Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18477 Über-jira: S3A Hadoop 3.3.9 features
  3. HADOOP-16819

Possible inconsistent state of AbstractDelegationTokenSecretManager

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Patch Available
    • Major
    • Resolution: Unresolved
    • 3.3.0
    • None
    • fs/s3, security

    Description

      AbstractDelegationTokenSecretManager.updateCurrentKey increments the current key id and creates the new delegation key in two distinct synchronized blocks.

      This means that other threads can see the class in an inconsistent state, where the key for the current key id doesn't exist (yet).

      For example the following method sometimes returns null when the token remover thread is between the two synchronized blocks:

      @Override
      public DelegationKey getCurrentKey() {
        return getDelegationKey(getCurrentKeyId());
      }

       

      Also it is possible that updateCurrentKey is called from multiple threads at the same time so distinct keys can be generated with the same key id.

       

      This issue is suspected to be the cause of the intermittent failure of  TestLlapSignerImpl.testSigning - HIVE-22621.

      Attachments

        1. HADOOP-16819.001.patch
          1 kB
          Hankó Gergely

        Issue Links

          Activity

            People

              ghanko Hankó Gergely
              ghanko Hankó Gergely
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m