From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org> To: tarantool-patches@dev.tarantool.org, kostja.osipov@gmail.com Subject: [Tarantool-patches] [PATCH 1/1] txn: don't trust group id in remote request header Date: Wed, 15 Jan 2020 22:24:53 +0100 [thread overview] Message-ID: <f463bd65144de98ec3c45d58b8d2f429fe01e28e.1579123073.git.v.shpilevoy@tarantool.org> (raw) Transaction adds a redo log for each statement. The log is an xrow header. Some requests don't have a header (local requests), some do (from remote client, from replication). When a request had a header, it was written as is to WAL. But requests from remote client have an xrow header, however barely filled. Most of its fields are default values, usually 0. Including group id. Indeed, remote clients should not care about setting such deep system fields. That led to a problem when a space had group id local (!= 0), but it was ignored because in a request header from a remote client the group id was default (== 0). On the summary, it was possible to force Tarantool to replicate a replica-local space. Now group id setting is server-authoritative. Box always sets it regardless of what is present in an xrow header received from a client. Thanks Kostja Osipov (@kostja) for the diagnostics and the solution. Closes #4729 --- Branch: https://github.com/tarantool/tarantool/tree/gerold103/gh-4729-iproto-group-id Issue: https://github.com/tarantool/tarantool/issues/4729 There is an alternative solution - nullify xrow_header pointer in tx_process1() before box_process1(), and return it back afterwards. Then txn.c won't look at the header. Currently there still is a problem, if a user, for example, sets replica_id field. Indeed, xrow_header may create a problem in tx_process1() only, and it is not really needed by tx thread. For iproto the only interesting fields here are sync and type. src/box/txn.c | 11 +- .../gh-4729-netbox-group-id.result | 104 ++++++++++++++++++ .../gh-4729-netbox-group-id.test.lua | 37 +++++++ 3 files changed, 150 insertions(+), 2 deletions(-) create mode 100644 test/replication/gh-4729-netbox-group-id.result create mode 100644 test/replication/gh-4729-netbox-group-id.test.lua diff --git a/src/box/txn.c b/src/box/txn.c index 963ec8eeb..bedb57449 100644 --- a/src/box/txn.c +++ b/src/box/txn.c @@ -72,12 +72,19 @@ txn_add_redo(struct txn *txn, struct txn_stmt *stmt, struct request *request) /* Initialize members explicitly to save time on memset() */ row->type = request->type; row->replica_id = 0; - row->group_id = stmt->space != NULL ? - space_group_id(stmt->space) : 0; row->lsn = 0; row->sync = 0; row->tm = 0; } + /* + * Group ID should be set both for requests not having a + * header, and for the ones who have it. This is because + * even if a request has a header, the group id could be + * omitted in it, and is default - 0. Even if the space's + * real group id is different. + */ + struct space *space = stmt->space; + row->group_id = space != NULL ? space_group_id(space) : 0; row->bodycnt = xrow_encode_dml(request, &txn->region, row->body); if (row->bodycnt < 0) return -1; diff --git a/test/replication/gh-4729-netbox-group-id.result b/test/replication/gh-4729-netbox-group-id.result new file mode 100644 index 000000000..d7189baaf --- /dev/null +++ b/test/replication/gh-4729-netbox-group-id.result @@ -0,0 +1,104 @@ +-- test-run result file version 2 +test_run = require('test_run').new() + | --- + | ... +-- +-- gh-4729: box should not trust xrow header group id, received +-- from a remote client on DDL/DML. +-- +box.schema.user.grant('guest', 'super') + | --- + | ... +s1 = box.schema.space.create('test_local', {is_local = true}) + | --- + | ... +_ = s1:create_index('pk', {parts = {1, 'unsigned'}}) + | --- + | ... +s2 = box.schema.space.create('test_normal') + | --- + | ... +_ = s2:create_index('pk', {parts = {1, 'unsigned'}}) + | --- + | ... + +test_run:cmd('create server replica with rpl_master=default, script="replication/replica.lua"') + | --- + | - true + | ... +test_run:cmd('start server replica') + | --- + | - true + | ... +test_run:switch('replica') + | --- + | - true + | ... + +netbox = require('net.box') + | --- + | ... +c = netbox.connect(box.cfg.replication[1]) + | --- + | ... +c.space.test_local:insert({1}) + | --- + | - [1] + | ... +c.space.test_normal:insert({1}) + | --- + | - [1] + | ... +c:close() + | --- + | ... +test_run:wait_cond(function() \ + return box.space.test_normal ~= nil and \ + box.space.test_normal.index.pk ~= nil and \ + box.space.test_normal:count() == 1 \ +end) + | --- + | - true + | ... +box.space.test_local:select{} + | --- + | - [] + | ... +box.space.test_normal:select{} + | --- + | - - [1] + | ... + +test_run:switch('default') + | --- + | - true + | ... +test_run:cmd("stop server replica") + | --- + | - true + | ... +test_run:cmd("cleanup server replica") + | --- + | - true + | ... +test_run:cmd("delete server replica") + | --- + | - true + | ... +s1:select{} + | --- + | - - [1] + | ... +s2:select{} + | --- + | - - [1] + | ... +s1:drop() + | --- + | ... +s2:drop() + | --- + | ... +box.schema.user.revoke('guest', 'super') + | --- + | ... diff --git a/test/replication/gh-4729-netbox-group-id.test.lua b/test/replication/gh-4729-netbox-group-id.test.lua new file mode 100644 index 000000000..3d8cef65f --- /dev/null +++ b/test/replication/gh-4729-netbox-group-id.test.lua @@ -0,0 +1,37 @@ +test_run = require('test_run').new() +-- +-- gh-4729: box should not trust xrow header group id, received +-- from a remote client on DDL/DML. +-- +box.schema.user.grant('guest', 'super') +s1 = box.schema.space.create('test_local', {is_local = true}) +_ = s1:create_index('pk', {parts = {1, 'unsigned'}}) +s2 = box.schema.space.create('test_normal') +_ = s2:create_index('pk', {parts = {1, 'unsigned'}}) + +test_run:cmd('create server replica with rpl_master=default, script="replication/replica.lua"') +test_run:cmd('start server replica') +test_run:switch('replica') + +netbox = require('net.box') +c = netbox.connect(box.cfg.replication[1]) +c.space.test_local:insert({1}) +c.space.test_normal:insert({1}) +c:close() +test_run:wait_cond(function() \ + return box.space.test_normal ~= nil and \ + box.space.test_normal.index.pk ~= nil and \ + box.space.test_normal:count() == 1 \ +end) +box.space.test_local:select{} +box.space.test_normal:select{} + +test_run:switch('default') +test_run:cmd("stop server replica") +test_run:cmd("cleanup server replica") +test_run:cmd("delete server replica") +s1:select{} +s2:select{} +s1:drop() +s2:drop() +box.schema.user.revoke('guest', 'super') -- 2.21.1 (Apple Git-122.3)
next reply other threads:[~2020-01-15 21:24 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-01-15 21:24 Vladislav Shpilevoy [this message] 2020-01-16 19:40 ` Georgy Kirichenko 2020-01-21 12:39 ` Kirill Yukhin 2020-01-21 20:34 ` Vladislav Shpilevoy 2020-01-23 6:55 ` Kirill Yukhin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=f463bd65144de98ec3c45d58b8d2f429fe01e28e.1579123073.git.v.shpilevoy@tarantool.org \ --to=v.shpilevoy@tarantool.org \ --cc=kostja.osipov@gmail.com \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH 1/1] txn: don'\''t trust group id in remote request header' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox