[SERVER-46667] Avoid invariant from invalid candidateIndex Created: 05/Mar/20  Updated: 29/Oct/23  Resolved: 25/Mar/20

Status: Closed
Project: Core Server
Component/s: Replication
Affects Version/s: None
Fix Version/s: 4.4.0-rc1, 4.7.0

Type: Task Priority: Major - P3
Reporter: Siyuan Zhou Assignee: A. Jesse Jiryu Davis
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
depends on SERVER-46387 Only vote for candidate with same con... Closed
Problem/Incident
causes SERVER-47459 replSetGetStatus.electionParticipantM... Closed
Related
related to SERVER-47007 candidateIndex field of LastVote docu... Backlog
related to SERVER-47097 Add isPrimary to ReplSetMetadata and ... Closed
related to SERVER-47096 Include configTerm in ReplSetMetadata Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.4, v4.2, v4.0
Sprint: Repl 2020-03-23, Repl 2020-04-06
Participants:
Case:

 Description   

Original title and description: "Audit config reference and comparison across config versions". In Safe Reconfig project, we allow data replication across config version and voting across config version. We need to audit config reference and member index comparison across config versions to avoid index comparison across config versions.



 Comments   
Comment by A. Jesse Jiryu Davis [ 13/Apr/20 ]

It's necessary - this audit produced one bugfix. I'll change the title.

Comment by Siyuan Zhou [ 13/Apr/20 ]

jesse, this ticket is about a small fix to prevent an out-of-bound candidateIndex, so can we change the title? Since we only vote if the candidate is in the same config in all versions now, is it still necessary?

Comment by A. Jesse Jiryu Davis [ 13/Apr/20 ]

Requesting backport to 4.0 to preempt any BFs on the 4.0 branch.

Comment by Githook User [ 10/Apr/20 ]

Author:

{'name': 'A. Jesse Jiryu Davis', 'email': 'jesse@mongodb.com', 'username': 'ajdavis'}

Message: SERVER-46667 Avoid invariant from invalid candidateIndex

(cherry picked from commit 5adb80de95ab4f7784eb2905f82e4d8712578e3a)
Branch: v4.4
https://github.com/mongodb/mongo/commit/64c84a7c9d0d6035e9d8794371de33baa79ef020

Comment by Githook User [ 17/Mar/20 ]

Author:

{'name': 'A. Jesse Jiryu Davis', 'username': 'ajdavis', 'email': 'jesse@mongodb.com'}

Message: SERVER-46667 Avoid invariant from invalid candidateIndex
Branch: master
https://github.com/mongodb/mongo/commit/5adb80de95ab4f7784eb2905f82e4d8712578e3a

Comment by A. Jesse Jiryu Davis [ 17/Mar/20 ]

Next: unsafe use of primary member index in shouldChangeSyncSource().

Comment by Siyuan Zhou [ 12/Mar/20 ]

In election, the last vote records the candidate index given by the candidate, however, if the candidate has a different config, the index isn't meaningful anymore. We need to investigate either the inconsistency can lead to correctness issues.

We could either reject the vote if the config version isn't the same, assuming config versions are unique. After a few heartbeats, they should be on the same config. This may cause liveness issues in the TLA+ spec, however if we assume heartbeats will run eventually, it seems fine to me. We can update the TLA+ spec to confirm the liveness. Alternatively, we may record the candidate's ID rather than index since we assume nodes never change their ID, but we need to update the vote request messages and the on-disk last vote. There might be upgrade/downgrade issues.

Generated at Thu Feb 08 05:12:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.