2 Trivial Database 2: free list/block handling
3 Copyright (C) Rusty Russell 2010
5 This library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 3 of the License, or (at your option) any later version.
10 This library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include <ccan/likely/likely.h>
20 #include <ccan/asearch/asearch.h>
22 /* We keep an ordered array of offsets. */
23 static bool append(tdb_off_t **arr, size_t *num, tdb_off_t off)
25 tdb_off_t *new = realloc(*arr, (*num + 1) * sizeof(tdb_off_t));
33 static enum TDB_ERROR check_header(struct tdb_context *tdb, tdb_off_t *recovery,
37 struct tdb_header hdr;
40 ecode = tdb_read_convert(tdb, 0, &hdr, sizeof(hdr));
41 if (ecode != TDB_SUCCESS) {
44 /* magic food should not be converted, so convert back. */
45 tdb_convert(tdb, hdr.magic_food, sizeof(hdr.magic_food));
47 hash_test = TDB_HASH_MAGIC;
48 hash_test = tdb_hash(tdb, &hash_test, sizeof(hash_test));
49 if (hdr.hash_test != hash_test) {
50 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
51 "check: hash test %llu should be %llu",
52 (long long)hdr.hash_test,
53 (long long)hash_test);
56 if (strcmp(hdr.magic_food, TDB_MAGIC_FOOD) != 0) {
57 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
58 "check: bad magic '%.*s'",
59 (unsigned)sizeof(hdr.magic_food),
63 /* Features which are used must be a subset of features offered. */
64 if (hdr.features_used & ~hdr.features_offered) {
65 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
66 "check: features used (0x%llx) which"
67 " are not offered (0x%llx)",
68 (long long)hdr.features_used,
69 (long long)hdr.features_offered);
72 *features = hdr.features_offered;
73 *recovery = hdr.recovery;
75 if (*recovery < sizeof(hdr)
76 || *recovery > tdb->file->map_size) {
77 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
79 " invalid recovery offset %zu",
84 /* Don't check reserved: they *can* be used later. */
88 static enum TDB_ERROR check_hash_tree(struct tdb_context *tdb,
89 tdb_off_t off, unsigned int group_bits,
91 unsigned hprefix_bits,
95 enum TDB_ERROR (*check)(TDB_DATA,
99 static enum TDB_ERROR check_hash_chain(struct tdb_context *tdb,
105 enum TDB_ERROR (*check)(TDB_DATA,
110 struct tdb_used_record rec;
111 enum TDB_ERROR ecode;
113 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec));
114 if (ecode != TDB_SUCCESS) {
118 if (rec_magic(&rec) != TDB_CHAIN_MAGIC) {
119 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
120 "tdb_check: Bad hash chain magic %llu",
121 (long long)rec_magic(&rec));
124 if (rec_data_length(&rec) != sizeof(struct tdb_chain)) {
125 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
127 " Bad hash chain length %llu vs %zu",
128 (long long)rec_data_length(&rec),
129 sizeof(struct tdb_chain));
131 if (rec_key_length(&rec) != 0) {
132 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
133 "tdb_check: Bad hash chain key length %llu",
134 (long long)rec_key_length(&rec));
136 if (rec_hash(&rec) != 0) {
137 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
138 "tdb_check: Bad hash chain hash value %llu",
139 (long long)rec_hash(&rec));
143 ecode = check_hash_tree(tdb, off, 0, hash, 64,
144 used, num_used, num_found, check, data);
145 if (ecode != TDB_SUCCESS) {
149 off = tdb_read_off(tdb, off + offsetof(struct tdb_chain, next));
150 if (TDB_OFF_IS_ERR(off)) {
156 return check_hash_chain(tdb, off, hash, used, num_used, num_found,
160 static enum TDB_ERROR check_hash_record(struct tdb_context *tdb,
163 unsigned hprefix_bits,
167 enum TDB_ERROR (*check)(TDB_DATA,
172 struct tdb_used_record rec;
173 enum TDB_ERROR ecode;
175 if (hprefix_bits >= 64)
176 return check_hash_chain(tdb, off, hprefix, used, num_used,
177 num_found, check, data);
179 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec));
180 if (ecode != TDB_SUCCESS) {
184 if (rec_magic(&rec) != TDB_HTABLE_MAGIC) {
185 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
186 "tdb_check: Bad hash table magic %llu",
187 (long long)rec_magic(&rec));
189 if (rec_data_length(&rec)
190 != sizeof(tdb_off_t) << TDB_SUBLEVEL_HASH_BITS) {
191 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
193 " Bad hash table length %llu vs %llu",
194 (long long)rec_data_length(&rec),
195 (long long)sizeof(tdb_off_t)
196 << TDB_SUBLEVEL_HASH_BITS);
198 if (rec_key_length(&rec) != 0) {
199 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
200 "tdb_check: Bad hash table key length %llu",
201 (long long)rec_key_length(&rec));
203 if (rec_hash(&rec) != 0) {
204 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
205 "tdb_check: Bad hash table hash value %llu",
206 (long long)rec_hash(&rec));
210 return check_hash_tree(tdb, off,
211 TDB_SUBLEVEL_HASH_BITS-TDB_HASH_GROUP_BITS,
212 hprefix, hprefix_bits,
213 used, num_used, num_found, check, data);
216 static int off_cmp(const tdb_off_t *a, const tdb_off_t *b)
218 /* Can overflow an int. */
224 static uint64_t get_bits(uint64_t h, unsigned num, unsigned *used)
228 return (h >> (64 - *used)) & ((1U << num) - 1);
231 static enum TDB_ERROR check_hash_tree(struct tdb_context *tdb,
232 tdb_off_t off, unsigned int group_bits,
234 unsigned hprefix_bits,
238 enum TDB_ERROR (*check)(TDB_DATA,
243 const tdb_off_t *hash;
244 struct tdb_used_record rec;
245 enum TDB_ERROR ecode;
247 hash = tdb_access_read(tdb, off,
249 << (group_bits + TDB_HASH_GROUP_BITS),
251 if (TDB_PTR_IS_ERR(hash)) {
252 return TDB_PTR_ERR(hash);
255 for (g = 0; g < (1 << group_bits); g++) {
256 const tdb_off_t *group = hash + (g << TDB_HASH_GROUP_BITS);
257 for (b = 0; b < (1 << TDB_HASH_GROUP_BITS); b++) {
258 unsigned int bucket, i, used_bits;
264 off = group[b] & TDB_OFF_MASK;
265 p = asearch(&off, used, num_used, off_cmp);
267 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
269 "tdb_check: Invalid offset"
274 /* Mark it invalid. */
278 if (hprefix_bits == 64) {
279 /* Chained entries are unordered. */
280 if (is_subhash(group[b])) {
281 ecode = TDB_ERR_CORRUPT;
282 tdb_logerr(tdb, ecode,
284 "tdb_check: Invalid chain"
288 h = hash_record(tdb, off);
290 ecode = TDB_ERR_CORRUPT;
291 tdb_logerr(tdb, ecode,
293 "check: bad hash chain"
300 ecode = tdb_read_convert(tdb, off, &rec,
302 if (ecode != TDB_SUCCESS) {
308 if (is_subhash(group[b])) {
311 << (group_bits + TDB_HASH_GROUP_BITS))
312 + g * (1 << TDB_HASH_GROUP_BITS) + b;
314 ecode = check_hash_record(tdb,
315 group[b] & TDB_OFF_MASK,
319 + TDB_HASH_GROUP_BITS,
320 used, num_used, num_found,
322 if (ecode != TDB_SUCCESS) {
329 /* Does it belong here at all? */
330 h = hash_record(tdb, off);
332 if (get_bits(h, hprefix_bits, &used_bits) != hprefix
334 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
336 "check: bad hash placement"
343 /* Does it belong in this group? */
344 if (get_bits(h, group_bits, &used_bits) != g) {
345 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
347 "check: bad group %llu"
353 /* Are bucket bits correct? */
354 bucket = group[b] & TDB_OFF_HASH_GROUP_MASK;
355 if (get_bits(h, TDB_HASH_GROUP_BITS, &used_bits)
357 used_bits -= TDB_HASH_GROUP_BITS;
358 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
360 "check: bad bucket %u vs %u",
361 (unsigned)get_bits(h,
368 /* There must not be any zero entries between
369 * the bucket it belongs in and this one! */
372 i = (i + 1) % (1 << TDB_HASH_GROUP_BITS)) {
374 ecode = TDB_ERR_CORRUPT;
375 tdb_logerr(tdb, ecode,
377 "check: bad group placement"
384 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec));
385 if (ecode != TDB_SUCCESS) {
389 /* Bottom bits must match header. */
390 if ((h & ((1 << 11)-1)) != rec_hash(&rec)) {
391 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
393 "tdb_check: Bad hash magic"
395 " (0x%llx vs 0x%llx)",
398 (long long)rec_hash(&rec));
405 const unsigned char *kptr;
407 kptr = tdb_access_read(tdb,
410 + rec_data_length(&rec),
412 if (TDB_PTR_IS_ERR(kptr)) {
413 ecode = TDB_PTR_ERR(kptr);
417 k = tdb_mkdata(kptr, rec_key_length(&rec));
418 d = tdb_mkdata(kptr + k.dsize,
419 rec_data_length(&rec));
420 ecode = check(k, d, data);
421 tdb_access_release(tdb, kptr);
422 if (ecode != TDB_SUCCESS) {
428 tdb_access_release(tdb, hash);
432 tdb_access_release(tdb, hash);
436 static enum TDB_ERROR check_hash(struct tdb_context *tdb,
438 size_t num_used, size_t num_ftables,
439 int (*check)(TDB_DATA, TDB_DATA, void *),
442 /* Free tables also show up as used. */
443 size_t num_found = num_ftables;
444 enum TDB_ERROR ecode;
446 ecode = check_hash_tree(tdb, offsetof(struct tdb_header, hashtable),
447 TDB_TOPLEVEL_HASH_BITS-TDB_HASH_GROUP_BITS,
448 0, 0, used, num_used, &num_found,
450 if (ecode == TDB_SUCCESS) {
451 if (num_found != num_used) {
452 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
453 "tdb_check: Not all entries"
460 static enum TDB_ERROR check_free(struct tdb_context *tdb,
462 const struct tdb_free_record *frec,
463 tdb_off_t prev, unsigned int ftable,
466 enum TDB_ERROR ecode;
468 if (frec_magic(frec) != TDB_FREE_MAGIC) {
469 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
470 "tdb_check: offset %llu bad magic 0x%llx",
472 (long long)frec->magic_and_prev);
474 if (frec_ftable(frec) != ftable) {
475 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
476 "tdb_check: offset %llu bad freetable %u",
477 (long long)off, frec_ftable(frec));
481 ecode = tdb->methods->oob(tdb, off
483 + sizeof(struct tdb_used_record),
485 if (ecode != TDB_SUCCESS) {
488 if (size_to_bucket(frec_len(frec)) != bucket) {
489 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
490 "tdb_check: offset %llu in wrong bucket"
493 bucket, size_to_bucket(frec_len(frec)));
495 if (prev && prev != frec_prev(frec)) {
496 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
497 "tdb_check: offset %llu bad prev"
500 (long long)prev, (long long)frec_len(frec));
505 static enum TDB_ERROR check_free_table(struct tdb_context *tdb,
506 tdb_off_t ftable_off,
512 struct tdb_freetable ft;
515 enum TDB_ERROR ecode;
517 ecode = tdb_read_convert(tdb, ftable_off, &ft, sizeof(ft));
518 if (ecode != TDB_SUCCESS) {
522 if (rec_magic(&ft.hdr) != TDB_FTABLE_MAGIC
523 || rec_key_length(&ft.hdr) != 0
524 || rec_data_length(&ft.hdr) != sizeof(ft) - sizeof(ft.hdr)
525 || rec_hash(&ft.hdr) != 0) {
526 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
527 "tdb_check: Invalid header on free table");
530 for (i = 0; i < TDB_FREE_BUCKETS; i++) {
531 tdb_off_t off, prev = 0, *p, first = 0;
532 struct tdb_free_record f;
534 h = bucket_off(ftable_off, i);
535 for (off = tdb_read_off(tdb, h); off; off = f.next) {
536 if (TDB_OFF_IS_ERR(off)) {
543 ecode = tdb_read_convert(tdb, off, &f, sizeof(f));
544 if (ecode != TDB_SUCCESS) {
547 ecode = check_free(tdb, off, &f, prev, ftable_num, i);
548 if (ecode != TDB_SUCCESS) {
552 /* FIXME: Check hash bits */
553 p = asearch(&off, fr, num_free, off_cmp);
555 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
557 "tdb_check: Invalid offset"
558 " %llu in free table",
561 /* Mark it invalid. */
568 /* Now we can check first back pointer. */
569 ecode = tdb_read_convert(tdb, first, &f, sizeof(f));
570 if (ecode != TDB_SUCCESS) {
573 ecode = check_free(tdb, first, &f, prev, ftable_num, i);
574 if (ecode != TDB_SUCCESS) {
582 /* Slow, but should be very rare. */
583 tdb_off_t dead_space(struct tdb_context *tdb, tdb_off_t off)
586 enum TDB_ERROR ecode;
588 for (len = 0; off + len < tdb->file->map_size; len++) {
590 ecode = tdb->methods->tread(tdb, off, &c, 1);
591 if (ecode != TDB_SUCCESS) {
594 if (c != 0 && c != 0x43)
600 static enum TDB_ERROR check_linear(struct tdb_context *tdb,
601 tdb_off_t **used, size_t *num_used,
602 tdb_off_t **fr, size_t *num_free,
603 uint64_t features, tdb_off_t recovery)
607 enum TDB_ERROR ecode;
608 bool found_recovery = false;
610 for (off = sizeof(struct tdb_header);
611 off < tdb->file->map_size;
614 struct tdb_used_record u;
615 struct tdb_free_record f;
616 struct tdb_recovery_record r;
618 /* r is larger: only get that if we need to. */
619 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec.f));
620 if (ecode != TDB_SUCCESS) {
624 /* If we crash after ftruncate, we can get zeroes or fill. */
625 if (rec.r.magic == TDB_RECOVERY_INVALID_MAGIC
626 || rec.r.magic == 0x4343434343434343ULL) {
627 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec.r));
628 if (ecode != TDB_SUCCESS) {
631 if (recovery == off) {
632 found_recovery = true;
633 len = sizeof(rec.r) + rec.r.max_len;
635 len = dead_space(tdb, off);
636 if (TDB_OFF_IS_ERR(len)) {
639 if (len < sizeof(rec.r)) {
640 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
643 " dead space at %zu",
647 tdb_logerr(tdb, TDB_SUCCESS, TDB_LOG_WARNING,
648 "Dead space at %zu-%zu (of %zu)",
649 (size_t)off, (size_t)(off + len),
650 (size_t)tdb->file->map_size);
652 } else if (rec.r.magic == TDB_RECOVERY_MAGIC) {
653 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec.r));
654 if (ecode != TDB_SUCCESS) {
657 if (recovery != off) {
658 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
660 "tdb_check: unexpected"
661 " recovery record at offset"
665 if (rec.r.len > rec.r.max_len) {
666 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
668 "tdb_check: invalid recovery"
672 if (rec.r.eof > tdb->file->map_size) {
673 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
675 "tdb_check: invalid old EOF"
676 " %zu", (size_t)rec.r.eof);
678 found_recovery = true;
679 len = sizeof(rec.r) + rec.r.max_len;
680 } else if (frec_magic(&rec.f) == TDB_FREE_MAGIC) {
681 len = sizeof(rec.u) + frec_len(&rec.f);
682 if (off + len > tdb->file->map_size) {
683 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
685 "tdb_check: free overlength"
686 " %llu at offset %llu",
690 /* This record should be in free lists. */
691 if (frec_ftable(&rec.f) != TDB_FTABLE_NONE
692 && !append(fr, num_free, off)) {
693 return tdb_logerr(tdb, TDB_ERR_OOM,
695 "tdb_check: tracking %zu'th"
696 " free record.", *num_free);
698 } else if (rec_magic(&rec.u) == TDB_USED_MAGIC
699 || rec_magic(&rec.u) == TDB_CHAIN_MAGIC
700 || rec_magic(&rec.u) == TDB_HTABLE_MAGIC
701 || rec_magic(&rec.u) == TDB_FTABLE_MAGIC) {
702 uint64_t klen, dlen, extra;
704 /* This record is used! */
705 if (!append(used, num_used, off)) {
706 return tdb_logerr(tdb, TDB_ERR_OOM,
708 "tdb_check: tracking %zu'th"
709 " used record.", *num_used);
712 klen = rec_key_length(&rec.u);
713 dlen = rec_data_length(&rec.u);
714 extra = rec_extra_padding(&rec.u);
716 len = sizeof(rec.u) + klen + dlen + extra;
717 if (off + len > tdb->file->map_size) {
718 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
720 "tdb_check: used overlength"
721 " %llu at offset %llu",
726 if (len < sizeof(rec.f)) {
727 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
729 "tdb_check: too short record"
735 /* Check that records have correct 0 at end (but may
737 if (extra && !features) {
740 p = tdb_access_read(tdb, off + sizeof(rec.u)
741 + klen + dlen, 1, false);
742 if (TDB_PTR_IS_ERR(p))
743 return TDB_PTR_ERR(p);
745 tdb_access_release(tdb, p);
748 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
757 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
759 "tdb_check: Bad magic 0x%llx"
761 (long long)rec_magic(&rec.u),
766 /* We must have found recovery area if there was one. */
767 if (recovery != 0 && !found_recovery) {
768 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
769 "tdb_check: expected a recovery area at %zu",
776 enum TDB_ERROR tdb_check_(struct tdb_context *tdb,
777 enum TDB_ERROR (*check)(TDB_DATA, TDB_DATA, void *),
780 tdb_off_t *fr = NULL, *used = NULL, ft, recovery;
781 size_t num_free = 0, num_used = 0, num_found = 0, num_ftables = 0;
783 enum TDB_ERROR ecode;
785 ecode = tdb_allrecord_lock(tdb, F_RDLCK, TDB_LOCK_WAIT, false);
786 if (ecode != TDB_SUCCESS) {
787 return tdb->last_error = ecode;
790 ecode = tdb_lock_expand(tdb, F_RDLCK);
791 if (ecode != TDB_SUCCESS) {
792 tdb_allrecord_unlock(tdb, F_RDLCK);
793 return tdb->last_error = ecode;
796 ecode = check_header(tdb, &recovery, &features);
797 if (ecode != TDB_SUCCESS)
800 /* First we do a linear scan, checking all records. */
801 ecode = check_linear(tdb, &used, &num_used, &fr, &num_free, features,
803 if (ecode != TDB_SUCCESS)
806 for (ft = first_ftable(tdb); ft; ft = next_ftable(tdb, ft)) {
807 if (TDB_OFF_IS_ERR(ft)) {
811 ecode = check_free_table(tdb, ft, num_ftables, fr, num_free,
813 if (ecode != TDB_SUCCESS)
818 /* FIXME: Check key uniqueness? */
819 ecode = check_hash(tdb, used, num_used, num_ftables, check, data);
820 if (ecode != TDB_SUCCESS)
823 if (num_found != num_free) {
824 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
825 "tdb_check: Not all entries are in"
830 tdb_allrecord_unlock(tdb, F_RDLCK);
831 tdb_unlock_expand(tdb, F_RDLCK);
834 return tdb->last_error = ecode;
projects / ccan / blob