vinyl: abort rw transactions when instance switches to ro
A Vinyl transaction may yield while having a non-empty write set. This
opens a time window for the instance to switch to read-only mode. Since
we check ro flag only before executing a DML request, the transaction
would successfully commit in such a case, breaking the assumption that
no writes are possible on an instance after box.cfg{read_only=true}
returns. In particular, this breaks master-replica switching logic.
Fix this by aborting all local rw transactions before switching to
read-only mode. Note, remote rw transactions must not be aborted,
because they ignore ro flag.
Closes #4016
Showing
- src/box/vinyl.c 11 additions, 5 deletionssrc/box/vinyl.c
- src/box/vy_tx.c 19 additions, 1 deletionsrc/box/vy_tx.c
- src/box/vy_tx.h 12 additions, 2 deletionssrc/box/vy_tx.h
- test/vinyl/errinj.result 76 additions, 0 deletionstest/vinyl/errinj.result
- test/vinyl/errinj.test.lua 30 additions, 0 deletionstest/vinyl/errinj.test.lua
- test/vinyl/misc.result 80 additions, 0 deletionstest/vinyl/misc.result
- test/vinyl/misc.test.lua 39 additions, 0 deletionstest/vinyl/misc.test.lua
Loading
Please register or sign in to comment