mirror of https://github.com/facebook/rocksdb.git
dbf37c290a
Summary: This PR fixes a heap use after free bug in the async prefetch code that happens in the following scenario - 1. Scan thread starts 2 async reads for Seek, one for the seek block and one for prefetching 2. Before the first read in https://github.com/facebook/rocksdb/issues/1 completes, another thread reads and loads the block in cache 3. The first scan thread finds the block in cache, continues and the next block cache miss is for a block that spans the boundary of the 2 prefetch buffers, and the 1st read is complete but the 2nd one is not complete yet 4. The scan thread will reallocate (i.e free the old buffer and allocate a new one) the 2nd prefetch buffer, and the in-progress prefetch is orphaned 5. The orphaned prefetch finally completes, resulting in a use after free Also add a few asserts to surface bugs earlier in the crash tests. Pull Request resolved: https://github.com/facebook/rocksdb/pull/11049 Test Plan: Repro with db_stress and verify the fix Reviewed By: akankshamahajan15 Differential Revision: D42181118 Pulled By: anand1976 fbshipit-source-id: 1ac55d2f64a89ce128c1c574262b8aa7d82eb8cc |
||
|---|---|---|
| .. | ||
| delete_scheduler.cc | ||
| delete_scheduler.h | ||
| delete_scheduler_test.cc | ||
| file_prefetch_buffer.cc | ||
| file_prefetch_buffer.h | ||
| file_util.cc | ||
| file_util.h | ||
| filename.cc | ||
| filename.h | ||
| line_file_reader.cc | ||
| line_file_reader.h | ||
| prefetch_test.cc | ||
| random_access_file_reader.cc | ||
| random_access_file_reader.h | ||
| random_access_file_reader_test.cc | ||
| read_write_util.cc | ||
| read_write_util.h | ||
| readahead_file_info.h | ||
| readahead_raf.cc | ||
| readahead_raf.h | ||
| sequence_file_reader.cc | ||
| sequence_file_reader.h | ||
| sst_file_manager_impl.cc | ||
| sst_file_manager_impl.h | ||
| writable_file_writer.cc | ||
| writable_file_writer.h | ||