Hallvard Breien Furuseth:

On 2014-01-08 18:23, Howard Chu wrote:

...

Wietse Venema wrote:

...

Hallvard Breien Furuseth:

...

Process A may see garbage data.

This is wrong. The fcntl locks will definitely prevent two processes from interfering with each other. The reason this bug occurs is because fcntl locks cannot prevent two transactions within a single process from stomping on each other.

Hmm. OK, after some discussion with Howard:

This was so with Howard's original code, it wrapped each mdb_get() in a transaction. postfix-2.11-20131228/src/util/slmdb.c breaks this by preserving the read transaction until an error happens which is bad enough for the code to notice.

The Postfix first/next iterator has always used a long-term read transaction, ever since the first LMDB patch for Postfix. This broke with the switch to MDB_NOLOCK.

Locks around cursors are pointless as well as insufficient from lmdb's point of view. It is transactions which must be protected.

With MDB_NOLOCK the cursor's read transaction must be protected, and it must be closed before returning the (key, value) to the caller.

Wietse