Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-24.3: opt/execbuilder: pick correct canary column ordinal #141823

Merged
merged 1 commit into from
Feb 21, 2025
Merged

release-24.3: opt/execbuilder: pick correct canary column ordinal #141823

merged 1 commit into from
Feb 21, 2025
+28 −4

Conversation

mgartner
Copy link
Collaborator

@mgartner mgartner commented Feb 21, 2025
edited
Loading

Backport 1/2 commits from #141728.

/cc @cockroachdb/release

opt/execbuilder: pick correct canary column ordinal

The execbuilder previously used the colOrdMap of an Upsert's input to
find the ordinal of the canary column. In rare cases, the canary column
could also be used as a partial index DEL column. Because a colOrdMap
can only map each column ID to a single ordinal, and because partial
index columns are positioned after the canary column, the ordinal
fetched from the colOrdMap would be the partial index DEL column
ordinal, not the canary column ordinal.

This could cause node-crashing panics during execution when trying to
access the canary canary column in the input row after the partial index
columns are sliced off.

As an example, consider the table and mutation:

CREATE TABLE t (c BOOL PRIMARY KEY, INDEX (c) WHERE c)

UPSERT INTO t VALUES (false)

The input to the Upsert operator produces 4 physical columns:

  1. An insert column with the value to insert if a row with the same
    PK does not already exist. We'll call this logical column new_c.
  2. A canary column which is non-NULL if a row with the same PK already
    exists. This is always a PK column fetched from the table—in our
    example this is c. Let's call this logical column old_c.
  3. A partial index PUT column which is true if the new row should be
    added to the partial index. Since the partial index predicate
    expression is the PK column, this is the same logical column as
    new_c.
  4. A partial index DEL column which is true if the old row should be
    removed from the partial index. This is the same logical column as
    old_c.

So, the physical columns produced by the input of the Upsert are:

insert column canary column partial index PUT partial index DEL
new_c old_c new_c old_c

Using the colOrdMap to find the ordinal of old_c yields 3, instead
of 1.

During execution the partial index columns are sliced off, and the row
becomes:

insert column canary column
new_c old_c

When the execution engine attempts to access index 3 of this row, the
process panics with an out-of-bounds exception.

This has been fixed by using the lengths of the insert (and other)
columns to find the canary column ordinal, instead of the colOrdMap.

Fixes #136458

Release note (bug fix): A bug has been fixed that could cause gateway
nodes to panic when performing an UPSERT on a table with a BOOL
primary key column and a partial index with the PK column as the
predicate expression.

Release justification: Low-risk bug fix.

@mgartner
opt/execbuilder: pick correct canary column ordinal
af6ba60 
The execbuilder previously used the `colOrdMap` of an Upsert's input to
find the ordinal of the canary column. In rare cases, the canary column
could also be used as a partial index DEL column. Because a `colOrdMap`
can only map each column ID to a single ordinal, and because partial
index columns are positioned after the canary column, the ordinal
fetched from the `colOrdMap` would be the partial index DEL column
ordinal, not the canary column ordinal.

This could cause node-crashing panics during execution when trying to
access the canary canary column in the input row after the partial index
columns are sliced off.

As an example, consider the table and mutation:

    CREATE TABLE t (c BOOL PRIMARY KEY, INDEX (c) WHERE c)

    UPSERT INTO t VALUES (false)

The input to the Upsert operator produces 4 physical columns:

  1. An insert column with the value to insert if a row with the same
     PK does not already exist. We'll call this logical column `new_c`.
  2. A canary column which is non-NULL if a row with the same PK already
     exists. This is always a PK column fetched from the table—in our
     example this is `c`. Let's call this logical column `old_c`.
  3. A partial index PUT column which is true if the new row should be
     added to the partial index. Since the partial index predicate
     expression is the PK column, this is the same logical column as
    `new_c`.
  4. A partial index DEL column which is true if the old row should be
     removed from the partial index. This is the same logical column as
    `old_c`.

So, the physical columns produced by the input of the Upsert are:

| insert column | canary column | partial index PUT | partial index DEL
| ------------- | ------------- | ----------------- | -----------------
|    `new_c`    |    `old_c`    |     `new_c`       |     `old_c`

Using the `colOrdMap` to find the ordinal of `old_c` yields `3`, instead
of `1`.

During execution the partial index columns are sliced off, and the row
becomes:

| insert column | canary column |
| ------------- | ------------- |
|    `new_c`    |    `old_c`    |

When the execution engine attempts to access index `3` of this row, the
process panics with an out-of-bounds exception.

This has been fixed by using the lengths of the insert (and other)
columns to find the canary column ordinal, instead of the `colOrdMap`.

Fixes cockroachdb#136458

Release note (bug fix): A bug has been fixed that could cause gateway
nodes to panic when performing an `UPSERT` on a table with a `BOOL`
primary key column and a partial index with the PK column as the
predicate expression.
@mgartner mgartner requested a review from a team February 21, 2025 12:29
@mgartner mgartner requested a review from a team as a code owner February 21, 2025 12:29
@mgartner mgartner requested review from mw5h and removed request for a team February 21, 2025 12:29
@blathers-crl blathers[crl]
Copy link

blathers-crl bot commented Feb 21, 2025

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Backports should only be created for serious
    issues     or test-only changes.
  • Backports should not break backwards-compatibility.
  • Backports should change as little code as possible.
  • Backports should not change on-disk formats or node communication protocols.
  • Backports should not add new functionality (except as defined
    here).
  • Backports must not add, edit, or otherwise modify cluster versions; or add version gates.
  • All backports must be reviewed by the owning areas TL. For more information as to how that review should be conducted, please consult the backport
    policy    .
If your backport adds new functionality, please ensure that the following additional criteria are satisfied:
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters. State changes must be further protected such that nodes running old binaries will not be negatively impacted by the new state (with a mixed version test added).
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.
  • Your backport must be accompanied by a post to the appropriate Slack
    channel (#db-backports-point-releases or #db-backports-XX-X-release) for awareness and discussion.

Also, please add a brief release justification to the body of your PR to justify this
backport.

@blathers-crl blathers-crl bot added the backport Label PR's that are backports to older release branches label Feb 21, 2025
@cockroach-teamcity
Copy link
Member

This change is Reviewable

DrewKimball
DrewKimball approved these changes Feb 21, 2025
View reviewed changes
Copy link
Collaborator

@DrewKimball DrewKimball left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r1, all commit messages.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @mw5h)

@mgartner mgartner merged commit 5be83d7 into cockroachdb:release-24.3 Feb 21, 2025
15 of 16 checks passed
@mgartner mgartner deleted the backport24.3-141728 branch February 21, 2025 21:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DrewKimball DrewKimball DrewKimball approved these changes

@mw5h mw5h Awaiting requested review from mw5h mw5h is a code owner automatically assigned from cockroachdb/sql-queries-prs

Assignees
No one assigned
Labels
backport Label PR's that are backports to older release branches target-release-24.3.8
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mgartner @cockroach-teamcity @DrewKimball