[SERVER-4892] Running server in auth mode fails to close cursors leading to cursor accumulation on the server Created: 07/Feb/12 Updated: 11/Jul/16 Resolved: 21/Feb/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying, Security |
| Affects Version/s: | 2.0.2, 2.0.3 |
| Fix Version/s: | 2.1.1 |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Christian Amor Kvalheim | Assignee: | Andy Schwerin |
| Resolution: | Done | Votes: | 3 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
osx or linux, server must be set up on a different ip than localhost (preferably a separate machine). This is not a ruby driver issue, I used ruby to ensure it was not a node.js driver issue. |
||
| Attachments: |
|
||||||||||||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Operating System: | ALL | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
Setup for reproducing the issue ---------------------------------------- app to use
------------------------------------------ Data population script from console
------------------------------------------ Steps to reproduce use tweet 4. start the application ruby server.rb (or where you stored the file) 5. Hit the url with your browser or curl a couple of times 6. Go to the mongo console and do db.serverStatus()['cursors'] You will see the number of open cursor increase and hang around until they time out. This does not seem to happen if you run against the server on localhost or without auth. |
| Comments |
| Comment by auto [ 22/Feb/12 ] |
|
Author: {u'login': u'tadmarshall', u'name': u'Tad Marshall', u'email': u'tad@10gen.com'}Message: |
| Comment by auto [ 22/Feb/12 ] |
|
Author: {u'login': u'', u'name': u'unknown', u'email': u'Administrator@tad-w2k8r2-vbox.(none)'}Message: Fix from Andy ... remove assert around stopMongod( port ) at |
| Comment by Andy Schwerin [ 21/Feb/12 ] |
|
Was closed by accident. Reopening marked it "unresolved", but the bug is fixed, per earlier comment. |
| Comment by Andy Schwerin [ 21/Feb/12 ] |
|
Closed by accident. |
| Comment by Andy Schwerin [ 21/Feb/12 ] |
|
This affects 2.0.0 and 2.0.1, as well. It probably also affects all prior versions that supported auth mode, though I haven't audited them. As a reminder, this bug only causes cursor leaks when a query results in a large number of documents being returned or the query has explicitly set a low batchSize, and the client doesn't examine any documents from the last batch returned. A decision on backporting this fix to 2.0.x is pending, but it's probably too late for 2.0.3. |
| Comment by Fredrik Björk [ 21/Feb/12 ] |
|
Does this affect version 2.0.1 too? |
| Comment by auto [ 21/Feb/12 ] |
|
Author: {u'login': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}Message: Regression test for |
| Comment by Andy Schwerin [ 13/Feb/12 ] |
|
Tests written, but to be checked in. |
| Comment by auto [ 13/Feb/12 ] |
|
Author: {u'login': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}Message: Prior to this patch, we were incorrectly interpreting a portion of the dbKillCursors message as a Test to follow. |
| Comment by Eliot Horowitz (Inactive) [ 10/Feb/12 ] |
|
There are 2 other cases that are probably dupes, should make sure to clean those up with this is dealt with: One minor wrinkle is that drives right now do not guarantee that a killCursors is sent over the same connection that created it. So we just have to make sure that still works as long as all connections are authenticated. |
| Comment by Christian Amor Kvalheim [ 09/Feb/12 ] |
|
cool I'll be willing to test once the fix is in |
| Comment by Andy Schwerin [ 08/Feb/12 ] |
|
Plan for addressing (1) above, fixing mongod, is to have ClientCursor::erase(CursorId) auth check before erasing, and skip the auth check for killCursors in assembleResponse. |
| Comment by Andy Schwerin [ 08/Feb/12 ] |
|
There are multiple problems operating in concert, here. 1.) mongod incorrectly interprets the number-of-cursors field in the "kill cursors" message as the string namespace name. As a result, authentication of killCursors always fails. Mongod should instead be verifying that the internal object representing the client connection is authenticated against the cursor's associated namespace. 2.) Clients must either ensure that the connection across which they send "kill cursors" messages is authenticated for the namespaces associated with the condemned cursors, or they must getLastError to check for success when killing cursors. I'll get to work on a solution for (1.), but the drivers will need an audit, if not an update. |
| Comment by Joseph Sofaer [ 07/Feb/12 ] |
|
I am seeing this issue but would note that I can reproduce it with the app server and mongo server running on localhost on mac osx. db version v2.0.2 |