[SERVER-22967] race in destruction of user cache invalidation thread can cause use-after-free in MongoS shutdown Created: 04/Mar/16  Updated: 21/Nov/16  Resolved: 04/Mar/16

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 3.2.5, 3.3.3

Type: Bug Priority: Major - P3
Reporter: Adam Midvidy Assignee: Adam Midvidy
Resolution: Done Votes: 0
Labels: code-only
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Sprint: Integration 11 (03/14/16)
Participants:

 Description   

Exposed by fixing SERVER-22950. When we return from mongoSMain, the UserCacheInvalidator is still running, but we have already destroyed its state, since it is created on the stack. This causes a segfault when it tries to access its members (such as its mutex).



 Comments   
Comment by Githook User [ 11/Mar/16 ]

Author:

{u'username': u'amidvidy', u'name': u'Adam Midvidy', u'email': u'amidvidy@gmail.com'}

Message: SERVER-22967 ensure UserCacheInvalidator stops before we destroy its state

(cherry picked from commit 703c1f823eea9df285ed0fd2d167730664490286)
Branch: v3.2
https://github.com/mongodb/mongo/commit/9629104644ffd55b3e556f0a7f60a1b45b3198be

Comment by Githook User [ 04/Mar/16 ]

Author:

{u'username': u'amidvidy', u'name': u'Adam Midvidy', u'email': u'amidvidy@gmail.com'}

Message: SERVER-22967 ensure UserCacheInvalidator stops before we destroy its state
Branch: master
https://github.com/mongodb/mongo/commit/703c1f823eea9df285ed0fd2d167730664490286

Generated at Thu Feb 08 04:01:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.