summaryrefslogtreecommitdiff
path: root/lib/tdb
AgeCommit message (Collapse)AuthorFilesLines
2012-10-06tdb: Make tdb robust against improper CLEAR_IF_FIRST restartVolker Lendecke1-4/+28
When winbind is restarted, there is a potential crash in tdb. Following situation: We are in a cluster with ctdb. A winbind child hangs in a request to the DC. Cluster monitoring decides the node has a problem. Cluster monitoring decides to kill ctdbd. winbind child still hangs in a RPC request. winbind parent figures that ctdb is dead and immediately commits suicide. winbind parent is restarted by cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The CLEAR_IF_FIRST logic as implemented now will not see that a child still has the tdb open, only the parent holds the ACTIVE_LOCK due to performance reasons. During the CLEAR_IF_FIRST logic is done, there is a very small window where we ftruncate(tfd, 0) the file and re-write a proper header without a lock. When during this small window the winbind child comes back, wanting to store something into gencache.tdb, that winbind child will crash with a SIGBUS. Sounds unlikely? See: [2012/09/29 07:02:31.871607, 0] lib/util.c:1183(smb_panic) PANIC (pid 1814517): internal error [2012/09/29 07:02:31.877596, 0] lib/util.c:1287(log_stack_trace) BACKTRACE: 35 stack frames: #0 winbindd(log_stack_trace+0x1a) [0x7feb7d4ca18a] #1 winbindd(smb_panic+0x2b) [0x7feb7d4ca25b] #2 winbindd(+0x1a3cc4) [0x7feb7d4bacc4] #3 /lib64/libc.so.6(+0x32900) [0x7feb7a929900] #4 /lib64/libc.so.6(memcpy+0x35) [0x7feb7a97f355] #5 /usr/lib64/libtdb.so.1(+0x6e76) [0x7feb7b0b0e76] #6 /usr/lib64/libtdb.so.1(+0x3d37) [0x7feb7b0add37] #7 /usr/lib64/libtdb.so.1(+0x863d) [0x7feb7b0b263d] #8 /usr/lib64/libtdb.so.1(+0x8700) [0x7feb7b0b2700] #9 /usr/lib64/libtdb.so.1(+0x2505) [0x7feb7b0ac505] #10 /usr/lib64/libtdb.so.1(+0x25b7) [0x7feb7b0ac5b7] #11 /usr/lib64/libtdb.so.1(tdb_fetch+0x13) [0x7feb7b0ac633] #12 winbindd(gencache_set_data_blob+0x259) [0x7feb7d4d8449] #13 winbindd(gencache_set+0x53) [0x7feb7d4d85b3] #14 winbindd(gencache_del+0x5e) [0x7feb7d4d879e] #15 winbindd(saf_delete+0x93) [0x7feb7d54b693] #16 winbindd(+0xe507e) [0x7feb7d3fc07e] #17 winbindd(+0xe85e5) [0x7feb7d3ff5e5] #18 winbindd(+0xe65be) [0x7feb7d3fd5be] #19 winbindd(+0xe7562) [0x7feb7d3fe562] #20 winbindd(init_dc_connection+0x2e) [0x7feb7d3fe5be] #21 winbindd(+0xe75d9) [0x7feb7d3fe5d9] #22 winbindd(cm_connect_netlogon+0x58) [0x7feb7d3fe658] #23 winbindd(_wbint_PingDc+0x61) [0x7feb7d410991] #24 winbindd(+0x103175) [0x7feb7d41a175] #25 winbindd(winbindd_dual_ndrcmd+0xb7) [0x7feb7d4107d7] #26 winbindd(+0xf8609) [0x7feb7d40f609] #27 winbindd(+0xf9075) [0x7feb7d410075] #28 winbindd(tevent_common_loop_immediate+0xe8) [0x7feb7d4db198] #29 winbindd(run_events_poll+0x3c) [0x7feb7d4d93fc] #30 winbindd(+0x1c2b52) [0x7feb7d4d9b52] #31 winbindd(_tevent_loop_once+0x90) [0x7feb7d4d9f60] #32 winbindd(main+0x7b3) [0x7feb7d3e7aa3] #33 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7feb7a915cdd] #34 winbindd(+0xce2a9) [0x7feb7d3e52a9] This is in a winbind child, logfiles surrounding indicate the parent was restarted. This patch takes all chain locks around the CLEAR_IF_FIRST introduced tdb_new_database.
2012-10-06tdb: Make robust against shrinking tdbsRusty Russell1-12/+20
When probing for a size change (eg. just before tdb_expand, tdb_check, tdb_rescue) we call tdb_oob(tdb, tdb->map_size, 1, 1). Unfortunately this does nothing if the tdb has actually shrunk, which as Volker demonstrated, can actually happen if a "longlived" parent crashes. So move the map/update size/remap before the limit check. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-10-04tdb: add -e option to tdbdump (and docment it).Rusty Russell2-3/+53
This allows for an emergency best-effort dump. It's a little better than strings(1). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Thu Oct 4 03:16:06 CEST 2012 on sn-devel-104
2012-10-04tdb: tdbdump should log errors, and fail in that case.Rusty Russell1-2/+38
Dumping a corrupt database should not exit silently with 0 status! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-10-04tdb: add tdb_rescue()Rusty Russell7-4/+622
This allows for an emergency best-effort dump. It's a little better than strings(1). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-10-02tdb: Fix a typoVolker Lendecke1-1/+1
Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Oct 2 19:52:16 CEST 2012 on sn-devel-104
2012-08-10tdb/test: fix build on OSF/1Björn Jacke1-15/+15
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 10 23:33:20 CEST 2012 on sn-devel-104
2012-08-04doc: Remove build/ from doxygen config or it will not work in brew.Andreas Schneider1-4/+1
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Aug 4 16:31:22 CEST 2012 on sn-devel-104
2012-07-30lib/tdb: Fix format string errors found by -Werror=format in tdb testsAndrew Bartlett1-4/+4
2012-07-16pytdb: Check if the database is closed before we touch itAndrew Bartlett2-10/+85
If .close() has already been called, we have to play dead - the self->ctx is just not valid any more, as we have been shut down to allow some other part of Samba to open the tdb. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 16 13:51:52 CEST 2012 on sn-devel-104
2012-07-16pytdb: Check for errors parsing strings into TDB_DATAAndrew Bartlett1-0/+16
The call to PyStringAsString() can raise an exception, and we want to return that rather than following a NULL pointer later. Andrew Bartlett
2012-06-26tdb: finish weaning off err.h.Rusty Russell7-23/+28
Commit 3c4263e7580143c69225729f5b67f09c00add2fd said it removed err.h from tdb, unfortuntely it didn't: tap-interface.h still included it. This finishes it properly! Reported-by:Stefan Metzmacher <metze@samba.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Tue Jun 26 10:22:03 CEST 2012 on sn-devel-104
2012-06-22tdb: don't use err.h in tests.Rusty Russell21-22/+1
It's not portable. While we could use ccan/err, it seems overkill since we actually only use it in one test (I obviously cut & paste the #include). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Fri Jun 22 09:22:28 CEST 2012 on sn-devel-104
2012-06-22tdb: make TDB_NOSYNC merely disable sync.Rusty Russell3-15/+20
(As suggested by Stefan Metzmacher, based on the change to ntdb.) Since commit ec96ea690edbe3398d690b4a953d487ca1773f1c, we handle the case where a process dies during a transaction commit. Unfortunately, TDB_NOSYNC means this no longer works, as it disables the recovery area as well as the actual msync/fsync. We should do everything except the syncs. This also means we can do a complete test with $TDB_NO_FSYNC set; just to get more complete coverage, we disable it explicitly for one test (where we override the actual sync calls anyway). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-06-22autobuild: always set TDB_NO_FSYNC.Rusty Russell1-0/+4
Then we unset it inside the tdb test target itself. This means that new code can't accidently forget it, and we can set it in the 'buildnice' script on sn-devel, for example. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-06-19tdb/wscript: Remove unecessary semicolons.Jelmer Vernooij1-4/+4
2012-06-14tdb: remove unused debug_fprintf() macro that breaks the buildStefan Metzmacher1-2/+0
The IRIX compiler doesn't support '...' in a macro. metze
2012-06-12tdb:tests: fix use of a non-existent word (existant)Michael Adam1-2/+2
2012-05-30build: Remove unused release scripts for tdbAndrew Bartlett6-497/+0
These now use waf dist, and the script/librelease.sh script as a wrapper. The mksyms.sh call in the source3/Makefile uses the copy in source3/script Andrew Bartlett
2012-03-29lib/tdb: Update ABIAmitay Isaacs2-1/+67
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Thu Mar 29 13:12:46 CEST 2012 on sn-devel-104
2012-03-29lib/tdb: Add/expose lock functions to support CTDBAmitay Isaacs1-2/+16
This patch adds two lock functions used by CTDB to perform asynchronous locking. These functions do not actually perform any fcntl operations, but only increment internal counters. - tdb_transaction_write_lock_mark() - tdb_transaction_write_lock_unmark() It also exposes two internal functions - tdb_lock_nonblock() - tdb_unlock() These functions are NOT exposed in include/tdb.h to prevent any further uses of these functions. If you ever need to use these functions, consider using tdb2. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2012-03-23lib/tdb: fix transaction issue for HAVE_INCOHERENT_MMAP.Rusty Russell1-11/+10
We unmap the tdb on expand, the remap. But when we have INCOHERENT_MMAP (ie. OpenBSD) and we're inside a transaction, doing the expand can mean we need to read from the database to partially fill a transaction block. This fails, because if mmap is incoherent we never allow accessing the database via read/write. The solution is not to unmap and remap until we've actually written the padding at the end of the file. Reported-by: Amitay Isaacs <amitay@gmail.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Fri Mar 23 02:53:15 CET 2012 on sn-devel-104
2012-03-23lib/tdb: fix test/run-die-during-transaction when HAVE_INCOHERENT_MMAP.Rusty Russell1-0/+5
Since we force mmap on, we don't intercept writes to the db, so we never see it in an inconsistent state. #ifdef over the check that we should have recovered it at least once. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-23lib/tdb: fix missing return 0 code.Rusty Russell1-1/+1
fde694274e1e5a11d1473695e7ec7a97f95d39e4 made tdb_mmap return an int, but didn't put the return 0 on the "internal db" case. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-22lib/tdb: fix OpenBSD incoherent mmap.Rusty Russell4-24/+58
This comment appears in two places in the code (commit 4c6a8273c6dd3e2aeda5a63c4a62aa55bc133099 from 2001): /* * We must ensure the file is unmapped before doing this * to ensure consistency with systems like OpenBSD where * writes and mmaps are not consistent. */ But this doesn't help, because if one process is using mmap and another using pwrite, we get incoherent results. As demonstrated by OpenBSD's failure on the tdb unit tests. Rather than disable mmap on OpenBSD, we test for this issue and force mmap to be enabled. This means that we will fail on very large TDBs on 32-bit systems, but it's better than the horrendous performance penalty on every OpenBSD system. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-22lib/tdb: fix up run-die-during-transaction test cases on Solaris.Rusty Russell4-5/+4
By using a different include order, we end up with a different version of FILE_OFFSET_BITS (and probably other things) in parts of the test. The different variants get linked together, and the result is weird: the stat returns 0 size. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-14lib/tdb: remove unnecessary XOPEN and FILE_OFFSET_BITS defines in test/Rusty Russell17-20/+0
These were relics: they don't need to be defined here as long as we are careful to include the replace headers before any standard headers (we are). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Wed Mar 14 10:12:26 CET 2012 on sn-devel-104
2012-03-10lib/tdb: fix tests for standalone out-of-tree.Rusty Russell1-1/+2
Commit 4d58d0fa8f936e7efdc02e31c053d42a47b3e62a didn't work for lib/tdb outside the build tree: symlink was pointing to wrong place. Copy simplification from lib/tdb2, and fix the build farm. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Sat Mar 10 07:07:45 CET 2012 on sn-devel-104
2012-02-14tdb: build and run unit tests in tdb/test/Rusty Russell1-7/+87
Now we can build the test binaries: the CCAN style is to compile everything called "compile_ok*.c", compile and run everything called "run*.c", compile, link with the module, and run everything called "api*.c", and link any other C files (presumably test helpers) into all the tests. Unfortunately, actually passing that between the various parts of wscript is painful, so I open-coded the names. Also, the tests expect to be run in a (temporary) directory they can pollute, with the test directory found in test/ (to find the canned TDB files, for example). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Tue Feb 14 06:53:46 CET 2012 on sn-devel-104
2012-02-14tdb/test: fix up tests for use in SAMBA tdb code.Rusty Russell5-13/+16
1) Make sure we include "tdb_private.h" first, to get the right headers (esp. the correct setting of _FILE_OFFSET_BITS before unistd.h). 2) Fix 3G file test since expand logic has changed. 3) Fix nested transaction test, since default is to allow nesting. 4) Capture fdatasync, which was slowing down transaction expand. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-02-14tdb: wean CCAN-style unit tests off of tap.Rusty Russell25-23/+64
We could use subunit, but that's overkill. Just print messages when we fail, and use exit status. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-02-14tdb: import unit tests from CCAN into tdb/test/Rusty Russell35-1/+2567
I pulled tdb into CCAN as an experiment a while ago; it doesn't belong there, but it has accumulated some important unit tests. These are copied from CCAN version init-1486-gc438ec1 with #include "../" changed to #include "../common/". Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-02-14tdb: make tdb_private.h idempotent.Rusty Russell1-0/+3
The most convenient way to write unit tests in C is to directly #include the C files (CCAN uses this, for example). That works quite well, but it means that tdb_private.h now needs to be protected against multiple inclusions. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-07Add "repack" command to tdbtool.Ira Cooper1-0/+7
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Jan 7 02:18:41 CET 2012 on sn-devel-104
2012-01-06Fix compile when TDB_TRACE is enabled.Ira Cooper1-1/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jan 6 04:16:41 CET 2012 on sn-devel-104
2011-12-25tdb: Use tdb_parse_record in tdb_update_hashVolker Lendecke1-12/+16
This avoids a tdb_fetch, thus a malloc/memcpy/free in the tdb_store path
2011-12-21tdb: don't free old recovery area when expanding if already at EOF.Rusty Russell1-17/+30
We allocate a new recovery area by expanding the file. But if the recovery area is already at the end of file (as shown in at least one client case), we can simply expand the record, rather than freeing it and creating a new one. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Wed Dec 21 06:25:40 CET 2011 on sn-devel-104
2011-12-21tdb: use same expansion factor logic when expanding for new recovery area.Rusty Russell3-21/+34
If we're expanding because the current recovery area is too small, we expand only the amount we need. This can quickly lead to exponential growth when we have a slowly-expanding record (hence a slowly-expanding transaction size). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-12-19tdb: Avoid a malloc/memcpy in _tdb_storeVolker Lendecke1-17/+8
2011-12-19tdb: be more careful on 4G files.Rusty Russell6-23/+53
I came across a tdb which had wrapped to 4G + 4K, and the contents had been destroyed by processes which thought it only 4k long. Fix this by checking on open, and making tdb_oob() check for wrap itself. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Mon Dec 19 07:52:01 CET 2011 on sn-devel-104
2011-12-13tdb: Fix python documentation for tdb moduleAmitay Isaacs1-1/+1
2011-11-24Remove unused variable.Jeremy Allison1-1/+0
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Nov 24 00:17:41 CET 2011 on sn-devel-104
2011-11-21Fix a bunch of "warning: variable ‘XXXX’ set but not used ↵Jeremy Allison1-3/+1
[-Wunused-but-set-variable]" warnings from the new gcc. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Nov 21 23:39:08 CET 2011 on sn-devel-104
2011-11-13waf: Factor checking for undefined symbol flags out into separate method.Jelmer Vernooij1-0/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 13 19:38:38 CET 2011 on sn-devel-104
2011-11-13pytdb: Shorter description which fits on a single line.Jelmer Vernooij1-1/+2
2011-11-13tdb: Only check for pkg-config file when checking for system tdb.Jelmer Vernooij1-1/+1
2011-08-21wafsamba: Only install .pc files if libraries are public.Jelmer Vernooij1-3/+1
2011-08-21tdb: Install pkg-config file.Jelmer Vernooij1-1/+3
2011-08-16tdb: increment sequence number in tdb_wipe_all().Rusty Russell1-0/+2
TDB2 testing revealed that tdb1 doesn't do this. It's minor, but fix it. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Tue Aug 16 10:47:41 CEST 2011 on sn-devel-104
2011-07-21tdb: remove 'EOF' print from tdbrestoreAndrew Tridgell1-1/+0
the EOF message is pointless, and makes for noisy scripts Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>