59N/A

59N/A#include "lib.h"

59N/A#include "ioloop.h"

59N/A#include "buffer.h"

59N/A#include "file-dotlock.h"

59N/A#include "nfs-workarounds.h"

59N/A#include "read-full.h"

59N/A#include "write-full.h"

59N/A#include "mmap-util.h"

59N/A#include "mail-index-private.h"

59N/A#include "mail-index-modseq.h"

59N/A#include "mail-transaction-log-private.h"

59N/A

59N/A#define LOG_PREFETCH 1024

59N/A#define MEMORY_LOG_NAME "(in-memory transaction log file)"

59N/A

59N/Amail_transaction_log_file_set_corrupted(struct mail_transaction_log_file *file,

59N/A const char *fmt, ...)

59N/A{

59N/A va_list va;

59N/A

3337N/A file->corrupted = TRUE;

59N/A file->hdr.indexid = 0;

59N/A if (!MAIL_TRANSACTION_LOG_FILE_IN_MEMORY(file)) {

2084N/A /* indexid=0 marks the log file as corrupted */

59N/A if (pwrite_full(file->fd, &file->hdr.indexid,

59N/A sizeof(file->hdr.indexid),

59N/A offsetof(struct mail_transaction_log_header,

59N/A indexid)) < 0) {

59N/A mail_index_file_set_syscall_error(file->log->index,

59N/A file->filepath, "pwrite()");

3339N/A }

2920N/A }

3234N/A

2616N/A va_start(va, fmt);

2476N/A T_BEGIN {

2616N/A mail_index_set_error(file->log->index,

2339N/A "Corrupted transaction log file %s: %s",

655N/A file->filepath, t_strdup_vprintf(fmt, va));

526N/A } T_END;

3337N/A va_end(va);

2905N/A}

2339N/A

2339N/Astruct mail_transaction_log_file *

2339N/Amail_transaction_log_file_alloc(struct mail_transaction_log *log,

2339N/A const char *path)

3366N/A{

2339N/A struct mail_transaction_log_file *file;

2339N/A

2339N/A file = i_new(struct mail_transaction_log_file, 1);

2339N/A file->log = log;

2339N/A file->filepath = i_strdup(path);

2339N/A file->fd = -1;

2339N/A return file;

2339N/A}

2339N/A

2339N/Avoid mail_transaction_log_file_free(struct mail_transaction_log_file **_file)

2339N/A{

2339N/A struct mail_transaction_log_file *file = *_file;

2339N/A struct mail_transaction_log_file **p;

1846N/A int old_errno = errno;

3337N/A

59N/A *_file = NULL;

59N/A

59N/A mail_transaction_log_file_unlock(file);

1505N/A

59N/A for (p = &file->log->files; *p != NULL; p = &(*p)->next) {

1505N/A if (*p == file) {

1505N/A *p = file->next;

1505N/A break;

307N/A }

2339N/A }

1505N/A

307N/A if (file == file->log->head)

2084N/A file->log->head = NULL;

2084N/A

2084N/A if (file->buffer != NULL)

2084N/A buffer_free(&file->buffer);

2084N/A

2084N/A if (file->mmap_base != NULL) {

2084N/A if (munmap(file->mmap_base, file->mmap_size) < 0) {

2084N/A mail_index_file_set_syscall_error(file->log->index,

2084N/A file->filepath,

2084N/A "munmap()");

2339N/A }

2339N/A }

2339N/A

2339N/A if (file->fd != -1) {

2339N/A if (close(file->fd) < 0) {

1505N/A mail_index_file_set_syscall_error(file->log->index,

307N/A file->filepath,

2339N/A "close()");

2228N/A }

2228N/A }

2228N/A

2228N/A i_free(file->filepath);

3366N/A i_free(file);

3366N/A

3366N/A errno = old_errno;

3366N/A}

3366N/A

59N/Astatic void

1846N/Amail_transaction_log_file_skip_to_head(struct mail_transaction_log_file *file)

1846N/A{

59N/A struct mail_transaction_log *log = file->log;

180N/A struct mail_index_map *map = log->index->map;

2639N/A const struct mail_index_modseq_header *modseq_hdr;

59N/A uoff_t head_offset;

59N/A

3366N/A if (map == NULL || file->hdr.file_seq != map->hdr.log_file_seq ||

59N/A map->hdr.log_file_head_offset == 0)

1234N/A return;

2339N/A

2339N/A /* we can get a valid log offset from index file. initialize

2339N/A head_offset = map->hdr.log_file_head_offset;

2339N/A

2339N/A modseq_hdr = mail_index_map_get_modseq_header(map);

2339N/A if (head_offset < file->hdr.hdr_size) {

2339N/A mail_index_set_error(log->index,

2339N/A "%s: log_file_head_offset too small",

2339N/A log->index->filepath);

2339N/A file->sync_offset = file->hdr.hdr_size;

2339N/A file->sync_highest_modseq = file->hdr.initial_modseq;

2339N/A } else if (modseq_hdr == NULL && file->hdr.initial_modseq == 0) {

2339N/A /* modseqs not used yet */

3337N/A file->sync_offset = head_offset;

3337N/A file->sync_highest_modseq = 0;

3337N/A } else if (modseq_hdr->log_seq != file->hdr.file_seq) {

2339N/A /* highest_modseq not synced, start from beginning */

2339N/A file->sync_offset = file->hdr.hdr_size;

2339N/A file->sync_highest_modseq = file->hdr.initial_modseq;

2339N/A } else if (modseq_hdr->log_offset > head_offset) {

2339N/A mail_index_set_error(log->index,

2339N/A "%s: modseq_hdr.log_offset too large",

3337N/A log->index->filepath);

3337N/A file->sync_offset = file->hdr.hdr_size;

2339N/A file->sync_highest_modseq = file->hdr.initial_modseq;

2339N/A } else {

2339N/A /* start from where we last stopped tracking modseqs */

3337N/A file->sync_offset = modseq_hdr->log_offset;

2339N/A file->sync_highest_modseq = modseq_hdr->highest_modseq;

2339N/A }

2339N/A file->saved_tail_offset = log->index->map->hdr.log_file_tail_offset;

2339N/A}

3337N/A

2339N/Astatic void

3337N/Amail_transaction_log_file_add_to_list(struct mail_transaction_log_file *file)

2339N/A{

2339N/A struct mail_transaction_log_file **p;

3337N/A

2339N/A file->sync_offset = file->hdr.hdr_size;

2339N/A file->sync_highest_modseq = file->hdr.initial_modseq;

2339N/A mail_transaction_log_file_skip_to_head(file);

2084N/A

3337N/A /* insert it to correct position */

2084N/A for (p = &file->log->files; *p != NULL; p = &(*p)->next) {

2084N/A if ((*p)->hdr.file_seq > file->hdr.file_seq)

2084N/A break;

2084N/A i_assert((*p)->hdr.file_seq < file->hdr.file_seq);

2084N/A }

3337N/A

3337N/A file->next = *p;

2084N/A *p = file;

3158N/A}

3337N/A

3337N/Astatic int

3337N/Amail_transaction_log_init_hdr(struct mail_transaction_log *log,

2084N/A struct mail_transaction_log_header *hdr)

2084N/A{

2084N/A struct mail_index *index = log->index;

2084N/A

3337N/A memset(hdr, 0, sizeof(*hdr));

2084N/A hdr->major_version = MAIL_TRANSACTION_LOG_MAJOR_VERSION;

3158N/A hdr->minor_version = MAIL_TRANSACTION_LOG_MINOR_VERSION;

3337N/A hdr->hdr_size = sizeof(struct mail_transaction_log_header);

3337N/A hdr->indexid = log->index->indexid;

3337N/A hdr->create_stamp = ioloop_time;

2084N/A

2616N/A if (index->fd != -1) {

3337N/A /* not creating index - make sure we have latest header */

2084N/A if (!index->mapping) {

3337N/A if (mail_index_map(index,

3337N/A MAIL_INDEX_SYNC_HANDLER_HEAD) <= 0)

3337N/A return -1;

3337N/A } else {

3337N/A /* if we got here from mapping, the .log file is

2084N/A }

2339N/A }

1685N/A if (index->map != NULL) {

1685N/A hdr->prev_file_seq = index->map->hdr.log_file_seq;

1685N/A hdr->prev_file_offset = index->map->hdr.log_file_head_offset;

307N/A hdr->file_seq = index->map->hdr.log_file_seq + 1;

1685N/A hdr->initial_modseq = log->head == NULL ||

1685N/A log->head->sync_highest_modseq == 0 ? 0 :

1685N/A mail_index_map_modseq_get_highest(index->map);

1685N/A } else {

2339N/A hdr->file_seq = 1;

2339N/A }

2339N/A

2339N/A if (log->head != NULL) {

1685N/A if (hdr->file_seq <= log->head->hdr.file_seq) {

1505N/A /* make sure the sequence grows */

2958N/A hdr->file_seq = log->head->hdr.file_seq+1;

1505N/A }

926N/A if (hdr->initial_modseq < log->head->sync_highest_modseq) {

222N/A /* this should be always up-to-date */

1846N/A hdr->initial_modseq = log->head->sync_highest_modseq;

1685N/A }

3337N/A }

3337N/A return 0;

1685N/A}

307N/A

2339N/Astruct mail_transaction_log_file *

2339N/Amail_transaction_log_file_alloc_in_memory(struct mail_transaction_log *log)

2339N/A{

2958N/A struct mail_transaction_log_file *file;

2339N/A

2339N/A file = mail_transaction_log_file_alloc(log, MEMORY_LOG_NAME);

2339N/A if (mail_transaction_log_init_hdr(log, &file->hdr) < 0) {

2339N/A i_free(file);

2339N/A return NULL;

2339N/A }

2339N/A

3337N/A file->buffer = buffer_create_dynamic(default_pool, 4096);

3337N/A file->buffer_offset = sizeof(file->hdr);

2339N/A

2084N/A mail_transaction_log_file_add_to_list(file);

2084N/A return file;

2339N/A}

2084N/A

2084N/Astatic int

2084N/Amail_transaction_log_file_dotlock(struct mail_transaction_log_file *file)

2084N/A{

2084N/A int ret;

655N/A

1505N/A if (file->log->dotlock_count > 0)

1505N/A ret = 1;

2084N/A else {

222N/A ret = file_dotlock_create(&file->log->dotlock_settings,

3366N/A file->filepath, 0,

3366N/A &file->log->dotlock);

3366N/A }

3366N/A if (ret > 0) {

1505N/A file->log->dotlock_count++;

1505N/A file->locked = TRUE;

1505N/A return 0;

1505N/A }

1505N/A if (ret < 0) {

1505N/A mail_index_file_set_syscall_error(file->log->index,

1505N/A file->filepath,

1505N/A "file_dotlock_create()");

1505N/A return -1;

1505N/A }

1505N/A

1505N/A mail_index_set_error(file->log->index,

2084N/A "Timeout while waiting for "

2958N/A "dotlock for transaction log file %s",

2084N/A file->filepath);

2084N/A file->log->index->index_lock_timeout = TRUE;

3337N/A return -1;

2084N/A}

2084N/A

2228N/Astatic int

3366N/Amail_transaction_log_file_undotlock(struct mail_transaction_log_file *file)

2228N/A{

3366N/A int ret;

3366N/A

3366N/A if (--file->log->dotlock_count > 0)

3366N/A return 0;

3366N/A

3366N/A ret = file_dotlock_delete(&file->log->dotlock);

3366N/A if (ret < 0) {

3366N/A mail_index_file_set_syscall_error(file->log->index,

3366N/A file->filepath, "file_dotlock_delete()");

3366N/A return -1;

3366N/A }

3366N/A

3366N/A if (ret == 0) {

3366N/A mail_index_set_error(file->log->index,

3366N/A "Dotlock was lost for transaction log file %s",

3366N/A file->filepath);

3366N/A return -1;

3366N/A }

2084N/A return 0;

2476N/A}

3337N/A

3337N/Aint mail_transaction_log_file_lock(struct mail_transaction_log_file *file)

3337N/A{

2476N/A int ret;

2476N/A

2084N/A if (file->locked)

2084N/A return 0;

2084N/A

3337N/A if (MAIL_TRANSACTION_LOG_FILE_IN_MEMORY(file)) {

3337N/A file->locked = TRUE;

3366N/A return 0;

3366N/A }

3366N/A

3366N/A if (file->log->index->lock_method == FILE_LOCK_METHOD_DOTLOCK)

2084N/A return mail_transaction_log_file_dotlock(file);

2905N/A

3337N/A i_assert(file->file_lock == NULL);

3337N/A ret = mail_index_lock_fd(file->log->index, file->filepath, file->fd,

3337N/A F_WRLCK, MAIL_TRANSCATION_LOG_LOCK_TIMEOUT,

3337N/A &file->file_lock);

3337N/A if (ret > 0) {

3337N/A file->locked = TRUE;

3337N/A return 0;

3337N/A }

3337N/A if (ret < 0) {

2905N/A mail_index_file_set_syscall_error(file->log->index,

2905N/A file->filepath,

2905N/A "mail_index_wait_lock_fd()");

2905N/A return -1;

2905N/A }

2084N/A

2084N/A mail_index_set_error(file->log->index,

3337N/A "Timeout while waiting for lock for transaction log file %s",

3337N/A file->filepath);

3337N/A file->log->index->index_lock_timeout = TRUE;

3337N/A return -1;

2084N/A}

2084N/A

3158N/Avoid mail_transaction_log_file_unlock(struct mail_transaction_log_file *file)

3337N/A{

526N/A if (!file->locked)

2084N/A return;

2084N/A

2084N/A file->locked = FALSE;

1685N/A

222N/A if (MAIL_TRANSACTION_LOG_FILE_IN_MEMORY(file))

144N/A return;

1100N/A

1100N/A if (file->log->index->lock_method == FILE_LOCK_METHOD_DOTLOCK) {

1100N/A mail_transaction_log_file_undotlock(file);

926N/A return;

2185N/A }

526N/A

1846N/A file_unlock(&file->file_lock);

941N/A}

67N/A

526N/Astatic int

3337N/Amail_transaction_log_file_read_hdr(struct mail_transaction_log_file *file,

3337N/A bool ignore_estale)

3337N/A{

3337N/A struct mail_transaction_log_file *f;

3337N/A int ret;

67N/A

3234N/A i_assert(!MAIL_TRANSACTION_LOG_FILE_IN_MEMORY(file));

2185N/A

2185N/A if (file->corrupted)

3234N/A return 0;

2185N/A

2920N/A ret = pread_full(file->fd, &file->hdr, sizeof(file->hdr), 0);

2920N/A if (ret < 0) {

2920N/A if (errno != ESTALE || !ignore_estale) {

2920N/A mail_index_file_set_syscall_error(file->log->index,

2185N/A file->filepath,

2185N/A "pread_full()");

2185N/A }

2185N/A return -1;

532N/A }

2185N/A if (ret == 0) {

2185N/A mail_transaction_log_file_set_corrupted(file,

2185N/A "unexpected end of file while reading header");

1146N/A return 0;

2476N/A }

2528N/A

2528N/A if (file->hdr.major_version != MAIL_TRANSACTION_LOG_MAJOR_VERSION) {

2528N/A /* incompatible version - fix silently */

2528N/A return 0;

2528N/A }

2528N/A if (file->hdr.hdr_size < MAIL_TRANSACTION_LOG_HEADER_MIN_SIZE) {

2528N/A mail_transaction_log_file_set_corrupted(file,

2528N/A "Header size too small");

2528N/A return 0;

2528N/A }

2528N/A if (file->hdr.hdr_size < sizeof(file->hdr)) {

2528N/A /* @UNSAFE: smaller than we expected - zero out the fields we

2528N/A memset(PTR_OFFSET(&file->hdr, file->hdr.hdr_size), 0,

2528N/A sizeof(file->hdr) - file->hdr.hdr_size);

2528N/A }

2528N/A

2528N/A if (file->hdr.indexid == 0) {

2528N/A /* corrupted */

2528N/A file->corrupted = TRUE;

2528N/A mail_index_set_error(file->log->index,

2528N/A "Transaction log file %s: marked corrupted",

2528N/A file->filepath);

2528N/A return 0;

2528N/A }

2528N/A if (file->hdr.indexid != file->log->index->indexid) {

2528N/A if (file->log->index->indexid != 0 &&

2528N/A !file->log->index->initial_create) {

2528N/A /* index file was probably just rebuilt and we don't

2528N/A mail_transaction_log_file_set_corrupted(file,

2528N/A "indexid changed %u -> %u",

2528N/A file->log->index->indexid, file->hdr.indexid);

2528N/A return 0;

2528N/A }

2528N/A

2528N/A /* creating index file. since transaction log is created

3245N/A file->log->index->indexid = file->hdr.indexid;

3245N/A }

3245N/A

2528N/A /* make sure we already don't have a file with the same sequence

2528N/A for (f = file->log->files; f != NULL; f = f->next) {

2528N/A if (f->hdr.file_seq == file->hdr.file_seq) {

2528N/A /* mark the old file corrupted. we can't safely remove

2528N/A mail_transaction_log_file_set_corrupted(f,

2528N/A "duplicate transaction log sequence (%u)",

2528N/A f->hdr.file_seq);

2528N/A return 0;

2528N/A }

2528N/A }

2528N/A

2528N/A file->sync_highest_modseq = file->hdr.initial_modseq;

3337N/A return 1;

3337N/A}

2528N/A

2528N/Astatic int

2528N/Amail_transaction_log_file_stat(struct mail_transaction_log_file *file,

2528N/A bool ignore_estale)

2528N/A{

2528N/A struct stat st;

2528N/A

2528N/A if (fstat(file->fd, &st) < 0) {

2528N/A if (errno != ESTALE || !ignore_estale) {

2528N/A mail_index_file_set_syscall_error(file->log->index,

2528N/A file->filepath, "fstat()");

2528N/A }

2528N/A return -1;

2528N/A }

2528N/A

3337N/A file->st_dev = st.st_dev;

3337N/A file->st_ino = st.st_ino;

2528N/A file->last_mtime = st.st_mtime;

2528N/A file->last_size = st.st_size;

2528N/A return 0;

3245N/A}

3337N/A

2528N/Astatic bool

2528N/Amail_transaction_log_file_is_dupe(struct mail_transaction_log_file *file)

2528N/A{

3337N/A struct mail_transaction_log_file *tmp;

2528N/A

2528N/A for (tmp = file->log->files; tmp != NULL; tmp = tmp->next) {

2528N/A if (tmp->st_ino == file->st_ino &&

2528N/A CMP_DEV_T(tmp->st_dev, file->st_dev))

2528N/A return TRUE;

2528N/A }

2528N/A return FALSE;

2528N/A}

2528N/A

3337N/Astatic int

3337N/Amail_transaction_log_file_create2(struct mail_transaction_log_file *file,

3337N/A int new_fd, bool reset,

3337N/A struct dotlock **dotlock)

3337N/A{

3337N/A struct mail_index *index = file->log->index;

2528N/A struct stat st;

2528N/A const char *path2;

2528N/A int fd, ret;

2528N/A bool rename_existing;

2528N/A

2528N/A if (index->nfs_flush) {

2528N/A /* although we check also mtime and file size below, it's done

2476N/A nfs_flush_file_handle_cache(file->filepath);

2476N/A }

2476N/A

2476N/A /* log creation is locked now - see if someone already created it.

3366N/A if (reset)

2476N/A rename_existing = FALSE;

2476N/A else if (nfs_safe_stat(file->filepath, &st) < 0) {

2476N/A if (errno != ENOENT) {

2476N/A mail_index_file_set_syscall_error(index, file->filepath,

3366N/A "stat()");

3366N/A return -1;

3366N/A }

3366N/A rename_existing = FALSE;

3366N/A } else if (st.st_ino == file->st_ino &&

3366N/A CMP_DEV_T(st.st_dev, file->st_dev) &&

3337N/A /* inode/dev checks are enough when we're rotating the file,

3366N/A st.st_mtime == file->last_mtime &&

2476N/A (uoff_t)st.st_size == file->last_size) {

3366N/A /* no-one else recreated the file */

3366N/A rename_existing = TRUE;

3366N/A } else {

3366N/A /* recreated. use the file if its header is ok */

3366N/A fd = nfs_safe_open(file->filepath, O_RDWR);

2476N/A if (fd == -1) {

3337N/A if (errno != ENOENT) {

3337N/A mail_index_file_set_syscall_error(index,

3337N/A file->filepath, "open()");

2476N/A return -1;

3337N/A }

3337N/A } else {

3337N/A file->fd = fd;

2476N/A if (mail_transaction_log_file_read_hdr(file,

2476N/A FALSE) > 0 &&

2476N/A mail_transaction_log_file_stat(file, FALSE) == 0) {

2476N/A /* yes, it was ok */

2476N/A (void)file_dotlock_delete(dotlock);

2476N/A mail_transaction_log_file_add_to_list(file);

2958N/A return 0;

2476N/A }

3337N/A file->fd = -1;

2476N/A if (close(fd) < 0) {

2476N/A mail_index_file_set_syscall_error(index,

2476N/A file->filepath, "close()");

2476N/A }

3337N/A }

3337N/A rename_existing = FALSE;

3337N/A }

3337N/A

3337N/A if (mail_transaction_log_init_hdr(file->log, &file->hdr) < 0)

3337N/A return -1;

3337N/A

2476N/A if (reset) {

2476N/A file->hdr.prev_file_seq = 0;

3337N/A file->hdr.prev_file_offset = 0;

3337N/A file->hdr.initial_modseq = 0;

3337N/A }

if (write_full(new_fd, &file->hdr, sizeof(file->hdr)) < 0) {

mail_index_file_set_syscall_error(index, file->filepath,

"write_full()");

return -1;

}

if (index->nfs_flush) {

/* the header isn't important, so don't bother calling

if (fdatasync(new_fd) < 0) {

mail_index_file_set_syscall_error(index, file->filepath,

"fdatasync()");

return -1;

}

}

file->fd = new_fd;

ret = mail_transaction_log_file_stat(file, FALSE);

if (file->log->head != NULL && file->log->head->locked) {

/* we'll need to preserve the lock */

if (mail_transaction_log_file_lock(file) < 0)

ret = -1;

}

/* if we return -1 the dotlock deletion code closes the fd */

file->fd = -1;

if (ret < 0)

return -1;

/* keep two log files */

if (rename_existing) {

/* rename() would be nice and easy way to do this, except then

path2 = t_strconcat(file->filepath, ".2", NULL);

if (unlink(path2) < 0 && errno != ENOENT) {

mail_index_set_error(index, "unlink(%s) failed: %m",

path2);

/* try to link() anyway */

}

if (nfs_safe_link(file->filepath, path2, FALSE) < 0 &&

errno != ENOENT && errno != EEXIST) {

mail_index_set_error(index, "link(%s, %s) failed: %m",

file->filepath, path2);

/* ignore the error. we don't care that much about the

}

}

if (file_dotlock_replace(dotlock,

DOTLOCK_REPLACE_FLAG_DONT_CLOSE_FD) <= 0)

return -1;

/* success */

file->fd = new_fd;

mail_transaction_log_file_add_to_list(file);

return 0;

}

int mail_transaction_log_file_create(struct mail_transaction_log_file *file,

bool reset)

{

struct mail_index *index = file->log->index;

struct dotlock *dotlock;

mode_t old_mask;

int fd;

i_assert(!MAIL_INDEX_IS_IN_MEMORY(index));

/* With dotlocking we might already have path.lock created, so this

old_mask = umask(index->mode ^ 0666);

fd = file_dotlock_open(&file->log->new_dotlock_settings,

file->filepath, 0, &dotlock);

umask(old_mask);

if (fd == -1) {

mail_index_file_set_syscall_error(index, file->filepath,

"file_dotlock_open()");

return -1;

}

if (index->gid != (gid_t)-1 &&

fchown(fd, (uid_t)-1, index->gid) < 0) {

mail_index_file_set_syscall_error(index, file->filepath,

"fchown()");

(void)file_dotlock_delete(&dotlock);

return -1;

}

/* either fd gets used or the dotlock gets deleted and returned fd

if (mail_transaction_log_file_create2(file, fd, reset, &dotlock) < 0) {

if (dotlock != NULL)

(void)file_dotlock_delete(&dotlock);

return -1;

}

return 0;

}

int mail_transaction_log_file_open(struct mail_transaction_log_file *file,

bool check_existing)

{

unsigned int i;

bool ignore_estale;

int ret;

for (i = 0;; i++) {

file->fd = nfs_safe_open(file->filepath, O_RDWR);

if (file->fd == -1) {

if (errno == ENOENT)

return 0;

mail_index_file_set_syscall_error(file->log->index,

file->filepath, "open()");

return -1;

}

ignore_estale = i < MAIL_INDEX_ESTALE_RETRY_COUNT;

if (mail_transaction_log_file_stat(file, ignore_estale) < 0)

ret = -1;

else if (check_existing &&

mail_transaction_log_file_is_dupe(file))

return 0;

else {

ret = mail_transaction_log_file_read_hdr(file,

ignore_estale);

}

if (ret > 0) {

/* success */

break;

}

if (ret == 0) {

/* corrupted */

if (unlink(file->filepath) < 0 && errno != ENOENT) {

mail_index_set_error(file->log->index,

"unlink(%s) failed: %m",

file->filepath);

}

return 0;

}

if (errno != ESTALE ||

i == MAIL_INDEX_ESTALE_RETRY_COUNT) {

/* syscall error */

return -1;

}

/* ESTALE - try again */

}

mail_transaction_log_file_add_to_list(file);

return 1;

}

static int

log_file_track_mailbox_sync_offset_hdr(struct mail_transaction_log_file *file,

const void *data, unsigned int size)

{

const struct mail_transaction_header_update *u = data;

const struct mail_index_header *ihdr;

const unsigned int offset_pos =

offsetof(struct mail_index_header, log_file_tail_offset);

const unsigned int offset_size = sizeof(ihdr->log_file_tail_offset);

uint32_t sync_offset;

i_assert(offset_size == sizeof(sync_offset));

if (size < sizeof(*u) || size < sizeof(*u) + u->size) {

mail_transaction_log_file_set_corrupted(file,

"header update extends beyond record size");

return -1;

}

if (u->offset <= offset_pos &&

u->offset + u->size >= offset_pos + offset_size) {

memcpy(&sync_offset,

CONST_PTR_OFFSET(u + 1, offset_pos - u->offset),

sizeof(sync_offset));

if (sync_offset < file->saved_tail_offset) {

mail_transaction_log_file_set_corrupted(file,

"log_file_tail_offset shrank");

return -1;

}

file->saved_tail_offset = sync_offset;

if (sync_offset > file->max_tail_offset)

file->max_tail_offset = sync_offset;

return 1;

}

return 0;

}

mail_transaction_header_has_modseq(const struct mail_transaction_header *hdr,

const void *data,

uint64_t cur_modseq)

{

if (cur_modseq != 0) {

/* tracking modseqs */

} else if ((hdr->type & MAIL_TRANSACTION_TYPE_MASK) ==

MAIL_TRANSACTION_EXT_INTRO) {

/* modseqs not tracked yet. see if this is a modseq

const struct mail_transaction_ext_intro *intro = data;

const unsigned int modseq_ext_len =

strlen(MAIL_INDEX_MODSEQ_EXT_NAME);

if (intro->name_size == modseq_ext_len &&

memcmp(intro + 1, MAIL_INDEX_MODSEQ_EXT_NAME,

modseq_ext_len) == 0) {

/* modseq tracking started */

return TRUE;

}

} else {

/* not tracking modseqs */

return FALSE;

}

switch (hdr->type & MAIL_TRANSACTION_TYPE_MASK) {

case MAIL_TRANSACTION_EXPUNGE | MAIL_TRANSACTION_EXPUNGE_PROT:

if ((hdr->type & MAIL_TRANSACTION_EXTERNAL) == 0) {

/* ignore expunge requests */

break;

}

case MAIL_TRANSACTION_APPEND:

case MAIL_TRANSACTION_FLAG_UPDATE:

case MAIL_TRANSACTION_KEYWORD_UPDATE:

case MAIL_TRANSACTION_KEYWORD_RESET:

/* these changes increase modseq */

return TRUE;

}

return FALSE;

}

static struct modseq_cache *

modseq_cache_hit(struct mail_transaction_log_file *file, unsigned int idx)

{

struct modseq_cache cache;

if (idx > 0) {

/* @UNSAFE: move it to top */

cache = file->modseq_cache[idx];

memmove(file->modseq_cache + 1, file->modseq_cache,

sizeof(*file->modseq_cache) * idx);

file->modseq_cache[0] = cache;

}

return &file->modseq_cache[0];

}

static struct modseq_cache *

modseq_cache_get_offset(struct mail_transaction_log_file *file, uoff_t offset)

{

unsigned int i, best = -1U;

for (i = 0; i < N_ELEMENTS(file->modseq_cache); i++) {

if (offset < file->modseq_cache[i].offset)

continue;

if (file->modseq_cache[i].offset == 0)

return NULL;

if (offset == file->modseq_cache[i].offset) {

/* exact cache hit */

return modseq_cache_hit(file, i);

}

if (best == -1U ||

file->modseq_cache[i].offset <

file->modseq_cache[best].offset)

best = i;

}

if (best == -1U)

return NULL;

return &file->modseq_cache[best];

}

static struct modseq_cache *

modseq_cache_get_modseq(struct mail_transaction_log_file *file, uint64_t modseq)

{

unsigned int i, best = -1U;

for (i = 0; i < N_ELEMENTS(file->modseq_cache); i++) {

if (modseq < file->modseq_cache[i].highest_modseq)

continue;

if (file->modseq_cache[i].offset == 0)

return NULL;

if (modseq == file->modseq_cache[i].highest_modseq) {

/* exact cache hit */

return modseq_cache_hit(file, i);

}

if (best == -1U ||

file->modseq_cache[i].highest_modseq <

file->modseq_cache[best].highest_modseq)

best = i;

}

if (best == -1U)

return NULL;

return &file->modseq_cache[best];

}

static int

log_get_synced_record(struct mail_transaction_log_file *file, uoff_t *offset,

const struct mail_transaction_header **hdr_r)

{

const struct mail_transaction_header *hdr;

uint32_t trans_size;

hdr = CONST_PTR_OFFSET(file->buffer->data,

*offset - file->buffer_offset);

/* we've already synced this record at some point. it should

trans_size = mail_index_offset_to_uint32(hdr->size);

if (trans_size < sizeof(*hdr) ||

*offset - file->buffer_offset + trans_size > file->buffer->used) {

mail_transaction_log_file_set_corrupted(file,

"Transaction log corrupted unexpectedly");

return -1;

}

*offset += trans_size;

*hdr_r = hdr;

return 0;

}

int mail_transaction_log_file_get_highest_modseq_at(

struct mail_transaction_log_file *file,

uoff_t offset, uint64_t *highest_modseq_r)

{

const struct mail_transaction_header *hdr;

struct modseq_cache *cache;

uoff_t cur_offset;

uint64_t cur_modseq;

int ret;

i_assert(offset <= file->sync_offset);

if (offset == file->sync_offset) {

*highest_modseq_r = file->sync_highest_modseq;

return 0;

}

cache = modseq_cache_get_offset(file, offset);

if (cache == NULL) {

/* nothing usable in cache - scan from beginning */

cur_offset = file->hdr.hdr_size;

cur_modseq = file->hdr.initial_modseq;

} else if (cache->offset == offset) {

/* exact cache hit */

*highest_modseq_r = cache->highest_modseq;

return 0;

} else {

/* use cache to skip over some records */

cur_offset = cache->offset;

cur_modseq = cache->highest_modseq;

}

ret = mail_transaction_log_file_map(file, cur_offset, offset);

if (ret <= 0) {

if (ret < 0)

return -1;

mail_index_set_error(file->log->index,

"%s: Transaction log corrupted, can't get modseq",

file->filepath);

return -1;

}

i_assert(cur_offset >= file->buffer_offset);

i_assert(cur_offset + file->buffer->used >= offset);

while (cur_offset < offset) {

if (log_get_synced_record(file, &cur_offset, &hdr) < 0)

return- 1;

if (mail_transaction_header_has_modseq(hdr, hdr + 1,

cur_modseq))

cur_modseq++;

}

/* @UNSAFE: cache the value */

memmove(file->modseq_cache + 1, file->modseq_cache,

sizeof(*file->modseq_cache) *

(N_ELEMENTS(file->modseq_cache) - 1));

file->modseq_cache[0].offset = cur_offset;

file->modseq_cache[0].highest_modseq = cur_modseq;

*highest_modseq_r = cur_modseq;

return 0;

}

int mail_transaction_log_file_get_modseq_next_offset(

struct mail_transaction_log_file *file,

uint64_t modseq, uoff_t *next_offset_r)

{

const struct mail_transaction_header *hdr;

struct modseq_cache *cache;

uoff_t cur_offset, prev_offset;

uint64_t cur_modseq;

int ret;

if (modseq >= file->sync_highest_modseq) {

*next_offset_r = file->sync_offset;

return 0;

}

cache = modseq_cache_get_modseq(file, modseq);

if (cache == NULL) {

/* nothing usable in cache - scan from beginning */

cur_offset = file->hdr.hdr_size;

cur_modseq = file->hdr.initial_modseq;

} else if (cache->highest_modseq == modseq) {

/* exact cache hit */

*next_offset_r = cache->offset;

return 0;

} else {

/* use cache to skip over some records */

cur_offset = cache->offset;

cur_modseq = cache->highest_modseq;

}

ret = mail_transaction_log_file_map(file, cur_offset,

file->sync_offset);

if (ret <= 0) {

if (ret < 0)

return -1;

mail_index_set_error(file->log->index,

"%s: Transaction log corrupted, can't get modseq",

file->filepath);

return -1;

}

i_assert(cur_offset >= file->buffer_offset);

while (cur_offset < file->sync_offset) {

prev_offset = cur_offset;

if (log_get_synced_record(file, &cur_offset, &hdr) < 0)

return -1;

if (mail_transaction_header_has_modseq(hdr, hdr + 1,

cur_modseq)) {

if (++cur_modseq == modseq)

break;

}

}

if (modseq != cur_modseq) {

/* if we got to sync_offset, cur_modseq should be

mail_index_set_error(file->log->index,

"%s: Transaction log changed unexpectedly, "

"can't get modseq", file->filepath);

return -1;

}

/* @UNSAFE: cache the value */

memmove(file->modseq_cache + 1, file->modseq_cache,

sizeof(*file->modseq_cache) *

(N_ELEMENTS(file->modseq_cache) - 1));

file->modseq_cache[0].offset = cur_offset;

file->modseq_cache[0].highest_modseq = cur_modseq;

*next_offset_r = cur_offset;

return 0;

}

static int

log_file_track_sync(struct mail_transaction_log_file *file,

const struct mail_transaction_header *hdr,

unsigned int trans_size)

{

const void *data = hdr + 1;

int ret;

if (mail_transaction_header_has_modseq(hdr, hdr + 1,

file->sync_highest_modseq))

file->sync_highest_modseq++;

if ((hdr->type & MAIL_TRANSACTION_EXTERNAL) == 0)

return 0;

/* external transactions: */

if ((hdr->type & MAIL_TRANSACTION_TYPE_MASK) ==

MAIL_TRANSACTION_HEADER_UPDATE) {

/* see if this updates mailbox_sync_offset */

ret = log_file_track_mailbox_sync_offset_hdr(file, data,

trans_size -

sizeof(*hdr));

if (ret != 0)

return ret < 0 ? -1 : 0;

}

if (file->max_tail_offset == file->sync_offset) {

/* external transactions aren't synced to mailbox. we can

file->max_tail_offset += trans_size;

}

return 0;

}

static int

mail_transaction_log_file_sync(struct mail_transaction_log_file *file)

{

const struct mail_transaction_header *hdr;

const void *data;

struct stat st;

size_t size, avail;

uint32_t trans_size = 0;

i_assert(file->sync_offset >= file->buffer_offset);

data = buffer_get_data(file->buffer, &size);

while (file->sync_offset - file->buffer_offset + sizeof(*hdr) <= size) {

hdr = CONST_PTR_OFFSET(data, file->sync_offset -

file->buffer_offset);

trans_size = mail_index_offset_to_uint32(hdr->size);

if (trans_size == 0) {

/* unfinished */

return 1;

}

if (trans_size < sizeof(*hdr)) {

mail_transaction_log_file_set_corrupted(file,

"hdr.size too small (%u)", trans_size);

return -1;

}

if (file->sync_offset - file->buffer_offset + trans_size > size)

break;

/* transaction has been fully written */

if (log_file_track_sync(file, hdr, trans_size) < 0)

return -1;

file->sync_offset += trans_size;

trans_size = 0;

}

if (file->mmap_base != NULL && !file->locked) {

/* Now that all the mmaped pages have page faulted, check if

if (fstat(file->fd, &st) < 0) {

mail_index_file_set_syscall_error(file->log->index,

file->filepath,

"fstat()");

return -1;

}

if ((uoff_t)st.st_size != file->last_size) {

file->last_size = st.st_size;

return 0;

}

}

avail = file->sync_offset - file->buffer_offset;

if (avail != size) {

/* There's more data than we could sync at the moment. If the

if (trans_size != 0) {

/* pread()s or the above fstat() check for mmaps should

mail_transaction_log_file_set_corrupted(file,

"hdr.size too large (%u)", trans_size);

return -1;

} else if (file->locked) {

mail_transaction_log_file_set_corrupted(file,

"Unexpected garbage at EOF");

return -1;

}

/* The size field will be updated soon */

mail_index_flush_read_cache(file->log->index, file->filepath,

file->fd, file->locked);

}

if (file->next != NULL &&

file->hdr.file_seq == file->next->hdr.prev_file_seq &&

file->next->hdr.prev_file_offset != file->sync_offset) {

mail_index_set_error(file->log->index,

"Invalid transaction log size "

"(%"PRIuUOFF_T" vs %u): %s", file->sync_offset,

file->log->head->hdr.prev_file_offset, file->filepath);

return -1;

}

return 1;

}

static int

mail_transaction_log_file_insert_read(struct mail_transaction_log_file *file,

uoff_t offset)

{

void *data;

size_t size;

ssize_t ret;

size = file->buffer_offset - offset;

buffer_copy(file->buffer, size, file->buffer, 0, (size_t)-1);

data = buffer_get_space_unsafe(file->buffer, 0, size);

ret = pread_full(file->fd, data, size, offset);

if (ret > 0) {

/* success */

file->buffer_offset -= size;

return 1;

}

/* failure. don't leave ourself to inconsistent state */

buffer_copy(file->buffer, 0, file->buffer, size, (size_t)-1);

buffer_set_used_size(file->buffer, file->buffer->used - size);

if (ret == 0) {

mail_transaction_log_file_set_corrupted(file, "file shrank");

return 0;

} else if (errno == ESTALE) {

/* log file was deleted in NFS server, fail silently */

return 0;

} else {

mail_index_file_set_syscall_error(file->log->index,

file->filepath, "pread()");

return -1;

}

}

static int

mail_transaction_log_file_read_more(struct mail_transaction_log_file *file)

{

void *data;

size_t size;

uint32_t read_offset;

ssize_t ret;

read_offset = file->buffer_offset + buffer_get_used_size(file->buffer);

do {

data = buffer_append_space_unsafe(file->buffer, LOG_PREFETCH);

ret = pread(file->fd, data, LOG_PREFETCH, read_offset);

if (ret > 0)

read_offset += ret;

size = read_offset - file->buffer_offset;

buffer_set_used_size(file->buffer, size);

} while (ret > 0 || (ret < 0 && errno == EINTR));

file->last_size = read_offset;

if (ret < 0) {

if (errno == ESTALE) {

/* log file was deleted in NFS server, fail silently */

return 0;

}

mail_index_file_set_syscall_error(file->log->index,

file->filepath, "pread()");

return -1;

}

return 1;

}

static bool

mail_transaction_log_file_need_nfs_flush(struct mail_transaction_log_file *file)

{

const struct mail_index_header *hdr = &file->log->index->map->hdr;

uoff_t max_offset = file->last_size;

if (file->next != NULL &&

file->hdr.file_seq == file->next->hdr.prev_file_seq &&

file->next->hdr.prev_file_offset != max_offset) {

/* we already have a newer log file which says that we haven't

return TRUE;

}

if (file->hdr.file_seq == hdr->log_file_seq &&

max_offset < hdr->log_file_head_offset)

return TRUE;

return FALSE;

}

static int

mail_transaction_log_file_read(struct mail_transaction_log_file *file,

uoff_t start_offset, bool nfs_flush)

{

int ret;

i_assert(file->mmap_base == NULL);

/* NFS: if file isn't locked, we're optimistic that we can read enough

if (file->log->index->nfs_flush && nfs_flush) {

if (!file->locked)

nfs_flush_attr_cache_unlocked(file->filepath);

else {

nfs_flush_attr_cache_fd_locked(file->filepath,

file->fd);

}

}

if (file->buffer != NULL && file->buffer_offset > start_offset) {

/* we have to insert missing data to beginning of buffer */

ret = mail_transaction_log_file_insert_read(file, start_offset);

if (ret <= 0)

return ret;

}

if (file->buffer == NULL) {

file->buffer =

buffer_create_dynamic(default_pool, LOG_PREFETCH);

file->buffer_offset = start_offset;

}

if ((ret = mail_transaction_log_file_read_more(file)) <= 0)

return ret;

if (file->log->index->nfs_flush && !nfs_flush &&

mail_transaction_log_file_need_nfs_flush(file)) {

/* we didn't read enough data. flush and try again. */

return mail_transaction_log_file_read(file, start_offset, TRUE);

}

if ((ret = mail_transaction_log_file_sync(file)) <= 0) {

i_assert(ret != 0); /* happens only with mmap */

return -1;

}

i_assert(file->sync_offset >= file->buffer_offset);

buffer_set_used_size(file->buffer,

file->sync_offset - file->buffer_offset);

return 1;

}

static int

log_file_map_check_offsets(struct mail_transaction_log_file *file,

uoff_t start_offset, uoff_t end_offset)

{

if (start_offset > file->sync_offset) {

/* broken start offset */

mail_index_set_error(file->log->index,

"%s: start_offset (%"PRIuUOFF_T") > "

"current sync_offset (%"PRIuUOFF_T")",

file->filepath, start_offset, file->sync_offset);

return 0;

}

if (end_offset != (uoff_t)-1 && end_offset > file->sync_offset) {

mail_index_set_error(file->log->index,