<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:34:07 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-33648] Attempting to perform user- and role-management commands in db.eval() with nolock=false can lead to deadlock</title>
                <link>https://jira.mongodb.org/browse/SERVER-33648</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Attempting to acquire a LockManager lock while holding a mutex is prone to deadlock. &lt;a href=&quot;https://github.com/mongodb/mongo/blob/r3.7.2/src/mongo/db/auth/authorization_manager.cpp#L304&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;The &lt;tt&gt;AuthorizationManager::getAuthorizationVersion()&lt;/tt&gt; function constructs a &lt;tt&gt;CacheGuard&lt;/tt&gt;&lt;/a&gt; which acquires the &lt;tt&gt;AuthorizationManager::_cacheMutex&lt;/tt&gt;. &lt;del&gt;While holding the mutex&lt;/del&gt;, it calls &lt;tt&gt;AuthorizationManager::getStoredAuthorizationVersion()&lt;/tt&gt;, which attempts to acquire the global lock &lt;a href=&quot;https://github.com/mongodb/mongo/blob/r3.7.2/src/mongo/db/auth/authz_manager_external_state_d.cpp#L81&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;as part of constructing &lt;tt&gt;AutoGetCollectionForReadCommand&lt;/tt&gt; in &lt;tt&gt;AuthzManagerExternalStateMongod::findOne()&lt;/tt&gt;&lt;/a&gt;. &lt;b&gt;Edit&lt;/b&gt;: As noted in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-24083&quot; title=&quot;auth should not hold mutexes while doing DB operations&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-24083&quot;&gt;&lt;del&gt;SERVER-24083&lt;/del&gt;&lt;/a&gt;, the &lt;tt&gt;AuthorizationManager::_cacheMutex&lt;/tt&gt; is released &lt;a href=&quot;https://github.com/mongodb/mongo/blob/r3.7.2/src/mongo/db/auth/authorization_manager.cpp#L229&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;as part of &lt;tt&gt;AuthorizationManager::beginFetchPhase()&lt;/tt&gt; &lt;/a&gt;; however, a thread must wait if another thread is already calling into &lt;tt&gt;AuthorizationManager::getStoredAuthorizationVersion()&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;A thread running the &lt;tt&gt;db.eval()&lt;/tt&gt; with &lt;tt&gt;nolock=false&lt;/tt&gt; (thus holding the global X lock) would therefore deadlock if it ran any command that constructed a &lt;tt&gt;CacheGuard&lt;/tt&gt; and attempted to acquire the &lt;tt&gt;AuthorizationManager::_cacheMutex&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;The doc comment for the &lt;tt&gt;AuthorizationManager::CacheGuard&lt;/tt&gt; class describes this general issue; however, it appears we are missing code to enforce it doesn&apos;t happen in practice.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;NOTE: It is not safe to enter fetch phase while holding a database lock. Fetch phase operations are allowed to acquire database locks themselves, so entering fetch while holding a database lock may lead to deadlock.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo/blob/r3.7.2/src/mongo/db/auth/authorization_manager.cpp#L167-L169&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/blob/r3.7.2/src/mongo/db/auth/authorization_manager.cpp#L167-L169&lt;/a&gt;&lt;/p&gt;&lt;/blockquote&gt;</description>
                <environment></environment>
        <key id="505171">SERVER-33648</key>
            <summary>Attempting to perform user- and role-management commands in db.eval() with nolock=false can lead to deadlock</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13203">Gone away</resolution>
                                        <assignee username="backlog-server-security">Backlog - Security Team</assignee>
                                    <reporter username="max.hirschhorn@mongodb.com">Max Hirschhorn</reporter>
                        <labels>
                    </labels>
                <created>Sat, 3 Mar 2018 05:47:22 +0000</created>
                <updated>Fri, 27 Oct 2023 20:43:35 +0000</updated>
                            <resolved>Mon, 2 Jul 2018 19:50:10 +0000</resolved>
                                                                    <component>JavaScript</component>
                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="1937136" author="sara.golemon" created="Mon, 2 Jul 2018 19:50:10 +0000"  >&lt;p&gt;Closing this issue as &quot;Gone Away&quot; since db.eval() has been removed from MongoDB.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                        <issuelink>
            <issuekey id="505777">SERVER-33662</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="568457">SERVER-35986</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="99057">SERVER-12497</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="316043">SERVER-26101</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="318210">SERVER-26257</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="444992">SERVER-31552</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25129"><![CDATA[Server Security]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 6 Mar 2018 22:38:15 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        5 years, 32 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<s><a href='https://jira.mongodb.org/browse/SERVER-33662'>SERVER-33662</a></s>, <s><a href='https://jira.mongodb.org/browse/PM-115'>PM-115</a></s>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-115</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 32 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_16465" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Linked BF Score</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>16.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>backlog-server-security</customfieldvalue>
            <customfieldvalue>max.hirschhorn@mongodb.com</customfieldvalue>
            <customfieldvalue>sara.golemon@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htrm6v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr8von:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="2268">Platforms 2018-05-07</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htr8db:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>