From 6e33d52bdad5d054240cfab6f71734792cddcd4a Mon Sep 17 00:00:00 2001 From: Jason Volk Date: Sun, 19 Feb 2023 13:33:47 -0800 Subject: [PATCH] ircd::db::database: Hide dangerous best_efforts_recovery behind all-caps options. --- ircd/db_database.cc | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ircd/db_database.cc b/ircd/db_database.cc index 63df71c56..019b4d2fe 100644 --- a/ircd/db_database.cc +++ b/ircd/db_database.cc @@ -981,29 +981,29 @@ try // When corrupted after crash, the DB is rolled back before the first // corruption and erases everything after it, giving a consistent // state up at that point, though losing some recent data. - if(string_view(open_recover) == "point") + if(iequals(string_view(open_recover), "point")) opts->wal_recovery_mode = rocksdb::WALRecoveryMode::kPointInTimeRecovery; - // When corrupted after crash and PointInTimeRecovery does not work, - // this will drop more data, but consistently. RocksDB sez the WAL is not - // used at all in this mode. - #if ROCKSDB_MAJOR > 6 \ - || (ROCKSDB_MAJOR == 6 && ROCKSDB_MINOR >= 10) - if(string_view(open_recover) == "recover") - opts->best_efforts_recovery = true; - #endif - // Skipping corrupted records will create gaps in the DB timeline where the // application (like a matrix timeline) cannot tolerate the unexpected gap. - if(string_view(open_recover) == "skip" || string_view(open_recover) == "recover") + if(iequals(string_view(open_recover), "skip")) opts->wal_recovery_mode = rocksdb::WALRecoveryMode::kSkipAnyCorruptedRecords; // Tolerating corrupted records is very last-ditch for getting the database to // open in a catastrophe. We have no use for this option but should use it for //TODO: emergency salvage-mode. - if(string_view(open_recover) == "tolerate") + if(iequals(string_view(open_recover), "tolerate")) opts->wal_recovery_mode = rocksdb::WALRecoveryMode::kTolerateCorruptedTailRecords; + // When the mode is all caps best efforts recovery is enabled. This is + // highly experimental and not well understood. Possibly in combination + // with an ill-selected above mode, the entire database may be destroyed. + #if ROCKSDB_MAJOR > 6 \ + || (ROCKSDB_MAJOR == 6 && ROCKSDB_MINOR >= 10) + if(all_of(string_view(open_recover))) + opts->best_efforts_recovery = true; + #endif + // Setup env opts->env = env.get();