[
https://issues.apache.org/jira/browse/HDDS-2966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17086069#comment-17086069
]
Bharat Viswanadham commented on HDDS-2966:
------------------------------------------
Closing this as it is not a problem, we acquire read lock and check Acls and
then release read lock. After that acquire a write lock if it is a read
operation. As the apply transaction is serial, there is no issue with the
current approach.
> ACL checks should be done after acquiring lock
> ----------------------------------------------
>
> Key: HDDS-2966
> URL: https://issues.apache.org/jira/browse/HDDS-2966
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Components: HA, Ozone Manager
> Reporter: Hanisha Koneru
> Priority: Major
>
> Currently in OMClientRequests#validateAndUpdateCache, we perform ACL checks
> before acquiring the required object lock. This could lead to race condition.
> The ACL check should be done after acquiring the lock.
> For example, in OMKeyCreateRequest:
> {code:java}
> // check Acl
> checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
> IAccessAuthorizer.ACLType.CREATE, OzoneObj.ResourceType.KEY);
> acquireLock = omMetadataManager.getLock().acquireWriteLock(BUCKET_LOCK,
> volumeName, bucketName);
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
