[SERVER-62668] Synchronize access to ImpersonatedUserMetadata in OperationContext. Created: 14/Jan/22  Updated: 29/Oct/23  Resolved: 21/Jan/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.3.0, 4.2.19, 4.4.13, 5.0.7

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Gabriel Marks
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v5.0, v4.4, v4.2
Sprint: Security 2022-01-24
Participants:
Linked BF Score: 156

 Description   

There is a race condition between "$currentOp" and request threads for the ImpersonatedUserMetadata in OperationContext. To prevent this, ImpersonatedUserMetadata needs to be guarded with synchronization.

ImpersonatedUserMetadata is a decoration on the OperationContext. It read/written to by the thread that owns the thread. It is read by the $currentOp thread while the $currentOp thread owns the client lock. Access to it could be guarded with the Client lock or a dedicated mutex.



 Comments   
Comment by Githook User [ 25/Jan/22 ]

Author:

{'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}

Message: SERVER-62668 Implement synchronization for ImpersonatedUserMetadata access

(cherry picked from commit 4cab840d3ee82049f70ef67fad0a29e1af24f31a)
Branch: v5.0
https://github.com/mongodb/mongo/commit/ce737f0229b1271c89a337b0c7947f10ec55f227

Comment by Githook User [ 25/Jan/22 ]

Author:

{'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}

Message: SERVER-62668 Implement synchronization for ImpersonatedUserMetadata access

(cherry picked from commit 4cab840d3ee82049f70ef67fad0a29e1af24f31a)
Branch: v4.2
https://github.com/mongodb/mongo/commit/0a0a8790f069e172bfdc277c401f265b992e261b

Comment by Githook User [ 25/Jan/22 ]

Author:

{'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}

Message: SERVER-62668 Implement synchronization for ImpersonatedUserMetadata access

(cherry picked from commit 4cab840d3ee82049f70ef67fad0a29e1af24f31a)
Branch: v4.4
https://github.com/mongodb/mongo/commit/bc3304a44c10e7468678c638e0406a5e479829ab

Comment by Githook User [ 21/Jan/22 ]

Author:

{'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}

Message: SERVER-62668 Implement synchronization for ImpersonatedUserMetadata access
Branch: master
https://github.com/mongodb/mongo/commit/4cab840d3ee82049f70ef67fad0a29e1af24f31a

Generated at Thu Feb 08 05:55:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.