| blob | f1c8ff8f9e453948af3e1938a7d11120284c5112 |
1 /*-------------------------------------------------------------------------
2 *
3 * procsignal.c
4 * Routines for interprocess signaling
5 *
6 *
7 * Portions Copyright (c) 1996-2022, PostgreSQL Global Development Group
8 * Portions Copyright (c) 1994, Regents of the University of California
9 *
10 * IDENTIFICATION
11 * src/backend/storage/ipc/procsignal.c
12 *
13 *-------------------------------------------------------------------------
14 */
17 #include <signal.h>
18 #include <unistd.h>
35 /*
36 * The SIGUSR1 signal is multiplexed to support signaling multiple event
37 * types. The specific reason is communicated via flags in shared memory.
38 * We keep a boolean flag for each possible "reason", so that different
39 * reasons can be signaled to a process concurrently. (However, if the same
40 * reason is signaled more than once nearly simultaneously, the process may
41 * observe it only once.)
42 *
43 * Each process that wants to receive signals registers its process ID
44 * in the ProcSignalSlots array. The array is indexed by backend ID to make
45 * slot allocation simple, and to avoid having to search the array when you
46 * know the backend ID of the process you're signaling. (We do support
47 * signaling without backend ID, but it's a bit less efficient.)
48 *
49 * The flags are actually declared as "volatile sig_atomic_t" for maximum
50 * portability. This should ensure that loads and stores of the flag
51 * values are atomic, allowing us to dispense with any explicit locking.
52 *
53 * pss_signalFlags are intended to be set in cases where we don't need to
54 * keep track of whether or not the target process has handled the signal,
55 * but sometimes we need confirmation, as when making a global state change
56 * that cannot be considered complete until all backends have taken notice
57 * of it. For such use cases, we set a bit in pss_barrierCheckMask and then
58 * increment the current "barrier generation"; when the new barrier generation
59 * (or greater) appears in the pss_barrierGeneration flag of every process,
60 * we know that the message has been received everywhere.
61 */
63 {
66 pg_atomic_uint64 pss_barrierGeneration;
67 pg_atomic_uint32 pss_barrierCheckMask;
68 ConditionVariable pss_barrierCV;
71 /*
72 * Information that is global to the entire ProcSignal system can be stored
73 * here.
74 *
75 * psh_barrierGeneration is the highest barrier generation in existence.
76 */
78 {
79 pg_atomic_uint64 psh_barrierGeneration;
83 /*
84 * We reserve a slot for each possible BackendId, plus one for each
85 * possible auxiliary process type. (This scheme assumes there is not
86 * more than one of any auxiliary process type at a time.)
87 */
88 #define NumProcSignalSlots (MaxBackends + NUM_AUXPROCTYPES)
90 /* Check whether the relevant type bit is set in the flags. */
91 #define BARRIER_SHOULD_CHECK(flags, type) \
92 (((flags) & (((uint32) 1) << (uint32) (type))) != 0)
94 /* Clear the relevant type bit from the flags. */
95 #define BARRIER_CLEAR_BIT(flags, type) \
96 ((flags) &= ~(((uint32) 1) << (uint32) (type)))
106 /*
107 * ProcSignalShmemSize
108 * Compute space needed for ProcSignal's shared memory
109 */
110 Size
112 {
113 Size size;
118 }
120 /*
121 * ProcSignalShmemInit
122 * Allocate and initialize ProcSignal's shared memory
123 */
124 void
126 {
133 /* If we're first, initialize. */
135 {
141 {
149 }
150 }
151 }
153 /*
154 * ProcSignalInit
155 * Register the current process in the ProcSignal array
156 *
157 * The passed index should be my BackendId if the process has one,
158 * or MaxBackends + aux process type if not.
159 */
160 void
162 {
164 uint64 barrier_generation;
170 /* sanity check */
175 /* Clear out any leftover signal reasons */
178 /*
179 * Initialize barrier state. Since we're a brand-new process, there
180 * shouldn't be any leftover backend-private state that needs to be
181 * updated. Therefore, we can broadcast the latest barrier generation and
182 * disregard any previously-set check bits.
183 *
184 * NB: This only works if this initialization happens early enough in the
185 * startup sequence that we haven't yet cached any state that might need
186 * to be invalidated. That's also why we have a memory barrier here, to be
187 * sure that any later reads of memory happen strictly after this.
188 */
190 barrier_generation =
195 /* Mark slot with my PID */
198 /* Remember slot location for CheckProcSignal */
201 /* Set up to release the slot on process exit */
203 }
205 /*
206 * CleanupProcSignalState
207 * Remove current process from ProcSignal mechanism
208 *
209 * This function is called via on_shmem_exit() during backend shutdown.
210 */
211 static void
213 {
220 /*
221 * Clear MyProcSignalSlot, so that a SIGUSR1 received after this point
222 * won't try to access it after it's no longer ours (and perhaps even
223 * after we've unmapped the shared memory segment).
224 */
227 /* sanity check */
229 {
230 /*
231 * don't ERROR here. We're exiting anyway, and don't want to get into
232 * infinite loop trying to exit
233 */
237 }
239 /*
240 * Make this slot look like it's absorbed all possible barriers, so that
241 * no barrier waits block on it.
242 */
247 }
249 /*
250 * SendProcSignal
251 * Send a signal to a Postgres process
252 *
253 * Providing backendId is optional, but it will speed up the operation.
254 *
255 * On success (a signal was sent), zero is returned.
256 * On error, -1 is returned, and errno is set (typically to ESRCH or EPERM).
257 *
258 * Not to be confused with ProcSendSignal
259 */
260 int
262 {
266 {
269 /*
270 * Note: Since there's no locking, it's possible that the target
271 * process detaches from shared memory and exits right after this
272 * test, before we set the flag and send signal. And the signal slot
273 * might even be recycled by a new process, so it's remotely possible
274 * that we set a flag for a wrong process. That's OK, all the signals
275 * are such that no harm is done if they're mistakenly fired.
276 */
278 {
279 /* Atomically set the proper flag */
281 /* Send signal */
283 }
284 }
285 else
286 {
287 /*
288 * BackendId not provided, so search the array using pid. We search
289 * the array back to front so as to reduce search overhead. Passing
290 * InvalidBackendId means that the target is most likely an auxiliary
291 * process, which will have a slot near the end of the array.
292 */
296 {
300 {
301 /* the above note about race conditions applies here too */
303 /* Atomically set the proper flag */
305 /* Send signal */
307 }
308 }
309 }
313 }
315 /*
316 * EmitProcSignalBarrier
317 * Send a signal to every Postgres process
318 *
319 * The return value of this function is the barrier "generation" created
320 * by this operation. This value can be passed to WaitForProcSignalBarrier
321 * to wait until it is known that every participant in the ProcSignal
322 * mechanism has absorbed the signal (or started afterwards).
323 *
324 * Note that it would be a bad idea to use this for anything that happens
325 * frequently, as interrupting every backend could cause a noticeable
326 * performance hit.
327 *
328 * Callers are entitled to assume that this function will not throw ERROR
329 * or FATAL.
330 */
331 uint64
333 {
335 uint64 generation;
337 /*
338 * Set all the flags.
339 *
340 * Note that pg_atomic_fetch_or_u32 has full barrier semantics, so this is
341 * totally ordered with respect to anything the caller did before, and
342 * anything that we do afterwards. (This is also true of the later call to
343 * pg_atomic_add_fetch_u64.)
344 */
346 {
350 }
352 /*
353 * Increment the generation counter.
354 */
355 generation =
358 /*
359 * Signal all the processes, so that they update their advertised barrier
360 * generation.
361 *
362 * Concurrency is not a problem here. Backends that have exited don't
363 * matter, and new backends that have joined since we entered this
364 * function must already have current state, since the caller is
365 * responsible for making sure that the relevant state is entirely visible
366 * before calling this function in the first place. We still have to wake
367 * them up - because we can't distinguish between such backends and older
368 * backends that need to update state - but they won't actually need to
369 * change any state.
370 */
372 {
377 {
378 /* see SendProcSignal for details */
381 }
382 }
385 }
387 /*
388 * WaitForProcSignalBarrier - wait until it is guaranteed that all changes
389 * requested by a specific call to EmitProcSignalBarrier() have taken effect.
390 */
391 void
393 {
397 {
399 uint64 oldval;
401 /*
402 * It's important that we check only pss_barrierGeneration here and
403 * not pss_barrierCheckMask. Bits in pss_barrierCheckMask get cleared
404 * before the barrier is actually absorbed, but pss_barrierGeneration
405 * is updated only afterward.
406 */
409 {
411 WAIT_EVENT_PROC_SIGNAL_BARRIER);
413 }
415 }
417 /*
418 * The caller is probably calling this function because it wants to read
419 * the shared state or perform further writes to shared state once all
420 * backends are known to have absorbed the barrier. However, the read of
421 * pss_barrierGeneration was performed unlocked; insert a memory barrier
422 * to separate it from whatever follows.
423 */
425 }
427 /*
428 * Handle receipt of an interrupt indicating a global barrier event.
429 *
430 * All the actual work is deferred to ProcessProcSignalBarrier(), because we
431 * cannot safely access the barrier generation inside the signal handler as
432 * 64bit atomics might use spinlock based emulation, even for reads. As this
433 * routine only gets called when PROCSIG_BARRIER is sent that won't cause a
434 * lot of unnecessary work.
435 */
436 static void
438 {
441 /* latch will be set by procsignal_sigusr1_handler */
442 }
444 /*
445 * Perform global barrier related interrupt checking.
446 *
447 * Any backend that participates in ProcSignal signaling must arrange to
448 * call this function periodically. It is called from CHECK_FOR_INTERRUPTS(),
449 * which is enough for normal backends, but not necessarily for all types of
450 * background processes.
451 */
452 void
454 {
455 uint64 local_gen;
456 uint64 shared_gen;
461 /* Exit quickly if there's no work to do. */
466 /*
467 * It's not unlikely to process multiple barriers at once, before the
468 * signals for all the barriers have arrived. To avoid unnecessary work in
469 * response to subsequent signals, exit early if we already have processed
470 * all of them.
471 */
480 /*
481 * Get and clear the flags that are set for this backend. Note that
482 * pg_atomic_exchange_u32 is a full barrier, so we're guaranteed that the
483 * read of the barrier generation above happens before we atomically
484 * extract the flags, and that any subsequent state changes happen
485 * afterward.
486 *
487 * NB: In order to avoid race conditions, we must zero
488 * pss_barrierCheckMask first and only afterwards try to do barrier
489 * processing. If we did it in the other order, someone could send us
490 * another barrier of some type right after we called the
491 * barrier-processing function but before we cleared the bit. We would
492 * have no way of knowing that the bit needs to stay set in that case, so
493 * the need to call the barrier-processing function again would just get
494 * forgotten. So instead, we tentatively clear all the bits and then put
495 * back any for which we don't manage to successfully absorb the barrier.
496 */
499 /*
500 * If there are no flags set, then we can skip doing any real work.
501 * Otherwise, establish a PG_TRY block, so that we don't lose track of
502 * which types of barrier processing are needed if an ERROR occurs.
503 */
505 {
509 {
510 /*
511 * Process each type of barrier. The barrier-processing functions
512 * should normally return true, but may return false if the
513 * barrier can't be absorbed at the current time. This should be
514 * rare, because it's pretty expensive. Every single
515 * CHECK_FOR_INTERRUPTS() will return here until we manage to
516 * absorb the barrier, and that cost will add up in a hurry.
517 *
518 * NB: It ought to be OK to call the barrier-processing functions
519 * unconditionally, but it's more efficient to call only the ones
520 * that might need us to do something based on the flags.
521 */
523 {
524 ProcSignalBarrierType type;
529 {
533 }
535 /*
536 * To avoid an infinite loop, we must always unset the bit in
537 * flags.
538 */
541 /*
542 * If we failed to process the barrier, reset the shared bit
543 * so we try again later, and set a flag so that we don't bump
544 * our generation.
545 */
547 {
550 }
551 }
552 }
554 {
555 /*
556 * If an ERROR occurred, we'll need to try again later to handle
557 * that barrier type and any others that haven't been handled yet
558 * or weren't successfully absorbed.
559 */
562 }
565 /*
566 * If some barrier types were not successfully absorbed, we will have
567 * to try again later.
568 */
571 }
573 /*
574 * State changes related to all types of barriers that might have been
575 * emitted have now been handled, so we can update our notion of the
576 * generation to the one we observed before beginning the updates. If
577 * things have changed further, it'll get fixed up when this function is
578 * next called.
579 */
582 }
584 /*
585 * If it turns out that we couldn't absorb one or more barrier types, either
586 * because the barrier-processing functions returned false or due to an error,
587 * arrange for processing to be retried later.
588 */
589 static void
591 {
595 }
597 static bool
599 {
600 /*
601 * XXX. This is just a placeholder until the first real user of this
602 * machinery gets committed. Rename PROCSIGNAL_BARRIER_PLACEHOLDER to
603 * PROCSIGNAL_BARRIER_SOMETHING_ELSE where SOMETHING_ELSE is something
604 * appropriately descriptive. Get rid of this function and instead have
605 * ProcessBarrierSomethingElse. Most likely, that function should live in
606 * the file pertaining to that subsystem, rather than here.
607 *
608 * The return value should be 'true' if the barrier was successfully
609 * absorbed and 'false' if not. Note that returning 'false' can lead to
610 * very frequent retries, so try hard to make that an uncommon case.
611 */
613 }
615 /*
616 * CheckProcSignal - check to see if a particular reason has been
617 * signaled, and clear the signal flag. Should be called after receiving
618 * SIGUSR1.
619 */
620 static bool
622 {
626 {
627 /* Careful here --- don't clear flag if we haven't seen it set */
629 {
632 }
633 }
636 }
638 /*
639 * procsignal_sigusr1_handler - handle SIGUSR1 signal.
640 */
641 void
643 {
685 }