tdb: handle processes dying during transaction commit.
authorRusty Russell <rusty@rustcorp.com.au>
Wed, 24 Feb 2010 03:38:40 +0000 (14:08 +1030)
committerRusty Russell <rusty@rustcorp.com.au>
Wed, 24 Feb 2010 03:38:40 +0000 (14:08 +1030)
commit729fc5b931c8eb26f192399d8aa7064f9af058df
tree2afdc0a5464beee7af10399947900a1b7208e517
parent497e23b21fe7dc8256c23f79f14cdb4c3e86cc9e
tdb: handle processes dying during transaction commit.

tdb transactions were designed to be robust against the machine
powering off, but interestingly were never designed to handle the case
where an administrator kill -9's a process during commit.  Because
recovery is only done on tdb_open, processes with the tdb already
mapped will simply use it despite it being corrupt and needing
recovery.

The solution to this is to check for recovery every time we grab a
data lock: we could have gained the lock because a process just died.
This has no measurable cost: here is the time for tdbtorture -s 0 -n 1
-l 10000:

Before:
2.75 2.50 2.81 3.19 2.91 2.53 2.72 2.50 2.78 2.77 = Avg 2.75

After:
2.81 2.57 3.42 2.49 3.02 2.49 2.84 2.48 2.80 2.43 = Avg 2.74

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ccan/tdb/lock.c
ccan/tdb/tdb_private.h
ccan/tdb/test/external-transaction.c
ccan/tdb/transaction.c