kvserver: allowlist spanconfig updates to bypass range-size backpressure

dodeca12 · dodeca12 · commit 04e58b801ed6 · 2025-09-18T12:58:45.000-04:00
This commit modifies `backpressurableSpans` to exclude the `system.span_configurations` table by splitting the original span into two ranges that create a gap around the `system.span_configurations` table. This allows spanconfig updates to bypass backpressure entirely, preventing the catch-22 deadlock. The corresponding test is then modified to assert the new behaviour (i.e., span config updates are not blocked). We only allowlist the \`system.span_configurations\` table because protected timestamp cleanup requires two writes: one to remove the PTS record from \`system.protected_ts_records\` and another to translate that removal into updated span configuration in \`system.span_configurations\`. When backpressure blocks the spanconfig update, the reconciliation process cannot complete, preventing protected timestamp cleanup and creating a deadlock where the system cannot clean up its own protected timestamps. Other system tables lack this circular dependency and are not excluded. Fixes: #146982 Release note: None
diff --git a/pkg/keys/constants.go b/pkg/keys/constants.go
@@ -374,6 +374,10 @@ var (
 	NamespaceTableMin = SystemSQLCodec.TablePrefix(NamespaceTableID)
 	// NamespaceTableMax is the end key of system.namespace.
 	NamespaceTableMax = SystemSQLCodec.TablePrefix(NamespaceTableID + 1)
+	// SpanConfigTableMin is the start key of system.span_configurations.
+	SpanConfigTableMin = SystemSQLCodec.TablePrefix(SpanConfigurationsTableID)
+	// SpanConfigTableMax is the end key of system.span_configurations.
+	SpanConfigTableMax = SystemSQLCodec.TablePrefix(SpanConfigurationsTableID + 1)
 
 	// 4. Non-system tenant SQL keys
 	//
diff --git a/pkg/kv/kvserver/client_replica_backpressure_test.go b/pkg/kv/kvserver/client_replica_backpressure_test.go
@@ -342,17 +342,18 @@ func TestBackpressureNotAppliedWhenReducingRangeSize(t *testing.T) {
 	})
 }
 
-// TestSpanConfigUpdatesBlockedByRangeSizeBackpressureOnDefaultRanges
-// verifies that spanconfig updates are blocked by backpressure when the
-// `system.span_configurations` table range becomes full, recreating the issue.
+// TestSpanConfigUpdatesDoNotGetBlockByRangeSizeBackpressureOnDefaultRanges
+// verifies that spanconfig updates do not block by backpressure when the
+// `system.span_configurations` table range becomes full, showing the allowlist
+// is working.
 //
 // Test strategy:
 //  1. Configure `system.span_configurations` table range to be a small size (8 KiB).
 //  2. Write many large spanconfig records (2 KiB each) to fill up the range.
-//  3. Verify spanconfig updates fail due to backpressure when the range is full,
-//  4. This test recreates the scenario where spanconfig updates are blocked by
+//  3. Verify spanconfig updates do not fail due to backpressure when the range is full,
+//  4. This test recreates the scenario where spanconfig updates do not fail due to
 //     backpressure.
-func TestSpanConfigUpdatesBlockedByRangeSizeBackpressureOnDefaultRanges(t *testing.T) {
+func TestSpanConfigUpdatesDoNotGetBlockByRangeSizeBackpressureOnDefaultRanges(t *testing.T) {
 	defer leaktest.AfterTest(t)()
 	defer log.Scope(t).Close(t)
 
@@ -438,8 +439,8 @@ func TestSpanConfigUpdatesBlockedByRangeSizeBackpressureOnDefaultRanges(t *testi
 	if repl != nil {
 		conf, err := repl.LoadSpanConfig(ctx)
 		require.NoError(t, err)
-		t.Logf("current range config - RangeMaxBytes: %d bytes (%d MiB), "+
-			"RangeMinBytes: %d bytes (%d MiB)",
+		t.Logf("current range config - RangeMaxBytes: %d bytes (%s), "+
+			"RangeMinBytes: %d bytes (%s)",
 			conf.RangeMaxBytes, humanize.Bytes(uint64(conf.RangeMaxBytes)),
 			conf.RangeMinBytes, humanize.Bytes(uint64(conf.RangeMinBytes)))
 
@@ -517,9 +518,9 @@ func TestSpanConfigUpdatesBlockedByRangeSizeBackpressureOnDefaultRanges(t *testi
 		}
 	}
 
-	// Assert that the operation failed due to backpressure.
-	require.Error(t, err,
-		"expected span config writes to fail due to backpressure, but they succeeded")
+	// Assert that the operation does not fail due to backpressure.
+	require.NoError(t, err,
+		"expected span config writes to not fail due to backpressure, but they did")
 
 	systemSpanConfigurationsTableSpanMVCCStats := roachpb.Span{
 		Key:    keys.SystemSQLCodec.TablePrefix(keys.SpanConfigurationsTableID),
@@ -566,7 +567,7 @@ func TestSpanConfigUpdatesBlockedByRangeSizeBackpressureOnDefaultRanges(t *testi
 		[]spanconfig.Target{scratchTarget}, []spanconfig.Record{smallSpanconfigRecord},
 		hlc.MinTimestamp, hlc.MaxTimestamp)
 
-	require.Error(t, smallSpanconfigRecordWriteErr,
-		"expected smallSpanconfigRecord write to fail due to backpressure")
+	require.NoError(t, smallSpanconfigRecordWriteErr,
+		"expected smallSpanconfigRecord write to not fail due to backpressure")
 
 }
diff --git a/pkg/kv/kvserver/replica_backpressure.go b/pkg/kv/kvserver/replica_backpressure.go
@@ -88,9 +88,11 @@ var backpressureByteTolerance = settings.RegisterByteSizeSetting(
 // to be backpressured.
 var backpressurableSpans = []roachpb.Span{
 	{Key: keys.TimeseriesPrefix, EndKey: keys.TimeseriesKeyMax},
-	// Backpressure from the end of the system config forward instead of
-	// over all table data to avoid backpressuring unsplittable ranges.
-	{Key: keys.SystemConfigTableDataMax, EndKey: keys.TableDataMax},
+	// Exclude the span_configurations table to avoid
+	// catch-22 situations where protected timestamp updates or garbage
+	// collection TTL updates are blocked by backpressure.
+	{Key: keys.SystemConfigTableDataMax, EndKey: keys.SpanConfigTableMin},
+	{Key: keys.SpanConfigTableMax, EndKey: keys.TableDataMax},
 }
 
 // canBackpressureBatch returns whether the provided BatchRequest is eligible
