[SERVER-63166] Restrict prepare_timestamp to be > stable, not >= oldest Created: 01/Feb/22 Updated: 08/Feb/22 Resolved: 08/Feb/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Keith Bostic (Inactive) | Assignee: | Josef Ahmad |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Operating System: | ALL | ||||||||
| Sprint: | Execution Team 2022-02-21 | ||||||||
| Participants: | |||||||||
| Description |
|
The WiredTiger drop incorrectly bounds the prepare timestamp at >= oldest, when the correct bound is > stable. This is a potential data consistency error. The WiredTiger ticket is The patch build is here: https://spruce.mongodb.com/version/61f88392a4cf476b5c07c14a/tasks Running a patch build on the change produces one consistent error, noPassthrough fails, but there's no obvious error in the output. Can someone please help us investigate this problem? – Thanks! |
| Comments |
| Comment by Keith Bostic (Inactive) [ 08/Feb/22 ] | ||||||||||||||
|
josef.ahmad, after discussing this with daniel.gottlieb, I believe this is going to be resolved entirely in the WiredTiger layer, there won't be any need for changes to MDB Server. Thank you for your investigation, and I'm closing | ||||||||||||||
| Comment by Daniel Gottlieb (Inactive) [ 07/Feb/22 ] | ||||||||||||||
|
keith.bostic, I believe there's two separate situations to consider for bounding the prepare timestamp. Outside of recovery (a primary or secondary processing live writes), I agree that a prepare timestamp must be > the stable timestamp. But during recovery (such as across restart), we can be re-preparing transactions that are arbitrarily old. MDB uses the roundup_timestamps=(prepared=true) configuration for this case. I can see your patch changed this rounding from oldest -> stable:
Our test here is catching a correctness problem introduced by this portion of the patch. I'm happy to elaborate more re: what's special about recovery that brings us into this situation. I do think there's value in enforcing prepare > stable when the "round up" configuration is missing. But roundup itself must not round beyond the oldest timestamp. | ||||||||||||||
| Comment by Josef Ahmad [ 07/Feb/22 ] | ||||||||||||||
|
Here's the sequence of events that lead to the prepare_recordid_initialization.js failure:
|