NextGraph
/
rocksdb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Verify file checksum generator name (#7824)

Browse Source 
Summary:
Previously we only had a debug assertion to check the right generator was being used for verification. However a user hit a problem in production where their factory was creating the wrong generator for some files, leading to checksum mismatches. It would have been easier to debug if we verified in optimized builds that the generator with the proper name is used. This PR adds such verification.

Pull Request resolved: https://github.com/facebook/rocksdb/pull/7824

Reviewed By: zhichao-cao

Differential Revision: D25740254

Pulled By: ajkr

fbshipit-source-id: a6231521747605021bad3231484b5d4f99f4044f
main
Andrew Kryczka 4 years ago committed by Facebook GitHub Bot
parent 159ea4702c
commit 225abffd8f
3 changed files with 46 additions and 8 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      HISTORY.md
  2. 24
      db/db_basic_test.cc
  3. 26
      file/file_util.cc

4
HISTORY.md
Unescape View File

@ -1,4 +1,8 @@
# Rocksdb Change Log # Rocksdb Change Log
## Unreleased
### Behavior Changes
* When verifying full file checksum with `DB::VerifyFileChecksums()`, we now fail with `Status::InvalidArgument` if the name of the checksum generator used for verification does not match the name of the checksum generator used for protecting the file when it was created.
## 6.16.0 (12/18/2020) ## 6.16.0 (12/18/2020)
### Behavior Changes ### Behavior Changes
* Attempting to write a merge operand without explicitly configuring `merge_operator` now fails immediately, causing the DB to enter read-only mode. Previously, failure was deferred until the `merge_operator` was needed by a user read or a background operation. * Attempting to write a merge operand without explicitly configuring `merge_operator` now fails immediately, causing the DB to enter read-only mode. Previously, failure was deferred until the `merge_operator` was needed by a user read or a background operation.

24
db/db_basic_test.cc
Unescape View File

@ -21,6 +21,7 @@
#if !defined(ROCKSDB_LITE) #if !defined(ROCKSDB_LITE)
#include "test_util/sync_point.h" #include "test_util/sync_point.h"
#endif #endif
#include "util/file_checksum_helper.h"
#include "util/random.h" #include "util/random.h"
#include "utilities/fault_injection_env.h" #include "utilities/fault_injection_env.h"
#include "utilities/merge_operators.h" #include "utilities/merge_operators.h"
@ -3580,6 +3581,29 @@ TEST_F(DBBasicTest, VerifyFileChecksums) {
ASSERT_OK(Flush()); ASSERT_OK(Flush());
ASSERT_OK(db_->VerifyFileChecksums(ReadOptions())); ASSERT_OK(db_->VerifyFileChecksums(ReadOptions()));
// Does the right thing but with the wrong name -- using it should lead to an
// error.
class MisnamedFileChecksumGenerator : public FileChecksumGenCrc32c {
public:
MisnamedFileChecksumGenerator(const FileChecksumGenContext& context)
: FileChecksumGenCrc32c(context) {}
const char* Name() const override { return "sha1"; }
};
class MisnamedFileChecksumGenFactory : public FileChecksumGenCrc32cFactory {
public:
std::unique_ptr<FileChecksumGenerator> CreateFileChecksumGenerator(
const FileChecksumGenContext& context) override {
return std::unique_ptr<FileChecksumGenerator>(
new MisnamedFileChecksumGenerator(context));
}
};
options.file_checksum_gen_factory.reset(new MisnamedFileChecksumGenFactory());
Reopen(options);
ASSERT_TRUE(db_->VerifyFileChecksums(ReadOptions()).IsInvalidArgument());
} }
#endif // !ROCKSDB_LITE #endif // !ROCKSDB_LITE

26
file/file_util.cc
Unescape View File

@ -124,8 +124,10 @@ bool IsWalDirSameAsDBPath(const ImmutableDBOptions* db_options) {
} }
// requested_checksum_func_name brings the function name of the checksum // requested_checksum_func_name brings the function name of the checksum
// generator in checksum_factory. Checksum factories may use or ignore // generator in checksum_factory. Empty string is permitted, in which case the
// requested_checksum_func_name. // name of the generator created by the factory is unchecked. When
// `requested_checksum_func_name` is non-empty, however, the created generator's
// name must match it, otherwise an `InvalidArgument` error is returned.
IOStatus GenerateOneFileChecksum( IOStatus GenerateOneFileChecksum(
FileSystem* fs, const std::string& file_path, FileSystem* fs, const std::string& file_path,
FileChecksumGenFactory* checksum_factory, FileChecksumGenFactory* checksum_factory,
@ -151,14 +153,22 @@ IOStatus GenerateOneFileChecksum(
requested_checksum_func_name + requested_checksum_func_name +
" from checksum factory: " + checksum_factory->Name(); " from checksum factory: " + checksum_factory->Name();
return IOStatus::InvalidArgument(msg); return IOStatus::InvalidArgument(msg);
} else {
// For backward compatibility and use in file ingestion clients where there
// is no stored checksum function name, `requested_checksum_func_name` can
// be empty. If we give the requested checksum function name, we expect it
// is the same name of the checksum generator.
if (!requested_checksum_func_name.empty() &&
checksum_generator->Name() != requested_checksum_func_name) {
std::string msg = "Expected file checksum generator named '" +
requested_checksum_func_name +
"', while the factory created one "
"named '" +
checksum_generator->Name() + "'";
return IOStatus::InvalidArgument(msg);
}
} }
// For backward compatable, requested_checksum_func_name can be empty.
// If we give the requested checksum function name, we expect it is the
// same name of the checksum generator.
assert(!checksum_generator || requested_checksum_func_name.empty() ||
requested_checksum_func_name == checksum_generator->Name());
uint64_t size; uint64_t size;
IOStatus io_s; IOStatus io_s;
std::unique_ptr<RandomAccessFileReader> reader; std::unique_ptr<RandomAccessFileReader> reader;

Write Preview
Loading…
Cancel
Save