core: Fix commit log concurrency #465
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, constructing the commit payload to append to the message log was done without holding the lock on the latter. This meant that commits could be written to the log out-of-order. Indeed, this could be observed on deployed databases by virtue of verifying the hash chain (the parent hash is computed in `generate_commit`). To fix this, the lock is now acquired immediately and held until the message is written (and potentially fsync'ed).
kulakowski
approved these changes
Oct 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of Changes
Previously, constructing the commit payload to append to the message log was done without holding the lock on the latter. This meant that commits could be written to the log out-of-order.
Indeed, this could be observed on deployed databases by virtue of verifying the hash chain (the parent hash is computed in
generate_commit).To fix this, the lock is now acquired immediately and held until the message is written (and potentially fsync'ed).
API and ABI
If the API is breaking, please state below what will break
Expected complexity level and risk
How complicated do you think these changes are? Grade on a scale from 1 to 5,
where 1 is a trivial change, and 5 is a deep-reaching and complex change.
2.5
The fix is fairly obvious, but will nevertheless require careful review due to the critical nature of the subsystem.