Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-95747

Apply fine-grained concurrency controls and invalidation behavior with UMCs

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Security 2024-10-14
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      The AuthzLockGuard is an RAII type used to take a lock on a mutex that synchronizes user management commands (UMCs). Upon destruction, it invalidates the entire user cache if it was taken in invalidate mode, which applies for all write-based UMCs. Read-only UMCs such as usersInfo and rolesInfo take the AuthzLockGuard in readonly mode, which causes it to skip user cache invalidation.

      There are 2 ways we can improve performance here:

      1. Rather than invalidating the entire user cache in invalidate mode, we can invalidate just the affected users and/or tenant if a UMC just acts on a single user (e.g., createUser, updateUser )
      2. We can use a shared_mutex so that concurrent threads taking the AuthzLockGuard in readonly mode can operate without blocking each other. AuthzLockGuard in invalidate mode will take exclusive access as they represent write operations. This will ensure that concurrent usersInfo and rolesInfo operations can run without being serialized.

            Assignee:
            fuat.ertunc@mongodb.com Fuat Ertunc
            Reporter:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: