/*-------------------------------------------------------------------- * Symbols referenced in this file: * - elog_start * - write_stderr * - err_gettext * - errstart * - PG_exception_stack * - in_error_recursion_trouble * - error_context_stack * - is_log_level_output * - recursion_depth * - errfinish * - pg_re_throw * - EmitErrorReport * - emit_log_hook * - send_message_to_server_log * - send_message_to_frontend * - errmsg_internal * - errcode * - errmsg * - errdetail * - expand_fmt_string * - useful_strerror * - get_errno_symbol * - errordata_stack_depth * - errordata * - elog_finish * - errposition * - errhint * - internalerrposition * - internalerrquery * - geterrposition * - getinternalerrposition * - set_errcontext_domain * - errcontext_msg * - CopyErrorData * - FlushErrorState *-------------------------------------------------------------------- */ /*------------------------------------------------------------------------- * * elog.c * error logging and reporting * * Because of the extremely high rate at which log messages can be generated, * we need to be mindful of the performance cost of obtaining any information * that may be logged. Also, it's important to keep in mind that this code may * get called from within an aborted transaction, in which case operations * such as syscache lookups are unsafe. * * Some notes about recursion and errors during error processing: * * We need to be robust about recursive-error scenarios --- for example, * if we run out of memory, it's important to be able to report that fact. * There are a number of considerations that go into this. * * First, distinguish between re-entrant use and actual recursion. It * is possible for an error or warning message to be emitted while the * parameters for an error message are being computed. In this case * errstart has been called for the outer message, and some field values * may have already been saved, but we are not actually recursing. We handle * this by providing a (small) stack of ErrorData records. The inner message * can be computed and sent without disturbing the state of the outer message. * (If the inner message is actually an error, this isn't very interesting * because control won't come back to the outer message generator ... but * if the inner message is only debug or log data, this is critical.) * * Second, actual recursion will occur if an error is reported by one of * the elog.c routines or something they call. By far the most probable * scenario of this sort is "out of memory"; and it's also the nastiest * to handle because we'd likely also run out of memory while trying to * report this error! Our escape hatch for this case is to reset the * ErrorContext to empty before trying to process the inner error. Since * ErrorContext is guaranteed to have at least 8K of space in it (see mcxt.c), * we should be able to process an "out of memory" message successfully. * Since we lose the prior error state due to the reset, we won't be able * to return to processing the original error, but we wouldn't have anyway. * (NOTE: the escape hatch is not used for recursive situations where the * inner message is of less than ERROR severity; in that case we just * try to process it and return normally. Usually this will work, but if * it ends up in infinite recursion, we will PANIC due to error stack * overflow.) * * * Portions Copyright (c) 1996-2015, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * * * IDENTIFICATION * src/backend/utils/error/elog.c * *------------------------------------------------------------------------- */ #include "postgres.h" #include #include #include #include #include #ifdef HAVE_SYSLOG #include #endif #include "access/transam.h" #include "access/xact.h" #include "libpq/libpq.h" #include "libpq/pqformat.h" #include "mb/pg_wchar.h" #include "miscadmin.h" #include "postmaster/postmaster.h" #include "postmaster/syslogger.h" #include "storage/ipc.h" #include "storage/proc.h" #include "tcop/tcopprot.h" #include "utils/guc.h" #include "utils/memutils.h" #include "utils/ps_status.h" #undef _ #define _(x) err_gettext(x) static const char *err_gettext(const char *str) pg_attribute_format_arg(1); static void set_errdata_field(MemoryContextData *cxt, char **ptr, const char *str); /* Global variables */ __thread ErrorContextCallback *error_context_stack = NULL; __thread sigjmp_buf *PG_exception_stack = NULL; extern bool redirection_done; /* * Hook for intercepting messages before they are sent to the server log. * Note that the hook will not get called for messages that are suppressed * by log_min_messages. Also note that logging hooks implemented in preload * libraries will miss any log messages that are generated before the * library is loaded. */ __thread emit_log_hook_type emit_log_hook = NULL; /* GUC parameters */ /* format for extra log line info */ #ifdef HAVE_SYSLOG /* * Max string length to send to syslog(). Note that this doesn't count the * sequence-number prefix we add, and of course it doesn't count the prefix * added by syslog itself. Solaris and sysklogd truncate the final message * at 1024 bytes, so this value leaves 124 bytes for those prefixes. (Most * other syslog implementations seem to have limits of 2KB or so.) */ #ifndef PG_SYSLOG_LIMIT #define PG_SYSLOG_LIMIT 900 #endif static void write_syslog(int level, const char *line); #endif static void write_console(const char *line, int len); #ifdef WIN32 extern char *event_source; static void write_eventlog(int level, const char *line, int len); #endif /* We provide a small stack of ErrorData records for re-entrant cases */ #define ERRORDATA_STACK_SIZE 5 static ErrorData errordata[ERRORDATA_STACK_SIZE]; static int errordata_stack_depth = -1; /* index of topmost active frame */ static int recursion_depth = 0; /* to detect actual recursion */ /* buffers for formatted timestamps that might be used by both * log_line_prefix and csv logs. */ #define FORMATTED_TS_LEN 128 /* Macro for checking errordata_stack_depth is reasonable */ #define CHECK_STACK_DEPTH() \ do { \ if (errordata_stack_depth < 0) \ { \ errordata_stack_depth = -1; \ ereport(ERROR, (errmsg_internal("errstart was not called"))); \ } \ } while (0) static const char *process_log_prefix_padding(const char *p, int *padding); static void log_line_prefix(StringInfo buf, ErrorData *edata); static void send_message_to_server_log(ErrorData *edata); static void send_message_to_frontend(ErrorData *edata); static char *expand_fmt_string(const char *fmt, ErrorData *edata); static const char *useful_strerror(int errnum); static const char *get_errno_symbol(int errnum); static const char *error_severity(int elevel); static void append_with_tabs(StringInfo buf, const char *str); static bool is_log_level_output(int elevel, int log_min_level); static void write_pipe_chunks(char *data, int len, int dest); static void write_csvlog(ErrorData *edata); static void setup_formatted_log_time(void); static void setup_formatted_start_time(void); /* * in_error_recursion_trouble --- are we at risk of infinite error recursion? * * This function exists to provide common control of various fallback steps * that we take if we think we are facing infinite error recursion. See the * callers for details. */ bool in_error_recursion_trouble(void) { /* Pull the plug if recurse more than once */ return (recursion_depth > 2); } /* * One of those fallback steps is to stop trying to localize the error * message, since there's a significant probability that that's exactly * what's causing the recursion. */ static inline const char * err_gettext(const char *str) { #ifdef ENABLE_NLS if (in_error_recursion_trouble()) return str; else return gettext(str); #else return str; #endif } /* * errstart --- begin an error-reporting cycle * * Create a stack entry and store the given parameters in it. Subsequently, * errmsg() and perhaps other routines will be called to further populate * the stack entry. Finally, errfinish() will be called to actually process * the error report. * * Returns TRUE in normal case. Returns FALSE to short-circuit the error * report (if it's a warning or lower and not to be reported anywhere). */ bool errstart(int elevel, const char *filename, int lineno, const char *funcname, const char *domain) { ErrorData *edata; bool output_to_server; bool output_to_client = false; int i; /* * Check some cases in which we want to promote an error into a more * severe error. None of this logic applies for non-error messages. */ if (elevel >= ERROR) { /* * If we are inside a critical section, all errors become PANIC * errors. See miscadmin.h. */ if (CritSectionCount > 0) elevel = PANIC; /* * Check reasons for treating ERROR as FATAL: * * 1. we have no handler to pass the error to (implies we are in the * postmaster or in backend startup). * * 2. ExitOnAnyError mode switch is set (initdb uses this). * * 3. the error occurred after proc_exit has begun to run. (It's * proc_exit's responsibility to see that this doesn't turn into * infinite recursion!) */ if (elevel == ERROR) { if (PG_exception_stack == NULL || ExitOnAnyError || proc_exit_inprogress) elevel = FATAL; } /* * If the error level is ERROR or more, errfinish is not going to * return to caller; therefore, if there is any stacked error already * in progress it will be lost. This is more or less okay, except we * do not want to have a FATAL or PANIC error downgraded because the * reporting process was interrupted by a lower-grade error. So check * the stack and make sure we panic if panic is warranted. */ for (i = 0; i <= errordata_stack_depth; i++) elevel = Max(elevel, errordata[i].elevel); } /* * Now decide whether we need to process this report at all; if it's * warning or less and not enabled for logging, just return FALSE without * starting up any error logging machinery. */ /* Determine whether message is enabled for server log output */ output_to_server = is_log_level_output(elevel, log_min_messages); /* Determine whether message is enabled for client output */ if (whereToSendOutput == DestRemote && elevel != COMMERROR) { /* * client_min_messages is honored only after we complete the * authentication handshake. This is required both for security * reasons and because many clients can't handle NOTICE messages * during authentication. */ if (ClientAuthInProgress) output_to_client = (elevel >= ERROR); else output_to_client = (elevel >= client_min_messages || elevel == INFO); } /* Skip processing effort if non-error message will not be output */ if (elevel < ERROR && !output_to_server && !output_to_client) return false; /* * We need to do some actual work. Make sure that memory context * initialization has finished, else we can't do anything useful. */ if (ErrorContext == NULL) { /* Ooops, hard crash time; very little we can do safely here */ write_stderr("error occurred at %s:%d before error message processing is available\n", filename ? filename : "(unknown file)", lineno); exit(2); } /* * Okay, crank up a stack entry to store the info in. */ if (recursion_depth++ > 0 && elevel >= ERROR) { /* * Ooops, error during error processing. Clear ErrorContext as * discussed at top of file. We will not return to the original * error's reporter or handler, so we don't need it. */ MemoryContextReset(ErrorContext); /* * Infinite error recursion might be due to something broken in a * context traceback routine. Abandon them too. We also abandon * attempting to print the error statement (which, if long, could * itself be the source of the recursive failure). */ if (in_error_recursion_trouble()) { error_context_stack = NULL; debug_query_string = NULL; } } if (++errordata_stack_depth >= ERRORDATA_STACK_SIZE) { /* * Wups, stack not big enough. We treat this as a PANIC condition * because it suggests an infinite loop of errors during error * recovery. */ errordata_stack_depth = -1; /* make room on stack */ ereport(PANIC, (errmsg_internal("ERRORDATA_STACK_SIZE exceeded"))); } /* Initialize data for this error frame */ edata = &errordata[errordata_stack_depth]; MemSet(edata, 0, sizeof(ErrorData)); edata->elevel = elevel; edata->output_to_server = output_to_server; edata->output_to_client = output_to_client; if (filename) { const char *slash; /* keep only base name, useful especially for vpath builds */ slash = strrchr(filename, '/'); if (slash) filename = slash + 1; } edata->filename = filename; edata->lineno = lineno; edata->funcname = funcname; /* the default text domain is the backend's */ edata->domain = domain ? domain : PG_TEXTDOMAIN("postgres"); /* initialize context_domain the same way (see set_errcontext_domain()) */ edata->context_domain = edata->domain; /* Select default errcode based on elevel */ if (elevel >= ERROR) edata->sqlerrcode = ERRCODE_INTERNAL_ERROR; else if (elevel == WARNING) edata->sqlerrcode = ERRCODE_WARNING; else edata->sqlerrcode = ERRCODE_SUCCESSFUL_COMPLETION; /* errno is saved here so that error parameter eval can't change it */ edata->saved_errno = errno; /* * Any allocations for this error state level should go into ErrorContext */ edata->assoc_context = ErrorContext; recursion_depth--; return true; } /* * errfinish --- end an error-reporting cycle * * Produce the appropriate error report(s) and pop the error stack. * * If elevel is ERROR or worse, control does not return to the caller. * See elog.h for the error level definitions. */ void errfinish(int dummy,...) { ErrorData *edata = &errordata[errordata_stack_depth]; int elevel; MemoryContext oldcontext; ErrorContextCallback *econtext; recursion_depth++; CHECK_STACK_DEPTH(); elevel = edata->elevel; /* * Do processing in ErrorContext, which we hope has enough reserved space * to report an error. */ oldcontext = MemoryContextSwitchTo(ErrorContext); /* * Call any context callback functions. Errors occurring in callback * functions will be treated as recursive errors --- this ensures we will * avoid infinite recursion (see errstart). */ for (econtext = error_context_stack; econtext != NULL; econtext = econtext->previous) (*econtext->callback) (econtext->arg); /* * If ERROR (not more nor less) we pass it off to the current handler. * Printing it and popping the stack is the responsibility of the handler. */ if (elevel == ERROR) { /* * We do some minimal cleanup before longjmp'ing so that handlers can * execute in a reasonably sane state. * * Reset InterruptHoldoffCount in case we ereport'd from inside an * interrupt holdoff section. (We assume here that no handler will * itself be inside a holdoff section. If necessary, such a handler * could save and restore InterruptHoldoffCount for itself, but this * should make life easier for most.) */ InterruptHoldoffCount = 0; QueryCancelHoldoffCount = 0; CritSectionCount = 0; /* should be unnecessary, but... */ /* * Note that we leave CurrentMemoryContext set to ErrorContext. The * handler should reset it to something else soon. */ recursion_depth--; PG_RE_THROW(); } /* * If we are doing FATAL or PANIC, abort any old-style COPY OUT in * progress, so that we can report the message before dying. (Without * this, pq_putmessage will refuse to send the message at all, which is * what we want for NOTICE messages, but not for fatal exits.) This hack * is necessary because of poor design of old-style copy protocol. Note * we must do this even if client is fool enough to have set * client_min_messages above FATAL, so don't look at output_to_client. */ if (elevel >= FATAL && whereToSendOutput == DestRemote) pq_endcopyout(true); /* Emit the message to the right places */ EmitErrorReport(); /* Now free up subsidiary data attached to stack entry, and release it */ if (edata->message) pfree(edata->message); if (edata->detail) pfree(edata->detail); if (edata->detail_log) pfree(edata->detail_log); if (edata->hint) pfree(edata->hint); if (edata->context) pfree(edata->context); if (edata->schema_name) pfree(edata->schema_name); if (edata->table_name) pfree(edata->table_name); if (edata->column_name) pfree(edata->column_name); if (edata->datatype_name) pfree(edata->datatype_name); if (edata->constraint_name) pfree(edata->constraint_name); if (edata->internalquery) pfree(edata->internalquery); errordata_stack_depth--; /* Exit error-handling context */ MemoryContextSwitchTo(oldcontext); recursion_depth--; /* * Perform error recovery action as specified by elevel. */ if (elevel == FATAL) { /* * For a FATAL error, we let proc_exit clean up and exit. * * If we just reported a startup failure, the client will disconnect * on receiving it, so don't send any more to the client. */ if (PG_exception_stack == NULL && whereToSendOutput == DestRemote) whereToSendOutput = DestNone; /* * fflush here is just to improve the odds that we get to see the * error message, in case things are so hosed that proc_exit crashes. * Any other code you might be tempted to add here should probably be * in an on_proc_exit or on_shmem_exit callback instead. */ fflush(stdout); fflush(stderr); /* * Do normal process-exit cleanup, then return exit code 1 to indicate * FATAL termination. The postmaster may or may not consider this * worthy of panic, depending on which subprocess returns it. */ proc_exit(1); } if (elevel >= PANIC) { /* * Serious crash time. Postmaster will observe SIGABRT process exit * status and kill the other backends too. * * XXX: what if we are *in* the postmaster? abort() won't kill our * children... */ fflush(stdout); fflush(stderr); abort(); } /* * Check for cancel/die interrupt first --- this is so that the user can * stop a query emitting tons of notice or warning messages, even if it's * in a loop that otherwise fails to check for interrupts. */ CHECK_FOR_INTERRUPTS(); } /* * errcode --- add SQLSTATE error code to the current error * * The code is expected to be represented as per MAKE_SQLSTATE(). */ int errcode(int sqlerrcode) { ErrorData *edata = &errordata[errordata_stack_depth]; /* we don't bother incrementing recursion_depth */ CHECK_STACK_DEPTH(); edata->sqlerrcode = sqlerrcode; return 0; /* return value does not matter */ } /* * errcode_for_file_access --- add SQLSTATE error code to the current error * * The SQLSTATE code is chosen based on the saved errno value. We assume * that the failing operation was some type of disk file access. * * NOTE: the primary error message string should generally include %m * when this is used. */ #ifdef EROFS #endif #if defined(ENOTEMPTY) && (ENOTEMPTY != EEXIST) /* same code on AIX */ #endif /* * errcode_for_socket_access --- add SQLSTATE error code to the current error * * The SQLSTATE code is chosen based on the saved errno value. We assume * that the failing operation was some type of socket access. * * NOTE: the primary error message string should generally include %m * when this is used. */ #ifdef ECONNRESET #endif /* * This macro handles expansion of a format string and associated parameters; * it's common code for errmsg(), errdetail(), etc. Must be called inside * a routine that is declared like "const char *fmt, ..." and has an edata * pointer set up. The message is assigned to edata->targetfield, or * appended to it if appendval is true. The message is subject to translation * if translateit is true. * * Note: we pstrdup the buffer rather than just transferring its storage * to the edata field because the buffer might be considerably larger than * really necessary. */ #define EVALUATE_MESSAGE(domain, targetfield, appendval, translateit) \ { \ char *fmtbuf; \ StringInfoData buf; \ /* Internationalize the error format string */ \ if ((translateit) && !in_error_recursion_trouble()) \ fmt = dgettext((domain), fmt); \ /* Expand %m in format string */ \ fmtbuf = expand_fmt_string(fmt, edata); \ initStringInfo(&buf); \ if ((appendval) && edata->targetfield) { \ appendStringInfoString(&buf, edata->targetfield); \ appendStringInfoChar(&buf, '\n'); \ } \ /* Generate actual output --- have to use appendStringInfoVA */ \ for (;;) \ { \ va_list args; \ int needed; \ va_start(args, fmt); \ needed = appendStringInfoVA(&buf, fmtbuf, args); \ va_end(args); \ if (needed == 0) \ break; \ enlargeStringInfo(&buf, needed); \ } \ /* Done with expanded fmt */ \ pfree(fmtbuf); \ /* Save the completed message into the stack item */ \ if (edata->targetfield) \ pfree(edata->targetfield); \ edata->targetfield = pstrdup(buf.data); \ pfree(buf.data); \ } /* * Same as above, except for pluralized error messages. The calling routine * must be declared like "const char *fmt_singular, const char *fmt_plural, * unsigned long n, ...". Translation is assumed always wanted. */ #define EVALUATE_MESSAGE_PLURAL(domain, targetfield, appendval) \ { \ const char *fmt; \ char *fmtbuf; \ StringInfoData buf; \ /* Internationalize the error format string */ \ if (!in_error_recursion_trouble()) \ fmt = dngettext((domain), fmt_singular, fmt_plural, n); \ else \ fmt = (n == 1 ? fmt_singular : fmt_plural); \ /* Expand %m in format string */ \ fmtbuf = expand_fmt_string(fmt, edata); \ initStringInfo(&buf); \ if ((appendval) && edata->targetfield) { \ appendStringInfoString(&buf, edata->targetfield); \ appendStringInfoChar(&buf, '\n'); \ } \ /* Generate actual output --- have to use appendStringInfoVA */ \ for (;;) \ { \ va_list args; \ int needed; \ va_start(args, n); \ needed = appendStringInfoVA(&buf, fmtbuf, args); \ va_end(args); \ if (needed == 0) \ break; \ enlargeStringInfo(&buf, needed); \ } \ /* Done with expanded fmt */ \ pfree(fmtbuf); \ /* Save the completed message into the stack item */ \ if (edata->targetfield) \ pfree(edata->targetfield); \ edata->targetfield = pstrdup(buf.data); \ pfree(buf.data); \ } /* * errmsg --- add a primary error message text to the current error * * In addition to the usual %-escapes recognized by printf, "%m" in * fmt is replaced by the error message for the caller's value of errno. * * Note: no newline is needed at the end of the fmt string, since * ereport will provide one for the output methods that need it. */ int errmsg(const char *fmt,...) { ErrorData *edata = &errordata[errordata_stack_depth]; MemoryContext oldcontext; recursion_depth++; CHECK_STACK_DEPTH(); oldcontext = MemoryContextSwitchTo(edata->assoc_context); EVALUATE_MESSAGE(edata->domain, message, false, true); MemoryContextSwitchTo(oldcontext); recursion_depth--; return 0; /* return value does not matter */ } /* * errmsg_internal --- add a primary error message text to the current error * * This is exactly like errmsg() except that strings passed to errmsg_internal * are not translated, and are customarily left out of the * internationalization message dictionary. This should be used for "can't * happen" cases that are probably not worth spending translation effort on. * We also use this for certain cases where we *must* not try to translate * the message because the translation would fail and result in infinite * error recursion. */ int errmsg_internal(const char *fmt,...) { ErrorData *edata = &errordata[errordata_stack_depth]; MemoryContext oldcontext; recursion_depth++; CHECK_STACK_DEPTH(); oldcontext = MemoryContextSwitchTo(edata->assoc_context); EVALUATE_MESSAGE(edata->domain, message, false, false); MemoryContextSwitchTo(oldcontext); recursion_depth--; return 0; /* return value does not matter */ } /* * errmsg_plural --- add a primary error message text to the current error, * with support for pluralization of the message text */ /* * errdetail --- add a detail error message text to the current error */ int errdetail(const char *fmt,...) { ErrorData *edata = &errordata[errordata_stack_depth]; MemoryContext oldcontext; recursion_depth++; CHECK_STACK_DEPTH(); oldcontext = MemoryContextSwitchTo(edata->assoc_context); EVALUATE_MESSAGE(edata->domain, detail, false, true); MemoryContextSwitchTo(oldcontext); recursion_depth--; return 0; /* return value does not matter */ } /* * errdetail_internal --- add a detail error message text to the current error * * This is exactly like errdetail() except that strings passed to * errdetail_internal are not translated, and are customarily left out of the * internationalization message dictionary. This should be used for detail * messages that seem not worth translating for one reason or another * (typically, that they don't seem to be useful to average users). */ /* * errdetail_log --- add a detail_log error message text to the current error */ /* * errdetail_log_plural --- add a detail_log error message text to the current error * with support for pluralization of the message text */ /* * errdetail_plural --- add a detail error message text to the current error, * with support for pluralization of the message text */ /* * errhint --- add a hint error message text to the current error */ int errhint(const char *fmt,...) { ErrorData *edata = &errordata[errordata_stack_depth]; MemoryContext oldcontext; recursion_depth++; CHECK_STACK_DEPTH(); oldcontext = MemoryContextSwitchTo(edata->assoc_context); EVALUATE_MESSAGE(edata->domain, hint, false, true); MemoryContextSwitchTo(oldcontext); recursion_depth--; return 0; /* return value does not matter */ } /* * errcontext_msg --- add a context error message text to the current error * * Unlike other cases, multiple calls are allowed to build up a stack of * context information. We assume earlier calls represent more-closely-nested * states. */ int errcontext_msg(const char *fmt,...) { ErrorData *edata = &errordata[errordata_stack_depth]; MemoryContext oldcontext; recursion_depth++; CHECK_STACK_DEPTH(); oldcontext = MemoryContextSwitchTo(edata->assoc_context); EVALUATE_MESSAGE(edata->context_domain, context, true, true); MemoryContextSwitchTo(oldcontext); recursion_depth--; return 0; /* return value does not matter */ } /* * set_errcontext_domain --- set message domain to be used by errcontext() * * errcontext_msg() can be called from a different module than the original * ereport(), so we cannot use the message domain passed in errstart() to * translate it. Instead, each errcontext_msg() call should be preceded by * a set_errcontext_domain() call to specify the domain. This is usually * done transparently by the errcontext() macro. * * Although errcontext is primarily meant for use at call sites distant from * the original ereport call, there are a few places that invoke errcontext * within ereport. The expansion of errcontext as a comma expression calling * set_errcontext_domain then errcontext_msg is problematic in this case, * because the intended comma expression becomes two arguments to errfinish, * which the compiler is at liberty to evaluate in either order. But in * such a case, the set_errcontext_domain calls must be selecting the same * TEXTDOMAIN value that the errstart call did, so order does not matter * so long as errstart initializes context_domain along with domain. */ int set_errcontext_domain(const char *domain) { ErrorData *edata = &errordata[errordata_stack_depth]; /* we don't bother incrementing recursion_depth */ CHECK_STACK_DEPTH(); /* the default text domain is the backend's */ edata->context_domain = domain ? domain : PG_TEXTDOMAIN("postgres"); return 0; /* return value does not matter */ } /* * errhidestmt --- optionally suppress STATEMENT: field of log entry * * This should be called if the message text already includes the statement. */ /* * errhidecontext --- optionally suppress CONTEXT: field of log entry * * This should only be used for verbose debugging messages where the repeated * inclusion of CONTEXT: bloats the log volume too much. */ /* * errfunction --- add reporting function name to the current error * * This is used when backwards compatibility demands that the function * name appear in messages sent to old-protocol clients. Note that the * passed string is expected to be a non-freeable constant string. */ /* * errposition --- add cursor position to the current error */ int errposition(int cursorpos) { ErrorData *edata = &errordata[errordata_stack_depth]; /* we don't bother incrementing recursion_depth */ CHECK_STACK_DEPTH(); edata->cursorpos = cursorpos; return 0; /* return value does not matter */ } /* * internalerrposition --- add internal cursor position to the current error */ int internalerrposition(int cursorpos) { ErrorData *edata = &errordata[errordata_stack_depth]; /* we don't bother incrementing recursion_depth */ CHECK_STACK_DEPTH(); edata->internalpos = cursorpos; return 0; /* return value does not matter */ } /* * internalerrquery --- add internal query text to the current error * * Can also pass NULL to drop the internal query text entry. This case * is intended for use in error callback subroutines that are editorializing * on the layout of the error report. */ int internalerrquery(const char *query) { ErrorData *edata = &errordata[errordata_stack_depth]; /* we don't bother incrementing recursion_depth */ CHECK_STACK_DEPTH(); if (edata->internalquery) { pfree(edata->internalquery); edata->internalquery = NULL; } if (query) edata->internalquery = MemoryContextStrdup(edata->assoc_context, query); return 0; /* return value does not matter */ } /* * err_generic_string -- used to set individual ErrorData string fields * identified by PG_DIAG_xxx codes. * * This intentionally only supports fields that don't use localized strings, * so that there are no translation considerations. * * Most potential callers should not use this directly, but instead prefer * higher-level abstractions, such as errtablecol() (see relcache.c). */ /* * set_errdata_field --- set an ErrorData string field */ /* * geterrcode --- return the currently set SQLSTATE error code * * This is only intended for use in error callback subroutines, since there * is no other place outside elog.c where the concept is meaningful. */ /* * geterrposition --- return the currently set error position (0 if none) * * This is only intended for use in error callback subroutines, since there * is no other place outside elog.c where the concept is meaningful. */ int geterrposition(void) { ErrorData *edata = &errordata[errordata_stack_depth]; /* we don't bother incrementing recursion_depth */ CHECK_STACK_DEPTH(); return edata->cursorpos; } /* * getinternalerrposition --- same for internal error position * * This is only intended for use in error callback subroutines, since there * is no other place outside elog.c where the concept is meaningful. */ int getinternalerrposition(void) { ErrorData *edata = &errordata[errordata_stack_depth]; /* we don't bother incrementing recursion_depth */ CHECK_STACK_DEPTH(); return edata->internalpos; } /* * elog_start --- startup for old-style API * * All that we do here is stash the hidden filename/lineno/funcname * arguments into a stack entry, along with the current value of errno. * * We need this to be separate from elog_finish because there's no other * C89-compliant way to deal with inserting extra arguments into the elog * call. (When using C99's __VA_ARGS__, we could possibly merge this with * elog_finish, but there doesn't seem to be a good way to save errno before * evaluating the format arguments if we do that.) */ void elog_start(const char *filename, int lineno, const char *funcname) { ErrorData *edata; /* Make sure that memory context initialization has finished */ if (ErrorContext == NULL) { /* Ooops, hard crash time; very little we can do safely here */ write_stderr("error occurred at %s:%d before error message processing is available\n", filename ? filename : "(unknown file)", lineno); exit(2); } if (++errordata_stack_depth >= ERRORDATA_STACK_SIZE) { /* * Wups, stack not big enough. We treat this as a PANIC condition * because it suggests an infinite loop of errors during error * recovery. Note that the message is intentionally not localized, * else failure to convert it to client encoding could cause further * recursion. */ errordata_stack_depth = -1; /* make room on stack */ ereport(PANIC, (errmsg_internal("ERRORDATA_STACK_SIZE exceeded"))); } edata = &errordata[errordata_stack_depth]; if (filename) { const char *slash; /* keep only base name, useful especially for vpath builds */ slash = strrchr(filename, '/'); if (slash) filename = slash + 1; } edata->filename = filename; edata->lineno = lineno; edata->funcname = funcname; /* errno is saved now so that error parameter eval can't change it */ edata->saved_errno = errno; /* Use ErrorContext for any allocations done at this level. */ edata->assoc_context = ErrorContext; } /* * elog_finish --- finish up for old-style API */ void elog_finish(int elevel, const char *fmt,...) { ErrorData *edata = &errordata[errordata_stack_depth]; MemoryContext oldcontext; CHECK_STACK_DEPTH(); /* * Do errstart() to see if we actually want to report the message. */ errordata_stack_depth--; errno = edata->saved_errno; if (!errstart(elevel, edata->filename, edata->lineno, edata->funcname, NULL)) return; /* nothing to do */ /* * Format error message just like errmsg_internal(). */ recursion_depth++; oldcontext = MemoryContextSwitchTo(edata->assoc_context); EVALUATE_MESSAGE(edata->domain, message, false, false); MemoryContextSwitchTo(oldcontext); recursion_depth--; /* * And let errfinish() finish up. */ errfinish(0); } /* * Functions to allow construction of error message strings separately from * the ereport() call itself. * * The expected calling convention is * * pre_format_elog_string(errno, domain), var = format_elog_string(format,...) * * which can be hidden behind a macro such as GUC_check_errdetail(). We * assume that any functions called in the arguments of format_elog_string() * cannot result in re-entrant use of these functions --- otherwise the wrong * text domain might be used, or the wrong errno substituted for %m. This is * okay for the current usage with GUC check hooks, but might need further * effort someday. * * The result of format_elog_string() is stored in ErrorContext, and will * therefore survive until FlushErrorState() is called. */ /* * Actual output of the top-of-stack error message * * In the ereport(ERROR) case this is called from PostgresMain (or not at all, * if the error is caught by somebody). For all other severity levels this * is called by errfinish. */ void EmitErrorReport(void) { ErrorData *edata = &errordata[errordata_stack_depth]; MemoryContext oldcontext; recursion_depth++; CHECK_STACK_DEPTH(); oldcontext = MemoryContextSwitchTo(edata->assoc_context); /* * Call hook before sending message to log. The hook function is allowed * to turn off edata->output_to_server, so we must recheck that afterward. * Making any other change in the content of edata is not considered * supported. * * Note: the reason why the hook can only turn off output_to_server, and * not turn it on, is that it'd be unreliable: we will never get here at * all if errstart() deems the message uninteresting. A hook that could * make decisions in that direction would have to hook into errstart(), * where it would have much less information available. emit_log_hook is * intended for custom log filtering and custom log message transmission * mechanisms. */ if (edata->output_to_server && emit_log_hook) (*emit_log_hook) (edata); /* Send to server log, if enabled */ if (edata->output_to_server) send_message_to_server_log(edata); /* Send to client, if enabled */ if (edata->output_to_client) send_message_to_frontend(edata); MemoryContextSwitchTo(oldcontext); recursion_depth--; } /* * CopyErrorData --- obtain a copy of the topmost error stack entry * * This is only for use in error handler code. The data is copied into the * current memory context, so callers should always switch away from * ErrorContext first; otherwise it will be lost when FlushErrorState is done. */ ErrorData * CopyErrorData(void) { ErrorData *edata = &errordata[errordata_stack_depth]; ErrorData *newedata; /* * we don't increment recursion_depth because out-of-memory here does not * indicate a problem within the error subsystem. */ CHECK_STACK_DEPTH(); Assert(CurrentMemoryContext != ErrorContext); /* Copy the struct itself */ newedata = (ErrorData *) palloc(sizeof(ErrorData)); memcpy(newedata, edata, sizeof(ErrorData)); /* Make copies of separately-allocated fields */ if (newedata->message) newedata->message = pstrdup(newedata->message); if (newedata->detail) newedata->detail = pstrdup(newedata->detail); if (newedata->detail_log) newedata->detail_log = pstrdup(newedata->detail_log); if (newedata->hint) newedata->hint = pstrdup(newedata->hint); if (newedata->context) newedata->context = pstrdup(newedata->context); if (newedata->schema_name) newedata->schema_name = pstrdup(newedata->schema_name); if (newedata->table_name) newedata->table_name = pstrdup(newedata->table_name); if (newedata->column_name) newedata->column_name = pstrdup(newedata->column_name); if (newedata->datatype_name) newedata->datatype_name = pstrdup(newedata->datatype_name); if (newedata->constraint_name) newedata->constraint_name = pstrdup(newedata->constraint_name); if (newedata->internalquery) newedata->internalquery = pstrdup(newedata->internalquery); /* Use the calling context for string allocation */ newedata->assoc_context = CurrentMemoryContext; return newedata; } /* * FreeErrorData --- free the structure returned by CopyErrorData. * * Error handlers should use this in preference to assuming they know all * the separately-allocated fields. */ /* * FlushErrorState --- flush the error state after error recovery * * This should be called by an error handler after it's done processing * the error; or as soon as it's done CopyErrorData, if it intends to * do stuff that is likely to provoke another error. You are not "out" of * the error subsystem until you have done this. */ void FlushErrorState(void) { /* * Reset stack to empty. The only case where it would be more than one * deep is if we serviced an error that interrupted construction of * another message. We assume control escaped out of that message * construction and won't ever go back. */ errordata_stack_depth = -1; recursion_depth = 0; /* Delete all data in ErrorContext */ MemoryContextResetAndDeleteChildren(ErrorContext); } /* * ThrowErrorData --- report an error described by an ErrorData structure * * This is intended to be used to re-report errors originally thrown by * background worker processes and then propagated (with or without * modification) to the backend responsible for them. */ /* * ReThrowError --- re-throw a previously copied error * * A handler can do CopyErrorData/FlushErrorState to get out of the error * subsystem, then do some processing, and finally ReThrowError to re-throw * the original error. This is slower than just PG_RE_THROW() but should * be used if the "some processing" is likely to incur another error. */ /* * pg_re_throw --- out-of-line implementation of PG_RE_THROW() macro */ void pg_re_throw(void) { /* If possible, throw the error to the next outer setjmp handler */ if (PG_exception_stack != NULL) siglongjmp(*PG_exception_stack, 1); else { /* * If we get here, elog(ERROR) was thrown inside a PG_TRY block, which * we have now exited only to discover that there is no outer setjmp * handler to pass the error to. Had the error been thrown outside * the block to begin with, we'd have promoted the error to FATAL, so * the correct behavior is to make it FATAL now; that is, emit it and * then call proc_exit. */ ErrorData *edata = &errordata[errordata_stack_depth]; Assert(errordata_stack_depth >= 0); Assert(edata->elevel == ERROR); edata->elevel = FATAL; /* * At least in principle, the increase in severity could have changed * where-to-output decisions, so recalculate. This should stay in * sync with errstart(), which see for comments. */ if (IsPostmasterEnvironment) edata->output_to_server = is_log_level_output(FATAL, log_min_messages); else edata->output_to_server = (FATAL >= log_min_messages); if (whereToSendOutput == DestRemote) { if (ClientAuthInProgress) edata->output_to_client = true; else edata->output_to_client = (FATAL >= client_min_messages); } /* * We can use errfinish() for the rest, but we don't want it to call * any error context routines a second time. Since we know we are * about to exit, it should be OK to just clear the context stack. */ error_context_stack = NULL; errfinish(0); } /* Doesn't return ... */ ExceptionalCondition("pg_re_throw tried to return", "FailedAssertion", __FILE__, __LINE__); } /* * GetErrorContextStack - Return the context stack, for display/diags * * Returns a pstrdup'd string in the caller's context which includes the PG * error call stack. It is the caller's responsibility to ensure this string * is pfree'd (or its context cleaned up) when done. * * This information is collected by traversing the error contexts and calling * each context's callback function, each of which is expected to call * errcontext() to return a string which can be presented to the user. */ /* * Initialization of error output file */ #ifdef HAVE_SYSLOG /* * Set or update the parameters for syslog logging */ /* * Write a message line to syslog */ #endif /* HAVE_SYSLOG */ #ifdef WIN32 /* * Get the PostgreSQL equivalent of the Windows ANSI code page. "ANSI" system * interfaces (e.g. CreateFileA()) expect string arguments in this encoding. * Every process in a given system will find the same value at all times. */ static int GetACPEncoding(void) { static int encoding = -2; if (encoding == -2) encoding = pg_codepage_to_encoding(GetACP()); return encoding; } /* * Write a message line to the windows event log */ static void write_eventlog(int level, const char *line, int len) { WCHAR *utf16; int eventlevel = EVENTLOG_ERROR_TYPE; static HANDLE evtHandle = INVALID_HANDLE_VALUE; if (evtHandle == INVALID_HANDLE_VALUE) { evtHandle = RegisterEventSource(NULL, event_source ? event_source : DEFAULT_EVENT_SOURCE); if (evtHandle == NULL) { evtHandle = INVALID_HANDLE_VALUE; return; } } switch (level) { case DEBUG5: case DEBUG4: case DEBUG3: case DEBUG2: case DEBUG1: case LOG: case COMMERROR: case INFO: case NOTICE: eventlevel = EVENTLOG_INFORMATION_TYPE; break; case WARNING: eventlevel = EVENTLOG_WARNING_TYPE; break; case ERROR: case FATAL: case PANIC: default: eventlevel = EVENTLOG_ERROR_TYPE; break; } /* * If message character encoding matches the encoding expected by * ReportEventA(), call it to avoid the hazards of conversion. Otherwise, * try to convert the message to UTF16 and write it with ReportEventW(). * Fall back on ReportEventA() if conversion failed. * * Also verify that we are not on our way into error recursion trouble due * to error messages thrown deep inside pgwin32_message_to_UTF16(). */ if (!in_error_recursion_trouble() && GetMessageEncoding() != GetACPEncoding()) { utf16 = pgwin32_message_to_UTF16(line, len, NULL); if (utf16) { ReportEventW(evtHandle, eventlevel, 0, 0, /* All events are Id 0 */ NULL, 1, 0, (LPCWSTR *) &utf16, NULL); /* XXX Try ReportEventA() when ReportEventW() fails? */ pfree(utf16); return; } } ReportEventA(evtHandle, eventlevel, 0, 0, /* All events are Id 0 */ NULL, 1, 0, &line, NULL); } #endif /* WIN32 */ #ifdef WIN32 #else #endif /* * setup formatted_log_time, for consistent times between CSV and regular logs */ /* * setup formatted_start_time */ /* * process_log_prefix_padding --- helper function for processing the format * string in log_line_prefix * * Note: This function returns NULL if it finds something which * it deems invalid in the format string. */ /* * Format tag info for log lines; append to the provided buffer. */ /* * append a CSV'd version of a string to a StringInfo * We use the PostgreSQL defaults for CSV, i.e. quote = escape = '"' * If it's NULL, append nothing. */ /* * Constructs the error message, depending on the Errordata it gets, in a CSV * format which is described in doc/src/sgml/config.sgml. */ /* * Unpack MAKE_SQLSTATE code. Note that this returns a pointer to a * static buffer. */ /* * Write error report to server's log */ static void send_message_to_server_log(ErrorData *edata) {} /* * Send data to the syslogger using the chunked protocol * * Note: when there are multiple backends writing into the syslogger pipe, * it's critical that each write go into the pipe indivisibly, and not * get interleaved with data from other processes. Fortunately, the POSIX * spec requires that writes to pipes be atomic so long as they are not * more than PIPE_BUF bytes long. So we divide long messages into chunks * that are no more than that length, and send one chunk per write() call. * The collector process knows how to reassemble the chunks. * * Because of the atomic write requirement, there are only two possible * results from write() here: -1 for failure, or the requested number of * bytes. There is not really anything we can do about a failure; retry would * probably be an infinite loop, and we can't even report the error usefully. * (There is noplace else we could send it!) So we might as well just ignore * the result from write(). However, on some platforms you get a compiler * warning from ignoring write()'s result, so do a little dance with casting * rc to void to shut up the compiler. */ /* * Append a text string to the error report being built for the client. * * This is ordinarily identical to pq_sendstring(), but if we are in * error recursion trouble we skip encoding conversion, because of the * possibility that the problem is a failure in the encoding conversion * subsystem itself. Code elsewhere should ensure that the passed-in * strings will be plain 7-bit ASCII, and thus not in need of conversion, * in such cases. (In particular, we disable localization of error messages * to help ensure that's true.) */ /* * Write error report to client */ static void send_message_to_frontend(ErrorData *edata) {} /* * Support routines for formatting error messages. */ /* * expand_fmt_string --- process special format codes in a format string * * We must replace %m with the appropriate strerror string, since vsnprintf * won't know what to do with it. * * The result is a palloc'd string. */ static char * expand_fmt_string(const char *fmt, ErrorData *edata) { StringInfoData buf; const char *cp; initStringInfo(&buf); for (cp = fmt; *cp; cp++) { if (cp[0] == '%' && cp[1] != '\0') { cp++; if (*cp == 'm') { /* * Replace %m by system error string. If there are any %'s in * the string, we'd better double them so that vsnprintf won't * misinterpret. */ const char *cp2; cp2 = useful_strerror(edata->saved_errno); for (; *cp2; cp2++) { if (*cp2 == '%') appendStringInfoCharMacro(&buf, '%'); appendStringInfoCharMacro(&buf, *cp2); } } else { /* copy % and next char --- this avoids trouble with %%m */ appendStringInfoCharMacro(&buf, '%'); appendStringInfoCharMacro(&buf, *cp); } } else appendStringInfoCharMacro(&buf, *cp); } return buf.data; } /* * A slightly cleaned-up version of strerror() */ static const char * useful_strerror(int errnum) { /* this buffer is only used if strerror() and get_errno_symbol() fail */ static char errorstr_buf[48]; const char *str; #ifdef WIN32 /* Winsock error code range, per WinError.h */ if (errnum >= 10000 && errnum <= 11999) return pgwin32_socket_strerror(errnum); #endif str = strerror(errnum); /* * Some strerror()s return an empty string for out-of-range errno. This * is ANSI C spec compliant, but not exactly useful. Also, we may get * back strings of question marks if libc cannot transcode the message to * the codeset specified by LC_CTYPE. If we get nothing useful, first try * get_errno_symbol(), and if that fails, print the numeric errno. */ if (str == NULL || *str == '\0' || *str == '?') str = get_errno_symbol(errnum); if (str == NULL) { snprintf(errorstr_buf, sizeof(errorstr_buf), /*------ translator: This string will be truncated at 47 characters expanded. */ _("operating system error %d"), errnum); str = errorstr_buf; } return str; } /* * Returns a symbol (e.g. "ENOENT") for an errno code. * Returns NULL if the code is unrecognized. */ static const char * get_errno_symbol(int errnum) { switch (errnum) { case E2BIG: return "E2BIG"; case EACCES: return "EACCES"; #ifdef EADDRINUSE case EADDRINUSE: return "EADDRINUSE"; #endif #ifdef EADDRNOTAVAIL case EADDRNOTAVAIL: return "EADDRNOTAVAIL"; #endif case EAFNOSUPPORT: return "EAFNOSUPPORT"; #ifdef EAGAIN case EAGAIN: return "EAGAIN"; #endif #ifdef EALREADY case EALREADY: return "EALREADY"; #endif case EBADF: return "EBADF"; #ifdef EBADMSG case EBADMSG: return "EBADMSG"; #endif case EBUSY: return "EBUSY"; case ECHILD: return "ECHILD"; #ifdef ECONNABORTED case ECONNABORTED: return "ECONNABORTED"; #endif case ECONNREFUSED: return "ECONNREFUSED"; #ifdef ECONNRESET case ECONNRESET: return "ECONNRESET"; #endif case EDEADLK: return "EDEADLK"; case EDOM: return "EDOM"; case EEXIST: return "EEXIST"; case EFAULT: return "EFAULT"; case EFBIG: return "EFBIG"; #ifdef EHOSTUNREACH case EHOSTUNREACH: return "EHOSTUNREACH"; #endif case EIDRM: return "EIDRM"; case EINPROGRESS: return "EINPROGRESS"; case EINTR: return "EINTR"; case EINVAL: return "EINVAL"; case EIO: return "EIO"; #ifdef EISCONN case EISCONN: return "EISCONN"; #endif case EISDIR: return "EISDIR"; #ifdef ELOOP case ELOOP: return "ELOOP"; #endif case EMFILE: return "EMFILE"; case EMLINK: return "EMLINK"; case EMSGSIZE: return "EMSGSIZE"; case ENAMETOOLONG: return "ENAMETOOLONG"; case ENFILE: return "ENFILE"; case ENOBUFS: return "ENOBUFS"; case ENODEV: return "ENODEV"; case ENOENT: return "ENOENT"; case ENOEXEC: return "ENOEXEC"; case ENOMEM: return "ENOMEM"; case ENOSPC: return "ENOSPC"; case ENOSYS: return "ENOSYS"; #ifdef ENOTCONN case ENOTCONN: return "ENOTCONN"; #endif case ENOTDIR: return "ENOTDIR"; #if defined(ENOTEMPTY) && (ENOTEMPTY != EEXIST) /* same code on AIX */ case ENOTEMPTY: return "ENOTEMPTY"; #endif #ifdef ENOTSOCK case ENOTSOCK: return "ENOTSOCK"; #endif #ifdef ENOTSUP case ENOTSUP: return "ENOTSUP"; #endif case ENOTTY: return "ENOTTY"; case ENXIO: return "ENXIO"; #if defined(EOPNOTSUPP) && (!defined(ENOTSUP) || (EOPNOTSUPP != ENOTSUP)) case EOPNOTSUPP: return "EOPNOTSUPP"; #endif #ifdef EOVERFLOW case EOVERFLOW: return "EOVERFLOW"; #endif case EPERM: return "EPERM"; case EPIPE: return "EPIPE"; case EPROTONOSUPPORT: return "EPROTONOSUPPORT"; case ERANGE: return "ERANGE"; #ifdef EROFS case EROFS: return "EROFS"; #endif case ESRCH: return "ESRCH"; #ifdef ETIMEDOUT case ETIMEDOUT: return "ETIMEDOUT"; #endif #ifdef ETXTBSY case ETXTBSY: return "ETXTBSY"; #endif #if defined(EWOULDBLOCK) && (!defined(EAGAIN) || (EWOULDBLOCK != EAGAIN)) case EWOULDBLOCK: return "EWOULDBLOCK"; #endif case EXDEV: return "EXDEV"; } return NULL; } /* * error_severity --- get localized string representing elevel */ /* * append_with_tabs * * Append the string to the StringInfo buffer, inserting a tab after any * newline. */ /* * Write errors to stderr (or by equal means when stderr is * not available). Used before ereport/elog can be used * safely (memory context, GUC load etc) */ void write_stderr(const char *fmt,...) { va_list ap; #ifdef WIN32 char errbuf[2048]; /* Arbitrary size? */ #endif fmt = _(fmt); va_start(ap, fmt); #ifndef WIN32 /* On Unix, we just fprintf to stderr */ vfprintf(stderr, fmt, ap); fflush(stderr); #else vsnprintf(errbuf, sizeof(errbuf), fmt, ap); /* * On Win32, we print to stderr if running on a console, or write to * eventlog if running as a service */ if (pgwin32_is_service()) /* Running as a service */ { write_eventlog(ERROR, errbuf, strlen(errbuf)); } else { /* Not running as service, write to stderr */ write_console(errbuf, strlen(errbuf)); fflush(stderr); } #endif va_end(ap); } /* * is_log_level_output -- is elevel logically >= log_min_level? * * We use this for tests that should consider LOG to sort out-of-order, * between ERROR and FATAL. Generally this is the right thing for testing * whether a message should go to the postmaster log, whereas a simple >= * test is correct for testing whether the message should go to the client. */ static bool is_log_level_output(int elevel, int log_min_level) { if (elevel == LOG || elevel == COMMERROR) { if (log_min_level == LOG || log_min_level <= ERROR) return true; } else if (log_min_level == LOG) { /* elevel != LOG */ if (elevel >= FATAL) return true; } /* Neither is LOG */ else if (elevel >= log_min_level) return true; return false; } /* * Adjust the level of a recovery-related message per trace_recovery_messages. * * The argument is the default log level of the message, eg, DEBUG2. (This * should only be applied to DEBUGn log messages, otherwise it's a no-op.) * If the level is >= trace_recovery_messages, we return LOG, causing the * message to be logged unconditionally (for most settings of * log_min_messages). Otherwise, we return the argument unchanged. * The message will then be shown based on the setting of log_min_messages. * * Intention is to keep this for at least the whole of the 9.0 production * release, so we can more easily diagnose production problems in the field. * It should go away eventually, though, because it's an ugly and * hard-to-explain kluge. */