xref: /titanic_52/usr/src/cmd/svc/configd/backend.c (revision 1959748cbddf37d4734c107dadfa449e076045e3)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * sqlite is not compatible with _FILE_OFFSET_BITS=64, but we need to
30  * be able to statvfs(2) possibly large systems.  This define gives us
31  * access to the transitional interfaces.  See lfcompile64(5) for how
32  * _LARGEFILE64_SOURCE works.
33  */
34 #define	_LARGEFILE64_SOURCE
35 
36 #include <assert.h>
37 #include <door.h>
38 #include <dirent.h>
39 #include <errno.h>
40 #include <fcntl.h>
41 #include <limits.h>
42 #include <pthread.h>
43 #include <stdarg.h>
44 #include <stdio.h>
45 #include <stdlib.h>
46 #include <string.h>
47 #include <sys/stat.h>
48 #include <sys/statvfs.h>
49 #include <unistd.h>
50 #include <zone.h>
51 
52 #include "configd.h"
53 #include "repcache_protocol.h"
54 
55 #include <sqlite.h>
56 #include <sqlite-misc.h>
57 
58 /*
59  * This file has two purposes:
60  *
61  * 1. It contains the database schema, and the code for setting up our backend
62  *    databases, including installing said schema.
63  *
64  * 2. It provides a simplified interface to the SQL database library, and
65  *    synchronizes MT access to the database.
66  */
67 
68 typedef struct backend_spent {
69 	uint64_t bs_count;
70 	hrtime_t bs_time;
71 	hrtime_t bs_vtime;
72 } backend_spent_t;
73 
74 typedef struct backend_totals {
75 	backend_spent_t	bt_lock;	/* waiting for lock */
76 	backend_spent_t	bt_exec;	/* time spent executing SQL */
77 } backend_totals_t;
78 
79 typedef struct sqlite_backend {
80 	pthread_mutex_t	be_lock;
81 	pthread_t	be_thread;	/* thread holding lock */
82 	struct sqlite	*be_db;
83 	const char	*be_path;	/* path to db */
84 	int		be_readonly;	/* readonly at start, and still is */
85 	int		be_writing;	/* held for writing */
86 	backend_type_t	be_type;	/* type of db */
87 	hrtime_t	be_lastcheck;	/* time of last read-only check */
88 	backend_totals_t be_totals[2];	/* one for reading, one for writing */
89 } sqlite_backend_t;
90 
91 struct backend_tx {
92 	sqlite_backend_t	*bt_be;
93 	int			bt_readonly;
94 	int			bt_type;
95 	int			bt_full;	/* SQLITE_FULL during tx */
96 };
97 
98 #define	UPDATE_TOTALS_WR(sb, writing, field, ts, vts) { \
99 	backend_spent_t *__bsp = &(sb)->be_totals[!!(writing)].field; \
100 	__bsp->bs_count++;						\
101 	__bsp->bs_time += (gethrtime() - ts);				\
102 	__bsp->bs_vtime += (gethrvtime() - vts);			\
103 }
104 
105 #define	UPDATE_TOTALS(sb, field, ts, vts) \
106 	UPDATE_TOTALS_WR(sb, (sb)->be_writing, field, ts, vts)
107 
108 struct backend_query {
109 	char	*bq_buf;
110 	size_t	bq_size;
111 };
112 
113 struct backend_tbl_info {
114 	const char *bti_name;
115 	const char *bti_cols;
116 };
117 
118 struct backend_idx_info {
119 	const char *bxi_tbl;
120 	const char *bxi_idx;
121 	const char *bxi_cols;
122 };
123 
124 static pthread_mutex_t backend_panic_lock = PTHREAD_MUTEX_INITIALIZER;
125 static pthread_cond_t backend_panic_cv = PTHREAD_COND_INITIALIZER;
126 pthread_t backend_panic_thread = 0;
127 
128 int backend_do_trace = 0;		/* invoke tracing callback */
129 int backend_print_trace = 0;		/* tracing callback prints SQL */
130 int backend_panic_abort = 0;		/* abort when panicking */
131 
132 /* interval between read-only checks while starting up */
133 #define	BACKEND_READONLY_CHECK_INTERVAL	(2 * (hrtime_t)NANOSEC)
134 
135 /*
136  * Any change to the below schema should bump the version number
137  */
138 #define	BACKEND_SCHEMA_VERSION		5
139 
140 static struct backend_tbl_info tbls_normal[] = { /* BACKEND_TYPE_NORMAL */
141 	/*
142 	 * service_tbl holds all services.  svc_id is the identifier of the
143 	 * service.
144 	 */
145 	{
146 		"service_tbl",
147 		"svc_id          INTEGER PRIMARY KEY,"
148 		"svc_name        CHAR(256) NOT NULL"
149 	},
150 
151 	/*
152 	 * instance_tbl holds all of the instances.  The parent service id
153 	 * is instance_svc.
154 	 */
155 	{
156 		"instance_tbl",
157 		"instance_id     INTEGER PRIMARY KEY,"
158 		"instance_name   CHAR(256) NOT NULL,"
159 		"instance_svc    INTEGER NOT NULL"
160 	},
161 
162 	/*
163 	 * snapshot_lnk_tbl links (instance, snapshot name) with snapshots.
164 	 */
165 	{
166 		"snapshot_lnk_tbl",
167 		"lnk_id          INTEGER PRIMARY KEY,"
168 		"lnk_inst_id     INTEGER NOT NULL,"
169 		"lnk_snap_name   CHAR(256) NOT NULL,"
170 		"lnk_snap_id     INTEGER NOT NULL"
171 	},
172 
173 	/*
174 	 * snaplevel_tbl maps a snapshot id to a set of named, ordered
175 	 * snaplevels.
176 	 */
177 	{
178 		"snaplevel_tbl",
179 		"snap_id                 INTEGER NOT NULL,"
180 		"snap_level_num          INTEGER NOT NULL,"
181 		"snap_level_id           INTEGER NOT NULL,"
182 		"snap_level_service_id   INTEGER NOT NULL,"
183 		"snap_level_service      CHAR(256) NOT NULL,"
184 		"snap_level_instance_id  INTEGER NULL,"
185 		"snap_level_instance     CHAR(256) NULL"
186 	},
187 
188 	/*
189 	 * snaplevel_lnk_tbl links snaplevels to property groups.
190 	 * snaplvl_pg_* is identical to the original property group,
191 	 * and snaplvl_gen_id overrides the generation number.
192 	 * The service/instance ids are as in the snaplevel.
193 	 */
194 	{
195 		"snaplevel_lnk_tbl",
196 		"snaplvl_level_id INTEGER NOT NULL,"
197 		"snaplvl_pg_id    INTEGER NOT NULL,"
198 		"snaplvl_pg_name  CHAR(256) NOT NULL,"
199 		"snaplvl_pg_type  CHAR(256) NOT NULL,"
200 		"snaplvl_pg_flags INTEGER NOT NULL,"
201 		"snaplvl_gen_id   INTEGER NOT NULL"
202 	},
203 
204 	{ NULL, NULL }
205 };
206 
207 static struct backend_idx_info idxs_normal[] = { /* BACKEND_TYPE_NORMAL */
208 	{ "service_tbl",	"name",	"svc_name" },
209 	{ "instance_tbl",	"name",	"instance_svc, instance_name" },
210 	{ "snapshot_lnk_tbl",	"name",	"lnk_inst_id, lnk_snap_name" },
211 	{ "snapshot_lnk_tbl",	"snapid", "lnk_snap_id" },
212 	{ "snaplevel_tbl",	"id",	"snap_id" },
213 	{ "snaplevel_lnk_tbl",	"id",	"snaplvl_pg_id" },
214 	{ "snaplevel_lnk_tbl",	"level", "snaplvl_level_id" },
215 	{ NULL, NULL, NULL }
216 };
217 
218 static struct backend_tbl_info tbls_np[] = { /* BACKEND_TYPE_NONPERSIST */
219 	{ NULL, NULL }
220 };
221 
222 static struct backend_idx_info idxs_np[] = {	/* BACKEND_TYPE_NONPERSIST */
223 	{ NULL, NULL, NULL }
224 };
225 
226 static struct backend_tbl_info tbls_common[] = { /* all backend types */
227 	/*
228 	 * pg_tbl defines property groups.  They are associated with a single
229 	 * service or instance.  The pg_gen_id links them with the latest
230 	 * "edited" version of its properties.
231 	 */
232 	{
233 		"pg_tbl",
234 		"pg_id           INTEGER PRIMARY KEY,"
235 		"pg_parent_id    INTEGER NOT NULL,"
236 		"pg_name         CHAR(256) NOT NULL,"
237 		"pg_type         CHAR(256) NOT NULL,"
238 		"pg_flags        INTEGER NOT NULL,"
239 		"pg_gen_id       INTEGER NOT NULL"
240 	},
241 
242 	/*
243 	 * prop_lnk_tbl links a particular pg_id and gen_id to a set of
244 	 * (prop_name, prop_type, val_id) trios.
245 	 */
246 	{
247 		"prop_lnk_tbl",
248 		"lnk_prop_id     INTEGER PRIMARY KEY,"
249 		"lnk_pg_id       INTEGER NOT NULL,"
250 		"lnk_gen_id      INTEGER NOT NULL,"
251 		"lnk_prop_name   CHAR(256) NOT NULL,"
252 		"lnk_prop_type   CHAR(2) NOT NULL,"
253 		"lnk_val_id      INTEGER"
254 	},
255 
256 	/*
257 	 * value_tbl maps a value_id to a set of values.  For any given
258 	 * value_id, value_type is constant.
259 	 */
260 	{
261 		"value_tbl",
262 		"value_id        INTEGER NOT NULL,"
263 		"value_type      CHAR(1) NOT NULL,"
264 		"value_value     VARCHAR NOT NULL"
265 	},
266 
267 	/*
268 	 * id_tbl has one row per id space
269 	 */
270 	{
271 		"id_tbl",
272 		"id_name         STRING NOT NULL,"
273 		"id_next         INTEGER NOT NULL"
274 	},
275 
276 	/*
277 	 * schema_version has a single row, which contains
278 	 * BACKEND_SCHEMA_VERSION at the time of creation.
279 	 */
280 	{
281 		"schema_version",
282 		"schema_version  INTEGER"
283 	},
284 	{ NULL, NULL }
285 };
286 
287 static struct backend_idx_info idxs_common[] = { /* all backend types */
288 	{ "pg_tbl",		"parent", "pg_parent_id" },
289 	{ "pg_tbl",		"name",	"pg_parent_id, pg_name" },
290 	{ "pg_tbl",		"type",	"pg_parent_id, pg_type" },
291 	{ "prop_lnk_tbl",	"base",	"lnk_pg_id, lnk_gen_id" },
292 	{ "prop_lnk_tbl",	"val",	"lnk_val_id" },
293 	{ "value_tbl",		"id",	"value_id" },
294 	{ "id_tbl",		"id",	"id_name" },
295 	{ NULL, NULL, NULL }
296 };
297 
298 struct run_single_int_info {
299 	uint32_t	*rs_out;
300 	int		rs_result;
301 };
302 
303 /*ARGSUSED*/
304 static int
305 run_single_int_callback(void *arg, int columns, char **vals, char **names)
306 {
307 	struct run_single_int_info *info = arg;
308 	uint32_t val;
309 
310 	char *endptr = vals[0];
311 
312 	assert(info->rs_result != REP_PROTOCOL_SUCCESS);
313 	assert(columns == 1);
314 
315 	if (vals[0] == NULL)
316 		return (BACKEND_CALLBACK_CONTINUE);
317 
318 	errno = 0;
319 	val = strtoul(vals[0], &endptr, 10);
320 	if ((val == 0 && endptr == vals[0]) || *endptr != 0 || errno != 0)
321 		backend_panic("malformed integer \"%20s\"", vals[0]);
322 
323 	*info->rs_out = val;
324 	info->rs_result = REP_PROTOCOL_SUCCESS;
325 	return (BACKEND_CALLBACK_CONTINUE);
326 }
327 
328 /*ARGSUSED*/
329 int
330 backend_fail_if_seen(void *arg, int columns, char **vals, char **names)
331 {
332 	return (BACKEND_CALLBACK_ABORT);
333 }
334 
335 /*
336  * check to see if we can successfully start a transaction;  if not, the
337  * filesystem is mounted read-only.
338  */
339 static int
340 backend_is_readonly(struct sqlite *db, const char *path)
341 {
342 	int r;
343 	statvfs64_t stat;
344 
345 	if (statvfs64(path, &stat) == 0 && (stat.f_flag & ST_RDONLY))
346 		return (SQLITE_READONLY);
347 
348 	r = sqlite_exec(db,
349 	    "BEGIN TRANSACTION; "
350 	    "UPDATE schema_version SET schema_version = schema_version; ",
351 	    NULL, NULL, NULL);
352 	(void) sqlite_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
353 	return (r);
354 }
355 
356 static void
357 backend_trace_sql(void *arg, const char *sql)
358 {
359 	sqlite_backend_t *be = arg;
360 
361 	if (backend_print_trace) {
362 		(void) fprintf(stderr, "%d: %s\n", be->be_type, sql);
363 	}
364 }
365 
366 static sqlite_backend_t be_info[BACKEND_TYPE_TOTAL];
367 static sqlite_backend_t *bes[BACKEND_TYPE_TOTAL];
368 
369 #define	BACKEND_PANIC_TIMEOUT	(50 * MILLISEC)
370 /*
371  * backend_panic() -- some kind of database problem or corruption has been hit.
372  * We attempt to quiesce the other database users -- all of the backend sql
373  * entry points will call backend_panic(NULL) if a panic is in progress, as
374  * will any attempt to start a transaction.
375  *
376  * We give threads holding a backend lock 50ms (BACKEND_PANIC_TIMEOUT) to
377  * either drop the lock or call backend_panic().  If they don't respond in
378  * time, we'll just exit anyway.
379  */
380 void
381 backend_panic(const char *format, ...)
382 {
383 	int i;
384 	va_list args;
385 	int failed = 0;
386 
387 	(void) pthread_mutex_lock(&backend_panic_lock);
388 	if (backend_panic_thread != 0) {
389 		(void) pthread_mutex_unlock(&backend_panic_lock);
390 		/*
391 		 * first, drop any backend locks we're holding, then
392 		 * sleep forever on the panic_cv.
393 		 */
394 		for (i = 0; i < BACKEND_TYPE_TOTAL; i++) {
395 			if (bes[i] != NULL &&
396 			    bes[i]->be_thread == pthread_self())
397 				(void) pthread_mutex_unlock(&bes[i]->be_lock);
398 		}
399 		(void) pthread_mutex_lock(&backend_panic_lock);
400 		for (;;)
401 			(void) pthread_cond_wait(&backend_panic_cv,
402 			    &backend_panic_lock);
403 	}
404 	backend_panic_thread = pthread_self();
405 	(void) pthread_mutex_unlock(&backend_panic_lock);
406 
407 	for (i = 0; i < BACKEND_TYPE_TOTAL; i++) {
408 		if (bes[i] != NULL && bes[i]->be_thread == pthread_self())
409 			(void) pthread_mutex_unlock(&bes[i]->be_lock);
410 	}
411 
412 	va_start(args, format);
413 	configd_vcritical(format, args);
414 	va_end(args);
415 
416 	for (i = 0; i < BACKEND_TYPE_TOTAL; i++) {
417 		timespec_t rel;
418 
419 		rel.tv_sec = 0;
420 		rel.tv_nsec = BACKEND_PANIC_TIMEOUT;
421 
422 		if (bes[i] != NULL && bes[i]->be_thread != pthread_self()) {
423 			if (pthread_mutex_reltimedlock_np(&bes[i]->be_lock,
424 			    &rel) != 0)
425 				failed++;
426 		}
427 	}
428 	if (failed) {
429 		configd_critical("unable to quiesce database\n");
430 	}
431 
432 	if (backend_panic_abort)
433 		abort();
434 
435 	exit(CONFIGD_EXIT_DATABASE_BAD);
436 }
437 
438 /*
439  * Returns
440  *   _SUCCESS
441  *   _DONE - callback aborted query
442  *   _NO_RESOURCES - out of memory (_FULL & _TOOBIG?)
443  */
444 static int
445 backend_error(sqlite_backend_t *be, int error, char *errmsg)
446 {
447 	if (error == SQLITE_OK)
448 		return (REP_PROTOCOL_SUCCESS);
449 
450 	switch (error) {
451 	case SQLITE_ABORT:
452 		free(errmsg);
453 		return (REP_PROTOCOL_DONE);
454 
455 	case SQLITE_NOMEM:
456 	case SQLITE_FULL:
457 	case SQLITE_TOOBIG:
458 		free(errmsg);
459 		return (REP_PROTOCOL_FAIL_NO_RESOURCES);
460 
461 	default:
462 		backend_panic("%s: db error: %s", be->be_path, errmsg);
463 		/*NOTREACHED*/
464 	}
465 }
466 
467 static void
468 backend_backup_cleanup(const char **out_arg, ssize_t out_sz)
469 {
470 	char **out = (char **)out_arg;
471 
472 	while (out_sz-- > 0)
473 		free(*out++);
474 	free(out_arg);
475 }
476 
477 /*
478  * builds a inverse-time-sorted array of backup files.  The path is a
479  * a single buffer, and the pointers look like:
480  *
481  *	/this/is/a/full/path/to/repository-name-YYYYMMDDHHMMSS
482  *	^pathname		^	       ^(pathname+pathlen)
483  *				basename
484  *
485  * dirname will either be pathname, or ".".
486  *
487  * Returns the number of elements in the array, 0 if there are no previous
488  * backups, or -1 on error.
489  */
490 static ssize_t
491 backend_backup_get_prev(char *pathname, size_t pathlen, const char ***out_arg)
492 {
493 	char b_start, b_end;
494 	DIR *dir;
495 	char **out = NULL;
496 	char *name, *p;
497 	char *dirname, *basename;
498 	char *pathend;
499 	struct dirent *ent;
500 
501 	size_t count = 0;
502 	size_t baselen;
503 
504 	/*
505 	 * year, month, day, hour, min, sec, plus an '_'.
506 	 */
507 	const size_t ndigits = 4 + 5*2 + 1;
508 	const size_t baroffset = 4 + 2*2;
509 
510 	size_t idx;
511 
512 	pathend = pathname + pathlen;
513 	b_end = *pathend;
514 	*pathend = '\0';
515 
516 	basename = strrchr(pathname, '/');
517 
518 	if (basename != NULL) {
519 		assert(pathend > pathname && basename < pathend);
520 		basename++;
521 		dirname = pathname;
522 	} else {
523 		basename = pathname;
524 		dirname = ".";
525 	}
526 
527 	baselen = strlen(basename);
528 
529 	/*
530 	 * munge the string temporarily for the opendir(), then restore it.
531 	 */
532 	b_start = basename[0];
533 
534 	basename[0] = '\0';
535 	dir = opendir(dirname);
536 	basename[0] = b_start;		/* restore path */
537 
538 	if (dir == NULL)
539 		goto fail;
540 
541 
542 	while ((ent = readdir(dir)) != NULL) {
543 		/*
544 		 * Must match:
545 		 *	basename-YYYYMMDD_HHMMSS
546 		 * or we ignore it.
547 		 */
548 		if (strncmp(ent->d_name, basename, baselen) != 0)
549 			continue;
550 
551 		name = ent->d_name;
552 		if (name[baselen] != '-')
553 			continue;
554 
555 		p = name + baselen + 1;
556 
557 		for (idx = 0; idx < ndigits; idx++) {
558 			char c = p[idx];
559 			if (idx == baroffset && c != '_')
560 				break;
561 			if (idx != baroffset && (c < '0' || c > '9'))
562 				break;
563 		}
564 		if (idx != ndigits || p[idx] != '\0')
565 			continue;
566 
567 		/*
568 		 * We have a match.  insertion-sort it into our list.
569 		 */
570 		name = strdup(name);
571 		if (name == NULL)
572 			goto fail_closedir;
573 		p = strrchr(name, '-');
574 
575 		for (idx = 0; idx < count; idx++) {
576 			char *tmp = out[idx];
577 			char *tp = strrchr(tmp, '-');
578 
579 			int cmp = strcmp(p, tp);
580 			if (cmp == 0)
581 				cmp = strcmp(name, tmp);
582 
583 			if (cmp == 0) {
584 				free(name);
585 				name = NULL;
586 				break;
587 			} else if (cmp > 0) {
588 				out[idx] = name;
589 				name = tmp;
590 				p = tp;
591 			}
592 		}
593 
594 		if (idx == count) {
595 			char **new_out = realloc(out,
596 			    (count + 1) * sizeof (*out));
597 
598 			if (new_out == NULL) {
599 				free(name);
600 				goto fail_closedir;
601 			}
602 
603 			out = new_out;
604 			out[count++] = name;
605 		} else {
606 			assert(name == NULL);
607 		}
608 	}
609 	(void) closedir(dir);
610 
611 	basename[baselen] = b_end;
612 
613 	*out_arg = (const char **)out;
614 	return (count);
615 
616 fail_closedir:
617 	(void) closedir(dir);
618 fail:
619 	basename[0] = b_start;
620 	*pathend = b_end;
621 
622 	backend_backup_cleanup((const char **)out, count);
623 
624 	*out_arg = NULL;
625 	return (-1);
626 }
627 
628 /*
629  * Copies the repository path into out, a buffer of out_len bytes,
630  * removes the ".db" (or whatever) extension, and, if name is non-NULL,
631  * appends "-name" to it.  If name is non-NULL, it can fail with:
632  *
633  *	_TRUNCATED	will not fit in buffer.
634  *	_BAD_REQUEST	name is not a valid identifier
635  */
636 static rep_protocol_responseid_t
637 backend_backup_base(sqlite_backend_t *be, const char *name,
638     char *out, size_t out_len)
639 {
640 	char *p, *q;
641 	size_t len;
642 
643 	/*
644 	 * for paths of the form /path/to/foo.db, we truncate at the final
645 	 * '.'.
646 	 */
647 	(void) strlcpy(out, be->be_path, out_len);
648 
649 	p = strrchr(out, '/');
650 	q = strrchr(out, '.');
651 
652 	if (p != NULL && q != NULL && q > p)
653 		*q = 0;
654 
655 	if (name != NULL) {
656 		len = strlen(out);
657 		assert(len < out_len);
658 
659 		out += len;
660 		out_len -= len;
661 
662 		len = strlen(name);
663 
664 		/*
665 		 * verify that the name tag is entirely alphabetic,
666 		 * non-empty, and not too long.
667 		 */
668 		if (len == 0 || len >= REP_PROTOCOL_NAME_LEN ||
669 		    uu_check_name(name, UU_NAME_DOMAIN) < 0)
670 			return (REP_PROTOCOL_FAIL_BAD_REQUEST);
671 
672 		if (snprintf(out, out_len, "-%s", name) >= out_len)
673 			return (REP_PROTOCOL_FAIL_TRUNCATED);
674 	}
675 
676 	return (REP_PROTOCOL_SUCCESS);
677 }
678 
679 /*
680  * See if a backup is needed.  We do a backup unless both files are
681  * byte-for-byte identical.
682  */
683 static int
684 backend_check_backup_needed(const char *rep_name, const char *backup_name)
685 {
686 	int repfd = open(rep_name, O_RDONLY);
687 	int fd = open(backup_name, O_RDONLY);
688 	struct stat s_rep, s_backup;
689 	int c1, c2;
690 
691 	FILE *f_rep = NULL;
692 	FILE *f_backup = NULL;
693 
694 	if (repfd < 0 || fd < 0)
695 		goto fail;
696 
697 	if (fstat(repfd, &s_rep) < 0 || fstat(fd, &s_backup) < 0)
698 		goto fail;
699 
700 	/*
701 	 * if they are the same file, we need to do a backup to break the
702 	 * hard link or symlink involved.
703 	 */
704 	if (s_rep.st_ino == s_backup.st_ino && s_rep.st_dev == s_backup.st_dev)
705 		goto fail;
706 
707 	if (s_rep.st_size != s_backup.st_size)
708 		goto fail;
709 
710 	if ((f_rep = fdopen(repfd, "r")) == NULL ||
711 	    (f_backup = fdopen(fd, "r")) == NULL)
712 		goto fail;
713 
714 	do {
715 		c1 = getc(f_rep);
716 		c2 = getc(f_backup);
717 		if (c1 != c2)
718 			goto fail;
719 	} while (c1 != EOF);
720 
721 	if (!ferror(f_rep) && !ferror(f_backup)) {
722 		(void) fclose(f_rep);
723 		(void) fclose(f_backup);
724 		(void) close(repfd);
725 		(void) close(fd);
726 		return (0);
727 	}
728 
729 fail:
730 	if (f_rep != NULL)
731 		(void) fclose(f_rep);
732 	if (f_backup != NULL)
733 		(void) fclose(f_backup);
734 	if (repfd >= 0)
735 		(void) close(repfd);
736 	if (fd >= 0)
737 		(void) close(fd);
738 	return (1);
739 }
740 
741 /*
742  * Can return:
743  *	_BAD_REQUEST		name is not valid
744  *	_TRUNCATED		name is too long for current repository path
745  *	_UNKNOWN		failed for unknown reason (details written to
746  *				console)
747  *	_BACKEND_READONLY	backend is not writable
748  *
749  *	_SUCCESS		Backup completed successfully.
750  */
751 static rep_protocol_responseid_t
752 backend_create_backup_locked(sqlite_backend_t *be, const char *name)
753 {
754 	const char **old_list;
755 	ssize_t old_sz;
756 	ssize_t old_max = max_repository_backups;
757 	ssize_t cur;
758 
759 	char *finalname;
760 
761 	char finalpath[PATH_MAX];
762 	char tmppath[PATH_MAX];
763 	char buf[8192];
764 	int infd, outfd;
765 	size_t len;
766 	off_t inlen, outlen, offset;
767 
768 	time_t now;
769 	struct tm now_tm;
770 
771 	rep_protocol_responseid_t result;
772 
773 	if (be->be_readonly)
774 		return (REP_PROTOCOL_FAIL_BACKEND_READONLY);
775 
776 	result = backend_backup_base(be, name, finalpath, sizeof (finalpath));
777 	if (result != REP_PROTOCOL_SUCCESS)
778 		return (result);
779 
780 	if (!backend_check_backup_needed(be->be_path, finalpath)) {
781 		return (REP_PROTOCOL_SUCCESS);
782 	}
783 
784 	/*
785 	 * remember the original length, and the basename location
786 	 */
787 	len = strlen(finalpath);
788 	finalname = strrchr(finalpath, '/');
789 	if (finalname != NULL)
790 		finalname++;
791 	else
792 		finalname = finalpath;
793 
794 	(void) strlcpy(tmppath, finalpath, sizeof (tmppath));
795 	if (strlcat(tmppath, "-tmpXXXXXX", sizeof (tmppath)) >=
796 	    sizeof (tmppath))
797 		return (REP_PROTOCOL_FAIL_TRUNCATED);
798 
799 	now = time(NULL);
800 	if (localtime_r(&now, &now_tm) == NULL) {
801 		configd_critical(
802 		    "\"%s\" backup failed: localtime(3C) failed: %s\n", name,
803 		    be->be_path, strerror(errno));
804 		return (REP_PROTOCOL_FAIL_UNKNOWN);
805 	}
806 
807 	if (strftime(finalpath + len, sizeof (finalpath) - len,
808 	    "-%Y""%m""%d""_""%H""%M""%S", &now_tm) >=
809 	    sizeof (finalpath) - len) {
810 		return (REP_PROTOCOL_FAIL_TRUNCATED);
811 	}
812 
813 	infd = open(be->be_path, O_RDONLY);
814 	if (infd < 0) {
815 		configd_critical("\"%s\" backup failed: opening %s: %s\n", name,
816 		    be->be_path, strerror(errno));
817 		return (REP_PROTOCOL_FAIL_UNKNOWN);
818 	}
819 
820 	outfd = mkstemp(tmppath);
821 	if (outfd < 0) {
822 		configd_critical("\"%s\" backup failed: mkstemp(%s): %s\n",
823 		    name, tmppath, strerror(errno));
824 		(void) close(infd);
825 		return (REP_PROTOCOL_FAIL_UNKNOWN);
826 	}
827 
828 	for (;;) {
829 		do {
830 			inlen = read(infd, buf, sizeof (buf));
831 		} while (inlen < 0 && errno == EINTR);
832 
833 		if (inlen <= 0)
834 			break;
835 
836 		for (offset = 0; offset < inlen; offset += outlen) {
837 			do {
838 				outlen = write(outfd, buf + offset,
839 				    inlen - offset);
840 			} while (outlen < 0 && errno == EINTR);
841 
842 			if (outlen >= 0)
843 				continue;
844 
845 			configd_critical(
846 			    "\"%s\" backup failed: write to %s: %s\n",
847 			    name, tmppath, strerror(errno));
848 			result = REP_PROTOCOL_FAIL_UNKNOWN;
849 			goto fail;
850 		}
851 	}
852 
853 	if (inlen < 0) {
854 		configd_critical(
855 		    "\"%s\" backup failed: read from %s: %s\n",
856 		    name, be->be_path, strerror(errno));
857 		goto fail;
858 	}
859 
860 	/*
861 	 * grab the old list before doing our re-name.
862 	 */
863 	if (old_max > 0)
864 		old_sz = backend_backup_get_prev(finalpath, len, &old_list);
865 
866 	if (rename(tmppath, finalpath) < 0) {
867 		configd_critical(
868 		    "\"%s\" backup failed: rename(%s, %s): %s\n",
869 		    name, tmppath, finalpath, strerror(errno));
870 		result = REP_PROTOCOL_FAIL_UNKNOWN;
871 		goto fail;
872 	}
873 
874 	tmppath[len] = 0;	/* strip -XXXXXX, for reference symlink */
875 
876 	(void) unlink(tmppath);
877 	if (symlink(finalname, tmppath) < 0) {
878 		configd_critical(
879 		    "\"%s\" backup completed, but updating "
880 		    "\"%s\" symlink to \"%s\" failed: %s\n",
881 		    name, tmppath, finalname, strerror(errno));
882 	}
883 
884 	if (old_max > 0 && old_sz > 0) {
885 		/* unlink all but the first (old_max - 1) files */
886 		for (cur = old_max - 1; cur < old_sz; cur++) {
887 			(void) strlcpy(finalname, old_list[cur],
888 			    sizeof (finalpath) - (finalname - finalpath));
889 			if (unlink(finalpath) < 0)
890 				configd_critical(
891 				    "\"%s\" backup completed, but removing old "
892 				    "file \"%s\" failed: %s\n",
893 				    name, finalpath, strerror(errno));
894 		}
895 
896 		backend_backup_cleanup(old_list, old_sz);
897 	}
898 
899 	result = REP_PROTOCOL_SUCCESS;
900 
901 fail:
902 	(void) close(infd);
903 	(void) close(outfd);
904 	if (result != REP_PROTOCOL_SUCCESS)
905 		(void) unlink(tmppath);
906 
907 	return (result);
908 }
909 
910 static int
911 backend_check_readonly(sqlite_backend_t *be, int writing, hrtime_t t)
912 {
913 	char *errp;
914 	struct sqlite *new;
915 	int r;
916 
917 	assert(be->be_readonly);
918 	assert(be == bes[BACKEND_TYPE_NORMAL]);
919 
920 	/*
921 	 * If we don't *need* to be writable, only check every once in a
922 	 * while.
923 	 */
924 	if (!writing) {
925 		if ((uint64_t)(t - be->be_lastcheck) <
926 		    BACKEND_READONLY_CHECK_INTERVAL)
927 			return (REP_PROTOCOL_SUCCESS);
928 		be->be_lastcheck = t;
929 	}
930 
931 	new = sqlite_open(be->be_path, 0600, &errp);
932 	if (new == NULL) {
933 		backend_panic("reopening %s: %s\n", be->be_path, errp);
934 		/*NOTREACHED*/
935 	}
936 	r = backend_is_readonly(new, be->be_path);
937 
938 	if (r != SQLITE_OK) {
939 		sqlite_close(new);
940 		if (writing)
941 			return (REP_PROTOCOL_FAIL_BACKEND_READONLY);
942 		return (REP_PROTOCOL_SUCCESS);
943 	}
944 
945 	/*
946 	 * We can write!  Swap the db handles, mark ourself writable,
947 	 * and make a backup.
948 	 */
949 	sqlite_close(be->be_db);
950 	be->be_db = new;
951 	be->be_readonly = 0;
952 
953 	if (backend_create_backup_locked(be, REPOSITORY_BOOT_BACKUP) !=
954 	    REP_PROTOCOL_SUCCESS) {
955 		configd_critical(
956 		    "unable to create \"%s\" backup of \"%s\"\n",
957 		    REPOSITORY_BOOT_BACKUP, be->be_path);
958 	}
959 
960 	return (REP_PROTOCOL_SUCCESS);
961 }
962 
963 /*
964  * If t is not BACKEND_TYPE_NORMAL, can fail with
965  *   _BACKEND_ACCESS - backend does not exist
966  *
967  * If writing is nonzero, can also fail with
968  *   _BACKEND_READONLY - backend is read-only
969  */
970 static int
971 backend_lock(backend_type_t t, int writing, sqlite_backend_t **bep)
972 {
973 	sqlite_backend_t *be = NULL;
974 	hrtime_t ts, vts;
975 
976 	*bep = NULL;
977 
978 	assert(t == BACKEND_TYPE_NORMAL ||
979 	    t == BACKEND_TYPE_NONPERSIST);
980 
981 	be = bes[t];
982 	if (t == BACKEND_TYPE_NORMAL)
983 		assert(be != NULL);		/* should always be there */
984 
985 	if (be == NULL)
986 		return (REP_PROTOCOL_FAIL_BACKEND_ACCESS);
987 
988 	if (backend_panic_thread != 0)
989 		backend_panic(NULL);		/* don't proceed */
990 
991 	ts = gethrtime();
992 	vts = gethrvtime();
993 	(void) pthread_mutex_lock(&be->be_lock);
994 	UPDATE_TOTALS_WR(be, writing, bt_lock, ts, vts);
995 
996 	if (backend_panic_thread != 0) {
997 		(void) pthread_mutex_unlock(&be->be_lock);
998 		backend_panic(NULL);		/* don't proceed */
999 	}
1000 	be->be_thread = pthread_self();
1001 
1002 	if (be->be_readonly) {
1003 		int r;
1004 		assert(t == BACKEND_TYPE_NORMAL);
1005 
1006 		r = backend_check_readonly(be, writing, ts);
1007 		if (r != REP_PROTOCOL_SUCCESS) {
1008 			be->be_thread = 0;
1009 			(void) pthread_mutex_unlock(&be->be_lock);
1010 			return (r);
1011 		}
1012 	}
1013 
1014 	if (backend_do_trace)
1015 		(void) sqlite_trace(be->be_db, backend_trace_sql, be);
1016 	else
1017 		(void) sqlite_trace(be->be_db, NULL, NULL);
1018 
1019 	be->be_writing = writing;
1020 	*bep = be;
1021 	return (REP_PROTOCOL_SUCCESS);
1022 }
1023 
1024 static void
1025 backend_unlock(sqlite_backend_t *be)
1026 {
1027 	be->be_writing = 0;
1028 	be->be_thread = 0;
1029 	(void) pthread_mutex_unlock(&be->be_lock);
1030 }
1031 
1032 static void
1033 backend_destroy(sqlite_backend_t *be)
1034 {
1035 	if (be->be_db != NULL) {
1036 		sqlite_close(be->be_db);
1037 		be->be_db = NULL;
1038 	}
1039 	be->be_thread = 0;
1040 	(void) pthread_mutex_unlock(&be->be_lock);
1041 	(void) pthread_mutex_destroy(&be->be_lock);
1042 }
1043 
1044 static void
1045 backend_create_finish(backend_type_t backend_id, sqlite_backend_t *be)
1046 {
1047 	assert(MUTEX_HELD(&be->be_lock));
1048 	assert(be == &be_info[backend_id]);
1049 
1050 	bes[backend_id] = be;
1051 	(void) pthread_mutex_unlock(&be->be_lock);
1052 }
1053 
1054 static int
1055 backend_fd_write(int fd, const char *mess)
1056 {
1057 	int len = strlen(mess);
1058 	int written;
1059 
1060 	while (len > 0) {
1061 		if ((written = write(fd, mess, len)) < 0)
1062 			return (-1);
1063 		mess += written;
1064 		len -= written;
1065 	}
1066 	return (0);
1067 }
1068 
1069 /*
1070  * Can return:
1071  *	_BAD_REQUEST		name is not valid
1072  *	_TRUNCATED		name is too long for current repository path
1073  *	_UNKNOWN		failed for unknown reason (details written to
1074  *				console)
1075  *	_BACKEND_READONLY	backend is not writable
1076  *
1077  *	_SUCCESS		Backup completed successfully.
1078  */
1079 rep_protocol_responseid_t
1080 backend_create_backup(const char *name)
1081 {
1082 	rep_protocol_responseid_t result;
1083 	sqlite_backend_t *be;
1084 
1085 	result = backend_lock(BACKEND_TYPE_NORMAL, 0, &be);
1086 	if (result != REP_PROTOCOL_SUCCESS)
1087 		return (result);
1088 
1089 	result = backend_create_backup_locked(be, name);
1090 	backend_unlock(be);
1091 
1092 	return (result);
1093 }
1094 
1095 /*ARGSUSED*/
1096 static int
1097 backend_integrity_callback(void *private, int narg, char **vals, char **cols)
1098 {
1099 	char **out = private;
1100 	char *old = *out;
1101 	char *new;
1102 	const char *info;
1103 	size_t len;
1104 	int x;
1105 
1106 	for (x = 0; x < narg; x++) {
1107 		if ((info = vals[x]) != NULL &&
1108 		    strcmp(info, "ok") != 0) {
1109 			len = (old == NULL)? 0 : strlen(old);
1110 			len += strlen(info) + 2;	/* '\n' + '\0' */
1111 
1112 			new = realloc(old, len);
1113 			if (new == NULL)
1114 				return (BACKEND_CALLBACK_ABORT);
1115 			if (old == NULL)
1116 				new[0] = 0;
1117 			old = *out = new;
1118 			(void) strlcat(new, info, len);
1119 			(void) strlcat(new, "\n", len);
1120 		}
1121 	}
1122 	return (BACKEND_CALLBACK_CONTINUE);
1123 }
1124 
1125 #define	BACKEND_CREATE_LOCKED		-2
1126 #define	BACKEND_CREATE_FAIL		-1
1127 #define	BACKEND_CREATE_SUCCESS		0
1128 #define	BACKEND_CREATE_READONLY		1
1129 #define	BACKEND_CREATE_NEED_INIT	2
1130 static int
1131 backend_create(backend_type_t backend_id, const char *db_file,
1132     sqlite_backend_t **bep)
1133 {
1134 	char *errp;
1135 	char *integrity_results = NULL;
1136 	sqlite_backend_t *be;
1137 	int r;
1138 	uint32_t val = -1UL;
1139 	struct run_single_int_info info;
1140 	int fd;
1141 
1142 	assert(backend_id >= 0 && backend_id < BACKEND_TYPE_TOTAL);
1143 
1144 	be = &be_info[backend_id];
1145 	assert(be->be_db == NULL);
1146 
1147 	(void) pthread_mutex_init(&be->be_lock, NULL);
1148 	(void) pthread_mutex_lock(&be->be_lock);
1149 
1150 	be->be_type = backend_id;
1151 	be->be_path = strdup(db_file);
1152 	if (be->be_path == NULL) {
1153 		perror("malloc");
1154 		goto fail;
1155 	}
1156 
1157 	be->be_db = sqlite_open(be->be_path, 0600, &errp);
1158 
1159 	if (be->be_db == NULL) {
1160 		if (strstr(errp, "out of memory") != NULL) {
1161 			configd_critical("%s: %s\n", db_file, errp);
1162 			free(errp);
1163 
1164 			goto fail;
1165 		}
1166 
1167 		/* report it as an integrity failure */
1168 		integrity_results = errp;
1169 		errp = NULL;
1170 		goto integrity_fail;
1171 	}
1172 
1173 	/*
1174 	 * check if we are inited and of the correct schema version
1175 	 *
1176 	 * Eventually, we'll support schema upgrade here.
1177 	 */
1178 	info.rs_out = &val;
1179 	info.rs_result = REP_PROTOCOL_FAIL_NOT_FOUND;
1180 
1181 	r = sqlite_exec(be->be_db, "SELECT schema_version FROM schema_version;",
1182 	    run_single_int_callback, &info, &errp);
1183 	if (r == SQLITE_ERROR &&
1184 	    strcmp("no such table: schema_version", errp) == 0) {
1185 		free(errp);
1186 		/*
1187 		 * Could be an empty repository, could be pre-schema_version
1188 		 * schema.  Check for id_tbl, which has always been there.
1189 		 */
1190 		r = sqlite_exec(be->be_db, "SELECT count() FROM id_tbl;",
1191 		    NULL, NULL, &errp);
1192 		if (r == SQLITE_ERROR &&
1193 		    strcmp("no such table: id_tbl", errp) == 0) {
1194 			free(errp);
1195 			*bep = be;
1196 			return (BACKEND_CREATE_NEED_INIT);
1197 		}
1198 
1199 		configd_critical("%s: schema version mismatch\n", db_file);
1200 		goto fail;
1201 	}
1202 	if (r == SQLITE_BUSY || r == SQLITE_LOCKED) {
1203 		free(errp);
1204 		*bep = NULL;
1205 		backend_destroy(be);
1206 		return (BACKEND_CREATE_LOCKED);
1207 	}
1208 	if (r == SQLITE_OK) {
1209 		if (info.rs_result == REP_PROTOCOL_FAIL_NOT_FOUND ||
1210 		    val != BACKEND_SCHEMA_VERSION) {
1211 			configd_critical("%s: schema version mismatch\n",
1212 			    db_file);
1213 			goto fail;
1214 		}
1215 	}
1216 
1217 	/*
1218 	 * pull in the whole database sequentially.
1219 	 */
1220 	if ((fd = open(db_file, O_RDONLY)) >= 0) {
1221 		size_t sz = 64 * 1024;
1222 		char *buffer = malloc(sz);
1223 		if (buffer != NULL) {
1224 			while (read(fd, buffer, sz) > 0)
1225 				;
1226 			free(buffer);
1227 		}
1228 		(void) close(fd);
1229 	}
1230 
1231 	/*
1232 	 * run an integrity check
1233 	 */
1234 	r = sqlite_exec(be->be_db, "PRAGMA integrity_check;",
1235 	    backend_integrity_callback, &integrity_results, &errp);
1236 
1237 	if (r == SQLITE_BUSY || r == SQLITE_LOCKED) {
1238 		free(errp);
1239 		*bep = NULL;
1240 		backend_destroy(be);
1241 		return (BACKEND_CREATE_LOCKED);
1242 	}
1243 	if (r == SQLITE_ABORT) {
1244 		free(errp);
1245 		errp = NULL;
1246 		integrity_results = "out of memory running integrity check\n";
1247 	} else if (r != SQLITE_OK && integrity_results == NULL) {
1248 		integrity_results = errp;
1249 		errp = NULL;
1250 	}
1251 
1252 integrity_fail:
1253 	if (integrity_results != NULL) {
1254 		const char *fname = "/etc/svc/volatile/db_errors";
1255 		if ((fd = open(fname, O_CREAT|O_WRONLY|O_APPEND, 0600)) < 0) {
1256 			fname = NULL;
1257 		} else {
1258 			if (backend_fd_write(fd, "\n\n") < 0 ||
1259 			    backend_fd_write(fd, db_file) < 0 ||
1260 			    backend_fd_write(fd,
1261 			    ": PRAGMA integrity_check; failed.  Results:\n") <
1262 			    0 || backend_fd_write(fd, integrity_results) < 0 ||
1263 			    backend_fd_write(fd, "\n\n") < 0) {
1264 				fname = NULL;
1265 			}
1266 			(void) close(fd);
1267 		}
1268 
1269 		if (!is_main_repository ||
1270 		    backend_id == BACKEND_TYPE_NONPERSIST) {
1271 			if (fname != NULL)
1272 				configd_critical(
1273 				    "%s: integrity check failed. Details in "
1274 				    "%s\n", db_file, fname);
1275 			else
1276 				configd_critical(
1277 				    "%s: integrity check failed.\n",
1278 				    db_file);
1279 		} else {
1280 			(void) fprintf(stderr,
1281 "\n"
1282 "svc.configd: smf(5) database integrity check of:\n"
1283 "\n"
1284 "    %s\n"
1285 "\n"
1286 "  failed. The database might be damaged or a media error might have\n"
1287 "  prevented it from being verified.  Additional information useful to\n"
1288 "  your service provider%s%s\n"
1289 "\n"
1290 "  The system will not be able to boot until you have restored a working\n"
1291 "  database.  svc.startd(1M) will provide a sulogin(1M) prompt for recovery\n"
1292 "  purposes.  The command:\n"
1293 "\n"
1294 "    /lib/svc/bin/restore_repository\n"
1295 "\n"
1296 "  can be run to restore a backup version of your repository.  See\n"
1297 "  http://sun.com/msg/SMF-8000-MY for more information.\n"
1298 "\n",
1299 			    db_file,
1300 			    (fname == NULL)? ":\n\n" : " is in:\n\n    ",
1301 			    (fname == NULL)? integrity_results : fname);
1302 		}
1303 		free(errp);
1304 		goto fail;
1305 	}
1306 
1307 	/*
1308 	 * check if we are writable
1309 	 */
1310 	r = backend_is_readonly(be->be_db, be->be_path);
1311 
1312 	if (r == SQLITE_BUSY || r == SQLITE_LOCKED) {
1313 		free(errp);
1314 		*bep = NULL;
1315 		backend_destroy(be);
1316 		return (BACKEND_CREATE_LOCKED);
1317 	}
1318 	if (r != SQLITE_OK && r != SQLITE_FULL) {
1319 		free(errp);
1320 		be->be_readonly = 1;
1321 		*bep = be;
1322 		return (BACKEND_CREATE_READONLY);
1323 	}
1324 	*bep = be;
1325 	return (BACKEND_CREATE_SUCCESS);
1326 
1327 fail:
1328 	*bep = NULL;
1329 	backend_destroy(be);
1330 	return (BACKEND_CREATE_FAIL);
1331 }
1332 
1333 /*
1334  * (arg & -arg) is, through the magic of twos-complement arithmetic, the
1335  * lowest set bit in arg.
1336  */
1337 static size_t
1338 round_up_to_p2(size_t arg)
1339 {
1340 	/*
1341 	 * Don't allow a zero result.
1342 	 */
1343 	assert(arg > 0 && ((ssize_t)arg > 0));
1344 
1345 	while ((arg & (arg - 1)) != 0)
1346 		arg += (arg & -arg);
1347 
1348 	return (arg);
1349 }
1350 
1351 /*
1352  * Returns
1353  *   _NO_RESOURCES - out of memory
1354  *   _BACKEND_ACCESS - backend type t (other than _NORMAL) doesn't exist
1355  *   _DONE - callback aborted query
1356  *   _SUCCESS
1357  */
1358 int
1359 backend_run(backend_type_t t, backend_query_t *q,
1360     backend_run_callback_f *cb, void *data)
1361 {
1362 	char *errmsg = NULL;
1363 	int ret;
1364 	sqlite_backend_t *be;
1365 	hrtime_t ts, vts;
1366 
1367 	if (q == NULL || q->bq_buf == NULL)
1368 		return (REP_PROTOCOL_FAIL_NO_RESOURCES);
1369 
1370 	if ((ret = backend_lock(t, 0, &be)) != REP_PROTOCOL_SUCCESS)
1371 		return (ret);
1372 
1373 	ts = gethrtime();
1374 	vts = gethrvtime();
1375 	ret = sqlite_exec(be->be_db, q->bq_buf, cb, data, &errmsg);
1376 	UPDATE_TOTALS(be, bt_exec, ts, vts);
1377 	ret = backend_error(be, ret, errmsg);
1378 	backend_unlock(be);
1379 
1380 	return (ret);
1381 }
1382 
1383 /*
1384  * Starts a "read-only" transaction -- i.e., locks out writers as long
1385  * as it is active.
1386  *
1387  * Fails with
1388  *   _NO_RESOURCES - out of memory
1389  *
1390  * If t is not _NORMAL, can also fail with
1391  *   _BACKEND_ACCESS - backend does not exist
1392  *
1393  * If writable is true, can also fail with
1394  *   _BACKEND_READONLY
1395  */
1396 static int
1397 backend_tx_begin_common(backend_type_t t, backend_tx_t **txp, int writable)
1398 {
1399 	backend_tx_t *ret;
1400 	sqlite_backend_t *be;
1401 	int r;
1402 
1403 	*txp = NULL;
1404 
1405 	ret = uu_zalloc(sizeof (*ret));
1406 	if (ret == NULL)
1407 		return (REP_PROTOCOL_FAIL_NO_RESOURCES);
1408 
1409 	if ((r = backend_lock(t, writable, &be)) != REP_PROTOCOL_SUCCESS) {
1410 		uu_free(ret);
1411 		return (r);
1412 	}
1413 
1414 	ret->bt_be = be;
1415 	ret->bt_readonly = !writable;
1416 	ret->bt_type = t;
1417 	ret->bt_full = 0;
1418 
1419 	*txp = ret;
1420 	return (REP_PROTOCOL_SUCCESS);
1421 }
1422 
1423 int
1424 backend_tx_begin_ro(backend_type_t t, backend_tx_t **txp)
1425 {
1426 	return (backend_tx_begin_common(t, txp, 0));
1427 }
1428 
1429 static void
1430 backend_tx_end(backend_tx_t *tx)
1431 {
1432 	sqlite_backend_t *be;
1433 
1434 	be = tx->bt_be;
1435 
1436 	if (tx->bt_full) {
1437 		struct sqlite *new;
1438 
1439 		/*
1440 		 * sqlite tends to be sticky with SQLITE_FULL, so we try
1441 		 * to get a fresh database handle if we got a FULL warning
1442 		 * along the way.  If that fails, no harm done.
1443 		 */
1444 		new = sqlite_open(be->be_path, 0600, NULL);
1445 		if (new != NULL) {
1446 			sqlite_close(be->be_db);
1447 			be->be_db = new;
1448 		}
1449 	}
1450 	backend_unlock(be);
1451 	tx->bt_be = NULL;
1452 	uu_free(tx);
1453 }
1454 
1455 void
1456 backend_tx_end_ro(backend_tx_t *tx)
1457 {
1458 	assert(tx->bt_readonly);
1459 	backend_tx_end(tx);
1460 }
1461 
1462 /*
1463  * Fails with
1464  *   _NO_RESOURCES - out of memory
1465  *   _BACKEND_ACCESS
1466  *   _BACKEND_READONLY
1467  */
1468 int
1469 backend_tx_begin(backend_type_t t, backend_tx_t **txp)
1470 {
1471 	int r;
1472 	char *errmsg;
1473 	hrtime_t ts, vts;
1474 
1475 	r = backend_tx_begin_common(t, txp, 1);
1476 	if (r != REP_PROTOCOL_SUCCESS)
1477 		return (r);
1478 
1479 	ts = gethrtime();
1480 	vts = gethrvtime();
1481 	r = sqlite_exec((*txp)->bt_be->be_db, "BEGIN TRANSACTION", NULL, NULL,
1482 	    &errmsg);
1483 	UPDATE_TOTALS((*txp)->bt_be, bt_exec, ts, vts);
1484 	if (r == SQLITE_FULL)
1485 		(*txp)->bt_full = 1;
1486 	r = backend_error((*txp)->bt_be, r, errmsg);
1487 
1488 	if (r != REP_PROTOCOL_SUCCESS) {
1489 		assert(r != REP_PROTOCOL_DONE);
1490 		(void) sqlite_exec((*txp)->bt_be->be_db,
1491 		    "ROLLBACK TRANSACTION", NULL, NULL, NULL);
1492 		backend_tx_end(*txp);
1493 		*txp = NULL;
1494 		return (r);
1495 	}
1496 
1497 	(*txp)->bt_readonly = 0;
1498 
1499 	return (REP_PROTOCOL_SUCCESS);
1500 }
1501 
1502 void
1503 backend_tx_rollback(backend_tx_t *tx)
1504 {
1505 	int r;
1506 	char *errmsg;
1507 	sqlite_backend_t *be;
1508 	hrtime_t ts, vts;
1509 
1510 	assert(tx != NULL && tx->bt_be != NULL && !tx->bt_readonly);
1511 	be = tx->bt_be;
1512 
1513 	ts = gethrtime();
1514 	vts = gethrvtime();
1515 	r = sqlite_exec(be->be_db, "ROLLBACK TRANSACTION", NULL, NULL,
1516 	    &errmsg);
1517 	UPDATE_TOTALS(be, bt_exec, ts, vts);
1518 	if (r == SQLITE_FULL)
1519 		tx->bt_full = 1;
1520 	(void) backend_error(be, r, errmsg);
1521 
1522 	backend_tx_end(tx);
1523 }
1524 
1525 /*
1526  * Fails with
1527  *   _NO_RESOURCES - out of memory
1528  */
1529 int
1530 backend_tx_commit(backend_tx_t *tx)
1531 {
1532 	int r, r2;
1533 	char *errmsg;
1534 	sqlite_backend_t *be;
1535 	hrtime_t ts, vts;
1536 
1537 	assert(tx != NULL && tx->bt_be != NULL && !tx->bt_readonly);
1538 	be = tx->bt_be;
1539 	ts = gethrtime();
1540 	vts = gethrvtime();
1541 	r = sqlite_exec(be->be_db, "COMMIT TRANSACTION", NULL, NULL,
1542 	    &errmsg);
1543 	UPDATE_TOTALS(be, bt_exec, ts, vts);
1544 	if (r == SQLITE_FULL)
1545 		tx->bt_full = 1;
1546 
1547 	r = backend_error(be, r, errmsg);
1548 	assert(r != REP_PROTOCOL_DONE);
1549 
1550 	if (r != REP_PROTOCOL_SUCCESS) {
1551 		r2 = sqlite_exec(be->be_db, "ROLLBACK TRANSACTION", NULL, NULL,
1552 		    &errmsg);
1553 		r2 = backend_error(be, r2, errmsg);
1554 		if (r2 != REP_PROTOCOL_SUCCESS)
1555 			backend_panic("cannot rollback failed commit");
1556 
1557 		backend_tx_end(tx);
1558 		return (r);
1559 	}
1560 	backend_tx_end(tx);
1561 	return (REP_PROTOCOL_SUCCESS);
1562 }
1563 
1564 static const char *
1565 id_space_to_name(enum id_space id)
1566 {
1567 	switch (id) {
1568 	case BACKEND_ID_SERVICE_INSTANCE:
1569 		return ("SI");
1570 	case BACKEND_ID_PROPERTYGRP:
1571 		return ("PG");
1572 	case BACKEND_ID_GENERATION:
1573 		return ("GEN");
1574 	case BACKEND_ID_PROPERTY:
1575 		return ("PROP");
1576 	case BACKEND_ID_VALUE:
1577 		return ("VAL");
1578 	case BACKEND_ID_SNAPNAME:
1579 		return ("SNAME");
1580 	case BACKEND_ID_SNAPSHOT:
1581 		return ("SHOT");
1582 	case BACKEND_ID_SNAPLEVEL:
1583 		return ("SLVL");
1584 	default:
1585 		abort();
1586 		/*NOTREACHED*/
1587 	}
1588 }
1589 
1590 /*
1591  * Returns a new id or 0 if the id argument is invalid or the query fails.
1592  */
1593 uint32_t
1594 backend_new_id(backend_tx_t *tx, enum id_space id)
1595 {
1596 	struct run_single_int_info info;
1597 	uint32_t new_id = 0;
1598 	const char *name = id_space_to_name(id);
1599 	char *errmsg;
1600 	int ret;
1601 	sqlite_backend_t *be;
1602 	hrtime_t ts, vts;
1603 
1604 	assert(tx != NULL && tx->bt_be != NULL && !tx->bt_readonly);
1605 	be = tx->bt_be;
1606 
1607 	info.rs_out = &new_id;
1608 	info.rs_result = REP_PROTOCOL_FAIL_NOT_FOUND;
1609 
1610 	ts = gethrtime();
1611 	vts = gethrvtime();
1612 	ret = sqlite_exec_printf(be->be_db,
1613 	    "SELECT id_next FROM id_tbl WHERE (id_name = '%q');"
1614 	    "UPDATE id_tbl SET id_next = id_next + 1 WHERE (id_name = '%q');",
1615 	    run_single_int_callback, &info, &errmsg, name, name);
1616 	UPDATE_TOTALS(be, bt_exec, ts, vts);
1617 	if (ret == SQLITE_FULL)
1618 		tx->bt_full = 1;
1619 
1620 	ret = backend_error(be, ret, errmsg);
1621 
1622 	if (ret != REP_PROTOCOL_SUCCESS) {
1623 		return (0);
1624 	}
1625 
1626 	return (new_id);
1627 }
1628 
1629 /*
1630  * Returns
1631  *   _NO_RESOURCES - out of memory
1632  *   _DONE - callback aborted query
1633  *   _SUCCESS
1634  */
1635 int
1636 backend_tx_run(backend_tx_t *tx, backend_query_t *q,
1637     backend_run_callback_f *cb, void *data)
1638 {
1639 	char *errmsg = NULL;
1640 	int ret;
1641 	sqlite_backend_t *be;
1642 	hrtime_t ts, vts;
1643 
1644 	assert(tx != NULL && tx->bt_be != NULL);
1645 	be = tx->bt_be;
1646 
1647 	if (q == NULL || q->bq_buf == NULL)
1648 		return (REP_PROTOCOL_FAIL_NO_RESOURCES);
1649 
1650 	ts = gethrtime();
1651 	vts = gethrvtime();
1652 	ret = sqlite_exec(be->be_db, q->bq_buf, cb, data, &errmsg);
1653 	UPDATE_TOTALS(be, bt_exec, ts, vts);
1654 	if (ret == SQLITE_FULL)
1655 		tx->bt_full = 1;
1656 	ret = backend_error(be, ret, errmsg);
1657 
1658 	return (ret);
1659 }
1660 
1661 /*
1662  * Returns
1663  *   _NO_RESOURCES - out of memory
1664  *   _NOT_FOUND - the query returned no results
1665  *   _SUCCESS - the query returned a single integer
1666  */
1667 int
1668 backend_tx_run_single_int(backend_tx_t *tx, backend_query_t *q, uint32_t *buf)
1669 {
1670 	struct run_single_int_info info;
1671 	int ret;
1672 
1673 	info.rs_out = buf;
1674 	info.rs_result = REP_PROTOCOL_FAIL_NOT_FOUND;
1675 
1676 	ret = backend_tx_run(tx, q, run_single_int_callback, &info);
1677 	assert(ret != REP_PROTOCOL_DONE);
1678 
1679 	if (ret != REP_PROTOCOL_SUCCESS)
1680 		return (ret);
1681 
1682 	return (info.rs_result);
1683 }
1684 
1685 /*
1686  * Fails with
1687  *   _NO_RESOURCES - out of memory
1688  */
1689 int
1690 backend_tx_run_update(backend_tx_t *tx, const char *format, ...)
1691 {
1692 	va_list a;
1693 	char *errmsg;
1694 	int ret;
1695 	sqlite_backend_t *be;
1696 	hrtime_t ts, vts;
1697 
1698 	assert(tx != NULL && tx->bt_be != NULL && !tx->bt_readonly);
1699 	be = tx->bt_be;
1700 
1701 	va_start(a, format);
1702 	ts = gethrtime();
1703 	vts = gethrvtime();
1704 	ret = sqlite_exec_vprintf(be->be_db, format, NULL, NULL, &errmsg, a);
1705 	UPDATE_TOTALS(be, bt_exec, ts, vts);
1706 	if (ret == SQLITE_FULL)
1707 		tx->bt_full = 1;
1708 	va_end(a);
1709 	ret = backend_error(be, ret, errmsg);
1710 	assert(ret != REP_PROTOCOL_DONE);
1711 
1712 	return (ret);
1713 }
1714 
1715 /*
1716  * returns REP_PROTOCOL_FAIL_NOT_FOUND if no changes occured
1717  */
1718 int
1719 backend_tx_run_update_changed(backend_tx_t *tx, const char *format, ...)
1720 {
1721 	va_list a;
1722 	char *errmsg;
1723 	int ret;
1724 	sqlite_backend_t *be;
1725 	hrtime_t ts, vts;
1726 
1727 	assert(tx != NULL && tx->bt_be != NULL && !tx->bt_readonly);
1728 	be = tx->bt_be;
1729 
1730 	va_start(a, format);
1731 	ts = gethrtime();
1732 	vts = gethrvtime();
1733 	ret = sqlite_exec_vprintf(be->be_db, format, NULL, NULL, &errmsg, a);
1734 	UPDATE_TOTALS(be, bt_exec, ts, vts);
1735 	if (ret == SQLITE_FULL)
1736 		tx->bt_full = 1;
1737 	va_end(a);
1738 
1739 	ret = backend_error(be, ret, errmsg);
1740 
1741 	return (ret);
1742 }
1743 
1744 #define	BACKEND_ADD_SCHEMA(be, file, tbls, idxs) \
1745 	(backend_add_schema((be), (file), \
1746 	    (tbls), sizeof (tbls) / sizeof (*(tbls)), \
1747 	    (idxs), sizeof (idxs) / sizeof (*(idxs))))
1748 
1749 static int
1750 backend_add_schema(sqlite_backend_t *be, const char *file,
1751     struct backend_tbl_info *tbls, int tbl_count,
1752     struct backend_idx_info *idxs, int idx_count)
1753 {
1754 	int i;
1755 	char *errmsg;
1756 	int ret;
1757 
1758 	/*
1759 	 * Create the tables.
1760 	 */
1761 	for (i = 0; i < tbl_count; i++) {
1762 		if (tbls[i].bti_name == NULL) {
1763 			assert(i + 1 == tbl_count);
1764 			break;
1765 		}
1766 		ret = sqlite_exec_printf(be->be_db,
1767 		    "CREATE TABLE %s (%s);\n",
1768 		    NULL, NULL, &errmsg, tbls[i].bti_name, tbls[i].bti_cols);
1769 
1770 		if (ret != SQLITE_OK) {
1771 			configd_critical(
1772 			    "%s: %s table creation fails: %s\n", file,
1773 			    tbls[i].bti_name, errmsg);
1774 			free(errmsg);
1775 			return (-1);
1776 		}
1777 	}
1778 
1779 	/*
1780 	 * Make indices on key tables and columns.
1781 	 */
1782 	for (i = 0; i < idx_count; i++) {
1783 		if (idxs[i].bxi_tbl == NULL) {
1784 			assert(i + 1 == idx_count);
1785 			break;
1786 		}
1787 
1788 		ret = sqlite_exec_printf(be->be_db,
1789 		    "CREATE INDEX %s_%s ON %s (%s);\n",
1790 		    NULL, NULL, &errmsg, idxs[i].bxi_tbl, idxs[i].bxi_idx,
1791 		    idxs[i].bxi_tbl, idxs[i].bxi_cols);
1792 
1793 		if (ret != SQLITE_OK) {
1794 			configd_critical(
1795 			    "%s: %s_%s index creation fails: %s\n", file,
1796 			    idxs[i].bxi_tbl, idxs[i].bxi_idx, errmsg);
1797 			free(errmsg);
1798 			return (-1);
1799 		}
1800 	}
1801 	return (0);
1802 }
1803 
1804 static int
1805 backend_init_schema(sqlite_backend_t *be, const char *db_file, backend_type_t t)
1806 {
1807 	int i;
1808 	char *errmsg;
1809 	int ret;
1810 
1811 	assert(t == BACKEND_TYPE_NORMAL || t == BACKEND_TYPE_NONPERSIST);
1812 
1813 	if (t == BACKEND_TYPE_NORMAL) {
1814 		ret = BACKEND_ADD_SCHEMA(be, db_file, tbls_normal, idxs_normal);
1815 	} else if (t == BACKEND_TYPE_NONPERSIST) {
1816 		ret = BACKEND_ADD_SCHEMA(be, db_file, tbls_np, idxs_np);
1817 	} else {
1818 		abort();		/* can't happen */
1819 	}
1820 
1821 	if (ret < 0) {
1822 		return (ret);
1823 	}
1824 
1825 	ret = BACKEND_ADD_SCHEMA(be, db_file, tbls_common, idxs_common);
1826 	if (ret < 0) {
1827 		return (ret);
1828 	}
1829 
1830 	/*
1831 	 * Add the schema version to the table
1832 	 */
1833 	ret = sqlite_exec_printf(be->be_db,
1834 	    "INSERT INTO schema_version (schema_version) VALUES (%d)",
1835 	    NULL, NULL, &errmsg, BACKEND_SCHEMA_VERSION);
1836 	if (ret != SQLITE_OK) {
1837 		configd_critical(
1838 		    "setting schema version fails: %s\n", errmsg);
1839 		free(errmsg);
1840 	}
1841 
1842 	/*
1843 	 * Populate id_tbl with initial IDs.
1844 	 */
1845 	for (i = 0; i < BACKEND_ID_INVALID; i++) {
1846 		const char *name = id_space_to_name(i);
1847 
1848 		ret = sqlite_exec_printf(be->be_db,
1849 		    "INSERT INTO id_tbl (id_name, id_next) "
1850 		    "VALUES ('%q', %d);", NULL, NULL, &errmsg, name, 1);
1851 		if (ret != SQLITE_OK) {
1852 			configd_critical(
1853 			    "id insertion for %s fails: %s\n", name, errmsg);
1854 			free(errmsg);
1855 			return (-1);
1856 		}
1857 	}
1858 	/*
1859 	 * Set the persistance of the database.  The normal database is marked
1860 	 * "synchronous", so that all writes are synchronized to stable storage
1861 	 * before proceeding.
1862 	 */
1863 	ret = sqlite_exec_printf(be->be_db,
1864 	    "PRAGMA default_synchronous = %s; PRAGMA synchronous = %s;",
1865 	    NULL, NULL, &errmsg,
1866 	    (t == BACKEND_TYPE_NORMAL)? "ON" : "OFF",
1867 	    (t == BACKEND_TYPE_NORMAL)? "ON" : "OFF");
1868 	if (ret != SQLITE_OK) {
1869 		configd_critical("pragma setting fails: %s\n", errmsg);
1870 		free(errmsg);
1871 		return (-1);
1872 	}
1873 
1874 	return (0);
1875 }
1876 
1877 int
1878 backend_init(const char *db_file, const char *npdb_file, int have_np)
1879 {
1880 	sqlite_backend_t *be;
1881 	int r;
1882 	int writable_persist = 1;
1883 
1884 	/* set up our temporary directory */
1885 	sqlite_temp_directory = "/etc/svc/volatile";
1886 
1887 	if (strcmp(SQLITE_VERSION, sqlite_version) != 0) {
1888 		configd_critical("Mismatched link!  (%s should be %s)\n",
1889 		    sqlite_version, SQLITE_VERSION);
1890 		return (CONFIGD_EXIT_DATABASE_INIT_FAILED);
1891 	}
1892 	if (db_file == NULL)
1893 		db_file = REPOSITORY_DB;
1894 
1895 	r = backend_create(BACKEND_TYPE_NORMAL, db_file, &be);
1896 	switch (r) {
1897 	case BACKEND_CREATE_FAIL:
1898 		return (CONFIGD_EXIT_DATABASE_INIT_FAILED);
1899 	case BACKEND_CREATE_LOCKED:
1900 		return (CONFIGD_EXIT_DATABASE_LOCKED);
1901 	case BACKEND_CREATE_SUCCESS:
1902 		break;		/* success */
1903 	case BACKEND_CREATE_READONLY:
1904 		writable_persist = 0;
1905 		break;
1906 	case BACKEND_CREATE_NEED_INIT:
1907 		if (backend_init_schema(be, db_file, BACKEND_TYPE_NORMAL)) {
1908 			backend_destroy(be);
1909 			return (CONFIGD_EXIT_DATABASE_INIT_FAILED);
1910 		}
1911 		break;
1912 	default:
1913 		abort();
1914 		/*NOTREACHED*/
1915 	}
1916 	backend_create_finish(BACKEND_TYPE_NORMAL, be);
1917 
1918 	if (have_np) {
1919 		if (npdb_file == NULL)
1920 			npdb_file = NONPERSIST_DB;
1921 
1922 		r = backend_create(BACKEND_TYPE_NONPERSIST, npdb_file, &be);
1923 		switch (r) {
1924 		case BACKEND_CREATE_SUCCESS:
1925 			break;		/* success */
1926 		case BACKEND_CREATE_FAIL:
1927 			return (CONFIGD_EXIT_DATABASE_INIT_FAILED);
1928 		case BACKEND_CREATE_LOCKED:
1929 			return (CONFIGD_EXIT_DATABASE_LOCKED);
1930 		case BACKEND_CREATE_READONLY:
1931 			configd_critical("%s: unable to write\n", npdb_file);
1932 			return (CONFIGD_EXIT_DATABASE_INIT_FAILED);
1933 		case BACKEND_CREATE_NEED_INIT:
1934 			if (backend_init_schema(be, db_file,
1935 			    BACKEND_TYPE_NONPERSIST)) {
1936 				backend_destroy(be);
1937 				return (CONFIGD_EXIT_DATABASE_INIT_FAILED);
1938 			}
1939 			break;
1940 		default:
1941 			abort();
1942 			/*NOTREACHED*/
1943 		}
1944 		backend_create_finish(BACKEND_TYPE_NONPERSIST, be);
1945 
1946 		/*
1947 		 * If we started up with a writable filesystem, but the
1948 		 * non-persistent database needed initialization, we
1949 		 * are booting a non-global zone, so do a backup.
1950 		 */
1951 		if (r == BACKEND_CREATE_NEED_INIT && writable_persist &&
1952 		    backend_lock(BACKEND_TYPE_NORMAL, 0, &be) ==
1953 		    REP_PROTOCOL_SUCCESS) {
1954 			if (backend_create_backup_locked(be,
1955 			    REPOSITORY_BOOT_BACKUP) != REP_PROTOCOL_SUCCESS) {
1956 				configd_critical(
1957 				    "unable to create \"%s\" backup of "
1958 				    "\"%s\"\n", REPOSITORY_BOOT_BACKUP,
1959 				    be->be_path);
1960 			}
1961 			backend_unlock(be);
1962 		}
1963 	}
1964 	return (CONFIGD_EXIT_OKAY);
1965 }
1966 
1967 /*
1968  * quiesce all database activity prior to exiting
1969  */
1970 void
1971 backend_fini(void)
1972 {
1973 	sqlite_backend_t *be_normal, *be_np;
1974 
1975 	(void) backend_lock(BACKEND_TYPE_NORMAL, 1, &be_normal);
1976 	(void) backend_lock(BACKEND_TYPE_NONPERSIST, 1, &be_np);
1977 }
1978 
1979 #define	QUERY_BASE	128
1980 backend_query_t *
1981 backend_query_alloc(void)
1982 {
1983 	backend_query_t *q;
1984 	q = calloc(1, sizeof (backend_query_t));
1985 	if (q != NULL) {
1986 		q->bq_size = QUERY_BASE;
1987 		q->bq_buf = calloc(1, q->bq_size);
1988 		if (q->bq_buf == NULL) {
1989 			q->bq_size = 0;
1990 		}
1991 
1992 	}
1993 	return (q);
1994 }
1995 
1996 void
1997 backend_query_append(backend_query_t *q, const char *value)
1998 {
1999 	char *alloc;
2000 	int count;
2001 	size_t size, old_len;
2002 
2003 	if (q == NULL) {
2004 		/* We'll discover the error when we try to run the query. */
2005 		return;
2006 	}
2007 
2008 	while (q->bq_buf != NULL) {
2009 		old_len = strlen(q->bq_buf);
2010 		size = q->bq_size;
2011 		count = strlcat(q->bq_buf, value, size);
2012 
2013 		if (count < size)
2014 			break;				/* success */
2015 
2016 		q->bq_buf[old_len] = 0;
2017 		size = round_up_to_p2(count + 1);
2018 
2019 		assert(size > q->bq_size);
2020 		alloc = realloc(q->bq_buf, size);
2021 		if (alloc == NULL) {
2022 			free(q->bq_buf);
2023 			q->bq_buf = NULL;
2024 			break;				/* can't grow */
2025 		}
2026 
2027 		q->bq_buf = alloc;
2028 		q->bq_size = size;
2029 	}
2030 }
2031 
2032 void
2033 backend_query_add(backend_query_t *q, const char *format, ...)
2034 {
2035 	va_list args;
2036 	char *new;
2037 
2038 	if (q == NULL || q->bq_buf == NULL)
2039 		return;
2040 
2041 	va_start(args, format);
2042 	new = sqlite_vmprintf(format, args);
2043 	va_end(args);
2044 
2045 	if (new == NULL) {
2046 		free(q->bq_buf);
2047 		q->bq_buf = NULL;
2048 		return;
2049 	}
2050 
2051 	backend_query_append(q, new);
2052 
2053 	free(new);
2054 }
2055 
2056 void
2057 backend_query_free(backend_query_t *q)
2058 {
2059 	if (q != NULL) {
2060 		if (q->bq_buf != NULL) {
2061 			free(q->bq_buf);
2062 		}
2063 		free(q);
2064 	}
2065 }
2066