[SERVER-37427] KillSessions should ignore CursorNotFound while killing all the cursors Created: 02/Oct/18  Updated: 06/Dec/22  Resolved: 15/Apr/19

Status: Closed
Project: Core Server
Component/s: Querying, Storage
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Xiangyu Yao (Inactive) Assignee: Backlog - Storage Execution Team
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
related to SERVER-38931 Apply relevant changes to snapshot_re... Closed
is related to SERVER-37009 Handle missing sessionDocToKill in sn... Closed
Assigned Teams:
Storage Execution
Operating System: ALL
Sprint: Storage NYC 2019-04-22
Participants:
Linked BF Score: 12

 Description   

There is a TOCTOU bug in the code of KillSessions command: The cursorMap mutex is not held while each cursor is being killed. It is possible that a KillCursors command jumps in and kills a cursor which will be but has not been killed by thisĀ KillSessions. KillSessions will then get a CursorNotFound exception.



 Comments   
Comment by Xiangyu Yao (Inactive) [ 15/Apr/19 ]

Done.

Comment by Dianna Hohensee (Inactive) [ 15/Apr/19 ]

xiangyu.yao, can you update the ticket linking? Right now we have a BF that is "Waiting for bug fix" on this ticket that either needs to be closed or reopened or found a new ticket on which to depend for fix; and the open BF should probably be unlinked?

Comment by Eric Milkie [ 04/Apr/19 ]

We'll look into solutions for this.

Comment by Xiangyu Yao (Inactive) [ 04/Oct/18 ]

Ignoring CursorNotFound would indeed solved the linked BF, but it would leave another problem. If KillSessions does not block the creation/deletion of cursors while killing all the cursors, it could accidentally kill another cursor with the same cursor id as one of the killed cursors:
1. KillSessions gets a list of cursors to be killed including cursor A.
2. A killCursor command kills cursor A.
3. Then another session tries to create a cursor with the same cursor id as cursor A.
4. KillSessions now kills the newly created cursor.

Comment by Andy Schwerin [ 02/Oct/18 ]

If we hold the mutex the whole time, then killing the cursors on a single session blocks creation of new cursors on other sessions at the same time. Could this be a problem? Would ignoring CursorNotFound in the existing implementation be safe?

Generated at Thu Feb 08 04:45:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.