| blob | 66ab9712a0c8c084a07206af5e261781938f3d61 |
1 /* Copyright (c) 2017-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * @file conscache.c
6 * @brief Consensus and diff on-disk cache.
7 **/
17 #define CCE_MAGIC 0x17162253
19 #ifdef _WIN32
20 /* On Windows, unlink won't work on a file if the file is actively mmap()ed.
21 * That forces us to be less aggressive about unlinking files, and causes other
22 * changes throughout our logic.
23 */
24 #define MUST_UNMAP_TO_UNLINK
27 /**
28 * A consensus_cache_entry_t is a reference-counted handle to an
29 * item in a consensus_cache_t. It can be mmapped into RAM, or not,
30 * depending whether it's currently in use.
31 */
37 /** If true, we intend to unmap this file as soon as we're done with it. */
40 /** Filename for this object within the storage_dir_t */
42 /** Labels associated with this object. Immutable once the object
43 * is created. */
45 /** Pointer to the cache that includes this entry (if any). */
48 /** Since what time has this object been mapped into RAM, but with the cache
49 * being the only having a reference to it? */
51 /** mmaped contents of the underlying file. May be NULL */
53 /** Length of the body within <b>map</b>. */
55 /** Pointer to the body within <b>map</b>. */
57 };
59 /**
60 * A consensus_cache_t holds a directory full of labeled items.
61 */
63 /** Underling storage_dir_t to handle persistence */
65 /** List of all the entries in the directory. */
68 /** The maximum number of entries that we'd like to allow in this cache.
69 * This is the same as the storagedir limit when MUST_UNMAP_TO_UNLINK is
70 * not defined. */
72 };
77 consensus_cache_entry_t *);
80 /**
81 * Helper: Open a consensus cache in subdirectory <b>subdir</b> of the
82 * data directory, to hold up to <b>max_entries</b> of data.
83 */
84 consensus_cache_t *
86 {
92 #ifdef MUST_UNMAP_TO_UNLINK
93 /* If we can't unlink the files that we're still using, then we need to
94 * tell the storagedir backend to allow far more files than this consensus
95 * cache actually wants, so that it can hold files which, from this cache's
96 * perspective, have become useless.
97 */
98 #define VERY_LARGE_STORAGEDIR_LIMIT (1000*1000)
101 /* Otherwise, we can just tell the storagedir to use the same limits
102 * as this cache. */
111 }
115 }
117 /** Return true if it's okay to put more entries in this cache than
118 * its official file limit.
119 *
120 * (We need this method on Windows, where we can't unlink files that are still
121 * in use, and therefore might need to temporarily exceed the file limit until
122 * the no-longer-wanted files are deletable.)
123 */
124 int
126 {
128 #ifdef MUST_UNMAP_TO_UNLINK
130 #else
132 #endif
133 }
135 // HACK: GCC on Appveyor hates that we may assert before returning. Work around
136 // the error.
137 #ifdef _WIN32
138 #ifndef COCCI
139 #pragma GCC diagnostic push
141 #endif
144 /**
145 * Tell the sandbox (if any) configured by <b>cfg</b> to allow the
146 * operations that <b>cache</b> will need.
147 */
148 int
151 {
152 #ifdef MUST_UNMAP_TO_UNLINK
153 /* Our Linux sandbox doesn't support huge file lists like the one that would
154 * be generated by using VERY_LARGE_STORAGEDIR_LIMIT above in
155 * consensus_cache_open(). Since the Linux sandbox is the only one we have
156 * right now, we just assert that we never reach this point when we've had
157 * to use VERY_LARGE_STORAGEDIR_LIMIT.
158 *
159 * If at some point in the future we have a different sandbox mechanism that
160 * can handle huge file lists, we can remove this assertion or make it
161 * conditional.
162 */
166 }
168 #ifdef _WIN32
169 #ifndef COCCI
170 #pragma GCC diagnostic pop
171 #endif
172 #endif
174 /**
175 * Helper: clear all entries from <b>cache</b> (but do not delete
176 * any that aren't marked for removal
177 */
178 static void
180 {
189 }
191 /**
192 * Drop all storage held by <b>cache</b>.
193 */
194 void
196 {
202 }
205 }
207 /**
208 * Write <b>datalen</b> bytes of data at <b>data</b> into the <b>cache</b>,
209 * labeling that data with <b>labels</b>. On failure, return NULL. On
210 * success, return a newly created consensus_cache_entry_t.
211 *
212 * The returned value will be owned by the cache, and you will have a
213 * reference to it. Call consensus_cache_entry_decref() when you are
214 * done with it.
215 *
216 * The provided <b>labels</b> MUST have distinct keys: if they don't,
217 * this API does not specify which values (if any) for the duplicate keys
218 * will be considered.
219 */
220 consensus_cache_entry_t *
225 {
231 }
240 /* Start the reference count at 2: the caller owns one copy, and the
241 * cache owns another.
242 */
246 }
248 /**
249 * Given a <b>cache</b>, return some entry for which <b>key</b>=<b>value</b>.
250 * Return NULL if no such entry exists.
251 *
252 * Does not adjust reference counts.
253 */
254 consensus_cache_entry_t *
258 {
266 }
268 /**
269 * Given a <b>cache</b>, add every entry to <b>out</b> for which
270 * <b>key</b>=<b>value</b>. If <b>key</b> is NULL, add every entry.
271 *
272 * Do not add any entry that has been marked for removal.
273 *
274 * Does not adjust reference counts.
275 */
276 void
281 {
284 /* We want to delete this; pretend it isn't there. */
286 }
290 }
294 }
296 }
298 /**
299 * Given a list of consensus_cache_entry_t, remove all those entries
300 * that do not have <b>key</b>=<b>value</b> in their labels.
301 *
302 * Does not adjust reference counts.
303 */
304 void
308 {
317 }
319 }
321 /**
322 * If <b>ent</b> has a label with the given <b>key</b>, return its
323 * value. Otherwise return NULL.
324 *
325 * The return value is only guaranteed to be valid for as long as you
326 * hold a reference to <b>ent</b>.
327 */
331 {
335 else
337 }
339 /**
340 * Return a pointer to the labels in <b>ent</b>.
341 *
342 * This pointer is only guaranteed to be valid for as long as you
343 * hold a reference to <b>ent</b>.
344 */
347 {
349 }
351 /**
352 * Increase the reference count of <b>ent</b>.
353 */
354 void
356 {
361 }
363 /**
364 * Release a reference held to <b>ent</b>.
365 *
366 * If it was the last reference, ent will be freed. Therefore, you must not
367 * use <b>ent</b> after calling this function.
368 */
369 void
371 {
382 /* Only the cache has a reference: we don't need to keep the file
383 * mapped */
389 }
390 }
392 }
397 /* Refcount is zero; we can free it. */
400 }
406 }
408 /**
409 * Mark <b>ent</b> for deletion from the cache. Deletion will not occur
410 * until the cache is the only place that holds a reference to <b>ent</b>.
411 */
412 void
414 {
416 }
418 /**
419 * Mark <b>ent</b> as the kind of entry that we don't need to keep mmap'd for
420 * any longer than we're actually using it.
421 */
422 void
424 {
426 }
428 /**
429 * Try to read the body of <b>ent</b> into memory if it isn't already
430 * loaded. On success, set *<b>body_out</b> to the body, *<b>sz_out</b>
431 * to its size, and return 0. On failure return -1.
432 *
433 * The resulting body pointer will only be valid for as long as you
434 * hold a reference to <b>ent</b>.
435 */
436 int
440 {
452 }
453 }
458 }
460 /**
461 * Unmap every mmap'd element of <b>cache</b> that has been unused
462 * since <b>cutoff</b>.
463 */
464 void
466 {
470 /* Somebody is using this entry right now */
472 }
474 /* Has been unused only for a little while */
476 }
478 /* Not actually mapped. */
480 }
483 }
485 /**
486 * Return the number of currently unused filenames available in this cache.
487 */
488 int
490 {
494 #ifdef MUST_UNMAP_TO_UNLINK
497 #else
501 }
503 /**
504 * Delete every element of <b>cache</b> has been marked with
505 * consensus_cache_entry_mark_for_removal. If <b>force</b> is false,
506 * retain those entries which are in use by something other than the cache.
507 */
508 void
510 {
514 #ifdef MUST_UNMAP_TO_UNLINK
515 /* We cannot delete anything with an active mmap on win32, so no
516 * force-deletion. */
519 }
523 /* Somebody is using this entry right now */
525 }
526 }
528 /* Don't want to delete this. */
530 }
533 }
542 }
544 /**
545 * Internal helper: rescan <b>cache</b> and rebuild its list of entries.
546 */
547 static void
549 {
552 }
564 /* The ERANGE error might come from tor_mmap_file() -- it means the file
565 * was empty. EINVAL might come from ..map_labeled() -- it means the
566 * file was misformatted. In both cases, we should just delete it.
567 */
574 /* Can't load this; continue */
577 }
579 }
591 }
593 /**
594 * Make sure that <b>ent</b> is mapped into RAM.
595 */
596 static void
599 {
606 }
608 /**
609 * Unmap <b>ent</b> from RAM.
610 *
611 * Do not call this if something other than the cache is holding a reference
612 * to <b>ent</b>
613 */
614 static void
616 {
626 }
630 #ifdef TOR_UNIT_TESTS
631 /**
632 * Testing only: Return true iff <b>ent</b> is mapped into memory.
633 *
634 * (In normal operation, this information is not exposed.)
635 */
636 int
638 {
645 }
646 }