Summary:
TL;DR: due to a recent change, if you drop a column family,
often that DB will no longer fsync after writing new SST files
to remaining or new column families, which could lead to data
loss on power loss.
More bug detail:
The intent of https://github.com/facebook/rocksdb/issues/10049 was to Close FSDirectory objects at
DB::Close time rather than waiting for DB object destruction.
Unfortunately, it also closes shared FSDirectory objects on
DropColumnFamily (& destroy remaining handles), which can lead
to use-after-Close on FSDirectory shared with remaining column
families. Those "uses" are only Fsyncs (or redundant Closes). In
the default Posix filesystem, an Fsync on a closed FSDirectory is a
quiet no-op. Consequently (under most configurations), if you drop
a column family, that DB will no longer fsync after writing new SST
files to column families sharing the same directory (true under most
configurations).
More fix detail:
Basically, this removes unnecessary Close ops on destroying
ColumnFamilyData. We let `shared_ptr` take care of calling the
destructor at the right time. If the intent was to require Close be
called before destroying FSDirectory, that was not made clear by the
author of FileSystem and was not at all enforced by https://github.com/facebook/rocksdb/issues/10049, which
could have added `assert(fd_ == -1)` to `~PosixDirectory()` but did
not. To keep this fix simple, we relax the unit test for https://github.com/facebook/rocksdb/issues/10049 to allow
timely destruction of FSDirectory to suffice as Close (in
CountedFileSystem). Added a TODO to revisit that.
Also in this PR:
* Added a TODO to share FSDirectory instances between DB and its column
families. (Already shared among column families.)
* Made DB::Close attempt to close all its open FSDirectory objects even
if there is a failure in closing one. Also code clean-up around this
logic.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10460
Test Plan:
add an assert to check for use-after-Close. With that
existing tests can detect the misuse. With fix, tests pass (except noted
relaxing of unit test for https://github.com/facebook/rocksdb/issues/10049)
Reviewed By: ajkr
Differential Revision:
D38357922
Pulled By: pdillinger
fbshipit-source-id:
d42079cadbedf0a969f03389bf586b3b4e1f9137
# Rocksdb Change Log
+## Unreleased
+### Bug Fixes
+* Fix a bug starting in 7.4.0 in which some fsync operations might be skipped in a DB after any DropColumnFamily on that DB, until it is re-opened. This can lead to data loss on power loss. (For custom FileSystem implementations, this could lead to `FSDirectory::Fsync` or `FSDirectory::Close` after the first `FSDirectory::Close`; Also, valgrind could report call to `close()` with `fd=-1`.)
+
## 7.4.4 (07/19/2022)
### Public API changes
* Removed Customizable support for RateLimiter and removed its CreateFromString() and Type() functions.
id_, name_.c_str());
}
}
-
- if (data_dirs_.size()) { // Explicitly close data directories
- Status s = Status::OK();
- for (auto& data_dir_ptr : data_dirs_) {
- if (data_dir_ptr) {
- s = data_dir_ptr->Close(IOOptions(), nullptr);
- if (!s.ok()) {
- // TODO(zichen): add `Status Close()` and `CloseDirectories()
- s.PermitUncheckedError();
- }
- }
- }
- }
}
bool ColumnFamilyData::UnrefAndTryDelete() {
s = db->Close();
auto* counted_fs =
options.env->GetFileSystem()->CheckedCast<CountedFileSystem>();
- assert(counted_fs);
- ASSERT_TRUE(counted_fs->counters()->dir_opens ==
- counted_fs->counters()->dir_closes);
+ ASSERT_TRUE(counted_fs != nullptr);
+ ASSERT_EQ(counted_fs->counters()->dir_opens,
+ counted_fs->counters()->dir_closes);
ASSERT_OK(s);
delete db;
}
IOStatus Close(const IOOptions& options, IODebugContext* dbg) {
// close all directories for all database paths
IOStatus s = IOStatus::OK();
- IOStatus temp_s = IOStatus::OK();
// The default implementation for Close() in Directory/FSDirectory class
// "NotSupported" status, the upper level interface should be able to
// `FSDirectory::Close()` yet
if (db_dir_) {
- temp_s = db_dir_->Close(options, dbg);
- if (!temp_s.ok()) {
- if (temp_s.IsNotSupported()) {
- temp_s.PermitUncheckedError();
- } else {
- s = temp_s;
- }
+ IOStatus temp_s = db_dir_->Close(options, dbg);
+ if (!temp_s.ok() && !temp_s.IsNotSupported() && s.ok()) {
+ s = std::move(temp_s);
}
}
- if (!s.ok()) {
- return s;
- }
+ // Attempt to close everything even if one fails
+ s.PermitUncheckedError();
if (wal_dir_) {
- s = wal_dir_->Close(options, dbg);
- if (!temp_s.ok()) {
- if (temp_s.IsNotSupported()) {
- temp_s.PermitUncheckedError();
- } else {
- s = temp_s;
- }
+ IOStatus temp_s = wal_dir_->Close(options, dbg);
+ if (!temp_s.ok() && !temp_s.IsNotSupported() && s.ok()) {
+ s = std::move(temp_s);
}
}
- if (!s.ok()) {
- return s;
- }
+ s.PermitUncheckedError();
- if (data_dirs_.size() > 0 && s.ok()) {
- for (auto& data_dir_ptr : data_dirs_) {
- if (data_dir_ptr) {
- temp_s = data_dir_ptr->Close(options, dbg);
- if (!temp_s.ok()) {
- if (temp_s.IsNotSupported()) {
- temp_s.PermitUncheckedError();
- } else {
- return temp_s;
- }
- }
+ for (auto& data_dir_ptr : data_dirs_) {
+ if (data_dir_ptr) {
+ IOStatus temp_s = data_dir_ptr->Close(options, dbg);
+ if (!temp_s.ok() && !temp_s.IsNotSupported() && s.ok()) {
+ s = std::move(temp_s);
}
}
}
- // Mark temp_s as checked when temp_s is still the initial status
- // (IOStatus::OK(), not checked yet)
- temp_s.PermitUncheckedError();
+ // Ready for caller
+ s.MustCheck();
return s;
}
s = CheckConsistency();
}
if (s.ok() && !read_only) {
+ // TODO: share file descriptors (FSDirectory) with SetDirectories above
std::map<std::string, std::shared_ptr<FSDirectory>> created_dirs;
for (auto cfd : *versions_->GetColumnFamilySet()) {
s = cfd->AddDirectories(&created_dirs);
IOStatus PosixDirectory::FsyncWithDirOptions(
const IOOptions& /*opts*/, IODebugContext* /*dbg*/,
const DirFsyncOptions& dir_fsync_options) {
+ assert(fd_ >= 0); // Check use after close
IOStatus s = IOStatus::OK();
#ifndef OS_AIX
if (is_btrfs_) {
class CountedDirectory : public FSDirectoryWrapper {
private:
mutable CountedFileSystem* fs_;
+ bool closed_ = false;
public:
CountedDirectory(std::unique_ptr<FSDirectory>&& f, CountedFileSystem* fs)
if (rv.ok()) {
fs_->counters()->closes++;
fs_->counters()->dir_closes++;
+ closed_ = true;
}
return rv;
}
}
return rv;
}
+
+ ~CountedDirectory() {
+ if (!closed_) {
+ // TODO: fix DB+CF code to use explicit Close, not rely on destructor
+ fs_->counters()->closes++;
+ fs_->counters()->dir_closes++;
+ }
+ }
};
} // anonymous namespace
projects / rocksdb.git / commitdiff