| blob | 50ec6cf3abf86d8e79439491f90729de476163a1 |
1 /* env.h : managing the BDB environment
2 *
3 * ====================================================================
4 * Copyright (c) 2000-2005 CollabNet. All rights reserved.
5 *
6 * This software is licensed as described in the file COPYING, which
7 * you should have received as part of this distribution. The terms
8 * are also available at http://subversion.tigris.org/license-1.html.
9 * If newer versions of this license are posted there, you may use a
10 * newer version instead, at your option.
11 *
12 * This software consists of voluntary contributions made by many
13 * individuals. For exact contribution history, see the revision
14 * history and logs, available at http://subversion.tigris.org/.
15 * ====================================================================
16 */
18 #include <assert.h>
20 #include <apr.h>
21 #if APR_HAS_THREADS
22 #include <apr_thread_mutex.h>
23 #include <apr_thread_proc.h>
24 #include <apr_time.h>
25 #endif
27 #include <apr_strings.h>
28 #include <apr_hash.h>
40 /* A note about the BDB environment descriptor cache.
42 With the advent of DB_REGISTER in BDB-4.4, a process may only open
43 an environment handle once. This means that we must maintain a
44 cache of open environment handles, with reference counts. We
45 allocate each environment descriptor (a bdb_env_t) from its own
46 pool. The cache itself (and the cache pool) are shared between
47 threads, so all direct or indirect access to the pool is serialized
48 with a global mutex.
50 Because several threads can now use the same DB_ENV handle, we must
51 use the DB_THREAD flag when opening the environments, otherwise the
52 env handles (and all of libsvn_fs_base) won't be thread-safe.
54 If we use DB_THREAD, however, all of the code that reads data from
55 the database without a cursor must use either DB_DBT_MALLOC,
56 DB_DBT_REALLOC, or DB_DBT_USERMEM, as described in the BDB
57 documentation.
59 (Oh, yes -- using DB_THREAD might not work on some systems. But
60 then, it's quite probable that threading is seriously broken on
61 those systems anyway, so we'll rely on APR_HAS_THREADS.)
62 */
65 /* The cache key for a Berkeley DB environment descriptor. This is a
66 combination of the device ID and INODE number of the Berkeley DB
67 config file.
69 XXX FIXME: Although the dev+inode combination is supposed do be
70 unique, apparently that's not always the case with some remote
71 filesystems. We /should/ be safe using this as a unique hash key,
72 because the database must be on a local filesystem. We can hope,
73 anyway. */
75 {
76 apr_dev_t device;
77 apr_ino_t inode;
80 /* The cached Berkeley DB environment descriptor. */
81 struct bdb_env_t
82 {
83 /**************************************************************************/
84 /* Error Reporting */
86 /* Berkeley DB returns extended error info by callback before returning
87 an error code from the failing function. The callback baton type is a
88 string, not an arbitrary struct, so we prefix our struct with a valid
89 string, to avoid problems should BDB ever try to interpret our baton as
90 a string. Initializers of this structure must strcpy the value of
91 BDB_ERRPFX_STRING into this array. */
94 /* Extended error information. */
95 #if APR_HAS_THREADS
97 #else
98 bdb_error_info_t error_info;
99 #endif
101 /**************************************************************************/
102 /* BDB Environment Cache */
104 /* The Berkeley DB environment. */
107 /* The flags with which this environment was opened. Reopening the
108 environment with a different set of flags is not allowed. Trying
109 to change the state of the DB_PRIVATE flag is an especially bad
110 idea, so svn_fs_bdb__open() forbids any flag changes. */
111 u_int32_t flags;
113 /* The home path of this environment; a canonical SVN path encoded in
114 UTF-8 and allocated from this decriptor's pool. */
117 /* The home path of this environment, in the form expected by BDB. */
120 /* The reference count for this environment handle; this is
121 essentially the difference between the number of calls to
122 svn_fs_bdb__open and svn_fs_bdb__close. */
125 /* If this flag is TRUE, someone has detected that the environment
126 descriptor is in a panicked state and should be removed from the
127 cache.
129 Note 1: Once this flag is set, it must not be cleared again.
131 Note 2: Unlike other fields in this structure, this field is not
132 protected by the cache mutex on threaded platforms, and
133 should only be accesses via the svn_atomic functions. */
136 /* The key for the environment descriptor cache. */
137 bdb_env_key_t key;
139 /* The handle of the open DB_CONFIG file.
141 We keep the DB_CONFIG file open in this process as long as the
142 environment handle itself is open. On Windows, this guarantees
143 that the cache key remains unique; here's what the Windows SDK
144 docs have to say about the file index (interpreted as the INODE
145 number by APR):
147 "This value is useful only while the file is open by at least
148 one process. If no processes have it open, the index may
149 change the next time the file is opened."
151 Now, we certainly don't want a unique key to change while it's
152 being used, do we... */
155 /* The pool associated with this environment descriptor.
157 Because the descriptor has a life of its own, the structure and
158 any data associated with it are allocated from their own global
159 pool. */
162 };
165 #if APR_HAS_THREADS
166 /* Get the thread-specific error info from a bdb_env_t. */
169 {
173 {
176 }
178 }
179 #else
180 #define get_error_info(bdb) (&(bdb)->error_info)
184 /* Convert a BDB error to a Subversion error. */
187 {
189 {
190 bdb_env_baton_t bdb_baton;
195 }
197 }
199 \f
200 /* Allocating an appropriate Berkeley DB environment object. */
202 /* BDB error callback. See bdb_error_info_t in env.h for more info.
203 Note: bdb_error_gatherer is a macro with BDB < 4.3, so be careful how
204 you use it! */
205 static void
207 {
216 else
221 }
224 /* Pool cleanup for the cached environment descriptor. */
225 static apr_status_t
227 {
231 #if APR_HAS_THREADS
235 /* If there are no references to this descriptor, free its memory here,
236 so that we don't leak it if create_env returns an error.
237 See bdb_close, which takes care of freeing this memory if the
238 environment is still open when the cache is destroyed. */
243 }
245 #if APR_HAS_THREADS
246 /* This cleanup is the fall back plan. If the thread exits and the
247 environment hasn't been closed it's responsible for cleanup of the
248 thread local error info variable, which would otherwise be leaked.
249 Normally it will not be called, because svn_fs_base__close will
250 set the thread's error info to NULL after cleaning it up. */
251 static void
253 {
260 }
263 /* Create a Berkeley DB environment. */
266 {
273 #if SVN_BDB_PATH_UTF8
275 #else
278 pool));
279 #endif
281 /* Allocate the whole structure, including strings, from the heap,
282 because it must survive the cache pool cleanup. */
287 /* We must initialize this now, as our callers may assume their bdb
288 pointer is valid when checking for errors. */
299 #if APR_HAS_THREADS
300 {
302 cleanup_error_info,
303 pool);
306 "Can't allocate thread-specific storage"
308 }
313 {
315 /* bdb_error_gatherer is in parens to stop macro expansion. */
318 /* Needed on Windows in case Subversion and Berkeley DB are using
319 different C runtime libraries */
322 /* If we detect a deadlock, select a transaction to abort at
323 random from those participating in the deadlock. */
326 }
328 }
331 \f
332 /* The environment descriptor cache. */
334 /* The global pool used for this cache. */
337 /* The cache. The items are bdb_env_t structures. */
340 #if APR_HAS_THREADS
341 /* The mutex that protects bdb_cache. */
344 /* Cleanup callback to NULL out the cache and its lock, so we don't try to
345 use them after the pool has been cleared during global shutdown. */
346 static apr_status_t
348 {
352 }
359 {
360 #if APR_HAS_THREADS
361 apr_status_t apr_err;
362 #endif
365 #if APR_HAS_THREADS
367 APR_THREAD_MUTEX_DEFAULT,
368 bdb_cache_pool);
370 {
372 "Couldn't initialize the cache of"
374 }
376 apr_pool_cleanup_null);
380 }
382 svn_error_t *
384 {
387 }
391 {
392 #if APR_HAS_THREADS
395 #endif
396 }
401 {
402 #if APR_HAS_THREADS
405 #endif
406 }
409 /* Construct a cache key for the BDB environment at PATH in *KEYP.
410 if DBCONFIG_FILE is not NULL, return the opened file handle.
411 Allocate from POOL. */
415 {
418 apr_status_t apr_err;
419 apr_finfo_t finfo;
425 dbcfg_file);
427 return svn_error_wrap_apr
430 /* Make sure that any padding in the key is always cleared, so that
431 the key's hash deterministic. */
438 else
442 }
445 /* Find a BDB environment in the cache.
446 Return the environment's panic state in *PANICP.
448 Note: You MUST acquire the cache mutex before calling this function.
449 */
452 {
455 {
457 #if SVN_BDB_VERSION_AT_LEAST(4,2)
459 {
460 u_int32_t flags;
463 {
464 /* Something is wrong with the environment. */
468 }
469 }
471 }
472 else
473 {
475 }
477 }
480 \f
481 /* Close and destroy a BDB environment descriptor. */
484 {
487 /* This bit is delcate; we must propagate the error from
488 DB_ENV->close to the caller, and always destroy the pool. */
491 /* If automatic database recovery is enabled, ignore DB_RUNRECOVERY
492 errors, since they're dealt with eventually by BDB itself. */
496 /* Free the environment descriptor. The pool cleanup will do this unless
497 the cache has already been destroyed. */
500 else
503 }
506 svn_error_t *
508 {
514 /* Neutralize bdb_baton's pool cleanup to prevent double-close. See
515 cleanup_env_baton(). */
518 /* Note that we only bother with this cleanup if the pool is non-NULL, to
519 guard against potential races between this and the cleanup_env cleanup
520 callback. It's not clear if that can actually happen, but better safe
521 than sorry. */
523 {
525 #if APR_HAS_THREADS
528 #endif
529 }
533 {
536 /* If the environment is panicked and automatic recovery is not
537 enabled, return an appropriate error. */
541 }
542 else
543 {
544 /* If the bdb cache has been set to NULL that means we are
545 shutting down, and the pool that holds the bdb cache has
546 already been destroyed, so accessing it here would be a Bad
547 Thing (tm) */
552 }
554 }
557 \f
558 /* Open and initialize a BDB environment. */
561 {
562 #if APR_HAS_THREADS
564 #endif
568 #if SVN_BDB_AUTO_COMMIT
569 /* Assert the BDB_AUTO_COMMIT flag on the opened environment. This
570 will force all operations on the environment (and handles that
571 are opened within the environment) to be transactional. */
575 #endif
581 }
584 /* Pool cleanup for the environment baton. */
585 static apr_status_t
587 {
594 }
597 svn_error_t *
601 {
603 bdb_env_key_t key;
605 svn_boolean_t panic;
609 /* We can safely discard the open DB_CONFIG file handle. If the
610 environment descriptor is in the cache, the key's immutability is
611 guaranteed. If it's not, we don't care if the key changes,
612 between here and the actual insertion of the newly-created
613 environment into the cache, because no other thread can touch the
614 cache in the meantime. */
617 {
620 }
624 {
628 }
630 /* Make sure that the environment's open flags haven't changed. */
632 {
635 /* Handle changes to the DB_PRIVATE flag specially */
637 {
640 "Reopening a public Berkeley DB"
642 else
644 "Reopening a private Berkeley DB"
646 }
648 /* Otherwise return a generic "flags-mismatch" error. */
650 "Reopening a Berkeley DB environment"
652 }
655 {
658 {
661 {
665 }
666 else
667 {
668 /* Clean up, and we can't do anything about returned errors. */
670 }
671 }
672 }
673 else
674 {
676 }
679 {
686 apr_pool_cleanup_null);
687 }
691 }
693 \f
694 svn_boolean_t
696 {
697 /* An invalid baton is equivalent to a panicked environment; in both
698 cases, database cleanups should be skipped. */
704 }
706 void
708 {
714 }
716 \f
717 /* This function doesn't actually open the environment, so it doesn't
718 have to look in the cache. Callers are supposed to own an
719 exclusive lock on the filesystem anyway. */
720 svn_error_t *
722 {
726 return convert_bdb_error
728 }