[ https://issues.apache.org/jira/browse/HBASE-11194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14016990#comment-14016990 ]
Hadoop QA commented on HBASE-11194: ----------------------------------- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12648190/HBASE-11194.patch against trunk revision . ATTACHMENT ID: 12648190 {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 3 new or modified tests. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 lineLengths{color}. The patch does not introduce lines longer than 100 {color:green}+1 site{color}. The mvn site goal succeeds with this patch. {color:red}-1 core tests{color}. The patch failed these unit tests: org.apache.hadoop.hbase.regionserver.TestRSKilledWhenInitializing Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/9678//console This message is automatically generated. > [AccessController] issue with covering permission check in case of concurrent > op on same row > -------------------------------------------------------------------------------------------- > > Key: HBASE-11194 > URL: https://issues.apache.org/jira/browse/HBASE-11194 > Project: HBase > Issue Type: Bug > Components: security > Affects Versions: 0.98.0 > Reporter: Anoop Sam John > Assignee: Anoop Sam John > Fix For: 0.99.0, 0.98.4 > > Attachments: HBASE-11194.patch > > > The issue is the hook where we do check in which we have not acquired > rowlock. Take case of delete, we do the check in the preDelete() hook. We do > get the covering cells and check against their acls. At the point of the > preDelete hook, we have not acquired the row lock on the deleting row. > Consider 2 parallel threads one doing put and other delete both dealing with > same row. > Thread 1 acquired the rowlock and decided the TS (HRS time) and doing the > memstore write and HLog sync but the mvcc read point is NOT advanced. > Thread 2 at same time, doing the delete of the row (Say with latest TS . The > intent is to delete entire row) and in place of preDelete hook. There is no > row locking happening at this point. As part of covering permission check, it > doing a Get. But as said above, the put is not complete and the mvcc advance > has not happened. So the Get won’t return the new cell. It will return the > old cells. And the check pass for the old cells. Now suppose the new cell > ACL is not matching for the deleting user. But the cell was not read, the > check has not happened. So the ACL check will allow the user to delete > row.. The flow later comes to HRegion#doMiniBatchMutate() and try acquire > row lock and by that time the Thread 1 op was over. So it will get lock and > will add the delete tombstone. As a result the cell, for which the deleting > user has no acl right, also will get deleted. -- This message was sent by Atlassian JIRA (v6.2#6252)