In ctdb_writerecord()

Verify that the lock is still held and refuse the write otherwise.

We have to guarantee that we dont write to an unlocked record.

If we write to a record after it has been released, the record may have
already migrated off the node, in which case we get a DMASTER split brain for this record. (These application bugs are incredibly hard to track down)

diff --git a/libctdb/ctdb.c b/libctdb/ctdb.c
index d60c8894db15aa1ddfe885869a3bbedfdb52a942..b7f1c590e0d3eb050ed1f6f9f82071b3366c33da 100644 (file)
--- a/libctdb/ctdb.c
+++ b/libctdb/ctdb.c
@@ -794,6 +794,13 @@ ctdb_readrecordlock_async(struct ctdb_db *ctdb_db, TDB_DATA key,
 
 int ctdb_writerecord(struct ctdb_lock *lock, TDB_DATA data)
 {
+       if (!lock->held) {
+               errno = EBADF;
+               DEBUG(lock->ctdb_db->ctdb, LOG_ERR,
+                     "ctdb_writerecord: Can not write. Lock has been released.");
+               return -1;
+       }
+               
        if (lock->ctdb_db->persistent) {
                errno = EINVAL;
                DEBUG(lock->ctdb_db->ctdb, LOG_ERR,