Skip to content
This repository was archived by the owner on Mar 1, 2026. It is now read-only.

Prevent accessing freed XA-committed RocksDB transactions#1513

Closed
laurynas-biveinis wants to merge 1 commit into
facebook:fb-mysql-8.0.32from
laurynas-biveinis:myr-ddse-mdl_sync
Closed

Prevent accessing freed XA-committed RocksDB transactions#1513
laurynas-biveinis wants to merge 1 commit into
facebook:fb-mysql-8.0.32from
laurynas-biveinis:myr-ddse-mdl_sync

Conversation

@laurynas-biveinis

Copy link
Copy Markdown
Contributor

With MyRocks DDSE, a XA transaction followed by a DDL statement in the same
connection results in the following:

  • The XA transaction in RocksDB is committed by rocksdb_commit_by_xid, which
    then deletes the RocksDB transaction object.
  • The DDL statement in the same thread accesses the deleted object.
  • If it does not crash first, the next RocksDB commit on that transaction object
    fails due to the transaction being in unexpected state (COMMITTED instead of
    STARTED).

Fix by:

  • No longer deleting transactions in rocksdb_commit_by_xid and
    rocksdb_rollback_by_xid, which was suitable only for crash recovery.
  • Prevent memory leaks in crash recovery by making the recovered transaction
    pointer vector in rocksdb_recover public, and deleting all the transactions
    there in rocksdb_post_recover.
  • New method Rdb_transaction::restart_if_committed_by_xid with implementation in
    Rdb_transaction_impl that syncs the MyRocks transaction state with RocksDB by
    restarting the RocksDB transaction if needed.
With MyRocks DDSE, a XA transaction followed by a DDL statement in the same
connection results in the following:
- The XA transaction in RocksDB is committed by rocksdb_commit_by_xid, which
  then deletes the RocksDB transaction object.
- The DDL statement in the same thread accesses the deleted object.
- If it does not crash first, the next RocksDB commit on that transaction object
  fails due to the transaction being in unexpected state (COMMITTED instead of
  STARTED).

Fix by:
- No longer deleting transactions in rocksdb_commit_by_xid and
  rocksdb_rollback_by_xid, which was suitable only for crash recovery.
- Prevent memory leaks in crash recovery by making the recovered transaction
  pointer vector in rocksdb_recover public, and deleting all the transactions
  there in rocksdb_post_recover.
- New method Rdb_transaction::restart_if_committed_by_xid with implementation in
  Rdb_transaction_impl that syncs the MyRocks transaction state with RocksDB by
  restarting the RocksDB transaction if needed.
@facebook-github-bot

Copy link
Copy Markdown

@luqun has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@laurynas-biveinis laurynas-biveinis deleted the myr-ddse-mdl_sync branch March 10, 2025 07:38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

2 participants