Skip to content

24-3: Fix use-after-free in CommittingOps tracking #8925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 9, 2024
Merged

24-3: Fix use-after-free in CommittingOps tracking #8925

merged 2 commits into from
Sep 9, 2024

Conversation

snaury
Copy link
Member

@snaury snaury commented Sep 9, 2024

Changelog entry

...

Changelog category

  • Bugfix

Additional information

There was a problem with CommittingOps tracking, where a distributed transaction could have failed without adding to this set, but would try to remove itself on completion. When other immediate transactions attached to the same version it could cause refcount underflow and remove the version record with iterators still pointing there, causing use-after-free. Reproducing this issue is very tricky, since distributed tx must finish execution before another immediate tx (non read-only and attached to the same version) executes, which usually cannot happen. However, new EvWrite api uses local mvcc snapshots for uncommitted writes, which makes it possible to attach to a version first and execute out-of-order later.

This patch adds strict validation to CommittingOps tracking, and makes sure Remove (with the same version) is only called once after a corresponding Add.

Fixes KIKIMR-21932.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 9, 2024
edited
Loading

2024-09-09 07:56:25 UTC Pre-commit check for 74ed68a has started.
2024-09-09 07:59:07 UTC Build linux-x86_64-release-asan is running...
🟢 2024-09-09 08:24:25 UTC Build successful.
2024-09-09 08:24:39 UTC Tests are running...
🔴 2024-09-09 10:23:06 UTC Some tests failed, follow the links below.

Test history | Test log

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
9903 9841 0 6 24 32

🟢 2024-09-09 10:23:46 UTC ydbd size 5.5 GiB changed* by +31.5 KiB, which is < 100.0 KiB vs stable-24-3: OK

ydbd size dash stable-24-3: fac9434 merge: 74ed68a diff diff %
ydbd size 5 934 639 208 Bytes 5 934 671 448 Bytes +31.5 KiB +0.001%
ydbd stripped size 1 487 867 776 Bytes 1 487 880 160 Bytes +12.1 KiB +0.001%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 9, 2024
edited
Loading

2024-09-09 07:56:44 UTC Pre-commit check for 74ed68a has started.
2024-09-09 07:59:17 UTC Build linux-x86_64-release-clang14 is running...
🟢 2024-09-09 08:07:18 UTC Build successful.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 9, 2024
edited
Loading

2024-09-09 07:58:18 UTC Pre-commit check for 74ed68a has started.
2024-09-09 08:00:51 UTC Build linux-x86_64-relwithdebinfo is running...
🟢 2024-09-09 08:40:44 UTC Build successful.
2024-09-09 08:41:01 UTC Tests are running...
🔴 2024-09-09 10:02:43 UTC Some tests failed, follow the links below.

Test history | Test log

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
14205 12871 0 4 1299 31

🟡 2024-09-09 10:03:28 UTC ydbd size 8.2 GiB changed* by +143.7 KiB, which is >= 100.0 KiB vs stable-24-3: Warning

ydbd size dash stable-24-3: 871adef merge: 74ed68a diff diff %
ydbd size 8 760 911 888 Bytes 8 761 059 000 Bytes +143.7 KiB +0.002%
ydbd stripped size 478 998 600 Bytes 479 004 936 Bytes +6.2 KiB +0.001%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@snaury snaury marked this pull request as ready for review September 9, 2024 10:09
@snaury snaury requested a review from a team as a code owner September 9, 2024 10:09
@snaury snaury merged commit 119aec4 into ydb-platform:stable-24-3 Sep 9, 2024
8 of 12 checks passed
@snaury snaury deleted the bugfix-KIKIMR-21932-remove-committing-ops-24-3 branch September 9, 2024 10:36
This was referenced Oct 29, 2024
Closed
Closed
@GrigoriyPA GrigoriyPA mentioned this pull request Feb 21, 2025
Closed
This was referenced Jun 3, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fomichev3000 fomichev3000 fomichev3000 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@snaury @fomichev3000 @azevaykin