[SERVER-67334] Accessing the opCtx decoration 'tenantIdToDeleteDecoration' from the on-commit hook of TenantMigrationRecipientOpObserver::onDelete() is not safe after the ttl batch deletion feature. Created: 16/Jun/22 Updated: 29/Oct/23 Resolved: 22/Jun/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.1.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Suganthi Mani | Assignee: | Christopher Caplinger |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Sprint: | Server Serverless 2022-06-27 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Linked BF Score: | 143 | ||||||||||||||||
| Description |
|
PM-2227 made the ttl to perform batch deletes. As a result we might end up crashing the system while trying to access the uninitialized boost::optional 'tenantIdToDeleteDecoration' value (an opCtx decoration ) from the TenantMigrationRecipientOpObserver::onDelete()'s on-commit hook. Consider the below scenario. Assume, we started 2 migrations for tenant T1 & T2 with donor replica set rs0 and recipient replica set rs1. |
| Comments |
| Comment by Githook User [ 23/Jun/22 ] |
|
Author: {'name': 'Christopher Caplinger', 'email': 'christopher.caplinger@mongodb.com', 'username': 'UnicodeSnowman'}Message: |
| Comment by Githook User [ 22/Jun/22 ] |
|
Author: {'name': 'Christopher Caplinger', 'email': 'christopher.caplinger@mongodb.com', 'username': 'UnicodeSnowman'}Message: |
| Comment by Steven Vannelli [ 21/Jun/22 ] |
|
Much appreciated! |
| Comment by Christopher Caplinger [ 21/Jun/22 ] |
|
steven.vannelli@mongodb.com on it, will get a patch up for this shortly |
| Comment by Esha Maharishi (Inactive) [ 17/Jun/22 ] |
|
Ah I see, that solves the issue since the tenant id would be captured into the onCommit hook separately for each delete. Cool, that sounds good to me! |
| Comment by Suganthi Mani [ 17/Jun/22 ] |
|
first half - "pass the tenant id directly just to the onCommit hook". |
| Comment by Esha Maharishi (Inactive) [ 17/Jun/22 ] |
|
suganthi.mani@mongodb.com do you mean we should pass the tenant id directly just to the onCommit hook, or also pass the tenant id directly to onDelete? |
| Comment by Suganthi Mani [ 17/Jun/22 ] |
|
esha.maharishi@mongodb.com Hopefully |
| Comment by Esha Maharishi (Inactive) [ 16/Jun/22 ] |
|
Hmm, this problem will go away once we remove the tenant migration donor's dependency on the TTL index. I am thinking about if it will completely go away with |
| Comment by Esha Maharishi (Inactive) [ 16/Jun/22 ] |
|
Ah, those two deletes share the same opCtx... Yes, I think we should prioritize fixing this before releasing 6.1, so that we don't introduce these crashes in production. |
| Comment by Suganthi Mani [ 16/Jun/22 ] |
|
esha.maharishi@mongodb.com This crash bug is caused due to PM-2227 whose Fix version is 6.0 & 6.1, but the CC steven.vannelli@mongodb.com christopher.caplinger@mongodb.com |