Add optional getdents64(2) syscall bypass in read-only open

[vardaro]

I am trying to use RocksDB in ReadOnly mode with a POSIX file system that does not correctly support open(2) with O_DIRECTORY or getdents64() syscalls. As a result, I see ReadOnly database open failures relating to the file system reporting non-zero exit code for getdents64(2):

Example strace output:

[pid 1121067] openat(AT_FDCWD, "/path/to/rocksdb-backup/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 <0.000280>
[pid 1121067] newfstatat(3, "", {st_mode=S_IFDIR|0777, st_size=0, ...}, AT_EMPTY_PATH) = 0 <0.000005>
[pid 1121067] getdents64(3, 0x58dd5cb5b140, 32768) = -1 EOPNOTSUPP (Operation not supported) <0.000049>

Looking at the ReadOnly open code, it seems the getdents64(2) and open(2) are byproducts of GetChildren(), which calls opendir(3) and readdir(3) to range over the database directory. The practical applications of these callsites are to:

1. Find unknown WAL files not present in a descriptor
2. Find the latest OPTIONS-$N file for GetLiveFiles() inclusion

Neither of these appears to be relevant for our use case of simple RocksDB backup -> ReadOnly restore, which makes me think they can be safely bypassed in the ReadOnly open path.

This change adds a new database option, skip_directory_scan_on_readonly_db_open, that allows RocksDB users to omit directory listing related system calls, with a default of false. I think generally, this is probably useful for folks using RocksDB over customized file systems (be it FUSE or NFS etc), that may only implement partial POSIX support. With this change, we are able to use successfully use RocksDB in ReadOnly mode with our customized file system.

Note: best_efforts_recovery does bypass the WAL dir scan, but doesn't skip the scan for the OPTIONs file. I also think using best_efforts_recovery as a proxy for bypassing getdents64(2) deviates from the options original intent.

Reproduce database open failure

Example program opening database in ReadOnly mode, fails during getdents64(2).

  DBOptions db_options;
 
  // Enable this to skip directory scans (getdents64)
  // db_options.skip_directory_scan_on_open = true;

  std::vector<ColumnFamilyDescriptor> column_families;
  column_families.push_back(ColumnFamilyDescriptor(
      ROCKSDB_NAMESPACE::kDefaultColumnFamilyName, ColumnFamilyOptions()));
  column_families.push_back(
      ColumnFamilyDescriptor("metadata", ColumnFamilyOptions()));

  std::vector<ColumnFamilyHandle*> handles;
  DB* db = nullptr;

  // strace -e open,openat,getdents64 ./bin
  Status s = DB::OpenForReadOnly(db_options, kDBPath, column_families, &handles, &db);

  if (!s.ok()) {
    std::cerr << "Failed to open DB: " << s.ToString() << std::endl;
    return 1;
  }

As far as I can tell, this seems safe? But I'm looking for maintainers with better context to help me understand why this might be a bad idea. Thanks

[meta-cla]

Hi @vardaro!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

[meta-cla]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!