[jira] [Commented] (CASSANDRA-14515) Short read protection in presence of almost-purgeable range tombstones may cause permanent data loss

Tue, 12 Jun 2018 09:57:30 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-14515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16509876#comment-16509876
 ] 

Aleksey Yeschenko commented on CASSANDRA-14515:
-----------------------------------------------

It came up during CASSANDRA-14330 investigation/resolution that a read response 
doesn't necessarily close its outstanding RT. This happens because we stop 
constructing the response as soon as we've counted sufficient rows to satisfy 
the requested limit from a node. The fix was incomplete, however, and rather 
than fixing the assertion we should instead fix the underlying issue, and put 
an artificial lid on any read response. Otherwise the following sequence of 
events is possible:

1. The coordinator is sending one of requests to node {{A}}, with limit of {{n}}
2. Node {{A}} replies with a sequence: {{rt-[}}, {{row-0}}, {{row-1}}, 
{{row-2}}, ..., {{row-n}}
3. {{rt}} is past gc grace, and gets compacted away
4. Some of the rows from {{A}} end up shadowed by deletions from other 
replicas, and SRP triggers a follow-up read request
5. Node {{A}} replies with a sequence that doesn't contain {{rt-]}}, because 
it's been compacted away

As a result we have an open-ended RT that can propagate over RR and erase rows 
it was never intended to erase.

> Short read protection in presence of almost-purgeable range tombstones may 
> cause permanent data loss
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-14515
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14515
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Aleksey Yeschenko
>            Assignee: Aleksey Yeschenko
>            Priority: Major
>             Fix For: 3.0.x, 3.11.x, 4.0.x
>
>
> Because read responses don't necessarily close their open RT bounds, it's 
> possible to lose data during short read protection, if a closing bound is 
> compacted away between two adjacent reads from a node.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to