[SERVER-69389] Command checkAuthorization may throw ErrorCodes::NamespaceNotFound for existing collection while trying to resolve UUID to namespace when the node is shutting down. Created: 01/Sep/22 Updated: 29/Oct/23 Resolved: 15/Sep/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.4.18, 5.0.14, 6.0.3, 6.1.0-rc4, 6.2.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Suganthi Mani | Assignee: | Gregory Noma |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||
| Backport Requested: |
v6.1, v6.0, v5.0, v4.4
|
||||||||||||||||||||
| Sprint: | Execution Team 2022-09-19 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Linked BF Score: | 11 | ||||||||||||||||||||
| Description |
|
Nodes can throw ErrorCodes::NamespaceNotFound for existing collections while trying to resolve UUID to namespace when the node is shutting down and has finished deregistering all the collections and clearing the CollectionCatalog::_catlog map from the in-memory collection catalog. There are few commands, like, count, tries to resolve UUID to namespace as part of the authorization check without holding any locks. ErrorCodes::NamespaceNotFound makes the multi-tenant migration protocol to skip cloning the collection from donor to recipient as the recipient assumes that the collection was dropped on the donor. And, the tenant migration may still go ahead and commit without copying all collections of the tenant from donor to recipient and leading to data corruption. Note: This a problem with logical initial sync as well. |
| Comments |
| Comment by Githook User [ 17/Oct/22 ] |
|
Author: {'name': 'Gregory Noma', 'email': 'gregory.noma@gmail.com', 'username': 'gregorynoma'}Message: (cherry picked from commit 5457b4527960627071d26310111b29510105d42f) |
| Comment by Githook User [ 04/Oct/22 ] |
|
Author: {'name': 'Gregory Noma', 'email': 'gregory.noma@gmail.com', 'username': 'gregorynoma'}Message: (cherry picked from commit 5457b4527960627071d26310111b29510105d42f) |
| Comment by Githook User [ 04/Oct/22 ] |
|
Author: {'name': 'Gregory Noma', 'email': 'gregory.noma@gmail.com', 'username': 'gregorynoma'}Message: (cherry picked from commit 5457b4527960627071d26310111b29510105d42f) |
| Comment by Githook User [ 03/Oct/22 ] |
|
Author: {'name': 'Gregory Noma', 'email': 'gregory.noma@gmail.com', 'username': 'gregorynoma'}Message: (cherry picked from commit 5457b4527960627071d26310111b29510105d42f) |
| Comment by Githook User [ 15/Sep/22 ] |
|
Author: {'name': 'Gregory Noma', 'email': 'gregory.noma@gmail.com', 'username': 'gregorynoma'}Message: |
| Comment by Suganthi Mani [ 05/Sep/22 ] |
|
We had a similar problem before where a user thread trying to resolve UUID to namespace races with rollback thread trying to close the catalog. We fixed the problem by introducing shadow catalog to allow such name resolution (see CC esha.maharishi@mongodb.com for Serverless visibility & matthew.russotto@mongodb.com for replication visibility as I believe logical initial sync has this same problem. |