Speculative majority reads unsafely start storage transactions without holding a global lock

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 5.0.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • Hide

      Apply this patch:

      Unable to find source-code formatter for language: diff. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      diff --git a/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp b/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp
index 3e531b3717..2418731111 100644
--- a/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp
+++ b/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp
@@ -565,6 +565,7 @@ void WiredTigerRecoveryUnit::_txnOpen() {
     invariant(!_isCommittingOrAborting(),
               str::stream() << "commit or rollback handler reopened transaction: "
                             << toString(_getState()));
+    invariant(cc().getOperationContext()->lockState()->isLocked());
     _ensureSession();
 
     // Only start a timer for transaction's lifetime if we're going to log it.

      And run:

      resmoke.py run --suite=replica_sets jstests/replsets/change_stream_speculative_majority.js
      Show
      Apply this patch: Unable to find source-code formatter for language: diff. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml diff --git a/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp b/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp index 3e531b3717..2418731111 100644 --- a/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp +++ b/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp @@ -565,6 +565,7 @@ void WiredTigerRecoveryUnit::_txnOpen() { invariant(!_isCommittingOrAborting(), str::stream() << "commit or rollback handler reopened transaction: " << toString(_getState())); + invariant(cc().getOperationContext()->lockState()->isLocked()); _ensureSession(); // Only start a timer for transaction 's lifetime if we' re going to log it. And run: resmoke.py run --suite=replica_sets jstests/replsets/change_stream_speculative_majority.js
    • Repl 2020-11-16
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Global locks are required to perform storage engine operations.

      Without holding any locks, the function waitForSpeculativeMajorityReadConcernImpl calls getPointInTimeReadTimestamp() which starts a storage transaction implicitly if one is not already active.

      This means it is possible for a speculative majority reader to start a transaction while the storage engine is shutting down, which is unsafe because it does not have defined behavior.

            Assignee:
            A. Jesse Jiryu Davis
            Reporter:
            Louis Williams
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: