Fix BufferedDynamicFlags flushing with concurrent drop/deletion #7621
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -19,15 +19,19 @@ pub(crate) struct BufferedDynamicFlags { | |||||
|
|
||||||
| /// Pending changes to the storage flags. | ||||||
| buffer: Arc<RwLock<AHashMap<PointOffsetType, bool>>>, | ||||||
|
|
||||||
| /// Lock to prevent concurrent flush and drop | ||||||
| pub is_alive_flush_lock: Arc<Mutex<bool>>, | ||||||
| } | ||||||
|
|
||||||
| impl BufferedDynamicFlags { | ||||||
| pub fn new(mmap_flags: DynamicMmapFlags) -> Self { | ||||||
| let buffer = Arc::new(RwLock::new(AHashMap::new())); | ||||||
| let is_alive_flush_lock = Arc::new(Mutex::new(true)); | ||||||
| Self { | ||||||
| storage: Arc::new(Mutex::new(mmap_flags)), | ||||||
| buffer, | ||||||
| is_alive_flush_lock, | ||||||
| } | ||||||
| } | ||||||
|
|
||||||
|
|
@@ -56,8 +60,24 @@ impl BufferedDynamicFlags { | |||||
| (updates, required_len) | ||||||
| }; | ||||||
|
|
||||||
| // Weak reference to detect when the storage has been deleted | ||||||
| let flags_arc = Arc::downgrade(&self.storage); | ||||||
|
Comment on lines
+63
to
+64
Contributor
There was a problem hiding this comment. I did similarly for #7624, this is an improvement so that we don't start flushing a dropped component 👍 |
||||||
| let is_alive_flush_lock = self.is_alive_flush_lock.clone(); | ||||||
|
|
||||||
| Box::new(move || { | ||||||
| // Keep the guard till the end of the flush to prevent concurrent drop/flushes | ||||||
| let is_alive_flush_guard = is_alive_flush_lock.lock(); | ||||||
|
|
||||||
| if !*is_alive_flush_guard { | ||||||
|
Contributor
There was a problem hiding this comment. We should be able to avoid this check by also using a weak reference to the lock. Then it would also simplify the mutex to just hold a unit struct |
||||||
| // Storage is removed, skip flush | ||||||
| return Ok(()); | ||||||
| } | ||||||
|
|
||||||
| let Some(flags_arc) = flags_arc.upgrade() else { | ||||||
| log::debug!("skipping flushing on deleted storage"); | ||||||
| return Ok(()); | ||||||
| }; | ||||||
|
|
||||||
| // lock for the entire flushing process | ||||||
| let mut flags_guard = flags_arc.lock(); | ||||||
|
|
||||||
|
|
@@ -77,6 +97,13 @@ impl BufferedDynamicFlags { | |||||
| } | ||||||
| } | ||||||
|
|
||||||
| impl Drop for BufferedDynamicFlags { | ||||||
| fn drop(&mut self) { | ||||||
| // Wait for all background flush operations to finish | ||||||
|
Member
There was a problem hiding this comment.
Suggested change
|
||||||
| *self.is_alive_flush_lock.lock() = false; | ||||||
| } | ||||||
| } | ||||||
|
|
||||||
| #[cfg(test)] | ||||||
| mod tests { | ||||||
|
|
||||||
|
|
||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After some consideration, I am not sure this will actually prevent trying to interact with an inexistent file/directory. In
PayloadIndex::drop_indexwe actually remove the directory BEFORE dropping the index.This lock only makes the dropping wait for the end of the flush, but the files may already be deleted externally.
Please correct me if I missed something 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good call. That is a problem!
We must only delete files once we unload the payload index structure.
I am quite sure it's important to only delete after also releasing all files handles. Because Windows doesn't allow us to delete files which we still have open. Though then I'm also a bit puzzled on why we haven't seen issues about this. Maybe it needs a specific setup, like explicitly deleting a payload index which may not be very common.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On second thought:
I do remember quite a few reports where Windows users complained about 'permission denied' errors. It may very well be caused by this.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks I did push a fix to order the drop properly 34d031d
My guess it that the original patch worked for me locally because the flush would happen after the drop anyway.
There is not a lot of time to squeeze the flusher between the FS remove and the implicit drop.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI started an audit here #7626