Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-23.1: storage: fix PebbleFileRegistry bug that drops entry on rollover #107277

Merged
merged 1 commit into from Jul 22, 2023
Merged

release-23.1: storage: fix PebbleFileRegistry bug that drops entry on rollover #107277

merged 1 commit into from Jul 22, 2023

Conversation

blathers-crl[bot]
Copy link

@blathers-crl blathers-crl bot commented Jul 20, 2023
edited by sumeerbhola

Backport 1/1 commits from #107249 on behalf of @sumeerbhola.

/cc @cockroachdb/release

The writeToRegistryFile method first writes the new batch, containing file mappings, to the registry file, and then if the registry file is too big, creates a new registry file. The new registry file is populated with the contents of the map, which doesn't yet contain the edits in the batch, resulting in a loss of these edits when the file registry is reopened. This PR changes the logic to first rollover if the registry file is too big, and then writes the batch to the new file.

This bug has existed since the record writer based registry was implemented 239377a. When it leads to a loss of a file mapping in the registry, it will be noticed by Pebble as a corruption (so not a silent failure) since the file corresponding to the mapping will be assumed to be unencrypted, but can't be successfully read as an unencrypted file. Since we have not seen this occur in production settings, we suspect that an observable mapping loss is rare because compactions typically rewrite the files in those lost mappings before the file registry is reopened.

Epic: none

Fixes: #106617

Release note: None

Release justification: fix for (non-silent) data corruption bug that causes node failure

@sumeerbhola
storage: fix PebbleFileRegistry bug that drops entry on rollover
94c9979 
The writeToRegistryFile method first writes the new batch, containing file
mappings, to the registry file, and then if the registry file is too big,
creates a new registry file. The new registry file is populated with the
contents of the map, which doesn't yet contain the edits in the batch,
resulting in a loss of these edits when the file registry is reopened. This
PR changes the logic to first rollover if the registry file is too big,
and then writes the batch to the new file.

This bug has existed since the record writer based registry was implemented
239377a.
When it leads to a loss of a file mapping in the registry, it will be
noticed by Pebble as a corruption (so not a silent failure) since the file
corresponding to the mapping will be assumed to be unencrypted, but can't
be successfully read as an unencrypted file. Since we have not seen this
occur in production settings, we suspect that an observable mapping loss
is rare because compactions typically rewrite the files in those lost
mappings before the file registry is reopened.

Epic: none

Fixes: #106617

Release note: None
@blathers-crl blathers-crl bot requested a review from a team as a code owner July 20, 2023 17:16
@blathers-crl blathers-crl bot requested a review from itsbilal July 20, 2023 17:16
@blathers-crl blathers-crl bot force-pushed the blathers/backport-release-23.1-107249 branch from f73f19a to c881697 Compare July 20, 2023 17:16
@blathers-crl blathers-crl bot added blathers-backport This is a backport that Blathers created automatically. O-robot Originated from a bot. labels Jul 20, 2023
@blathers-crl blathers-crl bot force-pushed the blathers/backport-release-23.1-107249 branch from 79ba8ce to 94c9979 Compare July 20, 2023 17:16
@blathers-crl
Copy link
Author

blathers-crl bot commented Jul 20, 2023
edited by sumeerbhola

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Patches should only be created for serious issues or test-only changes.
  • Patches should not break backwards-compatibility.
  • Patches should change as little code as possible.
  • Patches should not change on-disk formats or node communication protocols.
  • Patches should not add new functionality.
  • Patches must not add, edit, or otherwise modify cluster versions; or add version gates.
If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters.
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.

Add a brief release justification to the body of your PR to justify this backport.

Some other things to consider:

  • What did we do to ensure that a user that doesn’t know & care about this backport, has no idea that it happened?
  • Will this work in a cluster of mixed patch versions? Did we test that?
  • If a user upgrades a patch version, uses this feature, and then downgrades, what happens?

@cockroach-teamcity
Copy link
Member

This change is Reviewable

jbowens
jbowens approved these changes Jul 20, 2023
View reviewed changes
Copy link
Collaborator

@jbowens jbowens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@sumeerbhola
Copy link
Collaborator

TFTR!

@sumeerbhola sumeerbhola merged commit 5fe2141 into release-23.1 Jul 22, 2023
6 checks passed
@sumeerbhola sumeerbhola deleted the blathers/backport-release-23.1-107249 branch July 22, 2023 23:43
@jbowens jbowens mentioned this pull request Aug 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbowens jbowens jbowens approved these changes

@itsbilal itsbilal Awaiting requested review from itsbilal itsbilal is a code owner automatically assigned from cockroachdb/storage

@sumeerbhola sumeerbhola Awaiting requested review from sumeerbhola

Assignees

@sumeerbhola sumeerbhola

Labels
blathers-backport This is a backport that Blathers created automatically. O-robot Originated from a bot.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cockroach-teamcity @sumeerbhola @jbowens