tdb2: feature support.
[ccan] / ccan / tdb2 / transaction.c
index d05b1fefd58bc9bea611d480ae2a40b2c992bf60..2cab4655661768a80e44593211f152dd3c73175c 100644 (file)
 
   - don't allow any locks to be held when a transaction starts,
     otherwise we can end up with deadlock (plus lack of lock nesting
-    in posix locks would mean the lock is lost)
+    in POSIX locks would mean the lock is lost)
 
   - if the caller gains a lock during the transaction but doesn't
     release it then fail the commit
 
   - allow for nested calls to tdb_transaction_start(), re-using the
-    existing transaction record. If the inner transaction is cancelled
+    existing transaction record. If the inner transaction is canceled
     then a subsequent commit will fail
 
   - keep a mirrored copy of the tdb hash chain heads to allow for the
@@ -68,7 +68,7 @@
 
   - allow callers to mix transaction and non-transaction use of tdb,
     although once a transaction is started then an exclusive lock is
-    gained until the transaction is committed or cancelled
+    gained until the transaction is committed or canceled
 
   - the commit stategy involves first saving away all modified data
     into a linearised buffer in the transaction recovery area, then
@@ -297,7 +297,7 @@ fail:
 
 
 /*
-  write while in a transaction - this varient never expands the transaction blocks, it only
+  write while in a transaction - this variant never expands the transaction blocks, it only
   updates existing blocks. This means it cannot change the recovery size
 */
 static void transaction_write_existing(struct tdb_context *tdb, tdb_off_t off,
@@ -370,11 +370,9 @@ static enum TDB_ERROR transaction_expand_file(struct tdb_context *tdb,
        /* add a write to the transaction elements, so subsequent
           reads see the zero data */
        ecode = transaction_write(tdb, tdb->map_size, NULL, addition);
-       if (ecode != TDB_SUCCESS) {
-               tdb->ecode = ecode;
-               return ecode;
+       if (ecode == TDB_SUCCESS) {
+               tdb->map_size += addition;
        }
-       tdb->map_size += addition;
        return ecode;
 }
 
@@ -515,42 +513,38 @@ static void _tdb_transaction_cancel(struct tdb_context *tdb)
   start a tdb transaction. No token is returned, as only a single
   transaction is allowed to be pending per tdb_context
 */
-int tdb_transaction_start(struct tdb_context *tdb)
+enum TDB_ERROR tdb_transaction_start(struct tdb_context *tdb)
 {
        enum TDB_ERROR ecode;
 
        /* some sanity checks */
        if (tdb->read_only || (tdb->flags & TDB_INTERNAL)) {
-               tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_USE_ERROR,
-                          "tdb_transaction_start: cannot start a transaction"
-                          " on a read-only or internal db");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_USE_ERROR,
+                                 "tdb_transaction_start: cannot start a"
+                                 " transaction on a read-only or internal db");
        }
 
        /* cope with nested tdb_transaction_start() calls */
        if (tdb->transaction != NULL) {
-               tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_USE_ERROR,
-                          "tdb_transaction_start:"
-                          " already inside transaction");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_USE_ERROR,
+                                 "tdb_transaction_start:"
+                                 " already inside transaction");
        }
 
        if (tdb_has_hash_locks(tdb)) {
                /* the caller must not have any locks when starting a
                   transaction as otherwise we'll be screwed by lack
-                  of nested locks in posix */
-               tdb_logerr(tdb, TDB_ERR_LOCK, TDB_LOG_USE_ERROR,
-                          "tdb_transaction_start: cannot start a transaction"
-                          " with locks held");
-               return -1;
+                  of nested locks in POSIX */
+               return tdb_logerr(tdb, TDB_ERR_LOCK, TDB_LOG_USE_ERROR,
+                                 "tdb_transaction_start: cannot start a"
+                                 " transaction with locks held");
        }
 
        tdb->transaction = (struct tdb_transaction *)
                calloc(sizeof(struct tdb_transaction), 1);
        if (tdb->transaction == NULL) {
-               tdb_logerr(tdb, TDB_ERR_OOM, TDB_LOG_ERROR,
-                          "tdb_transaction_start: cannot allocate");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_OOM, TDB_LOG_ERROR,
+                                 "tdb_transaction_start: cannot allocate");
        }
 
        /* get the transaction write lock. This is a blocking lock. As
@@ -558,17 +552,15 @@ int tdb_transaction_start(struct tdb_context *tdb)
           make this async, which we will probably do in the future */
        ecode = tdb_transaction_lock(tdb, F_WRLCK);
        if (ecode != TDB_SUCCESS) {
-               tdb->ecode = ecode;
                SAFE_FREE(tdb->transaction->blocks);
                SAFE_FREE(tdb->transaction);
-               return -1;
+               return ecode;
        }
 
        /* get a read lock over entire file. This is upgraded to a write
           lock during the commit */
        ecode = tdb_allrecord_lock(tdb, F_RDLCK, TDB_LOCK_WAIT, true);
        if (ecode != TDB_SUCCESS) {
-               tdb->ecode = ecode;
                goto fail_allrecord_lock;
        }
 
@@ -581,13 +573,13 @@ int tdb_transaction_start(struct tdb_context *tdb)
           transaction specific methods */
        tdb->transaction->io_methods = tdb->methods;
        tdb->methods = &transaction_methods;
-       return 0;
+       return TDB_SUCCESS;
 
 fail_allrecord_lock:
        tdb_transaction_unlock(tdb, F_WRLCK);
        SAFE_FREE(tdb->transaction->blocks);
        SAFE_FREE(tdb->transaction);
-       return -1;
+       return ecode;
 }
 
 
@@ -630,10 +622,10 @@ static tdb_len_t tdb_recovery_size(struct tdb_context *tdb)
   allocate the recovery area, or use an existing recovery area if it is
   large enough
 */
-static int tdb_recovery_allocate(struct tdb_context *tdb,
-                                tdb_len_t *recovery_size,
-                                tdb_off_t *recovery_offset,
-                                tdb_len_t *recovery_max_size)
+static enum TDB_ERROR tdb_recovery_allocate(struct tdb_context *tdb,
+                                           tdb_len_t *recovery_size,
+                                           tdb_off_t *recovery_offset,
+                                           tdb_len_t *recovery_max_size)
 {
        struct tdb_recovery_record rec;
        const struct tdb_methods *methods = tdb->transaction->io_methods;
@@ -643,19 +635,17 @@ static int tdb_recovery_allocate(struct tdb_context *tdb,
 
        recovery_head = tdb_read_off(tdb, offsetof(struct tdb_header,recovery));
        if (TDB_OFF_IS_ERR(recovery_head)) {
-               tdb_logerr(tdb, recovery_head, TDB_LOG_ERROR,
-                        "tdb_recovery_allocate:"
-                        " failed to read recovery head");
-               return -1;
+               return tdb_logerr(tdb, recovery_head, TDB_LOG_ERROR,
+                                 "tdb_recovery_allocate:"
+                                 " failed to read recovery head");
        }
 
        if (recovery_head != 0) {
                ecode = methods->tread(tdb, recovery_head, &rec, sizeof(rec));
                if (ecode != TDB_SUCCESS) {
-                       tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                                "tdb_recovery_allocate:"
-                                " failed to read recovery record");
-                       return -1;
+                       return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                         "tdb_recovery_allocate:"
+                                         " failed to read recovery record");
                }
                tdb_convert(tdb, &rec, sizeof(rec));
                /* ignore invalid recovery regions: can happen in crash */
@@ -671,7 +661,7 @@ static int tdb_recovery_allocate(struct tdb_context *tdb,
                /* it fits in the existing area */
                *recovery_max_size = rec.max_len;
                *recovery_offset = recovery_head;
-               return 0;
+               return TDB_SUCCESS;
        }
 
        /* we need to free up the old recovery area, then allocate a
@@ -681,12 +671,13 @@ static int tdb_recovery_allocate(struct tdb_context *tdb,
           the transaction) */
        if (recovery_head != 0) {
                add_stat(tdb, frees, 1);
-               if (add_free_record(tdb, recovery_head,
-                                   sizeof(rec) + rec.max_len) != 0) {
-                       tdb_logerr(tdb, tdb->ecode, TDB_LOG_ERROR,
-                                  "tdb_recovery_allocate:"
-                                  " failed to free previous recovery area");
-                       return -1;
+               ecode = add_free_record(tdb, recovery_head,
+                                       sizeof(rec) + rec.max_len);
+               if (ecode != TDB_SUCCESS) {
+                       return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                         "tdb_recovery_allocate:"
+                                         " failed to free previous"
+                                         " recovery area");
                }
        }
 
@@ -710,10 +701,9 @@ static int tdb_recovery_allocate(struct tdb_context *tdb,
        tdb->map_size = tdb->transaction->old_map_size;
        ecode = methods->expand_file(tdb, addition);
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                        "tdb_recovery_allocate:"
-                        " failed to create recovery area");
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_recovery_allocate:"
+                                 " failed to create recovery area");
        }
 
        /* we have to reset the old map size so that we don't try to
@@ -727,15 +717,14 @@ static int tdb_recovery_allocate(struct tdb_context *tdb,
        ecode = methods->twrite(tdb, offsetof(struct tdb_header, recovery),
                                &recovery_head, sizeof(tdb_off_t));
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                        "tdb_recovery_allocate:"
-                        " failed to write recovery head");
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_recovery_allocate:"
+                                 " failed to write recovery head");
        }
        transaction_write_existing(tdb, offsetof(struct tdb_header, recovery),
                                   &recovery_head,
                                   sizeof(tdb_off_t));
-       return 0;
+       return TDB_SUCCESS;
 }
 
 /* Set up header for the recovery record. */
@@ -753,14 +742,15 @@ static void set_recovery_header(struct tdb_recovery_record *rec,
 /*
   setup the recovery data that will be used on a crash during commit
 */
-static int transaction_setup_recovery(struct tdb_context *tdb,
-                                     tdb_off_t *magic_offset)
+static enum TDB_ERROR transaction_setup_recovery(struct tdb_context *tdb,
+                                                tdb_off_t *magic_offset)
 {
-       tdb_len_t recovery_size;
+       /* Initialized for GCC's 4.4.5 overzealous uninitialized warnings. */
+       tdb_len_t recovery_size = 0;
+       tdb_off_t recovery_offset = 0, recovery_max_size = 0;
        unsigned char *data, *p;
        const struct tdb_methods *methods = tdb->transaction->io_methods;
        struct tdb_recovery_record *rec;
-       tdb_off_t recovery_offset, recovery_max_size;
        tdb_off_t old_map_size = tdb->transaction->old_map_size;
        uint64_t magic, tailer;
        int i;
@@ -769,16 +759,17 @@ static int transaction_setup_recovery(struct tdb_context *tdb,
        /*
          check that the recovery area has enough space
        */
-       if (tdb_recovery_allocate(tdb, &recovery_size,
-                                 &recovery_offset, &recovery_max_size) == -1) {
-               return -1;
+       ecode = tdb_recovery_allocate(tdb, &recovery_size,
+                                     &recovery_offset, &recovery_max_size);
+       if (ecode != TDB_SUCCESS) {
+               return ecode;
        }
 
        data = (unsigned char *)malloc(recovery_size + sizeof(*rec));
        if (data == NULL) {
-               tdb_logerr(tdb, TDB_ERR_OOM, TDB_LOG_ERROR,
-                          "transaction_setup_recovery: cannot allocate");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_OOM, TDB_LOG_ERROR,
+                                 "transaction_setup_recovery:"
+                                 " cannot allocate");
        }
 
        rec = (struct tdb_recovery_record *)data;
@@ -807,11 +798,11 @@ static int transaction_setup_recovery(struct tdb_context *tdb,
                        continue;
                }
                if (offset + length > tdb->map_size) {
-                       tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
-                                  "tdb_transaction_setup_recovery:"
-                                  " transaction data over new region boundary");
                        free(data);
-                       return -1;
+                       return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
+                                         "tdb_transaction_setup_recovery:"
+                                         " transaction data over new region"
+                                         " boundary");
                }
                memcpy(p, &offset, sizeof(offset));
                memcpy(p + sizeof(offset), &length, sizeof(length));
@@ -824,9 +815,8 @@ static int transaction_setup_recovery(struct tdb_context *tdb,
                                       p + sizeof(offset) + sizeof(length),
                                       length);
                if (ecode != TDB_SUCCESS) {
-                       tdb->ecode = ecode;
                        free(data);
-                       return -1;
+                       return ecode;
                }
                p += sizeof(offset) + sizeof(length) + length;
        }
@@ -840,11 +830,10 @@ static int transaction_setup_recovery(struct tdb_context *tdb,
        ecode = methods->twrite(tdb, recovery_offset, data,
                                sizeof(*rec) + recovery_size);
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                        "tdb_transaction_setup_recovery:"
-                        " failed to write recovery data");
                free(data);
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_transaction_setup_recovery:"
+                                 " failed to write recovery data");
        }
        transaction_write_existing(tdb, recovery_offset, data,
                                   sizeof(*rec) + recovery_size);
@@ -856,8 +845,7 @@ static int transaction_setup_recovery(struct tdb_context *tdb,
                                 sizeof(*rec) + recovery_size);
        if (ecode != TDB_SUCCESS) {
                free(data);
-               tdb->ecode = ecode;
-               return -1;
+               return ecode;
        }
 
        free(data);
@@ -870,59 +858,50 @@ static int transaction_setup_recovery(struct tdb_context *tdb,
 
        ecode = methods->twrite(tdb, *magic_offset, &magic, sizeof(magic));
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                        "tdb_transaction_setup_recovery:"
-                        " failed to write recovery magic");
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_transaction_setup_recovery:"
+                                 " failed to write recovery magic");
        }
        transaction_write_existing(tdb, *magic_offset, &magic, sizeof(magic));
 
        /* ensure the recovery magic marker is on disk */
-       ecode = transaction_sync(tdb, *magic_offset, sizeof(magic));
-       if (ecode != TDB_SUCCESS) {
-               tdb->ecode = ecode;
-               return -1;
-       }
-
-       return 0;
+       return transaction_sync(tdb, *magic_offset, sizeof(magic));
 }
 
-static int _tdb_transaction_prepare_commit(struct tdb_context *tdb)
+static enum TDB_ERROR _tdb_transaction_prepare_commit(struct tdb_context *tdb)
 {
        const struct tdb_methods *methods;
        enum TDB_ERROR ecode;
 
        if (tdb->transaction == NULL) {
-               tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_USE_ERROR,
-                          "tdb_transaction_prepare_commit: no transaction");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_USE_ERROR,
+                                 "tdb_transaction_prepare_commit:"
+                                 " no transaction");
        }
 
        if (tdb->transaction->prepared) {
                _tdb_transaction_cancel(tdb);
-               tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_USE_ERROR,
-                          "tdb_transaction_prepare_commit:"
-                          " transaction already prepared");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_USE_ERROR,
+                                 "tdb_transaction_prepare_commit:"
+                                 " transaction already prepared");
        }
 
        if (tdb->transaction->transaction_error) {
                _tdb_transaction_cancel(tdb);
-               tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_ERROR,
-                          "tdb_transaction_prepare_commit:"
-                          " transaction error pending");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_ERROR,
+                                 "tdb_transaction_prepare_commit:"
+                                 " transaction error pending");
        }
 
 
        if (tdb->transaction->nesting != 0) {
                tdb->transaction->nesting--;
-               return 0;
+               return TDB_SUCCESS;
        }
 
        /* check for a null transaction */
        if (tdb->transaction->blocks == NULL) {
-               return 0;
+               return TDB_SUCCESS;
        }
 
        methods = tdb->transaction->io_methods;
@@ -934,7 +913,7 @@ static int _tdb_transaction_prepare_commit(struct tdb_context *tdb)
                         "tdb_transaction_prepare_commit:"
                         " failed to upgrade hash locks");
                _tdb_transaction_cancel(tdb);
-               return -1;
+               return ecode;
        }
 
        /* get the open lock - this prevents new users attaching to the database
@@ -945,18 +924,21 @@ static int _tdb_transaction_prepare_commit(struct tdb_context *tdb)
                           "tdb_transaction_prepare_commit:"
                           " failed to get open lock");
                _tdb_transaction_cancel(tdb);
-               return -1;
+               return ecode;
        }
 
        /* Since we have whole db locked, we don't need the expansion lock. */
        if (!(tdb->flags & TDB_NOSYNC)) {
                /* write the recovery data to the end of the file */
-               if (transaction_setup_recovery(tdb, &tdb->transaction->magic_offset) == -1) {
-                       tdb_logerr(tdb, tdb->ecode, TDB_LOG_ERROR,
+               ecode = transaction_setup_recovery(tdb,
+                                                  &tdb->transaction
+                                                  ->magic_offset);
+               if (ecode != TDB_SUCCESS) {
+                       tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
                                 "tdb_transaction_prepare_commit:"
                                 " failed to setup recovery data");
                        _tdb_transaction_cancel(tdb);
-                       return -1;
+                       return ecode;
                }
        }
 
@@ -973,19 +955,18 @@ static int _tdb_transaction_prepare_commit(struct tdb_context *tdb)
                                 "tdb_transaction_prepare_commit:"
                                 " expansion failed");
                        _tdb_transaction_cancel(tdb);
-                       return -1;
+                       return ecode;
                }
        }
 
        /* Keep the open lock until the actual commit */
-
-       return 0;
+       return TDB_SUCCESS;
 }
 
 /*
    prepare to commit the current transaction
 */
-int tdb_transaction_prepare_commit(struct tdb_context *tdb)
+enum TDB_ERROR tdb_transaction_prepare_commit(struct tdb_context *tdb)
 {
        return _tdb_transaction_prepare_commit(tdb);
 }
@@ -993,35 +974,34 @@ int tdb_transaction_prepare_commit(struct tdb_context *tdb)
 /*
   commit the current transaction
 */
-int tdb_transaction_commit(struct tdb_context *tdb)
+enum TDB_ERROR tdb_transaction_commit(struct tdb_context *tdb)
 {
        const struct tdb_methods *methods;
        int i;
        enum TDB_ERROR ecode;
 
        if (tdb->transaction == NULL) {
-               tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_USE_ERROR,
-                        "tdb_transaction_commit: no transaction");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_EINVAL, TDB_LOG_USE_ERROR,
+                                 "tdb_transaction_commit: no transaction");
        }
 
        tdb_trace(tdb, "tdb_transaction_commit");
 
        if (tdb->transaction->nesting != 0) {
                tdb->transaction->nesting--;
-               return 0;
+               return TDB_SUCCESS;
        }
 
        /* check for a null transaction */
        if (tdb->transaction->blocks == NULL) {
                _tdb_transaction_cancel(tdb);
-               return 0;
+               return TDB_SUCCESS;
        }
 
        if (!tdb->transaction->prepared) {
-               int ret = _tdb_transaction_prepare_commit(tdb);
-               if (ret)
-                       return ret;
+               ecode = _tdb_transaction_prepare_commit(tdb);
+               if (ecode != TDB_SUCCESS)
+                       return ecode;
        }
 
        methods = tdb->transaction->io_methods;
@@ -1056,7 +1036,7 @@ int tdb_transaction_commit(struct tdb_context *tdb)
 
                        _tdb_transaction_cancel(tdb);
 
-                       return -1;
+                       return ecode;
                }
                SAFE_FREE(tdb->transaction->blocks[i]);
        }
@@ -1067,8 +1047,7 @@ int tdb_transaction_commit(struct tdb_context *tdb)
        /* ensure the new data is on disk */
        ecode = transaction_sync(tdb, 0, tdb->map_size);
        if (ecode != TDB_SUCCESS) {
-               tdb->ecode = ecode;
-               return -1;
+               return ecode;
        }
 
        /*
@@ -1090,7 +1069,7 @@ int tdb_transaction_commit(struct tdb_context *tdb)
           transaction locks */
        _tdb_transaction_cancel(tdb);
 
-       return 0;
+       return TDB_SUCCESS;
 }
 
 
@@ -1099,7 +1078,7 @@ int tdb_transaction_commit(struct tdb_context *tdb)
   database write access already established (including the open
   lock to prevent new processes attaching)
 */
-int tdb_transaction_recover(struct tdb_context *tdb)
+enum TDB_ERROR tdb_transaction_recover(struct tdb_context *tdb)
 {
        tdb_off_t recovery_head, recovery_eof;
        unsigned char *data, *p;
@@ -1109,56 +1088,51 @@ int tdb_transaction_recover(struct tdb_context *tdb)
        /* find the recovery area */
        recovery_head = tdb_read_off(tdb, offsetof(struct tdb_header,recovery));
        if (TDB_OFF_IS_ERR(recovery_head)) {
-               tdb_logerr(tdb, recovery_head, TDB_LOG_ERROR,
-                        "tdb_transaction_recover:"
-                        " failed to read recovery head");
-               return -1;
+               return tdb_logerr(tdb, recovery_head, TDB_LOG_ERROR,
+                                 "tdb_transaction_recover:"
+                                 " failed to read recovery head");
        }
 
        if (recovery_head == 0) {
                /* we have never allocated a recovery record */
-               return 0;
+               return TDB_SUCCESS;
        }
 
        /* read the recovery record */
        ecode = tdb_read_convert(tdb, recovery_head, &rec, sizeof(rec));
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                          "tdb_transaction_recover:"
-                          " failed to read recovery record");
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_transaction_recover:"
+                                 " failed to read recovery record");
        }
 
        if (rec.magic != TDB_RECOVERY_MAGIC) {
                /* there is no valid recovery data */
-               return 0;
+               return TDB_SUCCESS;
        }
 
        if (tdb->read_only) {
-               tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
-                          "tdb_transaction_recover:"
-                          " attempt to recover read only database");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
+                                 "tdb_transaction_recover:"
+                                 " attempt to recover read only database");
        }
 
        recovery_eof = rec.eof;
 
        data = (unsigned char *)malloc(rec.len);
        if (data == NULL) {
-               tdb_logerr(tdb, TDB_ERR_OOM, TDB_LOG_ERROR,
-                          "tdb_transaction_recover:"
-                          " failed to allocate recovery data");
-               return -1;
+               return tdb_logerr(tdb, TDB_ERR_OOM, TDB_LOG_ERROR,
+                                 "tdb_transaction_recover:"
+                                 " failed to allocate recovery data");
        }
 
        /* read the full recovery data */
        ecode = tdb->methods->tread(tdb, recovery_head + sizeof(rec), data,
                                    rec.len);
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                          "tdb_transaction_recover:"
-                          " failed to read recovery data");
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_transaction_recover:"
+                                 " failed to read recovery data");
        }
 
        /* recover the file data */
@@ -1174,11 +1148,11 @@ int tdb_transaction_recover(struct tdb_context *tdb)
                ecode = tdb->methods->twrite(tdb, ofs, p, len);
                if (ecode != TDB_SUCCESS) {
                        free(data);
-                       tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                                "tdb_transaction_recover:"
-                                " failed to recover %zu bytes at offset %zu",
-                                (size_t)len, (size_t)ofs);
-                       return -1;
+                       return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                         "tdb_transaction_recover:"
+                                         " failed to recover %zu bytes"
+                                         " at offset %zu",
+                                         (size_t)len, (size_t)ofs);
                }
                p += len;
        }
@@ -1187,9 +1161,9 @@ int tdb_transaction_recover(struct tdb_context *tdb)
 
        ecode = transaction_sync(tdb, 0, tdb->map_size);
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                          "tdb_transaction_recover: failed to sync recovery");
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_transaction_recover:"
+                                 " failed to sync recovery");
        }
 
        /* if the recovery area is after the recovered eof then remove it */
@@ -1198,10 +1172,9 @@ int tdb_transaction_recover(struct tdb_context *tdb)
                                                    recovery),
                                      0);
                if (ecode != TDB_SUCCESS) {
-                       tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                                "tdb_transaction_recover:"
-                                " failed to remove recovery head");
-                       return -1;
+                       return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                         "tdb_transaction_recover:"
+                                         " failed to remove recovery head");
                }
        }
 
@@ -1211,17 +1184,16 @@ int tdb_transaction_recover(struct tdb_context *tdb)
                              + offsetof(struct tdb_recovery_record, magic),
                              TDB_RECOVERY_INVALID_MAGIC);
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                        "tdb_transaction_recover:"
-                        " failed to remove recovery magic");
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_transaction_recover:"
+                                 " failed to remove recovery magic");
        }
 
        ecode = transaction_sync(tdb, 0, recovery_eof);
        if (ecode != TDB_SUCCESS) {
-               tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
-                        "tdb_transaction_recover: failed to sync2 recovery");
-               return -1;
+               return tdb_logerr(tdb, ecode, TDB_LOG_ERROR,
+                                 "tdb_transaction_recover:"
+                                 " failed to sync2 recovery");
        }
 
        tdb_logerr(tdb, TDB_SUCCESS, TDB_LOG_WARNING,
@@ -1229,11 +1201,10 @@ int tdb_transaction_recover(struct tdb_context *tdb)
                   (size_t)recovery_eof);
 
        /* all done */
-       return 0;
+       return TDB_SUCCESS;
 }
 
-/* Any I/O failures we say "needs recovery". */
-bool tdb_needs_recovery(struct tdb_context *tdb)
+tdb_bool_err tdb_needs_recovery(struct tdb_context *tdb)
 {
        tdb_off_t recovery_head;
        struct tdb_recovery_record rec;
@@ -1242,8 +1213,7 @@ bool tdb_needs_recovery(struct tdb_context *tdb)
        /* find the recovery area */
        recovery_head = tdb_read_off(tdb, offsetof(struct tdb_header,recovery));
        if (TDB_OFF_IS_ERR(recovery_head)) {
-               tdb->ecode = recovery_head;
-               return true;
+               return recovery_head;
        }
 
        if (recovery_head == 0) {
@@ -1254,8 +1224,7 @@ bool tdb_needs_recovery(struct tdb_context *tdb)
        /* read the recovery record */
        ecode = tdb_read_convert(tdb, recovery_head, &rec, sizeof(rec));
        if (ecode != TDB_SUCCESS) {
-               tdb->ecode = ecode;
-               return true;
+               return ecode;
        }
 
        return (rec.magic == TDB_RECOVERY_MAGIC);