Conversation
|
@soloestoy Ideally only changes of configuration should be denied during async_loading. Thanks |
|
@eduardobr about eval, you can look deep into function I'm not sure if it has actual damage, but it's very dangerous, and maybe more commands are dangerous like |
|
@soloestoy good catch about Regarding config, i never really liked the fact it was blocked during loading (in the quire recent past, CONFIG GET was blocked too). there are only a handful configs that can be abused during loading, and i would argue that this abuse is unlikely to be a real problem for users.
the configs that could have some possible issue are:
apart from that, maybe we need to block some commands, specifically:
|
|
@eduardobr @soloestoy can one of you take this issue and come up with a PR to solve these issues? |
|
a easy fix is don't allow |
|
I don't mind blocking config set, but that one is actually easy to solve (forbid a few configs, and cache others on the stack). |
|
ok, i understand no one else is looking into this, so i'll try to handle it myself. |
|
Note that i just realized the case of nested calls to And the fix for that seems as simple as incrementing / decrementing |
|
handled in #9878 |
oranagra
added
state:to-be-closed
|
Closing in favor of #9878 |
…ading (#9878) ## background Till now CONFIG SET was blocked during loading. (In the not so distant past, GET was disallowed too) We recently (not released yet) added an async-loading mode, see #9323, and during that time it'll serve CONFIG SET and any other command. And now we realized (#9770) that some configs, and commands are dangerous during async-loading. ## changes * Allow most CONFIG SET during loading (both on async-loading and normal loading) * Allow CONFIG REWRITE and CONFIG RESETSTAT during loading * Block a few config during loading (`appendonly`, `repl-diskless-load`, and `dir`) * Block a few commands during loading (list below) ## the blocked commands: * SAVE - obviously we don't wanna start a foregreound save during loading 8-) * BGSAVE - we don't mind to schedule one, but we don't wanna fork now * BGREWRITEAOF - we don't mind to schedule one, but we don't wanna fork now * MODULE - we obviously don't wanna unload a module during replication / rdb loading (MODULE HELP and MODULE LIST are not blocked) * SYNC / PSYNC - we're in the middle of RDB loading from master, must not allow sync requests now. * REPLICAOF / SLAVEOF - we're in the middle of replicating, maybe it makes sense to let the user abort it, but he couldn't do that so far, i don't wanna take any risk of bugs due to odd state. * CLUSTER - only allow [HELP, SLOTS, NODES, INFO, MYID, LINKS, KEYSLOT, COUNTKEYSINSLOT, GETKEYSINSLOT, RESET, REPLICAS, COUNT_FAILURE_REPORTS], for others, preserve the status quo ## other fixes * processEventsWhileBlocked had an issue when being nested, this could happen with a busy script during async loading (new), but also in a busy script during AOF loading (old). this lead to a crash in the scenario described in #6988
3 participants
PR #9323 introduces some bugs, since now we allow almost all commands during async loading, but execute some commands like
configevalis very dangerous, for example disable diskless-load during async loading can lead to data inconsistency(if replication succeeds) and memory leak(if replication fails) and crash(free master client after full resync), because the global config is modified, you can use the new test case in this PR to reproduce it.a simple way to fix it is revert the
async_loadingcheck inprocessCommand(), or we need more work to improve this feature, maybe refactor the rdb load mechanism to make it independent.ping @oranagra @eduardobr