From b8f590dea0400666ef26e21adf11c5997bb5ef1b Mon Sep 17 00:00:00 2001
From: Keith Bostic <keith.bostic@mongodb.com>
Date: Mon, 26 Jun 2017 03:04:00 -0400
Subject: WT-3373 Access violation due to a bug in internal page splitting
 (#3478)

When acquiring a lock on our parent internal page, we use the WT_REF.home
field to reference our parent page.  As a child of the parent page, we
prevent its eviction, but that's a weak guarantee. If the parent page
splits, and our WT_REF were to move with the split, the WT_REF.home field
might change underneath us and we could race, and end up attempting to
access an evicted page. Set the session page-index generation so if the
parent splits, it still can't be evicted.
---
 src/btree/bt_split.c | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/src/btree/bt_split.c b/src/btree/bt_split.c
index 627e6b9cb48..92be2125b88 100644
--- a/src/btree/bt_split.c
+++ b/src/btree/bt_split.c
@@ -1256,12 +1256,12 @@ err:	switch (complete) {
 }
 
 /*
- * __split_internal_lock --
+ * __split_internal_lock_worker --
  *	Lock an internal page.
  */
 static int
-__split_internal_lock(WT_SESSION_IMPL *session, WT_REF *ref, bool trylock,
-    WT_PAGE **parentp, bool *hazardp)
+__split_internal_lock_worker(WT_SESSION_IMPL *session,
+    WT_REF *ref, bool trylock, WT_PAGE **parentp, bool *hazardp)
 {
 	WT_DECL_RET;
 	WT_PAGE *parent;
@@ -1339,6 +1339,32 @@ err:	WT_PAGE_UNLOCK(session, parent);
 	return (ret);
 }
 
+/*
+ * __split_internal_lock --
+ *	Lock an internal page.
+ */
+static int
+__split_internal_lock(WT_SESSION_IMPL *session,
+    WT_REF *ref, bool trylock, WT_PAGE **parentp, bool *hazardp)
+{
+	WT_DECL_RET;
+
+	/*
+	 * There's no lock on our parent page and we're about to acquire one,
+	 * which implies using the WT_REF.home field to reference our parent
+	 * page. As a child of the parent page, we prevent its eviction, but
+	 * that's a weak guarantee. If the parent page splits, and our WT_REF
+	 * were to move with the split, the WT_REF.home field might change
+	 * underneath us and we could race, and end up attempting to access
+	 * an evicted page. Set the session page-index generation so if the
+	 * parent splits, it still can't be evicted.
+	 */
+	WT_WITH_PAGE_INDEX(session,
+	    ret = __split_internal_lock_worker(
+	    session, ref, trylock, parentp, hazardp));
+	return (ret);
+}
+
 /*
  * __split_internal_unlock --
  *	Unlock the parent page.
-- 
cgit v1.2.1