2 Trivial Database 2: free list/block handling
3 Copyright (C) Rusty Russell 2010
5 This library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 3 of the License, or (at your option) any later version.
10 This library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include <ccan/likely/likely.h>
20 #include <ccan/asearch/asearch.h>
22 /* We keep an ordered array of offsets. */
23 static bool append(tdb_off_t **arr, size_t *num, tdb_off_t off)
25 tdb_off_t *new = realloc(*arr, (*num + 1) * sizeof(tdb_off_t));
33 static bool check_header(struct tdb_context *tdb, tdb_off_t *recovery)
36 struct tdb_header hdr;
38 if (tdb_read_convert(tdb, 0, &hdr, sizeof(hdr)) == -1)
40 /* magic food should not be converted, so convert back. */
41 tdb_convert(tdb, hdr.magic_food, sizeof(hdr.magic_food));
43 hash_test = TDB_HASH_MAGIC;
44 hash_test = tdb_hash(tdb, &hash_test, sizeof(hash_test));
45 if (hdr.hash_test != hash_test) {
46 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
47 "check: hash test %llu should be %llu",
48 (long long)hdr.hash_test,
49 (long long)hash_test);
53 if (strcmp(hdr.magic_food, TDB_MAGIC_FOOD) != 0) {
54 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
55 "check: bad magic '%.*s'",
56 (unsigned)sizeof(hdr.magic_food), hdr.magic_food);
60 *recovery = hdr.recovery;
62 if (*recovery < sizeof(hdr) || *recovery > tdb->map_size) {
63 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
64 "tdb_check: invalid recovery offset %zu",
70 /* Don't check reserved: they *can* be used later. */
74 static bool check_hash_tree(struct tdb_context *tdb,
75 tdb_off_t off, unsigned int group_bits,
77 unsigned hprefix_bits,
81 int (*check)(TDB_DATA, TDB_DATA, void *),
84 static bool check_hash_chain(struct tdb_context *tdb,
90 int (*check)(TDB_DATA, TDB_DATA, void *),
93 struct tdb_used_record rec;
95 if (tdb_read_convert(tdb, off, &rec, sizeof(rec)) == -1)
98 if (rec_data_length(&rec) != sizeof(struct tdb_chain)) {
99 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
100 "tdb_check: Bad hash chain length %llu vs %zu",
101 (long long)rec_data_length(&rec),
102 sizeof(struct tdb_chain));
105 if (rec_key_length(&rec) != 0) {
106 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
107 "tdb_check: Bad hash chain key length %llu",
108 (long long)rec_key_length(&rec));
111 if (rec_hash(&rec) != 2) {
112 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
113 "tdb_check: Bad hash chain hash value %llu",
114 (long long)rec_hash(&rec));
119 if (!check_hash_tree(tdb, off, 0, hash, 64,
120 used, num_used, num_found, check, private_data))
123 off = tdb_read_off(tdb, off + offsetof(struct tdb_chain, next));
124 if (off == TDB_OFF_ERR)
129 return check_hash_chain(tdb, off, hash, used, num_used, num_found,
130 check, private_data);
133 static bool check_hash_record(struct tdb_context *tdb,
136 unsigned hprefix_bits,
140 int (*check)(TDB_DATA, TDB_DATA, void *),
143 struct tdb_used_record rec;
145 if (hprefix_bits >= 64)
146 return check_hash_chain(tdb, off, hprefix, used, num_used,
147 num_found, check, private_data);
149 if (tdb_read_convert(tdb, off, &rec, sizeof(rec)) == -1)
152 if (rec_data_length(&rec)
153 != sizeof(tdb_off_t) << TDB_SUBLEVEL_HASH_BITS) {
154 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
155 "tdb_check: Bad hash table length %llu vs %llu",
156 (long long)rec_data_length(&rec),
157 (long long)sizeof(tdb_off_t)
158 << TDB_SUBLEVEL_HASH_BITS);
161 if (rec_key_length(&rec) != 0) {
162 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
163 "tdb_check: Bad hash table key length %llu",
164 (long long)rec_key_length(&rec));
167 if (rec_hash(&rec) != 0) {
168 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
169 "tdb_check: Bad hash table hash value %llu",
170 (long long)rec_hash(&rec));
175 return check_hash_tree(tdb, off,
176 TDB_SUBLEVEL_HASH_BITS-TDB_HASH_GROUP_BITS,
177 hprefix, hprefix_bits,
178 used, num_used, num_found, check, private_data);
181 static int off_cmp(const tdb_off_t *a, const tdb_off_t *b)
183 /* Can overflow an int. */
189 static uint64_t get_bits(uint64_t h, unsigned num, unsigned *used)
193 return (h >> (64 - *used)) & ((1U << num) - 1);
196 static bool check_hash_tree(struct tdb_context *tdb,
197 tdb_off_t off, unsigned int group_bits,
199 unsigned hprefix_bits,
203 int (*check)(TDB_DATA, TDB_DATA, void *),
207 const tdb_off_t *hash;
208 struct tdb_used_record rec;
210 hash = tdb_access_read(tdb, off,
212 << (group_bits + TDB_HASH_GROUP_BITS),
217 for (g = 0; g < (1 << group_bits); g++) {
218 const tdb_off_t *group = hash + (g << TDB_HASH_GROUP_BITS);
219 for (b = 0; b < (1 << TDB_HASH_GROUP_BITS); b++) {
220 unsigned int bucket, i, used_bits;
226 off = group[b] & TDB_OFF_MASK;
227 p = asearch(&off, used, num_used, off_cmp);
229 tdb_logerr(tdb, TDB_ERR_CORRUPT,
231 "tdb_check: Invalid offset %llu "
232 "in hash", (long long)off);
235 /* Mark it invalid. */
239 if (hprefix_bits == 64) {
240 /* Chained entries are unordered. */
241 if (is_subhash(group[b])) {
242 tdb_logerr(tdb, TDB_ERR_CORRUPT,
244 "tdb_check: Invalid chain"
248 h = hash_record(tdb, off);
250 tdb_logerr(tdb, TDB_ERR_CORRUPT,
252 "check: bad hash chain"
259 if (tdb_read_convert(tdb, off, &rec,
265 if (is_subhash(group[b])) {
268 << (group_bits + TDB_HASH_GROUP_BITS))
269 + g * (1 << TDB_HASH_GROUP_BITS) + b;
271 if (!check_hash_record(tdb,
272 group[b] & TDB_OFF_MASK,
276 + TDB_HASH_GROUP_BITS,
277 used, num_used, num_found,
278 check, private_data))
284 /* Does it belong here at all? */
285 h = hash_record(tdb, off);
287 if (get_bits(h, hprefix_bits, &used_bits) != hprefix
289 tdb_logerr(tdb, TDB_ERR_CORRUPT,
291 "check: bad hash placement"
293 (long long)h, (long long)hprefix);
297 /* Does it belong in this group? */
298 if (get_bits(h, group_bits, &used_bits) != g) {
299 tdb_logerr(tdb, TDB_ERR_CORRUPT,
301 "check: bad group %llu vs %u",
306 /* Are bucket bits correct? */
307 bucket = group[b] & TDB_OFF_HASH_GROUP_MASK;
308 if (get_bits(h, TDB_HASH_GROUP_BITS, &used_bits)
310 used_bits -= TDB_HASH_GROUP_BITS;
311 tdb_logerr(tdb, TDB_ERR_CORRUPT,
313 "check: bad bucket %u vs %u",
314 (unsigned)get_bits(h,
321 /* There must not be any zero entries between
322 * the bucket it belongs in and this one! */
325 i = (i + 1) % (1 << TDB_HASH_GROUP_BITS)) {
327 tdb_logerr(tdb, TDB_ERR_CORRUPT,
329 "check: bad group placement"
336 if (tdb_read_convert(tdb, off, &rec, sizeof(rec)))
339 /* Bottom bits must match header. */
340 if ((h & ((1 << 11)-1)) != rec_hash(&rec)) {
341 tdb_logerr(tdb, TDB_ERR_CORRUPT,
343 "tdb_check: Bad hash magic at"
344 " offset %llu (0x%llx vs 0x%llx)",
347 (long long)rec_hash(&rec));
354 key.dsize = rec_key_length(&rec);
355 data.dsize = rec_data_length(&rec);
356 key.dptr = (void *)tdb_access_read(tdb,
358 key.dsize + data.dsize,
362 data.dptr = key.dptr + key.dsize;
363 if (check(key, data, private_data) != 0)
365 tdb_access_release(tdb, key.dptr);
369 tdb_access_release(tdb, hash);
373 tdb_access_release(tdb, hash);
377 static bool check_hash(struct tdb_context *tdb,
379 size_t num_used, size_t num_flists,
380 int (*check)(TDB_DATA, TDB_DATA, void *),
383 /* Free lists also show up as used. */
384 size_t num_found = num_flists;
386 if (!check_hash_tree(tdb, offsetof(struct tdb_header, hashtable),
387 TDB_TOPLEVEL_HASH_BITS-TDB_HASH_GROUP_BITS,
388 0, 0, used, num_used, &num_found,
389 check, private_data))
392 if (num_found != num_used) {
393 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
394 "tdb_check: Not all entries are in hash");
400 static bool check_free(struct tdb_context *tdb,
402 const struct tdb_free_record *frec,
403 tdb_off_t prev, unsigned int flist, unsigned int bucket)
405 if (frec_magic(frec) != TDB_FREE_MAGIC) {
406 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
407 "tdb_check: offset %llu bad magic 0x%llx",
408 (long long)off, (long long)frec->magic_and_prev);
411 if (frec_flist(frec) != flist) {
412 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
413 "tdb_check: offset %llu bad freelist %u",
414 (long long)off, frec_flist(frec));
418 if (tdb->methods->oob(tdb, off
419 + frec_len(frec) + sizeof(struct tdb_used_record),
422 if (size_to_bucket(frec_len(frec)) != bucket) {
423 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
424 "tdb_check: offset %llu in wrong bucket %u vs %u",
426 bucket, size_to_bucket(frec_len(frec)));
429 if (prev != frec_prev(frec)) {
430 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
431 "tdb_check: offset %llu bad prev %llu vs %llu",
433 (long long)prev, (long long)frec_len(frec));
439 static bool check_free_list(struct tdb_context *tdb,
446 struct tdb_freelist flist;
450 if (tdb_read_convert(tdb, flist_off, &flist, sizeof(flist)) == -1)
453 if (rec_magic(&flist.hdr) != TDB_MAGIC
454 || rec_key_length(&flist.hdr) != 0
455 || rec_data_length(&flist.hdr) != sizeof(flist) - sizeof(flist.hdr)
456 || rec_hash(&flist.hdr) != 1) {
457 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
458 "tdb_check: Invalid header on free list");
462 for (i = 0; i < TDB_FREE_BUCKETS; i++) {
463 tdb_off_t off, prev = 0, *p;
464 struct tdb_free_record f;
466 h = bucket_off(flist_off, i);
467 for (off = tdb_read_off(tdb, h); off; off = f.next) {
468 if (off == TDB_OFF_ERR)
470 if (tdb_read_convert(tdb, off, &f, sizeof(f)))
472 if (!check_free(tdb, off, &f, prev, flist_num, i))
475 /* FIXME: Check hash bits */
476 p = asearch(&off, free, num_free, off_cmp);
478 tdb_logerr(tdb, TDB_ERR_CORRUPT,
480 "tdb_check: Invalid offset"
481 " %llu in free table",
485 /* Mark it invalid. */
494 /* Slow, but should be very rare. */
495 size_t dead_space(struct tdb_context *tdb, tdb_off_t off)
499 for (len = 0; off + len < tdb->map_size; len++) {
501 if (tdb->methods->read(tdb, off, &c, 1))
503 if (c != 0 && c != 0x43)
509 static bool check_linear(struct tdb_context *tdb,
510 tdb_off_t **used, size_t *num_used,
511 tdb_off_t **free, size_t *num_free,
516 bool found_recovery = false;
518 for (off = sizeof(struct tdb_header); off < tdb->map_size; off += len) {
520 struct tdb_used_record u;
521 struct tdb_free_record f;
522 struct tdb_recovery_record r;
524 /* r is larger: only get that if we need to. */
525 if (tdb_read_convert(tdb, off, &rec, sizeof(rec.f)) == -1)
528 /* If we crash after ftruncate, we can get zeroes or fill. */
529 if (rec.r.magic == TDB_RECOVERY_INVALID_MAGIC
530 || rec.r.magic == 0x4343434343434343ULL) {
531 if (tdb_read_convert(tdb, off, &rec, sizeof(rec.r)))
534 if (recovery == off) {
535 found_recovery = true;
536 len = sizeof(rec.r) + rec.r.max_len;
538 len = dead_space(tdb, off);
539 if (len < sizeof(rec.r)) {
540 tdb_logerr(tdb, TDB_ERR_CORRUPT,
542 "tdb_check: invalid dead"
548 tdb_logerr(tdb, TDB_SUCCESS, TDB_DEBUG_WARNING,
549 "Dead space at %zu-%zu (of %zu)",
550 (size_t)off, (size_t)(off + len),
551 (size_t)tdb->map_size);
553 } else if (rec.r.magic == TDB_RECOVERY_MAGIC) {
554 if (tdb_read_convert(tdb, off, &rec, sizeof(rec.r)))
556 if (recovery != off) {
557 tdb_logerr(tdb, TDB_ERR_CORRUPT,
559 "tdb_check: unexpected recovery"
560 " record at offset %zu",
564 if (rec.r.len > rec.r.max_len) {
565 tdb_logerr(tdb, TDB_ERR_CORRUPT,
567 "tdb_check: invalid recovery length"
568 " %zu", (size_t)rec.r.len);
571 if (rec.r.eof > tdb->map_size) {
572 tdb_logerr(tdb, TDB_ERR_CORRUPT,
574 "tdb_check: invalid old EOF"
575 " %zu", (size_t)rec.r.eof);
578 found_recovery = true;
579 len = sizeof(rec.r) + rec.r.max_len;
580 } else if (frec_magic(&rec.f) == TDB_FREE_MAGIC) {
581 len = sizeof(rec.u) + frec_len(&rec.f);
582 if (off + len > tdb->map_size) {
583 tdb_logerr(tdb, TDB_ERR_CORRUPT,
585 "tdb_check: free overlength %llu"
587 (long long)len, (long long)off);
590 /* This record should be in free lists. */
591 if (frec_flist(&rec.f) != TDB_FLIST_NONE
592 && !append(free, num_free, off))
595 uint64_t klen, dlen, extra;
597 /* This record is used! */
598 if (rec_magic(&rec.u) != TDB_MAGIC) {
599 tdb_logerr(tdb, TDB_ERR_CORRUPT,
601 "tdb_check: Bad magic 0x%llx"
603 (long long)rec_magic(&rec.u),
608 if (!append(used, num_used, off))
611 klen = rec_key_length(&rec.u);
612 dlen = rec_data_length(&rec.u);
613 extra = rec_extra_padding(&rec.u);
615 len = sizeof(rec.u) + klen + dlen + extra;
616 if (off + len > tdb->map_size) {
617 tdb_logerr(tdb, TDB_ERR_CORRUPT,
619 "tdb_check: used overlength %llu"
621 (long long)len, (long long)off);
625 if (len < sizeof(rec.f)) {
626 tdb_logerr(tdb, TDB_ERR_CORRUPT,
628 "tdb_check: too short record %llu"
630 (long long)len, (long long)off);
636 /* We must have found recovery area if there was one. */
637 if (recovery != 0 && !found_recovery) {
638 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
639 "tdb_check: expected a recovery area at %zu",
647 int tdb_check(struct tdb_context *tdb,
648 int (*check)(TDB_DATA key, TDB_DATA data, void *private_data),
651 tdb_off_t *free = NULL, *used = NULL, flist, recovery;
652 size_t num_free = 0, num_used = 0, num_found = 0, num_flists = 0;
654 if (tdb_allrecord_lock(tdb, F_RDLCK, TDB_LOCK_WAIT, false) != 0)
657 if (tdb_lock_expand(tdb, F_RDLCK) != 0) {
658 tdb_allrecord_unlock(tdb, F_RDLCK);
662 if (!check_header(tdb, &recovery))
665 /* First we do a linear scan, checking all records. */
666 if (!check_linear(tdb, &used, &num_used, &free, &num_free, recovery))
669 for (flist = first_flist(tdb); flist; flist = next_flist(tdb, flist)) {
670 if (flist == TDB_OFF_ERR)
672 if (!check_free_list(tdb, flist, num_flists, free, num_free,
678 /* FIXME: Check key uniqueness? */
679 if (!check_hash(tdb, used, num_used, num_flists, check, private_data))
682 if (num_found != num_free) {
683 tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_DEBUG_ERROR,
684 "tdb_check: Not all entries are in free table");
688 tdb_allrecord_unlock(tdb, F_RDLCK);
689 tdb_unlock_expand(tdb, F_RDLCK);
693 tdb_allrecord_unlock(tdb, F_RDLCK);
694 tdb_unlock_expand(tdb, F_RDLCK);