Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-64859

CSFLE: Crash on exit when mongo_csfle_v1_lib instance still alive

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical - P2
    • Resolution: Fixed
    • 5.3.0-rc4
    • 6.0.0-rc0
    • Field Level Encryption
    • Linux (ubuntu2004 and rhel80), possibly others. Affects at least 5.3.0-rc4 and mongo_csfle_v1-6.0.0-alpha-763-g89c2fbc (current master).
    • Fully Compatible
    • ALL
    • v5.3
    • Hide

      The following steps will (at least on Linux) lead to a crash:

      • Load mongo_csfle_v1.so
      • Call mongo_csfle_v1_lib_create()
      • Call exit() (or return from main()).

      Small repro program (with attached valgrind output): https://gist.github.com/addaleax/993e80036cf54231f7d65a037e818de6

      Show
      The following steps will (at least on Linux) lead to a crash: Load mongo_csfle_v1.so Call mongo_csfle_v1_lib_create() Call exit() (or return from main() ). Small repro program (with attached valgrind output): https://gist.github.com/addaleax/993e80036cf54231f7d65a037e818de6
    • Security 2022-04-04

    Description

      The CSFLE shared library runs into the flipside of the static initialization order fiasco when it is active (i.e. a mongo_csfle_v1_lib exists) while the process shuts down.

      In particular, this line:

      https://github.com/10gen/mongo-enterprise-modules/blob/abe14843df06c8deb4d2ee0e9efade9bbec704ef/src/fle/lib/mongo_csfle.cpp#L293

      leads to a call to mongo::runGlobalDeinitializers(), which fails because the global singleton ConstructorActionList has already been destroyed, and consequently to memory corruption which crashes the process with SIGABRT/SIGSEGV.

      Attachments

        Activity

          People

            sergey.galtsev@mongodb.com Sergey Galtsev
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: