Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vinyl: fix use-after-free of LSM tree in scheduler #10012

Merged
merged 1 commit into from
May 16, 2024
Merged

vinyl: fix use-after-free of LSM tree in scheduler #10012

merged 1 commit into from
May 16, 2024

Conversation

locker
Copy link
Member

@locker locker commented May 15, 2024

Between picking an LSM tree from a heap and taking a reference to it in vy_task_new() there are a few places where the scheduler may yield:

  • in vy_worker_pool_get() to start a worker pool;
  • in vy_task_dump_new() to wait for a memory tree to be unpinned;
  • in vy_task_compaction_new() to commit an entry to the metadata log after splitting or coalescing a range.

If a concurrent fiber drops and deletes the LSM tree in the meanwhile, the scheduler will crash. To avoid that, let's take a reference to the LSM tree.

It's quite difficult to write a functional test for it without a bunch of ugly error injections so we rely on fuzzing tests.

Closes #9995

@locker
vinyl: fix use-after-free of LSM tree in scheduler
7dada41 
Between picking an LSM tree from a heap and taking a reference to it in
vy_task_new() there are a few places where the scheduler may yield:
 - in vy_worker_pool_get() to start a worker pool;
 - in vy_task_dump_new() to wait for a memory tree to be unpinned;
 - in vy_task_compaction_new() to commit an entry to the metadata log
   after splitting or coalescing a range.

If a concurrent fiber drops and deletes the LSM tree in the meanwhile,
the scheduler will crash. To avoid that, let's take a reference to
the LSM tree.

It's quite difficult to write a functional test for it without a bunch
of ugly error injections so we rely on fuzzing tests.

Closes tarantool#9995

NO_DOC=bug fix
NO_TEST=fuzzing
@locker locker requested a review from a team as a code owner May 15, 2024 12:21
@locker locker requested a review from nshy May 15, 2024 12:30
@coveralls
Copy link

Coverage Status

coverage: 87.071% (-0.03%) from 87.104%
when pulling 7dada41 on locker:vy-scheduler-crash-fix
into d36493c
on tarantool:master.

@locker locker assigned locker and unassigned nshy May 15, 2024
@locker locker added the full-ci Enables all tests for a pull request label May 16, 2024
@locker locker merged commit 1c4605b into tarantool:master May 16, 2024
93 checks passed
@locker locker deleted the vy-scheduler-crash-fix branch May 16, 2024 07:55
@locker
Copy link
Member Author

locker commented May 16, 2024

Cherry-picked to 2.11 and 3.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nshy nshy nshy approved these changes

@xuniq xuniq xuniq approved these changes

Assignees

@locker locker

Labels
full-ci Enables all tests for a pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

tarantool has crashed in vy_mem_wait_pinned
4 participants
@locker @coveralls @nshy @xuniq