[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13469903#comment-13469903
]
Hudson commented on HBASE-6851:
---
Integrated in HBase-0.94-security-on-Hadoop-23 #8 (See
[https://builds.apache.org/job/HBase-0.94-security-on-Hadoop-23/8/])
HBASE-6851 Fix race condition in TableAuthManager.updateGlobalCache()
(Revision 1388898)
Result = FAILURE
garyh :
Files :
*
/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
*
/hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Fix For: 0.94.2, 0.96.0
>
> Attachments: HBASE-6851_2.patch, HBASE-6851_3.patch, HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463080#comment-13463080
]
Hudson commented on HBASE-6851:
---
Integrated in HBase-0.94-security #57 (See
[https://builds.apache.org/job/HBase-0.94-security/57/])
HBASE-6851 Fix race condition in TableAuthManager.updateGlobalCache()
(Revision 1388898)
Result = SUCCESS
garyh :
Files :
*
/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
*
/hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Fix For: 0.94.2, 0.96.0
>
> Attachments: HBASE-6851_2.patch, HBASE-6851_3.patch, HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461292#comment-13461292
]
Hudson commented on HBASE-6851:
---
Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #188 (See
[https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/188/])
HBASE-6851 Fix race condition in TableAuthManager.updateGlobalCache()
(Revision 1388894)
Result = FAILURE
garyh :
Files :
*
/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
*
/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Fix For: 0.94.3, 0.96.0
>
> Attachments: HBASE-6851_2.patch, HBASE-6851_3.patch, HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461278#comment-13461278
]
Hudson commented on HBASE-6851:
---
Integrated in HBase-TRUNK #3370 (See
[https://builds.apache.org/job/HBase-TRUNK/3370/])
HBASE-6851 Fix race condition in TableAuthManager.updateGlobalCache()
(Revision 1388894)
Result = SUCCESS
garyh :
Files :
*
/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
*
/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Fix For: 0.94.3, 0.96.0
>
> Attachments: HBASE-6851_2.patch, HBASE-6851_3.patch, HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461277#comment-13461277
]
Hudson commented on HBASE-6851:
---
Integrated in HBase-0.94 #486 (See
[https://builds.apache.org/job/HBase-0.94/486/])
HBASE-6851 Fix race condition in TableAuthManager.updateGlobalCache()
(Revision 1388898)
Result = FAILURE
garyh :
Files :
*
/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
*
/hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Fix For: 0.94.3, 0.96.0
>
> Attachments: HBASE-6851_2.patch, HBASE-6851_3.patch, HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461020#comment-13461020
]
stack commented on HBASE-6851:
--
I'd doubt the TestReplication failure your fault.
+1 on v2 (maybe change GLOBAL_CACHE to globalCache on commit -- its odd setting
something all CAPs to a value).
Good on you Gary.
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Attachments: HBASE-6851_2.patch, HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13460988#comment-13460988
]
Hadoop QA commented on HBASE-6851:
--
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12546136/HBASE-6851_2.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.
-1 javadoc. The javadoc tool appears to have generated 139 warning
messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
-1 findbugs. The patch appears to introduce 7 new Findbugs (version 1.3.9)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.hbase.replication.TestReplication
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/2922//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/2922//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/2922//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/2922//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/2922//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/2922//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/2922//console
This message is automatically generated.
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Attachments: HBASE-6851_2.patch, HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13460973#comment-13460973
]
Andrew Purtell commented on HBASE-6851:
---
Making GLOBAL_CACHE volatile seems right to me. +1 on patch 2 if all tests pass.
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Attachments: HBASE-6851_2.patch, HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13460948#comment-13460948
]
Gary Helmling commented on HBASE-6851:
--
bq. Cache is unbounded. Any fear of it getting large? (I suppose the old code
worked this way so this patch doesn't introduce that issue).
Making the cache bounded/not all memory resident would be a pretty significant
change and have potentially big (negative) impacts on performance. There may
be some cases of many tables + many users where this may start to become a
problem. But for the expected usage (maybe hundreds of tables, hundreds of
users), I wouldn't expect this to be much of an issue.
bq. Are all accesses on GLOBAL_CACHE synchronized? Do they need to be? Could we
get a NPE again when we swap it in and are accessing it elsewhere concurrently?
No, accesses are not synchronized (and I don't think we want them to be for
performance reasons). Since we're rebuilding and re-assigning the variable
reference, I don't think we're exposed to an NPE here.
bq. Does updateTableCache need synchronize?
The table cache is a ConcurrentSkipListMap so we should be able to reassign
variables atomically. But maybe we do want to serialize calls to this as well?
Seems like both updateGlobalCache() and updateTableCache() need to be
synchronized, or neither does. Since these are only called from the associated
ZKPermissionWatcher/ZooKeeperWatcher, is there any need to even synchronize
these to force serialization of the calls? Does the ZK ordering of the watch
events give us this already? If I understand correctly, maybe we don't need
the synchronization at all.
Should we make the GLOBAL_CACHE reference volatile, though, to ensure all
threads see it when updated?
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Attachments: HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()
[
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13460890#comment-13460890
]
stack commented on HBASE-6851:
--
Cache is unbounded. Any fear of it getting large? (I suppose the old code
worked this way so this patch doesn't introduce that issue).
The synchronize on updateGlobalCache seems like it could come in handy. Are
all accesses on GLOBAL_CACHE synchronized? Do they need to be? Could we get a
NPE again when we swap it in and are accessing it elsewhere concurrently?
Does updateTableCache need synchronize?
Looks much cleaner. Good stuff G.
> Race condition in TableAuthManager.updateGlobalCache()
> --
>
> Key: HBASE-6851
> URL: https://issues.apache.org/jira/browse/HBASE-6851
> Project: HBase
> Issue Type: Bug
> Components: security
>Affects Versions: 0.94.1, 0.96.0
>Reporter: Gary Helmling
>Assignee: Gary Helmling
>Priority: Critical
> Attachments: HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
> USER_CACHE.clear();
> GROUP_CACHE.clear();
> try {
> initGlobal(conf);
> } catch (IOException e) {
> // Never happens
> LOG.error("Error occured while updating the user cache", e);
> }
> for (Map.Entry entry : userPerms.entries()) {
> if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
> GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
> new Permission(entry.getValue().getActions()));
> } else {
> USER_CACHE.put(entry.getKey(), new
> Permission(entry.getValue().getActions()));
> }
> }
> {code}
> If authorization checks come in following the .clear() but before
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging
> for 0.94 and 0.96.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
