database/sql: prevent Tx statement from committing after rollback

It was possible for a Tx that was aborted for rollback asynchronously to execute a query after the rollback had completed on the database, which often would auto commit the query outside of the transaction. By W-locking the tx.closemu prior to issuing the rollback connection it ensures any Tx query either fails or finishes on the Tx, and never after the Tx has rolled back. Fixes #34775 Fixes #32942 Change-Id: I017b7932082f2f4ead70bae08b61ed9068ac1d01 Reviewed-on: https://go-review.googlesource.com/c/go/+/216240 Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
author: Daniel Theophanes <kardianos@gmail.com> 2020-01-24 06:40:49 -0800
committer: Daniel Theophanes <kardianos@gmail.com> 2020-04-20 17:45:50 +0000
commit: d8f0a229b5036e42b7bc5371c32c302cead9b635 (patch)
tree: e01113d48c74f9000588df3dd910d7e49d0391f8 /src/database/sql/sql.go
parent: b2cff7e091ca1f59ceb77c4dd3acaf0c150b5440 (diff)
download: go-d8f0a229b5036e42b7bc5371c32c302cead9b635.tar.xz
1 files changed, 30 insertions, 10 deletions
diff --git a/src/database/sql/sql.go b/src/database/sql/sql.go
index 2fae0f02ff..3710264dcf 100644
--- a/src/database/sql/sql.go
+++ b/src/database/sql/sql.go
@@ -2061,14 +2061,10 @@ func (tx *Tx) isDone() bool {
 // that has already been committed or rolled back.
 var ErrTxDone = errors.New("sql: transaction has already been committed or rolled back")
 
-// close returns the connection to the pool and
-// must only be called by Tx.rollback or Tx.Commit.
-func (tx *Tx) close(err error) {
-	tx.cancel()
-
-	tx.closemu.Lock()
-	defer tx.closemu.Unlock()
-
+// closeLocked returns the connection to the pool and
+// must only be called by Tx.rollback or Tx.Commit while
+// closemu is Locked and tx already canceled.
+func (tx *Tx) closeLocked(err error) {
 	tx.releaseConn(err)
 	tx.dc = nil
 	tx.txi = nil
@@ -2135,6 +2131,15 @@ func (tx *Tx) Commit() error {
 	if !atomic.CompareAndSwapInt32(&tx.done, 0, 1) {
 		return ErrTxDone
 	}
+
+	// Cancel the Tx to release any active R-closemu locks.
+	// This is safe to do because tx.done has already transitioned
+	// from 0 to 1. Hold the W-closemu lock prior to rollback
+	// to ensure no other connection has an active query.
+	tx.cancel()
+	tx.closemu.Lock()
+	defer tx.closemu.Unlock()
+
 	var err error
 	withLock(tx.dc, func() {
 		err = tx.txi.Commit()
@@ -2142,16 +2147,31 @@ func (tx *Tx) Commit() error {
 	if err != driver.ErrBadConn {
 		tx.closePrepared()
 	}
-	tx.close(err)
+	tx.closeLocked(err)
 	return err
 }
 
+var rollbackHook func()
+
 // rollback aborts the transaction and optionally forces the pool to discard
 // the connection.
 func (tx *Tx) rollback(discardConn bool) error {
 	if !atomic.CompareAndSwapInt32(&tx.done, 0, 1) {
 		return ErrTxDone
 	}
+
+	if rollbackHook != nil {
+		rollbackHook()
+	}
+
+	// Cancel the Tx to release any active R-closemu locks.
+	// This is safe to do because tx.done has already transitioned
+	// from 0 to 1. Hold the W-closemu lock prior to rollback
+	// to ensure no other connection has an active query.
+	tx.cancel()
+	tx.closemu.Lock()
+	defer tx.closemu.Unlock()
+
 	var err error
 	withLock(tx.dc, func() {
 		err = tx.txi.Rollback()
@@ -2162,7 +2182,7 @@ func (tx *Tx) rollback(discardConn bool) error {
 	if discardConn {
 		err = driver.ErrBadConn
 	}
-	tx.close(err)
+	tx.closeLocked(err)
 	return err
 }
author	Daniel Theophanes <kardianos@gmail.com>	2020-01-24 06:40:49 -0800
committer	Daniel Theophanes <kardianos@gmail.com>	2020-04-20 17:45:50 +0000
commit	d8f0a229b5036e42b7bc5371c32c302cead9b635 (patch)
tree	e01113d48c74f9000588df3dd910d7e49d0391f8 /src/database/sql/sql.go
parent	b2cff7e091ca1f59ceb77c4dd3acaf0c150b5440 (diff)
download	go-d8f0a229b5036e42b7bc5371c32c302cead9b635.tar.xz