[
https://issues.apache.org/jira/browse/HADOOP-10852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoy Antony updated HADOOP-10852:
----------------------------------
Attachment: HADOOP-10852.patch
The _NetgroupCache_ is fixed by keeping state in only one _ConcurrentHashMap_ -
{{userToNetgroupsMap}}.
{{add}} updates {{userToNetgroupsMap}} directly.
There is a slight performance loss when invoking {{isCached}} and
{{{userToNetgroupsMap}}
But these are invoked only during {{refresh}} and adding a new group. These
invocations should be rare compared to {{getNetgroups}} invocation.
> NetgroupCache is not thread-safe
> --------------------------------
>
> Key: HADOOP-10852
> URL: https://issues.apache.org/jira/browse/HADOOP-10852
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-10852.patch
>
>
> _NetgroupCache_ internally uses two _ConcurrentHashMap_s and a boolean
> variable to signal updates on one of the _ConcurrentHashMap_s
> None of the functions are synchronized and hence is possible to have
> unexpected results due to race condition between different threads.
> As an example, consider the following sequence:
> Thread1 :
> {{add}} a group
> {{netgroupToUsersMap}} is updated.
> {{netgroupToUsersMapUpdated}} is set to true.
> Thread 2:
> calls {{getNetgroups}} for a user
> Due to re-ordering, {{netgroupToUsersMapUpdated=true}} is visible, but
> updates in {{netgroupToUsersMap}} is not visible.
> Does a wrong update with older {{netgroupToUsersMap}} values.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
