[kudu-CR] KUDU-777. Fix potential use-after-free after major delta compaction

Thu, 07 Apr 2016 18:48:06 -0700 

Hello Adar Dembo, Kudu Jenkins,

I'd like you to reexamine a change.  Please visit

    http://gerrit.cloudera.org:8080/2731

to look at the new patch set (#2).

Change subject: KUDU-777. Fix potential use-after-free after major delta 
compaction
......................................................................

KUDU-777. Fix potential use-after-free after major delta compaction

This fixes the following race which could cause a crash:

- compaction policy is running on T1
- while constructing a RowSetTree, we call RowSet::GetBounds()
-- this calls base_data_->GetBounds() and returns Slices which point
   to storage owned by the CFileSet
- T2 completes a major delta compaction on the same rowset, which
  ends up destroying the original base_data_, thus invalidating the
  slices
- T1 continues and tries to access the slices, causing use-after-free

The fix is the most straight-forward one: we change GetBounds() to return
std::strings instead of Slices. There might be a small perf difference here,
but this call never shows up on hot paths like read or write operations.

I looped build/latest/bin/mt-tablet-test 
--gtest_filter=MultiThreadedTabletTest/1.DeleteAndReinsert
1000 times in an ASAN build. Before the patch, it failed 2/1000 with
a use-after-free on the bounds Slice. With the patch, it passed
1000/1000.

Change-Id: Ife1adaa3125642fc96364be69f42989800241256
---
M src/kudu/tablet/cfile_set.cc
M src/kudu/tablet/cfile_set.h
M src/kudu/tablet/diskrowset.cc
M src/kudu/tablet/diskrowset.h
M src/kudu/tablet/memrowset.cc
M src/kudu/tablet/memrowset.h
M src/kudu/tablet/mock-rowsets.h
M src/kudu/tablet/rowset.cc
M src/kudu/tablet/rowset.h
M src/kudu/tablet/rowset_info.cc
M src/kudu/tablet/rowset_info.h
M src/kudu/tablet/rowset_tree-test.cc
M src/kudu/tablet/rowset_tree.cc
13 files changed, 63 insertions(+), 64 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/31/2731/2
-- 
To view, visit http://gerrit.cloudera.org:8080/2731
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ife1adaa3125642fc96364be69f42989800241256
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <[email protected]>
Gerrit-Reviewer: Adar Dembo <[email protected]>
Gerrit-Reviewer: Kudu Jenkins

Reply via email to