The Nasty Case of TDB Commit...
rusty at rustcorp.com.au
Thu Feb 4 06:35:09 MST 2010
I finally produced a unit test for "handle processes dying" (in CCAN: it
has unit test infrastructure which suits this better than the torture system
in SAMBA), and it uncovered what I think is a nasty bug.
If a process (or the machine) dies after just after writing the
recovery head (pointing at the end of file), the recovery record will filled
with 0x42. This will not invoke a recovery on open, since rec.magic
Unfortunately, the first transaction commit will happily reuse that
area: tdb_recovery_allocate() doesn't check the magic. The recovery
record has length 0x42424242, and it writes that back into the
now-valid-looking transaction header) for the next comer (which happens
to be tdb_wipe_all here).
I think the fix is that tdb_recovery_allocate() has to just ignore a
header with invalid magic (not 0, not TDB_RECOVERY_MAGIC).
My untested git tree is:
I will be MIA for a few days, hence the post now.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 91 bytes
Desc: not available
More information about the samba-technical