[PATCH 2/2] vinyl: fix crash if space is dropped while space.get is reading from it
Vladimir Davydov
vdavydov.dev at gmail.com
Sun Apr 14 18:54:53 MSK 2019
In contrast to vinyl_iterator, vinyl_index_get doesn't take a reference
to the LSM tree while reading from it. As a result, if the LSM tree is
dropped in the meantime, vinyl_index_get will crash. Fix this issue by
surrounding vy_get with vy_lsm_ref/unref.
Closes #4109
---
https://github.com/tarantool/tarantool/issues/4109
https://github.com/tarantool/tarantool/commits/dv/vy-ddl-fixes
src/box/vinyl.c | 9 +++++++-
test/vinyl/errinj_ddl.result | 49 ++++++++++++++++++++++++++++++++++++++++++
test/vinyl/errinj_ddl.test.lua | 20 +++++++++++++++++
3 files changed, 77 insertions(+), 1 deletion(-)
diff --git a/src/box/vinyl.c b/src/box/vinyl.c
index 9428e934..41918beb 100644
--- a/src/box/vinyl.c
+++ b/src/box/vinyl.c
@@ -3984,7 +3984,14 @@ vinyl_index_get(struct index *index, const char *key,
return -1;
}
- if (vy_get_by_raw_key(lsm, tx, rv, key, part_count, ret) != 0)
+ /*
+ * Make sure the LSM tree isn't deleted while we are
+ * reading from it.
+ */
+ vy_lsm_ref(lsm);
+ int rc = vy_get_by_raw_key(lsm, tx, rv, key, part_count, ret);
+ vy_lsm_unref(lsm);
+ if (rc != 0)
return -1;
if (*ret != NULL) {
tuple_bless(*ret);
diff --git a/test/vinyl/errinj_ddl.result b/test/vinyl/errinj_ddl.result
index 7bee4efd..dcbf90f7 100644
--- a/test/vinyl/errinj_ddl.result
+++ b/test/vinyl/errinj_ddl.result
@@ -894,6 +894,55 @@ s.index.secondary:select()
s:drop()
---
...
+--
+-- gh-4109: crash if space is dropped while space.get is reading from it.
+--
+s = box.schema.space.create('test', {engine = 'vinyl'})
+---
+...
+_ = s:create_index('primary')
+---
+...
+s:replace{1}
+---
+- [1]
+...
+box.snapshot()
+---
+- ok
+...
+test_run:cmd("setopt delimiter ';'")
+---
+- true
+...
+box.error.injection.set('ERRINJ_VY_READ_PAGE_TIMEOUT', 0.01);
+---
+- ok
+...
+ch = fiber.channel(1);
+---
+...
+_ = fiber.create(function()
+ local _, ret = pcall(s.get, s, 1)
+ ch:put(ret)
+end);
+---
+...
+s:drop();
+---
+...
+ch:get();
+---
+- [1]
+...
+box.error.injection.set('ERRINJ_VY_READ_PAGE_TIMEOUT', 0);
+---
+- ok
+...
+test_run:cmd("setopt delimiter ''");
+---
+- true
+...
box.cfg{vinyl_cache = default_vinyl_cache}
---
...
diff --git a/test/vinyl/errinj_ddl.test.lua b/test/vinyl/errinj_ddl.test.lua
index 52d9de65..6413c352 100644
--- a/test/vinyl/errinj_ddl.test.lua
+++ b/test/vinyl/errinj_ddl.test.lua
@@ -395,4 +395,24 @@ s.index.primary:select()
s.index.secondary:select()
s:drop()
+--
+-- gh-4109: crash if space is dropped while space.get is reading from it.
+--
+s = box.schema.space.create('test', {engine = 'vinyl'})
+_ = s:create_index('primary')
+s:replace{1}
+box.snapshot()
+
+test_run:cmd("setopt delimiter ';'")
+box.error.injection.set('ERRINJ_VY_READ_PAGE_TIMEOUT', 0.01);
+ch = fiber.channel(1);
+_ = fiber.create(function()
+ local _, ret = pcall(s.get, s, 1)
+ ch:put(ret)
+end);
+s:drop();
+ch:get();
+box.error.injection.set('ERRINJ_VY_READ_PAGE_TIMEOUT', 0);
+test_run:cmd("setopt delimiter ''");
+
box.cfg{vinyl_cache = default_vinyl_cache}
--
2.11.0
More information about the Tarantool-patches
mailing list