[HADOOP-16819] Possible inconsistent state of AbstractDelegationTokenSecretManager - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Patch Available
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.3.0
Fix Version/s: None
Component/s: fs/s3, security
Labels:
- pull-request-available

Description

AbstractDelegationTokenSecretManager.updateCurrentKey increments the current key id and creates the new delegation key in two distinct synchronized blocks.

This means that other threads can see the class in an inconsistent state, where the key for the current key id doesn't exist (yet).

For example the following method sometimes returns null when the token remover thread is between the two synchronized blocks:

@Override
public DelegationKey getCurrentKey() {
  return getDelegationKey(getCurrentKeyId());
}

Also it is possible that updateCurrentKey is called from multiple threads at the same time so distinct keys can be generated with the same key id.

This issue is suspected to be the cause of the intermittent failure of TestLlapSignerImpl.testSigning - HIVE-22621.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-16819.001.patch
21/Jan/20 15:32
1 kB
Hankó Gergely

Issue Links

causes

HIVE-22621 Disable unstable tests

Open

links to

GitHub Pull Request #1894

Activity

People

Assignee:: Hankó Gergely

Reporter:: Hankó Gergely

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 21/Jan/20 09:12

Updated:: 04/Oct/22 16:23

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 10m