static void
printServerInfo(void)
{
struct ubik_server *ts;
int i, j = 1;
char hoststr[16];
ubik_print("Local CellServDB:\n");
for (ts = ubik_servers; ts; ts = ts->next, j++) {
ubik_print(" Server %d:\n", j);
for (i = 0; (i < UBIK_MAX_INTERFACE_ADDR) && ts->addr[i]; i++)
ubik_print(" ... %s\n", afs_inet_ntoa_r(ts->addr[i], hoststr));
}
}
/*!
* \brief Release the transaction lock.
*/
void
ulock_relLock(struct ubik_trans *atrans)
{
if (atrans->locktype == LOCKWRITE && (atrans->flags & TRREADWRITE)) {
ubik_print("Ubik: Internal Error: unlocking write lock with "
"TRREADWRITE?\n");
abort();
}
if (atrans->flags & TRREADWRITE) {
/* noop, TRREADWRITE means we don't actually lock anything */
} else if (atrans->locktype == LOCKREAD) {
ReleaseReadLock(&rwlock);
} else if (atrans->locktype == LOCKWRITE) {
ReleaseWriteLock(&rwlock);
}
/*
*ubik_print("Ubik: DEBUG: Thread 0x%x %s unlock\n", lwp_cpptr,
* ((atrans->locktype == LOCKREAD) ? "READ" : "WRITE"));
*/
atrans->locktype = 0;
return;
}
/*!
* \brief Create a new slot for a particular dbase page.
*/
static struct buffer *
newslot(struct ubik_dbase *adbase, afs_int32 afid, afs_int32 apage)
{
/* Find a usable buffer slot */
afs_int32 i;
struct buffer *pp, *tp;
pp = 0; /* last pure */
for (i = 0, tp = LruBuffer; i < nbuffers; i++, tp = tp->lru_next) {
if (!tp->lockers && !tp->dirty) {
pp = tp;
break;
}
}
if (pp == 0) {
/* There are no unlocked buffers that don't need to be written to the disk. */
ubik_print
("Ubik: Internal Error: Unable to find free buffer in ubik cache\n");
return NULL;
}
/* Now fill in the header. */
pp->dbase = adbase;
pp->file = afid;
pp->page = apage;
FixupBucket(pp); /* move to the right hash bucket */
Dmru(pp);
return pp;
}
/*!
* \brief Get a pointer to a particular buffer.
*/
static char *
DRead(struct ubik_trans *atrans, afs_int32 fid, int page)
{
/* Read a page from the disk. */
struct buffer *tb, *lastbuffer, *found_tb = NULL;
afs_int32 code;
struct ubik_dbase *dbase = atrans->dbase;
calls++;
lastbuffer = LruBuffer->lru_prev;
/* Skip for write transactions for a clean page - this may not be the right page to use */
if (MatchBuffer(lastbuffer, page, fid, atrans)
&& (atrans->type == UBIK_READTRANS || lastbuffer->dirty)) {
tb = lastbuffer;
tb->lockers++;
lastb++;
return tb->data;
}
for (tb = phTable[pHash(page)]; tb; tb = tb->hashNext) {
if (MatchBuffer(tb, page, fid, atrans)) {
if (tb->dirty || atrans->type == UBIK_READTRANS) {
found_tb = tb;
break;
}
/* Remember this clean page - we might use it */
found_tb = tb;
}
}
/* For a write transaction, use a matching clean page if no dirty one was found */
if (found_tb) {
Dmru(found_tb);
found_tb->lockers++;
return found_tb->data;
}
/* can't find it */
tb = newslot(dbase, fid, page);
if (!tb)
return 0;
memset(tb->data, 0, UBIK_PAGESIZE);
tb->lockers++;
code =
(*dbase->read) (dbase, fid, tb->data, page * UBIK_PAGESIZE,
UBIK_PAGESIZE);
if (code < 0) {
tb->file = BADFID;
Dlru(tb);
tb->lockers--;
ubik_print("Ubik: Error reading database file: errno=%d\n", errno);
return 0;
}
ios++;
/* Note that findslot sets the page field in the buffer equal to
* what it is searching for.
*/
return tb->data;
}
/*!
* \brief Set a transaction lock.
* \param atype is #LOCKREAD or #LOCKWRITE.
* \param await is TRUE if you want to wait for the lock instead of returning
* #EWOULDBLOCK.
*
* \note The #DBHOLD lock must be held.
*/
extern int
ulock_getLock(struct ubik_trans *atrans, int atype, int await)
{
struct ubik_dbase *dbase = atrans->dbase;
if ((atype != LOCKREAD) && (atype != LOCKWRITE))
return EINVAL;
if (atrans->flags & TRDONE)
return UDONE;
if (atype != LOCKREAD && (atrans->flags & TRREADWRITE)) {
return EINVAL;
}
if (atrans->locktype != 0) {
ubik_print("Ubik: Internal Error: attempted to take lock twice\n");
abort();
}
/*
*ubik_print("Ubik: DEBUG: Thread 0x%x request %s lock\n", lwp_cpptr,
* ((atype == LOCKREAD) ? "READ" : "WRITE"));
*/
/* Check if the lock would would block */
if (!await && !(atrans->flags & TRREADWRITE)) {
if (atype == LOCKREAD) {
if (WouldReadBlock(&rwlock))
return EAGAIN;
} else {
if (WouldWriteBlock(&rwlock))
return EAGAIN;
}
}
/* Create new lock record and add to spec'd transaction:
* locktype. This field also tells us if the thread is
* waiting for a lock: It will be equal to LOCKWAIT.
*/
atrans->locktype = LOCKWAIT;
DBRELE(dbase);
if (atrans->flags & TRREADWRITE) {
/* noop; don't actually lock anything for TRREADWRITE */
} else if (atype == LOCKREAD) {
ObtainReadLock(&rwlock);
} else {
ObtainWriteLock(&rwlock);
}
DBHOLD(dbase);
atrans->locktype = atype;
/*
*ubik_print("Ubik: DEBUG: Thread 0x%x took %s lock\n", lwp_cpptr,
* ((atype == LOCKREAD) ? "READ" : "WRITE"));
*/
return 0;
}
/*!
* \brief send a Probe to all the network address of this server
*
* \return 0 if success, else return 1
*/
int
DoProbe(struct ubik_server *server)
{
struct rx_connection *conns[UBIK_MAX_INTERFACE_ADDR];
struct rx_connection *connSuccess = 0;
int i, j;
afs_uint32 addr;
char buffer[32];
char hoststr[16];
extern afs_int32 ubikSecIndex;
extern struct rx_securityClass *ubikSecClass;
for (i = 0; (addr = server->addr[i]) && (i < UBIK_MAX_INTERFACE_ADDR);
i++) {
conns[i] =
rx_NewConnection(addr, ubik_callPortal, DISK_SERVICE_ID,
ubikSecClass, ubikSecIndex);
/* user requirement to use only the primary interface */
if (ubikPrimaryAddrOnly) {
i = 1;
break;
}
}
assert(i); /* at least one interface address for this server */
multi_Rx(conns, i) {
multi_DISK_Probe();
if (!multi_error) { /* first success */
addr = server->addr[multi_i]; /* successful interface addr */
if (server->disk_rxcid) /* destroy existing conn */
rx_DestroyConnection(server->disk_rxcid);
if (server->vote_rxcid)
rx_DestroyConnection(server->vote_rxcid);
/* make new connections */
server->disk_rxcid = conns[multi_i];
server->vote_rxcid = rx_NewConnection(addr, ubik_callPortal, VOTE_SERVICE_ID, ubikSecClass, ubikSecIndex); /* for vote reqs */
connSuccess = conns[multi_i];
strcpy(buffer, afs_inet_ntoa_r(server->addr[0], hoststr));
ubik_print
("ubik:server %s is back up: will be contacted through %s\n",
buffer, afs_inet_ntoa_r(addr, hoststr));
multi_Abort;
}
} multi_End_Ignore;
/*!
* \brief Get a pointer to a particular buffer.
*/
static char *
DRead(struct ubik_trans *atrans, afs_int32 fid, int page)
{
/* Read a page from the disk. */
struct buffer *tb, *lastbuffer;
afs_int32 code;
struct ubik_dbase *dbase = atrans->dbase;
calls++;
lastbuffer = LruBuffer->lru_prev;
if (MatchBuffer(lastbuffer, page, fid, atrans)) {
tb = lastbuffer;
tb->lockers++;
lastb++;
return tb->data;
}
for (tb = phTable[pHash(page)]; tb; tb = tb->hashNext) {
if (MatchBuffer(tb, page, fid, atrans)) {
Dmru(tb);
tb->lockers++;
return tb->data;
}
}
/* can't find it */
tb = newslot(dbase, fid, page);
if (!tb)
return 0;
memset(tb->data, 0, UBIK_PAGESIZE);
tb->lockers++;
code =
(*dbase->read) (dbase, fid, tb->data, page * UBIK_PAGESIZE,
UBIK_PAGESIZE);
if (code < 0) {
tb->file = BADFID;
Dlru(tb);
tb->lockers--;
ubik_print("Ubik: Error reading database file: errno=%d\n", errno);
return 0;
}
ios++;
/* Note that findslot sets the page field in the buffer equal to
* what it is searching for.
*/
return tb->data;
}
/*!
* \brief Main interaction loop for the recovery manager
*
* The recovery light-weight process only runs when you're the
* synchronization site. It performs the following tasks, if and only
* if the prerequisite tasks have been performed successfully (it
* keeps track of which ones have been performed in its bit map,
* \p urecovery_state).
*
* First, it is responsible for probing that all servers are up. This
* is the only operation that must be performed even if this is not
* yet the sync site, since otherwise this site may not notice that
* enough other machines are running to even elect this guy to be the
* sync site.
*
* After that, the recovery process does nothing until the beacon and
* voting modules manage to get this site elected sync site.
*
* After becoming sync site, recovery first attempts to find the best
* database available in the network (it must do this in order to
* ensure finding the latest committed data). After finding the right
* database, it must fetch this dbase to the sync site.
*
* After fetching the dbase, it relabels it with a new version number,
* to ensure that everyone recognizes this dbase as the most recent
* dbase.
*
* One the dbase has been relabelled, this machine can start handling
* requests. However, the recovery module still has one more task:
* propagating the dbase out to everyone who is up in the network.
*/
void *
urecovery_Interact(void *dummy)
{
afs_int32 code, tcode;
struct ubik_server *bestServer = NULL;
struct ubik_server *ts;
int dbok, doingRPC, now;
afs_int32 lastProbeTime;
/* if we're the sync site, the best db version we've found yet */
static struct ubik_version bestDBVersion;
struct ubik_version tversion;
struct timeval tv;
int length, tlen, offset, file, nbytes;
struct rx_call *rxcall;
char tbuffer[1024];
struct ubik_stat ubikstat;
struct in_addr inAddr;
char hoststr[16];
char pbuffer[1028];
int fd = -1;
afs_int32 pass;
afs_pthread_setname_self("recovery");
/* otherwise, begin interaction */
urecovery_state = 0;
lastProbeTime = 0;
while (1) {
/* Run through this loop every 4 seconds */
tv.tv_sec = 4;
tv.tv_usec = 0;
#ifdef AFS_PTHREAD_ENV
select(0, 0, 0, 0, &tv);
#else
IOMGR_Select(0, 0, 0, 0, &tv);
#endif
ubik_dprint("recovery running in state %x\n", urecovery_state);
/* Every 30 seconds, check all the down servers and mark them
* as up if they respond. When a server comes up or found to
* not be current, then re-find the the best database and
* propogate it.
*/
if ((now = FT_ApproxTime()) > 30 + lastProbeTime) {
for (ts = ubik_servers, doingRPC = 0; ts; ts = ts->next) {
UBIK_BEACON_LOCK;
if (!ts->up) {
UBIK_BEACON_UNLOCK;
doingRPC = 1;
code = DoProbe(ts);
if (code == 0) {
UBIK_BEACON_LOCK;
ts->up = 1;
UBIK_BEACON_UNLOCK;
DBHOLD(ubik_dbase);
urecovery_state &= ~UBIK_RECFOUNDDB;
DBRELE(ubik_dbase);
}
} else {
UBIK_BEACON_UNLOCK;
DBHOLD(ubik_dbase);
if (!ts->currentDB)
urecovery_state &= ~UBIK_RECFOUNDDB;
DBRELE(ubik_dbase);
}
}
if (doingRPC)
now = FT_ApproxTime();
lastProbeTime = now;
}
/* Mark whether we are the sync site */
DBHOLD(ubik_dbase);
if (!ubeacon_AmSyncSite()) {
urecovery_state &= ~UBIK_RECSYNCSITE;
DBRELE(ubik_dbase);
continue; /* nothing to do */
}
urecovery_state |= UBIK_RECSYNCSITE;
/* If a server has just come up or if we have not found the
* most current database, then go find the most current db.
*/
if (!(urecovery_state & UBIK_RECFOUNDDB)) {
DBRELE(ubik_dbase);
bestServer = (struct ubik_server *)0;
bestDBVersion.epoch = 0;
bestDBVersion.counter = 0;
for (ts = ubik_servers; ts; ts = ts->next) {
UBIK_BEACON_LOCK;
if (!ts->up) {
UBIK_BEACON_UNLOCK;
continue; /* don't bother with these guys */
}
UBIK_BEACON_UNLOCK;
if (ts->isClone)
continue;
UBIK_ADDR_LOCK;
code = DISK_GetVersion(ts->disk_rxcid, &ts->version);
UBIK_ADDR_UNLOCK;
if (code == 0) {
/* perhaps this is the best version */
if (vcmp(ts->version, bestDBVersion) > 0) {
/* new best version */
bestDBVersion = ts->version;
bestServer = ts;
}
}
}
/* take into consideration our version. Remember if we,
* the sync site, have the best version. Also note that
* we may need to send the best version out.
*/
DBHOLD(ubik_dbase);
if (vcmp(ubik_dbase->version, bestDBVersion) >= 0) {
bestDBVersion = ubik_dbase->version;
bestServer = (struct ubik_server *)0;
urecovery_state |= UBIK_RECHAVEDB;
} else {
/* Clear the flag only when we know we have to retrieve
* the db. Because urecovery_AllBetter() looks at it.
*/
urecovery_state &= ~UBIK_RECHAVEDB;
}
urecovery_state |= UBIK_RECFOUNDDB;
urecovery_state &= ~UBIK_RECSENTDB;
}
if (!(urecovery_state & UBIK_RECFOUNDDB)) {
DBRELE(ubik_dbase);
continue; /* not ready */
}
/* If we, the sync site, do not have the best db version, then
* go and get it from the server that does.
*/
if ((urecovery_state & UBIK_RECHAVEDB) || !bestServer) {
urecovery_state |= UBIK_RECHAVEDB;
} else {
/* we don't have the best version; we should fetch it. */
urecovery_AbortAll(ubik_dbase);
/* Rx code to do the Bulk fetch */
file = 0;
offset = 0;
UBIK_ADDR_LOCK;
rxcall = rx_NewCall(bestServer->disk_rxcid);
ubik_print("Ubik: Synchronize database with server %s\n",
afs_inet_ntoa_r(bestServer->addr[0], hoststr));
UBIK_ADDR_UNLOCK;
code = StartDISK_GetFile(rxcall, file);
if (code) {
ubik_dprint("StartDiskGetFile failed=%d\n", code);
goto FetchEndCall;
}
nbytes = rx_Read(rxcall, (char *)&length, sizeof(afs_int32));
length = ntohl(length);
if (nbytes != sizeof(afs_int32)) {
ubik_dprint("Rx-read length error=%d\n", code = BULK_ERROR);
code = EIO;
goto FetchEndCall;
}
/* give invalid label during file transit */
UBIK_VERSION_LOCK;
tversion.epoch = 0;
code = (*ubik_dbase->setlabel) (ubik_dbase, file, &tversion);
UBIK_VERSION_UNLOCK;
if (code) {
ubik_dprint("setlabel io error=%d\n", code);
goto FetchEndCall;
}
snprintf(pbuffer, sizeof(pbuffer), "%s.DB%s%d.TMP",
ubik_dbase->pathName, (file<0)?"SYS":"",
(file<0)?-file:file);
fd = open(pbuffer, O_CREAT | O_RDWR | O_TRUNC, 0600);
if (fd < 0) {
code = errno;
goto FetchEndCall;
}
code = lseek(fd, HDRSIZE, 0);
if (code != HDRSIZE) {
close(fd);
goto FetchEndCall;
}
pass = 0;
while (length > 0) {
tlen = (length > sizeof(tbuffer) ? sizeof(tbuffer) : length);
#ifndef AFS_PTHREAD_ENV
if (pass % 4 == 0)
IOMGR_Poll();
#endif
nbytes = rx_Read(rxcall, tbuffer, tlen);
if (nbytes != tlen) {
ubik_dprint("Rx-read bulk error=%d\n", code = BULK_ERROR);
code = EIO;
close(fd);
goto FetchEndCall;
}
nbytes = write(fd, tbuffer, tlen);
pass++;
if (nbytes != tlen) {
code = UIOERROR;
close(fd);
goto FetchEndCall;
}
offset += tlen;
length -= tlen;
}
code = close(fd);
if (code)
goto FetchEndCall;
code = EndDISK_GetFile(rxcall, &tversion);
FetchEndCall:
tcode = rx_EndCall(rxcall, code);
if (!code)
code = tcode;
if (!code) {
/* we got a new file, set up its header */
urecovery_state |= UBIK_RECHAVEDB;
UBIK_VERSION_LOCK;
memcpy(&ubik_dbase->version, &tversion,
sizeof(struct ubik_version));
snprintf(tbuffer, sizeof(tbuffer), "%s.DB%s%d",
ubik_dbase->pathName, (file<0)?"SYS":"",
(file<0)?-file:file);
#ifdef AFS_NT40_ENV
snprintf(pbuffer, sizeof(pbuffer), "%s.DB%s%d.OLD",
ubik_dbase->pathName, (file<0)?"SYS":"",
(file<0)?-file:file);
code = unlink(pbuffer);
if (!code)
code = rename(tbuffer, pbuffer);
snprintf(pbuffer, sizeof(pbuffer), "%s.DB%s%d.TMP",
ubik_dbase->pathName, (file<0)?"SYS":"",
(file<0)?-file:file);
#endif
if (!code)
code = rename(pbuffer, tbuffer);
if (!code) {
(*ubik_dbase->open) (ubik_dbase, file);
/* after data is good, sync disk with correct label */
code =
(*ubik_dbase->setlabel) (ubik_dbase, 0,
&ubik_dbase->version);
}
UBIK_VERSION_UNLOCK;
#ifdef AFS_NT40_ENV
snprintf(pbuffer, sizeof(pbuffer), "%s.DB%s%d.OLD",
ubik_dbase->pathName, (file<0)?"SYS":"",
(file<0)?-file:file);
unlink(pbuffer);
#endif
}
if (code) {
unlink(pbuffer);
/*
* We will effectively invalidate the old data forever now.
* Unclear if we *should* but we do.
*/
UBIK_VERSION_LOCK;
ubik_dbase->version.epoch = 0;
ubik_dbase->version.counter = 0;
UBIK_VERSION_UNLOCK;
ubik_print("Ubik: Synchronize database failed (error = %d)\n",
code);
} else {
ubik_print("Ubik: Synchronize database completed\n");
urecovery_state |= UBIK_RECHAVEDB;
}
udisk_Invalidate(ubik_dbase, 0); /* data has changed */
#ifdef AFS_PTHREAD_ENV
CV_BROADCAST(&ubik_dbase->version_cond);
#else
LWP_NoYieldSignal(&ubik_dbase->version);
#endif
}
if (!(urecovery_state & UBIK_RECHAVEDB)) {
DBRELE(ubik_dbase);
continue; /* not ready */
}
/* If the database was newly initialized, then when we establish quorum, write
* a new label. This allows urecovery_AllBetter() to allow access for reads.
* Setting it to 2 also allows another site to come along with a newer
* database and overwrite this one.
*/
if (ubik_dbase->version.epoch == 1) {
urecovery_AbortAll(ubik_dbase);
UBIK_VERSION_LOCK;
version_globals.ubik_epochTime = 2;
ubik_dbase->version.epoch = version_globals.ubik_epochTime;
ubik_dbase->version.counter = 1;
code =
(*ubik_dbase->setlabel) (ubik_dbase, 0, &ubik_dbase->version);
UBIK_VERSION_UNLOCK;
udisk_Invalidate(ubik_dbase, 0); /* data may have changed */
#ifdef AFS_PTHREAD_ENV
CV_BROADCAST(&ubik_dbase->version_cond);
#else
LWP_NoYieldSignal(&ubik_dbase->version);
#endif
}
/* Check the other sites and send the database to them if they
* do not have the current db.
*/
if (!(urecovery_state & UBIK_RECSENTDB)) {
/* now propagate out new version to everyone else */
dbok = 1; /* start off assuming they all worked */
/*
* Check if a write transaction is in progress. We can't send the
* db when a write is in progress here because the db would be
* obsolete as soon as it goes there. Also, ops after the begin
* trans would reach the recepient and wouldn't find a transaction
* pending there. Frankly, I don't think it's possible to get past
* the write-lock above if there is a write transaction in progress,
* but then, it won't hurt to check, will it?
*/
if (ubik_dbase->flags & DBWRITING) {
struct timeval tv;
int safety = 0;
long cur_usec = 50000;
while ((ubik_dbase->flags & DBWRITING) && (safety < 500)) {
DBRELE(ubik_dbase);
/* sleep for a little while */
tv.tv_sec = 0;
tv.tv_usec = cur_usec;
#ifdef AFS_PTHREAD_ENV
select(0, 0, 0, 0, &tv);
#else
IOMGR_Select(0, 0, 0, 0, &tv);
#endif
cur_usec += 10000;
safety++;
DBHOLD(ubik_dbase);
}
}
for (ts = ubik_servers; ts; ts = ts->next) {
UBIK_ADDR_LOCK;
inAddr.s_addr = ts->addr[0];
UBIK_ADDR_UNLOCK;
UBIK_BEACON_LOCK;
if (!ts->up) {
UBIK_BEACON_UNLOCK;
ubik_dprint("recovery cannot send version to %s\n",
afs_inet_ntoa_r(inAddr.s_addr, hoststr));
dbok = 0;
continue;
}
UBIK_BEACON_UNLOCK;
ubik_dprint("recovery sending version to %s\n",
afs_inet_ntoa_r(inAddr.s_addr, hoststr));
if (vcmp(ts->version, ubik_dbase->version) != 0) {
ubik_dprint("recovery stating local database\n");
/* Rx code to do the Bulk Store */
code = (*ubik_dbase->stat) (ubik_dbase, 0, &ubikstat);
if (!code) {
length = ubikstat.size;
file = offset = 0;
UBIK_ADDR_LOCK;
rxcall = rx_NewCall(ts->disk_rxcid);
UBIK_ADDR_UNLOCK;
code =
StartDISK_SendFile(rxcall, file, length,
&ubik_dbase->version);
if (code) {
ubik_dprint("StartDiskSendFile failed=%d\n",
code);
goto StoreEndCall;
}
while (length > 0) {
tlen =
(length >
sizeof(tbuffer) ? sizeof(tbuffer) : length);
nbytes =
(*ubik_dbase->read) (ubik_dbase, file,
tbuffer, offset, tlen);
if (nbytes != tlen) {
ubik_dprint("Local disk read error=%d\n",
code = UIOERROR);
goto StoreEndCall;
}
nbytes = rx_Write(rxcall, tbuffer, tlen);
if (nbytes != tlen) {
ubik_dprint("Rx-write bulk error=%d\n", code =
BULK_ERROR);
goto StoreEndCall;
}
offset += tlen;
length -= tlen;
}
code = EndDISK_SendFile(rxcall);
StoreEndCall:
code = rx_EndCall(rxcall, code);
}
if (code == 0) {
/* we set a new file, process its header */
ts->version = ubik_dbase->version;
ts->currentDB = 1;
} else
dbok = 0;
} else {
/* mark file up to date */
ts->currentDB = 1;
}
}
if (dbok)
urecovery_state |= UBIK_RECSENTDB;
}
DBRELE(ubik_dbase);
}
return NULL;
}
/*!
* \brief replay logs
*
* log format is defined here, and implicitly in disk.c
*
* 4 byte opcode, followed by parameters, each 4 bytes long. All integers
* are in logged in network standard byte order, in case we want to move logs
* from machine-to-machine someday.
*
* Begin transaction: opcode \n
* Commit transaction: opcode, version (8 bytes) \n
* Truncate file: opcode, file number, length \n
* Abort transaction: opcode \n
* Write data: opcode, file, position, length, <length> data bytes \n
*
* A very simple routine, it just replays the log. Note that this is a new-value only log, which
* implies that no uncommitted data is written to the dbase: one writes data to the log, including
* the commit record, then we allow data to be written through to the dbase. In our particular
* implementation, once a transaction is done, we write out the pages to the database, so that
* our buffer package doesn't have to know about stable and uncommitted data in the memory buffers:
* any changed data while there is an uncommitted write transaction can be zapped during an
* abort and the remaining dbase on the disk is exactly the right dbase, without having to read
* the log.
*/
static int
ReplayLog(struct ubik_dbase *adbase)
{
afs_int32 opcode;
afs_int32 code, tpos;
int logIsGood;
afs_int32 len, thisSize, tfile, filePos;
afs_int32 buffer[4];
afs_int32 syncFile = -1;
afs_int32 data[1024];
/* read the lock twice, once to see whether we have a transaction to deal
* with that committed, (theoretically, we should support more than one
* trans in the log at once, but not yet), and once replaying the
* transactions. */
tpos = 0;
logIsGood = 0;
/* for now, assume that all ops in log pertain to one transaction; see if there's a commit */
while (1) {
code =
(*adbase->read) (adbase, LOGFILE, (char *)&opcode, tpos,
sizeof(afs_int32));
if (code != sizeof(afs_int32))
break;
opcode = ntohl(opcode);
if (opcode == LOGNEW) {
/* handle begin trans */
tpos += sizeof(afs_int32);
} else if (opcode == LOGABORT)
break;
else if (opcode == LOGEND) {
logIsGood = 1;
break;
} else if (opcode == LOGTRUNCATE) {
tpos += 4;
code =
(*adbase->read) (adbase, LOGFILE, (char *)buffer, tpos,
2 * sizeof(afs_int32));
if (code != 2 * sizeof(afs_int32))
break; /* premature eof or io error */
tpos += 2 * sizeof(afs_int32);
} else if (opcode == LOGDATA) {
tpos += 4;
code =
(*adbase->read) (adbase, LOGFILE, (char *)buffer, tpos,
3 * sizeof(afs_int32));
if (code != 3 * sizeof(afs_int32))
break;
/* otherwise, skip over the data bytes, too */
tpos += ntohl(buffer[2]) + 3 * sizeof(afs_int32);
} else {
ubik_print("corrupt log opcode (%d) at position %d\n", opcode,
tpos);
break; /* corrupt log! */
}
}
if (logIsGood) {
/* actually do the replay; log should go all the way through the commit record, since
* we just read it above. */
tpos = 0;
logIsGood = 0;
syncFile = -1;
while (1) {
code =
(*adbase->read) (adbase, LOGFILE, (char *)&opcode, tpos,
sizeof(afs_int32));
if (code != sizeof(afs_int32))
break;
opcode = ntohl(opcode);
if (opcode == LOGNEW) {
/* handle begin trans */
tpos += sizeof(afs_int32);
} else if (opcode == LOGABORT)
panic("log abort\n");
else if (opcode == LOGEND) {
struct ubik_version version;
tpos += 4;
code =
(*adbase->read) (adbase, LOGFILE, (char *)buffer, tpos,
2 * sizeof(afs_int32));
if (code != 2 * sizeof(afs_int32))
return UBADLOG;
version.epoch = ntohl(buffer[0]);
version.counter = ntohl(buffer[1]);
code = (*adbase->setlabel) (adbase, 0, &version);
if (code)
return code;
ubik_print("Successfully replayed log for interrupted "
"transaction; db version is now %ld.%ld\n",
(long) version.epoch, (long) version.counter);
logIsGood = 1;
break; /* all done now */
} else if (opcode == LOGTRUNCATE) {
tpos += 4;
code =
(*adbase->read) (adbase, LOGFILE, (char *)buffer, tpos,
2 * sizeof(afs_int32));
if (code != 2 * sizeof(afs_int32))
break; /* premature eof or io error */
tpos += 2 * sizeof(afs_int32);
code =
(*adbase->truncate) (adbase, ntohl(buffer[0]),
ntohl(buffer[1]));
if (code)
return code;
} else if (opcode == LOGDATA) {
tpos += 4;
code =
(*adbase->read) (adbase, LOGFILE, (char *)buffer, tpos,
3 * sizeof(afs_int32));
if (code != 3 * sizeof(afs_int32))
break;
tpos += 3 * sizeof(afs_int32);
/* otherwise, skip over the data bytes, too */
len = ntohl(buffer[2]); /* total number of bytes to copy */
filePos = ntohl(buffer[1]);
tfile = ntohl(buffer[0]);
/* try to minimize file syncs */
if (syncFile != tfile) {
if (syncFile >= 0)
code = (*adbase->sync) (adbase, syncFile);
else
code = 0;
syncFile = tfile;
if (code)
return code;
}
while (len > 0) {
thisSize = (len > sizeof(data) ? sizeof(data) : len);
/* copy sizeof(data) buffer bytes at a time */
code =
(*adbase->read) (adbase, LOGFILE, (char *)data, tpos,
thisSize);
if (code != thisSize)
return UBADLOG;
code =
(*adbase->write) (adbase, tfile, (char *)data, filePos,
thisSize);
if (code != thisSize)
return UBADLOG;
filePos += thisSize;
tpos += thisSize;
len -= thisSize;
}
} else {
ubik_print("corrupt log opcode (%d) at position %d\n",
opcode, tpos);
break; /* corrupt log! */
}
}
if (logIsGood) {
if (syncFile >= 0)
code = (*adbase->sync) (adbase, syncFile);
if (code)
return code;
} else {
ubik_print("Log read error on pass 2\n");
return UBADLOG;
}
}
/* now truncate the log, we're done with it */
code = (*adbase->truncate) (adbase, LOGFILE, 0);
return code;
}
/*!
* \brief Update remote machines addresses in my server list
*
* Send back my addresses to caller of this RPC
* \return zero on success, else 1.
*/
afs_int32
SDISK_UpdateInterfaceAddr(struct rx_call *rxcall,
UbikInterfaceAddr *inAddr,
UbikInterfaceAddr *outAddr)
{
struct ubik_server *ts, *tmp;
afs_uint32 remoteAddr; /* in net byte order */
int i, j, found = 0, probableMatch = 0;
char hoststr[16];
UBIK_ADDR_LOCK;
/* copy the output parameters */
for (i = 0; i < UBIK_MAX_INTERFACE_ADDR; i++)
outAddr->hostAddr[i] = ntohl(ubik_host[i]);
remoteAddr = htonl(inAddr->hostAddr[0]);
for (ts = ubik_servers; ts; ts = ts->next)
if (ts->addr[0] == remoteAddr) { /* both in net byte order */
probableMatch = 1;
break;
}
if (probableMatch) {
/* verify that all addresses in the incoming RPC are
** not part of other server entries in my CellServDB
*/
for (i = 0; !found && (i < UBIK_MAX_INTERFACE_ADDR)
&& inAddr->hostAddr[i]; i++) {
remoteAddr = htonl(inAddr->hostAddr[i]);
for (tmp = ubik_servers; (!found && tmp); tmp = tmp->next) {
if (ts == tmp) /* this is my server */
continue;
for (j = 0; (j < UBIK_MAX_INTERFACE_ADDR) && tmp->addr[j];
j++)
if (remoteAddr == tmp->addr[j]) {
found = 1;
break;
}
}
}
}
/* if (probableMatch) */
/* inconsistent addresses in CellServDB */
if (!probableMatch || found) {
ubik_print("Inconsistent Cell Info from server: ");
for (i = 0; i < UBIK_MAX_INTERFACE_ADDR && inAddr->hostAddr[i]; i++)
ubik_print("%s ", afs_inet_ntoa_r(htonl(inAddr->hostAddr[i]), hoststr));
ubik_print("\n");
fflush(stdout);
fflush(stderr);
printServerInfo();
UBIK_ADDR_UNLOCK;
return UBADHOST;
}
/* update our data structures */
for (i = 1; i < UBIK_MAX_INTERFACE_ADDR; i++)
ts->addr[i] = htonl(inAddr->hostAddr[i]);
ubik_print("ubik: A Remote Server has addresses: ");
for (i = 0; i < UBIK_MAX_INTERFACE_ADDR && ts->addr[i]; i++)
ubik_print("%s ", afs_inet_ntoa_r(ts->addr[i], hoststr));
ubik_print("\n");
UBIK_ADDR_UNLOCK;
return 0;
}
afs_int32
SDISK_SendFile(struct rx_call *rxcall, afs_int32 file,
afs_int32 length, struct ubik_version *avers)
{
afs_int32 code;
struct ubik_dbase *dbase = NULL;
char tbuffer[1024];
afs_int32 offset;
struct ubik_version tversion;
int tlen;
struct rx_peer *tpeer;
struct rx_connection *tconn;
afs_uint32 otherHost = 0;
char hoststr[16];
char pbuffer[1028];
int fd = -1;
afs_int32 epoch = 0;
afs_int32 pass;
/* send the file back to the requester */
dbase = ubik_dbase;
if ((code = ubik_CheckAuth(rxcall))) {
DBHOLD(dbase);
goto failed;
}
/* next, we do a sanity check to see if the guy sending us the database is
* the guy we think is the sync site. It turns out that we might not have
* decided yet that someone's the sync site, but they could have enough
* votes from others to be sync site anyway, and could send us the database
* in advance of getting our votes. This is fine, what we're really trying
* to check is that some authenticated bogon isn't sending a random database
* into another configuration. This could happen on a bad configuration
* screwup. Thus, we only object if we're sure we know who the sync site
* is, and it ain't the guy talking to us.
*/
offset = uvote_GetSyncSite();
tconn = rx_ConnectionOf(rxcall);
tpeer = rx_PeerOf(tconn);
otherHost = ubikGetPrimaryInterfaceAddr(rx_HostOf(tpeer));
if (offset && offset != otherHost) {
/* we *know* this is the wrong guy */
code = USYNC;
DBHOLD(dbase);
goto failed;
}
DBHOLD(dbase);
/* abort any active trans that may scribble over the database */
urecovery_AbortAll(dbase);
ubik_print("Ubik: Synchronize database with server %s\n",
afs_inet_ntoa_r(otherHost, hoststr));
offset = 0;
UBIK_VERSION_LOCK;
epoch = tversion.epoch = 0; /* start off by labelling in-transit db as invalid */
(*dbase->setlabel) (dbase, file, &tversion); /* setlabel does sync */
snprintf(pbuffer, sizeof(pbuffer), "%s.DB%s%d.TMP",
ubik_dbase->pathName, (file<0)?"SYS":"",
(file<0)?-file:file);
fd = open(pbuffer, O_CREAT | O_RDWR | O_TRUNC, 0600);
if (fd < 0) {
code = errno;
goto failed_locked;
}
code = lseek(fd, HDRSIZE, 0);
if (code != HDRSIZE) {
close(fd);
goto failed_locked;
}
pass = 0;
memcpy(&ubik_dbase->version, &tversion, sizeof(struct ubik_version));
UBIK_VERSION_UNLOCK;
while (length > 0) {
tlen = (length > sizeof(tbuffer) ? sizeof(tbuffer) : length);
#if !defined(AFS_PTHREAD_ENV)
if (pass % 4 == 0)
IOMGR_Poll();
#endif
code = rx_Read(rxcall, tbuffer, tlen);
if (code != tlen) {
ubik_dprint("Rx-read length error=%d\n", code);
code = BULK_ERROR;
close(fd);
goto failed;
}
code = write(fd, tbuffer, tlen);
pass++;
if (code != tlen) {
ubik_dprint("write failed error=%d\n", code);
code = UIOERROR;
close(fd);
goto failed;
}
offset += tlen;
length -= tlen;
}
code = close(fd);
if (code)
goto failed;
/* sync data first, then write label and resync (resync done by setlabel call).
* This way, good label is only on good database. */
snprintf(tbuffer, sizeof(tbuffer), "%s.DB%s%d",
ubik_dbase->pathName, (file<0)?"SYS":"", (file<0)?-file:file);
#ifdef AFS_NT40_ENV
snprintf(pbuffer, sizeof(pbuffer), "%s.DB%s%d.OLD",
ubik_dbase->pathName, (file<0)?"SYS":"", (file<0)?-file:file);
code = unlink(pbuffer);
if (!code)
code = rename(tbuffer, pbuffer);
snprintf(pbuffer, sizeof(pbuffer), "%s.DB%s%d.TMP",
ubik_dbase->pathName, (file<0)?"SYS":"", (file<0)?-file:file);
#endif
if (!code)
code = rename(pbuffer, tbuffer);
UBIK_VERSION_LOCK;
if (!code) {
(*ubik_dbase->open) (ubik_dbase, file);
code = (*ubik_dbase->setlabel) (dbase, file, avers);
}
#ifdef AFS_NT40_ENV
snprintf(pbuffer, sizeof(pbuffer), "%s.DB%s%d.OLD",
ubik_dbase->pathName, (file<0)?"SYS":"", (file<0)?-file:file);
unlink(pbuffer);
#endif
memcpy(&ubik_dbase->version, avers, sizeof(struct ubik_version));
udisk_Invalidate(dbase, file); /* new dbase, flush disk buffers */
#ifdef AFS_PTHREAD_ENV
assert(pthread_cond_broadcast(&dbase->version_cond) == 0);
#else
LWP_NoYieldSignal(&dbase->version);
#endif
failed_locked:
UBIK_VERSION_UNLOCK;
failed:
if (code) {
unlink(pbuffer);
/* Failed to sync. Allow reads again for now. */
if (dbase != NULL) {
UBIK_VERSION_LOCK;
tversion.epoch = epoch;
(*dbase->setlabel) (dbase, file, &tversion);
UBIK_VERSION_UNLOCK;
}
ubik_print
("Ubik: Synchronize database with server %s failed (error = %d)\n",
afs_inet_ntoa_r(otherHost, hoststr), code);
} else {
ubik_print("Ubik: Synchronize database completed\n");
}
DBRELE(dbase);
return code;
}
/*!
* \brief Update remote machines addresses in my server list
*
* Send back my addresses to caller of this RPC
* \return zero on success, else 1.
*/
afs_int32
SDISK_UpdateInterfaceAddr(struct rx_call *rxcall,
UbikInterfaceAddr *inAddr,
UbikInterfaceAddr *outAddr)
{
struct ubik_server *ts, *tmp;
afs_uint32 remoteAddr; /* in net byte order */
int i, j, found = 0, probableMatch = 0;
char hoststr[16];
/* copy the output parameters */
for (i = 0; i < UBIK_MAX_INTERFACE_ADDR; i++)
outAddr->hostAddr[i] = ntohl(ubik_host[i]);
remoteAddr = htonl(inAddr->hostAddr[0]);
for (ts = ubik_servers; ts; ts = ts->next)
if (ts->addr[0] == remoteAddr) { /* both in net byte order */
probableMatch = 1;
break;
}
if (probableMatch) {
/* verify that all addresses in the incoming RPC are
** not part of other server entries in my CellServDB
*/
for (i = 0; !found && (i < UBIK_MAX_INTERFACE_ADDR)
&& inAddr->hostAddr[i]; i++) {
remoteAddr = htonl(inAddr->hostAddr[i]);
for (tmp = ubik_servers; (!found && tmp); tmp = tmp->next) {
if (ts == tmp) /* this is my server */
continue;
for (j = 0; (j < UBIK_MAX_INTERFACE_ADDR) && tmp->addr[j];
j++)
if (remoteAddr == tmp->addr[j]) {
found = 1;
break;
}
}
}
}
/* if (probableMatch) */
/* inconsistent addresses in CellServDB */
if (!probableMatch || found) {
ubik_print("Inconsistent Cell Info from server:\n");
for (i = 0; i < UBIK_MAX_INTERFACE_ADDR && inAddr->hostAddr[i]; i++)
ubik_print("... %s\n", afs_inet_ntoa_r(htonl(inAddr->hostAddr[i]), hoststr));
fflush(stdout);
fflush(stderr);
printServerInfo();
return UBADHOST;
}
/* update our data structures */
for (i = 1; i < UBIK_MAX_INTERFACE_ADDR; i++)
ts->addr[i] = htonl(inAddr->hostAddr[i]);
ubik_print("ubik: A Remote Server has addresses:\n");
for (i = 0; i < UBIK_MAX_INTERFACE_ADDR && ts->addr[i]; i++)
ubik_print("... %s\n", afs_inet_ntoa_r(ts->addr[i], hoststr));
/*
* The most likely cause of a DISK_UpdateInterfaceAddr RPC
* is because the server was restarted. Reset its state
* so that no DISK_Begin RPCs will be issued until the
* known database version is current.
*/
ts->beaconSinceDown = 0;
for (i=0; i<MAX_UBIK_DBASES; i++)
ts->currentDB[i] = 0;
urecovery_LostServer();
return 0;
}
/*!
* \brief Set a transaction lock.
* \param atype is #LOCKREAD or #LOCKWRITE.
* \param await is TRUE if you want to wait for the lock instead of returning
* #EWOULDBLOCK.
*
* \note The #DBHOLD lock must be held.
*/
extern int
ulock_getLock(struct ubik_trans *atrans, int atype, int await)
{
struct ubik_dbase *dbase = atrans->dbase;
/* On first pass, initialize the lock */
if (rwlockinit) {
Lock_Init(&rwlock);
rwlockinit = 0;
}
if ((atype != LOCKREAD) && (atype != LOCKWRITE))
return EINVAL;
if (atrans->flags & TRDONE)
return UDONE;
if (atype != LOCKREAD && (atrans->flags & TRREADWRITE)) {
return EINVAL;
}
if (atrans->locktype != 0) {
ubik_print("Ubik: Internal Error: attempted to take lock twice\n");
abort();
}
/*
*ubik_print("Ubik: DEBUG: Thread 0x%x request %s lock\n", lwp_cpptr,
* ((atype == LOCKREAD) ? "READ" : "WRITE"));
*/
/* Check if the lock would would block */
if (!await && !(atrans->flags & TRREADWRITE)) {
if (atype == LOCKREAD) {
if (WouldReadBlock(&rwlock))
return EAGAIN;
} else {
if (WouldWriteBlock(&rwlock))
return EAGAIN;
}
}
/* Create new lock record and add to spec'd transaction:
* #if defined(UBIK_PAUSE)
* * locktype. Before doing that, set TRSETLOCK,
* * to tell udisk_end that another thread (us) is waiting.
* #else
* * locktype. This field also tells us if the thread is
* * waiting for a lock: It will be equal to LOCKWAIT.
* #endif
*/
#if defined(UBIK_PAUSE)
if (atrans->flags & TRSETLOCK) {
printf("Ubik: Internal Error: TRSETLOCK already set?\n");
return EBUSY;
}
atrans->flags |= TRSETLOCK;
#else
atrans->locktype = LOCKWAIT;
#endif /* UBIK_PAUSE */
DBRELE(dbase);
if (atrans->flags & TRREADWRITE) {
/* noop; don't actually lock anything for TRREADWRITE */
} else if (atype == LOCKREAD) {
ObtainReadLock(&rwlock);
} else {
ObtainWriteLock(&rwlock);
}
DBHOLD(dbase);
atrans->locktype = atype;
#if defined(UBIK_PAUSE)
atrans->flags &= ~TRSETLOCK;
#if 0
/* We don't do this here, because this can only happen in SDISK_Lock,
* and there's already code there to catch this condition.
*/
if (atrans->flags & TRSTALE) {
udisk_end(atrans);
return UINTERNAL;
}
#endif
#endif /* UBIK_PAUSE */
/*
*ubik_print("Ubik: DEBUG: Thread 0x%x took %s lock\n", lwp_cpptr,
* ((atype == LOCKREAD) ? "READ" : "WRITE"));
*/
return 0;
}
