[jira] [Commented] (CASSANDRA-15153) Caffeine cache return stale entries

Thu, 26 Mar 2020 08:37:58 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-15153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17067783#comment-17067783
 ] 

Per Otterström commented on CASSANDRA-15153:
--------------------------------------------

I've created a [unit 
test|https://github.com/apache/cassandra/compare/trunk...eperott:15153-trunk] 
to reproduce this 
[issue|https://circleci.com/gh/eperott/cassandra/215#tests/containers/1].

In short, a {{LoadingCache}} may return a stale entry if its load function at 
some point start to throw exceptions for a key.

The bug seem to be fixed in Caffeine version 2.5.0 and later.

I guess there are a couple of questions that we need to take a stance on here.
# Should we risk upgrading the Caffeine version because of this? Caffeine is 
used in 12 different classes in trunk.
# And if so, should we make the minimal change and move to 2.5.0, or something 
later?

FWIW, I'm not able to create a scenario where I can exploit this. A potential 
one would've been to login as a user after it was deleted in the database 
(causing the load function to throw {{AuthenticationException}}). However, 
other permission checks prevent the login attempt from completing. Then again, 
this doesn't prove there isn't a way to exploit this!

> Caffeine cache return stale entries
> -----------------------------------
>
>                 Key: CASSANDRA-15153
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15153
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Per Otterström
>            Priority: Normal
>
> Version 2.3.5 of the Caffeine cache that we're using in various places can 
> hand out stale entries in some cases. This seem to happen when an update 
> fails repeatedly, in which case Caffeine may return a previously loaded 
> value. For instance, the AuthCache may hand out permissions even though the 
> reload operation is failing, see CASSANDRA-15041.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to