You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There was a problem with CommittingOps tracking, where a distributed transaction could have failed without adding to this set, but would try to remove itself on completion. When other immediate transactions attached to the same version it could cause refcount underflow and remove the version record with iterators still pointing there, causing use-after-free. Reproducing this issue is very tricky, since distributed tx must finish execution before another immediate tx (non read-only and attached to the same version) executes, which usually cannot happen. However, new EvWrite api uses local mvcc snapshots for uncommitted writes, which makes it possible to attach to a version first and execute out-of-order later.
This patch adds strict validation to CommittingOps tracking, and makes sure Remove (with the same version) is only called once after a corresponding Add.
⚪ 2024-09-09 07:56:25 UTC Pre-commit check for 74ed68a has started.
⚪ 2024-09-09 07:59:07 UTC Build linux-x86_64-release-asan is running...
🟢 2024-09-09 08:24:25 UTC Build successful.
⚪ 2024-09-09 08:24:39 UTC Tests are running...
🔴 2024-09-09 10:23:06 UTC Some tests failed, follow the links below.
⚪ 2024-09-09 07:56:44 UTC Pre-commit check for 74ed68a has started.
⚪ 2024-09-09 07:59:17 UTC Build linux-x86_64-release-clang14 is running...
🟢 2024-09-09 08:07:18 UTC Build successful.
⚪ 2024-09-09 07:58:18 UTC Pre-commit check for 74ed68a has started.
⚪ 2024-09-09 08:00:51 UTC Build linux-x86_64-relwithdebinfo is running...
🟢 2024-09-09 08:40:44 UTC Build successful.
⚪ 2024-09-09 08:41:01 UTC Tests are running...
🔴 2024-09-09 10:02:43 UTC Some tests failed, follow the links below.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changelog entry
...
Changelog category
Additional information
There was a problem with CommittingOps tracking, where a distributed transaction could have failed without adding to this set, but would try to remove itself on completion. When other immediate transactions attached to the same version it could cause refcount underflow and remove the version record with iterators still pointing there, causing use-after-free. Reproducing this issue is very tricky, since distributed tx must finish execution before another immediate tx (non read-only and attached to the same version) executes, which usually cannot happen. However, new EvWrite api uses local mvcc snapshots for uncommitted writes, which makes it possible to attach to a version first and execute out-of-order later.
This patch adds strict validation to CommittingOps tracking, and makes sure Remove (with the same version) is only called once after a corresponding Add.
Fixes KIKIMR-21932.