Skip to content

Prevent accessing freed XA-committed RocksDB transactions #1513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
laurynas-biveinis wants to merge 1 commit into from
Closed

Prevent accessing freed XA-committed RocksDB transactions #1513

laurynas-biveinis wants to merge 1 commit into from

Conversation

@laurynas-biveinis
Copy link
Contributor

@laurynas-biveinis laurynas-biveinis commented Feb 12, 2025

With MyRocks DDSE, a XA transaction followed by a DDL statement in the same
connection results in the following:

  • The XA transaction in RocksDB is committed by rocksdb_commit_by_xid, which
    then deletes the RocksDB transaction object.
  • The DDL statement in the same thread accesses the deleted object.
  • If it does not crash first, the next RocksDB commit on that transaction object
    fails due to the transaction being in unexpected state (COMMITTED instead of
    STARTED).

Fix by:

  • No longer deleting transactions in rocksdb_commit_by_xid and
    rocksdb_rollback_by_xid, which was suitable only for crash recovery.
  • Prevent memory leaks in crash recovery by making the recovered transaction
    pointer vector in rocksdb_recover public, and deleting all the transactions
    there in rocksdb_post_recover.
  • New method Rdb_transaction::restart_if_committed_by_xid with implementation in
    Rdb_transaction_impl that syncs the MyRocks transaction state with RocksDB by
    restarting the RocksDB transaction if needed.
@laurynas-biveinis
Prevent accessing freed XA-committed RocksDB transactions
a1e6f64 
With MyRocks DDSE, a XA transaction followed by a DDL statement in the same
connection results in the following:
- The XA transaction in RocksDB is committed by rocksdb_commit_by_xid, which
  then deletes the RocksDB transaction object.
- The DDL statement in the same thread accesses the deleted object.
- If it does not crash first, the next RocksDB commit on that transaction object
  fails due to the transaction being in unexpected state (COMMITTED instead of
  STARTED).

Fix by:
- No longer deleting transactions in rocksdb_commit_by_xid and
  rocksdb_rollback_by_xid, which was suitable only for crash recovery.
- Prevent memory leaks in crash recovery by making the recovered transaction
  pointer vector in rocksdb_recover public, and deleting all the transactions
  there in rocksdb_post_recover.
- New method Rdb_transaction::restart_if_committed_by_xid with implementation in
  Rdb_transaction_impl that syncs the MyRocks transaction state with RocksDB by
  restarting the RocksDB transaction if needed.
@facebook-github-bot
Copy link

facebook-github-bot commented Feb 12, 2025

@luqun has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.
@laurynas-biveinis laurynas-biveinis deleted the myr-ddse-mdl_sync branch March 10, 2025 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CLA Signed

2 participants

@laurynas-biveinis @facebook-github-bot