fix(flatkv): harden error handling for readonly store and crash cleanup#3127
fix(flatkv): harden error handling for readonly store and crash cleanup#3127blindchaser wants to merge 3 commits intomainfrom
Conversation
|
The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #3127 +/- ##
==========================================
- Coverage 58.76% 58.74% -0.02%
==========================================
Files 2094 2094
Lines 173071 173085 +14
==========================================
- Hits 101698 101680 -18
- Misses 62319 62344 +25
- Partials 9054 9061 +7
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e863c6dde6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if err := s.acquireFileLock(dir); err != nil { | ||
| return err | ||
| return fmt.Errorf("%w: %v", commonerrors.ErrFileLockUnavailable, err) |
There was a problem hiding this comment.
CleanupOrphanedReadOnlyDirs now maps every acquireFileLock failure to ErrFileLockUnavailable, which conflates true lock contention with real filesystem/syscall failures (e.g., permission or lock-file creation errors). Because startup code treats IsFileLockError as non-fatal, these hard failures can be downgraded to a log and execution continues with an unusable store. Only the explicit "already held" case should be tagged as lock-unavailable; other errors should propagate as fatal.
Useful? React with 👍 / 👎.
| if commonerrors.IsFileLockError(err) { | ||
| logger.Error("non-fatal: failed to acquire file lock for cleanup", "err", err) | ||
| } else { |
There was a problem hiding this comment.
This branch now treats cleanup lock acquisition errors as non-fatal and continues startup, but in the current startup path LoadVersionAndUpgrade drops rs.scStore.LoadVersion(..., false) errors (store.go lines 440-441). In lock-contention scenarios, this can let the node proceed without a successfully opened SC backend instead of stopping early. Until downstream error propagation is fixed, lock acquisition failure here should remain fatal.
Useful? React with 👍 / 👎.
- Propagate real FS errors (ReadDir/RemoveAll) instead of silently discarding them; only downgrade file-lock acquisition failures to non-fatal log in rootmulti startup - Lazy-init file lock in loadVersionReadOnly so fresh stores can load readonly without breaking the existing API contract - Upgrade composite readonly FlatKV failure log from Info to Error
blindchaser
force-pushed
the
yiren/readonly-fix
branch
from
e863c6d to
a105752
Compare
blindchaser
force-pushed
the
yiren/readonly-fix
branch
from
22f3e3c to
29a2201
Compare
1 participant
Describe your changes and provide context
Testing performed to validate your change