memtx: finalize prepare of all transactions in memtx MVCC by drewdzzz · Pull Request #11007 · tarantool/tarantool

drewdzzz · 2024-12-27T12:01:43Z

We have a special sysview engine that bypasses transaction management and reads right from memtx indexes. The problem is memtx indexes use memtx MVCC by themselves, so despite sysview bypasses transaction management process, it actually uses memtx MVCC. So the problem here is that transaction can actually read something using sysview, a tracker in MVCC will be allocated, but txn->engine[memtx->id] still will be NULL, so the preparation of the transaction won't be finalized by memtx_tx and the tracker won't be deleted when transaction is prepared. On conflict, MVCC will try to abort that already prepared transaction and it will lead to a crash.

Actually, crashing scenarios are rather synthetic and break only our engine fuzzer. Here is an example of such scenario without manual use of system spaces:

Open a transaction and do an operation in a vinyl space.
Try to alter the space in the same transaction - it will fail with cross-engine transaction error.
Commit the transaction, but do not wait for WAL write (internally, such state is called prepared).
Alter the space in another transaction and commit it before the previous transaction was written to WAL. Here MVCC will try to conflict that already prepared transaction and it will break Tarantool.

To solve the problem, we could try to write quite a large patch to handle such transactions differently in memtx MVCC. But instead, let's simply finalize prepare of all transaction in MVCC. The current design already lacks encapsulation - all transactions (even non-memtx) are registered there, so such solution not only simple but also consistent with other MVCC parts. Note that memtx MVCC still can abort such non-memtx transactions when they are in-progress, but it seems that such behavior doesn't break other yielding engines (vinyl is the only one).

In order not to do unnecessary function call when MVCC is disabled, function memtx_tx_prepare_finalize is static inline now and uses a *_slow helper when MVCC is actually enabled - such approach is common in this subsystem.

Closes #10715

coveralls · 2024-12-27T12:18:47Z

coverage: 87.345% (-0.01%) from 87.357%
when pulling b6a7ae7 on drewdzzz:memtx_mvcc_sysview
into 43aa0bf
on tarantool:master.

changelogs/unreleased/gh-10715-memtx-mvcc-conflict-with-prepared-sysview-txn.md

test/box-luatest/gh_10715_memtx_mvcc_conflict_with_prepared_sysview_txn_test.lua

src/box/txn.c

changelogs/unreleased/gh-10715-memtx-mvcc-conflict-with-prepared-sysview-txn.md

We have a special `sysview` engine that bypasses transaction management and reads right from memtx indexes. The problem is memtx indexes use memtx MVCC by themselves, so despite `sysview` bypasses transaction management process, it actually uses memtx MVCC. So the problem here is that transaction can actually read something using `sysview`, a tracker in MVCC will be allocated, but `txn->engine[memtx->id]` still will be `NULL`, so the preparation of the transaction won't be finalized by memtx_tx and the tracker won't be deleted when transaction is prepared. On conflict, MVCC will try to abort that already prepared transaction and it will lead to a crash. Actually, crashing scenarios are rather synthetic and break only our engine fuzzer. Here is an example of such scenario without manual use of system spaces: 1. Open a transaction and do an operation in a vinyl space. 2. Try to alter the space in the same transaction - it will fail with cross-engine transaction error. 3. Commit the transaction, but do not wait for WAL write (internally, such state is called `prepared`). 4. Alter the space in another transaction and commit it before the previous transaction was written to WAL. Here MVCC will try to conflict that already prepared transaction and it will break Tarantool. To solve the problem, we could try to write quite a large patch to handle such transactions differently in memtx MVCC. But instead, let's simply finalize prepare of all transaction in MVCC. The current design already lacks encapsulation - all transactions (even non-memtx) are registered there, so such solution not only simple but also consistent with other MVCC parts. Note that memtx MVCC still can abort such non-memtx transactions when they are in-progress, but it seems that such behavior doesn't break other yielding engines (`vinyl` is the only one) - the commit covers it with a simple test along the way. In order not to do unnecessary function call when MVCC is disabled, function `memtx_tx_prepare_finalize` is `static inline` now and uses a `*_slow` helper when MVCC is actually enabled - such approach is common in this subsystem. Closes #10715 NO_DOC=bugfix

locker · 2025-02-04T13:09:46Z

Cherry-picked to 2.11, 3.2, 3.3.

drewdzzz requested a review from a team as a code owner December 27, 2024 12:01

drewdzzz requested review from CuriousGeorgiy and locker December 27, 2024 12:17

drewdzzz assigned locker and CuriousGeorgiy Dec 27, 2024

CuriousGeorgiy requested changes Dec 30, 2024

View reviewed changes

CuriousGeorgiy removed their assignment Dec 30, 2024

drewdzzz requested a review from CuriousGeorgiy January 9, 2025 04:05

drewdzzz assigned CuriousGeorgiy Jan 9, 2025

locker reviewed Jan 13, 2025

View reviewed changes

src/box/txn.c Show resolved Hide resolved

locker assigned drewdzzz and unassigned locker Jan 13, 2025

CuriousGeorgiy removed their assignment Jan 13, 2025

lenkis approved these changes Jan 13, 2025

View reviewed changes

changelogs/unreleased/gh-10715-memtx-mvcc-conflict-with-prepared-sysview-txn.md Outdated Show resolved Hide resolved

drewdzzz assigned CuriousGeorgiy and unassigned drewdzzz Jan 28, 2025

CuriousGeorgiy approved these changes Jan 28, 2025

View reviewed changes

CuriousGeorgiy assigned drewdzzz and unassigned CuriousGeorgiy Jan 28, 2025

drewdzzz requested a review from locker January 29, 2025 09:46

drewdzzz assigned locker and unassigned drewdzzz Jan 29, 2025

locker approved these changes Jan 29, 2025

View reviewed changes

locker assigned drewdzzz and unassigned locker Jan 29, 2025

drewdzzz added full-ci Enables all tests for a pull request backport/2.11 Automatically create a 2.11 backport PR backport/3.2 Automatically create a 3.2 backport PR backport/3.3 Automatically create a 3.3 backport PR labels Jan 29, 2025

drewdzzz removed backport/2.11 Automatically create a 2.11 backport PR backport/3.2 Automatically create a 3.2 backport PR backport/3.3 Automatically create a 3.3 backport PR labels Feb 3, 2025

drewdzzz assigned locker and unassigned drewdzzz Feb 4, 2025

locker merged commit a217b0f into tarantool:master Feb 4, 2025
61 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

memtx: finalize prepare of all transactions in memtx MVCC#11007

memtx: finalize prepare of all transactions in memtx MVCC#11007
locker merged 1 commit intotarantool:masterfrom
drewdzzz:memtx_mvcc_sysview

drewdzzz commented Dec 27, 2024

Uh oh!

coveralls commented Dec 27, 2024 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

locker commented Feb 4, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

drewdzzz commented Dec 27, 2024

Uh oh!

coveralls commented Dec 27, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

locker commented Feb 4, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

coveralls commented Dec 27, 2024 •

edited

Loading