Bug 1472722 - Use the unix-excl Sqlite VFS by default. r=nalexander,asuth

Use the exclusive VFS on unix systems, so that: 1. we can avoid the memory mapped -shm files in wal mode 2. we gain more compatibility with nfs shares 3. we gain some protection from third parties touching open dbs On the other side it won't be possible anymore to use an open database from a different process (like the Sqlite command line), for which we provide an hidden pref: storage.multiProcessAccess.enabled Differential Revision: https://phabricator.services.mozilla.com/D1964 --HG-- extra : moz-landing-system : lando
2018-07-13 16:54:57 +00:00 · 2018-07-13 16:54:57 +00:00 · a543f35d4b
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@ -49,6 +49,10 @@ pref("toolkit.zoomManager.zoomValues", ".2,.3,.5,.67,.8,.9,1,1.1,1.2,1.33,1.5,1.
 // Mobile will use faster, less durable mode.
 pref("toolkit.storage.synchronous", 0);

+// Android needs concurrent access to the same database from multiple processes,
+// thus we can't use exclusive locking on it.
+pref("storage.multiProcessAccess.enabled", true);
+
 pref("browser.viewport.desktopWidth", 980);
 // The default fallback zoom level to render pages at. Set to -1 to fit page; otherwise
 // the value is divided by 1000 and clamped to hard-coded min/max scale values.
--- a/storage/TelemetryVFS.cpp
+++ b/storage/TelemetryVFS.cpp
@ -22,14 +22,21 @@
 #define LAST_KNOWN_IOMETHODS_VERSION 3

 /**
- * This preference is a workaround to allow users/sysadmins to identify
- * that the profile exists on an NFS share whose implementation
- * is incompatible with SQLite's default locking implementation.
- * Bug 433129 attempted to automatically identify such file-systems,
- * but a reliable way was not found and it was determined that the fallback
- * locking is slower than POSIX locking, so we do not want to do it by default.
-*/
-#define PREF_NFS_FILESYSTEM   "storage.nfs_filesystem"
+ * By default use the unix-excl VFS, for the following reasons:
+ * 1. It improves compatibility with NFS shares, whose implementation
+ *    is incompatible with SQLite's locking requirements.
+ *    Bug 433129 attempted to automatically identify such file-systems,
+ *    but a reliable way was not found and the fallback locking is slower than
+ *    POSIX locking, so we do not want to do it by default.
+ * 2. It allows wal mode to avoid the memory mapped -shm file, reducing the
+ *    likelihood of SIGBUS failures when disk space is exhausted.
+ * 3. It provides some protection from third party database tampering while a
+ *    connection is open.
+ * This preference allows to revert to the "unix" VFS, that is not exclusive,
+ * thus it can be used by developers to query a database through the Sqlite
+ * command line while it's already in use.
+ */
+#define PREF_MULTI_PROCESS_ACCESS "storage.multiProcessAccess.enabled"

 namespace {

@ -865,22 +872,22 @@ const char *GetVFSName()
 sqlite3_vfs* ConstructTelemetryVFS()
 {
 #if defined(XP_WIN)
-#define EXPECTED_VFS     "win32"
-#define EXPECTED_VFS_NFS "win32"
+#define EXPECTED_VFS      "win32"
+#define EXPECTED_VFS_EXCL "win32"
 #else
-#define EXPECTED_VFS     "unix"
-#define EXPECTED_VFS_NFS "unix-excl"
+#define EXPECTED_VFS      "unix"
+#define EXPECTED_VFS_EXCL "unix-excl"
 #endif

  bool expected_vfs;
  sqlite3_vfs *vfs;
-  if (Preferences::GetBool(PREF_NFS_FILESYSTEM)) {
-    vfs = sqlite3_vfs_find(EXPECTED_VFS_NFS);
-    expected_vfs = (vfs != nullptr);
-  }
-  else {
+  if (Preferences::GetBool(PREF_MULTI_PROCESS_ACCESS, false)) {
+    // Use the non-exclusive VFS.
    vfs = sqlite3_vfs_find(nullptr);
    expected_vfs = vfs->zName && !strcmp(vfs->zName, EXPECTED_VFS);
+  } else {
+    vfs = sqlite3_vfs_find(EXPECTED_VFS_EXCL);
+    expected_vfs = (vfs != nullptr);
  }
  if (!expected_vfs) {
    return nullptr;