The Nasty Case of TDB Commit...
Rusty Russell
rusty at rustcorp.com.au
Thu Feb 4 06:35:09 MST 2010
Hi all,
I finally produced a unit test for "handle processes dying" (in CCAN: it
has unit test infrastructure which suits this better than the torture system
in SAMBA), and it uncovered what I think is a nasty bug.
If a process (or the machine) dies after just after writing the
recovery head (pointing at the end of file), the recovery record will filled
with 0x42. This will not invoke a recovery on open, since rec.magic
!= TDB_RECOVERY_MAGIC.
Unfortunately, the first transaction commit will happily reuse that
area: tdb_recovery_allocate() doesn't check the magic. The recovery
record has length 0x42424242, and it writes that back into the
now-valid-looking transaction header) for the next comer (which happens
to be tdb_wipe_all here).
I think the fix is that tdb_recovery_allocate() has to just ignore a
header with invalid magic (not 0, not TDB_RECOVERY_MAGIC).
My untested git tree is:
http://git.samba.org/?p=rusty/samba.git;a=summary (tdb-cleanups)
I will be MIA for a few days, hence the post now.
Thanks,
Rusty.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aborted-after-write-recovery-head.tdb.bz2
Type: application/x-bzip
Size: 91 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100205/b0c2cd4d/attachment.bin>
More information about the samba-technical
mailing list