| blob | 87027f27eb7a9fc4d016b3c1e27fc477a25bcfc7 |
1 /*-------------------------------------------------------------------------
2 *
3 * procsignal.c
4 * Routines for interprocess signaling
5 *
6 *
7 * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
8 * Portions Copyright (c) 1994, Regents of the University of California
9 *
10 * IDENTIFICATION
11 * src/backend/storage/ipc/procsignal.c
12 *
13 *-------------------------------------------------------------------------
14 */
17 #include <signal.h>
18 #include <unistd.h>
36 /*
37 * The SIGUSR1 signal is multiplexed to support signaling multiple event
38 * types. The specific reason is communicated via flags in shared memory.
39 * We keep a boolean flag for each possible "reason", so that different
40 * reasons can be signaled to a process concurrently. (However, if the same
41 * reason is signaled more than once nearly simultaneously, the process may
42 * observe it only once.)
43 *
44 * Each process that wants to receive signals registers its process ID
45 * in the ProcSignalSlots array. The array is indexed by ProcNumber to make
46 * slot allocation simple, and to avoid having to search the array when you
47 * know the ProcNumber of the process you're signaling. (We do support
48 * signaling without ProcNumber, but it's a bit less efficient.)
49 *
50 * The fields in each slot are protected by a spinlock, pss_mutex. pss_pid can
51 * also be read without holding the spinlock, as a quick preliminary check
52 * when searching for a particular PID in the array.
53 *
54 * pss_signalFlags are intended to be set in cases where we don't need to
55 * keep track of whether or not the target process has handled the signal,
56 * but sometimes we need confirmation, as when making a global state change
57 * that cannot be considered complete until all backends have taken notice
58 * of it. For such use cases, we set a bit in pss_barrierCheckMask and then
59 * increment the current "barrier generation"; when the new barrier generation
60 * (or greater) appears in the pss_barrierGeneration flag of every process,
61 * we know that the message has been received everywhere.
62 */
64 {
65 pg_atomic_uint32 pss_pid;
67 int32 pss_cancel_key;
71 /* Barrier-related fields (not protected by pss_mutex) */
72 pg_atomic_uint64 pss_barrierGeneration;
73 pg_atomic_uint32 pss_barrierCheckMask;
74 ConditionVariable pss_barrierCV;
77 /*
78 * Information that is global to the entire ProcSignal system can be stored
79 * here.
80 *
81 * psh_barrierGeneration is the highest barrier generation in existence.
82 */
83 struct ProcSignalHeader
84 {
85 pg_atomic_uint64 psh_barrierGeneration;
87 };
89 /*
90 * We reserve a slot for each possible ProcNumber, plus one for each
91 * possible auxiliary process type. (This scheme assumes there is not
92 * more than one of any auxiliary process type at a time.)
93 */
94 #define NumProcSignalSlots (MaxBackends + NUM_AUXILIARY_PROCS)
96 /* Check whether the relevant type bit is set in the flags. */
97 #define BARRIER_SHOULD_CHECK(flags, type) \
98 (((flags) & (((uint32) 1) << (uint32) (type))) != 0)
100 /* Clear the relevant type bit from the flags. */
101 #define BARRIER_CLEAR_BIT(flags, type) \
102 ((flags) &= ~(((uint32) 1) << (uint32) (type)))
111 /*
112 * ProcSignalShmemSize
113 * Compute space needed for ProcSignal's shared memory
114 */
115 Size
117 {
118 Size size;
123 }
125 /*
126 * ProcSignalShmemInit
127 * Allocate and initialize ProcSignal's shared memory
128 */
129 void
131 {
138 /* If we're first, initialize. */
140 {
146 {
157 }
158 }
159 }
161 /*
162 * ProcSignalInit
163 * Register the current process in the ProcSignal array
164 */
165 void
167 {
169 uint64 barrier_generation;
174 elog(ERROR, "unexpected MyProcNumber %d in ProcSignalInit (max %d)", MyProcNumber, NumProcSignalSlots);
177 /* sanity check */
180 {
184 }
186 /* Clear out any leftover signal reasons */
189 /*
190 * Initialize barrier state. Since we're a brand-new process, there
191 * shouldn't be any leftover backend-private state that needs to be
192 * updated. Therefore, we can broadcast the latest barrier generation and
193 * disregard any previously-set check bits.
194 *
195 * NB: This only works if this initialization happens early enough in the
196 * startup sequence that we haven't yet cached any state that might need
197 * to be invalidated. That's also why we have a memory barrier here, to be
198 * sure that any later reads of memory happen strictly after this.
199 */
201 barrier_generation =
211 /* Remember slot location for CheckProcSignal */
214 /* Set up to release the slot on process exit */
216 }
218 /*
219 * CleanupProcSignalState
220 * Remove current process from ProcSignal mechanism
221 *
222 * This function is called via on_shmem_exit() during backend shutdown.
223 */
224 static void
226 {
227 pid_t old_pid;
230 /*
231 * Clear MyProcSignalSlot, so that a SIGUSR1 received after this point
232 * won't try to access it after it's no longer ours (and perhaps even
233 * after we've unmapped the shared memory segment).
234 */
238 /* sanity check */
242 {
243 /*
244 * don't ERROR here. We're exiting anyway, and don't want to get into
245 * infinite loop trying to exit
246 */
251 }
253 /* Mark the slot as unused */
258 /*
259 * Make this slot look like it's absorbed all possible barriers, so that
260 * no barrier waits block on it.
261 */
267 }
269 /*
270 * SendProcSignal
271 * Send a signal to a Postgres process
272 *
273 * Providing procNumber is optional, but it will speed up the operation.
274 *
275 * On success (a signal was sent), zero is returned.
276 * On error, -1 is returned, and errno is set (typically to ESRCH or EPERM).
277 *
278 * Not to be confused with ProcSendSignal
279 */
280 int
282 {
286 {
292 {
293 /* Atomically set the proper flag */
296 /* Send signal */
298 }
300 }
301 else
302 {
303 /*
304 * procNumber not provided, so search the array using pid. We search
305 * the array back to front so as to reduce search overhead. Passing
306 * INVALID_PROC_NUMBER means that the target is most likely an
307 * auxiliary process, which will have a slot near the end of the
308 * array.
309 */
313 {
317 {
320 {
321 /* Atomically set the proper flag */
324 /* Send signal */
326 }
328 }
329 }
330 }
334 }
336 /*
337 * EmitProcSignalBarrier
338 * Send a signal to every Postgres process
339 *
340 * The return value of this function is the barrier "generation" created
341 * by this operation. This value can be passed to WaitForProcSignalBarrier
342 * to wait until it is known that every participant in the ProcSignal
343 * mechanism has absorbed the signal (or started afterwards).
344 *
345 * Note that it would be a bad idea to use this for anything that happens
346 * frequently, as interrupting every backend could cause a noticeable
347 * performance hit.
348 *
349 * Callers are entitled to assume that this function will not throw ERROR
350 * or FATAL.
351 */
352 uint64
354 {
356 uint64 generation;
358 /*
359 * Set all the flags.
360 *
361 * Note that pg_atomic_fetch_or_u32 has full barrier semantics, so this is
362 * totally ordered with respect to anything the caller did before, and
363 * anything that we do afterwards. (This is also true of the later call to
364 * pg_atomic_add_fetch_u64.)
365 */
367 {
371 }
373 /*
374 * Increment the generation counter.
375 */
376 generation =
379 /*
380 * Signal all the processes, so that they update their advertised barrier
381 * generation.
382 *
383 * Concurrency is not a problem here. Backends that have exited don't
384 * matter, and new backends that have joined since we entered this
385 * function must already have current state, since the caller is
386 * responsible for making sure that the relevant state is entirely visible
387 * before calling this function in the first place. We still have to wake
388 * them up - because we can't distinguish between such backends and older
389 * backends that need to update state - but they won't actually need to
390 * change any state.
391 */
393 {
398 {
402 {
403 /* see SendProcSignal for details */
407 }
408 else
410 }
411 }
414 }
416 /*
417 * WaitForProcSignalBarrier - wait until it is guaranteed that all changes
418 * requested by a specific call to EmitProcSignalBarrier() have taken effect.
419 */
420 void
422 {
426 "waiting for all backends to process ProcSignalBarrier generation "
427 UINT64_FORMAT,
428 generation);
431 {
433 uint64 oldval;
435 /*
436 * It's important that we check only pss_barrierGeneration here and
437 * not pss_barrierCheckMask. Bits in pss_barrierCheckMask get cleared
438 * before the barrier is actually absorbed, but pss_barrierGeneration
439 * is updated only afterward.
440 */
443 {
446 WAIT_EVENT_PROC_SIGNAL_BARRIER))
451 }
453 }
456 "finished waiting for all backends to process ProcSignalBarrier generation "
457 UINT64_FORMAT,
458 generation);
460 /*
461 * The caller is probably calling this function because it wants to read
462 * the shared state or perform further writes to shared state once all
463 * backends are known to have absorbed the barrier. However, the read of
464 * pss_barrierGeneration was performed unlocked; insert a memory barrier
465 * to separate it from whatever follows.
466 */
468 }
470 /*
471 * Handle receipt of an interrupt indicating a global barrier event.
472 *
473 * All the actual work is deferred to ProcessProcSignalBarrier(), because we
474 * cannot safely access the barrier generation inside the signal handler as
475 * 64bit atomics might use spinlock based emulation, even for reads. As this
476 * routine only gets called when PROCSIG_BARRIER is sent that won't cause a
477 * lot of unnecessary work.
478 */
479 static void
481 {
484 /* latch will be set by procsignal_sigusr1_handler */
485 }
487 /*
488 * Perform global barrier related interrupt checking.
489 *
490 * Any backend that participates in ProcSignal signaling must arrange to
491 * call this function periodically. It is called from CHECK_FOR_INTERRUPTS(),
492 * which is enough for normal backends, but not necessarily for all types of
493 * background processes.
494 */
495 void
497 {
498 uint64 local_gen;
499 uint64 shared_gen;
504 /* Exit quickly if there's no work to do. */
509 /*
510 * It's not unlikely to process multiple barriers at once, before the
511 * signals for all the barriers have arrived. To avoid unnecessary work in
512 * response to subsequent signals, exit early if we already have processed
513 * all of them.
514 */
523 /*
524 * Get and clear the flags that are set for this backend. Note that
525 * pg_atomic_exchange_u32 is a full barrier, so we're guaranteed that the
526 * read of the barrier generation above happens before we atomically
527 * extract the flags, and that any subsequent state changes happen
528 * afterward.
529 *
530 * NB: In order to avoid race conditions, we must zero
531 * pss_barrierCheckMask first and only afterwards try to do barrier
532 * processing. If we did it in the other order, someone could send us
533 * another barrier of some type right after we called the
534 * barrier-processing function but before we cleared the bit. We would
535 * have no way of knowing that the bit needs to stay set in that case, so
536 * the need to call the barrier-processing function again would just get
537 * forgotten. So instead, we tentatively clear all the bits and then put
538 * back any for which we don't manage to successfully absorb the barrier.
539 */
542 /*
543 * If there are no flags set, then we can skip doing any real work.
544 * Otherwise, establish a PG_TRY block, so that we don't lose track of
545 * which types of barrier processing are needed if an ERROR occurs.
546 */
548 {
552 {
553 /*
554 * Process each type of barrier. The barrier-processing functions
555 * should normally return true, but may return false if the
556 * barrier can't be absorbed at the current time. This should be
557 * rare, because it's pretty expensive. Every single
558 * CHECK_FOR_INTERRUPTS() will return here until we manage to
559 * absorb the barrier, and that cost will add up in a hurry.
560 *
561 * NB: It ought to be OK to call the barrier-processing functions
562 * unconditionally, but it's more efficient to call only the ones
563 * that might need us to do something based on the flags.
564 */
566 {
567 ProcSignalBarrierType type;
572 {
576 }
578 /*
579 * To avoid an infinite loop, we must always unset the bit in
580 * flags.
581 */
584 /*
585 * If we failed to process the barrier, reset the shared bit
586 * so we try again later, and set a flag so that we don't bump
587 * our generation.
588 */
590 {
593 }
594 }
595 }
597 {
598 /*
599 * If an ERROR occurred, we'll need to try again later to handle
600 * that barrier type and any others that haven't been handled yet
601 * or weren't successfully absorbed.
602 */
605 }
608 /*
609 * If some barrier types were not successfully absorbed, we will have
610 * to try again later.
611 */
614 }
616 /*
617 * State changes related to all types of barriers that might have been
618 * emitted have now been handled, so we can update our notion of the
619 * generation to the one we observed before beginning the updates. If
620 * things have changed further, it'll get fixed up when this function is
621 * next called.
622 */
625 }
627 /*
628 * If it turns out that we couldn't absorb one or more barrier types, either
629 * because the barrier-processing functions returned false or due to an error,
630 * arrange for processing to be retried later.
631 */
632 static void
634 {
638 }
640 /*
641 * CheckProcSignal - check to see if a particular reason has been
642 * signaled, and clear the signal flag. Should be called after receiving
643 * SIGUSR1.
644 */
645 static bool
647 {
651 {
652 /*
653 * Careful here --- don't clear flag if we haven't seen it set.
654 * pss_signalFlags is of type "volatile sig_atomic_t" to allow us to
655 * read it here safely, without holding the spinlock.
656 */
658 {
661 }
662 }
665 }
667 /*
668 * procsignal_sigusr1_handler - handle SIGUSR1 signal.
669 */
670 void
672 {
716 }
718 /*
719 * Send a query cancellation signal to backend.
720 *
721 * Note: This is called from a backend process before authentication. We
722 * cannot take LWLocks yet, but that's OK; we rely on atomic reads of the
723 * fields in the ProcSignal slots.
724 */
725 void
727 {
730 /*
731 * See if we have a matching backend. Reading the pss_pid and
732 * pss_cancel_key fields is racy, a backend might die and remove itself
733 * from the array at any time. The probability of the cancellation key
734 * matching wrong process is miniscule, however, so we can live with that.
735 * PIDs are reused too, so sending the signal based on PID is inherently
736 * racy anyway, although OS's avoid reusing PIDs too soon.
737 */
739 {
746 /* Acquire the spinlock and re-check */
749 {
752 }
753 else
754 {
760 {
761 /* Found a match; signal that backend to cancel current op */
764 backendPID)));
766 /*
767 * If we have setsid(), signal the backend's whole process
768 * group
769 */
770 #ifdef HAVE_SETSID
772 #else
774 #endif
775 }
776 else
777 {
778 /* Right PID, wrong key: no way, Jose */
781 backendPID)));
782 }
784 }
785 }
787 /* No matching backend */
790 backendPID)));
791 }