storage: tighten MVCCDeleteRangeUsingTombstone key span checks

[erikgrinaker]

storage: tighten MVCCDeleteRangeUsingTombstone key span checks

We've previously disallowed writing MVCC range tombstones across local
keyspace. However, this check used keys.IsLocal(), which simply checks
whether the key has the local prefix (\x01), so it was possible for
callers to use e.g. \x00 as a start key and span the local keyspace
anyway.

This patch changes the check to ensure the start key is at or after
keys.LocalMax.

Release justification: bug fixes and low-risk updates to new functionality

Release note: None

storage: fix intentInterleavingIter local key detection

intentInterleavingIter will error if given bounds that span from the
local to the global keyspace. However, it only checked whether the start
key satisfied keys.IsLocal(), i.e. that the key began with \x01.
This meant that it was possible to give a start key with a \x00 prefix
that spanned across the local and global keyspaces, without triggering
the error. This could cause the iterator to be incorrectly positioned in
the lock table keyspace.

This patch fixes the check by comparing the start key with
keys.LocalMax instead. This does not appear to have a measurable
impact on performance:

name                                                                old time/op    new time/op    delta
MVCCGet_Pebble/batch=true/versions=1/valueSize=8/numRangeKeys=0-24    2.39µs ± 1%    2.39µs ± 1%   ~     (p=0.810 n=10+10)

Resolves #87489.

Release justification: low risk, high benefit changes to existing functionality
Release note: None

[cockroach-teamcity]

This change is 

[sumeerbhola]

Reviewed 2 of 2 files at r1.
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @aliher1911, @erikgrinaker, and @tbg)

---

pkg/kv/kvserver/mvcc_gc_queue_test.go line 515 at r1 (raw file):

			require.NoError(t, storage.MVCCPut(ctx, rw, ms, key, delTime, hlc.ClockTimestamp{}, roachpb.Value{}, nil))
		}
	}

how about adding a require.Error test case that will fail with the new logic and that did not fail before?

[erikgrinaker]

Reviewable status: complete! 0 of 0 LGTMs obtained (and 1 stale) (waiting on @aliher1911, @sumeerbhola, and @tbg)

---

pkg/kv/kvserver/mvcc_gc_queue_test.go line 515 at r1 (raw file):

Previously, sumeerbhola wrote…

how about adding a require.Error test case that will fail with the new logic and that did not fail before?

Yeah, may as well, done (TestMVCCHistories). This shouldn't be possible in production code though, since we always use an appropriate key prefix.

[aliher1911]

I think this will blow up with changes that were done to MVCCStats randomized tests as they use range deletions for local space as well if I'm not mistaken.

[erikgrinaker]

I think this will blow up with changes that were done to MVCCStats randomized tests as they use range deletions for local space as well if I'm not mistaken.

I asked Tobi to address that in the original PR, so I think it should be fixed? But I'll make sure to adapt any failing tests otherwise.

[erikgrinaker]

@sumeerbhola It turns out intentInterleavingIter had the same problem (see #87489), I've added on a commit which addresses it. PTAL.

[sumeerbhola]

Reviewed 1 of 1 files at r2, 2 of 2 files at r3, 1 of 1 files at r4, all commit messages.
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @aliher1911, @erikgrinaker, and @sumeerbhola)

---

pkg/storage/intent_interleaving_iter.go line 171 at r4 (raw file):

}

func isLocal(k roachpb.Key) bool {

this isLocal method is also used in mvcc.go in CanGCEntireRange -- it looks like this behavior change is fine for that case too.

[erikgrinaker]

Looks like I won the flake jackpot with 3 different and unrelated CI failures.

bors r=sumeerbhola

[craig]

Build succeeded:

• Bazel Essential CI (Cockroach)