search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tdb: Make robust against shrinking tdbs
[Samba.git] / lib / tdb / common / io.c
blob649b70f639fb80a838ad961050b65855fc900872
1 /*
2 Unix SMB/CIFS implementation.
3
4 trivial database library
5
6 Copyright (C) Andrew Tridgell 1999-2005
7 Copyright (C) Paul `Rusty' Russell 2000
8 Copyright (C) Jeremy Allison 2000-2003
9
10 ** NOTE! The following LGPL license applies to the tdb
11 ** library. This does NOT imply that all of Samba is released
12 ** under the LGPL
13
14 This library is free software; you can redistribute it and/or
15 modify it under the terms of the GNU Lesser General Public
16 License as published by the Free Software Foundation; either
17 version 3 of the License, or (at your option) any later version.
18
19 This library is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 Lesser General Public License for more details.
23
24 You should have received a copy of the GNU Lesser General Public
25 License along with this library; if not, see <http://www.gnu.org/licenses/>.
26 */
27
28
29 #include "tdb_private.h"
30
31 /* check for an out of bounds access - if it is out of bounds then
32 see if the database has been expanded by someone else and expand
33 if necessary
34 note that "len" is the minimum length needed for the db
35 */
36 static int tdb_oob(struct tdb_context *tdb, tdb_off_t len, int probe)
37 {
38 struct stat st;
39 if (len <= tdb->map_size)
40 return 0;
41 if (tdb->flags & TDB_INTERNAL) {
42 if (!probe) {
43 /* Ensure ecode is set for log fn. */
44 tdb->ecode = TDB_ERR_IO;
45 TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_oob len %d beyond internal malloc size %d\n",
46 (int)len, (int)tdb->map_size));
47 }
48 return -1;
49 }
50
51 if (fstat(tdb->fd, &st) == -1) {
52 tdb->ecode = TDB_ERR_IO;
53 return -1;
54 }
55
56 /* Unmap, update size, remap */
57 if (tdb_munmap(tdb) == -1) {
58 tdb->ecode = TDB_ERR_IO;
59 return -1;
60 }
61 tdb->map_size = st.st_size;
62 tdb_mmap(tdb);
63
64 if (st.st_size < (size_t)len) {
65 if (!probe) {
66 /* Ensure ecode is set for log fn. */
67 tdb->ecode = TDB_ERR_IO;
68 TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_oob len %d beyond eof at %d\n",
69 (int)len, (int)st.st_size));
70 }
71 return -1;
72 }
73
74 return 0;
75 }
76
77 /* write a lump of data at a specified offset */
78 static int tdb_write(struct tdb_context *tdb, tdb_off_t off,
79 const void *buf, tdb_len_t len)
80 {
81 if (len == 0) {
82 return 0;
83 }
84
85 if (tdb->read_only || tdb->traverse_read) {
86 tdb->ecode = TDB_ERR_RDONLY;
87 return -1;
88 }
89
90 if (tdb->methods->tdb_oob(tdb, off + len, 0) != 0)
91 return -1;
92
93 if (tdb->map_ptr) {
94 memcpy(off + (char *)tdb->map_ptr, buf, len);
95 } else {
96 ssize_t written = pwrite(tdb->fd, buf, len, off);
97 if ((written != (ssize_t)len) && (written != -1)) {
98 /* try once more */
99 tdb->ecode = TDB_ERR_IO;
100 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_write: wrote only "
101 "%d of %d bytes at %d, trying once more\n",
102 (int)written, len, off));
103 written = pwrite(tdb->fd, (const char *)buf+written,
104 len-written,
105 off+written);
106 }
107 if (written == -1) {
108 /* Ensure ecode is set for log fn. */
109 tdb->ecode = TDB_ERR_IO;
110 TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_write failed at %d "
111 "len=%d (%s)\n", off, len, strerror(errno)));
112 return -1;
113 } else if (written != (ssize_t)len) {
114 tdb->ecode = TDB_ERR_IO;
115 TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_write: failed to "
116 "write %d bytes at %d in two attempts\n",
117 len, off));
118 return -1;
119 }
120 }
121 return 0;
122 }
123
124 /* Endian conversion: we only ever deal with 4 byte quantities */
125 void *tdb_convert(void *buf, uint32_t size)
126 {
127 uint32_t i, *p = (uint32_t *)buf;
128 for (i = 0; i < size / 4; i++)
129 p[i] = TDB_BYTEREV(p[i]);
130 return buf;
131 }
132
133
134 /* read a lump of data at a specified offset, maybe convert */
135 static int tdb_read(struct tdb_context *tdb, tdb_off_t off, void *buf,
136 tdb_len_t len, int cv)
137 {
138 if (tdb->methods->tdb_oob(tdb, off + len, 0) != 0) {
139 return -1;
140 }
141
142 if (tdb->map_ptr) {
143 memcpy(buf, off + (char *)tdb->map_ptr, len);
144 } else {
145 ssize_t ret = pread(tdb->fd, buf, len, off);
146 if (ret != (ssize_t)len) {
147 /* Ensure ecode is set for log fn. */
148 tdb->ecode = TDB_ERR_IO;
149 TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_read failed at %d "
150 "len=%d ret=%d (%s) map_size=%d\n",
151 (int)off, (int)len, (int)ret, strerror(errno),
152 (int)tdb->map_size));
153 return -1;
154 }
155 }
156 if (cv) {
157 tdb_convert(buf, len);
158 }
159 return 0;
160 }
161
162
163
164 /*
165 do an unlocked scan of the hash table heads to find the next non-zero head. The value
166 will then be confirmed with the lock held
167 */
168 static void tdb_next_hash_chain(struct tdb_context *tdb, uint32_t *chain)
169 {
170 uint32_t h = *chain;
171 if (tdb->map_ptr) {
172 for (;h < tdb->header.hash_size;h++) {
173 if (0 != *(uint32_t *)(TDB_HASH_TOP(h) + (unsigned char *)tdb->map_ptr)) {
174 break;
175 }
176 }
177 } else {
178 uint32_t off=0;
179 for (;h < tdb->header.hash_size;h++) {
180 if (tdb_ofs_read(tdb, TDB_HASH_TOP(h), &off) != 0 || off != 0) {
181 break;
182 }
183 }
184 }
185 (*chain) = h;
186 }
187
188
189 int tdb_munmap(struct tdb_context *tdb)
190 {
191 if (tdb->flags & TDB_INTERNAL)
192 return 0;
193
194 #ifdef HAVE_MMAP
195 if (tdb->map_ptr) {
196 int ret;
197
198 ret = munmap(tdb->map_ptr, tdb->map_size);
199 if (ret != 0)
200 return ret;
201 }
202 #endif
203 tdb->map_ptr = NULL;
204 return 0;
205 }
206
207 void tdb_mmap(struct tdb_context *tdb)
208 {
209 if (tdb->flags & TDB_INTERNAL)
210 return;
211
212 #ifdef HAVE_MMAP
213 if (!(tdb->flags & TDB_NOMMAP)) {
214 tdb->map_ptr = mmap(NULL, tdb->map_size,
215 PROT_READ|(tdb->read_only? 0:PROT_WRITE),
216 MAP_SHARED|MAP_FILE, tdb->fd, 0);
217
218 /*
219 * NB. When mmap fails it returns MAP_FAILED *NOT* NULL !!!!
220 */
221
222 if (tdb->map_ptr == MAP_FAILED) {
223 tdb->map_ptr = NULL;
224 TDB_LOG((tdb, TDB_DEBUG_WARNING, "tdb_mmap failed for size %d (%s)\n",
225 tdb->map_size, strerror(errno)));
226 }
227 } else {
228 tdb->map_ptr = NULL;
229 }
230 #else
231 tdb->map_ptr = NULL;
232 #endif
233 }
234
235 /* expand a file. we prefer to use ftruncate, as that is what posix
236 says to use for mmap expansion */
237 static int tdb_expand_file(struct tdb_context *tdb, tdb_off_t size, tdb_off_t addition)
238 {
239 char buf[8192];
240
241 if (tdb->read_only || tdb->traverse_read) {
242 tdb->ecode = TDB_ERR_RDONLY;
243 return -1;
244 }
245
246 if (ftruncate(tdb->fd, size+addition) == -1) {
247 char b = 0;
248 ssize_t written = pwrite(tdb->fd, &b, 1, (size+addition) - 1);
249 if (written == 0) {
250 /* try once more, potentially revealing errno */
251 written = pwrite(tdb->fd, &b, 1, (size+addition) - 1);
252 }
253 if (written == 0) {
254 /* again - give up, guessing errno */
255 errno = ENOSPC;
256 }
257 if (written != 1) {
258 TDB_LOG((tdb, TDB_DEBUG_FATAL, "expand_file to %d failed (%s)\n",
259 size+addition, strerror(errno)));
260 return -1;
261 }
262 }
263
264 /* now fill the file with something. This ensures that the
265 file isn't sparse, which would be very bad if we ran out of
266 disk. This must be done with write, not via mmap */
267 memset(buf, TDB_PAD_BYTE, sizeof(buf));
268 while (addition) {
269 size_t n = addition>sizeof(buf)?sizeof(buf):addition;
270 ssize_t written = pwrite(tdb->fd, buf, n, size);
271 if (written == 0) {
272 /* prevent infinite loops: try _once_ more */
273 written = pwrite(tdb->fd, buf, n, size);
274 }
275 if (written == 0) {
276 /* give up, trying to provide a useful errno */
277 TDB_LOG((tdb, TDB_DEBUG_FATAL, "expand_file write "
278 "returned 0 twice: giving up!\n"));
279 errno = ENOSPC;
280 return -1;
281 } else if (written == -1) {
282 TDB_LOG((tdb, TDB_DEBUG_FATAL, "expand_file write of "
283 "%d bytes failed (%s)\n", (int)n,
284 strerror(errno)));
285 return -1;
286 } else if (written != n) {
287 TDB_LOG((tdb, TDB_DEBUG_WARNING, "expand_file: wrote "
288 "only %d of %d bytes - retrying\n", (int)written,
289 (int)n));
290 }
291 addition -= written;
292 size += written;
293 }
294 return 0;
295 }
296
297
298 /* expand the database at least size bytes by expanding the underlying
299 file and doing the mmap again if necessary */
300 int tdb_expand(struct tdb_context *tdb, tdb_off_t size)
301 {
302 struct tdb_record rec;
303 tdb_off_t offset, new_size, top_size, map_size;
304
305 if (tdb_lock(tdb, -1, F_WRLCK) == -1) {
306 TDB_LOG((tdb, TDB_DEBUG_ERROR, "lock failed in tdb_expand\n"));
307 return -1;
308 }
309
310 /* must know about any previous expansions by another process */
311 tdb->methods->tdb_oob(tdb, tdb->map_size + 1, 1);
312
313 /* limit size in order to avoid using up huge amounts of memory for
314 * in memory tdbs if an oddball huge record creeps in */
315 if (size > 100 * 1024) {
316 top_size = tdb->map_size + size * 2;
317 } else {
318 top_size = tdb->map_size + size * 100;
319 }
320
321 /* always make room for at least top_size more records, and at
322 least 25% more space. if the DB is smaller than 100MiB,
323 otherwise grow it by 10% only. */
324 if (tdb->map_size > 100 * 1024 * 1024) {
325 map_size = tdb->map_size * 1.10;
326 } else {
327 map_size = tdb->map_size * 1.25;
328 }
329
330 /* Round the database up to a multiple of the page size */
331 new_size = MAX(top_size, map_size);
332 size = TDB_ALIGN(new_size, tdb->page_size) - tdb->map_size;
333
334 if (!(tdb->flags & TDB_INTERNAL))
335 tdb_munmap(tdb);
336
337 /*
338 * We must ensure the file is unmapped before doing this
339 * to ensure consistency with systems like OpenBSD where
340 * writes and mmaps are not consistent.
341 */
342
343 /* expand the file itself */
344 if (!(tdb->flags & TDB_INTERNAL)) {
345 if (tdb->methods->tdb_expand_file(tdb, tdb->map_size, size) != 0)
346 goto fail;
347 }
348
349 tdb->map_size += size;
350
351 if (tdb->flags & TDB_INTERNAL) {
352 char *new_map_ptr = (char *)realloc(tdb->map_ptr,
353 tdb->map_size);
354 if (!new_map_ptr) {
355 tdb->map_size -= size;
356 goto fail;
357 }
358 tdb->map_ptr = new_map_ptr;
359 } else {
360 /*
361 * We must ensure the file is remapped before adding the space
362 * to ensure consistency with systems like OpenBSD where
363 * writes and mmaps are not consistent.
364 */
365
366 /* We're ok if the mmap fails as we'll fallback to read/write */
367 tdb_mmap(tdb);
368 }
369
370 /* form a new freelist record */
371 memset(&rec,'\0',sizeof(rec));
372 rec.rec_len = size - sizeof(rec);
373
374 /* link it into the free list */
375 offset = tdb->map_size - size;
376 if (tdb_free(tdb, offset, &rec) == -1)
377 goto fail;
378
379 tdb_unlock(tdb, -1, F_WRLCK);
380 return 0;
381 fail:
382 tdb_unlock(tdb, -1, F_WRLCK);
383 return -1;
384 }
385
386 /* read/write a tdb_off_t */
387 int tdb_ofs_read(struct tdb_context *tdb, tdb_off_t offset, tdb_off_t *d)
388 {
389 return tdb->methods->tdb_read(tdb, offset, (char*)d, sizeof(*d), DOCONV());
390 }
391
392 int tdb_ofs_write(struct tdb_context *tdb, tdb_off_t offset, tdb_off_t *d)
393 {
394 tdb_off_t off = *d;
395 return tdb->methods->tdb_write(tdb, offset, CONVERT(off), sizeof(*d));
396 }
397
398
399 /* read a lump of data, allocating the space for it */
400 unsigned char *tdb_alloc_read(struct tdb_context *tdb, tdb_off_t offset, tdb_len_t len)
401 {
402 unsigned char *buf;
403
404 /* some systems don't like zero length malloc */
405
406 if (!(buf = (unsigned char *)malloc(len ? len : 1))) {
407 /* Ensure ecode is set for log fn. */
408 tdb->ecode = TDB_ERR_OOM;
409 TDB_LOG((tdb, TDB_DEBUG_ERROR,"tdb_alloc_read malloc failed len=%d (%s)\n",
410 len, strerror(errno)));
411 return NULL;
412 }
413 if (tdb->methods->tdb_read(tdb, offset, buf, len, 0) == -1) {
414 SAFE_FREE(buf);
415 return NULL;
416 }
417 return buf;
418 }
419
420 /* Give a piece of tdb data to a parser */
421
422 int tdb_parse_data(struct tdb_context *tdb, TDB_DATA key,
423 tdb_off_t offset, tdb_len_t len,
424 int (*parser)(TDB_DATA key, TDB_DATA data,
425 void *private_data),
426 void *private_data)
427 {
428 TDB_DATA data;
429 int result;
430
431 data.dsize = len;
432
433 if ((tdb->transaction == NULL) && (tdb->map_ptr != NULL)) {
434 /*
435 * Optimize by avoiding the malloc/memcpy/free, point the
436 * parser directly at the mmap area.
437 */
438 if (tdb->methods->tdb_oob(tdb, offset+len, 0) != 0) {
439 return -1;
440 }
441 data.dptr = offset + (unsigned char *)tdb->map_ptr;
442 return parser(key, data, private_data);
443 }
444
445 if (!(data.dptr = tdb_alloc_read(tdb, offset, len))) {
446 return -1;
447 }
448
449 result = parser(key, data, private_data);
450 free(data.dptr);
451 return result;
452 }
453
454 /* read/write a record */
455 int tdb_rec_read(struct tdb_context *tdb, tdb_off_t offset, struct tdb_record *rec)
456 {
457 if (tdb->methods->tdb_read(tdb, offset, rec, sizeof(*rec),DOCONV()) == -1)
458 return -1;
459 if (TDB_BAD_MAGIC(rec)) {
460 /* Ensure ecode is set for log fn. */
461 tdb->ecode = TDB_ERR_CORRUPT;
462 TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_rec_read bad magic 0x%x at offset=%d\n", rec->magic, offset));
463 return -1;
464 }
465 return tdb->methods->tdb_oob(tdb, rec->next+sizeof(*rec), 0);
466 }
467
468 int tdb_rec_write(struct tdb_context *tdb, tdb_off_t offset, struct tdb_record *rec)
469 {
470 struct tdb_record r = *rec;
471 return tdb->methods->tdb_write(tdb, offset, CONVERT(r), sizeof(r));
472 }
473
474 static const struct tdb_methods io_methods = {
475 tdb_read,
476 tdb_write,
477 tdb_next_hash_chain,
478 tdb_oob,
479 tdb_expand_file,
480 };
481
482 /*
483 initialise the default methods table
484 */
485 void tdb_io_init(struct tdb_context *tdb)
486 {
487 tdb->methods = &io_methods;
488 }
Samba GIT mirror