Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-58246

Commands flagged as 'never allowed on secondaries' can proceed running after a node steps down from primary

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Investigating
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Operating System:
      ALL
    • Sprint:
      Sharding EMEA 2021-10-18, Sharding EMEA 2021-11-01
    • Linked BF Score:
      135

      Description

      Consider a command flagged as 'kNever' allowed on secondaries.
      Before calling the run() of the command, here it is checked that the command is allowed to run given this node repl state. However, the node could transition to secondary once we are past this check and continue running the command.

      There are several instances of commands that call 'opCtx->setAlwaysInterruptAtStepDownOrUp();' at the begining of their run() (e.g. here), so that they can get interrupted should the node transition to secondary. However, the node could already have transitioned to secondary after passing the commandCanRunHere check, but before marking the opCtx as 'setAlwaysInterruptAtStepDownOrUp'. In this case, the command would proceed running on a secondary.

      It could be worth to atomically check that the command is allowed to run on this node and mark the opCtx as killable on stepdown in the prologue.

        Attachments

          Activity

            People

            Assignee:
            sergi.mateo-bellido Sergi Mateo Bellido
            Reporter:
            jordi.serra-torrens Jordi Serra Torrens
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated: