PostgreSQL Source Code  git master
xlogreader.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * xlogreader.c
4  * Generic XLog reading facility
5  *
6  * Portions Copyright (c) 2013-2021, PostgreSQL Global Development Group
7  *
8  * IDENTIFICATION
9  * src/backend/access/transam/xlogreader.c
10  *
11  * NOTES
12  * See xlogreader.h for more notes on this facility.
13  *
14  * This file is compiled as both front-end and backend code, so it
15  * may not use ereport, server-defined static variables, etc.
16  *-------------------------------------------------------------------------
17  */
18 #include "postgres.h"
19 
20 #include <unistd.h>
21 #ifdef USE_LZ4
22 #include <lz4.h>
23 #endif
24 
25 #include "access/transam.h"
26 #include "access/xlog_internal.h"
27 #include "access/xlogreader.h"
28 #include "access/xlogrecord.h"
29 #include "catalog/pg_control.h"
30 #include "common/pg_lzcompress.h"
31 #include "replication/origin.h"
32 
33 #ifndef FRONTEND
34 #include "miscadmin.h"
35 #include "pgstat.h"
36 #include "utils/memutils.h"
37 #endif
38 
39 static void report_invalid_record(XLogReaderState *state, const char *fmt,...)
40  pg_attribute_printf(2, 3);
41 static bool allocate_recordbuf(XLogReaderState *state, uint32 reclength);
42 static int ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr,
43  int reqLen);
44 static void XLogReaderInvalReadState(XLogReaderState *state);
45 static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr,
46  XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess);
47 static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record,
48  XLogRecPtr recptr);
49 static void ResetDecoder(XLogReaderState *state);
50 static void WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt,
51  int segsize, const char *waldir);
52 
53 /* size of the buffer allocated for error message. */
54 #define MAX_ERRORMSG_LEN 1000
55 
56 /*
57  * Construct a string in state->errormsg_buf explaining what's wrong with
58  * the current record being read.
59  */
60 static void
61 report_invalid_record(XLogReaderState *state, const char *fmt,...)
62 {
63  va_list args;
64 
65  fmt = _(fmt);
66 
67  va_start(args, fmt);
68  vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args);
69  va_end(args);
70 }
71 
72 /*
73  * Allocate and initialize a new XLogReader.
74  *
75  * Returns NULL if the xlogreader couldn't be allocated.
76  */
78 XLogReaderAllocate(int wal_segment_size, const char *waldir,
79  XLogReaderRoutine *routine, void *private_data)
80 {
81  XLogReaderState *state;
82 
83  state = (XLogReaderState *)
86  if (!state)
87  return NULL;
88 
89  /* initialize caller-provided support functions */
90  state->routine = *routine;
91 
92  state->max_block_id = -1;
93 
94  /*
95  * Permanently allocate readBuf. We do it this way, rather than just
96  * making a static array, for two reasons: (1) no need to waste the
97  * storage in most instantiations of the backend; (2) a static char array
98  * isn't guaranteed to have any particular alignment, whereas
99  * palloc_extended() will provide MAXALIGN'd storage.
100  */
101  state->readBuf = (char *) palloc_extended(XLOG_BLCKSZ,
103  if (!state->readBuf)
104  {
105  pfree(state);
106  return NULL;
107  }
108 
109  /* Initialize segment info. */
110  WALOpenSegmentInit(&state->seg, &state->segcxt, wal_segment_size,
111  waldir);
112 
113  /* system_identifier initialized to zeroes above */
114  state->private_data = private_data;
115  /* ReadRecPtr, EndRecPtr and readLen initialized to zeroes above */
118  if (!state->errormsg_buf)
119  {
120  pfree(state->readBuf);
121  pfree(state);
122  return NULL;
123  }
124  state->errormsg_buf[0] = '\0';
125 
126  /*
127  * Allocate an initial readRecordBuf of minimal size, which can later be
128  * enlarged if necessary.
129  */
130  if (!allocate_recordbuf(state, 0))
131  {
132  pfree(state->errormsg_buf);
133  pfree(state->readBuf);
134  pfree(state);
135  return NULL;
136  }
137 
138  return state;
139 }
140 
141 void
143 {
144  int block_id;
145 
146  if (state->seg.ws_file != -1)
147  state->routine.segment_close(state);
148 
149  for (block_id = 0; block_id <= XLR_MAX_BLOCK_ID; block_id++)
150  {
151  if (state->blocks[block_id].data)
152  pfree(state->blocks[block_id].data);
153  }
154  if (state->main_data)
155  pfree(state->main_data);
156 
157  pfree(state->errormsg_buf);
158  if (state->readRecordBuf)
159  pfree(state->readRecordBuf);
160  pfree(state->readBuf);
161  pfree(state);
162 }
163 
164 /*
165  * Allocate readRecordBuf to fit a record of at least the given length.
166  * Returns true if successful, false if out of memory.
167  *
168  * readRecordBufSize is set to the new buffer size.
169  *
170  * To avoid useless small increases, round its size to a multiple of
171  * XLOG_BLCKSZ, and make sure it's at least 5*Max(BLCKSZ, XLOG_BLCKSZ) to start
172  * with. (That is enough for all "normal" records, but very large commit or
173  * abort records might need more space.)
174  */
175 static bool
177 {
178  uint32 newSize = reclength;
179 
180  newSize += XLOG_BLCKSZ - (newSize % XLOG_BLCKSZ);
181  newSize = Max(newSize, 5 * Max(BLCKSZ, XLOG_BLCKSZ));
182 
183 #ifndef FRONTEND
184 
185  /*
186  * Note that in much unlucky circumstances, the random data read from a
187  * recycled segment can cause this routine to be called with a size
188  * causing a hard failure at allocation. For a standby, this would cause
189  * the instance to stop suddenly with a hard failure, preventing it to
190  * retry fetching WAL from one of its sources which could allow it to move
191  * on with replay without a manual restart. If the data comes from a past
192  * recycled segment and is still valid, then the allocation may succeed
193  * but record checks are going to fail so this would be short-lived. If
194  * the allocation fails because of a memory shortage, then this is not a
195  * hard failure either per the guarantee given by MCXT_ALLOC_NO_OOM.
196  */
197  if (!AllocSizeIsValid(newSize))
198  return false;
199 
200 #endif
201 
202  if (state->readRecordBuf)
203  pfree(state->readRecordBuf);
204  state->readRecordBuf =
205  (char *) palloc_extended(newSize, MCXT_ALLOC_NO_OOM);
206  if (state->readRecordBuf == NULL)
207  {
208  state->readRecordBufSize = 0;
209  return false;
210  }
211  state->readRecordBufSize = newSize;
212  return true;
213 }
214 
215 /*
216  * Initialize the passed segment structs.
217  */
218 static void
220  int segsize, const char *waldir)
221 {
222  seg->ws_file = -1;
223  seg->ws_segno = 0;
224  seg->ws_tli = 0;
225 
226  segcxt->ws_segsize = segsize;
227  if (waldir)
228  snprintf(segcxt->ws_dir, MAXPGPATH, "%s", waldir);
229 }
230 
231 /*
232  * Begin reading WAL at 'RecPtr'.
233  *
234  * 'RecPtr' should point to the beginnning of a valid WAL record. Pointing at
235  * the beginning of a page is also OK, if there is a new record right after
236  * the page header, i.e. not a continuation.
237  *
238  * This does not make any attempt to read the WAL yet, and hence cannot fail.
239  * If the starting address is not correct, the first call to XLogReadRecord()
240  * will error out.
241  */
242 void
244 {
245  Assert(!XLogRecPtrIsInvalid(RecPtr));
246 
247  ResetDecoder(state);
248 
249  /* Begin at the passed-in record pointer. */
250  state->EndRecPtr = RecPtr;
251  state->ReadRecPtr = InvalidXLogRecPtr;
252 }
253 
254 /*
255  * Attempt to read an XLOG record.
256  *
257  * XLogBeginRead() or XLogFindNextRecord() must be called before the first call
258  * to XLogReadRecord().
259  *
260  * If the page_read callback fails to read the requested data, NULL is
261  * returned. The callback is expected to have reported the error; errormsg
262  * is set to NULL.
263  *
264  * If the reading fails for some other reason, NULL is also returned, and
265  * *errormsg is set to a string with details of the failure.
266  *
267  * The returned pointer (or *errormsg) points to an internal buffer that's
268  * valid until the next call to XLogReadRecord.
269  */
270 XLogRecord *
271 XLogReadRecord(XLogReaderState *state, char **errormsg)
272 {
273  XLogRecPtr RecPtr;
274  XLogRecord *record;
275  XLogRecPtr targetPagePtr;
276  bool randAccess;
277  uint32 len,
278  total_len;
279  uint32 targetRecOff;
280  uint32 pageHeaderSize;
281  bool assembled;
282  bool gotheader;
283  int readOff;
284 
285  /*
286  * randAccess indicates whether to verify the previous-record pointer of
287  * the record we're reading. We only do this if we're reading
288  * sequentially, which is what we initially assume.
289  */
290  randAccess = false;
291 
292  /* reset error state */
293  *errormsg = NULL;
294  state->errormsg_buf[0] = '\0';
295 
296  ResetDecoder(state);
299 
300  RecPtr = state->EndRecPtr;
301 
302  if (state->ReadRecPtr != InvalidXLogRecPtr)
303  {
304  /* read the record after the one we just read */
305 
306  /*
307  * EndRecPtr is pointing to end+1 of the previous WAL record. If
308  * we're at a page boundary, no more records can fit on the current
309  * page. We must skip over the page header, but we can't do that until
310  * we've read in the page, since the header size is variable.
311  */
312  }
313  else
314  {
315  /*
316  * Caller supplied a position to start at.
317  *
318  * In this case, EndRecPtr should already be pointing to a valid
319  * record starting position.
320  */
321  Assert(XRecOffIsValid(RecPtr));
322  randAccess = true;
323  }
324 
325 restart:
326  state->currRecPtr = RecPtr;
327  assembled = false;
328 
329  targetPagePtr = RecPtr - (RecPtr % XLOG_BLCKSZ);
330  targetRecOff = RecPtr % XLOG_BLCKSZ;
331 
332  /*
333  * Read the page containing the record into state->readBuf. Request enough
334  * byte to cover the whole record header, or at least the part of it that
335  * fits on the same page.
336  */
337  readOff = ReadPageInternal(state, targetPagePtr,
338  Min(targetRecOff + SizeOfXLogRecord, XLOG_BLCKSZ));
339  if (readOff < 0)
340  goto err;
341 
342  /*
343  * ReadPageInternal always returns at least the page header, so we can
344  * examine it now.
345  */
346  pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
347  if (targetRecOff == 0)
348  {
349  /*
350  * At page start, so skip over page header.
351  */
352  RecPtr += pageHeaderSize;
353  targetRecOff = pageHeaderSize;
354  }
355  else if (targetRecOff < pageHeaderSize)
356  {
357  report_invalid_record(state, "invalid record offset at %X/%X",
358  LSN_FORMAT_ARGS(RecPtr));
359  goto err;
360  }
361 
362  if ((((XLogPageHeader) state->readBuf)->xlp_info & XLP_FIRST_IS_CONTRECORD) &&
363  targetRecOff == pageHeaderSize)
364  {
365  report_invalid_record(state, "contrecord is requested by %X/%X",
366  LSN_FORMAT_ARGS(RecPtr));
367  goto err;
368  }
369 
370  /* ReadPageInternal has verified the page header */
371  Assert(pageHeaderSize <= readOff);
372 
373  /*
374  * Read the record length.
375  *
376  * NB: Even though we use an XLogRecord pointer here, the whole record
377  * header might not fit on this page. xl_tot_len is the first field of the
378  * struct, so it must be on this page (the records are MAXALIGNed), but we
379  * cannot access any other fields until we've verified that we got the
380  * whole header.
381  */
382  record = (XLogRecord *) (state->readBuf + RecPtr % XLOG_BLCKSZ);
383  total_len = record->xl_tot_len;
384 
385  /*
386  * If the whole record header is on this page, validate it immediately.
387  * Otherwise do just a basic sanity check on xl_tot_len, and validate the
388  * rest of the header after reading it from the next page. The xl_tot_len
389  * check is necessary here to ensure that we enter the "Need to reassemble
390  * record" code path below; otherwise we might fail to apply
391  * ValidXLogRecordHeader at all.
392  */
393  if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
394  {
395  if (!ValidXLogRecordHeader(state, RecPtr, state->ReadRecPtr, record,
396  randAccess))
397  goto err;
398  gotheader = true;
399  }
400  else
401  {
402  /* XXX: more validation should be done here */
403  if (total_len < SizeOfXLogRecord)
404  {
405  report_invalid_record(state,
406  "invalid record length at %X/%X: wanted %u, got %u",
407  LSN_FORMAT_ARGS(RecPtr),
408  (uint32) SizeOfXLogRecord, total_len);
409  goto err;
410  }
411  gotheader = false;
412  }
413 
414  len = XLOG_BLCKSZ - RecPtr % XLOG_BLCKSZ;
415  if (total_len > len)
416  {
417  /* Need to reassemble record */
418  char *contdata;
419  XLogPageHeader pageHeader;
420  char *buffer;
421  uint32 gotlen;
422 
423  assembled = true;
424 
425  /*
426  * Enlarge readRecordBuf as needed.
427  */
428  if (total_len > state->readRecordBufSize &&
429  !allocate_recordbuf(state, total_len))
430  {
431  /* We treat this as a "bogus data" condition */
432  report_invalid_record(state, "record length %u at %X/%X too long",
433  total_len, LSN_FORMAT_ARGS(RecPtr));
434  goto err;
435  }
436 
437  /* Copy the first fragment of the record from the first page. */
438  memcpy(state->readRecordBuf,
439  state->readBuf + RecPtr % XLOG_BLCKSZ, len);
440  buffer = state->readRecordBuf + len;
441  gotlen = len;
442 
443  do
444  {
445  /* Calculate pointer to beginning of next page */
446  targetPagePtr += XLOG_BLCKSZ;
447 
448  /* Wait for the next page to become available */
449  readOff = ReadPageInternal(state, targetPagePtr,
450  Min(total_len - gotlen + SizeOfXLogShortPHD,
451  XLOG_BLCKSZ));
452 
453  if (readOff < 0)
454  goto err;
455 
456  Assert(SizeOfXLogShortPHD <= readOff);
457 
458  pageHeader = (XLogPageHeader) state->readBuf;
459 
460  /*
461  * If we were expecting a continuation record and got an
462  * "overwrite contrecord" flag, that means the continuation record
463  * was overwritten with a different record. Restart the read by
464  * assuming the address to read is the location where we found
465  * this flag; but keep track of the LSN of the record we were
466  * reading, for later verification.
467  */
469  {
470  state->overwrittenRecPtr = state->currRecPtr;
471  ResetDecoder(state);
472  RecPtr = targetPagePtr;
473  goto restart;
474  }
475 
476  /* Check that the continuation on next page looks valid */
477  if (!(pageHeader->xlp_info & XLP_FIRST_IS_CONTRECORD))
478  {
479  report_invalid_record(state,
480  "there is no contrecord flag at %X/%X",
481  LSN_FORMAT_ARGS(RecPtr));
482  goto err;
483  }
484 
485  /*
486  * Cross-check that xlp_rem_len agrees with how much of the record
487  * we expect there to be left.
488  */
489  if (pageHeader->xlp_rem_len == 0 ||
490  total_len != (pageHeader->xlp_rem_len + gotlen))
491  {
492  report_invalid_record(state,
493  "invalid contrecord length %u (expected %lld) at %X/%X",
494  pageHeader->xlp_rem_len,
495  ((long long) total_len) - gotlen,
496  LSN_FORMAT_ARGS(RecPtr));
497  goto err;
498  }
499 
500  /* Append the continuation from this page to the buffer */
501  pageHeaderSize = XLogPageHeaderSize(pageHeader);
502 
503  if (readOff < pageHeaderSize)
504  readOff = ReadPageInternal(state, targetPagePtr,
505  pageHeaderSize);
506 
507  Assert(pageHeaderSize <= readOff);
508 
509  contdata = (char *) state->readBuf + pageHeaderSize;
510  len = XLOG_BLCKSZ - pageHeaderSize;
511  if (pageHeader->xlp_rem_len < len)
512  len = pageHeader->xlp_rem_len;
513 
514  if (readOff < pageHeaderSize + len)
515  readOff = ReadPageInternal(state, targetPagePtr,
516  pageHeaderSize + len);
517 
518  memcpy(buffer, (char *) contdata, len);
519  buffer += len;
520  gotlen += len;
521 
522  /* If we just reassembled the record header, validate it. */
523  if (!gotheader)
524  {
525  record = (XLogRecord *) state->readRecordBuf;
526  if (!ValidXLogRecordHeader(state, RecPtr, state->ReadRecPtr,
527  record, randAccess))
528  goto err;
529  gotheader = true;
530  }
531  } while (gotlen < total_len);
532 
533  Assert(gotheader);
534 
535  record = (XLogRecord *) state->readRecordBuf;
536  if (!ValidXLogRecord(state, record, RecPtr))
537  goto err;
538 
539  pageHeaderSize = XLogPageHeaderSize((XLogPageHeader) state->readBuf);
540  state->ReadRecPtr = RecPtr;
541  state->EndRecPtr = targetPagePtr + pageHeaderSize
542  + MAXALIGN(pageHeader->xlp_rem_len);
543  }
544  else
545  {
546  /* Wait for the record data to become available */
547  readOff = ReadPageInternal(state, targetPagePtr,
548  Min(targetRecOff + total_len, XLOG_BLCKSZ));
549  if (readOff < 0)
550  goto err;
551 
552  /* Record does not cross a page boundary */
553  if (!ValidXLogRecord(state, record, RecPtr))
554  goto err;
555 
556  state->EndRecPtr = RecPtr + MAXALIGN(total_len);
557 
558  state->ReadRecPtr = RecPtr;
559  }
560 
561  /*
562  * Special processing if it's an XLOG SWITCH record
563  */
564  if (record->xl_rmid == RM_XLOG_ID &&
565  (record->xl_info & ~XLR_INFO_MASK) == XLOG_SWITCH)
566  {
567  /* Pretend it extends to end of segment */
568  state->EndRecPtr += state->segcxt.ws_segsize - 1;
569  state->EndRecPtr -= XLogSegmentOffset(state->EndRecPtr, state->segcxt.ws_segsize);
570  }
571 
572  if (DecodeXLogRecord(state, record, errormsg))
573  return record;
574  else
575  return NULL;
576 
577 err:
578  if (assembled)
579  {
580  /*
581  * We get here when a record that spans multiple pages needs to be
582  * assembled, but something went wrong -- perhaps a contrecord piece
583  * was lost. If caller is WAL replay, it will know where the aborted
584  * record was and where to direct followup WAL to be written, marking
585  * the next piece with XLP_FIRST_IS_OVERWRITE_CONTRECORD, which will
586  * in turn signal downstream WAL consumers that the broken WAL record
587  * is to be ignored.
588  */
589  state->abortedRecPtr = RecPtr;
590  state->missingContrecPtr = targetPagePtr;
591  }
592 
593  /*
594  * Invalidate the read state. We might read from a different source after
595  * failure.
596  */
598 
599  if (state->errormsg_buf[0] != '\0')
600  *errormsg = state->errormsg_buf;
601 
602  return NULL;
603 }
604 
605 /*
606  * Read a single xlog page including at least [pageptr, reqLen] of valid data
607  * via the page_read() callback.
608  *
609  * Returns -1 if the required page cannot be read for some reason; errormsg_buf
610  * is set in that case (unless the error occurs in the page_read callback).
611  *
612  * We fetch the page from a reader-local cache if we know we have the required
613  * data and if there hasn't been any error since caching the data.
614  */
615 static int
616 ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
617 {
618  int readLen;
619  uint32 targetPageOff;
620  XLogSegNo targetSegNo;
621  XLogPageHeader hdr;
622 
623  Assert((pageptr % XLOG_BLCKSZ) == 0);
624 
625  XLByteToSeg(pageptr, targetSegNo, state->segcxt.ws_segsize);
626  targetPageOff = XLogSegmentOffset(pageptr, state->segcxt.ws_segsize);
627 
628  /* check whether we have all the requested data already */
629  if (targetSegNo == state->seg.ws_segno &&
630  targetPageOff == state->segoff && reqLen <= state->readLen)
631  return state->readLen;
632 
633  /*
634  * Data is not in our buffer.
635  *
636  * Every time we actually read the segment, even if we looked at parts of
637  * it before, we need to do verification as the page_read callback might
638  * now be rereading data from a different source.
639  *
640  * Whenever switching to a new WAL segment, we read the first page of the
641  * file and validate its header, even if that's not where the target
642  * record is. This is so that we can check the additional identification
643  * info that is present in the first page's "long" header.
644  */
645  if (targetSegNo != state->seg.ws_segno && targetPageOff != 0)
646  {
647  XLogRecPtr targetSegmentPtr = pageptr - targetPageOff;
648 
649  readLen = state->routine.page_read(state, targetSegmentPtr, XLOG_BLCKSZ,
650  state->currRecPtr,
651  state->readBuf);
652  if (readLen < 0)
653  goto err;
654 
655  /* we can be sure to have enough WAL available, we scrolled back */
656  Assert(readLen == XLOG_BLCKSZ);
657 
658  if (!XLogReaderValidatePageHeader(state, targetSegmentPtr,
659  state->readBuf))
660  goto err;
661  }
662 
663  /*
664  * First, read the requested data length, but at least a short page header
665  * so that we can validate it.
666  */
667  readLen = state->routine.page_read(state, pageptr, Max(reqLen, SizeOfXLogShortPHD),
668  state->currRecPtr,
669  state->readBuf);
670  if (readLen < 0)
671  goto err;
672 
673  Assert(readLen <= XLOG_BLCKSZ);
674 
675  /* Do we have enough data to check the header length? */
676  if (readLen <= SizeOfXLogShortPHD)
677  goto err;
678 
679  Assert(readLen >= reqLen);
680 
681  hdr = (XLogPageHeader) state->readBuf;
682 
683  /* still not enough */
684  if (readLen < XLogPageHeaderSize(hdr))
685  {
686  readLen = state->routine.page_read(state, pageptr, XLogPageHeaderSize(hdr),
687  state->currRecPtr,
688  state->readBuf);
689  if (readLen < 0)
690  goto err;
691  }
692 
693  /*
694  * Now that we know we have the full header, validate it.
695  */
696  if (!XLogReaderValidatePageHeader(state, pageptr, (char *) hdr))
697  goto err;
698 
699  /* update read state information */
700  state->seg.ws_segno = targetSegNo;
701  state->segoff = targetPageOff;
702  state->readLen = readLen;
703 
704  return readLen;
705 
706 err:
708  return -1;
709 }
710 
711 /*
712  * Invalidate the xlogreader's read state to force a re-read.
713  */
714 static void
716 {
717  state->seg.ws_segno = 0;
718  state->segoff = 0;
719  state->readLen = 0;
720 }
721 
722 /*
723  * Validate an XLOG record header.
724  *
725  * This is just a convenience subroutine to avoid duplicated code in
726  * XLogReadRecord. It's not intended for use from anywhere else.
727  */
728 static bool
730  XLogRecPtr PrevRecPtr, XLogRecord *record,
731  bool randAccess)
732 {
733  if (record->xl_tot_len < SizeOfXLogRecord)
734  {
735  report_invalid_record(state,
736  "invalid record length at %X/%X: wanted %u, got %u",
737  LSN_FORMAT_ARGS(RecPtr),
738  (uint32) SizeOfXLogRecord, record->xl_tot_len);
739  return false;
740  }
741  if (record->xl_rmid > RM_MAX_ID)
742  {
743  report_invalid_record(state,
744  "invalid resource manager ID %u at %X/%X",
745  record->xl_rmid, LSN_FORMAT_ARGS(RecPtr));
746  return false;
747  }
748  if (randAccess)
749  {
750  /*
751  * We can't exactly verify the prev-link, but surely it should be less
752  * than the record's own address.
753  */
754  if (!(record->xl_prev < RecPtr))
755  {
756  report_invalid_record(state,
757  "record with incorrect prev-link %X/%X at %X/%X",
758  LSN_FORMAT_ARGS(record->xl_prev),
759  LSN_FORMAT_ARGS(RecPtr));
760  return false;
761  }
762  }
763  else
764  {
765  /*
766  * Record's prev-link should exactly match our previous location. This
767  * check guards against torn WAL pages where a stale but valid-looking
768  * WAL record starts on a sector boundary.
769  */
770  if (record->xl_prev != PrevRecPtr)
771  {
772  report_invalid_record(state,
773  "record with incorrect prev-link %X/%X at %X/%X",
774  LSN_FORMAT_ARGS(record->xl_prev),
775  LSN_FORMAT_ARGS(RecPtr));
776  return false;
777  }
778  }
779 
780  return true;
781 }
782 
783 
784 /*
785  * CRC-check an XLOG record. We do not believe the contents of an XLOG
786  * record (other than to the minimal extent of computing the amount of
787  * data to read in) until we've checked the CRCs.
788  *
789  * We assume all of the record (that is, xl_tot_len bytes) has been read
790  * into memory at *record. Also, ValidXLogRecordHeader() has accepted the
791  * record's header, which means in particular that xl_tot_len is at least
792  * SizeOfXLogRecord.
793  */
794 static bool
796 {
797  pg_crc32c crc;
798 
799  /* Calculate the CRC */
800  INIT_CRC32C(crc);
801  COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
802  /* include the record header last */
803  COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
804  FIN_CRC32C(crc);
805 
806  if (!EQ_CRC32C(record->xl_crc, crc))
807  {
808  report_invalid_record(state,
809  "incorrect resource manager data checksum in record at %X/%X",
810  LSN_FORMAT_ARGS(recptr));
811  return false;
812  }
813 
814  return true;
815 }
816 
817 /*
818  * Validate a page header.
819  *
820  * Check if 'phdr' is valid as the header of the XLog page at position
821  * 'recptr'.
822  */
823 bool
825  char *phdr)
826 {
827  XLogRecPtr recaddr;
828  XLogSegNo segno;
829  int32 offset;
830  XLogPageHeader hdr = (XLogPageHeader) phdr;
831 
832  Assert((recptr % XLOG_BLCKSZ) == 0);
833 
834  XLByteToSeg(recptr, segno, state->segcxt.ws_segsize);
835  offset = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
836 
837  XLogSegNoOffsetToRecPtr(segno, offset, state->segcxt.ws_segsize, recaddr);
838 
839  if (hdr->xlp_magic != XLOG_PAGE_MAGIC)
840  {
841  char fname[MAXFNAMELEN];
842 
843  XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
844 
845  report_invalid_record(state,
846  "invalid magic number %04X in log segment %s, offset %u",
847  hdr->xlp_magic,
848  fname,
849  offset);
850  return false;
851  }
852 
853  if ((hdr->xlp_info & ~XLP_ALL_FLAGS) != 0)
854  {
855  char fname[MAXFNAMELEN];
856 
857  XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
858 
859  report_invalid_record(state,
860  "invalid info bits %04X in log segment %s, offset %u",
861  hdr->xlp_info,
862  fname,
863  offset);
864  return false;
865  }
866 
867  if (hdr->xlp_info & XLP_LONG_HEADER)
868  {
869  XLogLongPageHeader longhdr = (XLogLongPageHeader) hdr;
870 
871  if (state->system_identifier &&
872  longhdr->xlp_sysid != state->system_identifier)
873  {
874  report_invalid_record(state,
875  "WAL file is from different database system: WAL file database system identifier is %llu, pg_control database system identifier is %llu",
876  (unsigned long long) longhdr->xlp_sysid,
877  (unsigned long long) state->system_identifier);
878  return false;
879  }
880  else if (longhdr->xlp_seg_size != state->segcxt.ws_segsize)
881  {
882  report_invalid_record(state,
883  "WAL file is from different database system: incorrect segment size in page header");
884  return false;
885  }
886  else if (longhdr->xlp_xlog_blcksz != XLOG_BLCKSZ)
887  {
888  report_invalid_record(state,
889  "WAL file is from different database system: incorrect XLOG_BLCKSZ in page header");
890  return false;
891  }
892  }
893  else if (offset == 0)
894  {
895  char fname[MAXFNAMELEN];
896 
897  XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
898 
899  /* hmm, first page of file doesn't have a long header? */
900  report_invalid_record(state,
901  "invalid info bits %04X in log segment %s, offset %u",
902  hdr->xlp_info,
903  fname,
904  offset);
905  return false;
906  }
907 
908  /*
909  * Check that the address on the page agrees with what we expected. This
910  * check typically fails when an old WAL segment is recycled, and hasn't
911  * yet been overwritten with new data yet.
912  */
913  if (hdr->xlp_pageaddr != recaddr)
914  {
915  char fname[MAXFNAMELEN];
916 
917  XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
918 
919  report_invalid_record(state,
920  "unexpected pageaddr %X/%X in log segment %s, offset %u",
922  fname,
923  offset);
924  return false;
925  }
926 
927  /*
928  * Since child timelines are always assigned a TLI greater than their
929  * immediate parent's TLI, we should never see TLI go backwards across
930  * successive pages of a consistent WAL sequence.
931  *
932  * Sometimes we re-read a segment that's already been (partially) read. So
933  * we only verify TLIs for pages that are later than the last remembered
934  * LSN.
935  */
936  if (recptr > state->latestPagePtr)
937  {
938  if (hdr->xlp_tli < state->latestPageTLI)
939  {
940  char fname[MAXFNAMELEN];
941 
942  XLogFileName(fname, state->seg.ws_tli, segno, state->segcxt.ws_segsize);
943 
944  report_invalid_record(state,
945  "out-of-sequence timeline ID %u (after %u) in log segment %s, offset %u",
946  hdr->xlp_tli,
947  state->latestPageTLI,
948  fname,
949  offset);
950  return false;
951  }
952  }
953  state->latestPagePtr = recptr;
954  state->latestPageTLI = hdr->xlp_tli;
955 
956  return true;
957 }
958 
959 #ifdef FRONTEND
960 /*
961  * Functions that are currently not needed in the backend, but are better
962  * implemented inside xlogreader.c because of the internal facilities available
963  * here.
964  */
965 
966 /*
967  * Find the first record with an lsn >= RecPtr.
968  *
969  * This is different from XLogBeginRead() in that RecPtr doesn't need to point
970  * to a valid record boundary. Useful for checking whether RecPtr is a valid
971  * xlog address for reading, and to find the first valid address after some
972  * address when dumping records for debugging purposes.
973  *
974  * This positions the reader, like XLogBeginRead(), so that the next call to
975  * XLogReadRecord() will read the next valid record.
976  */
978 XLogFindNextRecord(XLogReaderState *state, XLogRecPtr RecPtr)
979 {
980  XLogRecPtr tmpRecPtr;
983  char *errormsg;
984 
985  Assert(!XLogRecPtrIsInvalid(RecPtr));
986 
987  /*
988  * skip over potential continuation data, keeping in mind that it may span
989  * multiple pages
990  */
991  tmpRecPtr = RecPtr;
992  while (true)
993  {
994  XLogRecPtr targetPagePtr;
995  int targetRecOff;
996  uint32 pageHeaderSize;
997  int readLen;
998 
999  /*
1000  * Compute targetRecOff. It should typically be equal or greater than
1001  * short page-header since a valid record can't start anywhere before
1002  * that, except when caller has explicitly specified the offset that
1003  * falls somewhere there or when we are skipping multi-page
1004  * continuation record. It doesn't matter though because
1005  * ReadPageInternal() is prepared to handle that and will read at
1006  * least short page-header worth of data
1007  */
1008  targetRecOff = tmpRecPtr % XLOG_BLCKSZ;
1009 
1010  /* scroll back to page boundary */
1011  targetPagePtr = tmpRecPtr - targetRecOff;
1012 
1013  /* Read the page containing the record */
1014  readLen = ReadPageInternal(state, targetPagePtr, targetRecOff);
1015  if (readLen < 0)
1016  goto err;
1017 
1018  header = (XLogPageHeader) state->readBuf;
1019 
1020  pageHeaderSize = XLogPageHeaderSize(header);
1021 
1022  /* make sure we have enough data for the page header */
1023  readLen = ReadPageInternal(state, targetPagePtr, pageHeaderSize);
1024  if (readLen < 0)
1025  goto err;
1026 
1027  /* skip over potential continuation data */
1028  if (header->xlp_info & XLP_FIRST_IS_CONTRECORD)
1029  {
1030  /*
1031  * If the length of the remaining continuation data is more than
1032  * what can fit in this page, the continuation record crosses over
1033  * this page. Read the next page and try again. xlp_rem_len in the
1034  * next page header will contain the remaining length of the
1035  * continuation data
1036  *
1037  * Note that record headers are MAXALIGN'ed
1038  */
1039  if (MAXALIGN(header->xlp_rem_len) >= (XLOG_BLCKSZ - pageHeaderSize))
1040  tmpRecPtr = targetPagePtr + XLOG_BLCKSZ;
1041  else
1042  {
1043  /*
1044  * The previous continuation record ends in this page. Set
1045  * tmpRecPtr to point to the first valid record
1046  */
1047  tmpRecPtr = targetPagePtr + pageHeaderSize
1048  + MAXALIGN(header->xlp_rem_len);
1049  break;
1050  }
1051  }
1052  else
1053  {
1054  tmpRecPtr = targetPagePtr + pageHeaderSize;
1055  break;
1056  }
1057  }
1058 
1059  /*
1060  * we know now that tmpRecPtr is an address pointing to a valid XLogRecord
1061  * because either we're at the first record after the beginning of a page
1062  * or we just jumped over the remaining data of a continuation.
1063  */
1064  XLogBeginRead(state, tmpRecPtr);
1065  while (XLogReadRecord(state, &errormsg) != NULL)
1066  {
1067  /* past the record we've found, break out */
1068  if (RecPtr <= state->ReadRecPtr)
1069  {
1070  /* Rewind the reader to the beginning of the last record. */
1071  found = state->ReadRecPtr;
1072  XLogBeginRead(state, found);
1073  return found;
1074  }
1075  }
1076 
1077 err:
1078  XLogReaderInvalReadState(state);
1079 
1080  return InvalidXLogRecPtr;
1081 }
1082 
1083 #endif /* FRONTEND */
1084 
1085 /*
1086  * Helper function to ease writing of XLogRoutine->page_read callbacks.
1087  * If this function is used, caller must supply a segment_open callback in
1088  * 'state', as that is used here.
1089  *
1090  * Read 'count' bytes into 'buf', starting at location 'startptr', from WAL
1091  * fetched from timeline 'tli'.
1092  *
1093  * Returns true if succeeded, false if an error occurs, in which case
1094  * 'errinfo' receives error details.
1095  *
1096  * XXX probably this should be improved to suck data directly from the
1097  * WAL buffers when possible.
1098  */
1099 bool
1101  char *buf, XLogRecPtr startptr, Size count, TimeLineID tli,
1102  WALReadError *errinfo)
1103 {
1104  char *p;
1105  XLogRecPtr recptr;
1106  Size nbytes;
1107 
1108  p = buf;
1109  recptr = startptr;
1110  nbytes = count;
1111 
1112  while (nbytes > 0)
1113  {
1114  uint32 startoff;
1115  int segbytes;
1116  int readbytes;
1117 
1118  startoff = XLogSegmentOffset(recptr, state->segcxt.ws_segsize);
1119 
1120  /*
1121  * If the data we want is not in a segment we have open, close what we
1122  * have (if anything) and open the next one, using the caller's
1123  * provided openSegment callback.
1124  */
1125  if (state->seg.ws_file < 0 ||
1126  !XLByteInSeg(recptr, state->seg.ws_segno, state->segcxt.ws_segsize) ||
1127  tli != state->seg.ws_tli)
1128  {
1129  XLogSegNo nextSegNo;
1130 
1131  if (state->seg.ws_file >= 0)
1132  state->routine.segment_close(state);
1133 
1134  XLByteToSeg(recptr, nextSegNo, state->segcxt.ws_segsize);
1135  state->routine.segment_open(state, nextSegNo, &tli);
1136 
1137  /* This shouldn't happen -- indicates a bug in segment_open */
1138  Assert(state->seg.ws_file >= 0);
1139 
1140  /* Update the current segment info. */
1141  state->seg.ws_tli = tli;
1142  state->seg.ws_segno = nextSegNo;
1143  }
1144 
1145  /* How many bytes are within this segment? */
1146  if (nbytes > (state->segcxt.ws_segsize - startoff))
1147  segbytes = state->segcxt.ws_segsize - startoff;
1148  else
1149  segbytes = nbytes;
1150 
1151 #ifndef FRONTEND
1153 #endif
1154 
1155  /* Reset errno first; eases reporting non-errno-affecting errors */
1156  errno = 0;
1157  readbytes = pg_pread(state->seg.ws_file, p, segbytes, (off_t) startoff);
1158 
1159 #ifndef FRONTEND
1161 #endif
1162 
1163  if (readbytes <= 0)
1164  {
1165  errinfo->wre_errno = errno;
1166  errinfo->wre_req = segbytes;
1167  errinfo->wre_read = readbytes;
1168  errinfo->wre_off = startoff;
1169  errinfo->wre_seg = state->seg;
1170  return false;
1171  }
1172 
1173  /* Update state for read */
1174  recptr += readbytes;
1175  nbytes -= readbytes;
1176  p += readbytes;
1177  }
1178 
1179  return true;
1180 }
1181 
1182 /* ----------------------------------------
1183  * Functions for decoding the data and block references in a record.
1184  * ----------------------------------------
1185  */
1186 
1187 /* private function to reset the state between records */
1188 static void
1190 {
1191  int block_id;
1192 
1193  state->decoded_record = NULL;
1194 
1195  state->main_data_len = 0;
1196 
1197  for (block_id = 0; block_id <= state->max_block_id; block_id++)
1198  {
1199  state->blocks[block_id].in_use = false;
1200  state->blocks[block_id].has_image = false;
1201  state->blocks[block_id].has_data = false;
1202  state->blocks[block_id].apply_image = false;
1203  }
1204  state->max_block_id = -1;
1205 }
1206 
1207 /*
1208  * Decode the previously read record.
1209  *
1210  * On error, a human-readable error message is returned in *errormsg, and
1211  * the return value is false.
1212  */
1213 bool
1214 DecodeXLogRecord(XLogReaderState *state, XLogRecord *record, char **errormsg)
1215 {
1216  /*
1217  * read next _size bytes from record buffer, but check for overrun first.
1218  */
1219 #define COPY_HEADER_FIELD(_dst, _size) \
1220  do { \
1221  if (remaining < _size) \
1222  goto shortdata_err; \
1223  memcpy(_dst, ptr, _size); \
1224  ptr += _size; \
1225  remaining -= _size; \
1226  } while(0)
1227 
1228  char *ptr;
1229  uint32 remaining;
1230  uint32 datatotal;
1231  RelFileNode *rnode = NULL;
1232  uint8 block_id;
1233 
1234  ResetDecoder(state);
1235 
1236  state->decoded_record = record;
1239 
1240  ptr = (char *) record;
1241  ptr += SizeOfXLogRecord;
1242  remaining = record->xl_tot_len - SizeOfXLogRecord;
1243 
1244  /* Decode the headers */
1245  datatotal = 0;
1246  while (remaining > datatotal)
1247  {
1248  COPY_HEADER_FIELD(&block_id, sizeof(uint8));
1249 
1250  if (block_id == XLR_BLOCK_ID_DATA_SHORT)
1251  {
1252  /* XLogRecordDataHeaderShort */
1253  uint8 main_data_len;
1254 
1255  COPY_HEADER_FIELD(&main_data_len, sizeof(uint8));
1256 
1257  state->main_data_len = main_data_len;
1258  datatotal += main_data_len;
1259  break; /* by convention, the main data fragment is
1260  * always last */
1261  }
1262  else if (block_id == XLR_BLOCK_ID_DATA_LONG)
1263  {
1264  /* XLogRecordDataHeaderLong */
1265  uint32 main_data_len;
1266 
1267  COPY_HEADER_FIELD(&main_data_len, sizeof(uint32));
1268  state->main_data_len = main_data_len;
1269  datatotal += main_data_len;
1270  break; /* by convention, the main data fragment is
1271  * always last */
1272  }
1273  else if (block_id == XLR_BLOCK_ID_ORIGIN)
1274  {
1275  COPY_HEADER_FIELD(&state->record_origin, sizeof(RepOriginId));
1276  }
1277  else if (block_id == XLR_BLOCK_ID_TOPLEVEL_XID)
1278  {
1279  COPY_HEADER_FIELD(&state->toplevel_xid, sizeof(TransactionId));
1280  }
1281  else if (block_id <= XLR_MAX_BLOCK_ID)
1282  {
1283  /* XLogRecordBlockHeader */
1284  DecodedBkpBlock *blk;
1285  uint8 fork_flags;
1286 
1287  if (block_id <= state->max_block_id)
1288  {
1289  report_invalid_record(state,
1290  "out-of-order block_id %u at %X/%X",
1291  block_id,
1292  LSN_FORMAT_ARGS(state->ReadRecPtr));
1293  goto err;
1294  }
1295  state->max_block_id = block_id;
1296 
1297  blk = &state->blocks[block_id];
1298  blk->in_use = true;
1299  blk->apply_image = false;
1300 
1301  COPY_HEADER_FIELD(&fork_flags, sizeof(uint8));
1302  blk->forknum = fork_flags & BKPBLOCK_FORK_MASK;
1303  blk->flags = fork_flags;
1304  blk->has_image = ((fork_flags & BKPBLOCK_HAS_IMAGE) != 0);
1305  blk->has_data = ((fork_flags & BKPBLOCK_HAS_DATA) != 0);
1306 
1307  COPY_HEADER_FIELD(&blk->data_len, sizeof(uint16));
1308  /* cross-check that the HAS_DATA flag is set iff data_length > 0 */
1309  if (blk->has_data && blk->data_len == 0)
1310  {
1311  report_invalid_record(state,
1312  "BKPBLOCK_HAS_DATA set, but no data included at %X/%X",
1313  LSN_FORMAT_ARGS(state->ReadRecPtr));
1314  goto err;
1315  }
1316  if (!blk->has_data && blk->data_len != 0)
1317  {
1318  report_invalid_record(state,
1319  "BKPBLOCK_HAS_DATA not set, but data length is %u at %X/%X",
1320  (unsigned int) blk->data_len,
1321  LSN_FORMAT_ARGS(state->ReadRecPtr));
1322  goto err;
1323  }
1324  datatotal += blk->data_len;
1325 
1326  if (blk->has_image)
1327  {
1328  COPY_HEADER_FIELD(&blk->bimg_len, sizeof(uint16));
1329  COPY_HEADER_FIELD(&blk->hole_offset, sizeof(uint16));
1330  COPY_HEADER_FIELD(&blk->bimg_info, sizeof(uint8));
1331 
1332  blk->apply_image = ((blk->bimg_info & BKPIMAGE_APPLY) != 0);
1333 
1334  if (BKPIMAGE_COMPRESSED(blk->bimg_info))
1335  {
1336  if (blk->bimg_info & BKPIMAGE_HAS_HOLE)
1337  COPY_HEADER_FIELD(&blk->hole_length, sizeof(uint16));
1338  else
1339  blk->hole_length = 0;
1340  }
1341  else
1342  blk->hole_length = BLCKSZ - blk->bimg_len;
1343  datatotal += blk->bimg_len;
1344 
1345  /*
1346  * cross-check that hole_offset > 0, hole_length > 0 and
1347  * bimg_len < BLCKSZ if the HAS_HOLE flag is set.
1348  */
1349  if ((blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1350  (blk->hole_offset == 0 ||
1351  blk->hole_length == 0 ||
1352  blk->bimg_len == BLCKSZ))
1353  {
1354  report_invalid_record(state,
1355  "BKPIMAGE_HAS_HOLE set, but hole offset %u length %u block image length %u at %X/%X",
1356  (unsigned int) blk->hole_offset,
1357  (unsigned int) blk->hole_length,
1358  (unsigned int) blk->bimg_len,
1359  LSN_FORMAT_ARGS(state->ReadRecPtr));
1360  goto err;
1361  }
1362 
1363  /*
1364  * cross-check that hole_offset == 0 and hole_length == 0 if
1365  * the HAS_HOLE flag is not set.
1366  */
1367  if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1368  (blk->hole_offset != 0 || blk->hole_length != 0))
1369  {
1370  report_invalid_record(state,
1371  "BKPIMAGE_HAS_HOLE not set, but hole offset %u length %u at %X/%X",
1372  (unsigned int) blk->hole_offset,
1373  (unsigned int) blk->hole_length,
1374  LSN_FORMAT_ARGS(state->ReadRecPtr));
1375  goto err;
1376  }
1377 
1378  /*
1379  * Cross-check that bimg_len < BLCKSZ if it is compressed.
1380  */
1381  if (BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1382  blk->bimg_len == BLCKSZ)
1383  {
1384  report_invalid_record(state,
1385  "BKPIMAGE_COMPRESSED set, but block image length %u at %X/%X",
1386  (unsigned int) blk->bimg_len,
1387  LSN_FORMAT_ARGS(state->ReadRecPtr));
1388  goto err;
1389  }
1390 
1391  /*
1392  * cross-check that bimg_len = BLCKSZ if neither HAS_HOLE is
1393  * set nor COMPRESSED().
1394  */
1395  if (!(blk->bimg_info & BKPIMAGE_HAS_HOLE) &&
1396  !BKPIMAGE_COMPRESSED(blk->bimg_info) &&
1397  blk->bimg_len != BLCKSZ)
1398  {
1399  report_invalid_record(state,
1400  "neither BKPIMAGE_HAS_HOLE nor BKPIMAGE_COMPRESSED set, but block image length is %u at %X/%X",
1401  (unsigned int) blk->data_len,
1402  LSN_FORMAT_ARGS(state->ReadRecPtr));
1403  goto err;
1404  }
1405  }
1406  if (!(fork_flags & BKPBLOCK_SAME_REL))
1407  {
1408  COPY_HEADER_FIELD(&blk->rnode, sizeof(RelFileNode));
1409  rnode = &blk->rnode;
1410  }
1411  else
1412  {
1413  if (rnode == NULL)
1414  {
1415  report_invalid_record(state,
1416  "BKPBLOCK_SAME_REL set but no previous rel at %X/%X",
1417  LSN_FORMAT_ARGS(state->ReadRecPtr));
1418  goto err;
1419  }
1420 
1421  blk->rnode = *rnode;
1422  }
1423  COPY_HEADER_FIELD(&blk->blkno, sizeof(BlockNumber));
1424  }
1425  else
1426  {
1427  report_invalid_record(state,
1428  "invalid block_id %u at %X/%X",
1429  block_id, LSN_FORMAT_ARGS(state->ReadRecPtr));
1430  goto err;
1431  }
1432  }
1433 
1434  if (remaining != datatotal)
1435  goto shortdata_err;
1436 
1437  /*
1438  * Ok, we've parsed the fragment headers, and verified that the total
1439  * length of the payload in the fragments is equal to the amount of data
1440  * left. Copy the data of each fragment to a separate buffer.
1441  *
1442  * We could just set up pointers into readRecordBuf, but we want to align
1443  * the data for the convenience of the callers. Backup images are not
1444  * copied, however; they don't need alignment.
1445  */
1446 
1447  /* block data first */
1448  for (block_id = 0; block_id <= state->max_block_id; block_id++)
1449  {
1450  DecodedBkpBlock *blk = &state->blocks[block_id];
1451 
1452  if (!blk->in_use)
1453  continue;
1454 
1455  Assert(blk->has_image || !blk->apply_image);
1456 
1457  if (blk->has_image)
1458  {
1459  blk->bkp_image = ptr;
1460  ptr += blk->bimg_len;
1461  }
1462  if (blk->has_data)
1463  {
1464  if (!blk->data || blk->data_len > blk->data_bufsz)
1465  {
1466  if (blk->data)
1467  pfree(blk->data);
1468 
1469  /*
1470  * Force the initial request to be BLCKSZ so that we don't
1471  * waste time with lots of trips through this stanza as a
1472  * result of WAL compression.
1473  */
1474  blk->data_bufsz = MAXALIGN(Max(blk->data_len, BLCKSZ));
1475  blk->data = palloc(blk->data_bufsz);
1476  }
1477  memcpy(blk->data, ptr, blk->data_len);
1478  ptr += blk->data_len;
1479  }
1480  }
1481 
1482  /* and finally, the main data */
1483  if (state->main_data_len > 0)
1484  {
1485  if (!state->main_data || state->main_data_len > state->main_data_bufsz)
1486  {
1487  if (state->main_data)
1488  pfree(state->main_data);
1489 
1490  /*
1491  * main_data_bufsz must be MAXALIGN'ed. In many xlog record
1492  * types, we omit trailing struct padding on-disk to save a few
1493  * bytes; but compilers may generate accesses to the xlog struct
1494  * that assume that padding bytes are present. If the palloc
1495  * request is not large enough to include such padding bytes then
1496  * we'll get valgrind complaints due to otherwise-harmless fetches
1497  * of the padding bytes.
1498  *
1499  * In addition, force the initial request to be reasonably large
1500  * so that we don't waste time with lots of trips through this
1501  * stanza. BLCKSZ / 2 seems like a good compromise choice.
1502  */
1503  state->main_data_bufsz = MAXALIGN(Max(state->main_data_len,
1504  BLCKSZ / 2));
1505  state->main_data = palloc(state->main_data_bufsz);
1506  }
1507  memcpy(state->main_data, ptr, state->main_data_len);
1508  ptr += state->main_data_len;
1509  }
1510 
1511  return true;
1512 
1513 shortdata_err:
1514  report_invalid_record(state,
1515  "record with invalid length at %X/%X",
1516  LSN_FORMAT_ARGS(state->ReadRecPtr));
1517 err:
1518  *errormsg = state->errormsg_buf;
1519 
1520  return false;
1521 }
1522 
1523 /*
1524  * Returns information about the block that a block reference refers to.
1525  *
1526  * If the WAL record contains a block reference with the given ID, *rnode,
1527  * *forknum, and *blknum are filled in (if not NULL), and returns true.
1528  * Otherwise returns false.
1529  */
1530 bool
1532  RelFileNode *rnode, ForkNumber *forknum, BlockNumber *blknum)
1533 {
1534  DecodedBkpBlock *bkpb;
1535 
1536  if (!record->blocks[block_id].in_use)
1537  return false;
1538 
1539  bkpb = &record->blocks[block_id];
1540  if (rnode)
1541  *rnode = bkpb->rnode;
1542  if (forknum)
1543  *forknum = bkpb->forknum;
1544  if (blknum)
1545  *blknum = bkpb->blkno;
1546  return true;
1547 }
1548 
1549 /*
1550  * Returns the data associated with a block reference, or NULL if there is
1551  * no data (e.g. because a full-page image was taken instead). The returned
1552  * pointer points to a MAXALIGNed buffer.
1553  */
1554 char *
1556 {
1557  DecodedBkpBlock *bkpb;
1558 
1559  if (!record->blocks[block_id].in_use)
1560  return NULL;
1561 
1562  bkpb = &record->blocks[block_id];
1563 
1564  if (!bkpb->has_data)
1565  {
1566  if (len)
1567  *len = 0;
1568  return NULL;
1569  }
1570  else
1571  {
1572  if (len)
1573  *len = bkpb->data_len;
1574  return bkpb->data;
1575  }
1576 }
1577 
1578 /*
1579  * Restore a full-page image from a backup block attached to an XLOG record.
1580  *
1581  * Returns true if a full-page image is restored.
1582  */
1583 bool
1584 RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
1585 {
1586  DecodedBkpBlock *bkpb;
1587  char *ptr;
1588  PGAlignedBlock tmp;
1589 
1590  if (!record->blocks[block_id].in_use)
1591  return false;
1592  if (!record->blocks[block_id].has_image)
1593  return false;
1594 
1595  bkpb = &record->blocks[block_id];
1596  ptr = bkpb->bkp_image;
1597 
1598  if (BKPIMAGE_COMPRESSED(bkpb->bimg_info))
1599  {
1600  /* If a backup block image is compressed, decompress it */
1601  bool decomp_success = true;
1602 
1603  if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_PGLZ) != 0)
1604  {
1605  if (pglz_decompress(ptr, bkpb->bimg_len, tmp.data,
1606  BLCKSZ - bkpb->hole_length, true) < 0)
1607  decomp_success = false;
1608  }
1609  else if ((bkpb->bimg_info & BKPIMAGE_COMPRESS_LZ4) != 0)
1610  {
1611 #ifdef USE_LZ4
1612  if (LZ4_decompress_safe(ptr, tmp.data,
1613  bkpb->bimg_len, BLCKSZ - bkpb->hole_length) <= 0)
1614  decomp_success = false;
1615 #else
1616  report_invalid_record(record, "image at %X/%X compressed with %s not supported by build, block %d",
1617  LSN_FORMAT_ARGS(record->ReadRecPtr),
1618  "LZ4",
1619  block_id);
1620  return false;
1621 #endif
1622  }
1623  else
1624  {
1625  report_invalid_record(record, "image at %X/%X compressed with unknown method, block %d",
1626  LSN_FORMAT_ARGS(record->ReadRecPtr),
1627  block_id);
1628  return false;
1629  }
1630 
1631  if (!decomp_success)
1632  {
1633  report_invalid_record(record, "invalid compressed image at %X/%X, block %d",
1634  LSN_FORMAT_ARGS(record->ReadRecPtr),
1635  block_id);
1636  return false;
1637  }
1638 
1639  ptr = tmp.data;
1640  }
1641 
1642  /* generate page, taking into account hole if necessary */
1643  if (bkpb->hole_length == 0)
1644  {
1645  memcpy(page, ptr, BLCKSZ);
1646  }
1647  else
1648  {
1649  memcpy(page, ptr, bkpb->hole_offset);
1650  /* must zero-fill the hole */
1651  MemSet(page + bkpb->hole_offset, 0, bkpb->hole_length);
1652  memcpy(page + (bkpb->hole_offset + bkpb->hole_length),
1653  ptr + bkpb->hole_offset,
1654  BLCKSZ - (bkpb->hole_offset + bkpb->hole_length));
1655  }
1656 
1657  return true;
1658 }
1659 
1660 #ifndef FRONTEND
1661 
1662 /*
1663  * Extract the FullTransactionId from a WAL record.
1664  */
1667 {
1668  TransactionId xid,
1669  next_xid;
1670  uint32 epoch;
1671 
1672  /*
1673  * This function is only safe during replay, because it depends on the
1674  * replay state. See AdvanceNextFullTransactionIdPastXid() for more.
1675  */
1677 
1678  xid = XLogRecGetXid(record);
1681 
1682  /*
1683  * If xid is numerically greater than next_xid, it has to be from the last
1684  * epoch.
1685  */
1686  if (unlikely(xid > next_xid))
1687  --epoch;
1688 
1689  return FullTransactionIdFromEpochAndXid(epoch, xid);
1690 }
1691 
1692 #endif
int remaining
Definition: informix.c:667
XLogRecPtr abortedRecPtr
Definition: xlogreader.h:183
WALOpenSegment wre_seg
Definition: xlogreader.h:301
BlockNumber blkno
Definition: xlogreader.h:126
#define INIT_CRC32C(crc)
Definition: pg_crc32c.h:41
#define AmStartupProcess()
Definition: miscadmin.h:444
XLogRecPtr xl_prev
Definition: xlogrecord.h:45
char ws_dir[MAXPGPATH]
Definition: xlogreader.h:54
#define InvalidXLogRecPtr
Definition: xlogdefs.h:28
WALSegmentCloseCB segment_close
Definition: xlogreader.h:113
#define BKPIMAGE_HAS_HOLE
Definition: xlogrecord.h:146
char * readRecordBuf
Definition: xlogreader.h:260
static void WALOpenSegmentInit(WALOpenSegment *seg, WALSegmentContext *segcxt, int segsize, const char *waldir)
Definition: xlogreader.c:219
uint32 TimeLineID
Definition: xlogdefs.h:59
static void pgstat_report_wait_end(void)
Definition: wait_event.h:274
int wal_segment_size
Definition: xlog.c:120
uint32 TransactionId
Definition: c.h:587
#define XLogPageHeaderSize(hdr)
Definition: xlog_internal.h:84
#define XLR_BLOCK_ID_DATA_LONG
Definition: xlogrecord.h:229
static XLogRecPtr ReadRecPtr
Definition: xlog.c:859
XLogRecPtr missingContrecPtr
Definition: xlogreader.h:184
uint32 pg_crc32c
Definition: pg_crc32c.h:38
#define Min(x, y)
Definition: c.h:986
uint16 hole_offset
Definition: xlogreader.h:135
unsigned char uint8
Definition: c.h:439
uint16 RepOriginId
Definition: xlogdefs.h:65
void * palloc_extended(Size size, int flags)
Definition: mcxt.c:1126
static void report_invalid_record(XLogReaderState *state, const char *fmt,...) pg_attribute_printf(2
Definition: xlogreader.c:61
#define MCXT_ALLOC_NO_OOM
Definition: fe_memutils.h:18
#define MemSet(start, val, len)
Definition: c.h:1008
RmgrId xl_rmid
Definition: xlogrecord.h:47
XLogPageHeaderData * XLogPageHeader
Definition: xlog_internal.h:54
uint32 BlockNumber
Definition: block.h:31
void * private_data
Definition: xlogreader.h:168
FullTransactionId nextXid
Definition: transam.h:220
bool DecodeXLogRecord(XLogReaderState *state, XLogRecord *record, char **errormsg)
Definition: xlogreader.c:1214
static int ReadPageInternal(XLogReaderState *state, XLogRecPtr pageptr, int reqLen)
Definition: xlogreader.c:616
int32 pglz_decompress(const char *source, int32 slen, char *dest, int32 rawsize, bool check_complete)
XLogPageReadCB page_read
Definition: xlogreader.h:93
#define MAX_ERRORMSG_LEN
Definition: xlogreader.c:54
signed int int32
Definition: c.h:429
bool XLogReaderValidatePageHeader(XLogReaderState *state, XLogRecPtr recptr, char *phdr)
Definition: xlogreader.c:824
#define pg_attribute_printf(f, a)
Definition: c.h:164
XLogRecPtr EndRecPtr
Definition: xlogreader.h:176
#define XidFromFullTransactionId(x)
Definition: transam.h:48
ssize_t pg_pread(int fd, void *buf, size_t nbyte, off_t offset)
Definition: pread.c:27
#define XLByteInSeg(xlrp, logSegNo, wal_segsz_bytes)
XLogLongPageHeaderData * XLogLongPageHeader
Definition: xlog_internal.h:71
WALOpenSegment seg
Definition: xlogreader.h:225
#define LSN_FORMAT_ARGS(lsn)
Definition: xlogdefs.h:43
char data[BLCKSZ]
Definition: c.h:1141
unsigned short uint16
Definition: c.h:440
void pfree(void *pointer)
Definition: mcxt.c:1169
XLogRecord * XLogReadRecord(XLogReaderState *state, char **errormsg)
Definition: xlogreader.c:271
XLogRecPtr latestPagePtr
Definition: xlogreader.h:232
static uint32 readOff
Definition: xlog.c:822
uint16 hole_length
Definition: xlogreader.h:136
#define XLR_BLOCK_ID_TOPLEVEL_XID
Definition: xlogrecord.h:231
static void XLogReaderInvalReadState(XLogReaderState *state)
Definition: xlogreader.c:715
uint32 xl_tot_len
Definition: xlogrecord.h:43
#define XLOG_PAGE_MAGIC
Definition: xlog_internal.h:34
uint32 main_data_len
Definition: xlogreader.h:199
#define vsnprintf
Definition: port.h:216
#define MAXPGPATH
static void static bool allocate_recordbuf(XLogReaderState *state, uint32 reclength)
Definition: xlogreader.c:176
#define BKPIMAGE_APPLY
Definition: xlogrecord.h:147
static char * buf
Definition: pg_test_fsync.c:68
bool IsUnderPostmaster
Definition: globals.c:112
uint64 XLogSegNo
Definition: xlogdefs.h:48
XLogRecPtr ReadRecPtr
Definition: xlogreader.h:175
XLogRecord * decoded_record
Definition: xlogreader.h:196
XLogSegNo ws_segno
Definition: xlogreader.h:47
VariableCache ShmemVariableCache
Definition: varsup.c:34
#define COPY_HEADER_FIELD(_dst, _size)
#define InvalidTransactionId
Definition: transam.h:31
void XLogBeginRead(XLogReaderState *state, XLogRecPtr RecPtr)
Definition: xlogreader.c:243
unsigned int uint32
Definition: c.h:441
XLogReaderState * XLogReaderAllocate(int wal_segment_size, const char *waldir, XLogReaderRoutine *routine, void *private_data)
Definition: xlogreader.c:78
#define EQ_CRC32C(c1, c2)
Definition: pg_crc32c.h:42
#define AllocSizeIsValid(size)
Definition: memutils.h:42
ForkNumber
Definition: relpath.h:40
TimeLineID xlp_tli
Definition: xlog_internal.h:40
static void pgstat_report_wait_start(uint32 wait_event_info)
Definition: wait_event.h:258
#define XLR_MAX_BLOCK_ID
Definition: xlogrecord.h:226
XLogRecPtr xlp_pageaddr
Definition: xlog_internal.h:41
#define XLogRecPtrIsInvalid(r)
Definition: xlogdefs.h:29
uint32 readRecordBufSize
Definition: xlogreader.h:261
#define SizeOfXLogRecord
Definition: xlogrecord.h:55
void XLogReaderFree(XLogReaderState *state)
Definition: xlogreader.c:142
#define MAXFNAMELEN
#define RM_MAX_ID
Definition: rmgr.h:33
bool XLogRecGetBlockTag(XLogReaderState *record, uint8 block_id, RelFileNode *rnode, ForkNumber *forknum, BlockNumber *blknum)
Definition: xlogreader.c:1531
#define XLogRecGetXid(decoder)
Definition: xlogreader.h:317
char * XLogRecGetBlockData(XLogReaderState *record, uint8 block_id, Size *len)
Definition: xlogreader.c:1555
#define BKPBLOCK_SAME_REL
Definition: xlogrecord.h:187
TransactionId toplevel_xid
Definition: xlogreader.h:204
#define BKPBLOCK_HAS_IMAGE
Definition: xlogrecord.h:184
#define XLogSegmentOffset(xlogptr, wal_segsz_bytes)
ForkNumber forknum
Definition: xlogreader.h:125
#define EpochFromFullTransactionId(x)
Definition: transam.h:47
#define XLP_ALL_FLAGS
Definition: xlog_internal.h:82
XLogRecPtr currRecPtr
Definition: xlogreader.h:236
#define Max(x, y)
Definition: c.h:980
#define XLogSegNoOffsetToRecPtr(segno, offset, wal_segsz_bytes, dest)
uint64 XLogRecPtr
Definition: xlogdefs.h:21
#define Assert(condition)
Definition: c.h:804
#define XLR_INFO_MASK
Definition: xlogrecord.h:62
#define XLP_LONG_HEADER
Definition: xlog_internal.h:76
Definition: regguts.h:317
static bool ValidXLogRecordHeader(XLogReaderState *state, XLogRecPtr RecPtr, XLogRecPtr PrevRecPtr, XLogRecord *record, bool randAccess)
Definition: xlogreader.c:729
#define XLP_FIRST_IS_OVERWRITE_CONTRECORD
Definition: xlog_internal.h:80
uint16 data_bufsz
Definition: xlogreader.h:144
#define MCXT_ALLOC_ZERO
Definition: fe_memutils.h:19
#define SizeOfXLogShortPHD
Definition: xlog_internal.h:52
size_t Size
Definition: c.h:540
#define XLogFileName(fname, tli, logSegNo, wal_segsz_bytes)
uint8 xl_info
Definition: xlogrecord.h:46
FullTransactionId XLogRecGetFullXid(XLogReaderState *record)
Definition: xlogreader.c:1666
#define XLR_BLOCK_ID_ORIGIN
Definition: xlogrecord.h:230
#define XLP_FIRST_IS_CONTRECORD
Definition: xlog_internal.h:74
static FullTransactionId FullTransactionIdFromEpochAndXid(uint32 epoch, TransactionId xid)
Definition: transam.h:71
#define MAXALIGN(LEN)
Definition: c.h:757
#define XLOG_SWITCH
Definition: pg_control.h:71
XLogRecPtr overwrittenRecPtr
Definition: xlogreader.h:186
static void header(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:212
TimeLineID ws_tli
Definition: xlogreader.h:48
#define InvalidRepOriginId
Definition: origin.h:33
char * bkp_image
Definition: xlogreader.h:134
bool RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page)
Definition: xlogreader.c:1584
#define XLR_BLOCK_ID_DATA_SHORT
Definition: xlogrecord.h:228
uint32 main_data_bufsz
Definition: xlogreader.h:200
#define BKPIMAGE_COMPRESS_LZ4
Definition: xlogrecord.h:151
static bool ValidXLogRecord(XLogReaderState *state, XLogRecord *record, XLogRecPtr recptr)
Definition: xlogreader.c:795
#define BKPBLOCK_FORK_MASK
Definition: xlogrecord.h:182
#define XRecOffIsValid(xlrp)
void * palloc(Size size)
Definition: mcxt.c:1062
#define BKPIMAGE_COMPRESS_PGLZ
Definition: xlogrecord.h:150
static const unsigned __int64 epoch
Definition: gettimeofday.c:34
#define BKPIMAGE_COMPRESSED(info)
Definition: xlogrecord.h:152
#define unlikely(x)
Definition: c.h:273
uint64 system_identifier
Definition: xlogreader.h:163
bool WALRead(XLogReaderState *state, char *buf, XLogRecPtr startptr, Size count, TimeLineID tli, WALReadError *errinfo)
Definition: xlogreader.c:1100
WALSegmentContext segcxt
Definition: xlogreader.h:224
WALSegmentOpenCB segment_open
Definition: xlogreader.h:107
char * errormsg_buf
Definition: xlogreader.h:264
char * main_data
Definition: xlogreader.h:198
#define COMP_CRC32C(crc, data, len)
Definition: pg_crc32c.h:89
TimeLineID latestPageTLI
Definition: xlogreader.h:233
XLogReaderRoutine routine
Definition: xlogreader.h:152
RelFileNode rnode
Definition: xlogreader.h:124
#define FIN_CRC32C(crc)
Definition: pg_crc32c.h:94
#define snprintf
Definition: port.h:217
static uint32 readLen
Definition: xlog.c:823
#define _(x)
Definition: elog.c:89
RepOriginId record_origin
Definition: xlogreader.h:202
static void ResetDecoder(XLogReaderState *state)
Definition: xlogreader.c:1189
#define offsetof(type, field)
Definition: c.h:727
DecodedBkpBlock blocks[XLR_MAX_BLOCK_ID+1]
Definition: xlogreader.h:207
static XLogRecPtr startptr
Definition: basebackup.c:116
#define BKPBLOCK_HAS_DATA
Definition: xlogrecord.h:185
#define XLByteToSeg(xlrp, logSegNo, wal_segsz_bytes)