blkno / ((BlockNumber) RELSEG_SIZE);
 
    /* if an existing and opened segment, we're done */
    if (targetseg < reln->md_num_open_segs[forknum])
    {
        v = &reln->md_seg_fds[forknum][targetseg];
        return v;
    }
 
    /* The caller only wants the segment if we already had it open. */
    if (behavior & EXTENSION_DONT_OPEN)
        return NULL;
 
    /*
     * The target segment is not yet open. Iterate over all the segments
     * between the last opened and the target segment. This way missing
     * segments either raise an error, or get created (according to
     * 'behavior'). Start with either the last opened, or the first segment if
     * none was opened before.
     */
    if (reln->md_num_open_segs[forknum] > 0)
        v = &reln->md_seg_fds[forknum][reln->md_num_open_segs[forknum] - 1];
    else
    {
        v = mdopenfork(reln, forknum, behavior);
        if (!v)
            return NULL;        /* if behavior & EXTENSION_RETURN_NULL */
    }
 
    for (nextsegno = reln->md_num_open_segs[forknum];
         nextsegno <= targetseg; nextsegno++)
    {
        BlockNumber nblocks = _mdnblocks(reln, forknum, v);
        int         flags = 0;
 
        Assert(nextsegno == v->mdfd_segno + 1);
 
        if (nblocks > ((BlockNumber) RELSEG_SIZE))
            elog(FATAL, "segment too big");
 
        if ((behavior & EXTENSION_CREATE) ||
            (InRecovery && (behavior & EXTENSION_CREATE_RECOVERY)))
        {
            /*
             * Normally we will create new segments only if authorized by the
             * caller (i.e., we are doing mdextend()).  But when doing WAL
             * recovery, create segments anyway; this allows cases such as
             * replaying WAL data that has a write into a high-numbered
             * segment of a relation that was later deleted. We want to go
             * ahead and create the segments so we can finish out the replay.
             *
             * We have to maintain the invariant that segments before the last
             * active segment are of size RELSEG_SIZE; therefore, if
             * extending, pad them out with zeroes if needed.  (This only
             * matters if in recovery, or if the caller is extending the
             * relation discontiguously, but that can happen in hash indexes.)
             */
            if (nblocks < ((BlockNumber) RELSEG_SIZE))
            {
                char       *zerobuf = palloc_aligned(BLCKSZ, PG_IO_ALIGN_SIZE,
                                                     MCXT_ALLOC_ZERO);
 
                mdextend(reln, forknum,
                         nextsegno * ((BlockNumber) RELSEG_SIZE) - 1,
                         zerobuf, skipFsync);
                pfree(zerobuf);
            }
            flags = O_CREAT;
        }
        else if (nblocks < ((BlockNumber) RELSEG_SIZE))
        {
            /*
             * When not extending, only open the next segment if the current
             * one is exactly RELSEG_SIZE.  If not (this branch), either
             * return NULL or fail.
             */
            if (behavior & EXTENSION_RETURN_NULL)
            {
                /*
                 * Some callers discern between reasons for _mdfd_getseg()
                 * returning NULL based on errno. As there's no failing
                 * syscall involved in this case, explicitly set errno to
                 * ENOENT, as that seems the closest interpretation.
                 */
                errno = ENOENT;
                return NULL;
            }
 
            ereport(ERROR,
                    (errcode_for_file_access(),
                     errmsg("could not open file \"%s\" (target block %u): previous segment is only %u blocks",
                            _mdfd_segpath(reln, forknum, nextsegno).str,
                            blkno, nblocks)));
        }
 
        v = _mdfd_openseg(reln, forknum, nextsegno, flags);
 
        if (v == NULL)
        {
            if ((behavior & EXTENSION_RETURN_NULL) &&
                FILE_POSSIBLY_DELETED(errno))
                return NULL;
            ereport(ERROR,
                    (errcode_for_file_access(),
                     errmsg("could not open file \"%s\" (target block %u): %m",
                            _mdfd_segpath(reln, forknum, nextsegno).str,
                            blkno)));
        }
    }
 
    return v;
}
 
/*
 * Get number of blocks present in a single disk file
 */
static BlockNumber
_mdnblocks(SMgrRelation reln, ForkNumber forknum, MdfdVec *seg)
{
    off_t       len;
 
    len = FileSize(seg->mdfd_vfd);
    if (len < 0)
        ereport(ERROR,
                (errcode_for_file_access(),
                 errmsg("could not seek to end of file \"%s\": %m",
                        FilePathName(seg->mdfd_vfd))));
    /* note that this calculation will ignore any partial block at EOF */
    return (BlockNumber) (len / BLCKSZ);
}
 
/*
 * Sync a file to disk, given a file tag.  Write the path into an output
 * buffer so the caller can use it in error messages.
 *
 * Return 0 on success, -1 on failure, with errno set.
 */
int
mdsyncfiletag(const FileTag *ftag, char *path)
{
    SMgrRelation reln = smgropen(ftag->rlocator, INVALID_PROC_NUMBER);
    File        file;
    instr_time  io_start;
    bool        need_to_close;
    int         result,
                save_errno;
 
    /* See if we already have the file open, or need to open it. */
    if (ftag->segno < reln->md_num_open_segs[ftag->forknum])
    {
        file = reln->md_seg_fds[ftag->forknum][ftag->segno].mdfd_vfd;
        strlcpy(path, FilePathName(file), MAXPGPATH);
        need_to_close = false;
    }
    else
    {
        MdPathStr   p;
 
        p = _mdfd_segpath(reln, ftag->forknum, ftag->segno);
        strlcpy(path, p.str, MD_PATH_STR_MAXLEN);
 
        file = PathNameOpenFile(path, _mdfd_open_flags());
        if (file < 0)
            return -1;
        need_to_close = true;
    }
 
    io_start = pgstat_prepare_io_time(track_io_timing);
 
    /* Sync the file. */
    result = FileSync(file, WAIT_EVENT_DATA_FILE_SYNC);
    save_errno = errno;
 
    if (need_to_close)
        FileClose(file);
 
    pgstat_count_io_op_time(IOOBJECT_RELATION, IOCONTEXT_NORMAL,
                            IOOP_FSYNC, io_start, 1, 0);
 
    errno = save_errno;
    return result;
}
 
/*
 * Unlink a file, given a file tag.  Write the path into an output
 * buffer so the caller can use it in error messages.
 *
 * Return 0 on success, -1 on failure, with errno set.
 */
int
mdunlinkfiletag(const FileTag *ftag, char *path)
{
    RelPathStr  p;
 
    /* Compute the path. */
    p = relpathperm(ftag->rlocator, MAIN_FORKNUM);
    strlcpy(path, p.str, MAXPGPATH);
 
    /* Try to unlink the file. */
    return unlink(path);
}
 
/*
 * Check if a given candidate request matches a given tag, when processing
 * a SYNC_FILTER_REQUEST request.  This will be called for all pending
 * requests to find out whether to forget them.
 */
bool
mdfiletagmatches(const FileTag *ftag, const FileTag *candidate)
{
    /*
     * For now we only use filter requests as a way to drop all scheduled
     * callbacks relating to a given database, when dropping the database.
     * We'll return true for all candidates that have the same database OID as
     * the ftag from the SYNC_FILTER_REQUEST request, so they're forgotten.
     */
    return ftag->rlocator.dbOid == candidate->rlocator.dbOid;
}
 
/*
 * AIO completion callback for mdstartreadv().
 */
static PgAioResult
md_readv_complete(PgAioHandle *ioh, PgAioResult prior_result, uint8 cb_data)
{
    PgAioTargetData *td = pgaio_io_get_target_data(ioh);
    PgAioResult result = prior_result;
 
    if (prior_result.result < 0)
    {
        result.status = PGAIO_RS_ERROR;
        result.id = PGAIO_HCB_MD_READV;
        /* For "hard" errors, track the error number in error_data */
        result.error_data = -prior_result.result;
        result.result = 0;
 
        /*
         * Immediately log a message about the IO error, but only to the
         * server log. The reason to do so immediately is that the originator
         * might not process the query result immediately (because it is busy
         * doing another part of query processing) or at all (e.g. if it was
         * cancelled or errored out due to another IO also failing).  The
         * definer of the IO will emit an ERROR when processing the IO's
         * results
         */
        pgaio_result_report(result, td, LOG_SERVER_ONLY);
 
        return result;
    }
 
    /*
     * As explained above smgrstartreadv(), the smgr API operates on the level
     * of blocks, rather than bytes. Convert.
     */
    result.result /= BLCKSZ;
 
    Assert(result.result <= td->smgr.nblocks);
 
    if (result.result == 0)
    {
        /* consider 0 blocks read a failure */
        result.status = PGAIO_RS_ERROR;
        result.id = PGAIO_HCB_MD_READV;
        result.error_data = 0;
 
        /* see comment above the "hard error" case */
        pgaio_result_report(result, td, LOG_SERVER_ONLY);
 
        return result;
    }
 
    if (result.status != PGAIO_RS_ERROR &&
        result.result < td->smgr.nblocks)
    {
        /* partial reads should be retried at upper level */
        result.status = PGAIO_RS_PARTIAL;
        result.id = PGAIO_HCB_MD_READV;
    }
 
    return result;
}
 
/*
 * AIO error reporting callback for mdstartreadv().
 *
 * Errors are encoded as follows:
 * - PgAioResult.error_data != 0 encodes IO that failed with that errno
 * - PgAioResult.error_data == 0 encodes IO that didn't read all data
 */
static void
md_readv_report(PgAioResult result, const PgAioTargetData *td, int elevel)
{
    RelPathStr  path;
 
    path = relpathbackend(td->smgr.rlocator,
                          td->smgr.is_temp ? MyProcNumber : INVALID_PROC_NUMBER,
                          td->smgr.forkNum);
 
    if (result.error_data != 0)
    {
        /* for errcode_for_file_access() and %m */
        errno = result.error_data;
 
        ereport(elevel,
                errcode_for_file_access(),
                errmsg("could not read blocks %u..%u in file \"%s\": %m",
                       td->smgr.blockNum,
                       td->smgr.blockNum + td->smgr.nblocks - 1,
                       path.str));
    }
    else
    {
        /*
         * NB: This will typically only be output in debug messages, while
         * retrying a partial IO.
         */
        ereport(elevel,
                errcode(ERRCODE_DATA_CORRUPTED),
                errmsg("could not read blocks %u..%u in file \"%s\": read only %zu of %zu bytes",
                       td->smgr.blockNum,
                       td->smgr.blockNum + td->smgr.nblocks - 1,
                       path.str,
                       result.result * (size_t) BLCKSZ,
                       td->smgr.nblocks * (size_t) BLCKSZ));
    }
}