2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
18 #include <afs/cellconfig.h>
20 #define UBIK_INTERNALS
24 #include <lwp.h> /* temporary hack by klm */
26 #define ERROR_EXIT(code) do { \
33 * This system is organized in a hierarchical set of related modules. Modules
34 * at one level can only call modules at the same level or below.
36 * At the bottom level (0) we have R, RFTP, LWP and IOMGR, i.e. the basic
37 * operating system primitives.
39 * At the next level (1) we have
41 * \li VOTER--The module responsible for casting votes when asked. It is also
42 * responsible for determining whether this server should try to become
43 * a synchronization site.
44 * \li BEACONER--The module responsible for sending keep-alives out when a
45 * server is actually the sync site, or trying to become a sync site.
46 * \li DISK--The module responsible for representing atomic transactions
47 * on the local disk. It maintains a new-value only log.
48 * \li LOCK--The module responsible for locking byte ranges in the database file.
50 * At the next level (2) we have
52 * \li RECOVERY--The module responsible for ensuring that all members of a quorum
53 * have the same up-to-date database after a new synchronization site is
54 * elected. This module runs only on the synchronization site.
56 * At the next level (3) we have
58 * \li REMOTE--The module responsible for interpreting requests from the sync
59 * site and applying them to the database, after obtaining the appropriate
62 * At the next level (4) we have
64 * \li UBIK--The module users call to perform operations on the database.
69 afs_int32 ubik_quorum = 0;
70 struct ubik_dbase *ubik_dbase = 0;
71 struct ubik_stats ubik_stats;
72 afs_uint32 ubik_host[UBIK_MAX_INTERFACE_ADDR];
73 afs_int32 ubik_epochTime = 0;
74 afs_int32 urecovery_state = 0;
75 int (*ubik_SyncWriterCacheProc) (void);
76 struct ubik_server *ubik_servers;
77 short ubik_callPortal;
79 /* These global variables were used to control the server security layers.
80 * They are retained for backwards compatibility with legacy callers.
82 * The ubik_SetServerSecurityProcs() interface should be used instead.
85 int (*ubik_SRXSecurityProc) (void *, struct rx_securityClass **, afs_int32 *);
86 void *ubik_SRXSecurityRock;
87 int (*ubik_CheckRXSecurityProc) (void *, struct rx_call *);
88 void *ubik_CheckRXSecurityRock;
92 static int BeginTrans(struct ubik_dbase *dbase, afs_int32 transMode,
93 struct ubik_trans **transPtr, int readAny);
95 static struct rx_securityClass **ubik_sc = NULL;
96 static void (*buildSecClassesProc)(void *, struct rx_securityClass ***,
98 static int (*checkSecurityProc)(void *, struct rx_call *) = NULL;
99 static void *securityRock = NULL;
101 #define CStampVersion 1 /* meaning set ts->version */
103 static_inline struct rx_connection *
104 Quorum_StartIO(struct ubik_trans *atrans, struct ubik_server *as)
106 struct rx_connection *conn;
108 conn = as->disk_rxcid;
110 #ifdef AFS_PTHREAD_ENV
111 rx_GetConnection(conn);
112 DBRELE(atrans->dbase);
113 #endif /* AFS_PTHREAD_ENV */
119 Quorum_EndIO(struct ubik_trans *atrans, struct rx_connection *aconn)
121 #ifdef AFS_PTHREAD_ENV
122 DBHOLD(atrans->dbase);
123 rx_PutConnection(aconn);
124 #endif /* AFS_PTHREAD_ENV */
129 * Iterate over all servers. Callers pass in *ts which is used to track
130 * the current server.
131 * - Returns 1 if there are no more servers
132 * - Returns 0 with conn set to the connection for the current server if
133 * it's up and current
136 ContactQuorum_iterate(struct ubik_trans *atrans, int aflags, struct ubik_server **ts,
137 struct rx_connection **conn, afs_int32 *rcode,
138 afs_int32 *okcalls, afs_int32 code)
141 /* Initial call - start iterating over servers */
148 Quorum_EndIO(atrans, *conn);
150 if (code) { /* failure */
152 (*ts)->up = 0; /* mark as down now; beacons will no longer be sent */
153 (*ts)->beaconSinceDown = 0;
154 (*ts)->currentDB = 0;
155 urecovery_LostServer(*ts); /* tell recovery to try to resend dbase later */
156 } else { /* success */
158 (*okcalls)++; /* count up how many worked */
159 if (aflags & CStampVersion) {
160 (*ts)->version = atrans->dbase->version;
168 if (!(*ts)->up || !(*ts)->currentDB) {
169 (*ts)->currentDB = 0; /* db is no longer current; we just missed an update */
170 return 0; /* not up-to-date, don't bother. NULL conn will tell caller not to use */
172 *conn = Quorum_StartIO(atrans, *ts);
177 ContactQuorum_rcode(int okcalls, afs_int32 rcode)
180 * return 0 if we successfully contacted a quorum, otherwise return error code.
181 * We don't have to contact ourselves (that was done locally)
183 if (okcalls + 1 >= ubik_quorum)
190 * \brief Perform an operation at a quorum, handling error conditions.
191 * \return 0 if all worked and a quorum was contacted successfully
192 * \return otherwise mark failing server as down and return #UERROR
194 * \note If any server misses an update, we must wait #BIGTIME seconds before
195 * allowing the transaction to commit, to ensure that the missing and
196 * possibly still functioning server times out and stops handing out old
197 * data. This is done in the commit code, where we wait for a server marked
198 * down to have stayed down for #BIGTIME seconds before we allow a transaction
199 * to commit. A server that fails but comes back up won't give out old data
200 * because it is sent the sync count along with the beacon message that
201 * marks it as \b really up (\p beaconSinceDown).
204 ContactQuorum_NoArguments(afs_int32 (*proc)(struct rx_connection *, ubik_tid *),
205 struct ubik_trans *atrans, int aflags)
207 struct ubik_server *ts = NULL;
208 afs_int32 code = 0, rcode, okcalls;
209 struct rx_connection *conn;
212 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
215 code = (*proc)(conn, &atrans->tid);
216 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
218 return ContactQuorum_rcode(okcalls, rcode);
223 ContactQuorum_DISK_Lock(struct ubik_trans *atrans, int aflags,afs_int32 file,
224 afs_int32 position, afs_int32 length, afs_int32 type)
226 struct ubik_server *ts = NULL;
227 afs_int32 code = 0, rcode, okcalls;
228 struct rx_connection *conn;
231 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
234 code = DISK_Lock(conn, &atrans->tid, file, position, length, type);
235 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
237 return ContactQuorum_rcode(okcalls, rcode);
242 ContactQuorum_DISK_Write(struct ubik_trans *atrans, int aflags,
243 afs_int32 file, afs_int32 position, bulkdata *data)
245 struct ubik_server *ts = NULL;
246 afs_int32 code = 0, rcode, okcalls;
247 struct rx_connection *conn;
250 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
253 code = DISK_Write(conn, &atrans->tid, file, position, data);
254 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
256 return ContactQuorum_rcode(okcalls, rcode);
261 ContactQuorum_DISK_Truncate(struct ubik_trans *atrans, int aflags,
262 afs_int32 file, afs_int32 length)
264 struct ubik_server *ts = NULL;
265 afs_int32 code = 0, rcode, okcalls;
266 struct rx_connection *conn;
269 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
272 code = DISK_Truncate(conn, &atrans->tid, file, length);
273 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
275 return ContactQuorum_rcode(okcalls, rcode);
280 ContactQuorum_DISK_WriteV(struct ubik_trans *atrans, int aflags,
281 iovec_wrt * io_vector, iovec_buf *io_buffer)
283 struct ubik_server *ts = NULL;
284 afs_int32 code = 0, rcode, okcalls;
285 struct rx_connection *conn;
288 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
291 code = DISK_WriteV(conn, &atrans->tid, io_vector, io_buffer);
292 if ((code <= -450) && (code > -500)) {
293 /* An RPC interface mismatch (as defined in comerr/error_msg.c).
294 * Un-bulk the entries and do individual DISK_Write calls
295 * instead of DISK_WriteV.
297 struct ubik_iovec *iovec =
298 (struct ubik_iovec *)io_vector->iovec_wrt_val;
299 char *iobuf = (char *)io_buffer->iovec_buf_val;
303 for (i = 0, offset = 0; i < io_vector->iovec_wrt_len; i++) {
304 /* Sanity check for going off end of buffer */
305 if ((offset + iovec[i].length) > io_buffer->iovec_buf_len) {
309 tcbs.bulkdata_len = iovec[i].length;
310 tcbs.bulkdata_val = &iobuf[offset];
311 code = DISK_Write(conn, &atrans->tid, iovec[i].file,
312 iovec[i].position, &tcbs);
315 offset += iovec[i].length;
319 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
321 return ContactQuorum_rcode(okcalls, rcode);
326 ContactQuorum_DISK_SetVersion(struct ubik_trans *atrans, int aflags,
327 ubik_version *OldVersion,
328 ubik_version *NewVersion)
330 struct ubik_server *ts = NULL;
331 afs_int32 code = 0, rcode, okcalls;
332 struct rx_connection *conn;
335 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
338 code = DISK_SetVersion(conn, &atrans->tid, OldVersion, NewVersion);
339 done = ContactQuorum_iterate(atrans, aflags, &ts, &conn, &rcode, &okcalls, code);
341 return ContactQuorum_rcode(okcalls, rcode);
344 #if defined(AFS_PTHREAD_ENV)
346 ubik_thread_create(pthread_attr_t *tattr, pthread_t *thread, void *proc) {
347 osi_Assert(pthread_attr_init(tattr) == 0);
348 osi_Assert(pthread_attr_setdetachstate(tattr, PTHREAD_CREATE_DETACHED) == 0);
349 osi_Assert(pthread_create(thread, tattr, proc, NULL) == 0);
355 * \brief This routine initializes the ubik system for a set of servers.
356 * \return 0 for success, or an error code on failure.
357 * \param serverList set of servers specified; nServers gives the number of entries in this array.
358 * \param pathName provides an initial prefix used for naming storage files used by this system.
359 * \param dbase the returned structure representing this instance of an ubik; it is passed to various calls below.
361 * \todo This routine should perhaps be generalized to a low-level disk interface providing read, write, file enumeration and sync operations.
363 * \warning The host named by myHost should not also be listed in serverList.
365 * \see ubik_ServerInit(), ubik_ServerInitByInfo()
368 ubik_ServerInitCommon(afs_uint32 myHost, short myPort,
369 struct afsconf_cell *info, char clones[],
370 afs_uint32 serverList[], const char *pathName,
371 struct ubik_dbase **dbase)
373 struct ubik_dbase *tdb;
375 #ifdef AFS_PTHREAD_ENV
376 pthread_t rxServerThread; /* pthread variables */
377 pthread_t ubeacon_InteractThread;
378 pthread_t urecovery_InteractThread;
379 pthread_attr_t rxServer_tattr;
380 pthread_attr_t ubeacon_Interact_tattr;
381 pthread_attr_t urecovery_Interact_tattr;
384 extern int rx_stackSize;
388 struct rx_securityClass *secClass;
391 struct rx_service *tservice;
393 initialize_U_error_table();
395 tdb = (struct ubik_dbase *)malloc(sizeof(struct ubik_dbase));
396 tdb->pathName = (char *)malloc(strlen(pathName) + 1);
397 strcpy(tdb->pathName, pathName);
398 tdb->activeTrans = (struct ubik_trans *)0;
399 memset(&tdb->version, 0, sizeof(struct ubik_version));
400 memset(&tdb->cachedVersion, 0, sizeof(struct ubik_version));
401 #ifdef AFS_PTHREAD_ENV
402 MUTEX_INIT(&tdb->versionLock, "version lock", MUTEX_DEFAULT, 0);
404 Lock_Init(&tdb->versionLock);
406 Lock_Init(&tdb->cache_lock);
408 tdb->read = uphys_read;
409 tdb->write = uphys_write;
410 tdb->truncate = uphys_truncate;
411 tdb->open = uphys_invalidate; /* this function isn't used any more */
412 tdb->sync = uphys_sync;
413 tdb->stat = uphys_stat;
414 tdb->getlabel = uphys_getlabel;
415 tdb->setlabel = uphys_setlabel;
416 tdb->getnfiles = uphys_getnfiles;
418 tdb->tidCounter = tdb->writeTidCounter = 0;
420 ubik_dbase = tdb; /* for now, only one db per server; can fix later when we have names for the other dbases */
422 #ifdef AFS_PTHREAD_ENV
423 CV_INIT(&tdb->version_cond, "version", CV_DEFAULT, 0);
424 CV_INIT(&tdb->flags_cond, "flags", CV_DEFAULT, 0);
425 #endif /* AFS_PTHREAD_ENV */
429 /* the following call is idempotent so when/if it got called earlier,
430 * by whatever called us, it doesn't really matter -- klm */
431 code = rx_Init(myPort);
435 udisk_Init(ubik_nBuffers);
441 code = urecovery_Initialize(tdb);
445 code = ubeacon_InitServerListByInfo(myHost, info, clones);
447 code = ubeacon_InitServerList(myHost, serverList);
451 ubik_callPortal = myPort;
452 /* try to get an additional security object */
453 if (buildSecClassesProc == NULL) {
455 ubik_sc = calloc(numClasses, sizeof(struct rx_securityClass *));
456 ubik_sc[0] = rxnull_NewServerSecurityObject();
457 if (ubik_SRXSecurityProc) {
458 code = (*ubik_SRXSecurityProc) (ubik_SRXSecurityRock,
462 ubik_sc[secIndex] = secClass;
466 (*buildSecClassesProc) (securityRock, &ubik_sc, &numClasses);
468 /* for backwards compat this should keep working as it does now
472 rx_NewService(0, VOTE_SERVICE_ID, "VOTE", ubik_sc, numClasses,
473 VOTE_ExecuteRequest);
474 if (tservice == (struct rx_service *)0) {
475 ubik_dprint("Could not create VOTE rx service!\n");
478 rx_SetMinProcs(tservice, 2);
479 rx_SetMaxProcs(tservice, 3);
482 rx_NewService(0, DISK_SERVICE_ID, "DISK", ubik_sc, numClasses,
483 DISK_ExecuteRequest);
484 if (tservice == (struct rx_service *)0) {
485 ubik_dprint("Could not create DISK rx service!\n");
488 rx_SetMinProcs(tservice, 2);
489 rx_SetMaxProcs(tservice, 3);
491 /* start an rx_ServerProc to handle incoming RPC's in particular the
492 * UpdateInterfaceAddr RPC that occurs in ubeacon_InitServerList. This avoids
493 * the "steplock" problem in ubik initialization. Defect 11037.
495 #ifdef AFS_PTHREAD_ENV
496 ubik_thread_create(&rxServer_tattr, &rxServerThread, (void *)rx_ServerProc);
498 LWP_CreateProcess(rx_ServerProc, rx_stackSize, RX_PROCESS_PRIORITY,
499 NULL, "rx_ServerProc", &junk);
502 /* now start up async processes */
503 #ifdef AFS_PTHREAD_ENV
504 ubik_thread_create(&ubeacon_Interact_tattr, &ubeacon_InteractThread,
505 (void *)ubeacon_Interact);
507 code = LWP_CreateProcess(ubeacon_Interact, 16384 /*8192 */ ,
508 LWP_MAX_PRIORITY - 1, (void *)0, "beacon",
514 #ifdef AFS_PTHREAD_ENV
515 ubik_thread_create(&urecovery_Interact_tattr, &urecovery_InteractThread,
516 (void *)urecovery_Interact);
517 return 0; /* is this correct? - klm */
519 code = LWP_CreateProcess(urecovery_Interact, 16384 /*8192 */ ,
520 LWP_MAX_PRIORITY - 1, (void *)0, "recovery",
528 * \see ubik_ServerInitCommon()
531 ubik_ServerInitByInfo(afs_uint32 myHost, short myPort,
532 struct afsconf_cell *info, char clones[],
533 const char *pathName, struct ubik_dbase **dbase)
538 ubik_ServerInitCommon(myHost, myPort, info, clones, 0, pathName,
544 * \see ubik_ServerInitCommon()
547 ubik_ServerInit(afs_uint32 myHost, short myPort, afs_uint32 serverList[],
548 const char *pathName, struct ubik_dbase **dbase)
553 ubik_ServerInitCommon(myHost, myPort, (struct afsconf_cell *)0, 0,
554 serverList, pathName, dbase);
559 * \brief This routine begins a read or write transaction on the transaction
560 * identified by transPtr, in the dbase named by dbase.
562 * An open mode of ubik_READTRANS identifies this as a read transaction,
563 * while a mode of ubik_WRITETRANS identifies this as a write transaction.
564 * transPtr is set to the returned transaction control block.
565 * The readAny flag is set to 0 or 1 or 2 by the wrapper functions
566 * ubik_BeginTrans() or ubik_BeginTransReadAny() or
567 * ubik_BeginTransReadAnyWrite() below.
569 * \note We can only begin transaction when we have an up-to-date database.
572 BeginTrans(struct ubik_dbase *dbase, afs_int32 transMode,
573 struct ubik_trans **transPtr, int readAny)
575 struct ubik_trans *jt;
576 struct ubik_trans *tt;
579 if (readAny > 1 && ubik_SyncWriterCacheProc == NULL) {
580 /* it's not safe to use ubik_BeginTransReadAnyWrite without a
581 * cache-syncing function; fall back to ubik_BeginTransReadAny,
582 * which is safe but slower */
583 ubik_print("ubik_BeginTransReadAnyWrite called, but "
584 "ubik_SyncWriterCacheProc not set; pretending "
585 "ubik_BeginTransReadAny was called instead\n");
589 if ((transMode != UBIK_READTRANS) && readAny)
592 if (urecovery_AllBetter(dbase, readAny) == 0) {
596 /* otherwise we have a quorum, use it */
598 /* make sure that at most one write transaction occurs at any one time. This
599 * has nothing to do with transaction locking; that's enforced by the lock package. However,
600 * we can't even handle two non-conflicting writes, since our log and recovery modules
601 * don't know how to restore one without possibly picking up some data from the other. */
602 if (transMode == UBIK_WRITETRANS) {
603 /* if we're writing already, wait */
604 while (dbase->flags & DBWRITING) {
605 #ifdef AFS_PTHREAD_ENV
606 CV_WAIT(&dbase->flags_cond, &dbase->versionLock);
609 LWP_WaitProcess(&dbase->flags);
614 if (!ubeacon_AmSyncSite()) {
620 /* create the transaction */
621 code = udisk_begin(dbase, transMode, &jt); /* can't take address of register var */
622 tt = jt; /* move to a register */
623 if (code || tt == (struct ubik_trans *)NULL) {
628 tt->flags |= TRREADANY;
630 tt->flags |= TRREADWRITE;
633 /* label trans and dbase with new tid */
634 tt->tid.epoch = ubik_epochTime;
635 /* bump by two, since tidCounter+1 means trans id'd by tidCounter has finished */
636 tt->tid.counter = (dbase->tidCounter += 2);
638 if (transMode == UBIK_WRITETRANS) {
639 /* for a write trans, we have to keep track of the write tid counter too */
640 dbase->writeTidCounter = tt->tid.counter;
642 /* next try to start transaction on appropriate number of machines */
643 code = ContactQuorum_NoArguments(DISK_Begin, tt, 0);
645 /* we must abort the operation */
647 ContactQuorum_NoArguments(DISK_Abort, tt, 0); /* force aborts to the others */
663 ubik_BeginTrans(struct ubik_dbase *dbase, afs_int32 transMode,
664 struct ubik_trans **transPtr)
666 return BeginTrans(dbase, transMode, transPtr, 0);
673 ubik_BeginTransReadAny(struct ubik_dbase *dbase, afs_int32 transMode,
674 struct ubik_trans **transPtr)
676 return BeginTrans(dbase, transMode, transPtr, 1);
683 ubik_BeginTransReadAnyWrite(struct ubik_dbase *dbase, afs_int32 transMode,
684 struct ubik_trans **transPtr)
686 return BeginTrans(dbase, transMode, transPtr, 2);
690 * \brief This routine ends a read or write transaction by aborting it.
693 ubik_AbortTrans(struct ubik_trans *transPtr)
697 struct ubik_dbase *dbase;
699 dbase = transPtr->dbase;
701 if (transPtr->flags & TRCACHELOCKED) {
702 ReleaseReadLock(&dbase->cache_lock);
703 transPtr->flags &= ~TRCACHELOCKED;
706 ObtainWriteLock(&dbase->cache_lock);
709 memset(&dbase->cachedVersion, 0, sizeof(struct ubik_version));
711 ReleaseWriteLock(&dbase->cache_lock);
713 /* see if we're still up-to-date */
714 if (!urecovery_AllBetter(dbase, transPtr->flags & TRREADANY)) {
715 udisk_abort(transPtr);
721 if (transPtr->type == UBIK_READTRANS) {
722 code = udisk_abort(transPtr);
728 /* below here, we know we're doing a write transaction */
729 if (!ubeacon_AmSyncSite()) {
730 udisk_abort(transPtr);
736 /* now it is safe to try remote abort */
737 code = ContactQuorum_NoArguments(DISK_Abort, transPtr, 0);
738 code2 = udisk_abort(transPtr);
741 return (code ? code : code2);
745 WritebackApplicationCache(struct ubik_dbase *dbase)
748 if (ubik_SyncWriterCacheProc) {
749 code = ubik_SyncWriterCacheProc();
752 /* we failed to sync the local cache, so just invalidate the cache;
753 * we'll try to read the cache in again on the next read */
754 memset(&dbase->cachedVersion, 0, sizeof(dbase->cachedVersion));
756 memcpy(&dbase->cachedVersion, &dbase->version,
757 sizeof(dbase->cachedVersion));
762 * \brief This routine ends a read or write transaction on the open transaction identified by transPtr.
763 * \return an error code.
766 ubik_EndTrans(struct ubik_trans *transPtr)
771 struct ubik_server *ts;
774 struct ubik_dbase *dbase;
776 if (transPtr->type == UBIK_WRITETRANS) {
777 code = ubik_Flush(transPtr);
779 ubik_AbortTrans(transPtr);
784 dbase = transPtr->dbase;
786 if (transPtr->flags & TRCACHELOCKED) {
787 ReleaseReadLock(&dbase->cache_lock);
788 transPtr->flags &= ~TRCACHELOCKED;
791 if (transPtr->type != UBIK_READTRANS) {
792 /* must hold cache_lock before DBHOLD'ing */
793 ObtainWriteLock(&dbase->cache_lock);
799 /* give up if no longer current */
800 if (!urecovery_AllBetter(dbase, transPtr->flags & TRREADANY)) {
801 udisk_abort(transPtr);
808 if (transPtr->type == UBIK_READTRANS) { /* reads are easy */
809 code = udisk_commit(transPtr);
811 goto success; /* update cachedVersion correctly */
817 if (!ubeacon_AmSyncSite()) { /* no longer sync site */
818 udisk_abort(transPtr);
825 /* now it is safe to do commit */
826 code = udisk_commit(transPtr);
828 /* db data has been committed locally; update the local cache so
829 * readers can get at it */
830 WritebackApplicationCache(dbase);
832 ReleaseWriteLock(&dbase->cache_lock);
834 code = ContactQuorum_NoArguments(DISK_Commit, transPtr, CStampVersion);
837 memset(&dbase->cachedVersion, 0, sizeof(struct ubik_version));
838 ReleaseWriteLock(&dbase->cache_lock);
842 /* failed to commit, so must return failure. Try to clear locks first, just for fun
843 * Note that we don't know if this transaction will eventually commit at this point.
844 * If it made it to a site that will be present in the next quorum, we win, otherwise
845 * we lose. If we contact a majority of sites, then we won't be here: contacting
846 * a majority guarantees commit, since it guarantees that one dude will be a
847 * member of the next quorum. */
848 ContactQuorum_NoArguments(DISK_ReleaseLocks, transPtr, 0);
853 /* before we can start sending unlock messages, we must wait until all servers
854 * that are possibly still functioning on the other side of a network partition
855 * have timed out. Check the server structures, compute how long to wait, then
856 * start the unlocks */
857 realStart = FT_ApproxTime();
859 /* wait for all servers to time out */
861 now = FT_ApproxTime();
862 /* check if we're still sync site, the guy should either come up
863 * to us, or timeout. Put safety check in anyway */
864 if (now - realStart > 10 * BIGTIME) {
865 ubik_stats.escapes++;
866 ubik_print("ubik escaping from commit wait\n");
869 for (ts = ubik_servers; ts; ts = ts->next) {
870 if (!ts->beaconSinceDown && now <= ts->lastBeaconSent + BIGTIME) {
872 /* this guy could have some damaged data, wait for him */
874 tv.tv_sec = 1; /* try again after a while (ha ha) */
877 #ifdef AFS_PTHREAD_ENV
878 /* we could release the dbase outside of the loop, but we do
879 * it here, in the loop, to avoid an unnecessary RELE/HOLD
880 * if all sites are up */
882 select(0, 0, 0, 0, &tv);
885 IOMGR_Select(0, 0, 0, 0, &tv); /* poll, should we wait on something? */
892 break; /* no down ones still pseudo-active */
895 /* finally, unlock all the dudes. We can return success independent of the number of servers
896 * that really unlock the dbase; the others will do it if/when they elect a new sync site.
897 * The transaction is committed anyway, since we succeeded in contacting a quorum
898 * at the start (when invoking the DiskCommit function).
900 ContactQuorum_NoArguments(DISK_ReleaseLocks, transPtr, 0);
904 /* don't update cachedVersion here; it should have been updated way back
905 * in ubik_CheckCache, and earlier in this function for writes */
908 ReleaseWriteLock(&dbase->cache_lock);
914 ObtainWriteLock(&dbase->cache_lock);
916 memset(&dbase->cachedVersion, 0, sizeof(struct ubik_version));
917 ReleaseWriteLock(&dbase->cache_lock);
922 * \brief This routine reads length bytes into buffer from the current position in the database.
924 * The file pointer is updated appropriately (by adding the number of bytes actually transferred), and the length actually transferred is stored in the long integer pointed to by length. A short read returns zero for an error code.
926 * \note *length is an INOUT parameter: at the start it represents the size of the buffer, and when done, it contains the number of bytes actually transferred.
929 ubik_Read(struct ubik_trans *transPtr, void *buffer,
934 /* reads are easy to do: handle locally */
935 DBHOLD(transPtr->dbase);
936 if (!urecovery_AllBetter(transPtr->dbase, transPtr->flags & TRREADANY)) {
937 DBRELE(transPtr->dbase);
942 udisk_read(transPtr, transPtr->seekFile, buffer, transPtr->seekPos,
945 transPtr->seekPos += length;
947 DBRELE(transPtr->dbase);
952 * \brief This routine will flush the io data in the iovec structures.
954 * It first flushes to the local disk and then uses ContactQuorum to write it
955 * to the other servers.
958 ubik_Flush(struct ubik_trans *transPtr)
960 afs_int32 code, error = 0;
962 if (transPtr->type != UBIK_WRITETRANS)
964 if (!transPtr->iovec_info.iovec_wrt_len
965 || !transPtr->iovec_info.iovec_wrt_val)
968 DBHOLD(transPtr->dbase);
969 if (!urecovery_AllBetter(transPtr->dbase, transPtr->flags & TRREADANY))
970 ERROR_EXIT(UNOQUORUM);
971 if (!ubeacon_AmSyncSite()) /* only sync site can write */
972 ERROR_EXIT(UNOTSYNC);
974 /* Update the rest of the servers in the quorum */
976 ContactQuorum_DISK_WriteV(transPtr, 0, &transPtr->iovec_info,
977 &transPtr->iovec_data);
979 udisk_abort(transPtr);
980 ContactQuorum_NoArguments(DISK_Abort, transPtr, 0); /* force aborts to the others */
981 transPtr->iovec_info.iovec_wrt_len = 0;
982 transPtr->iovec_data.iovec_buf_len = 0;
986 /* Wrote the buffers out, so start at scratch again */
987 transPtr->iovec_info.iovec_wrt_len = 0;
988 transPtr->iovec_data.iovec_buf_len = 0;
991 DBRELE(transPtr->dbase);
996 ubik_Write(struct ubik_trans *transPtr, void *vbuffer,
999 struct ubik_iovec *iovec;
1000 afs_int32 code, error = 0;
1001 afs_int32 pos, len, size;
1002 char * buffer = (char *)vbuffer;
1004 if (transPtr->type != UBIK_WRITETRANS)
1009 if (length > IOVEC_MAXBUF) {
1010 for (pos = 0, len = length; len > 0; len -= size, pos += size) {
1011 size = ((len < IOVEC_MAXBUF) ? len : IOVEC_MAXBUF);
1012 code = ubik_Write(transPtr, buffer+pos, size);
1019 if (!transPtr->iovec_info.iovec_wrt_val) {
1020 transPtr->iovec_info.iovec_wrt_len = 0;
1021 transPtr->iovec_info.iovec_wrt_val =
1022 (struct ubik_iovec *)malloc(IOVEC_MAXWRT *
1023 sizeof(struct ubik_iovec));
1024 transPtr->iovec_data.iovec_buf_len = 0;
1025 transPtr->iovec_data.iovec_buf_val = (char *)malloc(IOVEC_MAXBUF);
1026 if (!transPtr->iovec_info.iovec_wrt_val
1027 || !transPtr->iovec_data.iovec_buf_val) {
1028 if (transPtr->iovec_info.iovec_wrt_val)
1029 free(transPtr->iovec_info.iovec_wrt_val);
1030 transPtr->iovec_info.iovec_wrt_val = 0;
1031 if (transPtr->iovec_data.iovec_buf_val)
1032 free(transPtr->iovec_data.iovec_buf_val);
1033 transPtr->iovec_data.iovec_buf_val = 0;
1038 /* If this write won't fit in the structure, then flush it out and start anew */
1039 if ((transPtr->iovec_info.iovec_wrt_len >= IOVEC_MAXWRT)
1040 || ((length + transPtr->iovec_data.iovec_buf_len) > IOVEC_MAXBUF)) {
1041 code = ubik_Flush(transPtr);
1046 DBHOLD(transPtr->dbase);
1047 if (!urecovery_AllBetter(transPtr->dbase, transPtr->flags & TRREADANY))
1048 ERROR_EXIT(UNOQUORUM);
1049 if (!ubeacon_AmSyncSite()) /* only sync site can write */
1050 ERROR_EXIT(UNOTSYNC);
1052 /* Write to the local disk */
1054 udisk_write(transPtr, transPtr->seekFile, buffer, transPtr->seekPos,
1057 udisk_abort(transPtr);
1058 transPtr->iovec_info.iovec_wrt_len = 0;
1059 transPtr->iovec_data.iovec_buf_len = 0;
1060 DBRELE(transPtr->dbase);
1064 /* Collect writes for the other ubik servers (to be done in bulk) */
1065 iovec = (struct ubik_iovec *)transPtr->iovec_info.iovec_wrt_val;
1066 iovec[transPtr->iovec_info.iovec_wrt_len].file = transPtr->seekFile;
1067 iovec[transPtr->iovec_info.iovec_wrt_len].position = transPtr->seekPos;
1068 iovec[transPtr->iovec_info.iovec_wrt_len].length = length;
1070 memcpy(&transPtr->iovec_data.
1071 iovec_buf_val[transPtr->iovec_data.iovec_buf_len], buffer, length);
1073 transPtr->iovec_info.iovec_wrt_len++;
1074 transPtr->iovec_data.iovec_buf_len += length;
1075 transPtr->seekPos += length;
1078 DBRELE(transPtr->dbase);
1083 * \brief This sets the file pointer associated with the current transaction
1084 * to the appropriate file and byte position.
1086 * Unlike Unix files, a transaction is labelled by both a file number \p fileid
1087 * and a byte position relative to the specified file \p position.
1090 ubik_Seek(struct ubik_trans *transPtr, afs_int32 fileid,
1095 DBHOLD(transPtr->dbase);
1096 if (!urecovery_AllBetter(transPtr->dbase, transPtr->flags & TRREADANY)) {
1099 transPtr->seekFile = fileid;
1100 transPtr->seekPos = position;
1103 DBRELE(transPtr->dbase);
1108 * \brief This call returns the file pointer associated with the specified
1109 * transaction in \p fileid and \p position.
1112 ubik_Tell(struct ubik_trans *transPtr, afs_int32 * fileid,
1113 afs_int32 * position)
1115 DBHOLD(transPtr->dbase);
1116 *fileid = transPtr->seekFile;
1117 *position = transPtr->seekPos;
1118 DBRELE(transPtr->dbase);
1123 * \brief This sets the file size for the currently-selected file to \p length
1124 * bytes, if length is less than the file's current size.
1127 ubik_Truncate(struct ubik_trans *transPtr, afs_int32 length)
1129 afs_int32 code, error = 0;
1131 /* Will also catch if not UBIK_WRITETRANS */
1132 code = ubik_Flush(transPtr);
1136 DBHOLD(transPtr->dbase);
1137 /* first, check that quorum is still good, and that dbase is up-to-date */
1138 if (!urecovery_AllBetter(transPtr->dbase, transPtr->flags & TRREADANY))
1139 ERROR_EXIT(UNOQUORUM);
1140 if (!ubeacon_AmSyncSite())
1141 ERROR_EXIT(UNOTSYNC);
1143 /* now do the operation locally, and propagate it out */
1144 code = udisk_truncate(transPtr, transPtr->seekFile, length);
1147 ContactQuorum_DISK_Truncate(transPtr, 0, transPtr->seekFile,
1151 /* we must abort the operation */
1152 udisk_abort(transPtr);
1153 ContactQuorum_NoArguments(DISK_Abort, transPtr, 0); /* force aborts to the others */
1158 DBRELE(transPtr->dbase);
1163 * \brief set a lock; all locks are released on transaction end (commit/abort)
1166 ubik_SetLock(struct ubik_trans *atrans, afs_int32 apos, afs_int32 alen,
1169 afs_int32 code = 0, error = 0;
1171 if (atype == LOCKWRITE) {
1172 if (atrans->type == UBIK_READTRANS)
1174 code = ubik_Flush(atrans);
1179 DBHOLD(atrans->dbase);
1180 if (atype == LOCKREAD) {
1181 code = ulock_getLock(atrans, atype, 1);
1185 /* first, check that quorum is still good, and that dbase is up-to-date */
1186 if (!urecovery_AllBetter(atrans->dbase, atrans->flags & TRREADANY))
1187 ERROR_EXIT(UNOQUORUM);
1188 if (!ubeacon_AmSyncSite())
1189 ERROR_EXIT(UNOTSYNC);
1191 /* now do the operation locally, and propagate it out */
1192 code = ulock_getLock(atrans, atype, 1);
1194 code = ContactQuorum_DISK_Lock(atrans, 0, 0, 1 /*unused */ ,
1195 1 /*unused */ , LOCKWRITE);
1198 /* we must abort the operation */
1199 udisk_abort(atrans);
1200 ContactQuorum_NoArguments(DISK_Abort, atrans, 0); /* force aborts to the others */
1206 DBRELE(atrans->dbase);
1211 * \brief utility to wait for a version # to change
1214 ubik_WaitVersion(struct ubik_dbase *adatabase,
1215 struct ubik_version *aversion)
1219 /* wait until version # changes, and then return */
1220 if (vcmp(*aversion, adatabase->version) != 0) {
1224 #ifdef AFS_PTHREAD_ENV
1225 CV_WAIT(&adatabase->version_cond, &adatabase->versionLock);
1228 LWP_WaitProcess(&adatabase->version); /* same vers, just wait */
1235 * \brief utility to get the version of the dbase a transaction is dealing with
1238 ubik_GetVersion(struct ubik_trans *atrans,
1239 struct ubik_version *avers)
1241 *avers = atrans->dbase->version;
1246 * \brief Facility to simplify database caching.
1247 * \return zero if last trans was done on the local server and was successful.
1248 * \return -1 means bad (NULL) argument.
1250 * If return value is non-zero and the caller is a server caching part of the
1251 * Ubik database, it should invalidate that cache.
1254 ubik_CacheUpdate(struct ubik_trans *atrans)
1256 if (!(atrans && atrans->dbase))
1258 return vcmp(atrans->dbase->cachedVersion, atrans->dbase->version) != 0;
1262 * check and possibly update cache of ubik db.
1264 * If the version of the cached db data is out of date, this calls (*check) to
1265 * update the cache. If (*check) returns success, we update the version of the
1268 * Checking the version of the cached db data is done under a read lock;
1269 * updating the cache (and thus calling (*check)) is done under a write lock
1270 * so is guaranteed not to interfere with another thread's (*check). On
1271 * successful return, a read lock on the cached db data is obtained, which
1272 * will be released by ubik_EndTrans or ubik_AbortTrans.
1274 * @param[in] atrans ubik transaction
1275 * @param[in] check function to call to check/update cache
1276 * @param[in] rock rock to pass to *check
1278 * @return operation status
1280 * @retval nonzero error; cachedVersion not updated
1282 * @post On success, application cache is read-locked, and cache data is
1286 ubik_CheckCache(struct ubik_trans *atrans, ubik_updatecache_func cbf, void *rock)
1290 if (!(atrans && atrans->dbase))
1293 ObtainReadLock(&atrans->dbase->cache_lock);
1295 while (ubik_CacheUpdate(atrans) != 0) {
1297 ReleaseReadLock(&atrans->dbase->cache_lock);
1298 ObtainSharedLock(&atrans->dbase->cache_lock);
1300 if (ubik_CacheUpdate(atrans) != 0) {
1302 BoostSharedLock(&atrans->dbase->cache_lock);
1304 ret = (*cbf) (atrans, rock);
1306 memcpy(&atrans->dbase->cachedVersion, &atrans->dbase->version,
1307 sizeof(atrans->dbase->cachedVersion));
1311 /* It would be nice if we could convert from a shared lock to a read
1312 * lock... instead, just release the shared and acquire the read */
1313 ReleaseSharedLock(&atrans->dbase->cache_lock);
1316 /* if we have an error, don't retry, and don't hold any locks */
1320 ObtainReadLock(&atrans->dbase->cache_lock);
1323 atrans->flags |= TRCACHELOCKED;
1329 * "Who said anything about panicking?" snapped Arthur.
1330 * "This is still just the culture shock. You wait till I've settled down
1331 * into the situation and found my bearings. \em Then I'll start panicking!"
1334 * \returns There is no return from panic.
1337 panic(char *format, ...)
1341 va_start(ap, format);
1342 ubik_print("Ubik PANIC: ");
1343 ubik_vprint(format, ap);
1347 ubik_print("BACK FROM ABORT\n"); /* shouldn't come back */
1348 exit(1); /* never know, though */
1352 * This function takes an IP addresses as its parameter. It returns the
1353 * the primary IP address that is on the host passed in, or 0 if not found.
1356 ubikGetPrimaryInterfaceAddr(afs_uint32 addr)
1358 struct ubik_server *ts;
1361 for (ts = ubik_servers; ts; ts = ts->next)
1362 for (j = 0; j < UBIK_MAX_INTERFACE_ADDR; j++)
1363 if (ts->addr[j] == addr)
1364 return ts->addr[0]; /* net byte order */
1365 return 0; /* if not in server database, return error */
1369 ubik_CheckAuth(struct rx_call *acall)
1371 if (checkSecurityProc)
1372 return (*checkSecurityProc) (securityRock, acall);
1373 else if (ubik_CheckRXSecurityProc) {
1374 return (*ubik_CheckRXSecurityProc) (ubik_CheckRXSecurityRock, acall);
1380 ubik_SetServerSecurityProcs(void (*buildproc) (void *,
1381 struct rx_securityClass ***,
1383 int (*checkproc) (void *, struct rx_call *),
1386 buildSecClassesProc = buildproc;
1387 checkSecurityProc = checkproc;
1388 securityRock = rock;