*IMPORTANT* - bugfix sync_append_commit index breakage

[David Carter]

On Fri, 31 Aug 2007, Ken Murchison wrote:

> I think your patch makes sense, but I'm not sure when "The cyrus index 
> file format has this clever "ignore" junk at the end until the exists 
> count changes trick" means.  I know we leave junk in the cache file as a 
> result of delayed expunge which gets cleaned up later, but I'm pretty 
> sure the the index file is always tightly packed.  The is extra space in 
> the index header, but there shouldn't be any between the index records.

I think that the danger is that if sync_server gets shut down uncleanly 
(which I know was happening to Fastmail a lot at one point) then then you 
can end up with a bogus entry at the end of a cyrus.index file which is 
not overwritten by the next sync_append_commit() on that mailbox.

The race condition is that the exists count in the header can only be 
updated after the index record has been written.

An explicit seek using mailbox->exists is definitely more robust, although 
it probably doesn't help if power fails halfway through the fsync() on the 
cyrus.index file after both updates have been made (data=journal maybe?)

-- 
David Carter                             Email: David.Carter at ucs.cam.ac.uk
University Computing Service,            Phone: (01223) 334502
New Museums Site, Pembroke Street,       Fax:   (01223) 334679
Cambridge UK. CB2 3QH.