[
https://issues.apache.org/jira/browse/HADOOP-16819?focusedWorklogId=567129&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-567129
]
ASF GitHub Bot logged work on HADOOP-16819:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 16/Mar/21 17:35
Start Date: 16/Mar/21 17:35
Worklog Time Spent: 10m
Work Description: ghanko commented on pull request #1894:
URL: https://github.com/apache/hadoop/pull/1894#issuecomment-800467410
No, the problem is that key id generation and store happens in distinct
synchronized blocks so between the two blocks other threads can access
currentKeyId which doesn't correspond to any key because it's not stored yet.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 567129)
Time Spent: 40m (was: 0.5h)
> Possible inconsistent state of AbstractDelegationTokenSecretManager
> -------------------------------------------------------------------
>
> Key: HADOOP-16819
> URL: https://issues.apache.org/jira/browse/HADOOP-16819
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3, security
> Affects Versions: 3.3.0
> Reporter: Hankó Gergely
> Assignee: Hankó Gergely
> Priority: Major
> Labels: pull-request-available
> Attachments: HADOOP-16819.001.patch
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> [AbstractDelegationTokenSecretManager.updateCurrentKey|https://github.com/apache/hadoop/blob/581072a8f04f7568d3560f105fd1988d3acc9e54/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java#L360]
> increments the current key id and creates the new delegation key in two
> distinct synchronized blocks.
> This means that other threads can see the class in an *inconsistent state,
> where the key for the current key id doesn't exist (yet)*.
> For example the following method sometimes returns null when the token
> remover thread is between the two synchronized blocks:
> {noformat}
> @Override
> public DelegationKey getCurrentKey() {
> return getDelegationKey(getCurrentKeyId());
> }{noformat}
>
> Also it is possible that updateCurrentKey is called from multiple threads at
> the same time so *distinct keys can be generated with the same key id*.
>
> This issue is suspected to be the cause of the intermittent failure of
> [TestLlapSignerImpl.testSigning|https://github.com/apache/hive/blob/3c0705eaf5121c7b61f2dbe9db9545c3926f26f1/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java#L195]
> - HIVE-22621.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
