[SERVER-42455] ReplicaSetChangeNotifier::onConfirmedSet is unsafe during shutdown Created: 26/Jul/19  Updated: 29/Oct/23  Resolved: 07/Apr/20

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 4.2.6, 4.4.0-rc0, 4.7.0

Type: Bug Priority: Major - P3
Reporter: Mira Carey Assignee: Janna Golden
Resolution: Fixed Votes: 0
Labels: servicearch-wfbf-day
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.4, v4.2
Sprint: Service arch 2020-04-20
Participants:
Linked BF Score: 23

 Description   

The replica set change notifier makes a copy of _listeners under a lock, but then invokes onConfirmedSet on those listeners outside the lock. During shutdown, those pointers can be dead, which can cause us to use after free and crash.

See replica_set_change_notifier.cpp#L116-L120

    auto listeners = _listeners;
    lk.unlock();
 
    for (auto listener : listeners) {
        listener->onConfirmedSet(state);
    };



 Comments   
Comment by Githook User [ 08/Apr/20 ]

Author:

{'name': 'jannaerin', 'email': 'golden.janna@gmail.com', 'username': 'jannaerin'}

Message: SERVER-42455 Make ReplicaSetChangeNotifier::onConfirmedSet safe during shutdown

(cherry picked from commit 242d86b0e9a4091466682bbb97d2298839a91569)
Branch: v4.2
https://github.com/mongodb/mongo/commit/63fa6cb7da951716847b7d17eef9cc777c2fe0a5

Comment by Githook User [ 08/Apr/20 ]

Author:

{'name': 'jannaerin', 'email': 'golden.janna@gmail.com', 'username': 'jannaerin'}

Message: SERVER-42455 Make ReplicaSetChangeNotifier::onConfirmedSet safe during shutdown

(cherry picked from commit 242d86b0e9a4091466682bbb97d2298839a91569)
Branch: v4.4
https://github.com/mongodb/mongo/commit/107e1da10960111b519c561efe2094ae584106e0

Comment by Githook User [ 07/Apr/20 ]

Author:

{'name': 'jannaerin', 'email': 'golden.janna@gmail.com', 'username': 'jannaerin'}

Message: SERVER-42455 Make ReplicaSetChangeNotifier::onConfirmedSet safe during shutdown
Branch: master
https://github.com/mongodb/mongo/commit/242d86b0e9a4091466682bbb97d2298839a91569

Generated at Thu Feb 08 05:00:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.