Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-51807

Speculative majority reads unsafely start storage transactions without holding a global lock

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 5.0.0-rc0
    • None
    • None
    • None
    • Fully Compatible
    • ALL
    • Hide

      Apply this patch:

      diff --git a/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp b/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp
      index 3e531b3717..2418731111 100644
      --- a/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp
      +++ b/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp
      @@ -565,6 +565,7 @@ void WiredTigerRecoveryUnit::_txnOpen() {
           invariant(!_isCommittingOrAborting(),
                     str::stream() << "commit or rollback handler reopened transaction: "
                                   << toString(_getState()));
      +    invariant(cc().getOperationContext()->lockState()->isLocked());
           _ensureSession();
       
           // Only start a timer for transaction's lifetime if we're going to log it.
      

      And run:

      resmoke.py run --suite=replica_sets jstests/replsets/change_stream_speculative_majority.js
      

      Show
      Apply this patch: diff --git a/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp b/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp index 3e531b3717..2418731111 100644 --- a/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp +++ b/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp @@ -565,6 +565,7 @@ void WiredTigerRecoveryUnit::_txnOpen() { invariant(!_isCommittingOrAborting(), str::stream() << "commit or rollback handler reopened transaction: " << toString(_getState())); + invariant(cc().getOperationContext()->lockState()->isLocked()); _ensureSession(); // Only start a timer for transaction's lifetime if we're going to log it. And run: resmoke.py run --suite=replica_sets jstests/replsets/change_stream_speculative_majority.js
    • Repl 2020-11-16

    Description

      Global locks are required to perform storage engine operations.

      Without holding any locks, the function waitForSpeculativeMajorityReadConcernImpl calls getPointInTimeReadTimestamp() which starts a storage transaction implicitly if one is not already active.

      This means it is possible for a speculative majority reader to start a transaction while the storage engine is shutting down, which is unsafe because it does not have defined behavior.

      Attachments

        Activity

          People

            jesse@mongodb.com A. Jesse Jiryu Davis
            louis.williams@mongodb.com Louis Williams
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: