[SERVER-83996] OperationIdManager::~ClientState() mutex acquisition races with LatchAnalyzer::~LatchSetState Created: 07/Dec/23  Updated: 08/Dec/23  Resolved: 08/Dec/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.3.0-rc0

Type: Bug Priority: Major - P3
Reporter: Erin McNulty Assignee: Erin McNulty
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Service Arch 2023-12-11
Participants:
Linked BF Score: 162

 Description   

Both OperationIdManager and LatchAnalyzer, which are both ServiceContext decorations, have related client decorations, ClientState and LatchSetState. When we destroy a client object and are destroying all of its decorations, we do two things in an undefined order:

  • We destroy the LatchSetState decoration on the Client
  • We destroy the OperationIdManager::ClientState decoration, during which we acquire a mutex on the OperationIdManager, which triggers the LatchAnalyzer to be run for that mutex. However, if the LatchSetState has already been destroyed on the Client, then we when encounter undefined behavior, and the program aborts.

We can fix this by making the OperationIdManager use a stdx::mutex, to avoid triggering the LatchAnalyzer.



 Comments   
Comment by Githook User [ 08/Dec/23 ]

Author:

{'name': 'Erin McNulty', 'email': 'erin.mcnulty@mongodb.com', 'username': 'erin2722'}

Message: SERVER-83996: Fix OperationIdManager::~ClientState() mutex acquisition race with LatchAnalyzer::~LatchSetState

GitOrigin-RevId: e71ba53d7075cc6a54ea7d22260b439a5488fb5a
Branch: master
https://github.com/mongodb/mongo/commit/0b5d85719e39b6e5907687254d7129c9dd88f2df

Generated at Thu Feb 08 06:53:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.