-
Type:
Bug
-
Resolution: Won't Fix
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
ALL
-
Sharding EMEA 2021-10-18, Sharding EMEA 2021-11-01
Consider a command flagged as 'kNever' allowed on secondaries.
Before calling the run() of the command, here it is checked that the command is allowed to run given this node repl state. However, the node could transition to secondary once we are past this check and continue running the command.
There are several instances of commands that call 'opCtx->setAlwaysInterruptAtStepDownOrUp();' at the begining of their run() (e.g. here), so that they can get interrupted should the node transition to secondary. However, the node could already have transitioned to secondary after passing the commandCanRunHere check, but before marking the opCtx as 'setAlwaysInterruptAtStepDownOrUp'. In this case, the command would proceed running on a secondary.
It could be worth to atomically check that the command is allowed to run on this node and mark the opCtx as killable on stepdown in the prologue.
- is related to
-
SERVER-66351 Audit uses of OperationContext::setAlwaysInterruptAtStepDownOrUp
-
- Open
-
- related to
-
-
- Closed
-