/* This called for TP and non-TP, but not for ZTP */
void jnl_write_logical(sgmnt_addrs *csa, jnl_format_buffer *jfb, uint4 com_csum, jnlpool_write_ctx_t *jplctx)
{
struct_jrec_upd *jrec;
struct_jrec_null *jrec_null;
struct_jrec_upd *jrec_alt;
jnl_private_control *jpc;
/* If REPL_WAS_ENABLED(csa) is TRUE, then we would not have gone through the code that initializes
* jgbl.gbl_jrec_time or jpc->pini_addr. But in this case, we are not writing the journal record
* to the journal buffer or journal file but write it only to the journal pool from where it gets
* sent across to the update process that does not care about these fields so it is ok to leave them as is.
*/
jpc = csa->jnl;
assert((0 != jpc->pini_addr) || REPL_WAS_ENABLED(csa));
assert(jgbl.gbl_jrec_time || REPL_WAS_ENABLED(csa));
assert(csa->now_crit);
assert(IS_SET_KILL_ZKILL_ZTWORM_LGTRIG_ZTRIG(jfb->rectype) || (JRT_NULL == jfb->rectype));
assert(!IS_ZTP(jfb->rectype));
jrec = (struct_jrec_upd *)jfb->buff;
assert(OFFSETOF(struct_jrec_null, prefix) == OFFSETOF(struct_jrec_upd, prefix));
assert(SIZEOF(jrec_null->prefix) == SIZEOF(jrec->prefix));
jrec->prefix.pini_addr = (0 == jpc->pini_addr) ? JNL_HDR_LEN : jpc->pini_addr;
jrec->prefix.tn = csa->ti->curr_tn;
jrec->prefix.time = jgbl.gbl_jrec_time;
/* t_end/tp_tend/mur_output_record has already set token/jnl_seqno into jnl_fence_ctl.token */
assert((0 != jnl_fence_ctl.token) || (!dollar_tlevel && !jgbl.forw_phase_recovery && !REPL_ENABLED(csa))
|| (!dollar_tlevel && jgbl.forw_phase_recovery && (repl_open != csa->hdr->intrpt_recov_repl_state)));
assert(OFFSETOF(struct_jrec_null, jnl_seqno) == OFFSETOF(struct_jrec_upd, token_seq));
assert(SIZEOF(jrec_null->jnl_seqno) == SIZEOF(jrec->token_seq));
jrec->token_seq.token = jnl_fence_ctl.token;
assert(OFFSETOF(struct_jrec_null, strm_seqno) == OFFSETOF(struct_jrec_upd, strm_seqno));
assert(SIZEOF(jrec_null->strm_seqno) == SIZEOF(jrec->strm_seqno));
jrec->strm_seqno = jnl_fence_ctl.strm_seqno;
/* update checksum below */
if(JRT_NULL != jrec->prefix.jrec_type)
{
COMPUTE_LOGICAL_REC_CHECKSUM(jfb->checksum, jrec, com_csum, jrec->prefix.checksum);
} else
jrec->prefix.checksum = compute_checksum(INIT_CHECKSUM_SEED, (unsigned char *)jrec, SIZEOF(struct_jrec_null));
if (REPL_ALLOWED(csa) && USES_ANY_KEY(csa->hdr))
{
jrec_alt = (struct_jrec_upd *)jfb->alt_buff;
jrec_alt->prefix = jrec->prefix;
jrec_alt->token_seq = jrec->token_seq;
jrec_alt->strm_seqno = jrec->strm_seqno;
jrec_alt->num_participants = jrec->num_participants;
}
JNL_WRITE_APPROPRIATE(csa, jpc, jfb->rectype, (jnl_record *)jrec, NULL, jfb, jplctx);
}
void gtmsource_seqno_init(void)
{
/* Find the start_jnl_seqno */
gd_region *reg, *region_top;
seq_num local_read_jsn, local_jsn;
sgmnt_addrs *csa;
sgmnt_data_ptr_t csd;
sm_uc_ptr_t gld_fn;
/* Unix and VMS have different field names for now, but will both be soon changed to instname instead of gtmgbldir */
gld_fn = (sm_uc_ptr_t)jnlpool.jnlpool_ctl->jnlpool_id.gtmgbldir;
QWASSIGN(jnlpool.jnlpool_ctl->start_jnl_seqno, seq_num_zero);
QWASSIGN(local_read_jsn, seq_num_zero);
QWASSIGN(local_jsn, seq_num_zero);
region_top = gd_header->regions + gd_header->n_regions;
for (reg = gd_header->regions; reg < region_top; reg++)
{
assert(reg->open);
csa = &FILE_INFO(reg)->s_addrs;
csd = csa->hdr;
if (REPL_ALLOWED(csd))
{
if (QWLT(local_read_jsn, csd->resync_seqno))
QWASSIGN(local_read_jsn, csd->resync_seqno);
if (QWLT(local_jsn, csd->reg_seqno))
QWASSIGN(local_jsn, csd->reg_seqno);
/* Copy gtmgbldir into the database shared memory.
* Used later to avoid updates from a different gtmgbldir to this database.
*/
assert(SIZEOF(csa->nl->replinstfilename) == SIZEOF(jnlpool.jnlpool_ctl->jnlpool_id.gtmgbldir));
memcpy(csa->nl->replinstfilename, gld_fn, SIZEOF(csa->nl->replinstfilename));
}
}
if (QWEQ(local_jsn, seq_num_zero))
{
/* No replicated region, or databases created with older version of GTM */
gtm_putmsg(VARLSTCNT(5) ERR_NOREPLCTDREG, 3, LEN_AND_LIT("global directory"), gld_fn);
/* Error, has to shutdown all regions 'cos mupip needs exclusive access to turn replication on */
gtmsource_autoshutdown();
}
QWASSIGN(jnlpool.jnlpool_ctl->start_jnl_seqno, local_jsn);
QWASSIGN(jnlpool.jnlpool_ctl->jnl_seqno, local_jsn);
QWASSIGN(jnlpool.gtmsource_local->read_jnl_seqno, local_read_jsn);
}
int4 gds_rundown(void)
{
boolean_t canceled_dbsync_timer, canceled_flush_timer, ok_to_write_pfin;
boolean_t have_standalone_access, ipc_deleted, err_caught;
boolean_t is_cur_process_ss_initiator, remove_shm, vermismatch, we_are_last_user, we_are_last_writer, is_mm;
boolean_t unsafe_last_writer;
char time_str[CTIME_BEFORE_NL + 2]; /* for GET_CUR_TIME macro */
gd_region *reg;
int save_errno, status, rc;
int4 semval, ftok_semval, sopcnt, ftok_sopcnt;
short crash_count;
sm_long_t munmap_len;
sgmnt_addrs *csa;
sgmnt_data_ptr_t csd;
node_local_ptr_t cnl;
struct shmid_ds shm_buf;
struct sembuf sop[2], ftok_sop[2];
uint4 jnl_status;
unix_db_info *udi;
jnl_private_control *jpc;
jnl_buffer_ptr_t jbp;
shm_snapshot_t *ss_shm_ptr;
uint4 ss_pid, onln_rlbk_pid, holder_pid;
boolean_t was_crit;
boolean_t safe_mode; /* Do not flush or take down shared memory. */
boolean_t bypassed_ftok = FALSE, bypassed_access = FALSE, may_bypass_ftok, inst_is_frozen,
ftok_counter_halted,
access_counter_halted;
int secshrstat;
intrpt_state_t prev_intrpt_state;
DCL_THREADGBL_ACCESS;
SETUP_THREADGBL_ACCESS;
jnl_status = 0;
reg = gv_cur_region; /* Local copy */
/* early out for cluster regions
* to avoid tripping the assert below.
* Note:
* This early out is consistent with VMS. It has been
* noted that all of the gtcm assignments
* to gv_cur_region should use the TP_CHANGE_REG
* macro. This would also avoid the assert problem
* and should be done eventually.
*/
if (dba_cm == reg->dyn.addr->acc_meth)
return EXIT_NRM;
udi = FILE_INFO(reg);
csa = &udi->s_addrs;
csd = csa->hdr;
assert(csa == cs_addrs && csd == cs_data);
if ((reg->open) && (dba_usr == csd->acc_meth))
{
change_reg();
gvusr_rundown();
return EXIT_NRM;
}
/* If the process has standalone access, it has udi->grabbed_access_sem set to TRUE at this point. Note that down in a local
* variable as the udi->grabbed_access_sem is set to TRUE even for non-standalone access below and hence we can't rely on
* that later to determine if the process had standalone access or not when it entered this function. We need to guarantee
* that none else access database file header when semid/shmid fields are reset. We already have created ftok semaphore in
* db_init or, mu_rndwn_file and did not remove it. So just lock it. We do it in blocking mode.
*/
have_standalone_access = udi->grabbed_access_sem; /* process holds standalone access */
DEFER_INTERRUPTS(INTRPT_IN_GDS_RUNDOWN, prev_intrpt_state);
ESTABLISH_NORET(gds_rundown_ch, err_caught);
if (err_caught)
{
REVERT;
WITH_CH(gds_rundown_ch, gds_rundown_err_cleanup(have_standalone_access), 0);
ENABLE_INTERRUPTS(INTRPT_IN_GDS_RUNDOWN, prev_intrpt_state);
DEBUG_ONLY(ok_to_UNWIND_in_exit_handling = FALSE);
return EXIT_ERR;
}
assert(reg->open); /* if we failed to open, dbinit_ch should have taken care of proper clean up */
assert(!reg->opening); /* see comment above */
assert((dba_bg == csd->acc_meth) || (dba_mm == csd->acc_meth));
is_mm = (dba_bg != csd->acc_meth);
assert(!csa->hold_onto_crit || (csa->now_crit && jgbl.onlnrlbk));
/* If we are online rollback, we should already be holding crit and should release it only at the end of this module. This
* is usually done by noting down csa->now_crit in a local variable (was_crit) and using it whenever we are about to
* grab_crit. But, there are instances (like mupip_set_journal.c) where we grab_crit but invoke gds_rundown without any
* preceeding rel_crit. Such code relies on the fact that gds_rundown does rel_crit unconditionally (to get locks to a known
* state). So, augment csa->now_crit with jgbl.onlnrlbk to track if we can rel_crit unconditionally or not in gds_rundown.
*/
was_crit = (csa->now_crit && jgbl.onlnrlbk);
/* Cancel any pending flush timer for this region by this task */
canceled_flush_timer = FALSE;
canceled_dbsync_timer = FALSE;
CANCEL_DB_TIMERS(reg, csa, canceled_flush_timer, canceled_dbsync_timer);
we_are_last_user = FALSE;
inst_is_frozen = IS_REPL_INST_FROZEN && REPL_ALLOWED(csa->hdr);
if (!csa->persistent_freeze)
region_freeze(reg, FALSE, FALSE, FALSE);
if (!was_crit)
{
rel_crit(reg); /* get locks to known state */
mutex_cleanup(reg);
}
/* The only process that can invoke gds_rundown while holding access control semaphore is RECOVER/ROLLBACK. All the others
* (like MUPIP SET -FILE/MUPIP EXTEND would have invoked db_ipcs_reset() before invoking gds_rundown (from
* mupip_exit_handler). The only exception is when these processes encounter a terminate signal and they reach
* mupip_exit_handler while holding access control semaphore. Assert accordingly.
*/
assert(!have_standalone_access || mupip_jnl_recover || process_exiting);
/* If we have standalone access, then ensure that a concurrent online rollback cannot be running at the same time as it
* needs the access control lock as well. The only expection is we are online rollback and currently running down.
*/
cnl = csa->nl;
onln_rlbk_pid = cnl->onln_rlbk_pid;
assert(!have_standalone_access || mupip_jnl_recover || !onln_rlbk_pid || !is_proc_alive(onln_rlbk_pid, 0));
if (!have_standalone_access)
{
if (-1 == (ftok_semval = semctl(udi->ftok_semid, DB_COUNTER_SEM, GETVAL))) /* Check # of procs counted on FTOK */
{
save_errno = errno;
assert(FALSE);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get ftok_semval"), CALLFROM, errno);
}
may_bypass_ftok = CAN_BYPASS(ftok_semval, csd, inst_is_frozen); /* Do we need a blocking wait? */
/* We need to guarantee that no one else access database file header when semid/shmid fields are reset.
* We already have created ftok semaphore in db_init or mu_rndwn_file and did not remove it. So just lock it.
*/
if (!ftok_sem_lock(reg, may_bypass_ftok))
{
if (may_bypass_ftok)
{ /* We did a non-blocking wait. It's ok to proceed without locking */
bypassed_ftok = TRUE;
holder_pid = semctl(udi->ftok_semid, DB_CONTROL_SEM, GETPID);
if ((uint4)-1 == holder_pid)
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get holder_pid"),
CALLFROM, errno);
if (!IS_GTM_IMAGE) /* MUMPS processes should not flood syslog with bypass messages. */
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_RESRCINTRLCKBYPAS, 10,
LEN_AND_STR(gtmImageNames[image_type].imageName), process_id, LEN_AND_LIT("FTOK"),
REG_LEN_STR(reg), DB_LEN_STR(reg), holder_pid);
send_msg_csa(CSA_ARG(NULL) VARLSTCNT(4) ERR_TEXT, 2,
LEN_AND_LIT("FTOK bypassed at rundown"));
}
} else
{ /* We did a blocking wait but something bad happened. */
FTOK_TRACE(csa, csa->ti->curr_tn, ftok_ops_lock, process_id);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(4) ERR_DBFILERR, 2, DB_LEN_STR(reg));
}
}
sop[0].sem_num = DB_CONTROL_SEM; sop[0].sem_op = 0; /* Wait for 0 */
sop[1].sem_num = DB_CONTROL_SEM; sop[1].sem_op = 1; /* Lock */
sopcnt = 2;
sop[0].sem_flg = sop[1].sem_flg = SEM_UNDO | IPC_NOWAIT; /* Don't wait the first time thru */
SEMOP(udi->semid, sop, sopcnt, status, NO_WAIT);
if (0 != status)
{
save_errno = errno;
/* Check # of processes counted on access sem. */
if (-1 == (semval = semctl(udi->semid, DB_COUNTER_SEM, GETVAL)))
{
assert(FALSE);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get semval"), CALLFROM, errno);
}
bypassed_access = CAN_BYPASS(semval, csd, inst_is_frozen) || onln_rlbk_pid || csd->file_corrupt;
/* Before attempting again in the blocking mode, see if the holding process is an online rollback.
* If so, it is likely we won't get the access control semaphore anytime soon. In that case, we
* are better off skipping rundown and continuing with sanity cleanup and exit.
*/
holder_pid = semctl(udi->semid, DB_CONTROL_SEM, GETPID);
if ((uint4)-1 == holder_pid)
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get holder_pid"), CALLFROM, errno);
if (!bypassed_access)
{ /* We couldn't get it in one shot-- see if we already have it */
if (holder_pid == process_id)
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(5) MAKE_MSG_INFO(ERR_CRITSEMFAIL), 2, DB_LEN_STR(reg),
ERR_RNDWNSEMFAIL);
REVERT;
ENABLE_INTERRUPTS(INTRPT_IN_GDS_RUNDOWN, prev_intrpt_state);
assert(FALSE);
return EXIT_ERR;
}
if (EAGAIN != save_errno)
{
assert(FALSE);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMOP on access control semaphore"),
CALLFROM, save_errno);
}
sop[0].sem_flg = sop[1].sem_flg = SEM_UNDO; /* Try again - blocking this time */
SEMOP(udi->semid, sop, 2, status, FORCED_WAIT);
if (-1 == status) /* We couldn't get it at all.. */
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMOP on access control semaphore"),
CALLFROM, errno);
} else if (!IS_GTM_IMAGE)
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_RESRCINTRLCKBYPAS, 10,
LEN_AND_STR(gtmImageNames[image_type].imageName), process_id,
LEN_AND_LIT("access control"), REG_LEN_STR(reg), DB_LEN_STR(reg), holder_pid);
send_msg_csa(CSA_ARG(NULL) VARLSTCNT(4) ERR_TEXT, 2,
LEN_AND_LIT("Access control bypassed at rundown"));
}
udi->grabbed_access_sem = !bypassed_access;
}
} /* else we we hold the access control semaphore and therefore have standalone access. We do not release it now - we
* release it later in mupip_exit_handler.c. Since we already hold the access control semaphore, we don't need the
* ftok semaphore and trying it could cause deadlock
*/
/* Note that in the case of online rollback, "udi->grabbed_access_sem" (and in turn "have_standalone_access") is TRUE.
* But there could be other processes still having the database open so we cannot safely reset the halted fields.
*/
if (have_standalone_access && !jgbl.onlnrlbk)
csd->ftok_counter_halted = csd->access_counter_halted = FALSE;
ftok_counter_halted = csd->ftok_counter_halted;
access_counter_halted = csd->access_counter_halted;
/* If we bypassed any of the semaphores, activate safe mode.
* Also, if the replication instance is frozen and this db has replication turned on (which means
* no flushes of dirty buffers to this db can happen while the instance is frozen) activate safe mode.
*/
ok_to_write_pfin = !(bypassed_access || bypassed_ftok || inst_is_frozen);
safe_mode = !ok_to_write_pfin || ftok_counter_halted || access_counter_halted;
/* At this point we are guaranteed no one else is doing a db_init/rundown as we hold the access control semaphore */
assert(csa->ref_cnt); /* decrement private ref_cnt before shared ref_cnt decrement. */
csa->ref_cnt--; /* Currently journaling logic in gds_rundown() in VMS relies on this order to detect last writer */
assert(!csa->ref_cnt);
--cnl->ref_cnt;
if (memcmp(cnl->now_running, gtm_release_name, gtm_release_name_len + 1))
{ /* VERMISMATCH condition. Possible only if DSE */
assert(dse_running);
vermismatch = TRUE;
} else
vermismatch = FALSE;
if (-1 == shmctl(udi->shmid, IPC_STAT, &shm_buf))
{
save_errno = errno;
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown shmctl"), CALLFROM, save_errno);
} else
we_are_last_user = (1 == shm_buf.shm_nattch) && !vermismatch && !safe_mode;
/* recover => one user except ONLINE ROLLBACK, or standalone with frozen instance */
assert(!have_standalone_access || we_are_last_user || jgbl.onlnrlbk || inst_is_frozen);
if (-1 == (semval = semctl(udi->semid, DB_COUNTER_SEM, GETVAL)))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get semval"), CALLFROM, errno);
/* There's one writer left and I am it */
assert(reg->read_only || semval >= 0);
unsafe_last_writer = (DB_COUNTER_SEM_INCR == semval) && (FALSE == reg->read_only) && !vermismatch;
we_are_last_writer = unsafe_last_writer && !safe_mode;
assert(!we_are_last_writer || !safe_mode);
assert(!we_are_last_user || !safe_mode);
/* recover + R/W region => one writer except ONLINE ROLLBACK, or standalone with frozen instance, leading to safe_mode */
assert(!(have_standalone_access && !reg->read_only) || we_are_last_writer || jgbl.onlnrlbk || inst_is_frozen);
GTM_WHITE_BOX_TEST(WBTEST_ANTIFREEZE_JNLCLOSE, we_are_last_writer, 1); /* Assume we are the last writer to invoke wcs_flu */
if (!have_standalone_access && (-1 == (ftok_semval = semctl(udi->ftok_semid, DB_COUNTER_SEM, GETVAL))))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get ftok_semval"), CALLFROM, errno);
if (NULL != csa->ss_ctx)
ss_destroy_context(csa->ss_ctx);
/* SS_MULTI: If multiple snapshots are supported, then we have to run through each of the snapshots */
assert(1 == MAX_SNAPSHOTS);
ss_shm_ptr = (shm_snapshot_ptr_t)SS_GETSTARTPTR(csa);
ss_pid = ss_shm_ptr->ss_info.ss_pid;
is_cur_process_ss_initiator = (process_id == ss_pid);
if (ss_pid && (is_cur_process_ss_initiator || we_are_last_user))
{
/* Try getting snapshot crit latch. If we don't get latch, we won't hang for eternity and will skip
* doing the orphaned snapshot cleanup. It will be cleaned up eventually either by subsequent MUPIP
* INTEG or by a MUPIP RUNDOWN.
*/
if (ss_get_lock_nowait(reg) && (ss_pid == ss_shm_ptr->ss_info.ss_pid)
&& (is_cur_process_ss_initiator || !is_proc_alive(ss_pid, 0)))
{
ss_release(NULL);
ss_release_lock(reg);
}
}
/* If cnl->donotflush_dbjnl is set, it means mupip recover/rollback was interrupted and therefore we need not flush
* shared memory contents to disk as they might be in an inconsistent state. Moreover, any more flushing will only cause
* future rollback to undo more journal records (PBLKs). In this case, we will go ahead and remove shared memory (without
* flushing the contents) in this routine. A reissue of the recover/rollback command will restore the database to a
* consistent state.
*/
if (!cnl->donotflush_dbjnl && !reg->read_only && !vermismatch)
{ /* If we had an orphaned block and were interrupted, set wc_blocked so we can invoke wcs_recover. Do it ONLY
* if there is NO concurrent online rollback running (as we need crit to set wc_blocked)
*/
if (csa->wbuf_dqd && !is_mm)
{ /* If we had an orphaned block and were interrupted, mupip_exit_handler will invoke secshr_db_clnup which
* will clear this field and so we should never come to gds_rundown with a non-zero wbuf_dqd. The only
* exception is if we are recover/rollback in which case gds_rundown (from mur_close_files) is invoked
* BEFORE secshr_db_clnup in mur_close_files.
* Note: It is NOT possible for online rollback to reach here with wbuf_dqd being non-zero. This is because
* the moment we apply the first PBLK, we stop all interrupts and hence can never be interrupted in
* wcs_wtstart or wcs_get_space. Assert accordingly.
*/
assert(mupip_jnl_recover && !jgbl.onlnrlbk && !safe_mode);
if (!was_crit)
grab_crit(reg);
SET_TRACEABLE_VAR(cnl->wc_blocked, TRUE);
BG_TRACE_PRO_ANY(csa, wcb_gds_rundown);
send_msg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_WCBLOCKED, 6, LEN_AND_LIT("wcb_gds_rundown"),
process_id, &csa->ti->curr_tn, DB_LEN_STR(reg));
csa->wbuf_dqd = 0;
wcs_recover(reg);
BG_TRACE_PRO_ANY(csa, lost_block_recovery);
if (!was_crit)
rel_crit(reg);
}
if (JNL_ENABLED(csd) && IS_GTCM_GNP_SERVER_IMAGE)
originator_prc_vec = NULL;
/* If we are the last writing user, then everything must be flushed */
if (we_are_last_writer)
{ /* Time to flush out all of our buffers */
assert(!safe_mode);
if (is_mm)
{
MM_DBFILEXT_REMAP_IF_NEEDED(csa, reg);
cnl->remove_shm = TRUE;
}
if (cnl->wc_blocked && jgbl.onlnrlbk)
{ /* if the last update done by online rollback was not committed in the normal code-path but was
* completed by secshr_db_clnup, wc_blocked will be set to TRUE. But, since online rollback never
* invokes grab_crit (since csa->hold_onto_crit is set to TRUE), wcs_recover is never invoked. This
* could result in the last update never getting flushed to the disk and if online rollback happened
* to be the last writer then the shared memory will be flushed and removed and the last update will
* be lost. So, force wcs_recover if we find ourselves in such a situation. But, wc_blocked is
* possible only if phase1 or phase2 errors are induced using white box test cases
*/
assert(WB_COMMIT_ERR_ENABLED);
wcs_recover(reg);
}
/* Note WCSFLU_SYNC_EPOCH ensures the epoch is synced to the journal and indirectly
* also ensures that the db is fsynced. We don't want to use it in the calls to
* wcs_flu() from t_end() and tp_tend() since we can defer it to out-of-crit there.
* In this case, since we are running down, we don't have any such option.
*/
cnl->remove_shm = wcs_flu(WCSFLU_FLUSH_HDR | WCSFLU_WRITE_EPOCH | WCSFLU_SYNC_EPOCH);
/* Since we_are_last_writer, we should be guaranteed that wcs_flu() did not change csd, (in
* case of MM for potential file extension), even if it did a grab_crit(). Therefore, make
* sure that's true.
*/
assert(csd == csa->hdr);
assert(0 == memcmp(csd->label, GDS_LABEL, GDS_LABEL_SZ - 1));
} else if (((canceled_flush_timer && (0 > cnl->wcs_timers)) || canceled_dbsync_timer) && !inst_is_frozen)
{ /* canceled pending db or jnl flush timers - flush database and journal buffers to disk */
if (!was_crit)
grab_crit(reg);
/* we need to sync the epoch as the fact that there is no active pending flush timer implies
* there will be noone else who will flush the dirty buffers and EPOCH to disk in a timely fashion
*/
wcs_flu(WCSFLU_FLUSH_HDR | WCSFLU_WRITE_EPOCH | WCSFLU_SYNC_EPOCH);
if (!was_crit)
rel_crit(reg);
assert((dba_mm == cs_data->acc_meth) || (csd == cs_data));
csd = cs_data; /* In case this is MM and wcs_flu() remapped an extended database, reset csd */
}
/* Do rundown journal processing after buffer flushes since they require jnl to be open */
if (JNL_ENABLED(csd))
{ /* the following tp_change_reg() is not needed due to the assert csa == cs_addrs at the beginning
* of gds_rundown(), but just to be safe. To be removed by 2002!! --- nars -- 2001/04/25.
*/
tp_change_reg(); /* call this because jnl_ensure_open checks cs_addrs rather than gv_cur_region */
jpc = csa->jnl;
jbp = jpc->jnl_buff;
if (jbp->fsync_in_prog_latch.u.parts.latch_pid == process_id)
{
assert(FALSE);
COMPSWAP_UNLOCK(&jbp->fsync_in_prog_latch, process_id, 0, LOCK_AVAILABLE, 0);
}
if (jbp->io_in_prog_latch.u.parts.latch_pid == process_id)
{
assert(FALSE);
COMPSWAP_UNLOCK(&jbp->io_in_prog_latch, process_id, 0, LOCK_AVAILABLE, 0);
}
if ((((NOJNL != jpc->channel) && !JNL_FILE_SWITCHED(jpc))
|| we_are_last_writer && (0 != cnl->jnl_file.u.inode)) && ok_to_write_pfin)
{ /* We need to close the journal file cleanly if we have the latest generation journal file open
* or if we are the last writer and the journal file is open in shared memory (not necessarily
* by ourselves e.g. the only process that opened the journal got shot abnormally)
* Note: we should not infer anything from the shared memory value of cnl->jnl_file.u.inode
* if we are not the last writer as it can be concurrently updated.
*/
if (!was_crit)
grab_crit(reg);
if (JNL_ENABLED(csd))
{
SET_GBL_JREC_TIME; /* jnl_ensure_open/jnl_put_jrt_pini/pfin/jnl_file_close all need it */
/* Before writing to jnlfile, adjust jgbl.gbl_jrec_time if needed to maintain time order
* of jnl records. This needs to be done BEFORE the jnl_ensure_open as that could write
* journal records (if it decides to switch to a new journal file).
*/
ADJUST_GBL_JREC_TIME(jgbl, jbp);
jnl_status = jnl_ensure_open();
if (0 == jnl_status)
{ /* If we_are_last_writer, we would have already done a wcs_flu() which would
* have written an epoch record and we are guaranteed no further updates
* since we are the last writer. So, just close the journal.
* If the freeaddr == post_epoch_freeaddr, wcs_flu may have skipped writing
* a pini, so allow for that.
*/
assert(!jbp->before_images || is_mm
|| !we_are_last_writer || (0 != jpc->pini_addr) || jgbl.mur_extract
|| (jpc->jnl_buff->freeaddr == jpc->jnl_buff->post_epoch_freeaddr));
/* If we haven't written a pini, let jnl_file_close write the pini/pfin. */
if (!jgbl.mur_extract && (0 != jpc->pini_addr))
jnl_put_jrt_pfin(csa);
/* If not the last writer and no pending flush timer left, do jnl flush now */
if (!we_are_last_writer && (0 > cnl->wcs_timers))
{
if (SS_NORMAL == (jnl_status = jnl_flush(reg)))
{
assert(jbp->freeaddr == jbp->dskaddr);
jnl_fsync(reg, jbp->dskaddr);
assert(jbp->fsync_dskaddr == jbp->dskaddr);
} else
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_JNLFLUSH, 2,
JNL_LEN_STR(csd), ERR_TEXT, 2,
RTS_ERROR_TEXT("Error with journal flush in gds_rundown"),
jnl_status);
assert(NOJNL == jpc->channel);/* jnl file lost has been triggered */
/* In this routine, all code that follows from here on does not
* assume anything about the journaling characteristics of this
* database so it is safe to continue execution even though
* journaling got closed in the middle.
*/
}
}
jnl_file_close(reg, we_are_last_writer, FALSE);
} else
send_msg_csa(CSA_ARG(csa) VARLSTCNT(6) jnl_status, 4, JNL_LEN_STR(csd),
DB_LEN_STR(reg));
}
if (!was_crit)
rel_crit(reg);
}
}
if (we_are_last_writer) /* Flush the fileheader last and harden the file to disk */
{
if (!was_crit)
grab_crit(reg); /* To satisfy crit requirement in fileheader_sync() */
memset(csd->machine_name, 0, MAX_MCNAMELEN); /* clear the machine_name field */
if (!have_standalone_access && we_are_last_user)
{ /* mupip_exit_handler will do this after mur_close_file */
csd->semid = INVALID_SEMID;
csd->shmid = INVALID_SHMID;
csd->gt_sem_ctime.ctime = 0;
csd->gt_shm_ctime.ctime = 0;
}
fileheader_sync(reg);
if (!was_crit)
rel_crit(reg);
if (!is_mm)
{
GTM_DB_FSYNC(csa, udi->fd, rc); /* Sync it all */
if (-1 == rc)
{
rts_error_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Error during file sync at close"), errno);
}
} else
{ /* Now do final MM file sync before exit */
assert(csa->ti->total_blks == csa->total_blks);
#ifdef _AIX
GTM_DB_FSYNC(csa, udi->fd, rc);
if (-1 == rc)
#else
if (-1 == MSYNC((caddr_t)csa->db_addrs[0], (caddr_t)csa->db_addrs[1]))
#endif
{
rts_error_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Error during file sync at close"), errno);
}
}
} else if (unsafe_last_writer && !cnl->lastwriterbypas_msg_issued)
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(4) ERR_LASTWRITERBYPAS, 2, DB_LEN_STR(reg));
cnl->lastwriterbypas_msg_issued = TRUE;
}
} /* end if (!reg->read_only && !cnl->donotflush_dbjnl) */
/* We had canceled all db timers at start of rundown. In case as part of rundown (wcs_flu above), we had started
* any timers, cancel them BEFORE setting reg->open to FALSE (assert in wcs_clean_dbsync relies on this).
*/
CANCEL_DB_TIMERS(reg, csa, canceled_flush_timer, canceled_dbsync_timer);
if (reg->read_only && we_are_last_user && !have_standalone_access && cnl->remove_shm)
{ /* mupip_exit_handler will do this after mur_close_file */
db_ipcs.semid = INVALID_SEMID;
db_ipcs.shmid = INVALID_SHMID;
db_ipcs.gt_sem_ctime = 0;
db_ipcs.gt_shm_ctime = 0;
db_ipcs.fn_len = reg->dyn.addr->fname_len;
memcpy(db_ipcs.fn, reg->dyn.addr->fname, reg->dyn.addr->fname_len);
db_ipcs.fn[reg->dyn.addr->fname_len] = 0;
/* request gtmsecshr to flush. read_only cannot flush itself */
WAIT_FOR_REPL_INST_UNFREEZE_SAFE(csa);
if (!csa->read_only_fs)
{
secshrstat = send_mesg2gtmsecshr(FLUSH_DB_IPCS_INFO, 0, (char *)NULL, 0);
if (0 != secshrstat)
rts_error_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("gtmsecshr failed to update database file header"));
}
}
/* Done with file now, close it */
CLOSEFILE_RESET(udi->fd, rc); /* resets "udi->fd" to FD_INVALID */
if (-1 == rc)
{
rts_error_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, LEN_AND_LIT("Error during file close"), errno);
}
/* Unmap storage if mm mode but only the part that is not the fileheader (so shows up in dumps) */
# if !defined(_AIX)
if (is_mm && (NULL != csa->db_addrs[0]))
{
assert(csa->db_addrs[1] > csa->db_addrs[0]);
munmap_len = (sm_long_t)(csa->db_addrs[1] - csa->db_addrs[0]);
if (0 < munmap_len)
munmap((caddr_t)(csa->db_addrs[0]), (size_t)(munmap_len));
}
# endif
/* Detach our shared memory while still under lock so reference counts will be correct for the next process to run down
* this region. In the process also get the remove_shm status from node_local before detaching.
* If cnl->donotflush_dbjnl is TRUE, it means we can safely remove shared memory without compromising data
* integrity as a reissue of recover will restore the database to a consistent state.
*/
remove_shm = !vermismatch && (cnl->remove_shm || cnl->donotflush_dbjnl);
/* We are done with online rollback on this region. Indicate to other processes by setting the onln_rlbk_pid to 0.
* Do it before releasing crit (t_end relies on this ordering when accessing cnl->onln_rlbk_pid).
*/
if (jgbl.onlnrlbk)
cnl->onln_rlbk_pid = 0;
rel_crit(reg); /* Since we are about to detach from the shared memory, release crit and reset onln_rlbk_pid */
/* If we had skipped flushing journal and database buffers due to a concurrent online rollback, increment the counter
* indicating that in the shared memory so that online rollback can report the # of such processes when it shuts down.
* The same thing is done for both FTOK and access control semaphores when there are too many MUMPS processes.
*/
if (safe_mode) /* indicates flushing was skipped */
{
if (bypassed_access)
cnl->dbrndwn_access_skip++; /* Access semaphore can be bypassed during online rollback */
if (bypassed_ftok)
cnl->dbrndwn_ftok_skip++;
}
if (jgbl.onlnrlbk)
csa->hold_onto_crit = FALSE;
GTM_WHITE_BOX_TEST(WBTEST_HOLD_SEM_BYPASS, cnl->wbox_test_seq_num, 0);
status = shmdt((caddr_t)cnl);
csa->nl = NULL; /* dereferencing nl after detach is not right, so we set it to NULL so that we can test before dereference*/
/* Note that although csa->nl is NULL, we use CSA_ARG(csa) below (not CSA_ARG(NULL)) to be consistent with similar
* usages before csa->nl became NULL. The "is_anticipatory_freeze_needed" function (which is in turn called by the
* CHECK_IF_FREEZE_ON_ERROR_NEEDED macro) does a check of csa->nl before dereferencing shared memory contents so
* we are safe passing "csa".
*/
if (-1 == status)
send_msg_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg), ERR_TEXT, 2,
LEN_AND_LIT("Error during shmdt"), errno);
REMOVE_CSA_FROM_CSADDRSLIST(csa); /* remove "csa" from list of open regions (cs_addrs_list) */
reg->open = FALSE;
/* If file is still not in good shape, die here and now before we get rid of our storage */
assertpro(0 == csa->wbuf_dqd);
ipc_deleted = FALSE;
/* If we are the very last user, remove shared storage id and the semaphores */
if (we_are_last_user)
{ /* remove shared storage, only if last writer to rundown did a successful wcs_flu() */
assert(!vermismatch);
if (remove_shm)
{
ipc_deleted = TRUE;
if (0 != shm_rmid(udi->shmid))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Unable to remove shared memory"));
/* Note that we no longer have a new shared memory. Currently only used/usable for standalone rollback. */
udi->new_shm = FALSE;
/* mupip recover/rollback don't release the semaphore here, but do it later in db_ipcs_reset (invoked from
* mur_close_files())
*/
if (!have_standalone_access)
{
if (0 != sem_rmid(udi->semid))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Unable to remove semaphore"));
udi->new_sem = FALSE; /* Note that we no longer have a new semaphore */
udi->grabbed_access_sem = FALSE;
udi->counter_acc_incremented = FALSE;
}
} else if (is_src_server || is_updproc)
{
gtm_putmsg_csa(CSA_ARG(csa) VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
send_msg_csa(CSA_ARG(csa) VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
} else
send_msg_csa(CSA_ARG(csa) VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
} else
{
assert(!have_standalone_access || jgbl.onlnrlbk || safe_mode);
if (!jgbl.onlnrlbk && !have_standalone_access)
{ /* If we were writing, get rid of our writer access count semaphore */
if (!reg->read_only)
{
if (!access_counter_halted)
{
save_errno = do_semop(udi->semid, DB_COUNTER_SEM, -DB_COUNTER_SEM_INCR, SEM_UNDO);
if (0 != save_errno)
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown access control semaphore decrement"),
CALLFROM, save_errno);
}
udi->counter_acc_incremented = FALSE;
}
assert(safe_mode || !bypassed_access);
/* Now remove the rundown lock */
if (!bypassed_access)
{
if (0 != (save_errno = do_semop(udi->semid, DB_CONTROL_SEM, -1, SEM_UNDO)))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown access control semaphore release"),
CALLFROM, save_errno);
udi->grabbed_access_sem = FALSE;
}
} /* else access control semaphore will be released in db_ipcs_reset */
}
if (!have_standalone_access)
{
if (bypassed_ftok)
{
if (!ftok_counter_halted)
if (0 != (save_errno = do_semop(udi->ftok_semid, DB_COUNTER_SEM, -DB_COUNTER_SEM_INCR, SEM_UNDO)))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(4) ERR_DBFILERR, 2, DB_LEN_STR(reg));
} else if (!ftok_sem_release(reg, !ftok_counter_halted, FALSE))
{
FTOK_TRACE(csa, csa->ti->curr_tn, ftok_ops_release, process_id);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(4) ERR_DBFILERR, 2, DB_LEN_STR(reg));
}
udi->grabbed_ftok_sem = FALSE;
udi->counter_ftok_incremented = FALSE;
}
ENABLE_INTERRUPTS(INTRPT_IN_GDS_RUNDOWN, prev_intrpt_state);
if (!ipc_deleted)
{
GET_CUR_TIME(time_str);
if (is_src_server)
gtm_putmsg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_str,
LEN_AND_LIT("Source server"), REG_LEN_STR(reg));
if (is_updproc)
gtm_putmsg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_str,
LEN_AND_LIT("Update process"), REG_LEN_STR(reg));
if (mupip_jnl_recover && (!jgbl.onlnrlbk || !we_are_last_user))
{
gtm_putmsg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_str,
LEN_AND_LIT("Mupip journal process"), REG_LEN_STR(reg));
send_msg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_str,
LEN_AND_LIT("Mupip journal process"), REG_LEN_STR(reg));
}
}
REVERT;
return EXIT_NRM;
}
int gtmsource()
{
int status, log_init_status, waitpid_res, save_errno;
char print_msg[1024], tmpmsg[1024];
gd_region *reg, *region_top;
sgmnt_addrs *csa, *repl_csa;
boolean_t all_files_open, isalive;
pid_t pid, ppid, procgp;
seq_num read_jnl_seqno, jnl_seqno;
unix_db_info *udi;
gtmsource_local_ptr_t gtmsource_local;
boolean_t this_side_std_null_coll;
int null_fd, rc;
memset((uchar_ptr_t)&jnlpool, 0, SIZEOF(jnlpool_addrs));
call_on_signal = gtmsource_sigstop;
ESTABLISH_RET(gtmsource_ch, SS_NORMAL);
if (-1 == gtmsource_get_opt())
rts_error_csa(CSA_ARG(NULL) VARLSTCNT(1) ERR_MUPCLIERR);
if (gtmsource_options.shut_down)
{ /* Wait till shutdown time nears even before going to "jnlpool_init". This is because the latter will return
* with the ftok semaphore and access semaphore held and we do not want to be holding those locks (while
* waiting for the user specified timeout to expire) as that will affect new GTM processes and/or other
* MUPIP REPLIC commands that need these locks for their function.
*/
if (0 < gtmsource_options.shutdown_time)
{
repl_log(stdout, TRUE, TRUE, "Waiting for %d seconds before signalling shutdown\n",
gtmsource_options.shutdown_time);
LONG_SLEEP(gtmsource_options.shutdown_time);
} else
repl_log(stdout, TRUE, TRUE, "Signalling shutdown immediate\n");
} else if (gtmsource_options.start)
{
repl_log(stdout, TRUE, TRUE, "Initiating START of source server for secondary instance [%s]\n",
gtmsource_options.secondary_instname);
}
if (gtmsource_options.activate && (ROOTPRIMARY_SPECIFIED == gtmsource_options.rootprimary))
{ /* MUPIP REPLIC -SOURCE -ACTIVATE -UPDOK has been specified. We need to open the gld and db regions now
* in case this is a secondary -> primary transition. This is so we can later switch journal files in all
* journaled regions when the transition actually happens inside "gtmsource_rootprimary_init". But since
* we have not yet done a "jnlpool_init", we dont know if updates are disabled in it or not. Although we
* need to do the gld/db open only if updates are currently disabled in the jnlpool, we do this always
* because once we do a jnlpool_init, we will come back with the ftok on the jnlpool held and that has
* issues with later db open since we will try to hold the db ftok as part of db open and the ftok logic
* currently has assumptions that a process holds only one ftok at any point in time.
*/
assert(NULL == gd_header);
gvinit();
all_files_open = region_init(FALSE);
if (!all_files_open)
{
gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(1) ERR_NOTALLDBOPN);
gtmsource_exit(ABNORMAL_SHUTDOWN);
}
}
jnlpool_init(GTMSOURCE, gtmsource_options.start, &is_jnlpool_creator);
/* is_jnlpool_creator == TRUE ==> this process created the journal pool
* is_jnlpool_creator == FALSE ==> journal pool already existed and this process simply attached to it.
*/
if (gtmsource_options.shut_down)
gtmsource_exit(gtmsource_shutdown(FALSE, NORMAL_SHUTDOWN) - NORMAL_SHUTDOWN);
else if (gtmsource_options.activate)
gtmsource_exit(gtmsource_mode_change(GTMSOURCE_MODE_ACTIVE_REQUESTED) - NORMAL_SHUTDOWN);
else if (gtmsource_options.deactivate)
gtmsource_exit(gtmsource_mode_change(GTMSOURCE_MODE_PASSIVE_REQUESTED) - NORMAL_SHUTDOWN);
else if (gtmsource_options.checkhealth)
gtmsource_exit(gtmsource_checkhealth() - NORMAL_SHUTDOWN);
else if (gtmsource_options.changelog)
gtmsource_exit(gtmsource_changelog() - NORMAL_SHUTDOWN);
else if (gtmsource_options.showbacklog)
gtmsource_exit(gtmsource_showbacklog() - NORMAL_SHUTDOWN);
else if (gtmsource_options.stopsourcefilter)
gtmsource_exit(gtmsource_stopfilter() - NORMAL_SHUTDOWN);
else if (gtmsource_options.jnlpool)
gtmsource_exit(gtmsource_jnlpool() - NORMAL_SHUTDOWN);
else if (gtmsource_options.losttncomplete)
gtmsource_exit(gtmsource_losttncomplete() - NORMAL_SHUTDOWN);
else if (gtmsource_options.needrestart)
gtmsource_exit(gtmsource_needrestart() - NORMAL_SHUTDOWN);
else if (gtmsource_options.showfreeze)
gtmsource_exit(gtmsource_showfreeze() - NORMAL_SHUTDOWN);
else if (gtmsource_options.setfreeze)
gtmsource_exit(gtmsource_setfreeze() - NORMAL_SHUTDOWN);
else if (!gtmsource_options.start)
{
assert(CLI_PRESENT == cli_present("STATSLOG"));
gtmsource_exit(gtmsource_statslog() - NORMAL_SHUTDOWN);
}
assert(gtmsource_options.start);
# ifndef REPL_DEBUG_NOBACKGROUND
/* Set "child_server_running" to FALSE before forking off child. Wait for it to be set to TRUE by the child. */
gtmsource_local = jnlpool.gtmsource_local;
gtmsource_local->child_server_running = FALSE;
FORK(pid);
if (0 > pid)
{
save_errno = errno;
rts_error_csa(CSA_ARG(NULL) VARLSTCNT(7) ERR_JNLPOOLSETUP, 0,
ERR_TEXT, 2, RTS_ERROR_LITERAL("Could not fork source server"), save_errno);
} else if (0 < pid)
{ /* Parent. Wait until child sets "child_server_running" to FALSE. That is an indication that the child
* source server has completed its initialization phase and is all set so the parent command can return.
*/
while (isalive = is_proc_alive(pid, 0)) /* note : intended assignment */
{
if (gtmsource_local->child_server_running)
break;
/* To take care of reassignment of PIDs, the while condition should be && with the condition
* (PPID of pid == process_id)
*/
SHORT_SLEEP(GTMSOURCE_WAIT_FOR_SRV_START);
WAITPID(pid, &status, WNOHANG, waitpid_res); /* Release defunct child if dead */
}
if (isalive)
{ /* Child process is alive and started with no issues */
if (0 != (save_errno = rel_sem(SOURCE, JNL_POOL_ACCESS_SEM)))
rts_error_csa(CSA_ARG(NULL) VARLSTCNT(7) ERR_JNLPOOLSETUP, 0,
ERR_TEXT, 2, RTS_ERROR_LITERAL("Error in rel_sem"), save_errno);
ftok_sem_release(jnlpool.jnlpool_dummy_reg, TRUE, TRUE);
} else
{ /* Child source server process errored out at startup and is no longer alive.
* If we were the one who created the journal pool, let us clean it up.
*/
repl_log(stdout, TRUE, TRUE, "Source server startup failed. See source server log file\n");
if (is_jnlpool_creator)
status = gtmsource_shutdown(TRUE, NORMAL_SHUTDOWN);
}
/* If the parent is killed (or crashes) between the fork and exit, checkhealth may not detect that startup
* is in progress - parent forks and dies, the system will release sem 0 and 1, checkhealth might test the
* value of sem 1 before the child grabs sem 1.
*/
gtmsource_exit(isalive ? SRV_ALIVE : SRV_ERR);
}
/* Point stdin to /dev/null */
OPENFILE("/dev/null", O_RDONLY, null_fd);
if (0 > null_fd)
rts_error_csa(CSA_ARG(NULL) ERR_REPLERR, RTS_ERROR_LITERAL("Failed to open /dev/null for read"), errno, 0);
FCNTL3(null_fd, F_DUPFD, 0, rc);
if (0 > rc)
rts_error_csa(CSA_ARG(NULL) ERR_REPLERR, RTS_ERROR_LITERAL("Failed to set stdin to /dev/null"), errno, 0);
CLOSEFILE(null_fd, rc);
if (0 > rc)
rts_error_csa(CSA_ARG(NULL) ERR_REPLERR, RTS_ERROR_LITERAL("Failed to close /dev/null"), errno, 0);
/* The parent process (source server startup command) will be holding the ftok semaphore and jnlpool access semaphore
* at this point. The variables that indicate this would have been copied over to the child during the fork. This will
* make the child think it is actually holding them as well when actually it is not. Reset those variables in the child
* to ensure they do not misrepresent the holder of those semaphores.
*/
ftok_sem_reg = NULL;
udi = FILE_INFO(jnlpool.jnlpool_dummy_reg);
assert(udi->grabbed_ftok_sem);
udi->grabbed_ftok_sem = FALSE;
assert(holds_sem[SOURCE][JNL_POOL_ACCESS_SEM]);
holds_sem[SOURCE][JNL_POOL_ACCESS_SEM] = FALSE;
assert(!holds_sem[SOURCE][SRC_SERV_COUNT_SEM]);
/* Start child source server initialization */
is_src_server = TRUE;
OPERATOR_LOG_MSG;
process_id = getpid();
/* Reinvoke secshr related initialization with the child's pid */
INVOKE_INIT_SECSHR_ADDRS;
/* Initialize mutex socket, memory semaphore etc. before any "grab_lock" is done by this process on the journal pool.
* Note that the initialization would already have been done by the parent receiver startup command but we need to
* redo the initialization with the child process id.
*/
assert(mutex_per_process_init_pid && (mutex_per_process_init_pid != process_id));
mutex_per_process_init();
START_HEARTBEAT_IF_NEEDED;
ppid = getppid();
log_init_status = repl_log_init(REPL_GENERAL_LOG, >msource_log_fd, gtmsource_options.log_file);
assert(SS_NORMAL == log_init_status);
repl_log_fd2fp(>msource_log_fp, gtmsource_log_fd);
if (-1 == (procgp = setsid()))
send_msg_csa(CSA_ARG(NULL) VARLSTCNT(7) ERR_JNLPOOLSETUP, 0, ERR_TEXT, 2,
RTS_ERROR_LITERAL("Source server error in setsid"), errno);
# endif /* REPL_DEBUG_NOBACKGROUND */
if (ZLIB_CMPLVL_NONE != gtm_zlib_cmp_level)
gtm_zlib_init(); /* Open zlib shared library for compression/decompression */
REPL_DPRINT1("Setting up regions\n");
gvinit();
/* We use the same code dse uses to open all regions but we must make sure they are all open before proceeding. */
all_files_open = region_init(FALSE);
if (!all_files_open)
{
gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(1) ERR_NOTALLDBOPN);
gtmsource_exit(ABNORMAL_SHUTDOWN);
}
/* Determine primary side null subscripts collation order */
/* Also check whether all regions have same null collation order */
this_side_std_null_coll = -1;
for (reg = gd_header->regions, region_top = gd_header->regions + gd_header->n_regions; reg < region_top; reg++)
{
csa = &FILE_INFO(reg)->s_addrs;
if (this_side_std_null_coll != csa->hdr->std_null_coll)
{
if (-1 == this_side_std_null_coll)
this_side_std_null_coll = csa->hdr->std_null_coll;
else
{
gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(1) ERR_NULLCOLLDIFF);
gtmsource_exit(ABNORMAL_SHUTDOWN);
}
}
if (!REPL_ALLOWED(csa) && JNL_ALLOWED(csa))
{
gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(4) ERR_REPLOFFJNLON, 2, DB_LEN_STR(reg));
gtmsource_exit(ABNORMAL_SHUTDOWN);
}
if (reg->read_only && REPL_ALLOWED(csa))
{
gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(6) ERR_JNLPOOLSETUP, 0, ERR_TEXT, 2,
RTS_ERROR_LITERAL("Source Server does not have write permissions to one or "
"more database files that are replicated"));
gtmsource_exit(ABNORMAL_SHUTDOWN);
}
}
/* Initialize source server alive/dead state related fields in "gtmsource_local" before the ftok semaphore is released */
gtmsource_local->gtmsource_pid = process_id;
gtmsource_local->gtmsource_state = GTMSOURCE_START;
if (is_jnlpool_creator)
{
DEBUG_ONLY(jnlpool.jnlpool_ctl->jnlpool_creator_pid = process_id);
gtmsource_seqno_init(this_side_std_null_coll);
if (ROOTPRIMARY_SPECIFIED == gtmsource_options.rootprimary)
{ /* Created the journal pool as a root primary. Append a history record to the replication instance file.
* Invoke the function "gtmsource_rootprimary_init" to do that.
*/
gtmsource_rootprimary_init(jnlpool.jnlpool_ctl->jnl_seqno);
}
}
/* after this point we can no longer have the case where all the regions are unreplicated/non-journaled. */
# ifndef REPL_DEBUG_NOBACKGROUND
/* It is necessary for every process that is using the ftok semaphore to increment the counter by 1. This is used
* by the last process that shuts down to delete the ftok semaphore when it notices the counter to be 0.
* Note that the parent source server startup command would have done an increment of the ftok counter semaphore
* for the replication instance file. But the source server process (the child) that comes here would not have done
* that. Do that while the parent is still holding on to the ftok semaphore waiting for our okay.
*/
if (!ftok_sem_incrcnt(jnlpool.jnlpool_dummy_reg))
rts_error_csa(CSA_ARG(NULL) VARLSTCNT(1) ERR_JNLPOOLSETUP);
/* Increment the source server count semaphore */
status = incr_sem(SOURCE, SRC_SERV_COUNT_SEM);
if (0 != status)
{
save_errno = errno;
rts_error_csa(CSA_ARG(NULL) VARLSTCNT(7) ERR_JNLPOOLSETUP, 0, ERR_TEXT, 2,
RTS_ERROR_LITERAL("Counter semaphore increment failure in child source server"), save_errno);
}
# else
if (0 != (save_errno = rel_sem_immediate(SOURCE, JNL_POOL_ACCESS_SEM)))
{
rts_error_csa(CSA_ARG(NULL) VARLSTCNT(7) ERR_JNLPOOLSETUP, 0, ERR_TEXT, 2,
RTS_ERROR_LITERAL("Error in rel_sem_immediate"), save_errno);
}
# endif /* REPL_DEBUG_NOBACKGROUND */
gtmsource_srv_count++;
gtmsource_local->child_server_running = TRUE; /* At this point, the parent startup command will stop waiting for child */
gtm_event_log_init();
/* Log source server startup command line first */
SPRINTF(tmpmsg, "%s %s\n", cli_lex_in_ptr->argv[0], cli_lex_in_ptr->in_str);
repl_log(gtmsource_log_fp, TRUE, TRUE, tmpmsg);
SPRINTF(tmpmsg, "GTM Replication Source Server with Pid [%d] started for Secondary Instance [%s]",
process_id, gtmsource_local->secondary_instname);
sgtm_putmsg(print_msg, VARLSTCNT(4) ERR_REPLINFO, 2, LEN_AND_STR(tmpmsg));
repl_log(gtmsource_log_fp, TRUE, TRUE, print_msg);
if (is_jnlpool_creator)
{
repl_log(gtmsource_log_fp, TRUE, TRUE, "Created jnlpool with shmid = [%d] and semid = [%d]\n",
jnlpool.repl_inst_filehdr->jnlpool_shmid, jnlpool.repl_inst_filehdr->jnlpool_semid);
} else
repl_log(gtmsource_log_fp, TRUE, TRUE, "Attached to existing jnlpool with shmid = [%d] and semid = [%d]\n",
jnlpool.repl_inst_filehdr->jnlpool_shmid, jnlpool.repl_inst_filehdr->jnlpool_semid);
gtm_event_log(GTM_EVENT_LOG_ARGC, "MUPIP", "REPLINFO", print_msg);
# ifdef GTM_TLS
if (REPL_TLS_REQUESTED)
{
repl_do_tls_init(gtmsource_log_fp);
assert(REPL_TLS_REQUESTED || PLAINTEXT_FALLBACK);
}
# endif
if (jnlpool.jnlpool_ctl->freeze)
{
last_seen_freeze_flag = jnlpool.jnlpool_ctl->freeze;
sgtm_putmsg(print_msg, VARLSTCNT(3) ERR_REPLINSTFROZEN, 1, jnlpool.repl_inst_filehdr->inst_info.this_instname);
repl_log(gtmsource_log_fp, TRUE, FALSE, print_msg);
sgtm_putmsg(print_msg, VARLSTCNT(3) ERR_REPLINSTFREEZECOMMENT, 1, jnlpool.jnlpool_ctl->freeze_comment);
repl_log(gtmsource_log_fp, TRUE, TRUE, print_msg);
}
gtmsource_local->jnlfileonly = gtmsource_options.jnlfileonly;
do
{ /* If mode is passive, go to sleep. Wakeup every now and then and check to see if I have to become active. */
gtmsource_state = gtmsource_local->gtmsource_state = GTMSOURCE_START;
if ((gtmsource_local->mode == GTMSOURCE_MODE_PASSIVE) && (gtmsource_local->shutdown == NO_SHUTDOWN))
{
gtmsource_poll_actions(FALSE);
SHORT_SLEEP(GTMSOURCE_WAIT_FOR_MODE_CHANGE);
continue;
}
if (GTMSOURCE_MODE_PASSIVE == gtmsource_local->mode)
{ /* Shutdown initiated */
assert(gtmsource_local->shutdown == SHUTDOWN);
sgtm_putmsg(print_msg, VARLSTCNT(4) ERR_REPLINFO, 2,
RTS_ERROR_LITERAL("GTM Replication Source Server Shutdown signalled"));
repl_log(gtmsource_log_fp, TRUE, TRUE, print_msg);
gtm_event_log(GTM_EVENT_LOG_ARGC, "MUPIP", "REPLINFO", print_msg);
break;
}
gtmsource_poll_actions(FALSE);
if (GTMSOURCE_CHANGING_MODE == gtmsource_state)
continue;
if (GTMSOURCE_MODE_ACTIVE_REQUESTED == gtmsource_local->mode)
gtmsource_local->mode = GTMSOURCE_MODE_ACTIVE;
SPRINTF(tmpmsg, "GTM Replication Source Server now in ACTIVE mode using port %d", gtmsource_local->secondary_port);
sgtm_putmsg(print_msg, VARLSTCNT(4) ERR_REPLINFO, 2, LEN_AND_STR(tmpmsg));
repl_log(gtmsource_log_fp, TRUE, TRUE, print_msg);
gtm_event_log(GTM_EVENT_LOG_ARGC, "MUPIP", "REPLINFO", print_msg);
DEBUG_ONLY(repl_csa = &FILE_INFO(jnlpool.jnlpool_dummy_reg)->s_addrs;)
assert(!repl_csa->hold_onto_crit); /* so it is ok to invoke "grab_lock" and "rel_lock" unconditionally */
grab_lock(jnlpool.jnlpool_dummy_reg, TRUE, HANDLE_CONCUR_ONLINE_ROLLBACK);
if (GTMSOURCE_HANDLE_ONLN_RLBK == gtmsource_state)
{
repl_log(gtmsource_log_fp, TRUE, TRUE, "Starting afresh due to ONLINE ROLLBACK\n");
repl_log(gtmsource_log_fp, TRUE, TRUE, "REPL INFO - Current Jnlpool Seqno : %llu\n",
jnlpool.jnlpool_ctl->jnl_seqno);
continue;
}
QWASSIGN(gtmsource_local->read_addr, jnlpool.jnlpool_ctl->write_addr);
gtmsource_local->read = jnlpool.jnlpool_ctl->write;
gtmsource_local->read_state = gtmsource_local->jnlfileonly ? READ_FILE : READ_POOL;
read_jnl_seqno = gtmsource_local->read_jnl_seqno;
assert(read_jnl_seqno <= jnlpool.jnlpool_ctl->jnl_seqno);
if (read_jnl_seqno < jnlpool.jnlpool_ctl->jnl_seqno)
{
gtmsource_local->read_state = READ_FILE;
QWASSIGN(gtmsource_save_read_jnl_seqno, jnlpool.jnlpool_ctl->jnl_seqno);
gtmsource_pool2file_transition = TRUE; /* so that we read the latest gener jnl files */
}
rel_lock(jnlpool.jnlpool_dummy_reg);
if (SS_NORMAL != (status = gtmsource_alloc_tcombuff()))
rts_error_csa(CSA_ARG(NULL) VARLSTCNT(7) ERR_REPLCOMM, 0, ERR_TEXT, 2,
RTS_ERROR_LITERAL("Error allocating initial tcom buffer space. Malloc error"), status);
gtmsource_filter = NO_FILTER;
if ('\0' != gtmsource_local->filter_cmd[0])
{
if (SS_NORMAL == (status = repl_filter_init(gtmsource_local->filter_cmd)))
gtmsource_filter |= EXTERNAL_FILTER;
else
gtmsource_exit(ABNORMAL_SHUTDOWN);
}
gtmsource_process();
/* gtmsource_process returns only when mode needs to be changed to PASSIVE */
assert(gtmsource_state == GTMSOURCE_CHANGING_MODE);
gtmsource_ctl_close();
gtmsource_free_msgbuff();
gtmsource_free_tcombuff();
gtmsource_free_filter_buff();
gtmsource_stop_heartbeat();
if (FD_INVALID != gtmsource_sock_fd)
repl_close(>msource_sock_fd);
if (gtmsource_filter & EXTERNAL_FILTER)
repl_stop_filter();
} while (TRUE);
