vyommani opened a new pull request, #729: URL: https://github.com/apache/ranger/pull/729
## What changes were proposed in this pull request? Fixed a memory visibility issue in RangerBasePlugin where the policyEngine field was not declared as volatile. This caused a visibility race condition where policy updates made by the policyRefresher thread might not be immediately visible to other threads. When the policyRefresher thread updates the RangerPolicyEngine reference, the change may not be immediately visible to other threads due to CPU caching and compiler optimizations. This results in threads continuing to use stale policy engine references, which can lead to incorrect authorization decisions and potential access control bypasses. Without the volatile keyword, there's no happens-before relationship guaranteeing that writes to policyEngine by one thread are visible to reads by other threads. This is a memory visibility issue, not a traditional thread-safety/synchronization issue. ## How was this patch tested? Added a dedicated concurrency test (TestRangerBasePluginRaceCondition.testVisibilityOfPolicyEngine) that specifically validates the memory visibility fix -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
