[SERVER-31293] Don't consider readPreference "primary" as equivalent to 'slaveOk' in OP_QUERY find path Created: 27/Sep/17 Updated: 30/Oct/23 Resolved: 25/Jan/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying |
| Affects Version/s: | 3.0.15, 3.2.17, 3.4.10, 3.6.0-rc1 |
| Fix Version/s: | 3.6.4, 3.7.2 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Bernard Gorman |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Backport Requested: |
v3.6
|
||||
| Sprint: | Query 2018-01-29 | ||||
| Participants: | |||||
| Description |
|
In db/query/find.cpp, we check if it's safe to serve the current read, but we pass the value of slaveOk based on whether there is any readPrefernce provided, rather than checking that the read preference is not "primary". This could potentially allow queries run via this path to execute against a secondary, even if they were run with the "primary" read preference. |
| Comments |
| Comment by Githook User [ 26/Feb/18 ] | ||||||||
|
Author: {'email': 'bernard.gorman@gmail.com', 'name': 'Bernard Gorman', 'username': 'gormanb'}Message: (cherry picked from commit a9c8f03bb791e7ab23f3451f03ae7a79385b8194) | ||||||||
| Comment by Githook User [ 25/Jan/18 ] | ||||||||
|
Author: {'name': 'Bernard Gorman', 'email': 'bernard.gorman@gmail.com', 'username': 'gormanb'}Message: | ||||||||
| Comment by James Wahlin [ 27/Oct/17 ] | ||||||||
|
OP_QUERY reads with readPreference of "primary" are allowed on secondaries due to this issue. This affects master and released versions at least as far back as v3.0. Assigning back to the query team backlog for prioritization in our next triage meeting. | ||||||||
| Comment by James Wahlin [ 27/Oct/17 ] | ||||||||
|
This is reproducible via the mongo shell:
| ||||||||
| Comment by Ian Whalen (Inactive) [ 29/Sep/17 ] | ||||||||
|
spencer do you have an idea of the impact of this bug? | ||||||||
| Comment by David Storch [ 28/Sep/17 ] | ||||||||
|
spencer, link to the incorrect code? I assume this is somewhere in find.cpp? |