/* Free a semaphore set. */
static void freeary (int id)
{
struct sem_array *sma;
struct sem_undo *un;
struct sem_queue *q;
int size;
sma = sem_rmid(id);
/* Invalidate the existing undo structures for this semaphore set.
* (They will be freed without any further action in sem_exit()
* or during the next semop.)
*/
for (un = sma->undo; un; un = un->id_next)
un->semid = -1;
/* Wake up all pending processes and let them fail with EIDRM. */
for (q = sma->sem_pending; q; q = q->next) {
q->status = -EIDRM;
q->prev = NULL;
wake_up_process(q->sleeper); /* doesn't sleep */
}
sem_write_unlock(id);
used_sems -= sma->sem_nsems;
size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem);
ipc_free(sma, size);
}
int remove_sem_set(int set_index)
{
int rc, i;
ASSERT_SET_INDEX;
rc = sem_rmid(sem_set_id[set_index]);
if (!rc) /* successful removal of sem set */
{
sem_set_id[set_index] = 0;
for (i = 0; i < NUM_SRC_SEMS; i++)
holds_sem[set_index][i] = FALSE;
}
return rc;
}
/*
* This will rundown a replication instance journal (and receiver) pool.
* Input Parameter:
* replpool_id of the instance. Instance file name must be null terminated in replpool_id.
* Returns :
* TRUE, if successful.
* FALSE, otherwise.
*/
boolean_t mu_rndwn_repl_instance(replpool_identifier *replpool_id, boolean_t immediate, boolean_t rndwn_both_pools)
{
boolean_t jnlpool_stat = TRUE, recvpool_stat = TRUE;
char *instfilename, shmid_buff[TMP_BUF_LEN];
gd_region *r_save;
repl_inst_hdr repl_instance;
static gd_region *reg = NULL;
struct semid_ds semstat;
struct shmid_ds shmstat;
union semun semarg;
uchar_ptr_t ret_ptr;
unix_db_info *udi;
int save_errno;
error_def(ERR_MUJPOOLRNDWNSUC);
error_def(ERR_MURPOOLRNDWNSUC);
error_def(ERR_MUJPOOLRNDWNFL);
error_def(ERR_MURPOOLRNDWNFL);
error_def(ERR_SEMREMOVED);
error_def(ERR_REPLACCSEM);
error_def(ERR_SYSCALL);
if (NULL == reg)
{
r_save = gv_cur_region;
mu_gv_cur_reg_init();
reg = gv_cur_region;
gv_cur_region = r_save;
}
jnlpool.jnlpool_dummy_reg = reg;
recvpool.recvpool_dummy_reg = reg;
instfilename = replpool_id->instfilename;
reg->dyn.addr->fname_len = strlen(instfilename);
assert(0 == instfilename[reg->dyn.addr->fname_len]);
memcpy((char *)reg->dyn.addr->fname, instfilename, reg->dyn.addr->fname_len + 1);
udi = FILE_INFO(reg);
udi->fn = (char *)reg->dyn.addr->fname;
/* Lock replication instance using ftok semaphore */
if (!ftok_sem_get(reg, TRUE, REPLPOOL_ID, immediate))
return FALSE;
repl_inst_read(instfilename, (off_t)0, (sm_uc_ptr_t)&repl_instance, SIZEOF(repl_inst_hdr));
semarg.buf = &semstat;
assert(rndwn_both_pools || JNLPOOL_SEGMENT == replpool_id->pool_type || RECVPOOL_SEGMENT == replpool_id->pool_type);
if (rndwn_both_pools || (JNLPOOL_SEGMENT == replpool_id->pool_type))
{ /* --------------------------
* First rundown Journal pool
* --------------------------
*/
if (INVALID_SEMID != repl_instance.jnlpool_semid)
if ((-1 == semctl(repl_instance.jnlpool_semid, 0, IPC_STAT, semarg)) ||
(semarg.buf->sem_ctime != repl_instance.jnlpool_semid_ctime))
repl_instance.jnlpool_semid = INVALID_SEMID;
if (INVALID_SHMID != repl_instance.jnlpool_shmid)
if ((-1 == shmctl(repl_instance.jnlpool_shmid, IPC_STAT, &shmstat)) ||
(shmstat.shm_ctime != repl_instance.jnlpool_shmid_ctime))
repl_instance.jnlpool_shmid = INVALID_SHMID;
if (INVALID_SHMID != repl_instance.jnlpool_shmid)
{
replpool_id->pool_type = JNLPOOL_SEGMENT;
jnlpool_stat = mu_rndwn_replpool(replpool_id, repl_instance.jnlpool_semid, repl_instance.jnlpool_shmid);
ret_ptr = i2asc((uchar_ptr_t)shmid_buff, repl_instance.jnlpool_shmid);
*ret_ptr = '\0';
if (rndwn_both_pools)
gtm_putmsg(VARLSTCNT(6) (jnlpool_stat ? ERR_MUJPOOLRNDWNSUC : ERR_MUJPOOLRNDWNFL),
4, LEN_AND_STR(shmid_buff), LEN_AND_STR(replpool_id->instfilename));
} else if (INVALID_SEMID != repl_instance.jnlpool_semid)
{
if (0 == sem_rmid(repl_instance.jnlpool_semid))
{ /* note that shmid_buff used here is actually a buffer to hold semid (not shmid) */
ret_ptr = i2asc((uchar_ptr_t)shmid_buff, repl_instance.jnlpool_semid);
*ret_ptr = '\0';
gtm_putmsg(VARLSTCNT(9) ERR_MUJPOOLRNDWNSUC, 4, LEN_AND_STR(shmid_buff),
LEN_AND_STR(replpool_id->instfilename), ERR_SEMREMOVED, 1, repl_instance.jnlpool_semid);
} else
{
save_errno = errno;
gtm_putmsg(VARLSTCNT(13) ERR_REPLACCSEM, 3, repl_instance.jnlpool_semid,
RTS_ERROR_STRING(instfilename), ERR_SYSCALL, 5, RTS_ERROR_LITERAL("jnlpool sem_rmid()"),
CALLFROM, save_errno);
}
/* Note that jnlpool_stat is not set to FALSE in case sem_rmid() fails above. This is because the
* journal pool is anyway not present and it is safer to reset the sem/shmids in the instance file.
* The only thing this might cause is a stranded semaphore but that is considered better than getting
* errors due to not resetting instance file.
*/
}
if (jnlpool_stat) /* Reset instance file for jnlpool info */
repl_inst_jnlpool_reset();
}
if (rndwn_both_pools || (RECVPOOL_SEGMENT == replpool_id->pool_type))
{ /* --------------------------
* Now rundown Receivpool
* --------------------------
*/
if (INVALID_SEMID != repl_instance.recvpool_semid)
if ((-1 == semctl(repl_instance.recvpool_semid, 0, IPC_STAT, semarg)) ||
(semarg.buf->sem_ctime != repl_instance.recvpool_semid_ctime))
repl_instance.recvpool_semid = INVALID_SEMID;
if (INVALID_SHMID != repl_instance.recvpool_shmid)
if ((-1 == shmctl(repl_instance.recvpool_shmid, IPC_STAT, &shmstat)) ||
(shmstat.shm_ctime != repl_instance.recvpool_shmid_ctime))
repl_instance.recvpool_shmid = INVALID_SHMID;
if (INVALID_SHMID != repl_instance.recvpool_shmid)
{
replpool_id->pool_type = RECVPOOL_SEGMENT;
recvpool_stat = mu_rndwn_replpool(replpool_id, repl_instance.recvpool_semid, repl_instance.recvpool_shmid);
ret_ptr = i2asc((uchar_ptr_t)shmid_buff, repl_instance.recvpool_shmid);
*ret_ptr = '\0';
if (rndwn_both_pools)
gtm_putmsg(VARLSTCNT(6) (recvpool_stat ? ERR_MURPOOLRNDWNSUC : ERR_MURPOOLRNDWNFL),
4, LEN_AND_STR(shmid_buff), LEN_AND_STR(replpool_id->instfilename));
} else if (INVALID_SEMID != repl_instance.recvpool_semid)
{
if (0 == sem_rmid(repl_instance.recvpool_semid))
{ /* note that shmid_buff used here is actually a buffer to hold semid (not shmid) */
ret_ptr = i2asc((uchar_ptr_t)shmid_buff, repl_instance.recvpool_semid);
*ret_ptr = '\0';
gtm_putmsg(VARLSTCNT(9) ERR_MURPOOLRNDWNSUC, 4, LEN_AND_STR(shmid_buff),
LEN_AND_STR(replpool_id->instfilename), ERR_SEMREMOVED, 1, repl_instance.recvpool_semid);
} else
{
save_errno = errno;
gtm_putmsg(VARLSTCNT(13) ERR_REPLACCSEM, 3, repl_instance.recvpool_semid,
RTS_ERROR_STRING(instfilename), ERR_SYSCALL, 5, RTS_ERROR_LITERAL("recvpool sem_rmid()"),
CALLFROM, save_errno);
}
/* Note that recvpool_stat is not set to FALSE in case sem_rmid() fails above. This is because the
* journal pool is anyway not present and it is safer to reset the sem/shmids in the instance file.
* The only thing this might cause is a stranded semaphore but that is considered better than getting
* errors due to not resetting instance file.
*/
}
if (recvpool_stat) /* Reset instance file for recvpool info */
repl_inst_recvpool_reset();
}
/* Release replication instance ftok semaphore lock */
if (!ftok_sem_release(reg, TRUE, immediate))
return FALSE;
return (jnlpool_stat && recvpool_stat);
}
int4 gds_rundown(void)
{
boolean_t canceled_dbsync_timer, canceled_flush_timer, ok_to_write_pfin;
boolean_t have_standalone_access, ipc_deleted, err_caught;
boolean_t is_cur_process_ss_initiator, remove_shm, vermismatch, we_are_last_user, we_are_last_writer, is_mm;
boolean_t unsafe_last_writer;
char time_str[CTIME_BEFORE_NL + 2]; /* for GET_CUR_TIME macro */
gd_region *reg;
int save_errno, status, rc;
int4 semval, ftok_semval, sopcnt, ftok_sopcnt;
short crash_count;
sm_long_t munmap_len;
sgmnt_addrs *csa;
sgmnt_data_ptr_t csd;
node_local_ptr_t cnl;
struct shmid_ds shm_buf;
struct sembuf sop[2], ftok_sop[2];
uint4 jnl_status;
unix_db_info *udi;
jnl_private_control *jpc;
jnl_buffer_ptr_t jbp;
shm_snapshot_t *ss_shm_ptr;
uint4 ss_pid, onln_rlbk_pid, holder_pid;
boolean_t was_crit;
boolean_t safe_mode; /* Do not flush or take down shared memory. */
boolean_t bypassed_ftok = FALSE, bypassed_access = FALSE, may_bypass_ftok, inst_is_frozen,
ftok_counter_halted,
access_counter_halted;
int secshrstat;
intrpt_state_t prev_intrpt_state;
DCL_THREADGBL_ACCESS;
SETUP_THREADGBL_ACCESS;
jnl_status = 0;
reg = gv_cur_region; /* Local copy */
/* early out for cluster regions
* to avoid tripping the assert below.
* Note:
* This early out is consistent with VMS. It has been
* noted that all of the gtcm assignments
* to gv_cur_region should use the TP_CHANGE_REG
* macro. This would also avoid the assert problem
* and should be done eventually.
*/
if (dba_cm == reg->dyn.addr->acc_meth)
return EXIT_NRM;
udi = FILE_INFO(reg);
csa = &udi->s_addrs;
csd = csa->hdr;
assert(csa == cs_addrs && csd == cs_data);
if ((reg->open) && (dba_usr == csd->acc_meth))
{
change_reg();
gvusr_rundown();
return EXIT_NRM;
}
/* If the process has standalone access, it has udi->grabbed_access_sem set to TRUE at this point. Note that down in a local
* variable as the udi->grabbed_access_sem is set to TRUE even for non-standalone access below and hence we can't rely on
* that later to determine if the process had standalone access or not when it entered this function. We need to guarantee
* that none else access database file header when semid/shmid fields are reset. We already have created ftok semaphore in
* db_init or, mu_rndwn_file and did not remove it. So just lock it. We do it in blocking mode.
*/
have_standalone_access = udi->grabbed_access_sem; /* process holds standalone access */
DEFER_INTERRUPTS(INTRPT_IN_GDS_RUNDOWN, prev_intrpt_state);
ESTABLISH_NORET(gds_rundown_ch, err_caught);
if (err_caught)
{
REVERT;
WITH_CH(gds_rundown_ch, gds_rundown_err_cleanup(have_standalone_access), 0);
ENABLE_INTERRUPTS(INTRPT_IN_GDS_RUNDOWN, prev_intrpt_state);
DEBUG_ONLY(ok_to_UNWIND_in_exit_handling = FALSE);
return EXIT_ERR;
}
assert(reg->open); /* if we failed to open, dbinit_ch should have taken care of proper clean up */
assert(!reg->opening); /* see comment above */
assert((dba_bg == csd->acc_meth) || (dba_mm == csd->acc_meth));
is_mm = (dba_bg != csd->acc_meth);
assert(!csa->hold_onto_crit || (csa->now_crit && jgbl.onlnrlbk));
/* If we are online rollback, we should already be holding crit and should release it only at the end of this module. This
* is usually done by noting down csa->now_crit in a local variable (was_crit) and using it whenever we are about to
* grab_crit. But, there are instances (like mupip_set_journal.c) where we grab_crit but invoke gds_rundown without any
* preceeding rel_crit. Such code relies on the fact that gds_rundown does rel_crit unconditionally (to get locks to a known
* state). So, augment csa->now_crit with jgbl.onlnrlbk to track if we can rel_crit unconditionally or not in gds_rundown.
*/
was_crit = (csa->now_crit && jgbl.onlnrlbk);
/* Cancel any pending flush timer for this region by this task */
canceled_flush_timer = FALSE;
canceled_dbsync_timer = FALSE;
CANCEL_DB_TIMERS(reg, csa, canceled_flush_timer, canceled_dbsync_timer);
we_are_last_user = FALSE;
inst_is_frozen = IS_REPL_INST_FROZEN && REPL_ALLOWED(csa->hdr);
if (!csa->persistent_freeze)
region_freeze(reg, FALSE, FALSE, FALSE);
if (!was_crit)
{
rel_crit(reg); /* get locks to known state */
mutex_cleanup(reg);
}
/* The only process that can invoke gds_rundown while holding access control semaphore is RECOVER/ROLLBACK. All the others
* (like MUPIP SET -FILE/MUPIP EXTEND would have invoked db_ipcs_reset() before invoking gds_rundown (from
* mupip_exit_handler). The only exception is when these processes encounter a terminate signal and they reach
* mupip_exit_handler while holding access control semaphore. Assert accordingly.
*/
assert(!have_standalone_access || mupip_jnl_recover || process_exiting);
/* If we have standalone access, then ensure that a concurrent online rollback cannot be running at the same time as it
* needs the access control lock as well. The only expection is we are online rollback and currently running down.
*/
cnl = csa->nl;
onln_rlbk_pid = cnl->onln_rlbk_pid;
assert(!have_standalone_access || mupip_jnl_recover || !onln_rlbk_pid || !is_proc_alive(onln_rlbk_pid, 0));
if (!have_standalone_access)
{
if (-1 == (ftok_semval = semctl(udi->ftok_semid, DB_COUNTER_SEM, GETVAL))) /* Check # of procs counted on FTOK */
{
save_errno = errno;
assert(FALSE);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get ftok_semval"), CALLFROM, errno);
}
may_bypass_ftok = CAN_BYPASS(ftok_semval, csd, inst_is_frozen); /* Do we need a blocking wait? */
/* We need to guarantee that no one else access database file header when semid/shmid fields are reset.
* We already have created ftok semaphore in db_init or mu_rndwn_file and did not remove it. So just lock it.
*/
if (!ftok_sem_lock(reg, may_bypass_ftok))
{
if (may_bypass_ftok)
{ /* We did a non-blocking wait. It's ok to proceed without locking */
bypassed_ftok = TRUE;
holder_pid = semctl(udi->ftok_semid, DB_CONTROL_SEM, GETPID);
if ((uint4)-1 == holder_pid)
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get holder_pid"),
CALLFROM, errno);
if (!IS_GTM_IMAGE) /* MUMPS processes should not flood syslog with bypass messages. */
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_RESRCINTRLCKBYPAS, 10,
LEN_AND_STR(gtmImageNames[image_type].imageName), process_id, LEN_AND_LIT("FTOK"),
REG_LEN_STR(reg), DB_LEN_STR(reg), holder_pid);
send_msg_csa(CSA_ARG(NULL) VARLSTCNT(4) ERR_TEXT, 2,
LEN_AND_LIT("FTOK bypassed at rundown"));
}
} else
{ /* We did a blocking wait but something bad happened. */
FTOK_TRACE(csa, csa->ti->curr_tn, ftok_ops_lock, process_id);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(4) ERR_DBFILERR, 2, DB_LEN_STR(reg));
}
}
sop[0].sem_num = DB_CONTROL_SEM; sop[0].sem_op = 0; /* Wait for 0 */
sop[1].sem_num = DB_CONTROL_SEM; sop[1].sem_op = 1; /* Lock */
sopcnt = 2;
sop[0].sem_flg = sop[1].sem_flg = SEM_UNDO | IPC_NOWAIT; /* Don't wait the first time thru */
SEMOP(udi->semid, sop, sopcnt, status, NO_WAIT);
if (0 != status)
{
save_errno = errno;
/* Check # of processes counted on access sem. */
if (-1 == (semval = semctl(udi->semid, DB_COUNTER_SEM, GETVAL)))
{
assert(FALSE);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get semval"), CALLFROM, errno);
}
bypassed_access = CAN_BYPASS(semval, csd, inst_is_frozen) || onln_rlbk_pid || csd->file_corrupt;
/* Before attempting again in the blocking mode, see if the holding process is an online rollback.
* If so, it is likely we won't get the access control semaphore anytime soon. In that case, we
* are better off skipping rundown and continuing with sanity cleanup and exit.
*/
holder_pid = semctl(udi->semid, DB_CONTROL_SEM, GETPID);
if ((uint4)-1 == holder_pid)
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get holder_pid"), CALLFROM, errno);
if (!bypassed_access)
{ /* We couldn't get it in one shot-- see if we already have it */
if (holder_pid == process_id)
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(5) MAKE_MSG_INFO(ERR_CRITSEMFAIL), 2, DB_LEN_STR(reg),
ERR_RNDWNSEMFAIL);
REVERT;
ENABLE_INTERRUPTS(INTRPT_IN_GDS_RUNDOWN, prev_intrpt_state);
assert(FALSE);
return EXIT_ERR;
}
if (EAGAIN != save_errno)
{
assert(FALSE);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMOP on access control semaphore"),
CALLFROM, save_errno);
}
sop[0].sem_flg = sop[1].sem_flg = SEM_UNDO; /* Try again - blocking this time */
SEMOP(udi->semid, sop, 2, status, FORCED_WAIT);
if (-1 == status) /* We couldn't get it at all.. */
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMOP on access control semaphore"),
CALLFROM, errno);
} else if (!IS_GTM_IMAGE)
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_RESRCINTRLCKBYPAS, 10,
LEN_AND_STR(gtmImageNames[image_type].imageName), process_id,
LEN_AND_LIT("access control"), REG_LEN_STR(reg), DB_LEN_STR(reg), holder_pid);
send_msg_csa(CSA_ARG(NULL) VARLSTCNT(4) ERR_TEXT, 2,
LEN_AND_LIT("Access control bypassed at rundown"));
}
udi->grabbed_access_sem = !bypassed_access;
}
} /* else we we hold the access control semaphore and therefore have standalone access. We do not release it now - we
* release it later in mupip_exit_handler.c. Since we already hold the access control semaphore, we don't need the
* ftok semaphore and trying it could cause deadlock
*/
/* Note that in the case of online rollback, "udi->grabbed_access_sem" (and in turn "have_standalone_access") is TRUE.
* But there could be other processes still having the database open so we cannot safely reset the halted fields.
*/
if (have_standalone_access && !jgbl.onlnrlbk)
csd->ftok_counter_halted = csd->access_counter_halted = FALSE;
ftok_counter_halted = csd->ftok_counter_halted;
access_counter_halted = csd->access_counter_halted;
/* If we bypassed any of the semaphores, activate safe mode.
* Also, if the replication instance is frozen and this db has replication turned on (which means
* no flushes of dirty buffers to this db can happen while the instance is frozen) activate safe mode.
*/
ok_to_write_pfin = !(bypassed_access || bypassed_ftok || inst_is_frozen);
safe_mode = !ok_to_write_pfin || ftok_counter_halted || access_counter_halted;
/* At this point we are guaranteed no one else is doing a db_init/rundown as we hold the access control semaphore */
assert(csa->ref_cnt); /* decrement private ref_cnt before shared ref_cnt decrement. */
csa->ref_cnt--; /* Currently journaling logic in gds_rundown() in VMS relies on this order to detect last writer */
assert(!csa->ref_cnt);
--cnl->ref_cnt;
if (memcmp(cnl->now_running, gtm_release_name, gtm_release_name_len + 1))
{ /* VERMISMATCH condition. Possible only if DSE */
assert(dse_running);
vermismatch = TRUE;
} else
vermismatch = FALSE;
if (-1 == shmctl(udi->shmid, IPC_STAT, &shm_buf))
{
save_errno = errno;
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown shmctl"), CALLFROM, save_errno);
} else
we_are_last_user = (1 == shm_buf.shm_nattch) && !vermismatch && !safe_mode;
/* recover => one user except ONLINE ROLLBACK, or standalone with frozen instance */
assert(!have_standalone_access || we_are_last_user || jgbl.onlnrlbk || inst_is_frozen);
if (-1 == (semval = semctl(udi->semid, DB_COUNTER_SEM, GETVAL)))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get semval"), CALLFROM, errno);
/* There's one writer left and I am it */
assert(reg->read_only || semval >= 0);
unsafe_last_writer = (DB_COUNTER_SEM_INCR == semval) && (FALSE == reg->read_only) && !vermismatch;
we_are_last_writer = unsafe_last_writer && !safe_mode;
assert(!we_are_last_writer || !safe_mode);
assert(!we_are_last_user || !safe_mode);
/* recover + R/W region => one writer except ONLINE ROLLBACK, or standalone with frozen instance, leading to safe_mode */
assert(!(have_standalone_access && !reg->read_only) || we_are_last_writer || jgbl.onlnrlbk || inst_is_frozen);
GTM_WHITE_BOX_TEST(WBTEST_ANTIFREEZE_JNLCLOSE, we_are_last_writer, 1); /* Assume we are the last writer to invoke wcs_flu */
if (!have_standalone_access && (-1 == (ftok_semval = semctl(udi->ftok_semid, DB_COUNTER_SEM, GETVAL))))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown SEMCTL failed to get ftok_semval"), CALLFROM, errno);
if (NULL != csa->ss_ctx)
ss_destroy_context(csa->ss_ctx);
/* SS_MULTI: If multiple snapshots are supported, then we have to run through each of the snapshots */
assert(1 == MAX_SNAPSHOTS);
ss_shm_ptr = (shm_snapshot_ptr_t)SS_GETSTARTPTR(csa);
ss_pid = ss_shm_ptr->ss_info.ss_pid;
is_cur_process_ss_initiator = (process_id == ss_pid);
if (ss_pid && (is_cur_process_ss_initiator || we_are_last_user))
{
/* Try getting snapshot crit latch. If we don't get latch, we won't hang for eternity and will skip
* doing the orphaned snapshot cleanup. It will be cleaned up eventually either by subsequent MUPIP
* INTEG or by a MUPIP RUNDOWN.
*/
if (ss_get_lock_nowait(reg) && (ss_pid == ss_shm_ptr->ss_info.ss_pid)
&& (is_cur_process_ss_initiator || !is_proc_alive(ss_pid, 0)))
{
ss_release(NULL);
ss_release_lock(reg);
}
}
/* If cnl->donotflush_dbjnl is set, it means mupip recover/rollback was interrupted and therefore we need not flush
* shared memory contents to disk as they might be in an inconsistent state. Moreover, any more flushing will only cause
* future rollback to undo more journal records (PBLKs). In this case, we will go ahead and remove shared memory (without
* flushing the contents) in this routine. A reissue of the recover/rollback command will restore the database to a
* consistent state.
*/
if (!cnl->donotflush_dbjnl && !reg->read_only && !vermismatch)
{ /* If we had an orphaned block and were interrupted, set wc_blocked so we can invoke wcs_recover. Do it ONLY
* if there is NO concurrent online rollback running (as we need crit to set wc_blocked)
*/
if (csa->wbuf_dqd && !is_mm)
{ /* If we had an orphaned block and were interrupted, mupip_exit_handler will invoke secshr_db_clnup which
* will clear this field and so we should never come to gds_rundown with a non-zero wbuf_dqd. The only
* exception is if we are recover/rollback in which case gds_rundown (from mur_close_files) is invoked
* BEFORE secshr_db_clnup in mur_close_files.
* Note: It is NOT possible for online rollback to reach here with wbuf_dqd being non-zero. This is because
* the moment we apply the first PBLK, we stop all interrupts and hence can never be interrupted in
* wcs_wtstart or wcs_get_space. Assert accordingly.
*/
assert(mupip_jnl_recover && !jgbl.onlnrlbk && !safe_mode);
if (!was_crit)
grab_crit(reg);
SET_TRACEABLE_VAR(cnl->wc_blocked, TRUE);
BG_TRACE_PRO_ANY(csa, wcb_gds_rundown);
send_msg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_WCBLOCKED, 6, LEN_AND_LIT("wcb_gds_rundown"),
process_id, &csa->ti->curr_tn, DB_LEN_STR(reg));
csa->wbuf_dqd = 0;
wcs_recover(reg);
BG_TRACE_PRO_ANY(csa, lost_block_recovery);
if (!was_crit)
rel_crit(reg);
}
if (JNL_ENABLED(csd) && IS_GTCM_GNP_SERVER_IMAGE)
originator_prc_vec = NULL;
/* If we are the last writing user, then everything must be flushed */
if (we_are_last_writer)
{ /* Time to flush out all of our buffers */
assert(!safe_mode);
if (is_mm)
{
MM_DBFILEXT_REMAP_IF_NEEDED(csa, reg);
cnl->remove_shm = TRUE;
}
if (cnl->wc_blocked && jgbl.onlnrlbk)
{ /* if the last update done by online rollback was not committed in the normal code-path but was
* completed by secshr_db_clnup, wc_blocked will be set to TRUE. But, since online rollback never
* invokes grab_crit (since csa->hold_onto_crit is set to TRUE), wcs_recover is never invoked. This
* could result in the last update never getting flushed to the disk and if online rollback happened
* to be the last writer then the shared memory will be flushed and removed and the last update will
* be lost. So, force wcs_recover if we find ourselves in such a situation. But, wc_blocked is
* possible only if phase1 or phase2 errors are induced using white box test cases
*/
assert(WB_COMMIT_ERR_ENABLED);
wcs_recover(reg);
}
/* Note WCSFLU_SYNC_EPOCH ensures the epoch is synced to the journal and indirectly
* also ensures that the db is fsynced. We don't want to use it in the calls to
* wcs_flu() from t_end() and tp_tend() since we can defer it to out-of-crit there.
* In this case, since we are running down, we don't have any such option.
*/
cnl->remove_shm = wcs_flu(WCSFLU_FLUSH_HDR | WCSFLU_WRITE_EPOCH | WCSFLU_SYNC_EPOCH);
/* Since we_are_last_writer, we should be guaranteed that wcs_flu() did not change csd, (in
* case of MM for potential file extension), even if it did a grab_crit(). Therefore, make
* sure that's true.
*/
assert(csd == csa->hdr);
assert(0 == memcmp(csd->label, GDS_LABEL, GDS_LABEL_SZ - 1));
} else if (((canceled_flush_timer && (0 > cnl->wcs_timers)) || canceled_dbsync_timer) && !inst_is_frozen)
{ /* canceled pending db or jnl flush timers - flush database and journal buffers to disk */
if (!was_crit)
grab_crit(reg);
/* we need to sync the epoch as the fact that there is no active pending flush timer implies
* there will be noone else who will flush the dirty buffers and EPOCH to disk in a timely fashion
*/
wcs_flu(WCSFLU_FLUSH_HDR | WCSFLU_WRITE_EPOCH | WCSFLU_SYNC_EPOCH);
if (!was_crit)
rel_crit(reg);
assert((dba_mm == cs_data->acc_meth) || (csd == cs_data));
csd = cs_data; /* In case this is MM and wcs_flu() remapped an extended database, reset csd */
}
/* Do rundown journal processing after buffer flushes since they require jnl to be open */
if (JNL_ENABLED(csd))
{ /* the following tp_change_reg() is not needed due to the assert csa == cs_addrs at the beginning
* of gds_rundown(), but just to be safe. To be removed by 2002!! --- nars -- 2001/04/25.
*/
tp_change_reg(); /* call this because jnl_ensure_open checks cs_addrs rather than gv_cur_region */
jpc = csa->jnl;
jbp = jpc->jnl_buff;
if (jbp->fsync_in_prog_latch.u.parts.latch_pid == process_id)
{
assert(FALSE);
COMPSWAP_UNLOCK(&jbp->fsync_in_prog_latch, process_id, 0, LOCK_AVAILABLE, 0);
}
if (jbp->io_in_prog_latch.u.parts.latch_pid == process_id)
{
assert(FALSE);
COMPSWAP_UNLOCK(&jbp->io_in_prog_latch, process_id, 0, LOCK_AVAILABLE, 0);
}
if ((((NOJNL != jpc->channel) && !JNL_FILE_SWITCHED(jpc))
|| we_are_last_writer && (0 != cnl->jnl_file.u.inode)) && ok_to_write_pfin)
{ /* We need to close the journal file cleanly if we have the latest generation journal file open
* or if we are the last writer and the journal file is open in shared memory (not necessarily
* by ourselves e.g. the only process that opened the journal got shot abnormally)
* Note: we should not infer anything from the shared memory value of cnl->jnl_file.u.inode
* if we are not the last writer as it can be concurrently updated.
*/
if (!was_crit)
grab_crit(reg);
if (JNL_ENABLED(csd))
{
SET_GBL_JREC_TIME; /* jnl_ensure_open/jnl_put_jrt_pini/pfin/jnl_file_close all need it */
/* Before writing to jnlfile, adjust jgbl.gbl_jrec_time if needed to maintain time order
* of jnl records. This needs to be done BEFORE the jnl_ensure_open as that could write
* journal records (if it decides to switch to a new journal file).
*/
ADJUST_GBL_JREC_TIME(jgbl, jbp);
jnl_status = jnl_ensure_open();
if (0 == jnl_status)
{ /* If we_are_last_writer, we would have already done a wcs_flu() which would
* have written an epoch record and we are guaranteed no further updates
* since we are the last writer. So, just close the journal.
* If the freeaddr == post_epoch_freeaddr, wcs_flu may have skipped writing
* a pini, so allow for that.
*/
assert(!jbp->before_images || is_mm
|| !we_are_last_writer || (0 != jpc->pini_addr) || jgbl.mur_extract
|| (jpc->jnl_buff->freeaddr == jpc->jnl_buff->post_epoch_freeaddr));
/* If we haven't written a pini, let jnl_file_close write the pini/pfin. */
if (!jgbl.mur_extract && (0 != jpc->pini_addr))
jnl_put_jrt_pfin(csa);
/* If not the last writer and no pending flush timer left, do jnl flush now */
if (!we_are_last_writer && (0 > cnl->wcs_timers))
{
if (SS_NORMAL == (jnl_status = jnl_flush(reg)))
{
assert(jbp->freeaddr == jbp->dskaddr);
jnl_fsync(reg, jbp->dskaddr);
assert(jbp->fsync_dskaddr == jbp->dskaddr);
} else
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_JNLFLUSH, 2,
JNL_LEN_STR(csd), ERR_TEXT, 2,
RTS_ERROR_TEXT("Error with journal flush in gds_rundown"),
jnl_status);
assert(NOJNL == jpc->channel);/* jnl file lost has been triggered */
/* In this routine, all code that follows from here on does not
* assume anything about the journaling characteristics of this
* database so it is safe to continue execution even though
* journaling got closed in the middle.
*/
}
}
jnl_file_close(reg, we_are_last_writer, FALSE);
} else
send_msg_csa(CSA_ARG(csa) VARLSTCNT(6) jnl_status, 4, JNL_LEN_STR(csd),
DB_LEN_STR(reg));
}
if (!was_crit)
rel_crit(reg);
}
}
if (we_are_last_writer) /* Flush the fileheader last and harden the file to disk */
{
if (!was_crit)
grab_crit(reg); /* To satisfy crit requirement in fileheader_sync() */
memset(csd->machine_name, 0, MAX_MCNAMELEN); /* clear the machine_name field */
if (!have_standalone_access && we_are_last_user)
{ /* mupip_exit_handler will do this after mur_close_file */
csd->semid = INVALID_SEMID;
csd->shmid = INVALID_SHMID;
csd->gt_sem_ctime.ctime = 0;
csd->gt_shm_ctime.ctime = 0;
}
fileheader_sync(reg);
if (!was_crit)
rel_crit(reg);
if (!is_mm)
{
GTM_DB_FSYNC(csa, udi->fd, rc); /* Sync it all */
if (-1 == rc)
{
rts_error_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Error during file sync at close"), errno);
}
} else
{ /* Now do final MM file sync before exit */
assert(csa->ti->total_blks == csa->total_blks);
#ifdef _AIX
GTM_DB_FSYNC(csa, udi->fd, rc);
if (-1 == rc)
#else
if (-1 == MSYNC((caddr_t)csa->db_addrs[0], (caddr_t)csa->db_addrs[1]))
#endif
{
rts_error_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Error during file sync at close"), errno);
}
}
} else if (unsafe_last_writer && !cnl->lastwriterbypas_msg_issued)
{
send_msg_csa(CSA_ARG(csa) VARLSTCNT(4) ERR_LASTWRITERBYPAS, 2, DB_LEN_STR(reg));
cnl->lastwriterbypas_msg_issued = TRUE;
}
} /* end if (!reg->read_only && !cnl->donotflush_dbjnl) */
/* We had canceled all db timers at start of rundown. In case as part of rundown (wcs_flu above), we had started
* any timers, cancel them BEFORE setting reg->open to FALSE (assert in wcs_clean_dbsync relies on this).
*/
CANCEL_DB_TIMERS(reg, csa, canceled_flush_timer, canceled_dbsync_timer);
if (reg->read_only && we_are_last_user && !have_standalone_access && cnl->remove_shm)
{ /* mupip_exit_handler will do this after mur_close_file */
db_ipcs.semid = INVALID_SEMID;
db_ipcs.shmid = INVALID_SHMID;
db_ipcs.gt_sem_ctime = 0;
db_ipcs.gt_shm_ctime = 0;
db_ipcs.fn_len = reg->dyn.addr->fname_len;
memcpy(db_ipcs.fn, reg->dyn.addr->fname, reg->dyn.addr->fname_len);
db_ipcs.fn[reg->dyn.addr->fname_len] = 0;
/* request gtmsecshr to flush. read_only cannot flush itself */
WAIT_FOR_REPL_INST_UNFREEZE_SAFE(csa);
if (!csa->read_only_fs)
{
secshrstat = send_mesg2gtmsecshr(FLUSH_DB_IPCS_INFO, 0, (char *)NULL, 0);
if (0 != secshrstat)
rts_error_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("gtmsecshr failed to update database file header"));
}
}
/* Done with file now, close it */
CLOSEFILE_RESET(udi->fd, rc); /* resets "udi->fd" to FD_INVALID */
if (-1 == rc)
{
rts_error_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, LEN_AND_LIT("Error during file close"), errno);
}
/* Unmap storage if mm mode but only the part that is not the fileheader (so shows up in dumps) */
# if !defined(_AIX)
if (is_mm && (NULL != csa->db_addrs[0]))
{
assert(csa->db_addrs[1] > csa->db_addrs[0]);
munmap_len = (sm_long_t)(csa->db_addrs[1] - csa->db_addrs[0]);
if (0 < munmap_len)
munmap((caddr_t)(csa->db_addrs[0]), (size_t)(munmap_len));
}
# endif
/* Detach our shared memory while still under lock so reference counts will be correct for the next process to run down
* this region. In the process also get the remove_shm status from node_local before detaching.
* If cnl->donotflush_dbjnl is TRUE, it means we can safely remove shared memory without compromising data
* integrity as a reissue of recover will restore the database to a consistent state.
*/
remove_shm = !vermismatch && (cnl->remove_shm || cnl->donotflush_dbjnl);
/* We are done with online rollback on this region. Indicate to other processes by setting the onln_rlbk_pid to 0.
* Do it before releasing crit (t_end relies on this ordering when accessing cnl->onln_rlbk_pid).
*/
if (jgbl.onlnrlbk)
cnl->onln_rlbk_pid = 0;
rel_crit(reg); /* Since we are about to detach from the shared memory, release crit and reset onln_rlbk_pid */
/* If we had skipped flushing journal and database buffers due to a concurrent online rollback, increment the counter
* indicating that in the shared memory so that online rollback can report the # of such processes when it shuts down.
* The same thing is done for both FTOK and access control semaphores when there are too many MUMPS processes.
*/
if (safe_mode) /* indicates flushing was skipped */
{
if (bypassed_access)
cnl->dbrndwn_access_skip++; /* Access semaphore can be bypassed during online rollback */
if (bypassed_ftok)
cnl->dbrndwn_ftok_skip++;
}
if (jgbl.onlnrlbk)
csa->hold_onto_crit = FALSE;
GTM_WHITE_BOX_TEST(WBTEST_HOLD_SEM_BYPASS, cnl->wbox_test_seq_num, 0);
status = shmdt((caddr_t)cnl);
csa->nl = NULL; /* dereferencing nl after detach is not right, so we set it to NULL so that we can test before dereference*/
/* Note that although csa->nl is NULL, we use CSA_ARG(csa) below (not CSA_ARG(NULL)) to be consistent with similar
* usages before csa->nl became NULL. The "is_anticipatory_freeze_needed" function (which is in turn called by the
* CHECK_IF_FREEZE_ON_ERROR_NEEDED macro) does a check of csa->nl before dereferencing shared memory contents so
* we are safe passing "csa".
*/
if (-1 == status)
send_msg_csa(CSA_ARG(csa) VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg), ERR_TEXT, 2,
LEN_AND_LIT("Error during shmdt"), errno);
REMOVE_CSA_FROM_CSADDRSLIST(csa); /* remove "csa" from list of open regions (cs_addrs_list) */
reg->open = FALSE;
/* If file is still not in good shape, die here and now before we get rid of our storage */
assertpro(0 == csa->wbuf_dqd);
ipc_deleted = FALSE;
/* If we are the very last user, remove shared storage id and the semaphores */
if (we_are_last_user)
{ /* remove shared storage, only if last writer to rundown did a successful wcs_flu() */
assert(!vermismatch);
if (remove_shm)
{
ipc_deleted = TRUE;
if (0 != shm_rmid(udi->shmid))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Unable to remove shared memory"));
/* Note that we no longer have a new shared memory. Currently only used/usable for standalone rollback. */
udi->new_shm = FALSE;
/* mupip recover/rollback don't release the semaphore here, but do it later in db_ipcs_reset (invoked from
* mur_close_files())
*/
if (!have_standalone_access)
{
if (0 != sem_rmid(udi->semid))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Unable to remove semaphore"));
udi->new_sem = FALSE; /* Note that we no longer have a new semaphore */
udi->grabbed_access_sem = FALSE;
udi->counter_acc_incremented = FALSE;
}
} else if (is_src_server || is_updproc)
{
gtm_putmsg_csa(CSA_ARG(csa) VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
send_msg_csa(CSA_ARG(csa) VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
} else
send_msg_csa(CSA_ARG(csa) VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
} else
{
assert(!have_standalone_access || jgbl.onlnrlbk || safe_mode);
if (!jgbl.onlnrlbk && !have_standalone_access)
{ /* If we were writing, get rid of our writer access count semaphore */
if (!reg->read_only)
{
if (!access_counter_halted)
{
save_errno = do_semop(udi->semid, DB_COUNTER_SEM, -DB_COUNTER_SEM_INCR, SEM_UNDO);
if (0 != save_errno)
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown access control semaphore decrement"),
CALLFROM, save_errno);
}
udi->counter_acc_incremented = FALSE;
}
assert(safe_mode || !bypassed_access);
/* Now remove the rundown lock */
if (!bypassed_access)
{
if (0 != (save_errno = do_semop(udi->semid, DB_CONTROL_SEM, -1, SEM_UNDO)))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(12) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_SYSCALL, 5,
RTS_ERROR_TEXT("gds_rundown access control semaphore release"),
CALLFROM, save_errno);
udi->grabbed_access_sem = FALSE;
}
} /* else access control semaphore will be released in db_ipcs_reset */
}
if (!have_standalone_access)
{
if (bypassed_ftok)
{
if (!ftok_counter_halted)
if (0 != (save_errno = do_semop(udi->ftok_semid, DB_COUNTER_SEM, -DB_COUNTER_SEM_INCR, SEM_UNDO)))
rts_error_csa(CSA_ARG(csa) VARLSTCNT(4) ERR_DBFILERR, 2, DB_LEN_STR(reg));
} else if (!ftok_sem_release(reg, !ftok_counter_halted, FALSE))
{
FTOK_TRACE(csa, csa->ti->curr_tn, ftok_ops_release, process_id);
rts_error_csa(CSA_ARG(csa) VARLSTCNT(4) ERR_DBFILERR, 2, DB_LEN_STR(reg));
}
udi->grabbed_ftok_sem = FALSE;
udi->counter_ftok_incremented = FALSE;
}
ENABLE_INTERRUPTS(INTRPT_IN_GDS_RUNDOWN, prev_intrpt_state);
if (!ipc_deleted)
{
GET_CUR_TIME(time_str);
if (is_src_server)
gtm_putmsg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_str,
LEN_AND_LIT("Source server"), REG_LEN_STR(reg));
if (is_updproc)
gtm_putmsg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_str,
LEN_AND_LIT("Update process"), REG_LEN_STR(reg));
if (mupip_jnl_recover && (!jgbl.onlnrlbk || !we_are_last_user))
{
gtm_putmsg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_str,
LEN_AND_LIT("Mupip journal process"), REG_LEN_STR(reg));
send_msg_csa(CSA_ARG(csa) VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_str,
LEN_AND_LIT("Mupip journal process"), REG_LEN_STR(reg));
}
}
REVERT;
return EXIT_NRM;
}
void mupip_upgrade(void)
{
bool rbno;
unsigned char *upgrd_buff[2], upgrd_label[GDS_LABEL_SZ]="UPGRADE0304";
char fn[256];
char answer[4];
unsigned short fn_len;
int4 fd, save_errno, old_hdr_size, new_hdr_size, status, bufsize, dsize, datasize[2];
int4 old_hdr_size_vbn, new_hdr_size_vbn;
int fstat_res;
off_t last_full_grp_startoff, old_file_len, old_file_len2, read_off, write_off, old_start_vbn_off;
block_id last_full_grp_startblk;
v3_sgmnt_data old_head_data, *old_head;
sgmnt_data new_head_data, *new_head;
struct stat stat_buf;
error_def(ERR_MUNODBNAME);
error_def(ERR_MUNOUPGRD);
error_def(ERR_DBOPNERR);
error_def(ERR_DBRDONLY);
error_def(ERR_DBFILOPERR);
error_def(ERR_DBPREMATEOF);
ESTABLISH(mupip_upgrade_ch);
fn_len = sizeof(fn);
if (!cli_get_str("FILE", fn, &fn_len))
rts_error(VARLSTCNT(1) ERR_MUNODBNAME);
if (!(mupip_upgrade_standalone(fn, &upgrade_standalone_sems)))
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
if (-1 == (fd = OPEN(fn, O_RDWR)))
{
save_errno = errno;
if (-1 != (fd = OPEN(fn, O_RDONLY)))
{
util_out_print("Cannot update read-only database.", FLUSH);
rts_error(VARLSTCNT(5) ERR_DBRDONLY, 2, fn_len, fn, errno);
}
rts_error(VARLSTCNT(5) ERR_DBRDONLY, 2, fn_len, fn, save_errno);
}
/* Confirm before proceed */
if (!mu_upgrd_confirmed(TRUE))
{
util_out_print("Upgrade canceled by user", FLUSH);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
util_out_print("Do not interrupt to avoid damage in database!!", FLUSH);
util_out_print("Mupip upgrade started ...!/", FLUSH);
mu_upgrd_sig_init();
/* get file status */
FSTAT_FILE(fd, &stat_buf, fstat_res);
if (-1 == fstat_res)
rts_error(VARLSTCNT(5) ERR_DBOPNERR, 2, fn_len, fn, errno);
old_file_len = stat_buf.st_size;
/* Prepare v3.x file header buffer */
old_hdr_size = sizeof(*old_head);
old_head = &old_head_data;
/* Prepare v4.x file header buffer */
new_hdr_size = sizeof(*new_head);
new_head = &new_head_data;
memset(new_head, 0, new_hdr_size);
old_hdr_size_vbn = DIVIDE_ROUND_UP(old_hdr_size, DISK_BLOCK_SIZE);
new_hdr_size_vbn = DIVIDE_ROUND_UP(new_hdr_size, DISK_BLOCK_SIZE);
/* READ header from V3.x file */
LSEEKREAD(fd, 0, old_head, old_hdr_size, status);
if (0 != status)
if (-1 == status)
rts_error(VARLSTCNT(4) ERR_DBPREMATEOF, 2, fn_len, fn);
else
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
/* Check version */
if (memcmp(&old_head->label[0], GDS_LABEL, GDS_LABEL_SZ - 1))
{
if (memcmp(&old_head->label[0], GDS_LABEL, GDS_LABEL_SZ - 3))
{ /* it is not a GTM database */
close(fd);
util_out_print("File !AD is not a GT.M database.!/", FLUSH, fn_len, fn);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}else
{ /* it is GTM database */
/* is it not v3.x database? */
if (memcmp(&old_head->label[GDS_LABEL_SZ - 3],GDS_V30,2) !=0 &&
memcmp(&old_head->label[GDS_LABEL_SZ - 3],GDS_ALT_V30,2) != 0)
{
close(fd);
util_out_print("File !AD has an unrecognized database version!/", FLUSH, fn_len, fn);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
}
}
else
{ /* Note: We assume that if the V4.x header and current GT.M file header
* has same field names, they are at same offset */
/* READ the header from file again as V4.x header */
LSEEKREAD(fd, 0, new_head, new_hdr_size, status);
if (0 != status)
if (-1 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
else
rts_error(VARLSTCNT(4) ERR_DBPREMATEOF, 2, fn_len, fn);
if (QWNE(new_head->reg_seqno, seq_num_zero) ||
QWNE(new_head->resync_seqno, seq_num_zero) ||
(new_head->resync_tn != 0) ||
new_head->repl_state != repl_closed)
{
util_out_print("!AD might already have been upgraded", FLUSH, fn_len, fn);
util_out_print("Do you wish to continue with the upgrade? [y/n] ", FLUSH);
SCANF("%s", answer);
if (answer[0] != 'y' && answer[0] != 'Y')
{
close(fd);
util_out_print("Upgrade canceled by user", FLUSH);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
}
init_replication(new_head);
new_head->max_update_array_size = new_head->max_non_bm_update_array_size
= ROUND_UP2(MAX_NON_BITMAP_UPDATE_ARRAY_SIZE(new_head), UPDATE_ARRAY_ALIGN_SIZE);
new_head->max_update_array_size += ROUND_UP2(MAX_BITMAP_UPDATE_ARRAY_SIZE, UPDATE_ARRAY_ALIGN_SIZE);
new_head->mutex_spin_parms.mutex_hard_spin_count = MUTEX_HARD_SPIN_COUNT;
new_head->mutex_spin_parms.mutex_sleep_spin_count = MUTEX_SLEEP_SPIN_COUNT;
new_head->mutex_spin_parms.mutex_spin_sleep_mask = MUTEX_SPIN_SLEEP_MASK;
new_head->semid = INVALID_SEMID;
new_head->shmid = INVALID_SHMID;
if (JNL_ALLOWED(new_head))
{ /* Following 3 are new fields starting from V43001.
* Initialize them appropriately.
*/
new_head->epoch_interval = DEFAULT_EPOCH_INTERVAL;
new_head->alignsize = DISK_BLOCK_SIZE * JNL_DEF_ALIGNSIZE;
if (!new_head->jnl_alq)
new_head->jnl_alq = JNL_ALLOC_DEF;
/* note new_head->jnl_deq is carried over without any change even if it is zero since a zero
* jnl file extension size is supported starting V43001
*/
new_head->autoswitchlimit = ALIGNED_ROUND_DOWN(JNL_ALLOC_MAX, new_head->jnl_alq, new_head->jnl_deq);
/* following field is assumed as non-zero by set_jnl_info starting V43001A */
if (JNL_ALLOWED(new_head) && !new_head->jnl_buffer_size)
new_head->jnl_buffer_size = JNL_BUFFER_DEF;
} else
{
new_head->epoch_interval = 0;
new_head->alignsize = 0;
new_head->autoswitchlimit = 0;
}
new_head->yield_lmt = DEFAULT_YIELD_LIMIT;
/* writing header */
LSEEKWRITE(fd, 0, new_head, new_hdr_size, status);
if (0 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
close(fd);
util_out_print("File !AD successfully upgraded.!/", FLUSH, fn_len, fn);
if (0 != sem_rmid(upgrade_standalone_sems))
{
util_out_print("Error with sem_rmid : %d [0x%x]", TRUE, upgrade_standalone_sems, upgrade_standalone_sems);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
mupip_exit(SS_NORMAL);
}
util_out_print("Old header size: !SL", FLUSH, old_hdr_size);
util_out_print("New header size: !SL", FLUSH, new_hdr_size);
if (old_head->createinprogress)
{
close(fd);
util_out_print("Database creation in progress on file !AD.!/", FLUSH, fn_len, fn);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
if (old_head->file_corrupt)
{
close(fd);
util_out_print("Database !AD is corrupted.!/", FLUSH, fn_len, fn);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
if ((((off_t)old_head->start_vbn - 1) * DISK_BLOCK_SIZE +
(off_t)old_head->trans_hist.total_blks * old_head->blk_size + (off_t)DISK_BLOCK_SIZE != old_file_len) &&
(((off_t)old_head->start_vbn - 1) * DISK_BLOCK_SIZE +
(off_t)old_head->trans_hist.total_blks * old_head->blk_size + (off_t)old_head->blk_size != old_file_len))
{
util_out_print("Incorrect start_vbn !SL or, block size !SL or, total blocks !SL",
FLUSH, old_head->start_vbn, old_head->blk_size, old_head->trans_hist.total_blks);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
if (ROUND_DOWN(old_head->blk_size, DISK_BLOCK_SIZE) != old_head->blk_size)
{
util_out_print("Database block size !SL is not divisible by DISK_BLOCK_SIZE", FLUSH, old_head->blk_size);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
mu_upgrd_header(old_head, new_head); /* Update header from v3.x to v4.x */
new_head->start_vbn = new_hdr_size_vbn + 1;
new_head->free_space = 0;
new_head->wc_blocked_t_end_hist.evnt_cnt = old_head->wc_blocked_t_end_hist2.evnt_cnt;
new_head->wc_blocked_t_end_hist.evnt_tn = old_head->wc_blocked_t_end_hist2.evnt_tn;
init_replication(new_head);
/*
A simple way of doing mupip upgrade is to move all the data after file header
towards the eof to make space and write down the header. This does not need any
computation or, change in data/index blocks. This is a slow process because it
has mainly I/O, though no manipulation of database structures. or index blocks.
This is okay for small database.
A time efficient way is to physically move second group of BLKS_PER_LMAP number of
blocks towards the eof and move first group of BLKS_PER_LMAP number of blocks in
place of 2nd group. Finally adjust all indices to point to the blocks correctly.
Also adjust master bit map.
(note: we cannot move first group from the beginning).
Detail algorithm as follows:
---------------------------
// Allocate two buffers each to hold one group of data.
Read v3.x header and upgrade to v4.x
if file is big enough
read group 1 in buff[0]
read_off = offset of starting block of 2nd group.
read group 2 in buff[1]
write buff[0] at offset read_off
last_full_grp_startblk = points to the block where 2nd group of 512 blocks
of old file will be written back.
//Instead of searching for a free group we will write at the last full group
//Say, we have 3000 blocks. last_full_grp_startblk = 2048
// (not 2560, because it is not full)
//All data from that point upto eof will be read and saved in buffer
read all remaining data from the point last_full_grp_startblk upto eof in buff[0]
write buff[1] at the point of last_full_grp_startblk
Now write buff[0] at the end of last write
//Graphical Example: Each letter corresponds to a group of 512 blocks where first block
// is local bit map. Last group U may be a group of less than 512 blocks.
// Extend towards right ------------------------------------------------------->
// old permutation: [v3 head] A B C D E F G H I J K L M N O P Q R S T U
// new permutation: [v4 head ] A C D E F G H I J K L M N O P Q R S T B U
Finally traverse the tree and adjust block pointers
Adjust master map
write new v4.x header at bof
else
bufsize = size of data for a group
rbno = 0 // read buffer no. This switches between 0 and 1
read_off = 0
write_off = 0
upgrd_buff[rbno] = new header
data_size[rbno] = new header size
rbno = INVERT(rbno);
do while not eof
data_size[rbno] = MIN(bufsize, remaining_data_size)
Read data of size data_size[rbno] in upgrd_buff[rbno] and adjust read_off
rbno = INVERT(rbno);
Write upgrd_buff[rbno] of datasize[rbno] at write_off and increase write_off
Enddo
rbno = INVERT(rbno)
Write upgrd_buff[rbno] of datasize[rbno] at write_off
endif
*/
bufsize = old_head->blk_size * BLKS_PER_LMAP;
upgrd_buff[0] = (unsigned char*) malloc(bufsize);
upgrd_buff[1] = (unsigned char*) malloc(bufsize);
read_off = old_start_vbn_off = (off_t)(old_head->start_vbn - 1) * DISK_BLOCK_SIZE; /* start vbn offset in bytes */
last_full_grp_startblk = ROUND_DOWN(new_head->trans_hist.total_blks, BLKS_PER_LMAP); /* in block_id */
last_full_grp_startoff = old_start_vbn_off + (off_t)last_full_grp_startblk * new_head->blk_size; /* offset in bytes */
/* this calculation is used because some 3.2x database has GDS blk_size bytes at the end
instead of DISK_BLOCK_SIZE bytes. */
old_file_len2 = old_head->start_vbn * DISK_BLOCK_SIZE + (off_t)old_head->blk_size * old_head->trans_hist.total_blks;
/* Change Label to a temporary dummy value, so that other GTM process does not come
while doing upgrade and corrupts database */
LSEEKWRITE(fd, 0, upgrd_label, GDS_LABEL_SZ - 1, status);
if (0 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
if (old_head->trans_hist.total_blks > BLKS_PER_LMAP * 2)
{
/* recalculate start_vbn and free space, because there will be a gap after header */
new_head->start_vbn = old_head->start_vbn + bufsize / DISK_BLOCK_SIZE;
new_head->free_space = bufsize - (new_hdr_size_vbn - old_hdr_size_vbn) * DISK_BLOCK_SIZE;
util_out_print("New starting VBN is: !SL !/", FLUSH, new_head->start_vbn);
/* read 1st group of blocks */
LSEEKREAD(fd, read_off, upgrd_buff[0], bufsize, status);
if (0 != status)
if (-1 == status)
rts_error(VARLSTCNT(4) ERR_DBPREMATEOF, 2, fn_len, fn);
else
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
read_off = read_off + bufsize;
/* read 2nd group of blocks */
LSEEKREAD(fd, read_off, upgrd_buff[1], bufsize, status);
if (0 != status)
if (-1 == status)
rts_error(VARLSTCNT(4) ERR_DBPREMATEOF, 2, fn_len, fn);
else
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
/* write 1st group of blocks in place of 2nd group */
write_off = old_start_vbn_off + bufsize;
LSEEKWRITE(fd, write_off, upgrd_buff[0], bufsize, status);
if (0 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
/* read last group (# of blks <= BLKS_PER_LMAP) */
dsize = old_file_len2 - last_full_grp_startoff;
assert (dsize <= bufsize);
LSEEKREAD(fd, last_full_grp_startoff, upgrd_buff[0], dsize, status);
if (0 != status)
if (-1 == status)
rts_error(VARLSTCNT(4) ERR_DBPREMATEOF, 2, fn_len, fn);
else
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
/* write 2nd group of blocks */
LSEEKWRITE(fd, last_full_grp_startoff, upgrd_buff[1], bufsize, status);
if (0 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
/* write last group read from old file */
LSEEKWRITE(fd, last_full_grp_startoff + bufsize, upgrd_buff[0], dsize, status);
if (0 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
util_out_print("Please wait while index is being adjusted...!/", FLUSH);
mu_upgrd_adjust_blkptr(1L, TRUE, new_head, fd, fn, fn_len);
mu_upgrd_adjust_mm(new_head->master_map, DIVIDE_ROUND_UP(new_head->trans_hist.total_blks+1,BLKS_PER_LMAP));
/* writing header */
LSEEKWRITE(fd, 0, new_head, new_hdr_size, status);
if (0 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
}
else /* very small database */
{
rbno = 0;
write_off = 0;
datasize[rbno] = new_hdr_size;
memcpy(upgrd_buff[0], new_head, new_hdr_size);
rbno = INVERT(rbno);
while(read_off < old_file_len2)
{
datasize[rbno] = MIN (old_file_len2 - read_off, bufsize);
LSEEKREAD(fd, read_off, upgrd_buff[rbno], datasize[rbno], status);
if (0 != status)
if (-1 == status)
rts_error(VARLSTCNT(4) ERR_DBPREMATEOF, 2, fn_len, fn);
else
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
read_off += datasize[rbno];
rbno = INVERT(rbno);
LSEEKWRITE(fd, write_off, upgrd_buff[rbno], datasize[rbno], status);
if (0 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
write_off+= datasize[rbno];
}
rbno = INVERT(rbno);
LSEEKWRITE(fd, write_off, upgrd_buff[rbno], datasize[rbno], status);
if (0 != status)
rts_error(VARLSTCNT(5) ERR_DBFILOPERR, 2, fn_len, fn, status);
} /* end if small database */
free(upgrd_buff[0]);
free(upgrd_buff[1]);
close(fd);
util_out_print("File !AD successfully upgraded.!/", FLUSH, fn_len, fn);
REVERT;
if (0 != sem_rmid(upgrade_standalone_sems))
{
util_out_print("Error with sem_rmid : %d [0x%x]", TRUE, upgrade_standalone_sems, upgrade_standalone_sems);
rts_error(VARLSTCNT(1) ERR_MUNOUPGRD);
}
mupip_exit(SS_NORMAL);
}
void gds_rundown(void)
{
bool is_mm, we_are_last_user, we_are_last_writer;
boolean_t ipc_deleted, remove_shm, cancelled_timer, cancelled_dbsync_timer, vermismatch;
now_t now; /* for GET_CUR_TIME macro */
char *time_ptr, time_str[CTIME_BEFORE_NL + 2]; /* for GET_CUR_TIME macro */
gd_region *reg;
int save_errno, status;
int4 semval, ftok_semval, sopcnt, ftok_sopcnt;
short crash_count;
sm_long_t munmap_len;
sgmnt_addrs *csa;
sgmnt_data_ptr_t csd;
struct shmid_ds shm_buf;
struct sembuf sop[2], ftok_sop[2];
uint4 jnl_status;
unix_db_info *udi;
jnl_private_control *jpc;
jnl_buffer_ptr_t jbp;
error_def(ERR_CRITSEMFAIL);
error_def(ERR_DBCCERR);
error_def(ERR_DBFILERR);
error_def(ERR_DBRNDWNWRN);
error_def(ERR_ERRCALL);
error_def(ERR_GBLOFLOW);
error_def(ERR_GTMASSERT);
error_def(ERR_IPCNOTDEL);
error_def(ERR_JNLFLUSH);
error_def(ERR_RNDWNSEMFAIL);
error_def(ERR_TEXT);
error_def(ERR_WCBLOCKED);
forced_exit = FALSE; /* Okay, we're dying already -- let rel_crit live in peace now.
* If coming through a DAL, not necessarily dying. what to do then? -- nars -- 8/15/2001
*/
grabbed_access_sem = FALSE;
jnl_status = 0;
reg = gv_cur_region; /* Local copy */
/*
* early out for cluster regions
* to avoid tripping the assert below.
* Note:
* This early out is consistent with VMS. It has been
* noted that all of the gtcm assignments
* to gv_cur_region should use the TP_CHANGE_REG
* macro. This would also avoid the assert problem
* and should be done eventually.
*/
if (dba_cm == reg->dyn.addr->acc_meth)
return;
udi = FILE_INFO(reg);
csa = &udi->s_addrs;
csd = csa->hdr;
assert(csa == cs_addrs && csd == cs_data);
if ((reg->open) && (dba_usr == csd->acc_meth))
{
change_reg();
gvusr_rundown();
return;
}
ESTABLISH(gds_rundown_ch);
if (!reg->open) /* Not open, no point to rundown */
{
if (reg->opening) /* Died partway open, kill rest of way */
{
rel_crit(reg);
mutex_cleanup(reg);
/* revist this to handle MM properly SMW 98/12/16
if (NULL != csa->nl)
{
status = shmdt((caddr_t)csa->nl);
if (-1 == status)
send_msg(VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, LEN_AND_LIT("Error during shmdt"), errno);
}
*/
shmdt((caddr_t)csa->nl);
csa->nl = NULL;
}
REVERT;
return;
}
switch(csd->acc_meth)
{ /* Pass mm and bg through */
case dba_bg:
is_mm = FALSE;
break;
case dba_mm:
is_mm = TRUE;
break;
case dba_usr:
assert(FALSE);
default:
REVERT;
return;
}
/* Cancel any pending flush timer for this region by this task */
CANCEL_DB_TIMERS(reg, cancelled_timer, cancelled_dbsync_timer);
we_are_last_user = FALSE;
if (!csa->persistent_freeze)
region_freeze(reg, FALSE, FALSE, FALSE);
assert(!csa->read_lock);
rel_crit(reg); /* get locks to known state */
mutex_cleanup(reg);
/*
* We need to guarantee that none else access database file header when semid/shmid fields are reset.
* We already have created ftok semaphore in db_init or, mu_rndwn_file and did not remove it.
* So just lock it. We do it in blocking mode.
*/
if (!ftok_sem_lock(reg, FALSE, FALSE))
rts_error(VARLSTCNT(4) ERR_DBFILERR, 2, DB_LEN_STR(reg));
/*
* For mupip_jnl_recover we already have database access control semaphore.
* We do not release it. We release it from mur_close_files.
*/
if (!mupip_jnl_recover)
{
sop[0].sem_num = 0; sop[0].sem_op = 0; /* Wait for 0 */
sop[1].sem_num = 0; sop[1].sem_op = 1; /* Lock */
sopcnt = 2;
sop[0].sem_flg = sop[1].sem_flg = SEM_UNDO | IPC_NOWAIT; /* Don't wait the first time thru */
SEMOP(udi->semid, sop, sopcnt, status);
if (-1 == status) /* We couldn't get it in one shot -- see if we already have it */
{
save_errno = errno;
/* see comment about Linux specific difference in behaviour of semctl() with GETPID in gds_rundown_ch() */
if (semctl(udi->semid, 0, GETPID) == process_id)
{
send_msg(VARLSTCNT(5) MAKE_MSG_INFO(ERR_CRITSEMFAIL), 2,
DB_LEN_STR(reg),
ERR_RNDWNSEMFAIL);
REVERT;
return; /* Already in rundown for this region */
}
if (EAGAIN != save_errno)
{
assert(FALSE);
rts_error(VARLSTCNT(9) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("gds_rundown first semop/semctl"), save_errno);
}
sop[0].sem_flg = sop[1].sem_flg = SEM_UNDO; /* Try again - blocking this time */
SEMOP(udi->semid, sop, 2, status);
if (-1 == status) /* We couldn't get it at all.. */
rts_error(VARLSTCNT(5) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), errno);
}
}
grabbed_access_sem = TRUE;
/*
* We now have the dbinit/rundown lock, so we are alone in this code for this region
* and nobody else can attach.
* See if we are all alone in accessing this database shared memory.
*/
assert(csa->ref_cnt); /* decrement private ref_cnt before shared ref_cnt decrement. */
csa->ref_cnt--; /* Currently journaling logic in gds_rundown() in VMS relies on this order to detect last writer */
assert(!csa->ref_cnt);
--csa->nl->ref_cnt;
if (memcmp(csa->nl->now_running, gtm_release_name, gtm_release_name_len + 1))
{ /* VERMISMATCH condition. Possible only if DSE */
assert(dse_running);
vermismatch = TRUE;
} else
vermismatch = FALSE;
if (-1 == shmctl(udi->shmid, IPC_STAT, &shm_buf))
{
save_errno = errno;
rts_error(VARLSTCNT(9) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("gds_rundown shmctl"), save_errno);
} else
we_are_last_user = (1 == shm_buf.shm_nattch) && !vermismatch;
assert(!mupip_jnl_recover || we_are_last_user); /* recover => one user */
if (-1 == (semval = semctl(udi->semid, 1, GETVAL)))
rts_error(VARLSTCNT(5) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), errno);
we_are_last_writer = (1 == semval) && (FALSE == reg->read_only) && !vermismatch;/* There's one writer left and I am it */
assert(!(mupip_jnl_recover && !reg->read_only) || we_are_last_writer); /* recover + R/W region => one writer */
if (-1 == (ftok_semval = semctl(udi->ftok_semid, 1, GETVAL)))
rts_error(VARLSTCNT(5) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg), errno);
/* If csa->nl->donotflush_dbjnl is set, it means mupip recover/rollback was interrupted and therefore we should
* not flush shared memory contents to disk as they might be in an inconsistent state.
* In this case, we will go ahead and remove shared memory (without flushing the contents) in this routine.
* A reissue of the recover/rollback command will restore the database to a consistent state.
* Otherwise, if we have write access to this region, let us perform a few writing tasks.
*/
if (csa->nl->donotflush_dbjnl)
csa->wbuf_dqd = 0; /* ignore csa->wbuf_dqd status as we do not care about the cache contents */
else if (!reg->read_only && !vermismatch)
{ /* If we had an orphaned block and were interrupted, set wc_blocked so we can invoke wcs_recover */
if (csa->wbuf_dqd)
{
grab_crit(reg);
SET_TRACEABLE_VAR(csd->wc_blocked, TRUE);
BG_TRACE_PRO_ANY(csa, wcb_gds_rundown);
send_msg(VARLSTCNT(8) ERR_WCBLOCKED, 6, LEN_AND_LIT("wcb_gds_rundown"),
process_id, &csa->ti->curr_tn, DB_LEN_STR(reg));
csa->wbuf_dqd = 0;
wcs_recover(reg);
if (is_mm)
{
assert(FALSE);
csd = csa->hdr;
}
BG_TRACE_PRO_ANY(csa, lost_block_recovery);
rel_crit(reg);
}
if (JNL_ENABLED(csd) && (GTCM_GNP_SERVER_IMAGE == image_type))
originator_prc_vec = NULL;
/* If we are the last writing user, then everything must be flushed */
if (we_are_last_writer)
{ /* Time to flush out all of our buffers */
if (is_mm)
{
if (csa->total_blks != csa->ti->total_blks) /* do remap if file had been extended */
{
grab_crit(reg);
wcs_mm_recover(reg);
csd = csa->hdr;
rel_crit(reg);
}
csa->nl->remove_shm = TRUE;
}
/* Note WCSFLU_SYNC_EPOCH ensures the epoch is synced to the journal and indirectly
* also ensures that the db is fsynced. We don't want to use it in the calls to
* wcs_flu() from t_end() and tp_tend() since we can defer it to out-of-crit there.
* In this case, since we are running down, we don't have any such option.
*/
csa->nl->remove_shm = wcs_flu(WCSFLU_FLUSH_HDR | WCSFLU_WRITE_EPOCH | WCSFLU_SYNC_EPOCH);
/* Since we_are_last_writer, we should be guaranteed that wcs_flu() did not change csd, (in
* case of MM for potential file extension), even if it did a grab_crit(). Therefore, make
* sure that's true.
*/
assert(csd == csa->hdr);
assert(0 == memcmp(csd->label, GDS_LABEL, GDS_LABEL_SZ - 1));
csd->trans_hist.header_open_tn = csd->trans_hist.curr_tn;
} else if ((cancelled_timer && (0 > csa->nl->wcs_timers)) || cancelled_dbsync_timer)
{ /* cancelled pending db or jnl flush timers - flush database and journal buffers to disk */
grab_crit(reg);
/* we need to sync the epoch as the fact that there is no active pending flush timer implies
* there will be noone else who will flush the dirty buffers and EPOCH to disk in a timely fashion
*/
wcs_flu(WCSFLU_FLUSH_HDR | WCSFLU_WRITE_EPOCH | WCSFLU_SYNC_EPOCH);
rel_crit(reg);
assert((dba_mm == cs_data->acc_meth) || (csd == cs_data));
csd = cs_data; /* In case this is MM and wcs_flu() remapped an extended database, reset csd */
}
/* Do rundown journal processing after buffer flushes since they require jnl to be open */
if (JNL_ENABLED(csd))
{ /* the following tp_change_reg() is not needed due to the assert csa == cs_addrs at the beginning
* of gds_rundown(), but just to be safe. To be removed by 2002!! --- nars -- 2001/04/25.
*/
tp_change_reg(); /* call this because jnl_ensure_open checks cs_addrs rather than gv_cur_region */
jpc = csa->jnl;
jbp = jpc->jnl_buff;
if (jbp->fsync_in_prog_latch.u.parts.latch_pid == process_id)
{
assert(FALSE);
COMPSWAP_UNLOCK(&jbp->fsync_in_prog_latch, process_id, 0, LOCK_AVAILABLE, 0);
}
if (jbp->io_in_prog_latch.u.parts.latch_pid == process_id)
{
assert(FALSE);
COMPSWAP_UNLOCK(&jbp->io_in_prog_latch, process_id, 0, LOCK_AVAILABLE, 0);
}
if (((NOJNL != jpc->channel) && !JNL_FILE_SWITCHED(jpc))
|| we_are_last_writer && (0 != csa->nl->jnl_file.u.inode))
{ /* We need to close the journal file cleanly if we have the latest generation journal file open
* or if we are the last writer and the journal file is open in shared memory (not necessarily
* by ourselves e.g. the only process that opened the journal got shot abnormally)
* Note: we should not infer anything from the shared memory value of csa->nl->jnl_file.u.inode
* if we are not the last writer as it can be concurrently updated.
*/
grab_crit(reg);
if (JNL_ENABLED(csd))
{
SET_GBL_JREC_TIME; /* jnl_ensure_open/jnl_put_jrt_pini/pfin/jnl_file_close all need it */
/* Before writing to jnlfile, adjust jgbl.gbl_jrec_time if needed to maintain time order
* of jnl records. This needs to be done BEFORE the jnl_ensure_open as that could write
* journal records (if it decides to switch to a new journal file).
*/
ADJUST_GBL_JREC_TIME(jgbl, jbp);
jnl_status = jnl_ensure_open();
if (0 == jnl_status)
{ /* If we_are_last_writer, we would have already done a wcs_flu() which would
* have written an epoch record and we are guaranteed no further updates
* since we are the last writer. So, just close the journal.
* Although we assert pini_addr should be non-zero for last_writer, we
* play it safe in PRO and write a PINI record if not written already.
*/
assert(!jbp->before_images || is_mm
|| !we_are_last_writer || 0 != jpc->pini_addr);
if (we_are_last_writer && 0 == jpc->pini_addr)
jnl_put_jrt_pini(csa);
if (0 != jpc->pini_addr)
jnl_put_jrt_pfin(csa);
/* If not the last writer and no pending flush timer left, do jnl flush now */
if (!we_are_last_writer && (0 > csa->nl->wcs_timers))
{
if (SS_NORMAL == (jnl_status = jnl_flush(reg)))
{
assert(jbp->freeaddr == jbp->dskaddr);
jnl_fsync(reg, jbp->dskaddr);
assert(jbp->fsync_dskaddr == jbp->dskaddr);
} else
{
send_msg(VARLSTCNT(9) ERR_JNLFLUSH, 2, JNL_LEN_STR(csd),
ERR_TEXT, 2,
RTS_ERROR_TEXT("Error with journal flush in gds_rundown"),
jnl_status);
assert(NOJNL == jpc->channel);/* jnl file lost has been triggered */
/* In this routine, all code that follows from here on does not
* assume anything about the journaling characteristics of this
* database so it is safe to continue execution even though
* journaling got closed in the middle.
*/
}
}
jnl_file_close(reg, we_are_last_writer, FALSE);
} else
send_msg(VARLSTCNT(6) jnl_status, 4, JNL_LEN_STR(csd), DB_LEN_STR(reg));
}
rel_crit(reg);
}
}
if (we_are_last_writer) /* Flush the fileheader last and harden the file to disk */
{
grab_crit(reg); /* To satisfy crit requirement in fileheader_sync() */
memset(csd->machine_name, 0, MAX_MCNAMELEN); /* clear the machine_name field */
if (!mupip_jnl_recover && we_are_last_user)
{ /* mupip_jnl_recover will do this after mur_close_file */
csd->semid = INVALID_SEMID;
csd->shmid = INVALID_SHMID;
csd->gt_sem_ctime.ctime = 0;
csd->gt_shm_ctime.ctime = 0;
}
fileheader_sync(reg);
rel_crit(reg);
if (FALSE == is_mm)
{
if (-1 == fsync(udi->fd)) /* Sync it all */
{
rts_error(VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Error during file sync at close"), errno);
}
} else
{ /* Now do final MM file sync before exit */
#if !defined(TARGETED_MSYNC) && !defined(NO_MSYNC)
if (-1 == fsync(udi->fd)) /* Sync it all */
{
rts_error(VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Error during file sync at close"), errno);
}
#else
if (-1 == msync((caddr_t)csa->db_addrs[0], (size_t)(csa->db_addrs[1] - csa->db_addrs[0]), MS_SYNC))
{
rts_error(VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Error during file msync at close"), errno);
}
#endif
}
}
} /* end if (!reg->read_only && !csa->nl->donotflush_dbjnl) */
if (reg->read_only && we_are_last_user && !mupip_jnl_recover)
{ /* mupip_jnl_recover will do this after mur_close_file */
db_ipcs.semid = INVALID_SEMID;
db_ipcs.shmid = INVALID_SHMID;
db_ipcs.gt_sem_ctime = 0;
db_ipcs.gt_shm_ctime = 0;
db_ipcs.fn_len = reg->dyn.addr->fname_len;
memcpy(db_ipcs.fn, reg->dyn.addr->fname, reg->dyn.addr->fname_len);
db_ipcs.fn[reg->dyn.addr->fname_len] = 0;
/* request gtmsecshr to flush. read_only cannot flush itself */
if (0 != send_mesg2gtmsecshr(FLUSH_DB_IPCS_INFO, 0, (char *)NULL, 0))
rts_error(VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("gtmsecshr failed to update database file header"));
}
/* Done with file now, close it */
if (-1 == close(udi->fd))
{
rts_error(VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, LEN_AND_LIT("Error during file close"), errno);
}
/* Unmap storage if mm mode but only the part that is not the fileheader (so shows up in dumps) */
if (is_mm)
{
munmap_len = (sm_long_t)((csa->db_addrs[1] - csa->db_addrs[0]) - ROUND_UP(SIZEOF_FILE_HDR(csa->hdr),
MSYNC_ADDR_INCS));
if (munmap_len > 0)
{
munmap((caddr_t)(csa->db_addrs[0] + ROUND_UP(SIZEOF_FILE_HDR(csa->hdr), MSYNC_ADDR_INCS)),
(size_t)(munmap_len));
#ifdef DEBUG_DB64
rel_mmseg((caddr_t)csa->db_addrs[0]);
#endif
}
}
/* Detach our shared memory while still under lock so reference counts will be
* correct for the next process to run down this region.
* In the process also get the remove_shm status from node_local before detaching.
* If csa->nl->donotflush_dbjnl is TRUE, it means we can safely remove shared memory without compromising data
* integrity as a reissue of recover will restore the database to a consistent state.
*/
remove_shm = !vermismatch && (csa->nl->remove_shm || csa->nl->donotflush_dbjnl);
status = shmdt((caddr_t)csa->nl);
csa->nl = NULL; /* dereferencing nl after detach is not right, so we set it to NULL so that we can test before dereference*/
if (-1 == status)
send_msg(VARLSTCNT(9) ERR_DBFILERR, 2, DB_LEN_STR(reg), ERR_TEXT, 2, LEN_AND_LIT("Error during shmdt"), errno);
reg->open = FALSE;
/* If file is still not in good shape, die here and now before we get rid of our storage */
if (csa->wbuf_dqd)
GTMASSERT;
ipc_deleted = FALSE;
/* If we are the very last user, remove shared storage id and the semaphores */
if (we_are_last_user)
{ /* remove shared storage, only if last writer to rundown did a successful wcs_flu() */
assert(!vermismatch);
if (remove_shm)
{
ipc_deleted = TRUE;
if (0 != shm_rmid(udi->shmid))
rts_error(VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Unable to remove shared memory"));
} else if (is_src_server || is_updproc)
{
gtm_putmsg(VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
send_msg(VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
} else
send_msg(VARLSTCNT(6) ERR_DBRNDWNWRN, 4, DB_LEN_STR(reg), process_id, process_id);
/*
* Don't release semaphore in case of mupip recover/rollback; since it has standalone access.
* It will release the semaphore in mur_close_files.
*/
if (!mupip_jnl_recover)
{
if (0 != sem_rmid(udi->semid))
rts_error(VARLSTCNT(8) ERR_DBFILERR, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("Unable to remove semaphore"));
grabbed_access_sem = FALSE;
}
} else
{
assert(!mupip_jnl_recover);
/* If we were writing, get rid of our writer access count semaphore */
if (!reg->read_only)
if (0 != (save_errno = do_semop(udi->semid, 1, -1, SEM_UNDO)))
rts_error(VARLSTCNT(9) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("gds_rundown write semaphore release"), save_errno);
/* Now remove the rundown lock */
if (0 != (save_errno = do_semop(udi->semid, 0, -1, SEM_UNDO)))
rts_error(VARLSTCNT(9) ERR_CRITSEMFAIL, 2, DB_LEN_STR(reg),
ERR_TEXT, 2, RTS_ERROR_TEXT("gds_rundown rundown semaphore release"), save_errno);
grabbed_access_sem = FALSE;
}
if (!ftok_sem_release(reg, !mupip_jnl_recover, FALSE))
rts_error(VARLSTCNT(4) ERR_DBFILERR, 2, DB_LEN_STR(reg));
if (!ipc_deleted)
{
GET_CUR_TIME;
if (is_src_server)
gtm_putmsg(VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_ptr,
LEN_AND_LIT("Source server"), REG_LEN_STR(reg));
if (is_updproc)
gtm_putmsg(VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_ptr,
LEN_AND_LIT("Update process"), REG_LEN_STR(reg));
if (mupip_jnl_recover)
{
gtm_putmsg(VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_ptr,
LEN_AND_LIT("Mupip journal process"), REG_LEN_STR(reg));
send_msg(VARLSTCNT(8) ERR_IPCNOTDEL, 6, CTIME_BEFORE_NL, time_ptr,
LEN_AND_LIT("Mupip journal process"), REG_LEN_STR(reg));
}
}
REVERT;
}
void db_init_err_cleanup(boolean_t retry_dbinit)
{
unix_db_info *udi;
gd_segment *seg;
sgmnt_addrs *csa;
int rc, lcl_new_dbinit_ipc;
boolean_t ftok_counter_halted, access_counter_halted;
/* Here, we can not rely on the validity of csa->hdr because this function can be triggered anywhere in db_init().Because
* we don't have access to file header, we can not know if counters are disabled so we go by our best guess, not disabled,
* during cleanup.
*/
assert(NULL != db_init_region);
seg = db_init_region->dyn.addr;
udi = NULL;
if (NULL != seg->file_cntl)
udi = FILE_INFO(db_init_region);
if (NULL != udi)
{
if (FD_INVALID != udi->fd && !retry_dbinit)
CLOSEFILE_RESET(udi->fd, rc); /* resets "udi->fd" to FD_INVALID */
assert(FD_INVALID == udi->fd || retry_dbinit);
csa = &udi->s_addrs;
# ifdef _AIX
if ((NULL != csa->hdr) && (dba_mm == db_init_region->dyn.addr->acc_meth))
{
assert((NULL != csa->db_addrs[1]) && (csa->db_addrs[1] > csa->db_addrs[0]));
munmap((caddr_t)csa->db_addrs[0], (size_t)(csa->db_addrs[1] - csa->db_addrs[0]));
}
# endif
if (NULL != csa->jnl)
{
free(csa->jnl);
csa->jnl = NULL;
}
/* If shared memory is not available or if this is a VERMISMATCH error situation (where we do not know the exact
* position of csa->nl->ftok_counter_halted or if it even exists in the other version), we have to be pessimistic
* and assume the counters are halted. This avoids prematurely removing the semaphores.
*/
if ((NULL != csa->nl) && ((int)ERR_VERMISMATCH != SIGNAL))
{
ftok_counter_halted = csa->nl->ftok_counter_halted;
access_counter_halted = csa->nl->access_counter_halted;
shmdt((caddr_t)csa->nl);
csa->nl = (node_local_ptr_t)NULL;
} else
{
ftok_counter_halted = TRUE;
access_counter_halted = TRUE;
}
if (udi->shm_created && (INVALID_SHMID != udi->shmid))
{
shm_rmid(udi->shmid);
udi->shmid = INVALID_SHMID;
udi->shm_created = FALSE;
}
if (udi->sem_created && (INVALID_SEMID != udi->semid))
{
sem_rmid(udi->semid);
udi->semid = INVALID_SEMID;
udi->sem_created = FALSE;
udi->grabbed_access_sem = FALSE;
udi->counter_acc_incremented = FALSE;
}
if (udi->counter_acc_incremented && !access_counter_halted)
{
assert((INVALID_SEMID != udi->semid) && !db_init_region->read_only);
/* decrement the read-write sem */
do_semop(udi->semid, DB_COUNTER_SEM, -DB_COUNTER_SEM_INCR, SEM_UNDO | IPC_NOWAIT);
udi->counter_acc_incremented = FALSE;
}
if (udi->grabbed_access_sem)
{
do_semop(udi->semid, DB_CONTROL_SEM, -1, SEM_UNDO | IPC_NOWAIT); /* release the startup-shutdown sem */
udi->grabbed_access_sem = FALSE;
}
if (udi->grabbed_ftok_sem)
ftok_sem_release(db_init_region, udi->counter_ftok_incremented && !ftok_counter_halted, TRUE);
else if (udi->counter_ftok_incremented && !ftok_counter_halted)
do_semop(udi->ftok_semid, DB_COUNTER_SEM, -DB_COUNTER_SEM_INCR, SEM_UNDO | IPC_NOWAIT);
udi->counter_ftok_incremented = FALSE;
udi->grabbed_ftok_sem = FALSE;
if (!IS_GTCM_GNP_SERVER_IMAGE && !retry_dbinit) /* gtcm_gnp_server reuses file_cntl */
{
free(seg->file_cntl->file_info);
free(seg->file_cntl);
seg->file_cntl = NULL;
}
}
/* Enable interrupts in case we are here with intrpt_ok_state == INTRPT_IN_GVCST_INIT due to an rts error.
* Normally we would have the new state stored in "prev_intrpt_state" but that is not possible here because
* the corresponding DEFER_INTERRUPTS happened in gvcst_init.c (a different function) so we have an assert
* there that the previous state was INTRPT_OK_TO_INTERRUPT and use that instead of prev_intrpt_state here.
*/
if (!retry_dbinit)
ENABLE_INTERRUPTS(INTRPT_IN_GVCST_INIT, INTRPT_OK_TO_INTERRUPT);
}
