1 /*-------------------------------------------------------------------------
2 *
3 * multixact.c
4 * PostgreSQL multi-transaction-log manager
5 *
6 * The pg_multixact manager is a pg_xact-like manager that stores an array of
7 * MultiXactMember for each MultiXactId. It is a fundamental part of the
8 * shared-row-lock implementation. Each MultiXactMember is comprised of a
9 * TransactionId and a set of flag bits. The name is a bit historical:
10 * originally, a MultiXactId consisted of more than one TransactionId (except
11 * in rare corner cases), hence "multi". Nowadays, however, it's perfectly
12 * legitimate to have MultiXactIds that only include a single Xid.
13 *
14 * The meaning of the flag bits is opaque to this module, but they are mostly
15 * used in heapam.c to identify lock modes that each of the member transactions
16 * is holding on any given tuple. This module just contains support to store
17 * and retrieve the arrays.
18 *
19 * We use two SLRU areas, one for storing the offsets at which the data
20 * starts for each MultiXactId in the other one. This trick allows us to
21 * store variable length arrays of TransactionIds. (We could alternatively
22 * use one area containing counts and TransactionIds, with valid MultiXactId
23 * values pointing at slots containing counts; but that way seems less robust
24 * since it would get completely confused if someone inquired about a bogus
25 * MultiXactId that pointed to an intermediate slot containing an XID.)
26 *
27 * XLOG interactions: this module generates a record whenever a new OFFSETs or
28 * MEMBERs page is initialized to zeroes, as well as an
29 * XLOG_MULTIXACT_CREATE_ID record whenever a new MultiXactId is defined.
30 * This module ignores the WAL rule "write xlog before data," because it
31 * suffices that actions recording a MultiXactId in a heap xmax do follow that
32 * rule. The only way for the MXID to be referenced from any data page is for
33 * heap_lock_tuple() or heap_update() to have put it there, and each generates
34 * an XLOG record that must follow ours. The normal LSN interlock between the
35 * data page and that XLOG record will ensure that our XLOG record reaches
36 * disk first. If the SLRU members/offsets data reaches disk sooner than the
37 * XLOG records, we do not care; after recovery, no xmax will refer to it. On
38 * the flip side, to ensure that all referenced entries _do_ reach disk, this
39 * module's XLOG records completely rebuild the data entered since the last
40 * checkpoint. We flush and sync all dirty OFFSETs and MEMBERs pages to disk
41 * before each checkpoint is considered complete.
42 *
43 * Like clog.c, and unlike subtrans.c, we have to preserve state across
44 * crashes and ensure that MXID and offset numbering increases monotonically
45 * across a crash. We do this in the same way as it's done for transaction
46 * IDs: the WAL record is guaranteed to contain evidence of every MXID we
47 * could need to worry about, and we just make sure that at the end of
48 * replay, the next-MXID and next-offset counters are at least as large as
49 * anything we saw during replay.
50 *
51 * We are able to remove segments no longer necessary by carefully tracking
52 * each table's used values: during vacuum, any multixact older than a certain
53 * value is removed; the cutoff value is stored in pg_class. The minimum value
54 * across all tables in each database is stored in pg_database, and the global
55 * minimum across all databases is part of pg_control and is kept in shared
56 * memory. Whenever that minimum is advanced, the SLRUs are truncated.
57 *
58 * When new multixactid values are to be created, care is taken that the
59 * counter does not fall within the wraparound horizon considering the global
60 * minimum value.
61 *
62 * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
63 * Portions Copyright (c) 1994, Regents of the University of California
64 *
65 * src/backend/access/transam/multixact.c
66 *
67 *-------------------------------------------------------------------------
68 */
69 #include "postgres.h"
70
71 #include "access/multixact.h"
72 #include "access/slru.h"
73 #include "access/transam.h"
74 #include "access/twophase.h"
75 #include "access/twophase_rmgr.h"
76 #include "access/xact.h"
77 #include "access/xlog.h"
78 #include "access/xloginsert.h"
79 #include "catalog/pg_type.h"
80 #include "commands/dbcommands.h"
81 #include "funcapi.h"
82 #include "lib/ilist.h"
83 #include "miscadmin.h"
84 #include "pg_trace.h"
85 #include "postmaster/autovacuum.h"
86 #include "storage/lmgr.h"
87 #include "storage/pmsignal.h"
88 #include "storage/proc.h"
89 #include "storage/procarray.h"
90 #include "utils/builtins.h"
91 #include "utils/memutils.h"
92 #include "utils/snapmgr.h"
93
94
95 /*
96 * Defines for MultiXactOffset page sizes. A page is the same BLCKSZ as is
97 * used everywhere else in Postgres.
98 *
99 * Note: because MultiXactOffsets are 32 bits and wrap around at 0xFFFFFFFF,
100 * MultiXact page numbering also wraps around at
101 * 0xFFFFFFFF/MULTIXACT_OFFSETS_PER_PAGE, and segment numbering at
102 * 0xFFFFFFFF/MULTIXACT_OFFSETS_PER_PAGE/SLRU_PAGES_PER_SEGMENT. We need
103 * take no explicit notice of that fact in this module, except when comparing
104 * segment and page numbers in TruncateMultiXact (see
105 * MultiXactOffsetPagePrecedes).
106 */
107
108 /* We need four bytes per offset */
109 #define MULTIXACT_OFFSETS_PER_PAGE (BLCKSZ / sizeof(MultiXactOffset))
110
111 #define MultiXactIdToOffsetPage(xid) \
112 ((xid) / (MultiXactOffset) MULTIXACT_OFFSETS_PER_PAGE)
113 #define MultiXactIdToOffsetEntry(xid) \
114 ((xid) % (MultiXactOffset) MULTIXACT_OFFSETS_PER_PAGE)
115 #define MultiXactIdToOffsetSegment(xid) (MultiXactIdToOffsetPage(xid) / SLRU_PAGES_PER_SEGMENT)
116
117 /*
118 * The situation for members is a bit more complex: we store one byte of
119 * additional flag bits for each TransactionId. To do this without getting
120 * into alignment issues, we store four bytes of flags, and then the
121 * corresponding 4 Xids. Each such 5-word (20-byte) set we call a "group", and
122 * are stored as a whole in pages. Thus, with 8kB BLCKSZ, we keep 409 groups
123 * per page. This wastes 12 bytes per page, but that's OK -- simplicity (and
124 * performance) trumps space efficiency here.
125 *
126 * Note that the "offset" macros work with byte offset, not array indexes, so
127 * arithmetic must be done using "char *" pointers.
128 */
129 /* We need eight bits per xact, so one xact fits in a byte */
130 #define MXACT_MEMBER_BITS_PER_XACT 8
131 #define MXACT_MEMBER_FLAGS_PER_BYTE 1
132 #define MXACT_MEMBER_XACT_BITMASK ((1 << MXACT_MEMBER_BITS_PER_XACT) - 1)
133
134 /* how many full bytes of flags are there in a group? */
135 #define MULTIXACT_FLAGBYTES_PER_GROUP 4
136 #define MULTIXACT_MEMBERS_PER_MEMBERGROUP \
137 (MULTIXACT_FLAGBYTES_PER_GROUP * MXACT_MEMBER_FLAGS_PER_BYTE)
138 /* size in bytes of a complete group */
139 #define MULTIXACT_MEMBERGROUP_SIZE \
140 (sizeof(TransactionId) * MULTIXACT_MEMBERS_PER_MEMBERGROUP + MULTIXACT_FLAGBYTES_PER_GROUP)
141 #define MULTIXACT_MEMBERGROUPS_PER_PAGE (BLCKSZ / MULTIXACT_MEMBERGROUP_SIZE)
142 #define MULTIXACT_MEMBERS_PER_PAGE \
143 (MULTIXACT_MEMBERGROUPS_PER_PAGE * MULTIXACT_MEMBERS_PER_MEMBERGROUP)
144
145 /*
146 * Because the number of items per page is not a divisor of the last item
147 * number (member 0xFFFFFFFF), the last segment does not use the maximum number
148 * of pages, and moreover the last used page therein does not use the same
149 * number of items as previous pages. (Another way to say it is that the
150 * 0xFFFFFFFF member is somewhere in the middle of the last page, so the page
151 * has some empty space after that item.)
152 *
153 * This constant is the number of members in the last page of the last segment.
154 */
155 #define MAX_MEMBERS_IN_LAST_MEMBERS_PAGE \
156 ((uint32) ((0xFFFFFFFF % MULTIXACT_MEMBERS_PER_PAGE) + 1))
157
158 /* page in which a member is to be found */
159 #define MXOffsetToMemberPage(xid) ((xid) / (TransactionId) MULTIXACT_MEMBERS_PER_PAGE)
160 #define MXOffsetToMemberSegment(xid) (MXOffsetToMemberPage(xid) / SLRU_PAGES_PER_SEGMENT)
161
162 /* Location (byte offset within page) of flag word for a given member */
163 #define MXOffsetToFlagsOffset(xid) \
164 ((((xid) / (TransactionId) MULTIXACT_MEMBERS_PER_MEMBERGROUP) % \
165 (TransactionId) MULTIXACT_MEMBERGROUPS_PER_PAGE) * \
166 (TransactionId) MULTIXACT_MEMBERGROUP_SIZE)
167 #define MXOffsetToFlagsBitShift(xid) \
168 (((xid) % (TransactionId) MULTIXACT_MEMBERS_PER_MEMBERGROUP) * \
169 MXACT_MEMBER_BITS_PER_XACT)
170
171 /* Location (byte offset within page) of TransactionId of given member */
172 #define MXOffsetToMemberOffset(xid) \
173 (MXOffsetToFlagsOffset(xid) + MULTIXACT_FLAGBYTES_PER_GROUP + \
174 ((xid) % MULTIXACT_MEMBERS_PER_MEMBERGROUP) * sizeof(TransactionId))
175
176 /* Multixact members wraparound thresholds. */
177 #define MULTIXACT_MEMBER_SAFE_THRESHOLD (MaxMultiXactOffset / 2)
178 #define MULTIXACT_MEMBER_DANGER_THRESHOLD \
179 (MaxMultiXactOffset - MaxMultiXactOffset / 4)
180
181 #define PreviousMultiXactId(xid) \
182 ((xid) == FirstMultiXactId ? MaxMultiXactId : (xid) - 1)
183
184 /*
185 * Links to shared-memory data structures for MultiXact control
186 */
187 static SlruCtlData MultiXactOffsetCtlData;
188 static SlruCtlData MultiXactMemberCtlData;
189
190 #define MultiXactOffsetCtl (&MultiXactOffsetCtlData)
191 #define MultiXactMemberCtl (&MultiXactMemberCtlData)
192
193 /*
194 * MultiXact state shared across all backends. All this state is protected
195 * by MultiXactGenLock. (We also use MultiXactOffsetSLRULock and
196 * MultiXactMemberSLRULock to guard accesses to the two sets of SLRU
197 * buffers. For concurrency's sake, we avoid holding more than one of these
198 * locks at a time.)
199 */
200 typedef struct MultiXactStateData
201 {
202 /* next-to-be-assigned MultiXactId */
203 MultiXactId nextMXact;
204
205 /* next-to-be-assigned offset */
206 MultiXactOffset nextOffset;
207
208 /* Have we completed multixact startup? */
209 bool finishedStartup;
210
211 /*
212 * Oldest multixact that is still potentially referenced by a relation.
213 * Anything older than this should not be consulted. These values are
214 * updated by vacuum.
215 */
216 MultiXactId oldestMultiXactId;
217 Oid oldestMultiXactDB;
218
219 /*
220 * Oldest multixact offset that is potentially referenced by a multixact
221 * referenced by a relation. We don't always know this value, so there's
222 * a flag here to indicate whether or not we currently do.
223 */
224 MultiXactOffset oldestOffset;
225 bool oldestOffsetKnown;
226
227 /* support for anti-wraparound measures */
228 MultiXactId multiVacLimit;
229 MultiXactId multiWarnLimit;
230 MultiXactId multiStopLimit;
231 MultiXactId multiWrapLimit;
232
233 /* support for members anti-wraparound measures */
234 MultiXactOffset offsetStopLimit; /* known if oldestOffsetKnown */
235
236 /*
237 * Per-backend data starts here. We have two arrays stored in the area
238 * immediately following the MultiXactStateData struct. Each is indexed by
239 * BackendId.
240 *
241 * In both arrays, there's a slot for all normal backends (1..MaxBackends)
242 * followed by a slot for max_prepared_xacts prepared transactions. Valid
243 * BackendIds start from 1; element zero of each array is never used.
244 *
245 * OldestMemberMXactId[k] is the oldest MultiXactId each backend's current
246 * transaction(s) could possibly be a member of, or InvalidMultiXactId
247 * when the backend has no live transaction that could possibly be a
248 * member of a MultiXact. Each backend sets its entry to the current
249 * nextMXact counter just before first acquiring a shared lock in a given
250 * transaction, and clears it at transaction end. (This works because only
251 * during or after acquiring a shared lock could an XID possibly become a
252 * member of a MultiXact, and that MultiXact would have to be created
253 * during or after the lock acquisition.)
254 *
255 * OldestVisibleMXactId[k] is the oldest MultiXactId each backend's
256 * current transaction(s) think is potentially live, or InvalidMultiXactId
257 * when not in a transaction or not in a transaction that's paid any
258 * attention to MultiXacts yet. This is computed when first needed in a
259 * given transaction, and cleared at transaction end. We can compute it
260 * as the minimum of the valid OldestMemberMXactId[] entries at the time
261 * we compute it (using nextMXact if none are valid). Each backend is
262 * required not to attempt to access any SLRU data for MultiXactIds older
263 * than its own OldestVisibleMXactId[] setting; this is necessary because
264 * the checkpointer could truncate away such data at any instant.
265 *
266 * The oldest valid value among all of the OldestMemberMXactId[] and
267 * OldestVisibleMXactId[] entries is considered by vacuum as the earliest
268 * possible value still having any live member transaction. Subtracting
269 * vacuum_multixact_freeze_min_age from that value we obtain the freezing
270 * point for multixacts for that table. Any value older than that is
271 * removed from tuple headers (or "frozen"; see FreezeMultiXactId. Note
272 * that multis that have member xids that are older than the cutoff point
273 * for xids must also be frozen, even if the multis themselves are newer
274 * than the multixid cutoff point). Whenever a full table vacuum happens,
275 * the freezing point so computed is used as the new pg_class.relminmxid
276 * value. The minimum of all those values in a database is stored as
277 * pg_database.datminmxid. In turn, the minimum of all of those values is
278 * stored in pg_control and used as truncation point for pg_multixact. At
279 * checkpoint or restartpoint, unneeded segments are removed.
280 */
281 MultiXactId perBackendXactIds[FLEXIBLE_ARRAY_MEMBER];
282 } MultiXactStateData;
283
284 /*
285 * Last element of OldestMemberMXactId and OldestVisibleMXactId arrays.
286 * Valid elements are (1..MaxOldestSlot); element 0 is never used.
287 */
288 #define MaxOldestSlot (MaxBackends + max_prepared_xacts)
289
290 /* Pointers to the state data in shared memory */
291 static MultiXactStateData *MultiXactState;
292 static MultiXactId *OldestMemberMXactId;
293 static MultiXactId *OldestVisibleMXactId;
294
295
296 /*
297 * Definitions for the backend-local MultiXactId cache.
298 *
299 * We use this cache to store known MultiXacts, so we don't need to go to
300 * SLRU areas every time.
301 *
302 * The cache lasts for the duration of a single transaction, the rationale
303 * for this being that most entries will contain our own TransactionId and
304 * so they will be uninteresting by the time our next transaction starts.
305 * (XXX not clear that this is correct --- other members of the MultiXact
306 * could hang around longer than we did. However, it's not clear what a
307 * better policy for flushing old cache entries would be.) FIXME actually
308 * this is plain wrong now that multixact's may contain update Xids.
309 *
310 * We allocate the cache entries in a memory context that is deleted at
311 * transaction end, so we don't need to do retail freeing of entries.
312 */
313 typedef struct mXactCacheEnt
314 {
315 MultiXactId multi;
316 int nmembers;
317 dlist_node node;
318 MultiXactMember members[FLEXIBLE_ARRAY_MEMBER];
319 } mXactCacheEnt;
320
321 #define MAX_CACHE_ENTRIES 256
322 static dlist_head MXactCache = DLIST_STATIC_INIT(MXactCache);
323 static int MXactCacheMembers = 0;
324 static MemoryContext MXactContext = NULL;
325
326 #ifdef MULTIXACT_DEBUG
327 #define debug_elog2(a,b) elog(a,b)
328 #define debug_elog3(a,b,c) elog(a,b,c)
329 #define debug_elog4(a,b,c,d) elog(a,b,c,d)
330 #define debug_elog5(a,b,c,d,e) elog(a,b,c,d,e)
331 #define debug_elog6(a,b,c,d,e,f) elog(a,b,c,d,e,f)
332 #else
333 #define debug_elog2(a,b)
334 #define debug_elog3(a,b,c)
335 #define debug_elog4(a,b,c,d)
336 #define debug_elog5(a,b,c,d,e)
337 #define debug_elog6(a,b,c,d,e,f)
338 #endif
339
340 /* internal MultiXactId management */
341 static void MultiXactIdSetOldestVisible(void);
342 static void RecordNewMultiXact(MultiXactId multi, MultiXactOffset offset,
343 int nmembers, MultiXactMember *members);
344 static MultiXactId GetNewMultiXactId(int nmembers, MultiXactOffset *offset);
345
346 /* MultiXact cache management */
347 static int mxactMemberComparator(const void *arg1, const void *arg2);
348 static MultiXactId mXactCacheGetBySet(int nmembers, MultiXactMember *members);
349 static int mXactCacheGetById(MultiXactId multi, MultiXactMember **members);
350 static void mXactCachePut(MultiXactId multi, int nmembers,
351 MultiXactMember *members);
352
353 static char *mxstatus_to_string(MultiXactStatus status);
354
355 /* management of SLRU infrastructure */
356 static int ZeroMultiXactOffsetPage(int pageno, bool writeXlog);
357 static int ZeroMultiXactMemberPage(int pageno, bool writeXlog);
358 static bool MultiXactOffsetPagePrecedes(int page1, int page2);
359 static bool MultiXactMemberPagePrecedes(int page1, int page2);
360 static bool MultiXactOffsetPrecedes(MultiXactOffset offset1,
361 MultiXactOffset offset2);
362 static void ExtendMultiXactOffset(MultiXactId multi);
363 static void ExtendMultiXactMember(MultiXactOffset offset, int nmembers);
364 static bool MultiXactOffsetWouldWrap(MultiXactOffset boundary,
365 MultiXactOffset start, uint32 distance);
366 static bool SetOffsetVacuumLimit(bool is_startup);
367 static bool find_multixact_start(MultiXactId multi, MultiXactOffset *result);
368 static void WriteMZeroPageXlogRec(int pageno, uint8 info);
369 static void WriteMTruncateXlogRec(Oid oldestMultiDB,
370 MultiXactId startTruncOff,
371 MultiXactId endTruncOff,
372 MultiXactOffset startTruncMemb,
373 MultiXactOffset endTruncMemb);
374
375
376 /*
377 * MultiXactIdCreate
378 * Construct a MultiXactId representing two TransactionIds.
379 *
380 * The two XIDs must be different, or be requesting different statuses.
381 *
382 * NB - we don't worry about our local MultiXactId cache here, because that
383 * is handled by the lower-level routines.
384 */
385 MultiXactId
MultiXactIdCreate(TransactionId xid1,MultiXactStatus status1,TransactionId xid2,MultiXactStatus status2)386 MultiXactIdCreate(TransactionId xid1, MultiXactStatus status1,
387 TransactionId xid2, MultiXactStatus status2)
388 {
389 MultiXactId newMulti;
390 MultiXactMember members[2];
391
392 AssertArg(TransactionIdIsValid(xid1));
393 AssertArg(TransactionIdIsValid(xid2));
394
395 Assert(!TransactionIdEquals(xid1, xid2) || (status1 != status2));
396
397 /* MultiXactIdSetOldestMember() must have been called already. */
398 Assert(MultiXactIdIsValid(OldestMemberMXactId[MyBackendId]));
399
400 /*
401 * Note: unlike MultiXactIdExpand, we don't bother to check that both XIDs
402 * are still running. In typical usage, xid2 will be our own XID and the
403 * caller just did a check on xid1, so it'd be wasted effort.
404 */
405
406 members[0].xid = xid1;
407 members[0].status = status1;
408 members[1].xid = xid2;
409 members[1].status = status2;
410
411 newMulti = MultiXactIdCreateFromMembers(2, members);
412
413 debug_elog3(DEBUG2, "Create: %s",
414 mxid_to_string(newMulti, 2, members));
415
416 return newMulti;
417 }
418
419 /*
420 * MultiXactIdExpand
421 * Add a TransactionId to a pre-existing MultiXactId.
422 *
423 * If the TransactionId is already a member of the passed MultiXactId with the
424 * same status, just return it as-is.
425 *
426 * Note that we do NOT actually modify the membership of a pre-existing
427 * MultiXactId; instead we create a new one. This is necessary to avoid
428 * a race condition against code trying to wait for one MultiXactId to finish;
429 * see notes in heapam.c.
430 *
431 * NB - we don't worry about our local MultiXactId cache here, because that
432 * is handled by the lower-level routines.
433 *
434 * Note: It is critical that MultiXactIds that come from an old cluster (i.e.
435 * one upgraded by pg_upgrade from a cluster older than this feature) are not
436 * passed in.
437 */
438 MultiXactId
MultiXactIdExpand(MultiXactId multi,TransactionId xid,MultiXactStatus status)439 MultiXactIdExpand(MultiXactId multi, TransactionId xid, MultiXactStatus status)
440 {
441 MultiXactId newMulti;
442 MultiXactMember *members;
443 MultiXactMember *newMembers;
444 int nmembers;
445 int i;
446 int j;
447
448 AssertArg(MultiXactIdIsValid(multi));
449 AssertArg(TransactionIdIsValid(xid));
450
451 /* MultiXactIdSetOldestMember() must have been called already. */
452 Assert(MultiXactIdIsValid(OldestMemberMXactId[MyBackendId]));
453
454 debug_elog5(DEBUG2, "Expand: received multi %u, xid %u status %s",
455 multi, xid, mxstatus_to_string(status));
456
457 /*
458 * Note: we don't allow for old multis here. The reason is that the only
459 * caller of this function does a check that the multixact is no longer
460 * running.
461 */
462 nmembers = GetMultiXactIdMembers(multi, &members, false, false);
463
464 if (nmembers < 0)
465 {
466 MultiXactMember member;
467
468 /*
469 * The MultiXactId is obsolete. This can only happen if all the
470 * MultiXactId members stop running between the caller checking and
471 * passing it to us. It would be better to return that fact to the
472 * caller, but it would complicate the API and it's unlikely to happen
473 * too often, so just deal with it by creating a singleton MultiXact.
474 */
475 member.xid = xid;
476 member.status = status;
477 newMulti = MultiXactIdCreateFromMembers(1, &member);
478
479 debug_elog4(DEBUG2, "Expand: %u has no members, create singleton %u",
480 multi, newMulti);
481 return newMulti;
482 }
483
484 /*
485 * If the TransactionId is already a member of the MultiXactId with the
486 * same status, just return the existing MultiXactId.
487 */
488 for (i = 0; i < nmembers; i++)
489 {
490 if (TransactionIdEquals(members[i].xid, xid) &&
491 (members[i].status == status))
492 {
493 debug_elog4(DEBUG2, "Expand: %u is already a member of %u",
494 xid, multi);
495 pfree(members);
496 return multi;
497 }
498 }
499
500 /*
501 * Determine which of the members of the MultiXactId are still of
502 * interest. This is any running transaction, and also any transaction
503 * that grabbed something stronger than just a lock and was committed. (An
504 * update that aborted is of no interest here; and having more than one
505 * update Xid in a multixact would cause errors elsewhere.)
506 *
507 * Removing dead members is not just an optimization: freezing of tuples
508 * whose Xmax are multis depends on this behavior.
509 *
510 * Note we have the same race condition here as above: j could be 0 at the
511 * end of the loop.
512 */
513 newMembers = (MultiXactMember *)
514 palloc(sizeof(MultiXactMember) * (nmembers + 1));
515
516 for (i = 0, j = 0; i < nmembers; i++)
517 {
518 if (TransactionIdIsInProgress(members[i].xid) ||
519 (ISUPDATE_from_mxstatus(members[i].status) &&
520 TransactionIdDidCommit(members[i].xid)))
521 {
522 newMembers[j].xid = members[i].xid;
523 newMembers[j++].status = members[i].status;
524 }
525 }
526
527 newMembers[j].xid = xid;
528 newMembers[j++].status = status;
529 newMulti = MultiXactIdCreateFromMembers(j, newMembers);
530
531 pfree(members);
532 pfree(newMembers);
533
534 debug_elog3(DEBUG2, "Expand: returning new multi %u", newMulti);
535
536 return newMulti;
537 }
538
539 /*
540 * MultiXactIdIsRunning
541 * Returns whether a MultiXactId is "running".
542 *
543 * We return true if at least one member of the given MultiXactId is still
544 * running. Note that a "false" result is certain not to change,
545 * because it is not legal to add members to an existing MultiXactId.
546 *
547 * Caller is expected to have verified that the multixact does not come from
548 * a pg_upgraded share-locked tuple.
549 */
550 bool
MultiXactIdIsRunning(MultiXactId multi,bool isLockOnly)551 MultiXactIdIsRunning(MultiXactId multi, bool isLockOnly)
552 {
553 MultiXactMember *members;
554 int nmembers;
555 int i;
556
557 debug_elog3(DEBUG2, "IsRunning %u?", multi);
558
559 /*
560 * "false" here means we assume our callers have checked that the given
561 * multi cannot possibly come from a pg_upgraded database.
562 */
563 nmembers = GetMultiXactIdMembers(multi, &members, false, isLockOnly);
564
565 if (nmembers <= 0)
566 {
567 debug_elog2(DEBUG2, "IsRunning: no members");
568 return false;
569 }
570
571 /*
572 * Checking for myself is cheap compared to looking in shared memory;
573 * return true if any live subtransaction of the current top-level
574 * transaction is a member.
575 *
576 * This is not needed for correctness, it's just a fast path.
577 */
578 for (i = 0; i < nmembers; i++)
579 {
580 if (TransactionIdIsCurrentTransactionId(members[i].xid))
581 {
582 debug_elog3(DEBUG2, "IsRunning: I (%d) am running!", i);
583 pfree(members);
584 return true;
585 }
586 }
587
588 /*
589 * This could be made faster by having another entry point in procarray.c,
590 * walking the PGPROC array only once for all the members. But in most
591 * cases nmembers should be small enough that it doesn't much matter.
592 */
593 for (i = 0; i < nmembers; i++)
594 {
595 if (TransactionIdIsInProgress(members[i].xid))
596 {
597 debug_elog4(DEBUG2, "IsRunning: member %d (%u) is running",
598 i, members[i].xid);
599 pfree(members);
600 return true;
601 }
602 }
603
604 pfree(members);
605
606 debug_elog3(DEBUG2, "IsRunning: %u is not running", multi);
607
608 return false;
609 }
610
611 /*
612 * MultiXactIdSetOldestMember
613 * Save the oldest MultiXactId this transaction could be a member of.
614 *
615 * We set the OldestMemberMXactId for a given transaction the first time it's
616 * going to do some operation that might require a MultiXactId (tuple lock,
617 * update or delete). We need to do this even if we end up using a
618 * TransactionId instead of a MultiXactId, because there is a chance that
619 * another transaction would add our XID to a MultiXactId.
620 *
621 * The value to set is the next-to-be-assigned MultiXactId, so this is meant to
622 * be called just before doing any such possibly-MultiXactId-able operation.
623 */
624 void
MultiXactIdSetOldestMember(void)625 MultiXactIdSetOldestMember(void)
626 {
627 if (!MultiXactIdIsValid(OldestMemberMXactId[MyBackendId]))
628 {
629 MultiXactId nextMXact;
630
631 /*
632 * You might think we don't need to acquire a lock here, since
633 * fetching and storing of TransactionIds is probably atomic, but in
634 * fact we do: suppose we pick up nextMXact and then lose the CPU for
635 * a long time. Someone else could advance nextMXact, and then
636 * another someone else could compute an OldestVisibleMXactId that
637 * would be after the value we are going to store when we get control
638 * back. Which would be wrong.
639 *
640 * Note that a shared lock is sufficient, because it's enough to stop
641 * someone from advancing nextMXact; and nobody else could be trying
642 * to write to our OldestMember entry, only reading (and we assume
643 * storing it is atomic.)
644 */
645 LWLockAcquire(MultiXactGenLock, LW_SHARED);
646
647 /*
648 * We have to beware of the possibility that nextMXact is in the
649 * wrapped-around state. We don't fix the counter itself here, but we
650 * must be sure to store a valid value in our array entry.
651 */
652 nextMXact = MultiXactState->nextMXact;
653 if (nextMXact < FirstMultiXactId)
654 nextMXact = FirstMultiXactId;
655
656 OldestMemberMXactId[MyBackendId] = nextMXact;
657
658 LWLockRelease(MultiXactGenLock);
659
660 debug_elog4(DEBUG2, "MultiXact: setting OldestMember[%d] = %u",
661 MyBackendId, nextMXact);
662 }
663 }
664
665 /*
666 * MultiXactIdSetOldestVisible
667 * Save the oldest MultiXactId this transaction considers possibly live.
668 *
669 * We set the OldestVisibleMXactId for a given transaction the first time
670 * it's going to inspect any MultiXactId. Once we have set this, we are
671 * guaranteed that the checkpointer won't truncate off SLRU data for
672 * MultiXactIds at or after our OldestVisibleMXactId.
673 *
674 * The value to set is the oldest of nextMXact and all the valid per-backend
675 * OldestMemberMXactId[] entries. Because of the locking we do, we can be
676 * certain that no subsequent call to MultiXactIdSetOldestMember can set
677 * an OldestMemberMXactId[] entry older than what we compute here. Therefore
678 * there is no live transaction, now or later, that can be a member of any
679 * MultiXactId older than the OldestVisibleMXactId we compute here.
680 */
681 static void
MultiXactIdSetOldestVisible(void)682 MultiXactIdSetOldestVisible(void)
683 {
684 if (!MultiXactIdIsValid(OldestVisibleMXactId[MyBackendId]))
685 {
686 MultiXactId oldestMXact;
687 int i;
688
689 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
690
691 /*
692 * We have to beware of the possibility that nextMXact is in the
693 * wrapped-around state. We don't fix the counter itself here, but we
694 * must be sure to store a valid value in our array entry.
695 */
696 oldestMXact = MultiXactState->nextMXact;
697 if (oldestMXact < FirstMultiXactId)
698 oldestMXact = FirstMultiXactId;
699
700 for (i = 1; i <= MaxOldestSlot; i++)
701 {
702 MultiXactId thisoldest = OldestMemberMXactId[i];
703
704 if (MultiXactIdIsValid(thisoldest) &&
705 MultiXactIdPrecedes(thisoldest, oldestMXact))
706 oldestMXact = thisoldest;
707 }
708
709 OldestVisibleMXactId[MyBackendId] = oldestMXact;
710
711 LWLockRelease(MultiXactGenLock);
712
713 debug_elog4(DEBUG2, "MultiXact: setting OldestVisible[%d] = %u",
714 MyBackendId, oldestMXact);
715 }
716 }
717
718 /*
719 * ReadNextMultiXactId
720 * Return the next MultiXactId to be assigned, but don't allocate it
721 */
722 MultiXactId
ReadNextMultiXactId(void)723 ReadNextMultiXactId(void)
724 {
725 MultiXactId mxid;
726
727 /* XXX we could presumably do this without a lock. */
728 LWLockAcquire(MultiXactGenLock, LW_SHARED);
729 mxid = MultiXactState->nextMXact;
730 LWLockRelease(MultiXactGenLock);
731
732 if (mxid < FirstMultiXactId)
733 mxid = FirstMultiXactId;
734
735 return mxid;
736 }
737
738 /*
739 * ReadMultiXactIdRange
740 * Get the range of IDs that may still be referenced by a relation.
741 */
742 void
ReadMultiXactIdRange(MultiXactId * oldest,MultiXactId * next)743 ReadMultiXactIdRange(MultiXactId *oldest, MultiXactId *next)
744 {
745 LWLockAcquire(MultiXactGenLock, LW_SHARED);
746 *oldest = MultiXactState->oldestMultiXactId;
747 *next = MultiXactState->nextMXact;
748 LWLockRelease(MultiXactGenLock);
749
750 if (*oldest < FirstMultiXactId)
751 *oldest = FirstMultiXactId;
752 if (*next < FirstMultiXactId)
753 *next = FirstMultiXactId;
754 }
755
756
757 /*
758 * MultiXactIdCreateFromMembers
759 * Make a new MultiXactId from the specified set of members
760 *
761 * Make XLOG, SLRU and cache entries for a new MultiXactId, recording the
762 * given TransactionIds as members. Returns the newly created MultiXactId.
763 *
764 * NB: the passed members[] array will be sorted in-place.
765 */
766 MultiXactId
MultiXactIdCreateFromMembers(int nmembers,MultiXactMember * members)767 MultiXactIdCreateFromMembers(int nmembers, MultiXactMember *members)
768 {
769 MultiXactId multi;
770 MultiXactOffset offset;
771 xl_multixact_create xlrec;
772
773 debug_elog3(DEBUG2, "Create: %s",
774 mxid_to_string(InvalidMultiXactId, nmembers, members));
775
776 /*
777 * See if the same set of members already exists in our cache; if so, just
778 * re-use that MultiXactId. (Note: it might seem that looking in our
779 * cache is insufficient, and we ought to search disk to see if a
780 * duplicate definition already exists. But since we only ever create
781 * MultiXacts containing our own XID, in most cases any such MultiXacts
782 * were in fact created by us, and so will be in our cache. There are
783 * corner cases where someone else added us to a MultiXact without our
784 * knowledge, but it's not worth checking for.)
785 */
786 multi = mXactCacheGetBySet(nmembers, members);
787 if (MultiXactIdIsValid(multi))
788 {
789 debug_elog2(DEBUG2, "Create: in cache!");
790 return multi;
791 }
792
793 /* Verify that there is a single update Xid among the given members. */
794 {
795 int i;
796 bool has_update = false;
797
798 for (i = 0; i < nmembers; i++)
799 {
800 if (ISUPDATE_from_mxstatus(members[i].status))
801 {
802 if (has_update)
803 elog(ERROR, "new multixact has more than one updating member");
804 has_update = true;
805 }
806 }
807 }
808
809 /*
810 * Assign the MXID and offsets range to use, and make sure there is space
811 * in the OFFSETs and MEMBERs files. NB: this routine does
812 * START_CRIT_SECTION().
813 *
814 * Note: unlike MultiXactIdCreate and MultiXactIdExpand, we do not check
815 * that we've called MultiXactIdSetOldestMember here. This is because
816 * this routine is used in some places to create new MultiXactIds of which
817 * the current backend is not a member, notably during freezing of multis
818 * in vacuum. During vacuum, in particular, it would be unacceptable to
819 * keep OldestMulti set, in case it runs for long.
820 */
821 multi = GetNewMultiXactId(nmembers, &offset);
822
823 /* Make an XLOG entry describing the new MXID. */
824 xlrec.mid = multi;
825 xlrec.moff = offset;
826 xlrec.nmembers = nmembers;
827
828 /*
829 * XXX Note: there's a lot of padding space in MultiXactMember. We could
830 * find a more compact representation of this Xlog record -- perhaps all
831 * the status flags in one XLogRecData, then all the xids in another one?
832 * Not clear that it's worth the trouble though.
833 */
834 XLogBeginInsert();
835 XLogRegisterData((char *) (&xlrec), SizeOfMultiXactCreate);
836 XLogRegisterData((char *) members, nmembers * sizeof(MultiXactMember));
837
838 (void) XLogInsert(RM_MULTIXACT_ID, XLOG_MULTIXACT_CREATE_ID);
839
840 /* Now enter the information into the OFFSETs and MEMBERs logs */
841 RecordNewMultiXact(multi, offset, nmembers, members);
842
843 /* Done with critical section */
844 END_CRIT_SECTION();
845
846 /* Store the new MultiXactId in the local cache, too */
847 mXactCachePut(multi, nmembers, members);
848
849 debug_elog2(DEBUG2, "Create: all done");
850
851 return multi;
852 }
853
854 /*
855 * RecordNewMultiXact
856 * Write info about a new multixact into the offsets and members files
857 *
858 * This is broken out of MultiXactIdCreateFromMembers so that xlog replay can
859 * use it.
860 */
861 static void
RecordNewMultiXact(MultiXactId multi,MultiXactOffset offset,int nmembers,MultiXactMember * members)862 RecordNewMultiXact(MultiXactId multi, MultiXactOffset offset,
863 int nmembers, MultiXactMember *members)
864 {
865 int pageno;
866 int prev_pageno;
867 int entryno;
868 int slotno;
869 MultiXactOffset *offptr;
870 int i;
871
872 LWLockAcquire(MultiXactOffsetSLRULock, LW_EXCLUSIVE);
873
874 pageno = MultiXactIdToOffsetPage(multi);
875 entryno = MultiXactIdToOffsetEntry(multi);
876
877 /*
878 * Note: we pass the MultiXactId to SimpleLruReadPage as the "transaction"
879 * to complain about if there's any I/O error. This is kinda bogus, but
880 * since the errors will always give the full pathname, it should be clear
881 * enough that a MultiXactId is really involved. Perhaps someday we'll
882 * take the trouble to generalize the slru.c error reporting code.
883 */
884 slotno = SimpleLruReadPage(MultiXactOffsetCtl, pageno, true, multi);
885 offptr = (MultiXactOffset *) MultiXactOffsetCtl->shared->page_buffer[slotno];
886 offptr += entryno;
887
888 *offptr = offset;
889
890 MultiXactOffsetCtl->shared->page_dirty[slotno] = true;
891
892 /* Exchange our lock */
893 LWLockRelease(MultiXactOffsetSLRULock);
894
895 LWLockAcquire(MultiXactMemberSLRULock, LW_EXCLUSIVE);
896
897 prev_pageno = -1;
898
899 for (i = 0; i < nmembers; i++, offset++)
900 {
901 TransactionId *memberptr;
902 uint32 *flagsptr;
903 uint32 flagsval;
904 int bshift;
905 int flagsoff;
906 int memberoff;
907
908 Assert(members[i].status <= MultiXactStatusUpdate);
909
910 pageno = MXOffsetToMemberPage(offset);
911 memberoff = MXOffsetToMemberOffset(offset);
912 flagsoff = MXOffsetToFlagsOffset(offset);
913 bshift = MXOffsetToFlagsBitShift(offset);
914
915 if (pageno != prev_pageno)
916 {
917 slotno = SimpleLruReadPage(MultiXactMemberCtl, pageno, true, multi);
918 prev_pageno = pageno;
919 }
920
921 memberptr = (TransactionId *)
922 (MultiXactMemberCtl->shared->page_buffer[slotno] + memberoff);
923
924 *memberptr = members[i].xid;
925
926 flagsptr = (uint32 *)
927 (MultiXactMemberCtl->shared->page_buffer[slotno] + flagsoff);
928
929 flagsval = *flagsptr;
930 flagsval &= ~(((1 << MXACT_MEMBER_BITS_PER_XACT) - 1) << bshift);
931 flagsval |= (members[i].status << bshift);
932 *flagsptr = flagsval;
933
934 MultiXactMemberCtl->shared->page_dirty[slotno] = true;
935 }
936
937 LWLockRelease(MultiXactMemberSLRULock);
938 }
939
940 /*
941 * GetNewMultiXactId
942 * Get the next MultiXactId.
943 *
944 * Also, reserve the needed amount of space in the "members" area. The
945 * starting offset of the reserved space is returned in *offset.
946 *
947 * This may generate XLOG records for expansion of the offsets and/or members
948 * files. Unfortunately, we have to do that while holding MultiXactGenLock
949 * to avoid race conditions --- the XLOG record for zeroing a page must appear
950 * before any backend can possibly try to store data in that page!
951 *
952 * We start a critical section before advancing the shared counters. The
953 * caller must end the critical section after writing SLRU data.
954 */
955 static MultiXactId
GetNewMultiXactId(int nmembers,MultiXactOffset * offset)956 GetNewMultiXactId(int nmembers, MultiXactOffset *offset)
957 {
958 MultiXactId result;
959 MultiXactOffset nextOffset;
960
961 debug_elog3(DEBUG2, "GetNew: for %d xids", nmembers);
962
963 /* safety check, we should never get this far in a HS standby */
964 if (RecoveryInProgress())
965 elog(ERROR, "cannot assign MultiXactIds during recovery");
966
967 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
968
969 /* Handle wraparound of the nextMXact counter */
970 if (MultiXactState->nextMXact < FirstMultiXactId)
971 MultiXactState->nextMXact = FirstMultiXactId;
972
973 /* Assign the MXID */
974 result = MultiXactState->nextMXact;
975
976 /*----------
977 * Check to see if it's safe to assign another MultiXactId. This protects
978 * against catastrophic data loss due to multixact wraparound. The basic
979 * rules are:
980 *
981 * If we're past multiVacLimit or the safe threshold for member storage
982 * space, or we don't know what the safe threshold for member storage is,
983 * start trying to force autovacuum cycles.
984 * If we're past multiWarnLimit, start issuing warnings.
985 * If we're past multiStopLimit, refuse to create new MultiXactIds.
986 *
987 * Note these are pretty much the same protections in GetNewTransactionId.
988 *----------
989 */
990 if (!MultiXactIdPrecedes(result, MultiXactState->multiVacLimit))
991 {
992 /*
993 * For safety's sake, we release MultiXactGenLock while sending
994 * signals, warnings, etc. This is not so much because we care about
995 * preserving concurrency in this situation, as to avoid any
996 * possibility of deadlock while doing get_database_name(). First,
997 * copy all the shared values we'll need in this path.
998 */
999 MultiXactId multiWarnLimit = MultiXactState->multiWarnLimit;
1000 MultiXactId multiStopLimit = MultiXactState->multiStopLimit;
1001 MultiXactId multiWrapLimit = MultiXactState->multiWrapLimit;
1002 Oid oldest_datoid = MultiXactState->oldestMultiXactDB;
1003
1004 LWLockRelease(MultiXactGenLock);
1005
1006 if (IsUnderPostmaster &&
1007 !MultiXactIdPrecedes(result, multiStopLimit))
1008 {
1009 char *oldest_datname = get_database_name(oldest_datoid);
1010
1011 /*
1012 * Immediately kick autovacuum into action as we're already in
1013 * ERROR territory.
1014 */
1015 SendPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER);
1016
1017 /* complain even if that DB has disappeared */
1018 if (oldest_datname)
1019 ereport(ERROR,
1020 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
1021 errmsg("database is not accepting commands that generate new MultiXactIds to avoid wraparound data loss in database \"%s\"",
1022 oldest_datname),
1023 errhint("Execute a database-wide VACUUM in that database.\n"
1024 "You might also need to commit or roll back old prepared transactions, or drop stale replication slots.")));
1025 else
1026 ereport(ERROR,
1027 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
1028 errmsg("database is not accepting commands that generate new MultiXactIds to avoid wraparound data loss in database with OID %u",
1029 oldest_datoid),
1030 errhint("Execute a database-wide VACUUM in that database.\n"
1031 "You might also need to commit or roll back old prepared transactions, or drop stale replication slots.")));
1032 }
1033
1034 /*
1035 * To avoid swamping the postmaster with signals, we issue the autovac
1036 * request only once per 64K multis generated. This still gives
1037 * plenty of chances before we get into real trouble.
1038 */
1039 if (IsUnderPostmaster && (result % 65536) == 0)
1040 SendPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER);
1041
1042 if (!MultiXactIdPrecedes(result, multiWarnLimit))
1043 {
1044 char *oldest_datname = get_database_name(oldest_datoid);
1045
1046 /* complain even if that DB has disappeared */
1047 if (oldest_datname)
1048 ereport(WARNING,
1049 (errmsg_plural("database \"%s\" must be vacuumed before %u more MultiXactId is used",
1050 "database \"%s\" must be vacuumed before %u more MultiXactIds are used",
1051 multiWrapLimit - result,
1052 oldest_datname,
1053 multiWrapLimit - result),
1054 errhint("Execute a database-wide VACUUM in that database.\n"
1055 "You might also need to commit or roll back old prepared transactions, or drop stale replication slots.")));
1056 else
1057 ereport(WARNING,
1058 (errmsg_plural("database with OID %u must be vacuumed before %u more MultiXactId is used",
1059 "database with OID %u must be vacuumed before %u more MultiXactIds are used",
1060 multiWrapLimit - result,
1061 oldest_datoid,
1062 multiWrapLimit - result),
1063 errhint("Execute a database-wide VACUUM in that database.\n"
1064 "You might also need to commit or roll back old prepared transactions, or drop stale replication slots.")));
1065 }
1066
1067 /* Re-acquire lock and start over */
1068 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
1069 result = MultiXactState->nextMXact;
1070 if (result < FirstMultiXactId)
1071 result = FirstMultiXactId;
1072 }
1073
1074 /* Make sure there is room for the MXID in the file. */
1075 ExtendMultiXactOffset(result);
1076
1077 /*
1078 * Reserve the members space, similarly to above. Also, be careful not to
1079 * return zero as the starting offset for any multixact. See
1080 * GetMultiXactIdMembers() for motivation.
1081 */
1082 nextOffset = MultiXactState->nextOffset;
1083 if (nextOffset == 0)
1084 {
1085 *offset = 1;
1086 nmembers++; /* allocate member slot 0 too */
1087 }
1088 else
1089 *offset = nextOffset;
1090
1091 /*----------
1092 * Protect against overrun of the members space as well, with the
1093 * following rules:
1094 *
1095 * If we're past offsetStopLimit, refuse to generate more multis.
1096 * If we're close to offsetStopLimit, emit a warning.
1097 *
1098 * Arbitrarily, we start emitting warnings when we're 20 segments or less
1099 * from offsetStopLimit.
1100 *
1101 * Note we haven't updated the shared state yet, so if we fail at this
1102 * point, the multixact ID we grabbed can still be used by the next guy.
1103 *
1104 * Note that there is no point in forcing autovacuum runs here: the
1105 * multixact freeze settings would have to be reduced for that to have any
1106 * effect.
1107 *----------
1108 */
1109 #define OFFSET_WARN_SEGMENTS 20
1110 if (MultiXactState->oldestOffsetKnown &&
1111 MultiXactOffsetWouldWrap(MultiXactState->offsetStopLimit, nextOffset,
1112 nmembers))
1113 {
1114 /* see comment in the corresponding offsets wraparound case */
1115 SendPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER);
1116
1117 ereport(ERROR,
1118 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
1119 errmsg("multixact \"members\" limit exceeded"),
1120 errdetail_plural("This command would create a multixact with %u members, but the remaining space is only enough for %u member.",
1121 "This command would create a multixact with %u members, but the remaining space is only enough for %u members.",
1122 MultiXactState->offsetStopLimit - nextOffset - 1,
1123 nmembers,
1124 MultiXactState->offsetStopLimit - nextOffset - 1),
1125 errhint("Execute a database-wide VACUUM in database with OID %u with reduced vacuum_multixact_freeze_min_age and vacuum_multixact_freeze_table_age settings.",
1126 MultiXactState->oldestMultiXactDB)));
1127 }
1128
1129 /*
1130 * Check whether we should kick autovacuum into action, to prevent members
1131 * wraparound. NB we use a much larger window to trigger autovacuum than
1132 * just the warning limit. The warning is just a measure of last resort -
1133 * this is in line with GetNewTransactionId's behaviour.
1134 */
1135 if (!MultiXactState->oldestOffsetKnown ||
1136 (MultiXactState->nextOffset - MultiXactState->oldestOffset
1137 > MULTIXACT_MEMBER_SAFE_THRESHOLD))
1138 {
1139 /*
1140 * To avoid swamping the postmaster with signals, we issue the autovac
1141 * request only when crossing a segment boundary. With default
1142 * compilation settings that's roughly after 50k members. This still
1143 * gives plenty of chances before we get into real trouble.
1144 */
1145 if ((MXOffsetToMemberPage(nextOffset) / SLRU_PAGES_PER_SEGMENT) !=
1146 (MXOffsetToMemberPage(nextOffset + nmembers) / SLRU_PAGES_PER_SEGMENT))
1147 SendPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER);
1148 }
1149
1150 if (MultiXactState->oldestOffsetKnown &&
1151 MultiXactOffsetWouldWrap(MultiXactState->offsetStopLimit,
1152 nextOffset,
1153 nmembers + MULTIXACT_MEMBERS_PER_PAGE * SLRU_PAGES_PER_SEGMENT * OFFSET_WARN_SEGMENTS))
1154 ereport(WARNING,
1155 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
1156 errmsg_plural("database with OID %u must be vacuumed before %d more multixact member is used",
1157 "database with OID %u must be vacuumed before %d more multixact members are used",
1158 MultiXactState->offsetStopLimit - nextOffset + nmembers,
1159 MultiXactState->oldestMultiXactDB,
1160 MultiXactState->offsetStopLimit - nextOffset + nmembers),
1161 errhint("Execute a database-wide VACUUM in that database with reduced vacuum_multixact_freeze_min_age and vacuum_multixact_freeze_table_age settings.")));
1162
1163 ExtendMultiXactMember(nextOffset, nmembers);
1164
1165 /*
1166 * Critical section from here until caller has written the data into the
1167 * just-reserved SLRU space; we don't want to error out with a partly
1168 * written MultiXact structure. (In particular, failing to write our
1169 * start offset after advancing nextMXact would effectively corrupt the
1170 * previous MultiXact.)
1171 */
1172 START_CRIT_SECTION();
1173
1174 /*
1175 * Advance counters. As in GetNewTransactionId(), this must not happen
1176 * until after file extension has succeeded!
1177 *
1178 * We don't care about MultiXactId wraparound here; it will be handled by
1179 * the next iteration. But note that nextMXact may be InvalidMultiXactId
1180 * or the first value on a segment-beginning page after this routine
1181 * exits, so anyone else looking at the variable must be prepared to deal
1182 * with either case. Similarly, nextOffset may be zero, but we won't use
1183 * that as the actual start offset of the next multixact.
1184 */
1185 (MultiXactState->nextMXact)++;
1186
1187 MultiXactState->nextOffset += nmembers;
1188
1189 LWLockRelease(MultiXactGenLock);
1190
1191 debug_elog4(DEBUG2, "GetNew: returning %u offset %u", result, *offset);
1192 return result;
1193 }
1194
1195 /*
1196 * GetMultiXactIdMembers
1197 * Return the set of MultiXactMembers that make up a MultiXactId
1198 *
1199 * Return value is the number of members found, or -1 if there are none,
1200 * and *members is set to a newly palloc'ed array of members. It's the
1201 * caller's responsibility to free it when done with it.
1202 *
1203 * from_pgupgrade must be passed as true if and only if only the multixact
1204 * corresponds to a value from a tuple that was locked in a 9.2-or-older
1205 * installation and later pg_upgrade'd (that is, the infomask is
1206 * HEAP_LOCKED_UPGRADED). In this case, we know for certain that no members
1207 * can still be running, so we return -1 just like for an empty multixact
1208 * without any further checking. It would be wrong to try to resolve such a
1209 * multixact: either the multixact is within the current valid multixact
1210 * range, in which case the returned result would be bogus, or outside that
1211 * range, in which case an error would be raised.
1212 *
1213 * In all other cases, the passed multixact must be within the known valid
1214 * range, that is, greater to or equal than oldestMultiXactId, and less than
1215 * nextMXact. Otherwise, an error is raised.
1216 *
1217 * onlyLock must be set to true if caller is certain that the given multi
1218 * is used only to lock tuples; can be false without loss of correctness,
1219 * but passing a true means we can return quickly without checking for
1220 * old updates.
1221 */
1222 int
GetMultiXactIdMembers(MultiXactId multi,MultiXactMember ** members,bool from_pgupgrade,bool onlyLock)1223 GetMultiXactIdMembers(MultiXactId multi, MultiXactMember **members,
1224 bool from_pgupgrade, bool onlyLock)
1225 {
1226 int pageno;
1227 int prev_pageno;
1228 int entryno;
1229 int slotno;
1230 MultiXactOffset *offptr;
1231 MultiXactOffset offset;
1232 int length;
1233 int truelength;
1234 int i;
1235 MultiXactId oldestMXact;
1236 MultiXactId nextMXact;
1237 MultiXactId tmpMXact;
1238 MultiXactOffset nextOffset;
1239 MultiXactMember *ptr;
1240
1241 debug_elog3(DEBUG2, "GetMembers: asked for %u", multi);
1242
1243 if (!MultiXactIdIsValid(multi) || from_pgupgrade)
1244 {
1245 *members = NULL;
1246 return -1;
1247 }
1248
1249 /* See if the MultiXactId is in the local cache */
1250 length = mXactCacheGetById(multi, members);
1251 if (length >= 0)
1252 {
1253 debug_elog3(DEBUG2, "GetMembers: found %s in the cache",
1254 mxid_to_string(multi, length, *members));
1255 return length;
1256 }
1257
1258 /* Set our OldestVisibleMXactId[] entry if we didn't already */
1259 MultiXactIdSetOldestVisible();
1260
1261 /*
1262 * If we know the multi is used only for locking and not for updates, then
1263 * we can skip checking if the value is older than our oldest visible
1264 * multi. It cannot possibly still be running.
1265 */
1266 if (onlyLock &&
1267 MultiXactIdPrecedes(multi, OldestVisibleMXactId[MyBackendId]))
1268 {
1269 debug_elog2(DEBUG2, "GetMembers: a locker-only multi is too old");
1270 *members = NULL;
1271 return -1;
1272 }
1273
1274 /*
1275 * We check known limits on MultiXact before resorting to the SLRU area.
1276 *
1277 * An ID older than MultiXactState->oldestMultiXactId cannot possibly be
1278 * useful; it has already been removed, or will be removed shortly, by
1279 * truncation. If one is passed, an error is raised.
1280 *
1281 * Also, an ID >= nextMXact shouldn't ever be seen here; if it is seen, it
1282 * implies undetected ID wraparound has occurred. This raises a hard
1283 * error.
1284 *
1285 * Shared lock is enough here since we aren't modifying any global state.
1286 * Acquire it just long enough to grab the current counter values. We may
1287 * need both nextMXact and nextOffset; see below.
1288 */
1289 LWLockAcquire(MultiXactGenLock, LW_SHARED);
1290
1291 oldestMXact = MultiXactState->oldestMultiXactId;
1292 nextMXact = MultiXactState->nextMXact;
1293 nextOffset = MultiXactState->nextOffset;
1294
1295 LWLockRelease(MultiXactGenLock);
1296
1297 if (MultiXactIdPrecedes(multi, oldestMXact))
1298 ereport(ERROR,
1299 (errcode(ERRCODE_INTERNAL_ERROR),
1300 errmsg("MultiXactId %u does no longer exist -- apparent wraparound",
1301 multi)));
1302
1303 if (!MultiXactIdPrecedes(multi, nextMXact))
1304 ereport(ERROR,
1305 (errcode(ERRCODE_INTERNAL_ERROR),
1306 errmsg("MultiXactId %u has not been created yet -- apparent wraparound",
1307 multi)));
1308
1309 /*
1310 * Find out the offset at which we need to start reading MultiXactMembers
1311 * and the number of members in the multixact. We determine the latter as
1312 * the difference between this multixact's starting offset and the next
1313 * one's. However, there are some corner cases to worry about:
1314 *
1315 * 1. This multixact may be the latest one created, in which case there is
1316 * no next one to look at. In this case the nextOffset value we just
1317 * saved is the correct endpoint.
1318 *
1319 * 2. The next multixact may still be in process of being filled in: that
1320 * is, another process may have done GetNewMultiXactId but not yet written
1321 * the offset entry for that ID. In that scenario, it is guaranteed that
1322 * the offset entry for that multixact exists (because GetNewMultiXactId
1323 * won't release MultiXactGenLock until it does) but contains zero
1324 * (because we are careful to pre-zero offset pages). Because
1325 * GetNewMultiXactId will never return zero as the starting offset for a
1326 * multixact, when we read zero as the next multixact's offset, we know we
1327 * have this case. We sleep for a bit and try again.
1328 *
1329 * 3. Because GetNewMultiXactId increments offset zero to offset one to
1330 * handle case #2, there is an ambiguity near the point of offset
1331 * wraparound. If we see next multixact's offset is one, is that our
1332 * multixact's actual endpoint, or did it end at zero with a subsequent
1333 * increment? We handle this using the knowledge that if the zero'th
1334 * member slot wasn't filled, it'll contain zero, and zero isn't a valid
1335 * transaction ID so it can't be a multixact member. Therefore, if we
1336 * read a zero from the members array, just ignore it.
1337 *
1338 * This is all pretty messy, but the mess occurs only in infrequent corner
1339 * cases, so it seems better than holding the MultiXactGenLock for a long
1340 * time on every multixact creation.
1341 */
1342 retry:
1343 LWLockAcquire(MultiXactOffsetSLRULock, LW_EXCLUSIVE);
1344
1345 pageno = MultiXactIdToOffsetPage(multi);
1346 entryno = MultiXactIdToOffsetEntry(multi);
1347
1348 slotno = SimpleLruReadPage(MultiXactOffsetCtl, pageno, true, multi);
1349 offptr = (MultiXactOffset *) MultiXactOffsetCtl->shared->page_buffer[slotno];
1350 offptr += entryno;
1351 offset = *offptr;
1352
1353 Assert(offset != 0);
1354
1355 /*
1356 * Use the same increment rule as GetNewMultiXactId(), that is, don't
1357 * handle wraparound explicitly until needed.
1358 */
1359 tmpMXact = multi + 1;
1360
1361 if (nextMXact == tmpMXact)
1362 {
1363 /* Corner case 1: there is no next multixact */
1364 length = nextOffset - offset;
1365 }
1366 else
1367 {
1368 MultiXactOffset nextMXOffset;
1369
1370 /* handle wraparound if needed */
1371 if (tmpMXact < FirstMultiXactId)
1372 tmpMXact = FirstMultiXactId;
1373
1374 prev_pageno = pageno;
1375
1376 pageno = MultiXactIdToOffsetPage(tmpMXact);
1377 entryno = MultiXactIdToOffsetEntry(tmpMXact);
1378
1379 if (pageno != prev_pageno)
1380 slotno = SimpleLruReadPage(MultiXactOffsetCtl, pageno, true, tmpMXact);
1381
1382 offptr = (MultiXactOffset *) MultiXactOffsetCtl->shared->page_buffer[slotno];
1383 offptr += entryno;
1384 nextMXOffset = *offptr;
1385
1386 if (nextMXOffset == 0)
1387 {
1388 /* Corner case 2: next multixact is still being filled in */
1389 LWLockRelease(MultiXactOffsetSLRULock);
1390 CHECK_FOR_INTERRUPTS();
1391 pg_usleep(1000L);
1392 goto retry;
1393 }
1394
1395 length = nextMXOffset - offset;
1396 }
1397
1398 LWLockRelease(MultiXactOffsetSLRULock);
1399
1400 ptr = (MultiXactMember *) palloc(length * sizeof(MultiXactMember));
1401
1402 /* Now get the members themselves. */
1403 LWLockAcquire(MultiXactMemberSLRULock, LW_EXCLUSIVE);
1404
1405 truelength = 0;
1406 prev_pageno = -1;
1407 for (i = 0; i < length; i++, offset++)
1408 {
1409 TransactionId *xactptr;
1410 uint32 *flagsptr;
1411 int flagsoff;
1412 int bshift;
1413 int memberoff;
1414
1415 pageno = MXOffsetToMemberPage(offset);
1416 memberoff = MXOffsetToMemberOffset(offset);
1417
1418 if (pageno != prev_pageno)
1419 {
1420 slotno = SimpleLruReadPage(MultiXactMemberCtl, pageno, true, multi);
1421 prev_pageno = pageno;
1422 }
1423
1424 xactptr = (TransactionId *)
1425 (MultiXactMemberCtl->shared->page_buffer[slotno] + memberoff);
1426
1427 if (!TransactionIdIsValid(*xactptr))
1428 {
1429 /* Corner case 3: we must be looking at unused slot zero */
1430 Assert(offset == 0);
1431 continue;
1432 }
1433
1434 flagsoff = MXOffsetToFlagsOffset(offset);
1435 bshift = MXOffsetToFlagsBitShift(offset);
1436 flagsptr = (uint32 *) (MultiXactMemberCtl->shared->page_buffer[slotno] + flagsoff);
1437
1438 ptr[truelength].xid = *xactptr;
1439 ptr[truelength].status = (*flagsptr >> bshift) & MXACT_MEMBER_XACT_BITMASK;
1440 truelength++;
1441 }
1442
1443 LWLockRelease(MultiXactMemberSLRULock);
1444
1445 /* A multixid with zero members should not happen */
1446 Assert(truelength > 0);
1447
1448 /*
1449 * Copy the result into the local cache.
1450 */
1451 mXactCachePut(multi, truelength, ptr);
1452
1453 debug_elog3(DEBUG2, "GetMembers: no cache for %s",
1454 mxid_to_string(multi, truelength, ptr));
1455 *members = ptr;
1456 return truelength;
1457 }
1458
1459 /*
1460 * mxactMemberComparator
1461 * qsort comparison function for MultiXactMember
1462 *
1463 * We can't use wraparound comparison for XIDs because that does not respect
1464 * the triangle inequality! Any old sort order will do.
1465 */
1466 static int
mxactMemberComparator(const void * arg1,const void * arg2)1467 mxactMemberComparator(const void *arg1, const void *arg2)
1468 {
1469 MultiXactMember member1 = *(const MultiXactMember *) arg1;
1470 MultiXactMember member2 = *(const MultiXactMember *) arg2;
1471
1472 if (member1.xid > member2.xid)
1473 return 1;
1474 if (member1.xid < member2.xid)
1475 return -1;
1476 if (member1.status > member2.status)
1477 return 1;
1478 if (member1.status < member2.status)
1479 return -1;
1480 return 0;
1481 }
1482
1483 /*
1484 * mXactCacheGetBySet
1485 * returns a MultiXactId from the cache based on the set of
1486 * TransactionIds that compose it, or InvalidMultiXactId if
1487 * none matches.
1488 *
1489 * This is helpful, for example, if two transactions want to lock a huge
1490 * table. By using the cache, the second will use the same MultiXactId
1491 * for the majority of tuples, thus keeping MultiXactId usage low (saving
1492 * both I/O and wraparound issues).
1493 *
1494 * NB: the passed members array will be sorted in-place.
1495 */
1496 static MultiXactId
mXactCacheGetBySet(int nmembers,MultiXactMember * members)1497 mXactCacheGetBySet(int nmembers, MultiXactMember *members)
1498 {
1499 dlist_iter iter;
1500
1501 debug_elog3(DEBUG2, "CacheGet: looking for %s",
1502 mxid_to_string(InvalidMultiXactId, nmembers, members));
1503
1504 /* sort the array so comparison is easy */
1505 qsort(members, nmembers, sizeof(MultiXactMember), mxactMemberComparator);
1506
1507 dlist_foreach(iter, &MXactCache)
1508 {
1509 mXactCacheEnt *entry = dlist_container(mXactCacheEnt, node, iter.cur);
1510
1511 if (entry->nmembers != nmembers)
1512 continue;
1513
1514 /*
1515 * We assume the cache entries are sorted, and that the unused bits in
1516 * "status" are zeroed.
1517 */
1518 if (memcmp(members, entry->members, nmembers * sizeof(MultiXactMember)) == 0)
1519 {
1520 debug_elog3(DEBUG2, "CacheGet: found %u", entry->multi);
1521 dlist_move_head(&MXactCache, iter.cur);
1522 return entry->multi;
1523 }
1524 }
1525
1526 debug_elog2(DEBUG2, "CacheGet: not found :-(");
1527 return InvalidMultiXactId;
1528 }
1529
1530 /*
1531 * mXactCacheGetById
1532 * returns the composing MultiXactMember set from the cache for a
1533 * given MultiXactId, if present.
1534 *
1535 * If successful, *xids is set to the address of a palloc'd copy of the
1536 * MultiXactMember set. Return value is number of members, or -1 on failure.
1537 */
1538 static int
mXactCacheGetById(MultiXactId multi,MultiXactMember ** members)1539 mXactCacheGetById(MultiXactId multi, MultiXactMember **members)
1540 {
1541 dlist_iter iter;
1542
1543 debug_elog3(DEBUG2, "CacheGet: looking for %u", multi);
1544
1545 dlist_foreach(iter, &MXactCache)
1546 {
1547 mXactCacheEnt *entry = dlist_container(mXactCacheEnt, node, iter.cur);
1548
1549 if (entry->multi == multi)
1550 {
1551 MultiXactMember *ptr;
1552 Size size;
1553
1554 size = sizeof(MultiXactMember) * entry->nmembers;
1555 ptr = (MultiXactMember *) palloc(size);
1556
1557 memcpy(ptr, entry->members, size);
1558
1559 debug_elog3(DEBUG2, "CacheGet: found %s",
1560 mxid_to_string(multi,
1561 entry->nmembers,
1562 entry->members));
1563
1564 /*
1565 * Note we modify the list while not using a modifiable iterator.
1566 * This is acceptable only because we exit the iteration
1567 * immediately afterwards.
1568 */
1569 dlist_move_head(&MXactCache, iter.cur);
1570
1571 *members = ptr;
1572 return entry->nmembers;
1573 }
1574 }
1575
1576 debug_elog2(DEBUG2, "CacheGet: not found");
1577 return -1;
1578 }
1579
1580 /*
1581 * mXactCachePut
1582 * Add a new MultiXactId and its composing set into the local cache.
1583 */
1584 static void
mXactCachePut(MultiXactId multi,int nmembers,MultiXactMember * members)1585 mXactCachePut(MultiXactId multi, int nmembers, MultiXactMember *members)
1586 {
1587 mXactCacheEnt *entry;
1588
1589 debug_elog3(DEBUG2, "CachePut: storing %s",
1590 mxid_to_string(multi, nmembers, members));
1591
1592 if (MXactContext == NULL)
1593 {
1594 /* The cache only lives as long as the current transaction */
1595 debug_elog2(DEBUG2, "CachePut: initializing memory context");
1596 MXactContext = AllocSetContextCreate(TopTransactionContext,
1597 "MultiXact cache context",
1598 ALLOCSET_SMALL_SIZES);
1599 }
1600
1601 entry = (mXactCacheEnt *)
1602 MemoryContextAlloc(MXactContext,
1603 offsetof(mXactCacheEnt, members) +
1604 nmembers * sizeof(MultiXactMember));
1605
1606 entry->multi = multi;
1607 entry->nmembers = nmembers;
1608 memcpy(entry->members, members, nmembers * sizeof(MultiXactMember));
1609
1610 /* mXactCacheGetBySet assumes the entries are sorted, so sort them */
1611 qsort(entry->members, nmembers, sizeof(MultiXactMember), mxactMemberComparator);
1612
1613 dlist_push_head(&MXactCache, &entry->node);
1614 if (MXactCacheMembers++ >= MAX_CACHE_ENTRIES)
1615 {
1616 dlist_node *node;
1617 mXactCacheEnt *entry;
1618
1619 node = dlist_tail_node(&MXactCache);
1620 dlist_delete(node);
1621 MXactCacheMembers--;
1622
1623 entry = dlist_container(mXactCacheEnt, node, node);
1624 debug_elog3(DEBUG2, "CachePut: pruning cached multi %u",
1625 entry->multi);
1626
1627 pfree(entry);
1628 }
1629 }
1630
1631 static char *
mxstatus_to_string(MultiXactStatus status)1632 mxstatus_to_string(MultiXactStatus status)
1633 {
1634 switch (status)
1635 {
1636 case MultiXactStatusForKeyShare:
1637 return "keysh";
1638 case MultiXactStatusForShare:
1639 return "sh";
1640 case MultiXactStatusForNoKeyUpdate:
1641 return "fornokeyupd";
1642 case MultiXactStatusForUpdate:
1643 return "forupd";
1644 case MultiXactStatusNoKeyUpdate:
1645 return "nokeyupd";
1646 case MultiXactStatusUpdate:
1647 return "upd";
1648 default:
1649 elog(ERROR, "unrecognized multixact status %d", status);
1650 return "";
1651 }
1652 }
1653
1654 char *
mxid_to_string(MultiXactId multi,int nmembers,MultiXactMember * members)1655 mxid_to_string(MultiXactId multi, int nmembers, MultiXactMember *members)
1656 {
1657 static char *str = NULL;
1658 StringInfoData buf;
1659 int i;
1660
1661 if (str != NULL)
1662 pfree(str);
1663
1664 initStringInfo(&buf);
1665
1666 appendStringInfo(&buf, "%u %d[%u (%s)", multi, nmembers, members[0].xid,
1667 mxstatus_to_string(members[0].status));
1668
1669 for (i = 1; i < nmembers; i++)
1670 appendStringInfo(&buf, ", %u (%s)", members[i].xid,
1671 mxstatus_to_string(members[i].status));
1672
1673 appendStringInfoChar(&buf, ']');
1674 str = MemoryContextStrdup(TopMemoryContext, buf.data);
1675 pfree(buf.data);
1676 return str;
1677 }
1678
1679 /*
1680 * AtEOXact_MultiXact
1681 * Handle transaction end for MultiXact
1682 *
1683 * This is called at top transaction commit or abort (we don't care which).
1684 */
1685 void
AtEOXact_MultiXact(void)1686 AtEOXact_MultiXact(void)
1687 {
1688 /*
1689 * Reset our OldestMemberMXactId and OldestVisibleMXactId values, both of
1690 * which should only be valid while within a transaction.
1691 *
1692 * We assume that storing a MultiXactId is atomic and so we need not take
1693 * MultiXactGenLock to do this.
1694 */
1695 OldestMemberMXactId[MyBackendId] = InvalidMultiXactId;
1696 OldestVisibleMXactId[MyBackendId] = InvalidMultiXactId;
1697
1698 /*
1699 * Discard the local MultiXactId cache. Since MXactContext was created as
1700 * a child of TopTransactionContext, we needn't delete it explicitly.
1701 */
1702 MXactContext = NULL;
1703 dlist_init(&MXactCache);
1704 MXactCacheMembers = 0;
1705 }
1706
1707 /*
1708 * AtPrepare_MultiXact
1709 * Save multixact state at 2PC transaction prepare
1710 *
1711 * In this phase, we only store our OldestMemberMXactId value in the two-phase
1712 * state file.
1713 */
1714 void
AtPrepare_MultiXact(void)1715 AtPrepare_MultiXact(void)
1716 {
1717 MultiXactId myOldestMember = OldestMemberMXactId[MyBackendId];
1718
1719 if (MultiXactIdIsValid(myOldestMember))
1720 RegisterTwoPhaseRecord(TWOPHASE_RM_MULTIXACT_ID, 0,
1721 &myOldestMember, sizeof(MultiXactId));
1722 }
1723
1724 /*
1725 * PostPrepare_MultiXact
1726 * Clean up after successful PREPARE TRANSACTION
1727 */
1728 void
PostPrepare_MultiXact(TransactionId xid)1729 PostPrepare_MultiXact(TransactionId xid)
1730 {
1731 MultiXactId myOldestMember;
1732
1733 /*
1734 * Transfer our OldestMemberMXactId value to the slot reserved for the
1735 * prepared transaction.
1736 */
1737 myOldestMember = OldestMemberMXactId[MyBackendId];
1738 if (MultiXactIdIsValid(myOldestMember))
1739 {
1740 BackendId dummyBackendId = TwoPhaseGetDummyBackendId(xid, false);
1741
1742 /*
1743 * Even though storing MultiXactId is atomic, acquire lock to make
1744 * sure others see both changes, not just the reset of the slot of the
1745 * current backend. Using a volatile pointer might suffice, but this
1746 * isn't a hot spot.
1747 */
1748 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
1749
1750 OldestMemberMXactId[dummyBackendId] = myOldestMember;
1751 OldestMemberMXactId[MyBackendId] = InvalidMultiXactId;
1752
1753 LWLockRelease(MultiXactGenLock);
1754 }
1755
1756 /*
1757 * We don't need to transfer OldestVisibleMXactId value, because the
1758 * transaction is not going to be looking at any more multixacts once it's
1759 * prepared.
1760 *
1761 * We assume that storing a MultiXactId is atomic and so we need not take
1762 * MultiXactGenLock to do this.
1763 */
1764 OldestVisibleMXactId[MyBackendId] = InvalidMultiXactId;
1765
1766 /*
1767 * Discard the local MultiXactId cache like in AtEOXact_MultiXact.
1768 */
1769 MXactContext = NULL;
1770 dlist_init(&MXactCache);
1771 MXactCacheMembers = 0;
1772 }
1773
1774 /*
1775 * multixact_twophase_recover
1776 * Recover the state of a prepared transaction at startup
1777 */
1778 void
multixact_twophase_recover(TransactionId xid,uint16 info,void * recdata,uint32 len)1779 multixact_twophase_recover(TransactionId xid, uint16 info,
1780 void *recdata, uint32 len)
1781 {
1782 BackendId dummyBackendId = TwoPhaseGetDummyBackendId(xid, false);
1783 MultiXactId oldestMember;
1784
1785 /*
1786 * Get the oldest member XID from the state file record, and set it in the
1787 * OldestMemberMXactId slot reserved for this prepared transaction.
1788 */
1789 Assert(len == sizeof(MultiXactId));
1790 oldestMember = *((MultiXactId *) recdata);
1791
1792 OldestMemberMXactId[dummyBackendId] = oldestMember;
1793 }
1794
1795 /*
1796 * multixact_twophase_postcommit
1797 * Similar to AtEOXact_MultiXact but for COMMIT PREPARED
1798 */
1799 void
multixact_twophase_postcommit(TransactionId xid,uint16 info,void * recdata,uint32 len)1800 multixact_twophase_postcommit(TransactionId xid, uint16 info,
1801 void *recdata, uint32 len)
1802 {
1803 BackendId dummyBackendId = TwoPhaseGetDummyBackendId(xid, true);
1804
1805 Assert(len == sizeof(MultiXactId));
1806
1807 OldestMemberMXactId[dummyBackendId] = InvalidMultiXactId;
1808 }
1809
1810 /*
1811 * multixact_twophase_postabort
1812 * This is actually just the same as the COMMIT case.
1813 */
1814 void
multixact_twophase_postabort(TransactionId xid,uint16 info,void * recdata,uint32 len)1815 multixact_twophase_postabort(TransactionId xid, uint16 info,
1816 void *recdata, uint32 len)
1817 {
1818 multixact_twophase_postcommit(xid, info, recdata, len);
1819 }
1820
1821 /*
1822 * Initialization of shared memory for MultiXact. We use two SLRU areas,
1823 * thus double memory. Also, reserve space for the shared MultiXactState
1824 * struct and the per-backend MultiXactId arrays (two of those, too).
1825 */
1826 Size
MultiXactShmemSize(void)1827 MultiXactShmemSize(void)
1828 {
1829 Size size;
1830
1831 /* We need 2*MaxOldestSlot + 1 perBackendXactIds[] entries */
1832 #define SHARED_MULTIXACT_STATE_SIZE \
1833 add_size(offsetof(MultiXactStateData, perBackendXactIds) + sizeof(MultiXactId), \
1834 mul_size(sizeof(MultiXactId) * 2, MaxOldestSlot))
1835
1836 size = SHARED_MULTIXACT_STATE_SIZE;
1837 size = add_size(size, SimpleLruShmemSize(NUM_MULTIXACTOFFSET_BUFFERS, 0));
1838 size = add_size(size, SimpleLruShmemSize(NUM_MULTIXACTMEMBER_BUFFERS, 0));
1839
1840 return size;
1841 }
1842
1843 void
MultiXactShmemInit(void)1844 MultiXactShmemInit(void)
1845 {
1846 bool found;
1847
1848 debug_elog2(DEBUG2, "Shared Memory Init for MultiXact");
1849
1850 MultiXactOffsetCtl->PagePrecedes = MultiXactOffsetPagePrecedes;
1851 MultiXactMemberCtl->PagePrecedes = MultiXactMemberPagePrecedes;
1852
1853 SimpleLruInit(MultiXactOffsetCtl,
1854 "MultiXactOffset", NUM_MULTIXACTOFFSET_BUFFERS, 0,
1855 MultiXactOffsetSLRULock, "pg_multixact/offsets",
1856 LWTRANCHE_MULTIXACTOFFSET_BUFFER,
1857 SYNC_HANDLER_MULTIXACT_OFFSET);
1858 SlruPagePrecedesUnitTests(MultiXactOffsetCtl, MULTIXACT_OFFSETS_PER_PAGE);
1859 SimpleLruInit(MultiXactMemberCtl,
1860 "MultiXactMember", NUM_MULTIXACTMEMBER_BUFFERS, 0,
1861 MultiXactMemberSLRULock, "pg_multixact/members",
1862 LWTRANCHE_MULTIXACTMEMBER_BUFFER,
1863 SYNC_HANDLER_MULTIXACT_MEMBER);
1864 /* doesn't call SimpleLruTruncate() or meet criteria for unit tests */
1865
1866 /* Initialize our shared state struct */
1867 MultiXactState = ShmemInitStruct("Shared MultiXact State",
1868 SHARED_MULTIXACT_STATE_SIZE,
1869 &found);
1870 if (!IsUnderPostmaster)
1871 {
1872 Assert(!found);
1873
1874 /* Make sure we zero out the per-backend state */
1875 MemSet(MultiXactState, 0, SHARED_MULTIXACT_STATE_SIZE);
1876 }
1877 else
1878 Assert(found);
1879
1880 /*
1881 * Set up array pointers. Note that perBackendXactIds[0] is wasted space
1882 * since we only use indexes 1..MaxOldestSlot in each array.
1883 */
1884 OldestMemberMXactId = MultiXactState->perBackendXactIds;
1885 OldestVisibleMXactId = OldestMemberMXactId + MaxOldestSlot;
1886 }
1887
1888 /*
1889 * This func must be called ONCE on system install. It creates the initial
1890 * MultiXact segments. (The MultiXacts directories are assumed to have been
1891 * created by initdb, and MultiXactShmemInit must have been called already.)
1892 */
1893 void
BootStrapMultiXact(void)1894 BootStrapMultiXact(void)
1895 {
1896 int slotno;
1897
1898 LWLockAcquire(MultiXactOffsetSLRULock, LW_EXCLUSIVE);
1899
1900 /* Create and zero the first page of the offsets log */
1901 slotno = ZeroMultiXactOffsetPage(0, false);
1902
1903 /* Make sure it's written out */
1904 SimpleLruWritePage(MultiXactOffsetCtl, slotno);
1905 Assert(!MultiXactOffsetCtl->shared->page_dirty[slotno]);
1906
1907 LWLockRelease(MultiXactOffsetSLRULock);
1908
1909 LWLockAcquire(MultiXactMemberSLRULock, LW_EXCLUSIVE);
1910
1911 /* Create and zero the first page of the members log */
1912 slotno = ZeroMultiXactMemberPage(0, false);
1913
1914 /* Make sure it's written out */
1915 SimpleLruWritePage(MultiXactMemberCtl, slotno);
1916 Assert(!MultiXactMemberCtl->shared->page_dirty[slotno]);
1917
1918 LWLockRelease(MultiXactMemberSLRULock);
1919 }
1920
1921 /*
1922 * Initialize (or reinitialize) a page of MultiXactOffset to zeroes.
1923 * If writeXlog is true, also emit an XLOG record saying we did this.
1924 *
1925 * The page is not actually written, just set up in shared memory.
1926 * The slot number of the new page is returned.
1927 *
1928 * Control lock must be held at entry, and will be held at exit.
1929 */
1930 static int
ZeroMultiXactOffsetPage(int pageno,bool writeXlog)1931 ZeroMultiXactOffsetPage(int pageno, bool writeXlog)
1932 {
1933 int slotno;
1934
1935 slotno = SimpleLruZeroPage(MultiXactOffsetCtl, pageno);
1936
1937 if (writeXlog)
1938 WriteMZeroPageXlogRec(pageno, XLOG_MULTIXACT_ZERO_OFF_PAGE);
1939
1940 return slotno;
1941 }
1942
1943 /*
1944 * Ditto, for MultiXactMember
1945 */
1946 static int
ZeroMultiXactMemberPage(int pageno,bool writeXlog)1947 ZeroMultiXactMemberPage(int pageno, bool writeXlog)
1948 {
1949 int slotno;
1950
1951 slotno = SimpleLruZeroPage(MultiXactMemberCtl, pageno);
1952
1953 if (writeXlog)
1954 WriteMZeroPageXlogRec(pageno, XLOG_MULTIXACT_ZERO_MEM_PAGE);
1955
1956 return slotno;
1957 }
1958
1959 /*
1960 * MaybeExtendOffsetSlru
1961 * Extend the offsets SLRU area, if necessary
1962 *
1963 * After a binary upgrade from <= 9.2, the pg_multixact/offsets SLRU area might
1964 * contain files that are shorter than necessary; this would occur if the old
1965 * installation had used multixacts beyond the first page (files cannot be
1966 * copied, because the on-disk representation is different). pg_upgrade would
1967 * update pg_control to set the next offset value to be at that position, so
1968 * that tuples marked as locked by such MultiXacts would be seen as visible
1969 * without having to consult multixact. However, trying to create and use a
1970 * new MultiXactId would result in an error because the page on which the new
1971 * value would reside does not exist. This routine is in charge of creating
1972 * such pages.
1973 */
1974 static void
MaybeExtendOffsetSlru(void)1975 MaybeExtendOffsetSlru(void)
1976 {
1977 int pageno;
1978
1979 pageno = MultiXactIdToOffsetPage(MultiXactState->nextMXact);
1980
1981 LWLockAcquire(MultiXactOffsetSLRULock, LW_EXCLUSIVE);
1982
1983 if (!SimpleLruDoesPhysicalPageExist(MultiXactOffsetCtl, pageno))
1984 {
1985 int slotno;
1986
1987 /*
1988 * Fortunately for us, SimpleLruWritePage is already prepared to deal
1989 * with creating a new segment file even if the page we're writing is
1990 * not the first in it, so this is enough.
1991 */
1992 slotno = ZeroMultiXactOffsetPage(pageno, false);
1993 SimpleLruWritePage(MultiXactOffsetCtl, slotno);
1994 }
1995
1996 LWLockRelease(MultiXactOffsetSLRULock);
1997 }
1998
1999 /*
2000 * This must be called ONCE during postmaster or standalone-backend startup.
2001 *
2002 * StartupXLOG has already established nextMXact/nextOffset by calling
2003 * MultiXactSetNextMXact and/or MultiXactAdvanceNextMXact, and the oldestMulti
2004 * info from pg_control and/or MultiXactAdvanceOldest, but we haven't yet
2005 * replayed WAL.
2006 */
2007 void
StartupMultiXact(void)2008 StartupMultiXact(void)
2009 {
2010 MultiXactId multi = MultiXactState->nextMXact;
2011 MultiXactOffset offset = MultiXactState->nextOffset;
2012 int pageno;
2013
2014 /*
2015 * Initialize offset's idea of the latest page number.
2016 */
2017 pageno = MultiXactIdToOffsetPage(multi);
2018 MultiXactOffsetCtl->shared->latest_page_number = pageno;
2019
2020 /*
2021 * Initialize member's idea of the latest page number.
2022 */
2023 pageno = MXOffsetToMemberPage(offset);
2024 MultiXactMemberCtl->shared->latest_page_number = pageno;
2025 }
2026
2027 /*
2028 * This must be called ONCE at the end of startup/recovery.
2029 */
2030 void
TrimMultiXact(void)2031 TrimMultiXact(void)
2032 {
2033 MultiXactId nextMXact;
2034 MultiXactOffset offset;
2035 MultiXactId oldestMXact;
2036 Oid oldestMXactDB;
2037 int pageno;
2038 int entryno;
2039 int flagsoff;
2040
2041 LWLockAcquire(MultiXactGenLock, LW_SHARED);
2042 nextMXact = MultiXactState->nextMXact;
2043 offset = MultiXactState->nextOffset;
2044 oldestMXact = MultiXactState->oldestMultiXactId;
2045 oldestMXactDB = MultiXactState->oldestMultiXactDB;
2046 LWLockRelease(MultiXactGenLock);
2047
2048 /* Clean up offsets state */
2049 LWLockAcquire(MultiXactOffsetSLRULock, LW_EXCLUSIVE);
2050
2051 /*
2052 * (Re-)Initialize our idea of the latest page number for offsets.
2053 */
2054 pageno = MultiXactIdToOffsetPage(nextMXact);
2055 MultiXactOffsetCtl->shared->latest_page_number = pageno;
2056
2057 /*
2058 * Zero out the remainder of the current offsets page. See notes in
2059 * TrimCLOG() for background. Unlike CLOG, some WAL record covers every
2060 * pg_multixact SLRU mutation. Since, also unlike CLOG, we ignore the WAL
2061 * rule "write xlog before data," nextMXact successors may carry obsolete,
2062 * nonzero offset values. Zero those so case 2 of GetMultiXactIdMembers()
2063 * operates normally.
2064 */
2065 entryno = MultiXactIdToOffsetEntry(nextMXact);
2066 if (entryno != 0)
2067 {
2068 int slotno;
2069 MultiXactOffset *offptr;
2070
2071 slotno = SimpleLruReadPage(MultiXactOffsetCtl, pageno, true, nextMXact);
2072 offptr = (MultiXactOffset *) MultiXactOffsetCtl->shared->page_buffer[slotno];
2073 offptr += entryno;
2074
2075 MemSet(offptr, 0, BLCKSZ - (entryno * sizeof(MultiXactOffset)));
2076
2077 MultiXactOffsetCtl->shared->page_dirty[slotno] = true;
2078 }
2079
2080 LWLockRelease(MultiXactOffsetSLRULock);
2081
2082 /* And the same for members */
2083 LWLockAcquire(MultiXactMemberSLRULock, LW_EXCLUSIVE);
2084
2085 /*
2086 * (Re-)Initialize our idea of the latest page number for members.
2087 */
2088 pageno = MXOffsetToMemberPage(offset);
2089 MultiXactMemberCtl->shared->latest_page_number = pageno;
2090
2091 /*
2092 * Zero out the remainder of the current members page. See notes in
2093 * TrimCLOG() for motivation.
2094 */
2095 flagsoff = MXOffsetToFlagsOffset(offset);
2096 if (flagsoff != 0)
2097 {
2098 int slotno;
2099 TransactionId *xidptr;
2100 int memberoff;
2101
2102 memberoff = MXOffsetToMemberOffset(offset);
2103 slotno = SimpleLruReadPage(MultiXactMemberCtl, pageno, true, offset);
2104 xidptr = (TransactionId *)
2105 (MultiXactMemberCtl->shared->page_buffer[slotno] + memberoff);
2106
2107 MemSet(xidptr, 0, BLCKSZ - memberoff);
2108
2109 /*
2110 * Note: we don't need to zero out the flag bits in the remaining
2111 * members of the current group, because they are always reset before
2112 * writing.
2113 */
2114
2115 MultiXactMemberCtl->shared->page_dirty[slotno] = true;
2116 }
2117
2118 LWLockRelease(MultiXactMemberSLRULock);
2119
2120 /* signal that we're officially up */
2121 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
2122 MultiXactState->finishedStartup = true;
2123 LWLockRelease(MultiXactGenLock);
2124
2125 /* Now compute how far away the next members wraparound is. */
2126 SetMultiXactIdLimit(oldestMXact, oldestMXactDB, true);
2127 }
2128
2129 /*
2130 * Get the MultiXact data to save in a checkpoint record
2131 */
2132 void
MultiXactGetCheckptMulti(bool is_shutdown,MultiXactId * nextMulti,MultiXactOffset * nextMultiOffset,MultiXactId * oldestMulti,Oid * oldestMultiDB)2133 MultiXactGetCheckptMulti(bool is_shutdown,
2134 MultiXactId *nextMulti,
2135 MultiXactOffset *nextMultiOffset,
2136 MultiXactId *oldestMulti,
2137 Oid *oldestMultiDB)
2138 {
2139 LWLockAcquire(MultiXactGenLock, LW_SHARED);
2140 *nextMulti = MultiXactState->nextMXact;
2141 *nextMultiOffset = MultiXactState->nextOffset;
2142 *oldestMulti = MultiXactState->oldestMultiXactId;
2143 *oldestMultiDB = MultiXactState->oldestMultiXactDB;
2144 LWLockRelease(MultiXactGenLock);
2145
2146 debug_elog6(DEBUG2,
2147 "MultiXact: checkpoint is nextMulti %u, nextOffset %u, oldestMulti %u in DB %u",
2148 *nextMulti, *nextMultiOffset, *oldestMulti, *oldestMultiDB);
2149 }
2150
2151 /*
2152 * Perform a checkpoint --- either during shutdown, or on-the-fly
2153 */
2154 void
CheckPointMultiXact(void)2155 CheckPointMultiXact(void)
2156 {
2157 TRACE_POSTGRESQL_MULTIXACT_CHECKPOINT_START(true);
2158
2159 /*
2160 * Write dirty MultiXact pages to disk. This may result in sync requests
2161 * queued for later handling by ProcessSyncRequests(), as part of the
2162 * checkpoint.
2163 */
2164 SimpleLruWriteAll(MultiXactOffsetCtl, true);
2165 SimpleLruWriteAll(MultiXactMemberCtl, true);
2166
2167 TRACE_POSTGRESQL_MULTIXACT_CHECKPOINT_DONE(true);
2168 }
2169
2170 /*
2171 * Set the next-to-be-assigned MultiXactId and offset
2172 *
2173 * This is used when we can determine the correct next ID/offset exactly
2174 * from a checkpoint record. Although this is only called during bootstrap
2175 * and XLog replay, we take the lock in case any hot-standby backends are
2176 * examining the values.
2177 */
2178 void
MultiXactSetNextMXact(MultiXactId nextMulti,MultiXactOffset nextMultiOffset)2179 MultiXactSetNextMXact(MultiXactId nextMulti,
2180 MultiXactOffset nextMultiOffset)
2181 {
2182 debug_elog4(DEBUG2, "MultiXact: setting next multi to %u offset %u",
2183 nextMulti, nextMultiOffset);
2184 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
2185 MultiXactState->nextMXact = nextMulti;
2186 MultiXactState->nextOffset = nextMultiOffset;
2187 LWLockRelease(MultiXactGenLock);
2188
2189 /*
2190 * During a binary upgrade, make sure that the offsets SLRU is large
2191 * enough to contain the next value that would be created.
2192 *
2193 * We need to do this pretty early during the first startup in binary
2194 * upgrade mode: before StartupMultiXact() in fact, because this routine
2195 * is called even before that by StartupXLOG(). And we can't do it
2196 * earlier than at this point, because during that first call of this
2197 * routine we determine the MultiXactState->nextMXact value that
2198 * MaybeExtendOffsetSlru needs.
2199 */
2200 if (IsBinaryUpgrade)
2201 MaybeExtendOffsetSlru();
2202 }
2203
2204 /*
2205 * Determine the last safe MultiXactId to allocate given the currently oldest
2206 * datminmxid (ie, the oldest MultiXactId that might exist in any database
2207 * of our cluster), and the OID of the (or a) database with that value.
2208 *
2209 * is_startup is true when we are just starting the cluster, false when we
2210 * are updating state in a running cluster. This only affects log messages.
2211 */
2212 void
SetMultiXactIdLimit(MultiXactId oldest_datminmxid,Oid oldest_datoid,bool is_startup)2213 SetMultiXactIdLimit(MultiXactId oldest_datminmxid, Oid oldest_datoid,
2214 bool is_startup)
2215 {
2216 MultiXactId multiVacLimit;
2217 MultiXactId multiWarnLimit;
2218 MultiXactId multiStopLimit;
2219 MultiXactId multiWrapLimit;
2220 MultiXactId curMulti;
2221 bool needs_offset_vacuum;
2222
2223 Assert(MultiXactIdIsValid(oldest_datminmxid));
2224
2225 /*
2226 * We pretend that a wrap will happen halfway through the multixact ID
2227 * space, but that's not really true, because multixacts wrap differently
2228 * from transaction IDs. Note that, separately from any concern about
2229 * multixact IDs wrapping, we must ensure that multixact members do not
2230 * wrap. Limits for that are set in SetOffsetVacuumLimit, not here.
2231 */
2232 multiWrapLimit = oldest_datminmxid + (MaxMultiXactId >> 1);
2233 if (multiWrapLimit < FirstMultiXactId)
2234 multiWrapLimit += FirstMultiXactId;
2235
2236 /*
2237 * We'll refuse to continue assigning MultiXactIds once we get within 3M
2238 * multi of data loss. See SetTransactionIdLimit.
2239 */
2240 multiStopLimit = multiWrapLimit - 3000000;
2241 if (multiStopLimit < FirstMultiXactId)
2242 multiStopLimit -= FirstMultiXactId;
2243
2244 /*
2245 * We'll start complaining loudly when we get within 40M multis of data
2246 * loss. This is kind of arbitrary, but if you let your gas gauge get
2247 * down to 2% of full, would you be looking for the next gas station? We
2248 * need to be fairly liberal about this number because there are lots of
2249 * scenarios where most transactions are done by automatic clients that
2250 * won't pay attention to warnings. (No, we're not gonna make this
2251 * configurable. If you know enough to configure it, you know enough to
2252 * not get in this kind of trouble in the first place.)
2253 */
2254 multiWarnLimit = multiWrapLimit - 40000000;
2255 if (multiWarnLimit < FirstMultiXactId)
2256 multiWarnLimit -= FirstMultiXactId;
2257
2258 /*
2259 * We'll start trying to force autovacuums when oldest_datminmxid gets to
2260 * be more than autovacuum_multixact_freeze_max_age mxids old.
2261 *
2262 * Note: autovacuum_multixact_freeze_max_age is a PGC_POSTMASTER parameter
2263 * so that we don't have to worry about dealing with on-the-fly changes in
2264 * its value. See SetTransactionIdLimit.
2265 */
2266 multiVacLimit = oldest_datminmxid + autovacuum_multixact_freeze_max_age;
2267 if (multiVacLimit < FirstMultiXactId)
2268 multiVacLimit += FirstMultiXactId;
2269
2270 /* Grab lock for just long enough to set the new limit values */
2271 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
2272 MultiXactState->oldestMultiXactId = oldest_datminmxid;
2273 MultiXactState->oldestMultiXactDB = oldest_datoid;
2274 MultiXactState->multiVacLimit = multiVacLimit;
2275 MultiXactState->multiWarnLimit = multiWarnLimit;
2276 MultiXactState->multiStopLimit = multiStopLimit;
2277 MultiXactState->multiWrapLimit = multiWrapLimit;
2278 curMulti = MultiXactState->nextMXact;
2279 LWLockRelease(MultiXactGenLock);
2280
2281 /* Log the info */
2282 ereport(DEBUG1,
2283 (errmsg_internal("MultiXactId wrap limit is %u, limited by database with OID %u",
2284 multiWrapLimit, oldest_datoid)));
2285
2286 /*
2287 * Computing the actual limits is only possible once the data directory is
2288 * in a consistent state. There's no need to compute the limits while
2289 * still replaying WAL - no decisions about new multis are made even
2290 * though multixact creations might be replayed. So we'll only do further
2291 * checks after TrimMultiXact() has been called.
2292 */
2293 if (!MultiXactState->finishedStartup)
2294 return;
2295
2296 Assert(!InRecovery);
2297
2298 /* Set limits for offset vacuum. */
2299 needs_offset_vacuum = SetOffsetVacuumLimit(is_startup);
2300
2301 /*
2302 * If past the autovacuum force point, immediately signal an autovac
2303 * request. The reason for this is that autovac only processes one
2304 * database per invocation. Once it's finished cleaning up the oldest
2305 * database, it'll call here, and we'll signal the postmaster to start
2306 * another iteration immediately if there are still any old databases.
2307 */
2308 if ((MultiXactIdPrecedes(multiVacLimit, curMulti) ||
2309 needs_offset_vacuum) && IsUnderPostmaster)
2310 SendPostmasterSignal(PMSIGNAL_START_AUTOVAC_LAUNCHER);
2311
2312 /* Give an immediate warning if past the wrap warn point */
2313 if (MultiXactIdPrecedes(multiWarnLimit, curMulti))
2314 {
2315 char *oldest_datname;
2316
2317 /*
2318 * We can be called when not inside a transaction, for example during
2319 * StartupXLOG(). In such a case we cannot do database access, so we
2320 * must just report the oldest DB's OID.
2321 *
2322 * Note: it's also possible that get_database_name fails and returns
2323 * NULL, for example because the database just got dropped. We'll
2324 * still warn, even though the warning might now be unnecessary.
2325 */
2326 if (IsTransactionState())
2327 oldest_datname = get_database_name(oldest_datoid);
2328 else
2329 oldest_datname = NULL;
2330
2331 if (oldest_datname)
2332 ereport(WARNING,
2333 (errmsg_plural("database \"%s\" must be vacuumed before %u more MultiXactId is used",
2334 "database \"%s\" must be vacuumed before %u more MultiXactIds are used",
2335 multiWrapLimit - curMulti,
2336 oldest_datname,
2337 multiWrapLimit - curMulti),
2338 errhint("To avoid a database shutdown, execute a database-wide VACUUM in that database.\n"
2339 "You might also need to commit or roll back old prepared transactions, or drop stale replication slots.")));
2340 else
2341 ereport(WARNING,
2342 (errmsg_plural("database with OID %u must be vacuumed before %u more MultiXactId is used",
2343 "database with OID %u must be vacuumed before %u more MultiXactIds are used",
2344 multiWrapLimit - curMulti,
2345 oldest_datoid,
2346 multiWrapLimit - curMulti),
2347 errhint("To avoid a database shutdown, execute a database-wide VACUUM in that database.\n"
2348 "You might also need to commit or roll back old prepared transactions, or drop stale replication slots.")));
2349 }
2350 }
2351
2352 /*
2353 * Ensure the next-to-be-assigned MultiXactId is at least minMulti,
2354 * and similarly nextOffset is at least minMultiOffset.
2355 *
2356 * This is used when we can determine minimum safe values from an XLog
2357 * record (either an on-line checkpoint or an mxact creation log entry).
2358 * Although this is only called during XLog replay, we take the lock in case
2359 * any hot-standby backends are examining the values.
2360 */
2361 void
MultiXactAdvanceNextMXact(MultiXactId minMulti,MultiXactOffset minMultiOffset)2362 MultiXactAdvanceNextMXact(MultiXactId minMulti,
2363 MultiXactOffset minMultiOffset)
2364 {
2365 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
2366 if (MultiXactIdPrecedes(MultiXactState->nextMXact, minMulti))
2367 {
2368 debug_elog3(DEBUG2, "MultiXact: setting next multi to %u", minMulti);
2369 MultiXactState->nextMXact = minMulti;
2370 }
2371 if (MultiXactOffsetPrecedes(MultiXactState->nextOffset, minMultiOffset))
2372 {
2373 debug_elog3(DEBUG2, "MultiXact: setting next offset to %u",
2374 minMultiOffset);
2375 MultiXactState->nextOffset = minMultiOffset;
2376 }
2377 LWLockRelease(MultiXactGenLock);
2378 }
2379
2380 /*
2381 * Update our oldestMultiXactId value, but only if it's more recent than what
2382 * we had.
2383 *
2384 * This may only be called during WAL replay.
2385 */
2386 void
MultiXactAdvanceOldest(MultiXactId oldestMulti,Oid oldestMultiDB)2387 MultiXactAdvanceOldest(MultiXactId oldestMulti, Oid oldestMultiDB)
2388 {
2389 Assert(InRecovery);
2390
2391 if (MultiXactIdPrecedes(MultiXactState->oldestMultiXactId, oldestMulti))
2392 SetMultiXactIdLimit(oldestMulti, oldestMultiDB, false);
2393 }
2394
2395 /*
2396 * Make sure that MultiXactOffset has room for a newly-allocated MultiXactId.
2397 *
2398 * NB: this is called while holding MultiXactGenLock. We want it to be very
2399 * fast most of the time; even when it's not so fast, no actual I/O need
2400 * happen unless we're forced to write out a dirty log or xlog page to make
2401 * room in shared memory.
2402 */
2403 static void
ExtendMultiXactOffset(MultiXactId multi)2404 ExtendMultiXactOffset(MultiXactId multi)
2405 {
2406 int pageno;
2407
2408 /*
2409 * No work except at first MultiXactId of a page. But beware: just after
2410 * wraparound, the first MultiXactId of page zero is FirstMultiXactId.
2411 */
2412 if (MultiXactIdToOffsetEntry(multi) != 0 &&
2413 multi != FirstMultiXactId)
2414 return;
2415
2416 pageno = MultiXactIdToOffsetPage(multi);
2417
2418 LWLockAcquire(MultiXactOffsetSLRULock, LW_EXCLUSIVE);
2419
2420 /* Zero the page and make an XLOG entry about it */
2421 ZeroMultiXactOffsetPage(pageno, true);
2422
2423 LWLockRelease(MultiXactOffsetSLRULock);
2424 }
2425
2426 /*
2427 * Make sure that MultiXactMember has room for the members of a newly-
2428 * allocated MultiXactId.
2429 *
2430 * Like the above routine, this is called while holding MultiXactGenLock;
2431 * same comments apply.
2432 */
2433 static void
ExtendMultiXactMember(MultiXactOffset offset,int nmembers)2434 ExtendMultiXactMember(MultiXactOffset offset, int nmembers)
2435 {
2436 /*
2437 * It's possible that the members span more than one page of the members
2438 * file, so we loop to ensure we consider each page. The coding is not
2439 * optimal if the members span several pages, but that seems unusual
2440 * enough to not worry much about.
2441 */
2442 while (nmembers > 0)
2443 {
2444 int flagsoff;
2445 int flagsbit;
2446 uint32 difference;
2447
2448 /*
2449 * Only zero when at first entry of a page.
2450 */
2451 flagsoff = MXOffsetToFlagsOffset(offset);
2452 flagsbit = MXOffsetToFlagsBitShift(offset);
2453 if (flagsoff == 0 && flagsbit == 0)
2454 {
2455 int pageno;
2456
2457 pageno = MXOffsetToMemberPage(offset);
2458
2459 LWLockAcquire(MultiXactMemberSLRULock, LW_EXCLUSIVE);
2460
2461 /* Zero the page and make an XLOG entry about it */
2462 ZeroMultiXactMemberPage(pageno, true);
2463
2464 LWLockRelease(MultiXactMemberSLRULock);
2465 }
2466
2467 /*
2468 * Compute the number of items till end of current page. Careful: if
2469 * addition of unsigned ints wraps around, we're at the last page of
2470 * the last segment; since that page holds a different number of items
2471 * than other pages, we need to do it differently.
2472 */
2473 if (offset + MAX_MEMBERS_IN_LAST_MEMBERS_PAGE < offset)
2474 {
2475 /*
2476 * This is the last page of the last segment; we can compute the
2477 * number of items left to allocate in it without modulo
2478 * arithmetic.
2479 */
2480 difference = MaxMultiXactOffset - offset + 1;
2481 }
2482 else
2483 difference = MULTIXACT_MEMBERS_PER_PAGE - offset % MULTIXACT_MEMBERS_PER_PAGE;
2484
2485 /*
2486 * Advance to next page, taking care to properly handle the wraparound
2487 * case. OK if nmembers goes negative.
2488 */
2489 nmembers -= difference;
2490 offset += difference;
2491 }
2492 }
2493
2494 /*
2495 * GetOldestMultiXactId
2496 *
2497 * Return the oldest MultiXactId that's still possibly still seen as live by
2498 * any running transaction. Older ones might still exist on disk, but they no
2499 * longer have any running member transaction.
2500 *
2501 * It's not safe to truncate MultiXact SLRU segments on the value returned by
2502 * this function; however, it can be used by a full-table vacuum to set the
2503 * point at which it will be possible to truncate SLRU for that table.
2504 */
2505 MultiXactId
GetOldestMultiXactId(void)2506 GetOldestMultiXactId(void)
2507 {
2508 MultiXactId oldestMXact;
2509 MultiXactId nextMXact;
2510 int i;
2511
2512 /*
2513 * This is the oldest valid value among all the OldestMemberMXactId[] and
2514 * OldestVisibleMXactId[] entries, or nextMXact if none are valid.
2515 */
2516 LWLockAcquire(MultiXactGenLock, LW_SHARED);
2517
2518 /*
2519 * We have to beware of the possibility that nextMXact is in the
2520 * wrapped-around state. We don't fix the counter itself here, but we
2521 * must be sure to use a valid value in our calculation.
2522 */
2523 nextMXact = MultiXactState->nextMXact;
2524 if (nextMXact < FirstMultiXactId)
2525 nextMXact = FirstMultiXactId;
2526
2527 oldestMXact = nextMXact;
2528 for (i = 1; i <= MaxOldestSlot; i++)
2529 {
2530 MultiXactId thisoldest;
2531
2532 thisoldest = OldestMemberMXactId[i];
2533 if (MultiXactIdIsValid(thisoldest) &&
2534 MultiXactIdPrecedes(thisoldest, oldestMXact))
2535 oldestMXact = thisoldest;
2536 thisoldest = OldestVisibleMXactId[i];
2537 if (MultiXactIdIsValid(thisoldest) &&
2538 MultiXactIdPrecedes(thisoldest, oldestMXact))
2539 oldestMXact = thisoldest;
2540 }
2541
2542 LWLockRelease(MultiXactGenLock);
2543
2544 return oldestMXact;
2545 }
2546
2547 /*
2548 * Determine how aggressively we need to vacuum in order to prevent member
2549 * wraparound.
2550 *
2551 * To do so determine what's the oldest member offset and install the limit
2552 * info in MultiXactState, where it can be used to prevent overrun of old data
2553 * in the members SLRU area.
2554 *
2555 * The return value is true if emergency autovacuum is required and false
2556 * otherwise.
2557 */
2558 static bool
SetOffsetVacuumLimit(bool is_startup)2559 SetOffsetVacuumLimit(bool is_startup)
2560 {
2561 MultiXactId oldestMultiXactId;
2562 MultiXactId nextMXact;
2563 MultiXactOffset oldestOffset = 0; /* placate compiler */
2564 MultiXactOffset prevOldestOffset;
2565 MultiXactOffset nextOffset;
2566 bool oldestOffsetKnown = false;
2567 bool prevOldestOffsetKnown;
2568 MultiXactOffset offsetStopLimit = 0;
2569 MultiXactOffset prevOffsetStopLimit;
2570
2571 /*
2572 * NB: Have to prevent concurrent truncation, we might otherwise try to
2573 * lookup an oldestMulti that's concurrently getting truncated away.
2574 */
2575 LWLockAcquire(MultiXactTruncationLock, LW_SHARED);
2576
2577 /* Read relevant fields from shared memory. */
2578 LWLockAcquire(MultiXactGenLock, LW_SHARED);
2579 oldestMultiXactId = MultiXactState->oldestMultiXactId;
2580 nextMXact = MultiXactState->nextMXact;
2581 nextOffset = MultiXactState->nextOffset;
2582 prevOldestOffsetKnown = MultiXactState->oldestOffsetKnown;
2583 prevOldestOffset = MultiXactState->oldestOffset;
2584 prevOffsetStopLimit = MultiXactState->offsetStopLimit;
2585 Assert(MultiXactState->finishedStartup);
2586 LWLockRelease(MultiXactGenLock);
2587
2588 /*
2589 * Determine the offset of the oldest multixact. Normally, we can read
2590 * the offset from the multixact itself, but there's an important special
2591 * case: if there are no multixacts in existence at all, oldestMXact
2592 * obviously can't point to one. It will instead point to the multixact
2593 * ID that will be assigned the next time one is needed.
2594 */
2595 if (oldestMultiXactId == nextMXact)
2596 {
2597 /*
2598 * When the next multixact gets created, it will be stored at the next
2599 * offset.
2600 */
2601 oldestOffset = nextOffset;
2602 oldestOffsetKnown = true;
2603 }
2604 else
2605 {
2606 /*
2607 * Figure out where the oldest existing multixact's offsets are
2608 * stored. Due to bugs in early release of PostgreSQL 9.3.X and 9.4.X,
2609 * the supposedly-earliest multixact might not really exist. We are
2610 * careful not to fail in that case.
2611 */
2612 oldestOffsetKnown =
2613 find_multixact_start(oldestMultiXactId, &oldestOffset);
2614
2615 if (oldestOffsetKnown)
2616 ereport(DEBUG1,
2617 (errmsg_internal("oldest MultiXactId member is at offset %u",
2618 oldestOffset)));
2619 else
2620 ereport(LOG,
2621 (errmsg("MultiXact member wraparound protections are disabled because oldest checkpointed MultiXact %u does not exist on disk",
2622 oldestMultiXactId)));
2623 }
2624
2625 LWLockRelease(MultiXactTruncationLock);
2626
2627 /*
2628 * If we can, compute limits (and install them MultiXactState) to prevent
2629 * overrun of old data in the members SLRU area. We can only do so if the
2630 * oldest offset is known though.
2631 */
2632 if (oldestOffsetKnown)
2633 {
2634 /* move back to start of the corresponding segment */
2635 offsetStopLimit = oldestOffset - (oldestOffset %
2636 (MULTIXACT_MEMBERS_PER_PAGE * SLRU_PAGES_PER_SEGMENT));
2637
2638 /* always leave one segment before the wraparound point */
2639 offsetStopLimit -= (MULTIXACT_MEMBERS_PER_PAGE * SLRU_PAGES_PER_SEGMENT);
2640
2641 if (!prevOldestOffsetKnown && !is_startup)
2642 ereport(LOG,
2643 (errmsg("MultiXact member wraparound protections are now enabled")));
2644
2645 ereport(DEBUG1,
2646 (errmsg_internal("MultiXact member stop limit is now %u based on MultiXact %u",
2647 offsetStopLimit, oldestMultiXactId)));
2648 }
2649 else if (prevOldestOffsetKnown)
2650 {
2651 /*
2652 * If we failed to get the oldest offset this time, but we have a
2653 * value from a previous pass through this function, use the old
2654 * values rather than automatically forcing an emergency autovacuum
2655 * cycle again.
2656 */
2657 oldestOffset = prevOldestOffset;
2658 oldestOffsetKnown = true;
2659 offsetStopLimit = prevOffsetStopLimit;
2660 }
2661
2662 /* Install the computed values */
2663 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
2664 MultiXactState->oldestOffset = oldestOffset;
2665 MultiXactState->oldestOffsetKnown = oldestOffsetKnown;
2666 MultiXactState->offsetStopLimit = offsetStopLimit;
2667 LWLockRelease(MultiXactGenLock);
2668
2669 /*
2670 * Do we need an emergency autovacuum? If we're not sure, assume yes.
2671 */
2672 return !oldestOffsetKnown ||
2673 (nextOffset - oldestOffset > MULTIXACT_MEMBER_SAFE_THRESHOLD);
2674 }
2675
2676 /*
2677 * Return whether adding "distance" to "start" would move past "boundary".
2678 *
2679 * We use this to determine whether the addition is "wrapping around" the
2680 * boundary point, hence the name. The reason we don't want to use the regular
2681 * 2^31-modulo arithmetic here is that we want to be able to use the whole of
2682 * the 2^32-1 space here, allowing for more multixacts than would fit
2683 * otherwise.
2684 */
2685 static bool
MultiXactOffsetWouldWrap(MultiXactOffset boundary,MultiXactOffset start,uint32 distance)2686 MultiXactOffsetWouldWrap(MultiXactOffset boundary, MultiXactOffset start,
2687 uint32 distance)
2688 {
2689 MultiXactOffset finish;
2690
2691 /*
2692 * Note that offset number 0 is not used (see GetMultiXactIdMembers), so
2693 * if the addition wraps around the UINT_MAX boundary, skip that value.
2694 */
2695 finish = start + distance;
2696 if (finish < start)
2697 finish++;
2698
2699 /*-----------------------------------------------------------------------
2700 * When the boundary is numerically greater than the starting point, any
2701 * value numerically between the two is not wrapped:
2702 *
2703 * <----S----B---->
2704 * [---) = F wrapped past B (and UINT_MAX)
2705 * [---) = F not wrapped
2706 * [----] = F wrapped past B
2707 *
2708 * When the boundary is numerically less than the starting point (i.e. the
2709 * UINT_MAX wraparound occurs somewhere in between) then all values in
2710 * between are wrapped:
2711 *
2712 * <----B----S---->
2713 * [---) = F not wrapped past B (but wrapped past UINT_MAX)
2714 * [---) = F wrapped past B (and UINT_MAX)
2715 * [----] = F not wrapped
2716 *-----------------------------------------------------------------------
2717 */
2718 if (start < boundary)
2719 return finish >= boundary || finish < start;
2720 else
2721 return finish >= boundary && finish < start;
2722 }
2723
2724 /*
2725 * Find the starting offset of the given MultiXactId.
2726 *
2727 * Returns false if the file containing the multi does not exist on disk.
2728 * Otherwise, returns true and sets *result to the starting member offset.
2729 *
2730 * This function does not prevent concurrent truncation, so if that's
2731 * required, the caller has to protect against that.
2732 */
2733 static bool
find_multixact_start(MultiXactId multi,MultiXactOffset * result)2734 find_multixact_start(MultiXactId multi, MultiXactOffset *result)
2735 {
2736 MultiXactOffset offset;
2737 int pageno;
2738 int entryno;
2739 int slotno;
2740 MultiXactOffset *offptr;
2741
2742 Assert(MultiXactState->finishedStartup);
2743
2744 pageno = MultiXactIdToOffsetPage(multi);
2745 entryno = MultiXactIdToOffsetEntry(multi);
2746
2747 /*
2748 * Write out dirty data, so PhysicalPageExists can work correctly.
2749 */
2750 SimpleLruWriteAll(MultiXactOffsetCtl, true);
2751 SimpleLruWriteAll(MultiXactMemberCtl, true);
2752
2753 if (!SimpleLruDoesPhysicalPageExist(MultiXactOffsetCtl, pageno))
2754 return false;
2755
2756 /* lock is acquired by SimpleLruReadPage_ReadOnly */
2757 slotno = SimpleLruReadPage_ReadOnly(MultiXactOffsetCtl, pageno, multi);
2758 offptr = (MultiXactOffset *) MultiXactOffsetCtl->shared->page_buffer[slotno];
2759 offptr += entryno;
2760 offset = *offptr;
2761 LWLockRelease(MultiXactOffsetSLRULock);
2762
2763 *result = offset;
2764 return true;
2765 }
2766
2767 /*
2768 * Determine how many multixacts, and how many multixact members, currently
2769 * exist. Return false if unable to determine.
2770 */
2771 static bool
ReadMultiXactCounts(uint32 * multixacts,MultiXactOffset * members)2772 ReadMultiXactCounts(uint32 *multixacts, MultiXactOffset *members)
2773 {
2774 MultiXactOffset nextOffset;
2775 MultiXactOffset oldestOffset;
2776 MultiXactId oldestMultiXactId;
2777 MultiXactId nextMultiXactId;
2778 bool oldestOffsetKnown;
2779
2780 LWLockAcquire(MultiXactGenLock, LW_SHARED);
2781 nextOffset = MultiXactState->nextOffset;
2782 oldestMultiXactId = MultiXactState->oldestMultiXactId;
2783 nextMultiXactId = MultiXactState->nextMXact;
2784 oldestOffset = MultiXactState->oldestOffset;
2785 oldestOffsetKnown = MultiXactState->oldestOffsetKnown;
2786 LWLockRelease(MultiXactGenLock);
2787
2788 if (!oldestOffsetKnown)
2789 return false;
2790
2791 *members = nextOffset - oldestOffset;
2792 *multixacts = nextMultiXactId - oldestMultiXactId;
2793 return true;
2794 }
2795
2796 /*
2797 * Multixact members can be removed once the multixacts that refer to them
2798 * are older than every datminmxid. autovacuum_multixact_freeze_max_age and
2799 * vacuum_multixact_freeze_table_age work together to make sure we never have
2800 * too many multixacts; we hope that, at least under normal circumstances,
2801 * this will also be sufficient to keep us from using too many offsets.
2802 * However, if the average multixact has many members, we might exhaust the
2803 * members space while still using few enough members that these limits fail
2804 * to trigger full table scans for relminmxid advancement. At that point,
2805 * we'd have no choice but to start failing multixact-creating operations
2806 * with an error.
2807 *
2808 * To prevent that, if more than a threshold portion of the members space is
2809 * used, we effectively reduce autovacuum_multixact_freeze_max_age and
2810 * to a value just less than the number of multixacts in use. We hope that
2811 * this will quickly trigger autovacuuming on the table or tables with the
2812 * oldest relminmxid, thus allowing datminmxid values to advance and removing
2813 * some members.
2814 *
2815 * As the fraction of the member space currently in use grows, we become
2816 * more aggressive in clamping this value. That not only causes autovacuum
2817 * to ramp up, but also makes any manual vacuums the user issues more
2818 * aggressive. This happens because vacuum_set_xid_limits() clamps the
2819 * freeze table and the minimum freeze age based on the effective
2820 * autovacuum_multixact_freeze_max_age this function returns. In the worst
2821 * case, we'll claim the freeze_max_age to zero, and every vacuum of any
2822 * table will try to freeze every multixact.
2823 *
2824 * It's possible that these thresholds should be user-tunable, but for now
2825 * we keep it simple.
2826 */
2827 int
MultiXactMemberFreezeThreshold(void)2828 MultiXactMemberFreezeThreshold(void)
2829 {
2830 MultiXactOffset members;
2831 uint32 multixacts;
2832 uint32 victim_multixacts;
2833 double fraction;
2834
2835 /* If we can't determine member space utilization, assume the worst. */
2836 if (!ReadMultiXactCounts(&multixacts, &members))
2837 return 0;
2838
2839 /* If member space utilization is low, no special action is required. */
2840 if (members <= MULTIXACT_MEMBER_SAFE_THRESHOLD)
2841 return autovacuum_multixact_freeze_max_age;
2842
2843 /*
2844 * Compute a target for relminmxid advancement. The number of multixacts
2845 * we try to eliminate from the system is based on how far we are past
2846 * MULTIXACT_MEMBER_SAFE_THRESHOLD.
2847 */
2848 fraction = (double) (members - MULTIXACT_MEMBER_SAFE_THRESHOLD) /
2849 (MULTIXACT_MEMBER_DANGER_THRESHOLD - MULTIXACT_MEMBER_SAFE_THRESHOLD);
2850 victim_multixacts = multixacts * fraction;
2851
2852 /* fraction could be > 1.0, but lowest possible freeze age is zero */
2853 if (victim_multixacts > multixacts)
2854 return 0;
2855 return multixacts - victim_multixacts;
2856 }
2857
2858 typedef struct mxtruncinfo
2859 {
2860 int earliestExistingPage;
2861 } mxtruncinfo;
2862
2863 /*
2864 * SlruScanDirectory callback
2865 * This callback determines the earliest existing page number.
2866 */
2867 static bool
SlruScanDirCbFindEarliest(SlruCtl ctl,char * filename,int segpage,void * data)2868 SlruScanDirCbFindEarliest(SlruCtl ctl, char *filename, int segpage, void *data)
2869 {
2870 mxtruncinfo *trunc = (mxtruncinfo *) data;
2871
2872 if (trunc->earliestExistingPage == -1 ||
2873 ctl->PagePrecedes(segpage, trunc->earliestExistingPage))
2874 {
2875 trunc->earliestExistingPage = segpage;
2876 }
2877
2878 return false; /* keep going */
2879 }
2880
2881
2882 /*
2883 * Delete members segments [oldest, newOldest)
2884 *
2885 * The members SLRU can, in contrast to the offsets one, be filled to almost
2886 * the full range at once. This means SimpleLruTruncate() can't trivially be
2887 * used - instead the to-be-deleted range is computed using the offsets
2888 * SLRU. C.f. TruncateMultiXact().
2889 */
2890 static void
PerformMembersTruncation(MultiXactOffset oldestOffset,MultiXactOffset newOldestOffset)2891 PerformMembersTruncation(MultiXactOffset oldestOffset, MultiXactOffset newOldestOffset)
2892 {
2893 const int maxsegment = MXOffsetToMemberSegment(MaxMultiXactOffset);
2894 int startsegment = MXOffsetToMemberSegment(oldestOffset);
2895 int endsegment = MXOffsetToMemberSegment(newOldestOffset);
2896 int segment = startsegment;
2897
2898 /*
2899 * Delete all the segments but the last one. The last segment can still
2900 * contain, possibly partially, valid data.
2901 */
2902 while (segment != endsegment)
2903 {
2904 elog(DEBUG2, "truncating multixact members segment %x", segment);
2905 SlruDeleteSegment(MultiXactMemberCtl, segment);
2906
2907 /* move to next segment, handling wraparound correctly */
2908 if (segment == maxsegment)
2909 segment = 0;
2910 else
2911 segment += 1;
2912 }
2913 }
2914
2915 /*
2916 * Delete offsets segments [oldest, newOldest)
2917 */
2918 static void
PerformOffsetsTruncation(MultiXactId oldestMulti,MultiXactId newOldestMulti)2919 PerformOffsetsTruncation(MultiXactId oldestMulti, MultiXactId newOldestMulti)
2920 {
2921 /*
2922 * We step back one multixact to avoid passing a cutoff page that hasn't
2923 * been created yet in the rare case that oldestMulti would be the first
2924 * item on a page and oldestMulti == nextMulti. In that case, if we
2925 * didn't subtract one, we'd trigger SimpleLruTruncate's wraparound
2926 * detection.
2927 */
2928 SimpleLruTruncate(MultiXactOffsetCtl,
2929 MultiXactIdToOffsetPage(PreviousMultiXactId(newOldestMulti)));
2930 }
2931
2932 /*
2933 * Remove all MultiXactOffset and MultiXactMember segments before the oldest
2934 * ones still of interest.
2935 *
2936 * This is only called on a primary as part of vacuum (via
2937 * vac_truncate_clog()). During recovery truncation is done by replaying
2938 * truncation WAL records logged here.
2939 *
2940 * newOldestMulti is the oldest currently required multixact, newOldestMultiDB
2941 * is one of the databases preventing newOldestMulti from increasing.
2942 */
2943 void
TruncateMultiXact(MultiXactId newOldestMulti,Oid newOldestMultiDB)2944 TruncateMultiXact(MultiXactId newOldestMulti, Oid newOldestMultiDB)
2945 {
2946 MultiXactId oldestMulti;
2947 MultiXactId nextMulti;
2948 MultiXactOffset newOldestOffset;
2949 MultiXactOffset oldestOffset;
2950 MultiXactOffset nextOffset;
2951 mxtruncinfo trunc;
2952 MultiXactId earliest;
2953
2954 Assert(!RecoveryInProgress());
2955 Assert(MultiXactState->finishedStartup);
2956
2957 /*
2958 * We can only allow one truncation to happen at once. Otherwise parts of
2959 * members might vanish while we're doing lookups or similar. There's no
2960 * need to have an interlock with creating new multis or such, since those
2961 * are constrained by the limits (which only grow, never shrink).
2962 */
2963 LWLockAcquire(MultiXactTruncationLock, LW_EXCLUSIVE);
2964
2965 LWLockAcquire(MultiXactGenLock, LW_SHARED);
2966 nextMulti = MultiXactState->nextMXact;
2967 nextOffset = MultiXactState->nextOffset;
2968 oldestMulti = MultiXactState->oldestMultiXactId;
2969 LWLockRelease(MultiXactGenLock);
2970 Assert(MultiXactIdIsValid(oldestMulti));
2971
2972 /*
2973 * Make sure to only attempt truncation if there's values to truncate
2974 * away. In normal processing values shouldn't go backwards, but there's
2975 * some corner cases (due to bugs) where that's possible.
2976 */
2977 if (MultiXactIdPrecedesOrEquals(newOldestMulti, oldestMulti))
2978 {
2979 LWLockRelease(MultiXactTruncationLock);
2980 return;
2981 }
2982
2983 /*
2984 * Note we can't just plow ahead with the truncation; it's possible that
2985 * there are no segments to truncate, which is a problem because we are
2986 * going to attempt to read the offsets page to determine where to
2987 * truncate the members SLRU. So we first scan the directory to determine
2988 * the earliest offsets page number that we can read without error.
2989 *
2990 * When nextMXact is less than one segment away from multiWrapLimit,
2991 * SlruScanDirCbFindEarliest can find some early segment other than the
2992 * actual earliest. (MultiXactOffsetPagePrecedes(EARLIEST, LATEST)
2993 * returns false, because not all pairs of entries have the same answer.)
2994 * That can also arise when an earlier truncation attempt failed unlink()
2995 * or returned early from this function. The only consequence is
2996 * returning early, which wastes space that we could have liberated.
2997 *
2998 * NB: It's also possible that the page that oldestMulti is on has already
2999 * been truncated away, and we crashed before updating oldestMulti.
3000 */
3001 trunc.earliestExistingPage = -1;
3002 SlruScanDirectory(MultiXactOffsetCtl, SlruScanDirCbFindEarliest, &trunc);
3003 earliest = trunc.earliestExistingPage * MULTIXACT_OFFSETS_PER_PAGE;
3004 if (earliest < FirstMultiXactId)
3005 earliest = FirstMultiXactId;
3006
3007 /* If there's nothing to remove, we can bail out early. */
3008 if (MultiXactIdPrecedes(oldestMulti, earliest))
3009 {
3010 LWLockRelease(MultiXactTruncationLock);
3011 return;
3012 }
3013
3014 /*
3015 * First, compute the safe truncation point for MultiXactMember. This is
3016 * the starting offset of the oldest multixact.
3017 *
3018 * Hopefully, find_multixact_start will always work here, because we've
3019 * already checked that it doesn't precede the earliest MultiXact on disk.
3020 * But if it fails, don't truncate anything, and log a message.
3021 */
3022 if (oldestMulti == nextMulti)
3023 {
3024 /* there are NO MultiXacts */
3025 oldestOffset = nextOffset;
3026 }
3027 else if (!find_multixact_start(oldestMulti, &oldestOffset))
3028 {
3029 ereport(LOG,
3030 (errmsg("oldest MultiXact %u not found, earliest MultiXact %u, skipping truncation",
3031 oldestMulti, earliest)));
3032 LWLockRelease(MultiXactTruncationLock);
3033 return;
3034 }
3035
3036 /*
3037 * Secondly compute up to where to truncate. Lookup the corresponding
3038 * member offset for newOldestMulti for that.
3039 */
3040 if (newOldestMulti == nextMulti)
3041 {
3042 /* there are NO MultiXacts */
3043 newOldestOffset = nextOffset;
3044 }
3045 else if (!find_multixact_start(newOldestMulti, &newOldestOffset))
3046 {
3047 ereport(LOG,
3048 (errmsg("cannot truncate up to MultiXact %u because it does not exist on disk, skipping truncation",
3049 newOldestMulti)));
3050 LWLockRelease(MultiXactTruncationLock);
3051 return;
3052 }
3053
3054 elog(DEBUG1, "performing multixact truncation: "
3055 "offsets [%u, %u), offsets segments [%x, %x), "
3056 "members [%u, %u), members segments [%x, %x)",
3057 oldestMulti, newOldestMulti,
3058 MultiXactIdToOffsetSegment(oldestMulti),
3059 MultiXactIdToOffsetSegment(newOldestMulti),
3060 oldestOffset, newOldestOffset,
3061 MXOffsetToMemberSegment(oldestOffset),
3062 MXOffsetToMemberSegment(newOldestOffset));
3063
3064 /*
3065 * Do truncation, and the WAL logging of the truncation, in a critical
3066 * section. That way offsets/members cannot get out of sync anymore, i.e.
3067 * once consistent the newOldestMulti will always exist in members, even
3068 * if we crashed in the wrong moment.
3069 */
3070 START_CRIT_SECTION();
3071
3072 /*
3073 * Prevent checkpoints from being scheduled concurrently. This is critical
3074 * because otherwise a truncation record might not be replayed after a
3075 * crash/basebackup, even though the state of the data directory would
3076 * require it.
3077 */
3078 Assert(!MyProc->delayChkpt);
3079 MyProc->delayChkpt = true;
3080
3081 /* WAL log truncation */
3082 WriteMTruncateXlogRec(newOldestMultiDB,
3083 oldestMulti, newOldestMulti,
3084 oldestOffset, newOldestOffset);
3085
3086 /*
3087 * Update in-memory limits before performing the truncation, while inside
3088 * the critical section: Have to do it before truncation, to prevent
3089 * concurrent lookups of those values. Has to be inside the critical
3090 * section as otherwise a future call to this function would error out,
3091 * while looking up the oldest member in offsets, if our caller crashes
3092 * before updating the limits.
3093 */
3094 LWLockAcquire(MultiXactGenLock, LW_EXCLUSIVE);
3095 MultiXactState->oldestMultiXactId = newOldestMulti;
3096 MultiXactState->oldestMultiXactDB = newOldestMultiDB;
3097 LWLockRelease(MultiXactGenLock);
3098
3099 /* First truncate members */
3100 PerformMembersTruncation(oldestOffset, newOldestOffset);
3101
3102 /* Then offsets */
3103 PerformOffsetsTruncation(oldestMulti, newOldestMulti);
3104
3105 MyProc->delayChkpt = false;
3106
3107 END_CRIT_SECTION();
3108 LWLockRelease(MultiXactTruncationLock);
3109 }
3110
3111 /*
3112 * Decide whether a MultiXactOffset page number is "older" for truncation
3113 * purposes. Analogous to CLOGPagePrecedes().
3114 *
3115 * Offsetting the values is optional, because MultiXactIdPrecedes() has
3116 * translational symmetry.
3117 */
3118 static bool
MultiXactOffsetPagePrecedes(int page1,int page2)3119 MultiXactOffsetPagePrecedes(int page1, int page2)
3120 {
3121 MultiXactId multi1;
3122 MultiXactId multi2;
3123
3124 multi1 = ((MultiXactId) page1) * MULTIXACT_OFFSETS_PER_PAGE;
3125 multi1 += FirstMultiXactId + 1;
3126 multi2 = ((MultiXactId) page2) * MULTIXACT_OFFSETS_PER_PAGE;
3127 multi2 += FirstMultiXactId + 1;
3128
3129 return (MultiXactIdPrecedes(multi1, multi2) &&
3130 MultiXactIdPrecedes(multi1,
3131 multi2 + MULTIXACT_OFFSETS_PER_PAGE - 1));
3132 }
3133
3134 /*
3135 * Decide whether a MultiXactMember page number is "older" for truncation
3136 * purposes. There is no "invalid offset number" so use the numbers verbatim.
3137 */
3138 static bool
MultiXactMemberPagePrecedes(int page1,int page2)3139 MultiXactMemberPagePrecedes(int page1, int page2)
3140 {
3141 MultiXactOffset offset1;
3142 MultiXactOffset offset2;
3143
3144 offset1 = ((MultiXactOffset) page1) * MULTIXACT_MEMBERS_PER_PAGE;
3145 offset2 = ((MultiXactOffset) page2) * MULTIXACT_MEMBERS_PER_PAGE;
3146
3147 return (MultiXactOffsetPrecedes(offset1, offset2) &&
3148 MultiXactOffsetPrecedes(offset1,
3149 offset2 + MULTIXACT_MEMBERS_PER_PAGE - 1));
3150 }
3151
3152 /*
3153 * Decide which of two MultiXactIds is earlier.
3154 *
3155 * XXX do we need to do something special for InvalidMultiXactId?
3156 * (Doesn't look like it.)
3157 */
3158 bool
MultiXactIdPrecedes(MultiXactId multi1,MultiXactId multi2)3159 MultiXactIdPrecedes(MultiXactId multi1, MultiXactId multi2)
3160 {
3161 int32 diff = (int32) (multi1 - multi2);
3162
3163 return (diff < 0);
3164 }
3165
3166 /*
3167 * MultiXactIdPrecedesOrEquals -- is multi1 logically <= multi2?
3168 *
3169 * XXX do we need to do something special for InvalidMultiXactId?
3170 * (Doesn't look like it.)
3171 */
3172 bool
MultiXactIdPrecedesOrEquals(MultiXactId multi1,MultiXactId multi2)3173 MultiXactIdPrecedesOrEquals(MultiXactId multi1, MultiXactId multi2)
3174 {
3175 int32 diff = (int32) (multi1 - multi2);
3176
3177 return (diff <= 0);
3178 }
3179
3180
3181 /*
3182 * Decide which of two offsets is earlier.
3183 */
3184 static bool
MultiXactOffsetPrecedes(MultiXactOffset offset1,MultiXactOffset offset2)3185 MultiXactOffsetPrecedes(MultiXactOffset offset1, MultiXactOffset offset2)
3186 {
3187 int32 diff = (int32) (offset1 - offset2);
3188
3189 return (diff < 0);
3190 }
3191
3192 /*
3193 * Write an xlog record reflecting the zeroing of either a MEMBERs or
3194 * OFFSETs page (info shows which)
3195 */
3196 static void
WriteMZeroPageXlogRec(int pageno,uint8 info)3197 WriteMZeroPageXlogRec(int pageno, uint8 info)
3198 {
3199 XLogBeginInsert();
3200 XLogRegisterData((char *) (&pageno), sizeof(int));
3201 (void) XLogInsert(RM_MULTIXACT_ID, info);
3202 }
3203
3204 /*
3205 * Write a TRUNCATE xlog record
3206 *
3207 * We must flush the xlog record to disk before returning --- see notes in
3208 * TruncateCLOG().
3209 */
3210 static void
WriteMTruncateXlogRec(Oid oldestMultiDB,MultiXactId startTruncOff,MultiXactId endTruncOff,MultiXactOffset startTruncMemb,MultiXactOffset endTruncMemb)3211 WriteMTruncateXlogRec(Oid oldestMultiDB,
3212 MultiXactId startTruncOff, MultiXactId endTruncOff,
3213 MultiXactOffset startTruncMemb, MultiXactOffset endTruncMemb)
3214 {
3215 XLogRecPtr recptr;
3216 xl_multixact_truncate xlrec;
3217
3218 xlrec.oldestMultiDB = oldestMultiDB;
3219
3220 xlrec.startTruncOff = startTruncOff;
3221 xlrec.endTruncOff = endTruncOff;
3222
3223 xlrec.startTruncMemb = startTruncMemb;
3224 xlrec.endTruncMemb = endTruncMemb;
3225
3226 XLogBeginInsert();
3227 XLogRegisterData((char *) (&xlrec), SizeOfMultiXactTruncate);
3228 recptr = XLogInsert(RM_MULTIXACT_ID, XLOG_MULTIXACT_TRUNCATE_ID);
3229 XLogFlush(recptr);
3230 }
3231
3232 /*
3233 * MULTIXACT resource manager's routines
3234 */
3235 void
multixact_redo(XLogReaderState * record)3236 multixact_redo(XLogReaderState *record)
3237 {
3238 uint8 info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
3239
3240 /* Backup blocks are not used in multixact records */
3241 Assert(!XLogRecHasAnyBlockRefs(record));
3242
3243 if (info == XLOG_MULTIXACT_ZERO_OFF_PAGE)
3244 {
3245 int pageno;
3246 int slotno;
3247
3248 memcpy(&pageno, XLogRecGetData(record), sizeof(int));
3249
3250 LWLockAcquire(MultiXactOffsetSLRULock, LW_EXCLUSIVE);
3251
3252 slotno = ZeroMultiXactOffsetPage(pageno, false);
3253 SimpleLruWritePage(MultiXactOffsetCtl, slotno);
3254 Assert(!MultiXactOffsetCtl->shared->page_dirty[slotno]);
3255
3256 LWLockRelease(MultiXactOffsetSLRULock);
3257 }
3258 else if (info == XLOG_MULTIXACT_ZERO_MEM_PAGE)
3259 {
3260 int pageno;
3261 int slotno;
3262
3263 memcpy(&pageno, XLogRecGetData(record), sizeof(int));
3264
3265 LWLockAcquire(MultiXactMemberSLRULock, LW_EXCLUSIVE);
3266
3267 slotno = ZeroMultiXactMemberPage(pageno, false);
3268 SimpleLruWritePage(MultiXactMemberCtl, slotno);
3269 Assert(!MultiXactMemberCtl->shared->page_dirty[slotno]);
3270
3271 LWLockRelease(MultiXactMemberSLRULock);
3272 }
3273 else if (info == XLOG_MULTIXACT_CREATE_ID)
3274 {
3275 xl_multixact_create *xlrec =
3276 (xl_multixact_create *) XLogRecGetData(record);
3277 TransactionId max_xid;
3278 int i;
3279
3280 /* Store the data back into the SLRU files */
3281 RecordNewMultiXact(xlrec->mid, xlrec->moff, xlrec->nmembers,
3282 xlrec->members);
3283
3284 /* Make sure nextMXact/nextOffset are beyond what this record has */
3285 MultiXactAdvanceNextMXact(xlrec->mid + 1,
3286 xlrec->moff + xlrec->nmembers);
3287
3288 /*
3289 * Make sure nextXid is beyond any XID mentioned in the record. This
3290 * should be unnecessary, since any XID found here ought to have other
3291 * evidence in the XLOG, but let's be safe.
3292 */
3293 max_xid = XLogRecGetXid(record);
3294 for (i = 0; i < xlrec->nmembers; i++)
3295 {
3296 if (TransactionIdPrecedes(max_xid, xlrec->members[i].xid))
3297 max_xid = xlrec->members[i].xid;
3298 }
3299
3300 AdvanceNextFullTransactionIdPastXid(max_xid);
3301 }
3302 else if (info == XLOG_MULTIXACT_TRUNCATE_ID)
3303 {
3304 xl_multixact_truncate xlrec;
3305 int pageno;
3306
3307 memcpy(&xlrec, XLogRecGetData(record),
3308 SizeOfMultiXactTruncate);
3309
3310 elog(DEBUG1, "replaying multixact truncation: "
3311 "offsets [%u, %u), offsets segments [%x, %x), "
3312 "members [%u, %u), members segments [%x, %x)",
3313 xlrec.startTruncOff, xlrec.endTruncOff,
3314 MultiXactIdToOffsetSegment(xlrec.startTruncOff),
3315 MultiXactIdToOffsetSegment(xlrec.endTruncOff),
3316 xlrec.startTruncMemb, xlrec.endTruncMemb,
3317 MXOffsetToMemberSegment(xlrec.startTruncMemb),
3318 MXOffsetToMemberSegment(xlrec.endTruncMemb));
3319
3320 /* should not be required, but more than cheap enough */
3321 LWLockAcquire(MultiXactTruncationLock, LW_EXCLUSIVE);
3322
3323 /*
3324 * Advance the horizon values, so they're current at the end of
3325 * recovery.
3326 */
3327 SetMultiXactIdLimit(xlrec.endTruncOff, xlrec.oldestMultiDB, false);
3328
3329 PerformMembersTruncation(xlrec.startTruncMemb, xlrec.endTruncMemb);
3330
3331 /*
3332 * During XLOG replay, latest_page_number isn't necessarily set up
3333 * yet; insert a suitable value to bypass the sanity test in
3334 * SimpleLruTruncate.
3335 */
3336 pageno = MultiXactIdToOffsetPage(xlrec.endTruncOff);
3337 MultiXactOffsetCtl->shared->latest_page_number = pageno;
3338 PerformOffsetsTruncation(xlrec.startTruncOff, xlrec.endTruncOff);
3339
3340 LWLockRelease(MultiXactTruncationLock);
3341 }
3342 else
3343 elog(PANIC, "multixact_redo: unknown op code %u", info);
3344 }
3345
3346 Datum
pg_get_multixact_members(PG_FUNCTION_ARGS)3347 pg_get_multixact_members(PG_FUNCTION_ARGS)
3348 {
3349 typedef struct
3350 {
3351 MultiXactMember *members;
3352 int nmembers;
3353 int iter;
3354 } mxact;
3355 MultiXactId mxid = PG_GETARG_TRANSACTIONID(0);
3356 mxact *multi;
3357 FuncCallContext *funccxt;
3358
3359 if (mxid < FirstMultiXactId)
3360 ereport(ERROR,
3361 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
3362 errmsg("invalid MultiXactId: %u", mxid)));
3363
3364 if (SRF_IS_FIRSTCALL())
3365 {
3366 MemoryContext oldcxt;
3367 TupleDesc tupdesc;
3368
3369 funccxt = SRF_FIRSTCALL_INIT();
3370 oldcxt = MemoryContextSwitchTo(funccxt->multi_call_memory_ctx);
3371
3372 multi = palloc(sizeof(mxact));
3373 /* no need to allow for old values here */
3374 multi->nmembers = GetMultiXactIdMembers(mxid, &multi->members, false,
3375 false);
3376 multi->iter = 0;
3377
3378 tupdesc = CreateTemplateTupleDesc(2);
3379 TupleDescInitEntry(tupdesc, (AttrNumber) 1, "xid",
3380 XIDOID, -1, 0);
3381 TupleDescInitEntry(tupdesc, (AttrNumber) 2, "mode",
3382 TEXTOID, -1, 0);
3383
3384 funccxt->attinmeta = TupleDescGetAttInMetadata(tupdesc);
3385 funccxt->user_fctx = multi;
3386
3387 MemoryContextSwitchTo(oldcxt);
3388 }
3389
3390 funccxt = SRF_PERCALL_SETUP();
3391 multi = (mxact *) funccxt->user_fctx;
3392
3393 while (multi->iter < multi->nmembers)
3394 {
3395 HeapTuple tuple;
3396 char *values[2];
3397
3398 values[0] = psprintf("%u", multi->members[multi->iter].xid);
3399 values[1] = mxstatus_to_string(multi->members[multi->iter].status);
3400
3401 tuple = BuildTupleFromCStrings(funccxt->attinmeta, values);
3402
3403 multi->iter++;
3404 pfree(values[0]);
3405 SRF_RETURN_NEXT(funccxt, HeapTupleGetDatum(tuple));
3406 }
3407
3408 SRF_RETURN_DONE(funccxt);
3409 }
3410
3411 /*
3412 * Entrypoint for sync.c to sync offsets files.
3413 */
3414 int
multixactoffsetssyncfiletag(const FileTag * ftag,char * path)3415 multixactoffsetssyncfiletag(const FileTag *ftag, char *path)
3416 {
3417 return SlruSyncFileTag(MultiXactOffsetCtl, ftag, path);
3418 }
3419
3420 /*
3421 * Entrypoint for sync.c to sync members files.
3422 */
3423 int
multixactmemberssyncfiletag(const FileTag * ftag,char * path)3424 multixactmemberssyncfiletag(const FileTag *ftag, char *path)
3425 {
3426 return SlruSyncFileTag(MultiXactMemberCtl, ftag, path);
3427 }
3428