IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
tdb transactions were designed to be robust against the machine
powering off, but interestingly were never designed to handle the case
where an administrator kill -9's a process during commit. Because
recovery is only done on tdb_open, processes with the tdb already
mapped will simply use it despite it being corrupt and needing
recovery.
The solution to this is to check for recovery every time we grab a
data lock: we could have gained the lock because a process just died.
This has no measurable cost: here is the time for tdbtorture -s 0 -n 1
-l 10000:
Before:
2.75 2.50 2.81 3.19 2.91 2.53 2.72 2.50 2.78 2.77 = Avg 2.75
After:
2.81 2.57 3.42 2.49 3.02 2.49 2.84 2.48 2.80 2.43 = Avg 2.74
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit ec96ea690e)
(This used to be ctdb commit 4215c7025d2b29439c5acd19ce4e0fc4e67370b3)
To test the case of death of a process during transaction commit, add
a -k (kill random) option to tdbtorture. The easiest way to do this
is to make every worker a child (unless there's only one child), which
is why this patch is bigger than you might expect.
Using -k without -t (always transactions) you expect corruption, though
it doesn't happen every time. With -t, we currently get corruption but
the next patch fixes that.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit ececeffd85)
(This used to be ctdb commit e5af0ce79c74f11daae2a8514e398c40535e2e67)
The current recovery code truncates the tdb file on recovery. This is
fine if recovery is only done on first open, but is a really bad idea
as we move to allowing recovery on "live" databases.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 8c3fda4318)
(This used to be ctdb commit 65bc926d1a9cb3af18cae6b1462b832a5bcec561)
Now the transaction code uses the standard allrecord lock, that stops
us from trying to grab any per-record locks anyway. We don't need to
have special noop lock ops for transactions.
This is a nice simplification: if you see brlock, you know it's really
going to grab a lock.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 9f295eecff)
(This used to be ctdb commit 6d7093cf51d0256245cc6bab24c9550ed3f1d8a5)
tdb_release_extra_locks() is too general: it carefully skips over the
transaction lock, even though the only caller then drops it. Change
this, and rename it to show it's clearly transaction-specific.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit a84222bbaf)
(This used to be ctdb commit 803035716338170896fee15f15b17c32e7ee777e)
Now the transaction allrecord lock is the standard one, and thus is cleaned
in tdb_release_extra_locks(), _tdb_transaction_cancel() doesn't need to
know what type it is.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit dd1b508c63)
(This used to be ctdb commit 74874ffb2c81e098c1d7935b37557c2151382ca6)
Centralize locking of all chains of the tdb; rename _tdb_lockall to
tdb_allrecord_lock and _tdb_unlockall to tdb_allrecord_unlock, and
tdb_brlock_upgrade to tdb_allrecord_upgrade.
Then we use this in the transaction code. Unfortunately, if the transaction
code records that it has grabbed the allrecord lock read-only, write locks
will fail, so we treat this upgradable lock as a write lock, and mark it
as upgradable using the otherwise-unused offset field.
One subtlety: now the transaction code is using the allrecord_lock, the
tdb_release_extra_locks() function drops it for us, so we no longer need
to do it manually in _tdb_transaction_cancel.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit fca1621965)
(This used to be ctdb commit d7fdb38ac05b5f2af9eb485e98673280835273dd)
Records themselves get (read) locked by the traversal code against delete.
Interestingly, this locking isn't done when the allrecord lock has been
taken, though the allrecord lock until recently didn't cover the actual
records (it now goes to end of file).
The write record lock, grabbed by the delete code, is not suppressed
by the allrecord lock. This is now bad: it causes us to punch a hole
in the allrecord lock when we release the write record lock. Make this
consistent: *no* record locks of any kind when the allrecord lock is
taken.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit caaf5c6baa)
(This used to be ctdb commit 7a99cdf5d0a91764a750c1a264e90e5b66f910a1)
We were previously inconsistent with our "global" lock: the
transaction code grabbed it from FREELIST_TOP to end of file, and the
rest of the code grabbed it from FREELIST_TOP to end of the hash
chains. Change it to always grab to end of file for simplicity and
so we can merge the two.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 9341f230f8)
(This used to be ctdb commit 46f2c33357c999c31a8064c159c6162269c28d9d)
This was redundant before this patch series: it mirrored num_lockrecs
exactly. It still does.
Also, skip useless branch when locks == 1: unconditional assignment is
cheaper anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 1ab8776247)
(This used to be ctdb commit 587ac01ce836286aab54bfcb7a693a0170c7ebd3)
This is pure overhead, but it centralizes the locking. Realloc (esp. as
most implementations are lazy) is fast compared to the fnctl anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit d48c3e4982)
(This used to be ctdb commit 2e8512403525c14c9b776ce28891d09c17ada91d)
Use our newly-generic nested lock tracking for the active lock.
Note that the tdb_have_extra_locks() and tdb_release_extra_locks()
functions have to skip over this lock now it is tracked.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 4738d474c4)
(This used to be ctdb commit 0a44584963232b0b1c62e30c9bede0439e68ef7d)
This never nests, so it's overkill, but it centralizes the locking into
lock.c and removes the ugly flag in the transaction code to track whether
we have the lock or not.
Note that we have a temporary hack so this places a real lock, despite
the fact that we are in a transaction.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 9136818df3)
(This used to be ctdb commit 6812d81907793299e874f121174d885f6500f374)
Rather than a boutique lock and a separate nest count, use our
newly-generic nested lock tracking for the transaction lock.
Note that the tdb_have_extra_locks() and tdb_release_extra_locks()
functions have to skip over this lock now it is tracked.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit e8fa70a321)
(This used to be ctdb commit 4ca1b96a70048b2eaa0d12fb5f0fdb54ec396aa3)
Factor out two loops which find locks; we are going to introduce a couple
more so a helper makes sense.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit ce41411c84)
(This used to be ctdb commit cfb154dd0f189f37b937e90144c2eb9e66a26420)
Move locking intelligence back into lock.c, rather than open-coding the
lock release in transaction.c.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit db270734d8)
(This used to be ctdb commit d2dd720b51c4032e5d77d30212da8117d3f119df)
In many places we check whether locks are held: add a helper to do this.
The _tdb_lockall() case has already checked for the allrecord lock, so
the extra work done by tdb_have_extra_locks() is merely redundant.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit fba42f1fb4)
(This used to be ctdb commit dda3587dfee598f387c2e696f3645486fac65052)
tdb_transaction_lock() and tdb_transaction_unlock() do nothing if we
hold the allrecord lock. However, the two locks don't overlap, so
this is wrong.
This simplification makes the transaction lock a straight-forward nested
lock.
There are two callers for these functions:
1) The transaction code, which already makes sure the allrecord_lock
isn't held.
2) The traverse code, which wants to stop transactions whether it has the
allrecord lock or not. There have been deadlocks here before, however
this should not bring them back (I hope!)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit b754f61d23)
(This used to be ctdb commit 495f3554259b9dbf9ee673c4fe420d98e50e4901)
Because fcntl locks don't nest, we track them in the tdb->lockrecs array
and only place/release them when the count goes to 1/0. We only do this
for record locks, so we simply place the list number (or -1 for the free
list) in the structure.
To generalize this:
1) Put the offset rather than list number in struct tdb_lock_type.
2) Rename _tdb_lock() to tdb_nest_lock, make it non-static and move the
allrecord check out to the callers (except the mark case which doesn't
care).
3) Rename _tdb_unlock() to tdb_nest_unlock(), make it non-static and
move the allrecord out to the callers (except mark again).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 5d9de604d9)
(This used to be ctdb commit 28576ddbd9bf91049db8a4f9e9e7856ac5b8f48a)
The word global is overloaded in tdb. The global_lock inside struct
tdb_context is used to indicate we hold a lock across all the chains.
Rename it to allrecord_lock.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit e9114a7585)
(This used to be ctdb commit a912657fb50a78b9b328c4564281fb9f7f1b3766)
The word global is overloaded in tdb. The GLOBAL_LOCK offset is used at
open time to serialize initialization (and by the transaction code to block
open).
Rename it to OPEN_LOCK.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 7ab422d6fb)
(This used to be ctdb commit a4f83910a485cf56f9b3df1dcf2ad36ebec57473)
Now tdb_open() calls tdb_transaction_cancel() instead of
_tdb_transaction_cancel, we can make it static.
Signed-off-by: Rusty Russell<rusty@rustcorp.com.au>
(Imported from commit a6e0ef87d2)
(This used to be ctdb commit d728a7f65bcd5f1aedbee41d6db5c35f10cb417e)
This is taken from the CCAN code base: rather than using tdb_brlock for
locking and unlocking, we split it into brlock and brunlock functions.
For extra debugging information, brunlock says what kind of lock it is
unlocking (even though fnctl locks don't need this). This requires an
extra argument to tdb_transaction_unlock() so we know whether the
lock was upgraded to a write lock or not.
We also use a "flags" argument tdb_brlock:
1) TDB_LOCK_NOWAIT replaces lck_type = F_SETLK (vs F_SETLKW).
2) TDB_LOCK_MARK_ONLY replaces setting TDB_MARK_LOCK bit in ltype.
3) TDB_LOCK_PROBE replaces the "probe" argument.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 452b4a5a6e)
(This used to be ctdb commit 7b5fdc9c588237c83a1e70e5437e2e5510055b92)
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
(Imported from commit 09e756b1d6)
(This used to be ctdb commit b0dff4ed35ab2423b8fcc801cdaaebaa0d7654bb)
If a process (or the machine) dies after just after writing the
recovery head (pointing at the end of file), the recovery record will filled
with 0x42. This will not invoke a recovery on open, since rec.magic
!= TDB_RECOVERY_MAGIC.
Unfortunately, the first transaction commit will happily reuse that
area: tdb_recovery_allocate() doesn't check the magic. The recovery
record has length 0x42424242, and it writes that back into the
now-valid-looking transaction header) for the next comer (which
happens to be tdb_wipe_all in my tests).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit b37b452cb8)
(This used to be ctdb commit 8c8782ecbb347e026f67d82a39555c0e43b1e9f8)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(Imported from commit 6269cdcd15)
(This used to be ctdb commit e0ca2e02120258aabca1e1586a58a8d672484fb5)
This should make it easier to keep all release scripts alined as it will reduce
the difference between them to ideally a few variables
Also moves the tdb script in the scripts directory.
(Imported from commit 6339de7f4f)
(This used to be ctdb commit 8885b2206fba41ec289fda5dfd653ee676aa0dd3)
after recent fixes we need to raise the version to 1.2.1 so that
we can require also the right patched version.
(Imported from commit 70534adee1)
(This used to be ctdb commit 84c971f33c24d32e5599aba7ba83bb474f7ac922)
There was a bug in tdb where the
tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1);
(ending the transaction-"mutex") was done before the
/* remove the recovery marker */
This means that when a transaction is committed there is a window where another
opener of the file sees the transaction marker while the transaction committer
is still fully functional and working on it. This led to transaction being
rolled back by that second opener of the file while transaction_commit() gave
no error to the caller.
This patch moves the F_UNLCK to after the recovery marker was removed, closing
this window.
(This used to be ctdb commit 898b5edfe757cb145960b8f3631029bfd5592119)
(cherry picked from commit 4334092cba)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit 093f57a2c00f2d629a3b58e58202f1a7e1bbd406)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from samba commit 9776cb0345)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit d1873bd81bfc9f486b88f3a38c65c7de8f5a0909)
metze
(cherry picked from samba commit 5ca0a4bfd6)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit 04aeac728f56c65b973762f09977de1b1b99099e)
We need to keep TDB_ALLOW_NESTING as default behavior,
so that existing code continues to work.
However we may change the default together with a major version
number change in future.
metze
(cherry picked from samba commit 3b9f19ed91)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit c1c0ede32dc00ed619d1cf5fda40a9de43995f3a)
metze
(cherry picked from samba commit 85449b7bcc)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit 855391c1e37012b0d6c673a304bb8da8a1efcd72)
While studying tdb, I've noticed a couple of mismatches between readme
and actual code:
- tdb_open_ex changed it's log_fn argument to log_ctx
- there is now no tdb_update(), which it seems was transformed into
non-exported tdb_update_hash()
There were other mismatches, but I don't remember them now, sorry.
Signed-off-by: Kirill Smelkov <kirr@mns.spb.ru>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from samba commit 83de5c8263)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit 7a88f1df9190674deaf5dcbedad02ae4120a5263)
The reason I do it is that when using older python-tdb as shipped in
Debian Lenny, python interpreter crashes on this test:
(gdb) bt
#0 0xb7f8c424 in __kernel_vsyscall ()
#1 0xb7df5640 in raise () from /lib/i686/cmov/libc.so.6
#2 0xb7df7018 in abort () from /lib/i686/cmov/libc.so.6
#3 0xb7e3234d in __libc_message () from /lib/i686/cmov/libc.so.6
#4 0xb7e38624 in malloc_printerr () from /lib/i686/cmov/libc.so.6
#5 0xb7e3a826 in free () from /lib/i686/cmov/libc.so.6
#6 0xb7b39c84 in tdb_close () from /usr/lib/libtdb.so.1
#7 0xb7b43e14 in ?? () from /var/lib/python-support/python2.5/_tdb.so
#8 0x0a038d08 in ?? ()
#9 0x00000000 in ?? ()
master's pytdb does not (we have a check for self->closed in obj_close()),
but still...
Signed-off-by: Kirill Smelkov <kirr@mns.spb.ru>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from samba commit 71a21393dd)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit 03372b4ea8ba2938468a5c0fc234d604966ce070)
So that erroneous double tdb_close() calls do not try to close() same
fd again. This is like SAFE_FREE() but for fd.
Signed-off-by: Kirill Smelkov <kirr@mns.spb.ru>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from samba commit b4424f8234)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit f5c992bdaeb73ef726ff4728a9922721474cd6f5)
It's Tdb.get(), not Tdb.fetch().
Signed-off-by: Kirill Smelkov <kirr@mns.spb.ru>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from samba commit cfed5f946d)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit 76aacdd8e1106f26565e25903091a757b59cd7e2)
This can help with ldb where we rewrite the index records
(cherry picked from samba commit d4c0e8fdf0)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit 470750fa2e3cf987f10de48451b1ee13aab03907)
metze
(cherry picked from samba commit 3b62e250c0)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be ctdb commit 03b3682e3fa53c9f5fdf2c4beac8b5d030fd2630)
