[
https://issues.apache.org/jira/browse/ZOOKEEPER-2111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294757#comment-14294757
]
Hongchao Deng commented on ZOOKEEPER-2111:
------------------------------------------
I wanna point out in the code:
{code}
if (!state.isAlive() || closing) {
conLossPacket(packet);
} else {
// If the client is asking to close the session then
// mark as closing
if (h.getType() == OpCode.closeSession) {
closing = true;
}
outgoingQueue.add(packet);
}
{code}
There is an assumption: when it goes into the `else` block, it assumes `state`
is alive and `closing` is false. The assumption here could introduce a race I
found (and maybe others unfound). But anyway, I don't think my current patch
fix this assumption because I can't synchronized on `closing` which is boolean.
Making this assumption fixed and shown in code is my goal.
> Not isAlive states should be synchronized in ClientCnxn
> -------------------------------------------------------
>
> Key: ZOOKEEPER-2111
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2111
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Reporter: Hongchao Deng
> Assignee: Hongchao Deng
> Attachments: ZOOKEEPER-2111.patch, ZOOKEEPER-2111.patch,
> ZOOKEEPER-2111.patch
>
>
> In ClientCnxn.queuePacket, it checks variables of state and closing and then
> make decisions. There is toctou race in queuePacket():
> {code}
> if (!state.isAlive() || closing) {
> conLossPacket(packet);
> } else {
> ...
> }
> {code}
> A possible race:
> in SendThread.run():
> {code}
> while (state.isAlive()) {
> ...
> }
> cleanup();
> {code}
> When it checks in queuePacket(), state is still alive. Then state isn't
> alive, SendThread.run() cleans up outgoingQueue. Then queuePacket adds packet
> to outgoingQueue. The packet should be waken up with exception. But it won't
> at this case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
