[SERVER-28468] Improve exception handling in ESE at-rest encryption WT callbacks Created: 24/Mar/17  Updated: 25/Jun/18  Resolved: 25/Jun/18

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: 4.1.1

Type: Improvement Priority: Major - P3
Reporter: Kevin Pulo Assignee: Ben Judd
Resolution: Done Votes: 0
Labels: neweng, nyc
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Sprint: Storage NYC 2018-06-04, Storage NYC 2018-06-18, Storage NYC 2018-07-02
Participants:
Case:
Linked BF Score: 0

 Description   

The WT callbacks catch and log all exceptions, because they cannot be allowed to propagate up into the WT C code. However, the only information about the exception that is logged is exceptionToStatus(), which does not include anything about where the exception occurred. The code then calls fassertFailed(), which will abort the server with a stacktrace that leads to this generic exception-catching code in the WT callbacks.

When diagnosing the cause of exceptions that have occurred during these callbacks, it would be much more useful to have the backtrace of the actual exception. Thus, this exception handling code should log the backtrace of the caught exception, before calling fassertFailedNoTrace().

In addition, the customize callback may do network operations to obtain keys from a KMIP server, which means that SocketExceptions are not unexpected. Currently, these are logged with the vague generic message "Aborting due to exception in WT_ENCRYPTOR::customize", which is geared towards unexpected exceptions of any type. Thus this callback should catch SocketExceptions separately, and log them with a better message.



 Comments   
Comment by Githook User [ 25/Jun/18 ]

Author:

{'username': 'kaloianm', 'name': 'Kaloian Manassiev', 'email': 'kaloian.manassiev@mongodb.com'}

Message: SERVER-28468 Remove unused variable
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/953aa60d971c31660924e8c05f398b28a7747e1c

Comment by Ben Judd [ 25/Jun/18 ]

noexcept is not properly supported by the compiler in this way just yet.

Comment by Githook User [ 25/Jun/18 ]

Author:

{'username': 'Icantjuddle', 'name': 'Ben Judd', 'email': 'ben.judd@10gen.com'}

Message: SERVER-28468 Improving error handling and debugging information in WT callbacks
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/d3d7c4877d0b363a3e12e5756ffe383c21347102

Comment by Eric Milkie [ 18/Apr/18 ]

We can mark the top-level callbacks "noexcept" and remove the try/catch(...) blocks. We should also check where we are making function calls that can throw SocketExceptions, and wrap them closely with try/catches in order to specifically handle such expected problems more gracefully.

Generated at Thu Feb 08 04:18:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.