release-23.1: kvserver: avoid load based splits in middle of SQL row #103876
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![blathers-crl[bot]](https://avatars.githubusercontent.com/in/59700?s=60&v=4){kind=small}
blathers-crl
bot
requested review from
srosenberg and
smg260
and removed request for
a team
|
Thanks for opening a backport. Please check the backport criteria before merging:
If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.
Add a brief release justification to the body of your PR to justify this backport. Some other things to consider:
|
blathers-crl
bot
force-pushed
the
blathers/backport-release-23.1-103690
branch
from
dd7da1a to
a1a5540
Compare
blathers-crl
bot
added
blathers-backport
blathers-crl
bot
requested review from
knz,
kvoli,
miraradeva,
nvanbenschoten and
sumeerbhola
|
This change is |
kvoli
force-pushed
the
blathers/backport-release-23.1-103690
branch
from
a1a5540 to
1e6cb0a
Compare
|
Added in #104082 on-top of the original PR commits. Should I merge into the previous commit Also rebased on master. I think the patch has sufficiently baked for a backport to 23.1 cc @nvanbenschoten. |
3 tasks
|
Created tracking issue for backports #104353 |
nvanbenschoten
approved these changes
Jun 5, 2023
There was a problem hiding this comment.
Should I merge into the previous commit
kvserver: avoid load-based splitting between rows or leave as is?
You can leave as is to preserve the commit history.
I think the patch has sufficiently baked for a backport to 23.1
Agreed. LGTM
| // 1. Within [startKey,endKey). | ||
| // 2. No less than desiredSplitKey. | ||
| // 3. Greater than the first key in [startKey,endKey]; or greater than all the | ||
| // first row's keys if a table range. . |
There was a problem hiding this comment.
"range. ."
Feel free to clean this up if you happen to be working in this area on master. No need for the fix to be backported, of course.
Previously, there was no way to peak the contents of the load based splitter samples when inspecting nodes. This commit adds string methods for the `UnweightedFinder`, `WeightedFinder` and `Decider`. This commit also swaps the order of the should split check to avoid computation. As a result the output of `cpu_decider_cartesian` changed slightly as the no split key logging message is now ordered differently. Informs: #103672 Informs: #103483 Release note: None
It was possible for a SQL row to be torn across two ranges due to the load-based splitter not rejecting potentially unsafe split keys. It is impossible to determine with keys sampled from response spans, whether a key is certainly unsafe or safe. This commit side steps this problem by re-using the `adminSplitWithDescriptor` command to find the first real key, after or at the provided `args.SplitKey`. This ensures that the split key will always be a real key whilst not requiring any checks in the splitter itself. The updated `adminSplitWithDescriptor` is local only and requires opting into finding the first safe key by setting `findFirstSafeKey` to `true`. As such, all safe split key checks are also removed from the `split` pkg, with a warning added that the any split key returned is unsafe. Resolves: #103483 Release note (bug fix): It was possible for a SQL row to be split across two ranges. When this occurred, SQL queries could return unexpected errors. This bug is resolved by these changes, as we now inspect the real keys, rather than just request keys to determine load-based split points.
It was possible that a load based split was suggested for `meta1`, which would call `MVCCFirstSplitKey` and panic as the `meta1` start key `\Min` is local, whilst the `meta1` end key is global `0x02 0xff 0xff`. Add a check that the start key is greater than the `meta1` end key before processing in `MVCCFirstSplitKey` to prevent the panic. Note `meta1` would never be split regardless, as `storage.IsValidSplitKey` would fail after finding a split key. Also note that if the desired split key is a local key, the same problem doesn't exist as the minimum split key would be used to seek the first split key instead. Fixes: #104007 Release note: None
kvoli
force-pushed
the
blathers/backport-release-23.1-103690
branch
from
1e6cb0a to
7f93988
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport 3/3 commits from #103690 on behalf of @kvoli.
Backport 1/1 commits from #104082 on behalf of @kvoli.
/cc @cockroachdb/release
It was possible for a SQL row to be torn across two ranges due to the
load-based splitter not rejecting potentially unsafe split keys. It is
impossible to determine with just the sampled request keys, whether a
key is certainly unsafe or safe, so a split key is returned regardless of error.
This PR side steps this problem by re-using the
adminSplitWithDescriptorcommand to find the first real key, after orat the provided
args.SplitKey. This ensures that the split key willalways be a real key whilst not requiring any checks in the splitter
itself.
The updated
adminSplitWithDescriptoris local only and requires optinginto finding the first safe key by setting
findFirstSafeKeytotrue.As such, all safe split key checks are also removed from the
splitpkg, with a warning added that the any split key returned is unsafe.
Note that the weighted load based split finder, used for CPU splits
did not suffer from returning potentially unsafe splits due to e4f003b.
However, it was possible that no load-based split key was ever found
when using the weighted finder. This was because we discard potentially
unsafe samples, which could have been safe split points.
This PR reverts commit e4f003b, as the
safe split key is enforced elsewhere, mentioned above.
Resolves: #103483
Resolves: #103672
Release note (bug fix): It was possible for a SQL row to be split across
two ranges. When this occurred, SQL queries could return unexpected
errors. This bug is resolved by these changes, as we now sample the real
keys, rather than just request keys to determine load-based split points.
Release justification: Serious bug fix.