2 Trivial Database 2: free list/block handling
3 Copyright (C) Rusty Russell 2010
5 This library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 3 of the License, or (at your option) any later version.
10 This library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include <ccan/likely/likely.h>
20 #include <ccan/asearch/asearch.h>
22 /* We keep an ordered array of offsets. */
23 static bool append(tdb_off_t **arr, size_t *num, tdb_off_t off)
25 tdb_off_t *new = realloc(*arr, (*num + 1) * sizeof(tdb_off_t));
33 static enum TDB_ERROR check_header(struct tdb_context *tdb, tdb_off_t *recovery)
36 struct tdb_header hdr;
39 ecode = tdb_read_convert(tdb, 0, &hdr, sizeof(hdr));
40 if (ecode != TDB_SUCCESS) {
43 /* magic food should not be converted, so convert back. */
44 tdb_convert(tdb, hdr.magic_food, sizeof(hdr.magic_food));
46 hash_test = TDB_HASH_MAGIC;
47 hash_test = tdb_hash(tdb, &hash_test, sizeof(hash_test));
48 if (hdr.hash_test != hash_test) {
49 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
50 "check: hash test %llu should be %llu",
51 (long long)hdr.hash_test,
52 (long long)hash_test);
55 if (strcmp(hdr.magic_food, TDB_MAGIC_FOOD) != 0) {
56 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
57 "check: bad magic '%.*s'",
58 (unsigned)sizeof(hdr.magic_food),
62 *recovery = hdr.recovery;
64 if (*recovery < sizeof(hdr) || *recovery > tdb->map_size) {
65 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
67 " invalid recovery offset %zu",
72 /* Don't check reserved: they *can* be used later. */
76 static enum TDB_ERROR check_hash_tree(struct tdb_context *tdb,
77 tdb_off_t off, unsigned int group_bits,
79 unsigned hprefix_bits,
83 enum TDB_ERROR (*check)(TDB_DATA,
87 static enum TDB_ERROR check_hash_chain(struct tdb_context *tdb,
93 enum TDB_ERROR (*check)(TDB_DATA,
98 struct tdb_used_record rec;
101 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec));
102 if (ecode != TDB_SUCCESS) {
106 if (rec_magic(&rec) != TDB_CHAIN_MAGIC) {
107 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
108 "tdb_check: Bad hash chain magic %llu",
109 (long long)rec_magic(&rec));
112 if (rec_data_length(&rec) != sizeof(struct tdb_chain)) {
113 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
115 " Bad hash chain length %llu vs %zu",
116 (long long)rec_data_length(&rec),
117 sizeof(struct tdb_chain));
119 if (rec_key_length(&rec) != 0) {
120 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
121 "tdb_check: Bad hash chain key length %llu",
122 (long long)rec_key_length(&rec));
124 if (rec_hash(&rec) != 0) {
125 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
126 "tdb_check: Bad hash chain hash value %llu",
127 (long long)rec_hash(&rec));
131 ecode = check_hash_tree(tdb, off, 0, hash, 64,
132 used, num_used, num_found, check, private_data);
133 if (ecode != TDB_SUCCESS) {
137 off = tdb_read_off(tdb, off + offsetof(struct tdb_chain, next));
138 if (TDB_OFF_IS_ERR(off)) {
144 return check_hash_chain(tdb, off, hash, used, num_used, num_found,
145 check, private_data);
148 static enum TDB_ERROR check_hash_record(struct tdb_context *tdb,
151 unsigned hprefix_bits,
155 enum TDB_ERROR (*check)(TDB_DATA,
160 struct tdb_used_record rec;
161 enum TDB_ERROR ecode;
163 if (hprefix_bits >= 64)
164 return check_hash_chain(tdb, off, hprefix, used, num_used,
165 num_found, check, private_data);
167 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec));
168 if (ecode != TDB_SUCCESS) {
172 if (rec_magic(&rec) != TDB_HTABLE_MAGIC) {
173 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
174 "tdb_check: Bad hash table magic %llu",
175 (long long)rec_magic(&rec));
177 if (rec_data_length(&rec)
178 != sizeof(tdb_off_t) << TDB_SUBLEVEL_HASH_BITS) {
179 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
181 " Bad hash table length %llu vs %llu",
182 (long long)rec_data_length(&rec),
183 (long long)sizeof(tdb_off_t)
184 << TDB_SUBLEVEL_HASH_BITS);
186 if (rec_key_length(&rec) != 0) {
187 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
188 "tdb_check: Bad hash table key length %llu",
189 (long long)rec_key_length(&rec));
191 if (rec_hash(&rec) != 0) {
192 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
193 "tdb_check: Bad hash table hash value %llu",
194 (long long)rec_hash(&rec));
198 return check_hash_tree(tdb, off,
199 TDB_SUBLEVEL_HASH_BITS-TDB_HASH_GROUP_BITS,
200 hprefix, hprefix_bits,
201 used, num_used, num_found, check, private_data);
204 static int off_cmp(const tdb_off_t *a, const tdb_off_t *b)
206 /* Can overflow an int. */
212 static uint64_t get_bits(uint64_t h, unsigned num, unsigned *used)
216 return (h >> (64 - *used)) & ((1U << num) - 1);
219 static enum TDB_ERROR check_hash_tree(struct tdb_context *tdb,
220 tdb_off_t off, unsigned int group_bits,
222 unsigned hprefix_bits,
226 enum TDB_ERROR (*check)(TDB_DATA,
231 const tdb_off_t *hash;
232 struct tdb_used_record rec;
233 enum TDB_ERROR ecode;
235 hash = tdb_access_read(tdb, off,
237 << (group_bits + TDB_HASH_GROUP_BITS),
239 if (TDB_PTR_IS_ERR(hash)) {
240 return TDB_PTR_ERR(hash);
243 for (g = 0; g < (1 << group_bits); g++) {
244 const tdb_off_t *group = hash + (g << TDB_HASH_GROUP_BITS);
245 for (b = 0; b < (1 << TDB_HASH_GROUP_BITS); b++) {
246 unsigned int bucket, i, used_bits;
252 off = group[b] & TDB_OFF_MASK;
253 p = asearch(&off, used, num_used, off_cmp);
255 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
257 "tdb_check: Invalid offset"
262 /* Mark it invalid. */
266 if (hprefix_bits == 64) {
267 /* Chained entries are unordered. */
268 if (is_subhash(group[b])) {
269 ecode = TDB_ERR_CORRUPT;
270 tdb_logerr(tdb, ecode,
272 "tdb_check: Invalid chain"
276 h = hash_record(tdb, off);
278 ecode = TDB_ERR_CORRUPT;
279 tdb_logerr(tdb, ecode,
281 "check: bad hash chain"
288 ecode = tdb_read_convert(tdb, off, &rec,
290 if (ecode != TDB_SUCCESS) {
296 if (is_subhash(group[b])) {
299 << (group_bits + TDB_HASH_GROUP_BITS))
300 + g * (1 << TDB_HASH_GROUP_BITS) + b;
302 ecode = check_hash_record(tdb,
303 group[b] & TDB_OFF_MASK,
307 + TDB_HASH_GROUP_BITS,
308 used, num_used, num_found,
309 check, private_data);
310 if (ecode != TDB_SUCCESS) {
317 /* Does it belong here at all? */
318 h = hash_record(tdb, off);
320 if (get_bits(h, hprefix_bits, &used_bits) != hprefix
322 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
324 "check: bad hash placement"
331 /* Does it belong in this group? */
332 if (get_bits(h, group_bits, &used_bits) != g) {
333 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
335 "check: bad group %llu"
341 /* Are bucket bits correct? */
342 bucket = group[b] & TDB_OFF_HASH_GROUP_MASK;
343 if (get_bits(h, TDB_HASH_GROUP_BITS, &used_bits)
345 used_bits -= TDB_HASH_GROUP_BITS;
346 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
348 "check: bad bucket %u vs %u",
349 (unsigned)get_bits(h,
356 /* There must not be any zero entries between
357 * the bucket it belongs in and this one! */
360 i = (i + 1) % (1 << TDB_HASH_GROUP_BITS)) {
362 ecode = TDB_ERR_CORRUPT;
363 tdb_logerr(tdb, ecode,
365 "check: bad group placement"
372 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec));
373 if (ecode != TDB_SUCCESS) {
377 /* Bottom bits must match header. */
378 if ((h & ((1 << 11)-1)) != rec_hash(&rec)) {
379 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT,
381 "tdb_check: Bad hash magic"
383 " (0x%llx vs 0x%llx)",
386 (long long)rec_hash(&rec));
393 key.dsize = rec_key_length(&rec);
394 data.dsize = rec_data_length(&rec);
395 key.dptr = (void *)tdb_access_read(tdb,
397 key.dsize + data.dsize,
399 if (TDB_PTR_IS_ERR(key.dptr)) {
400 ecode = TDB_PTR_ERR(key.dptr);
403 data.dptr = key.dptr + key.dsize;
404 ecode = check(key, data, private_data);
405 if (ecode != TDB_SUCCESS) {
408 tdb_access_release(tdb, key.dptr);
412 tdb_access_release(tdb, hash);
416 tdb_access_release(tdb, hash);
420 static enum TDB_ERROR check_hash(struct tdb_context *tdb,
422 size_t num_used, size_t num_ftables,
423 int (*check)(TDB_DATA, TDB_DATA, void *),
426 /* Free tables also show up as used. */
427 size_t num_found = num_ftables;
428 enum TDB_ERROR ecode;
430 ecode = check_hash_tree(tdb, offsetof(struct tdb_header, hashtable),
431 TDB_TOPLEVEL_HASH_BITS-TDB_HASH_GROUP_BITS,
432 0, 0, used, num_used, &num_found,
433 check, private_data);
434 if (ecode == TDB_SUCCESS) {
435 if (num_found != num_used) {
436 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
437 "tdb_check: Not all entries"
444 static enum TDB_ERROR check_free(struct tdb_context *tdb,
446 const struct tdb_free_record *frec,
447 tdb_off_t prev, unsigned int ftable,
450 enum TDB_ERROR ecode;
452 if (frec_magic(frec) != TDB_FREE_MAGIC) {
453 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
454 "tdb_check: offset %llu bad magic 0x%llx",
456 (long long)frec->magic_and_prev);
458 if (frec_ftable(frec) != ftable) {
459 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
460 "tdb_check: offset %llu bad freetable %u",
461 (long long)off, frec_ftable(frec));
465 ecode = tdb->methods->oob(tdb, off
467 + sizeof(struct tdb_used_record),
469 if (ecode != TDB_SUCCESS) {
472 if (size_to_bucket(frec_len(frec)) != bucket) {
473 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
474 "tdb_check: offset %llu in wrong bucket"
477 bucket, size_to_bucket(frec_len(frec)));
479 if (prev != frec_prev(frec)) {
480 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
481 "tdb_check: offset %llu bad prev"
484 (long long)prev, (long long)frec_len(frec));
489 static enum TDB_ERROR check_free_table(struct tdb_context *tdb,
490 tdb_off_t ftable_off,
496 struct tdb_freetable ft;
499 enum TDB_ERROR ecode;
501 ecode = tdb_read_convert(tdb, ftable_off, &ft, sizeof(ft));
502 if (ecode != TDB_SUCCESS) {
506 if (rec_magic(&ft.hdr) != TDB_FTABLE_MAGIC
507 || rec_key_length(&ft.hdr) != 0
508 || rec_data_length(&ft.hdr) != sizeof(ft) - sizeof(ft.hdr)
509 || rec_hash(&ft.hdr) != 0) {
510 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
511 "tdb_check: Invalid header on free table");
514 for (i = 0; i < TDB_FREE_BUCKETS; i++) {
515 tdb_off_t off, prev = 0, *p;
516 struct tdb_free_record f;
518 h = bucket_off(ftable_off, i);
519 for (off = tdb_read_off(tdb, h); off; off = f.next) {
520 if (TDB_OFF_IS_ERR(off)) {
523 ecode = tdb_read_convert(tdb, off, &f, sizeof(f));
524 if (ecode != TDB_SUCCESS) {
527 ecode = check_free(tdb, off, &f, prev, ftable_num, i);
528 if (ecode != TDB_SUCCESS) {
532 /* FIXME: Check hash bits */
533 p = asearch(&off, fr, num_free, off_cmp);
535 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
537 "tdb_check: Invalid offset"
538 " %llu in free table",
541 /* Mark it invalid. */
550 /* Slow, but should be very rare. */
551 tdb_off_t dead_space(struct tdb_context *tdb, tdb_off_t off)
554 enum TDB_ERROR ecode;
556 for (len = 0; off + len < tdb->map_size; len++) {
558 ecode = tdb->methods->tread(tdb, off, &c, 1);
559 if (ecode != TDB_SUCCESS) {
562 if (c != 0 && c != 0x43)
568 static enum TDB_ERROR check_linear(struct tdb_context *tdb,
569 tdb_off_t **used, size_t *num_used,
570 tdb_off_t **fr, size_t *num_free,
575 enum TDB_ERROR ecode;
576 bool found_recovery = false;
578 for (off = sizeof(struct tdb_header); off < tdb->map_size; off += len) {
580 struct tdb_used_record u;
581 struct tdb_free_record f;
582 struct tdb_recovery_record r;
584 /* r is larger: only get that if we need to. */
585 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec.f));
586 if (ecode != TDB_SUCCESS) {
590 /* If we crash after ftruncate, we can get zeroes or fill. */
591 if (rec.r.magic == TDB_RECOVERY_INVALID_MAGIC
592 || rec.r.magic == 0x4343434343434343ULL) {
593 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec.r));
594 if (ecode != TDB_SUCCESS) {
597 if (recovery == off) {
598 found_recovery = true;
599 len = sizeof(rec.r) + rec.r.max_len;
601 len = dead_space(tdb, off);
602 if (TDB_OFF_IS_ERR(len)) {
605 if (len < sizeof(rec.r)) {
606 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
609 " dead space at %zu",
613 tdb_logerr(tdb, TDB_SUCCESS, TDB_LOG_WARNING,
614 "Dead space at %zu-%zu (of %zu)",
615 (size_t)off, (size_t)(off + len),
616 (size_t)tdb->map_size);
618 } else if (rec.r.magic == TDB_RECOVERY_MAGIC) {
619 ecode = tdb_read_convert(tdb, off, &rec, sizeof(rec.r));
620 if (ecode != TDB_SUCCESS) {
623 if (recovery != off) {
624 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
626 "tdb_check: unexpected"
627 " recovery record at offset"
631 if (rec.r.len > rec.r.max_len) {
632 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
634 "tdb_check: invalid recovery"
638 if (rec.r.eof > tdb->map_size) {
639 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
641 "tdb_check: invalid old EOF"
642 " %zu", (size_t)rec.r.eof);
644 found_recovery = true;
645 len = sizeof(rec.r) + rec.r.max_len;
646 } else if (frec_magic(&rec.f) == TDB_FREE_MAGIC) {
647 len = sizeof(rec.u) + frec_len(&rec.f);
648 if (off + len > tdb->map_size) {
649 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
651 "tdb_check: free overlength"
652 " %llu at offset %llu",
656 /* This record should be in free lists. */
657 if (frec_ftable(&rec.f) != TDB_FTABLE_NONE
658 && !append(fr, num_free, off)) {
659 return tdb_logerr(tdb, TDB_ERR_OOM,
661 "tdb_check: tracking %zu'th"
662 " free record.", *num_free);
664 } else if (rec_magic(&rec.u) == TDB_USED_MAGIC
665 || rec_magic(&rec.u) == TDB_CHAIN_MAGIC
666 || rec_magic(&rec.u) == TDB_HTABLE_MAGIC
667 || rec_magic(&rec.u) == TDB_FTABLE_MAGIC) {
668 uint64_t klen, dlen, extra;
670 /* This record is used! */
671 if (!append(used, num_used, off)) {
672 return tdb_logerr(tdb, TDB_ERR_OOM,
674 "tdb_check: tracking %zu'th"
675 " used record.", *num_used);
678 klen = rec_key_length(&rec.u);
679 dlen = rec_data_length(&rec.u);
680 extra = rec_extra_padding(&rec.u);
682 len = sizeof(rec.u) + klen + dlen + extra;
683 if (off + len > tdb->map_size) {
684 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
686 "tdb_check: used overlength"
687 " %llu at offset %llu",
692 if (len < sizeof(rec.f)) {
693 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
695 "tdb_check: too short record"
701 return tdb_logerr(tdb, TDB_ERR_CORRUPT,
703 "tdb_check: Bad magic 0x%llx"
705 (long long)rec_magic(&rec.u),
710 /* We must have found recovery area if there was one. */
711 if (recovery != 0 && !found_recovery) {
712 return tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
713 "tdb_check: expected a recovery area at %zu",
720 enum TDB_ERROR tdb_check(struct tdb_context *tdb,
721 enum TDB_ERROR (*check)(TDB_DATA key, TDB_DATA data,
725 tdb_off_t *fr = NULL, *used = NULL, ft, recovery;
726 size_t num_free = 0, num_used = 0, num_found = 0, num_ftables = 0;
727 enum TDB_ERROR ecode;
729 ecode = tdb_allrecord_lock(tdb, F_RDLCK, TDB_LOCK_WAIT, false);
730 if (ecode != TDB_SUCCESS) {
734 ecode = tdb_lock_expand(tdb, F_RDLCK);
735 if (ecode != TDB_SUCCESS) {
736 tdb_allrecord_unlock(tdb, F_RDLCK);
740 ecode = check_header(tdb, &recovery);
741 if (ecode != TDB_SUCCESS)
744 /* First we do a linear scan, checking all records. */
745 ecode = check_linear(tdb, &used, &num_used, &fr, &num_free, recovery);
746 if (ecode != TDB_SUCCESS)
749 for (ft = first_ftable(tdb); ft; ft = next_ftable(tdb, ft)) {
750 if (TDB_OFF_IS_ERR(ft)) {
754 ecode = check_free_table(tdb, ft, num_ftables, fr, num_free,
756 if (ecode != TDB_SUCCESS)
761 /* FIXME: Check key uniqueness? */
762 ecode = check_hash(tdb, used, num_used, num_ftables, check,
764 if (ecode != TDB_SUCCESS)
767 if (num_found != num_free) {
768 ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
769 "tdb_check: Not all entries are in"
774 tdb_allrecord_unlock(tdb, F_RDLCK);
775 tdb_unlock_expand(tdb, F_RDLCK);