Race in atomic compareAndSwap can make FailPoint::enableFailPoint() to spin forever

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Major - P3
    • 4.0 Required
    • Affects Version/s: 4.0.24
    • Component/s: None
    • Server Programmability
    • ALL
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      This is not a production bug so threat it accordingly.

      The race:
      Initially, _fpInfo was ( 1 << 31 ).
      1. Thread 1 enters FailPoint::slowShouldFailOpenBlock() and increments the _fpInfo to ( 1 << 31 + 1)
      2. Thread 2 enters disableFailPoint() and reads _fpInfo into currentVal
      3. Thread 1 enters FailPoint::shouldFailCloseBlock() and decrements _fpInfo to ( 1 << 31 )
      4. Thread 2 spins forever

      Even though this is not production failure, someone may copy-paste this pattern into production code. Atomics are subtle and must be treated with care.

      Fix: load _fpInfo each time inside loop. Same for enableFailPoint().

            Assignee:
            Unassigned
            Reporter:
            Andrew Shuvalov (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: