tdb: fix recovery reuse after crash (from SAMBA)
authorRusty Russell <rusty@rustcorp.com.au>
Mon, 22 Feb 2010 12:24:26 +0000 (22:54 +1030)
committerRusty Russell <rusty@rustcorp.com.au>
Mon, 22 Feb 2010 12:24:26 +0000 (22:54 +1030)
commit8321967a3b0917b9b1ac4cbc3cda2ace881a886f
tree748cf92d0b0893df7f1e9996aa4ca51fdb601aa9
parent6ad04b02d95ba5897ae609b7030608a62cc7797b
tdb:  fix recovery reuse after crash (from SAMBA)

commit b37b452cb8c1f56b37b04abe7bffdede371ca361
Author: Rusty Russell <rusty@rustcorp.com.au>
Date:   Thu Feb 4 23:59:54 2010 +1030

    tdb: fix recovery reuse after crash

    If a process (or the machine) dies after just after writing the
    recovery head (pointing at the end of file), the recovery record will filled
    with 0x42.  This will not invoke a recovery on open, since rec.magic
    != TDB_RECOVERY_MAGIC.

    Unfortunately, the first transaction commit will happily reuse that
    area: tdb_recovery_allocate() doesn't check the magic.  The recovery
    record has length 0x42424242, and it writes that back into the
    now-valid-looking transaction header) for the next comer (which
    happens to be tdb_wipe_all in my tests).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ccan/tdb/transaction.c