memtx: fix use-after-free on background index build#10646
Merged
locker merged 1 commit intotarantool:masterfrom Nov 1, 2024
drewdzzz:index_shadow_build_rollback_crash
Merged
memtx: fix use-after-free on background index build#10646locker merged 1 commit intotarantool:masterfrom drewdzzz:index_shadow_build_rollback_crash
locker merged 1 commit intotarantool:masterfrom
drewdzzz:index_shadow_build_rollback_crash
Conversation
locker
reviewed
Oct 4, 2024
lenkis
approved these changes
Oct 7, 2024
changelogs/unreleased/gh-10620-crash-on-rollback-after-background-index-build.md
Outdated
Show resolved
Hide resolved
locker
reviewed
Oct 30, 2024
test/box-luatest/gh_10620_crash_on_rollback_after_background_index_build_test.lua
Show resolved
Hide resolved
locker
reviewed
Oct 30, 2024
When building an index in background, we create on_rollback triggers for tuples inserted concurrently. The problem here is on_rollback trigger has independent from `index` and `memtx_ddl_state` lifetime - it can be called after the index was build (and `memtx_ddl_state` is destroyed) and even after the index was altered. So, in order to avoid use-after-free in on_rollback trigger, let's drop all on_rollback triggers when the DDL is over. It's OK because all owners of triggers are already prepared, hence, in WAL or replication queue (since we build indexes in background only without MVCC so the transactions cannot yield), so if they are rolled back, the same will happen to the DDL. In order to delete on_rollback triggers, we should collect them into a list in `memtx_ddl_state`. On the other hand, when the DML statement is over (committed or rolled back), we should delete its trigger from the list to prevent use-after-free. That's why the commit adds the on_commit trigger to background build process. Closes #10620 NO_DOC=bugfix
locker
approved these changes
Oct 31, 2024
ligurio
approved these changes
Oct 31, 2024
Member
|
Cherry-picked to 2.11 and 3.2. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When building an index in background, we create on_rollback triggers for tuples inserted concurrently. The problem here is on_rollback trigger has independent from
indexandmemtx_ddl_statelifetime - it can be called after the index was build (andmemtx_ddl_stateis destroyed) and even after the index was altered. So, in order to avoid use-after-free in on_rollback trigger, let's drop all on_rollback triggers when the DDL is over. It's OK because all owners of triggers are already prepared, hence, in WAL or replication queue (since we build indexes in background only without MVCC so the transactions cannot yield), so if they are rolled back, the same will happen to the DDL.Closes #10620