2 Unix SMB/CIFS implementation.
4 trivial database library
6 Copyright (C) Andrew Tridgell 2005
8 ** NOTE! The following LGPL license applies to the tdb
9 ** library. This does NOT imply that all of Samba is released
12 This library is free software; you can redistribute it and/or
13 modify it under the terms of the GNU Lesser General Public
14 License as published by the Free Software Foundation; either
15 version 3 of the License, or (at your option) any later version.
17 This library is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 Lesser General Public License for more details.
22 You should have received a copy of the GNU Lesser General Public
23 License along with this library; if not, see <http://www.gnu.org/licenses/>.
26 #include "tdb_private.h"
31 - only allow a single transaction at a time per database. This makes
32 using the transaction API simpler, as otherwise the caller would
33 have to cope with temporary failures in transactions that conflict
34 with other current transactions
36 - keep the transaction recovery information in the same file as the
37 database, using a special 'transaction recovery' record pointed at
38 by the header. This removes the need for extra journal files as
39 used by some other databases
41 - dynamically allocated the transaction recover record, re-using it
42 for subsequent transactions. If a larger record is needed then
43 tdb_free() the old record to place it on the normal tdb freelist
44 before allocating the new record
46 - during transactions, keep a linked list of writes all that have
47 been performed by intercepting all tdb_write() calls. The hooked
48 transaction versions of tdb_read() and tdb_write() check this
49 linked list and try to use the elements of the list in preference
52 - don't allow any locks to be held when a transaction starts,
53 otherwise we can end up with deadlock (plus lack of lock nesting
54 in posix locks would mean the lock is lost)
56 - if the caller gains a lock during the transaction but doesn't
57 release it then fail the commit
59 - allow for nested calls to tdb_transaction_start(), re-using the
60 existing transaction record. If the inner transaction is cancelled
61 then a subsequent commit will fail
63 - keep a mirrored copy of the tdb hash chain heads to allow for the
64 fast hash heads scan on traverse, updating the mirrored copy in
65 the transaction version of tdb_write
67 - allow callers to mix transaction and non-transaction use of tdb,
68 although once a transaction is started then an exclusive lock is
69 gained until the transaction is committed or cancelled
71 - the commit stategy involves first saving away all modified data
72 into a linearised buffer in the transaction recovery area, then
73 marking the transaction recovery area with a magic value to
74 indicate a valid recovery record. In total 4 fsync/msync calls are
75 needed per commit to prevent race conditions. It might be possible
76 to reduce this to 3 or even 2 with some more work.
78 - check for a valid recovery record on open of the tdb, while the
79 global lock is held. Automatically recover from the transaction
80 recovery area if needed, then continue with the open as
81 usual. This allows for smooth crash recovery with no administrator
84 - if TDB_NOSYNC is passed to flags in tdb_open then transactions are
85 still available, but no transaction recovery area is used and no
86 fsync/msync calls are made.
88 - if TDB_ALLOW_NESTING is passed to flags in tdb open, or added using
89 tdb_add_flags() transaction is enabled.
90 The default is that transaction nesting is not allowed and an attempt
91 to create a nested transaction will fail with TDB_ERR_NESTING.
93 Beware. when transactions are nested a transaction successfully
94 completed with tdb_transaction_commit() can be silently unrolled later.
99 hold the context of any current transaction
101 struct tdb_transaction {
102 /* we keep a mirrored copy of the tdb hash heads here so
103 tdb_next_hash_chain() can operate efficiently */
104 uint32_t *hash_heads;
106 /* the original io methods - used to do IOs to the real db */
107 const struct tdb_methods *io_methods;
109 /* the list of transaction blocks. When a block is first
110 written to, it gets created in this list */
113 uint32_t block_size; /* bytes in each block */
114 uint32_t last_block_size; /* number of valid bytes in the last block */
116 /* non-zero when an internal transaction error has
117 occurred. All write operations will then fail until the
118 transaction is ended */
119 int transaction_error;
121 /* when inside a transaction we need to keep track of any
122 nested tdb_transaction_start() calls, as these are allowed,
123 but don't create a new transaction */
126 /* set when a prepare has already occurred */
128 tdb_off_t magic_offset;
130 /* old file size before transaction */
131 tdb_len_t old_map_size;
133 /* we should re-pack on commit */
139 read while in a transaction. We need to check first if the data is in our list
140 of transaction elements, then if not do a real read
142 static int transaction_read(struct tdb_context *tdb, tdb_off_t off, void *buf,
143 tdb_len_t len, int cv)
147 /* Only a commit is allowed on a prepared transaction */
148 if (tdb->transaction->prepared) {
149 tdb->ecode = TDB_ERR_EINVAL;
150 TDB_LOG((tdb, TDB_DEBUG_FATAL, "transaction_read: transaction already prepared, read not allowed\n"));
151 tdb->transaction->transaction_error = 1;
155 /* break it down into block sized ops */
156 while (len + (off % tdb->transaction->block_size) > tdb->transaction->block_size) {
157 tdb_len_t len2 = tdb->transaction->block_size - (off % tdb->transaction->block_size);
158 if (transaction_read(tdb, off, buf, len2, cv) != 0) {
163 buf = (void *)(len2 + (char *)buf);
170 blk = off / tdb->transaction->block_size;
172 /* see if we have it in the block list */
173 if (tdb->transaction->num_blocks <= blk ||
174 tdb->transaction->blocks[blk] == NULL) {
175 /* nope, do a real read */
176 if (tdb->transaction->io_methods->tdb_read(tdb, off, buf, len, cv) != 0) {
182 /* it is in the block list. Now check for the last block */
183 if (blk == tdb->transaction->num_blocks-1) {
184 if (len > tdb->transaction->last_block_size) {
189 /* now copy it out of this block */
190 memcpy(buf, tdb->transaction->blocks[blk] + (off % tdb->transaction->block_size), len);
192 tdb_convert(buf, len);
197 TDB_LOG((tdb, TDB_DEBUG_FATAL, "transaction_read: failed at off=%d len=%d\n", off, len));
198 tdb->ecode = TDB_ERR_IO;
199 tdb->transaction->transaction_error = 1;
205 write while in a transaction
207 static int transaction_write(struct tdb_context *tdb, tdb_off_t off,
208 const void *buf, tdb_len_t len)
212 /* Only a commit is allowed on a prepared transaction */
213 if (tdb->transaction->prepared) {
214 tdb->ecode = TDB_ERR_EINVAL;
215 TDB_LOG((tdb, TDB_DEBUG_FATAL, "transaction_write: transaction already prepared, write not allowed\n"));
216 tdb->transaction->transaction_error = 1;
220 /* if the write is to a hash head, then update the transaction
222 if (len == sizeof(tdb_off_t) && off >= FREELIST_TOP &&
223 off < FREELIST_TOP+TDB_HASHTABLE_SIZE(tdb)) {
224 uint32_t chain = (off-FREELIST_TOP) / sizeof(tdb_off_t);
225 memcpy(&tdb->transaction->hash_heads[chain], buf, len);
228 /* break it up into block sized chunks */
229 while (len + (off % tdb->transaction->block_size) > tdb->transaction->block_size) {
230 tdb_len_t len2 = tdb->transaction->block_size - (off % tdb->transaction->block_size);
231 if (transaction_write(tdb, off, buf, len2) != 0) {
237 buf = (const void *)(len2 + (const char *)buf);
245 blk = off / tdb->transaction->block_size;
246 off = off % tdb->transaction->block_size;
248 if (tdb->transaction->num_blocks <= blk) {
249 uint8_t **new_blocks;
250 /* expand the blocks array */
251 if (tdb->transaction->blocks == NULL) {
252 new_blocks = (uint8_t **)malloc(
253 (blk+1)*sizeof(uint8_t *));
255 new_blocks = (uint8_t **)realloc(
256 tdb->transaction->blocks,
257 (blk+1)*sizeof(uint8_t *));
259 if (new_blocks == NULL) {
260 tdb->ecode = TDB_ERR_OOM;
263 memset(&new_blocks[tdb->transaction->num_blocks], 0,
264 (1+(blk - tdb->transaction->num_blocks))*sizeof(uint8_t *));
265 tdb->transaction->blocks = new_blocks;
266 tdb->transaction->num_blocks = blk+1;
267 tdb->transaction->last_block_size = 0;
270 /* allocate and fill a block? */
271 if (tdb->transaction->blocks[blk] == NULL) {
272 tdb->transaction->blocks[blk] = (uint8_t *)calloc(tdb->transaction->block_size, 1);
273 if (tdb->transaction->blocks[blk] == NULL) {
274 tdb->ecode = TDB_ERR_OOM;
275 tdb->transaction->transaction_error = 1;
278 if (tdb->transaction->old_map_size > blk * tdb->transaction->block_size) {
279 tdb_len_t len2 = tdb->transaction->block_size;
280 if (len2 + (blk * tdb->transaction->block_size) > tdb->transaction->old_map_size) {
281 len2 = tdb->transaction->old_map_size - (blk * tdb->transaction->block_size);
283 if (tdb->transaction->io_methods->tdb_read(tdb, blk * tdb->transaction->block_size,
284 tdb->transaction->blocks[blk],
286 SAFE_FREE(tdb->transaction->blocks[blk]);
287 tdb->ecode = TDB_ERR_IO;
290 if (blk == tdb->transaction->num_blocks-1) {
291 tdb->transaction->last_block_size = len2;
296 /* overwrite part of an existing block */
298 memset(tdb->transaction->blocks[blk] + off, 0, len);
300 memcpy(tdb->transaction->blocks[blk] + off, buf, len);
302 if (blk == tdb->transaction->num_blocks-1) {
303 if (len + off > tdb->transaction->last_block_size) {
304 tdb->transaction->last_block_size = len + off;
311 TDB_LOG((tdb, TDB_DEBUG_FATAL, "transaction_write: failed at off=%d len=%d\n",
312 (blk*tdb->transaction->block_size) + off, len));
313 tdb->transaction->transaction_error = 1;
319 write while in a transaction - this varient never expands the transaction blocks, it only
320 updates existing blocks. This means it cannot change the recovery size
322 static int transaction_write_existing(struct tdb_context *tdb, tdb_off_t off,
323 const void *buf, tdb_len_t len)
327 /* break it up into block sized chunks */
328 while (len + (off % tdb->transaction->block_size) > tdb->transaction->block_size) {
329 tdb_len_t len2 = tdb->transaction->block_size - (off % tdb->transaction->block_size);
330 if (transaction_write_existing(tdb, off, buf, len2) != 0) {
336 buf = (const void *)(len2 + (const char *)buf);
344 blk = off / tdb->transaction->block_size;
345 off = off % tdb->transaction->block_size;
347 if (tdb->transaction->num_blocks <= blk ||
348 tdb->transaction->blocks[blk] == NULL) {
352 if (blk == tdb->transaction->num_blocks-1 &&
353 off + len > tdb->transaction->last_block_size) {
354 if (off >= tdb->transaction->last_block_size) {
357 len = tdb->transaction->last_block_size - off;
360 /* overwrite part of an existing block */
361 memcpy(tdb->transaction->blocks[blk] + off, buf, len);
368 accelerated hash chain head search, using the cached hash heads
370 static void transaction_next_hash_chain(struct tdb_context *tdb, uint32_t *chain)
373 for (;h < tdb->header.hash_size;h++) {
374 /* the +1 takes account of the freelist */
375 if (0 != tdb->transaction->hash_heads[h+1]) {
383 out of bounds check during a transaction
385 static int transaction_oob(struct tdb_context *tdb, tdb_off_t len, int probe)
387 if (len <= tdb->map_size) {
390 tdb->ecode = TDB_ERR_IO;
395 transaction version of tdb_expand().
397 static int transaction_expand_file(struct tdb_context *tdb, tdb_off_t size,
400 /* add a write to the transaction elements, so subsequent
401 reads see the zero data */
402 if (transaction_write(tdb, size, NULL, addition) != 0) {
406 tdb->transaction->need_repack = true;
412 brlock during a transaction - ignore them
414 static int transaction_brlock(struct tdb_context *tdb, tdb_off_t offset,
415 int rw_type, int lck_type, int probe, size_t len)
420 static const struct tdb_methods transaction_methods = {
423 transaction_next_hash_chain,
425 transaction_expand_file,
432 static int transaction_sync(struct tdb_context *tdb, tdb_off_t offset, tdb_len_t length)
434 if (tdb->flags & TDB_NOSYNC) {
438 if (fsync(tdb->fd) != 0) {
439 tdb->ecode = TDB_ERR_IO;
440 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction: fsync failed\n"));
445 tdb_off_t moffset = offset & ~(tdb->page_size-1);
446 if (msync(moffset + (char *)tdb->map_ptr,
447 length + (offset - moffset), MS_SYNC) != 0) {
448 tdb->ecode = TDB_ERR_IO;
449 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction: msync failed - %s\n",
458 int _tdb_transaction_cancel(struct tdb_context *tdb)
462 if (tdb->transaction == NULL) {
463 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_cancel: no transaction\n"));
467 if (tdb->transaction->nesting != 0) {
468 tdb->transaction->transaction_error = 1;
469 tdb->transaction->nesting--;
473 tdb->map_size = tdb->transaction->old_map_size;
475 /* free all the transaction blocks */
476 for (i=0;i<tdb->transaction->num_blocks;i++) {
477 if (tdb->transaction->blocks[i] != NULL) {
478 free(tdb->transaction->blocks[i]);
481 SAFE_FREE(tdb->transaction->blocks);
483 if (tdb->transaction->magic_offset) {
484 const struct tdb_methods *methods = tdb->transaction->io_methods;
487 /* remove the recovery marker */
488 if (methods->tdb_write(tdb, tdb->transaction->magic_offset, &zero, 4) == -1 ||
489 transaction_sync(tdb, tdb->transaction->magic_offset, 4) == -1) {
490 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_cancel: failed to remove recovery magic\n"));
495 /* remove any global lock created during the transaction */
496 if (tdb->global_lock.count != 0) {
497 tdb_brlock(tdb, FREELIST_TOP, F_UNLCK, F_SETLKW, 0, 4*tdb->header.hash_size);
498 tdb->global_lock.count = 0;
501 /* remove any locks created during the transaction */
502 if (tdb->num_locks != 0) {
503 for (i=0;i<tdb->num_lockrecs;i++) {
504 tdb_brlock(tdb,FREELIST_TOP+4*tdb->lockrecs[i].list,
505 F_UNLCK,F_SETLKW, 0, 1);
508 tdb->num_lockrecs = 0;
509 SAFE_FREE(tdb->lockrecs);
512 /* restore the normal io methods */
513 tdb->methods = tdb->transaction->io_methods;
515 tdb_brlock(tdb, FREELIST_TOP, F_UNLCK, F_SETLKW, 0, 0);
516 tdb_transaction_unlock(tdb);
517 SAFE_FREE(tdb->transaction->hash_heads);
518 SAFE_FREE(tdb->transaction);
524 start a tdb transaction. No token is returned, as only a single
525 transaction is allowed to be pending per tdb_context
527 int tdb_transaction_start(struct tdb_context *tdb)
529 /* some sanity checks */
530 if (tdb->read_only || (tdb->flags & TDB_INTERNAL) || tdb->traverse_read) {
531 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_start: cannot start a transaction on a read-only or internal db\n"));
532 tdb->ecode = TDB_ERR_EINVAL;
536 /* cope with nested tdb_transaction_start() calls */
537 if (tdb->transaction != NULL) {
538 if (!(tdb->flags & TDB_ALLOW_NESTING)) {
539 tdb->ecode = TDB_ERR_NESTING;
542 tdb_trace(tdb, "tdb_transaction_start");
543 tdb->transaction->nesting++;
544 TDB_LOG((tdb, TDB_DEBUG_TRACE, "tdb_transaction_start: nesting %d\n",
545 tdb->transaction->nesting));
549 if (tdb->num_locks != 0 || tdb->global_lock.count) {
550 /* the caller must not have any locks when starting a
551 transaction as otherwise we'll be screwed by lack
552 of nested locks in posix */
553 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_start: cannot start a transaction with locks held\n"));
554 tdb->ecode = TDB_ERR_LOCK;
558 if (tdb->travlocks.next != NULL) {
559 /* you cannot use transactions inside a traverse (although you can use
560 traverse inside a transaction) as otherwise you can end up with
562 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_start: cannot start a transaction within a traverse\n"));
563 tdb->ecode = TDB_ERR_LOCK;
567 tdb->transaction = (struct tdb_transaction *)
568 calloc(sizeof(struct tdb_transaction), 1);
569 if (tdb->transaction == NULL) {
570 tdb->ecode = TDB_ERR_OOM;
574 /* a page at a time seems like a reasonable compromise between compactness and efficiency */
575 tdb->transaction->block_size = tdb->page_size;
577 /* get the transaction write lock. This is a blocking lock. As
578 discussed with Volker, there are a number of ways we could
579 make this async, which we will probably do in the future */
580 if (tdb_transaction_lock(tdb, F_WRLCK) == -1) {
581 SAFE_FREE(tdb->transaction->blocks);
582 SAFE_FREE(tdb->transaction);
586 /* get a read lock from the freelist to the end of file. This
587 is upgraded to a write lock during the commit */
588 if (tdb_brlock(tdb, FREELIST_TOP, F_RDLCK, F_SETLKW, 0, 0) == -1) {
589 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_start: failed to get hash locks\n"));
590 tdb->ecode = TDB_ERR_LOCK;
594 /* setup a copy of the hash table heads so the hash scan in
595 traverse can be fast */
596 tdb->transaction->hash_heads = (uint32_t *)
597 calloc(tdb->header.hash_size+1, sizeof(uint32_t));
598 if (tdb->transaction->hash_heads == NULL) {
599 tdb->ecode = TDB_ERR_OOM;
602 if (tdb->methods->tdb_read(tdb, FREELIST_TOP, tdb->transaction->hash_heads,
603 TDB_HASHTABLE_SIZE(tdb), 0) != 0) {
604 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_start: failed to read hash heads\n"));
605 tdb->ecode = TDB_ERR_IO;
609 /* make sure we know about any file expansions already done by
611 tdb->methods->tdb_oob(tdb, tdb->map_size + 1, 1);
612 tdb->transaction->old_map_size = tdb->map_size;
614 /* finally hook the io methods, replacing them with
615 transaction specific methods */
616 tdb->transaction->io_methods = tdb->methods;
617 tdb->methods = &transaction_methods;
619 /* Trace at the end, so we get sequence number correct. */
620 tdb_trace(tdb, "tdb_transaction_start");
624 tdb_brlock(tdb, FREELIST_TOP, F_UNLCK, F_SETLKW, 0, 0);
625 tdb_transaction_unlock(tdb);
626 SAFE_FREE(tdb->transaction->blocks);
627 SAFE_FREE(tdb->transaction->hash_heads);
628 SAFE_FREE(tdb->transaction);
634 cancel the current transaction
636 int tdb_transaction_cancel(struct tdb_context *tdb)
638 tdb_trace(tdb, "tdb_transaction_cancel");
639 return _tdb_transaction_cancel(tdb);
643 work out how much space the linearised recovery data will consume
645 static tdb_len_t tdb_recovery_size(struct tdb_context *tdb)
647 tdb_len_t recovery_size = 0;
650 recovery_size = sizeof(uint32_t);
651 for (i=0;i<tdb->transaction->num_blocks;i++) {
652 if (i * tdb->transaction->block_size >= tdb->transaction->old_map_size) {
655 if (tdb->transaction->blocks[i] == NULL) {
658 recovery_size += 2*sizeof(tdb_off_t);
659 if (i == tdb->transaction->num_blocks-1) {
660 recovery_size += tdb->transaction->last_block_size;
662 recovery_size += tdb->transaction->block_size;
666 return recovery_size;
670 allocate the recovery area, or use an existing recovery area if it is
673 static int tdb_recovery_allocate(struct tdb_context *tdb,
674 tdb_len_t *recovery_size,
675 tdb_off_t *recovery_offset,
676 tdb_len_t *recovery_max_size)
678 struct list_struct rec;
679 const struct tdb_methods *methods = tdb->transaction->io_methods;
680 tdb_off_t recovery_head;
682 if (tdb_ofs_read(tdb, TDB_RECOVERY_HEAD, &recovery_head) == -1) {
683 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_recovery_allocate: failed to read recovery head\n"));
689 if (recovery_head != 0 &&
690 methods->tdb_read(tdb, recovery_head, &rec, sizeof(rec), DOCONV()) == -1) {
691 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_recovery_allocate: failed to read recovery record\n"));
695 *recovery_size = tdb_recovery_size(tdb);
697 if (recovery_head != 0 && *recovery_size <= rec.rec_len) {
698 /* it fits in the existing area */
699 *recovery_max_size = rec.rec_len;
700 *recovery_offset = recovery_head;
704 /* we need to free up the old recovery area, then allocate a
705 new one at the end of the file. Note that we cannot use
706 tdb_allocate() to allocate the new one as that might return
707 us an area that is being currently used (as of the start of
709 if (recovery_head != 0) {
710 if (tdb_free(tdb, recovery_head, &rec) == -1) {
711 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_recovery_allocate: failed to free previous recovery area\n"));
716 /* the tdb_free() call might have increased the recovery size */
717 *recovery_size = tdb_recovery_size(tdb);
719 /* round up to a multiple of page size */
720 *recovery_max_size = TDB_ALIGN(sizeof(rec) + *recovery_size, tdb->page_size) - sizeof(rec);
721 *recovery_offset = tdb->map_size;
722 recovery_head = *recovery_offset;
724 if (methods->tdb_expand_file(tdb, tdb->transaction->old_map_size,
725 (tdb->map_size - tdb->transaction->old_map_size) +
726 sizeof(rec) + *recovery_max_size) == -1) {
727 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_recovery_allocate: failed to create recovery area\n"));
731 /* remap the file (if using mmap) */
732 methods->tdb_oob(tdb, tdb->map_size + 1, 1);
734 /* we have to reset the old map size so that we don't try to expand the file
735 again in the transaction commit, which would destroy the recovery area */
736 tdb->transaction->old_map_size = tdb->map_size;
738 /* write the recovery header offset and sync - we can sync without a race here
739 as the magic ptr in the recovery record has not been set */
740 CONVERT(recovery_head);
741 if (methods->tdb_write(tdb, TDB_RECOVERY_HEAD,
742 &recovery_head, sizeof(tdb_off_t)) == -1) {
743 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_recovery_allocate: failed to write recovery head\n"));
746 if (transaction_write_existing(tdb, TDB_RECOVERY_HEAD, &recovery_head, sizeof(tdb_off_t)) == -1) {
747 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_recovery_allocate: failed to write recovery head\n"));
756 setup the recovery data that will be used on a crash during commit
758 static int transaction_setup_recovery(struct tdb_context *tdb,
759 tdb_off_t *magic_offset)
761 tdb_len_t recovery_size;
762 unsigned char *data, *p;
763 const struct tdb_methods *methods = tdb->transaction->io_methods;
764 struct list_struct *rec;
765 tdb_off_t recovery_offset, recovery_max_size;
766 tdb_off_t old_map_size = tdb->transaction->old_map_size;
767 uint32_t magic, tailer;
771 check that the recovery area has enough space
773 if (tdb_recovery_allocate(tdb, &recovery_size,
774 &recovery_offset, &recovery_max_size) == -1) {
778 data = (unsigned char *)malloc(recovery_size + sizeof(*rec));
780 tdb->ecode = TDB_ERR_OOM;
784 rec = (struct list_struct *)data;
785 memset(rec, 0, sizeof(*rec));
788 rec->data_len = recovery_size;
789 rec->rec_len = recovery_max_size;
790 rec->key_len = old_map_size;
793 /* build the recovery data into a single blob to allow us to do a single
794 large write, which should be more efficient */
795 p = data + sizeof(*rec);
796 for (i=0;i<tdb->transaction->num_blocks;i++) {
800 if (tdb->transaction->blocks[i] == NULL) {
804 offset = i * tdb->transaction->block_size;
805 length = tdb->transaction->block_size;
806 if (i == tdb->transaction->num_blocks-1) {
807 length = tdb->transaction->last_block_size;
810 if (offset >= old_map_size) {
813 if (offset + length > tdb->transaction->old_map_size) {
814 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_setup_recovery: transaction data over new region boundary\n"));
816 tdb->ecode = TDB_ERR_CORRUPT;
819 memcpy(p, &offset, 4);
820 memcpy(p+4, &length, 4);
824 /* the recovery area contains the old data, not the
825 new data, so we have to call the original tdb_read
827 if (methods->tdb_read(tdb, offset, p + 8, length, 0) != 0) {
829 tdb->ecode = TDB_ERR_IO;
836 tailer = sizeof(*rec) + recovery_max_size;
837 memcpy(p, &tailer, 4);
840 /* write the recovery data to the recovery area */
841 if (methods->tdb_write(tdb, recovery_offset, data, sizeof(*rec) + recovery_size) == -1) {
842 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_setup_recovery: failed to write recovery data\n"));
844 tdb->ecode = TDB_ERR_IO;
847 if (transaction_write_existing(tdb, recovery_offset, data, sizeof(*rec) + recovery_size) == -1) {
848 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_setup_recovery: failed to write secondary recovery data\n"));
850 tdb->ecode = TDB_ERR_IO;
854 /* as we don't have ordered writes, we have to sync the recovery
855 data before we update the magic to indicate that the recovery
857 if (transaction_sync(tdb, recovery_offset, sizeof(*rec) + recovery_size) == -1) {
864 magic = TDB_RECOVERY_MAGIC;
867 *magic_offset = recovery_offset + offsetof(struct list_struct, magic);
869 if (methods->tdb_write(tdb, *magic_offset, &magic, sizeof(magic)) == -1) {
870 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_setup_recovery: failed to write recovery magic\n"));
871 tdb->ecode = TDB_ERR_IO;
874 if (transaction_write_existing(tdb, *magic_offset, &magic, sizeof(magic)) == -1) {
875 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_setup_recovery: failed to write secondary recovery magic\n"));
876 tdb->ecode = TDB_ERR_IO;
880 /* ensure the recovery magic marker is on disk */
881 if (transaction_sync(tdb, *magic_offset, sizeof(magic)) == -1) {
888 static int _tdb_transaction_prepare_commit(struct tdb_context *tdb)
890 const struct tdb_methods *methods;
892 if (tdb->transaction == NULL) {
893 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_prepare_commit: no transaction\n"));
897 if (tdb->transaction->prepared) {
898 tdb->ecode = TDB_ERR_EINVAL;
899 _tdb_transaction_cancel(tdb);
900 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_prepare_commit: transaction already prepared\n"));
904 if (tdb->transaction->transaction_error) {
905 tdb->ecode = TDB_ERR_IO;
906 _tdb_transaction_cancel(tdb);
907 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_prepare_commit: transaction error pending\n"));
912 if (tdb->transaction->nesting != 0) {
913 tdb->transaction->nesting--;
918 /* store seqnum now, before reading becomes illegal. */
919 tdb_ofs_read(tdb, TDB_SEQNUM_OFS, &tdb->transaction_prepare_seqnum);
922 /* check for a null transaction */
923 if (tdb->transaction->blocks == NULL) {
927 methods = tdb->transaction->io_methods;
929 /* if there are any locks pending then the caller has not
930 nested their locks properly, so fail the transaction */
931 if (tdb->num_locks || tdb->global_lock.count) {
932 tdb->ecode = TDB_ERR_LOCK;
933 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_prepare_commit: locks pending on commit\n"));
934 _tdb_transaction_cancel(tdb);
938 /* upgrade the main transaction lock region to a write lock */
939 if (tdb_brlock_upgrade(tdb, FREELIST_TOP, 0) == -1) {
940 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_prepare_commit: failed to upgrade hash locks\n"));
941 tdb->ecode = TDB_ERR_LOCK;
942 _tdb_transaction_cancel(tdb);
946 /* get the global lock - this prevents new users attaching to the database
948 if (tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0, 1) == -1) {
949 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_prepare_commit: failed to get global lock\n"));
950 tdb->ecode = TDB_ERR_LOCK;
951 _tdb_transaction_cancel(tdb);
955 if (!(tdb->flags & TDB_NOSYNC)) {
956 /* write the recovery data to the end of the file */
957 if (transaction_setup_recovery(tdb, &tdb->transaction->magic_offset) == -1) {
958 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_prepare_commit: failed to setup recovery data\n"));
959 tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
960 _tdb_transaction_cancel(tdb);
965 tdb->transaction->prepared = true;
967 /* expand the file to the new size if needed */
968 if (tdb->map_size != tdb->transaction->old_map_size) {
969 if (methods->tdb_expand_file(tdb, tdb->transaction->old_map_size,
971 tdb->transaction->old_map_size) == -1) {
972 tdb->ecode = TDB_ERR_IO;
973 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_prepare_commit: expansion failed\n"));
974 tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
975 _tdb_transaction_cancel(tdb);
978 tdb->map_size = tdb->transaction->old_map_size;
979 methods->tdb_oob(tdb, tdb->map_size + 1, 1);
982 /* Keep the global lock until the actual commit */
988 prepare to commit the current transaction
990 int tdb_transaction_prepare_commit(struct tdb_context *tdb)
992 tdb_trace(tdb, "tdb_transaction_prepare_commit");
993 return _tdb_transaction_prepare_commit(tdb);
997 commit the current transaction
999 int tdb_transaction_commit(struct tdb_context *tdb)
1001 const struct tdb_methods *methods;
1005 if (tdb->transaction == NULL) {
1006 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_commit: no transaction\n"));
1010 /* If we've prepared, can't read seqnum. */
1011 if (tdb->transaction->prepared) {
1012 tdb_trace_seqnum(tdb, tdb->transaction_prepare_seqnum,
1013 "tdb_transaction_commit");
1015 tdb_trace(tdb, "tdb_transaction_commit");
1018 if (tdb->transaction->transaction_error) {
1019 tdb->ecode = TDB_ERR_IO;
1020 tdb_transaction_cancel(tdb);
1021 TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_transaction_commit: transaction error pending\n"));
1026 if (tdb->transaction->nesting != 0) {
1027 tdb->transaction->nesting--;
1031 /* check for a null transaction */
1032 if (tdb->transaction->blocks == NULL) {
1033 _tdb_transaction_cancel(tdb);
1037 if (!tdb->transaction->prepared) {
1038 int ret = _tdb_transaction_prepare_commit(tdb);
1043 methods = tdb->transaction->io_methods;
1045 /* perform all the writes */
1046 for (i=0;i<tdb->transaction->num_blocks;i++) {
1050 if (tdb->transaction->blocks[i] == NULL) {
1054 offset = i * tdb->transaction->block_size;
1055 length = tdb->transaction->block_size;
1056 if (i == tdb->transaction->num_blocks-1) {
1057 length = tdb->transaction->last_block_size;
1060 if (methods->tdb_write(tdb, offset, tdb->transaction->blocks[i], length) == -1) {
1061 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_commit: write failed during commit\n"));
1063 /* we've overwritten part of the data and
1064 possibly expanded the file, so we need to
1065 run the crash recovery code */
1066 tdb->methods = methods;
1067 tdb_transaction_recover(tdb);
1069 _tdb_transaction_cancel(tdb);
1070 tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
1072 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_commit: write failed\n"));
1075 SAFE_FREE(tdb->transaction->blocks[i]);
1078 SAFE_FREE(tdb->transaction->blocks);
1079 tdb->transaction->num_blocks = 0;
1081 /* ensure the new data is on disk */
1082 if (transaction_sync(tdb, 0, tdb->map_size) == -1) {
1086 tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
1089 TODO: maybe write to some dummy hdr field, or write to magic
1090 offset without mmap, before the last sync, instead of the
1094 /* on some systems (like Linux 2.6.x) changes via mmap/msync
1095 don't change the mtime of the file, this means the file may
1096 not be backed up (as tdb rounding to block sizes means that
1097 file size changes are quite rare too). The following forces
1098 mtime changes when a transaction completes */
1100 utime(tdb->name, NULL);
1103 need_repack = tdb->transaction->need_repack;
1105 /* use a transaction cancel to free memory and remove the
1106 transaction locks */
1107 _tdb_transaction_cancel(tdb);
1110 return tdb_repack(tdb);
1118 recover from an aborted transaction. Must be called with exclusive
1119 database write access already established (including the global
1120 lock to prevent new processes attaching)
1122 int tdb_transaction_recover(struct tdb_context *tdb)
1124 tdb_off_t recovery_head, recovery_eof;
1125 unsigned char *data, *p;
1127 struct list_struct rec;
1129 /* find the recovery area */
1130 if (tdb_ofs_read(tdb, TDB_RECOVERY_HEAD, &recovery_head) == -1) {
1131 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to read recovery head\n"));
1132 tdb->ecode = TDB_ERR_IO;
1136 if (recovery_head == 0) {
1137 /* we have never allocated a recovery record */
1141 /* read the recovery record */
1142 if (tdb->methods->tdb_read(tdb, recovery_head, &rec,
1143 sizeof(rec), DOCONV()) == -1) {
1144 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to read recovery record\n"));
1145 tdb->ecode = TDB_ERR_IO;
1149 if (rec.magic != TDB_RECOVERY_MAGIC) {
1150 /* there is no valid recovery data */
1154 if (tdb->read_only) {
1155 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: attempt to recover read only database\n"));
1156 tdb->ecode = TDB_ERR_CORRUPT;
1160 recovery_eof = rec.key_len;
1162 data = (unsigned char *)malloc(rec.data_len);
1164 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to allocate recovery data\n"));
1165 tdb->ecode = TDB_ERR_OOM;
1169 /* read the full recovery data */
1170 if (tdb->methods->tdb_read(tdb, recovery_head + sizeof(rec), data,
1171 rec.data_len, 0) == -1) {
1172 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to read recovery data\n"));
1173 tdb->ecode = TDB_ERR_IO;
1177 /* recover the file data */
1179 while (p+8 < data + rec.data_len) {
1185 memcpy(&len, p+4, 4);
1187 if (tdb->methods->tdb_write(tdb, ofs, p+8, len) == -1) {
1189 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to recover %d bytes at offset %d\n", len, ofs));
1190 tdb->ecode = TDB_ERR_IO;
1198 if (transaction_sync(tdb, 0, tdb->map_size) == -1) {
1199 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to sync recovery\n"));
1200 tdb->ecode = TDB_ERR_IO;
1204 /* if the recovery area is after the recovered eof then remove it */
1205 if (recovery_eof <= recovery_head) {
1206 if (tdb_ofs_write(tdb, TDB_RECOVERY_HEAD, &zero) == -1) {
1207 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to remove recovery head\n"));
1208 tdb->ecode = TDB_ERR_IO;
1213 /* remove the recovery magic */
1214 if (tdb_ofs_write(tdb, recovery_head + offsetof(struct list_struct, magic),
1216 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to remove recovery magic\n"));
1217 tdb->ecode = TDB_ERR_IO;
1221 /* reduce the file size to the old size */
1223 if (ftruncate(tdb->fd, recovery_eof) != 0) {
1224 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to reduce to recovery size\n"));
1225 tdb->ecode = TDB_ERR_IO;
1228 tdb->map_size = recovery_eof;
1231 if (transaction_sync(tdb, 0, recovery_eof) == -1) {
1232 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_transaction_recover: failed to sync2 recovery\n"));
1233 tdb->ecode = TDB_ERR_IO;
1237 TDB_LOG((tdb, TDB_DEBUG_TRACE, "tdb_transaction_recover: recovered %d byte database\n",
projects / ccan / blob