[SERVER-28468] Improve exception handling in ESE at-rest encryption WT callbacks Created: 24/Mar/17 Updated: 25/Jun/18 Resolved: 25/Jun/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Storage |
| Affects Version/s: | None |
| Fix Version/s: | 4.1.1 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Kevin Pulo | Assignee: | Ben Judd |
| Resolution: | Done | Votes: | 0 |
| Labels: | neweng, nyc | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Sprint: | Storage NYC 2018-06-04, Storage NYC 2018-06-18, Storage NYC 2018-07-02 | ||||
| Participants: | |||||
| Case: | (copied to CRM) | ||||
| Linked BF Score: | 0 | ||||
| Description |
|
The WT callbacks catch and log all exceptions, because they cannot be allowed to propagate up into the WT C code. However, the only information about the exception that is logged is exceptionToStatus(), which does not include anything about where the exception occurred. The code then calls fassertFailed(), which will abort the server with a stacktrace that leads to this generic exception-catching code in the WT callbacks. When diagnosing the cause of exceptions that have occurred during these callbacks, it would be much more useful to have the backtrace of the actual exception. Thus, this exception handling code should log the backtrace of the caught exception, before calling fassertFailedNoTrace(). In addition, the customize callback may do network operations to obtain keys from a KMIP server, which means that SocketExceptions are not unexpected. Currently, these are logged with the vague generic message "Aborting due to exception in WT_ENCRYPTOR::customize", which is geared towards unexpected exceptions of any type. Thus this callback should catch SocketExceptions separately, and log them with a better message. |
| Comments |
| Comment by Githook User [ 25/Jun/18 ] |
|
Author: {'username': 'kaloianm', 'name': 'Kaloian Manassiev', 'email': 'kaloian.manassiev@mongodb.com'}Message: |
| Comment by Ben Judd [ 25/Jun/18 ] |
|
noexcept is not properly supported by the compiler in this way just yet. |
| Comment by Githook User [ 25/Jun/18 ] |
|
Author: {'username': 'Icantjuddle', 'name': 'Ben Judd', 'email': 'ben.judd@10gen.com'}Message: |
| Comment by Eric Milkie [ 18/Apr/18 ] |
|
We can mark the top-level callbacks "noexcept" and remove the try/catch(...) blocks. We should also check where we are making function calls that can throw SocketExceptions, and wrap them closely with try/catches in order to specifically handle such expected problems more gracefully. |