[jira] [Commented] (HADOOP-16819) Possible inconsistent state of AbstractDelegationTokenSecretManager
[ https://issues.apache.org/jira/browse/HADOOP-16819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17850260#comment-17850260 ] Kiran Velumuri commented on HADOOP-16819: - [~ghanko] This issue is still present and causing intermittent failure of [TestLlapSignerImpl.testSigning|https://github.com/apache/hive/blob/3c0705eaf5121c7b61f2dbe9db9545c3926f26f1/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java#L195] - HIVE-22621. Could you please help me to understand why this effort has been paused and please help to get this merged? Thank you. > Possible inconsistent state of AbstractDelegationTokenSecretManager > --- > > Key: HADOOP-16819 > URL: https://issues.apache.org/jira/browse/HADOOP-16819 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3, security >Affects Versions: 3.3.0 >Reporter: Hankó Gergely >Assignee: Hankó Gergely >Priority: Major > Labels: pull-request-available > Attachments: HADOOP-16819.001.patch > > Time Spent: 1h 10m > Remaining Estimate: 0h > > [AbstractDelegationTokenSecretManager.updateCurrentKey|https://github.com/apache/hadoop/blob/581072a8f04f7568d3560f105fd1988d3acc9e54/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java#L360] > increments the current key id and creates the new delegation key in two > distinct synchronized blocks. > This means that other threads can see the class in an *inconsistent state, > where the key for the current key id doesn't exist (yet)*. > For example the following method sometimes returns null when the token > remover thread is between the two synchronized blocks: > {noformat} > @Override > public DelegationKey getCurrentKey() { > return getDelegationKey(getCurrentKeyId()); > }{noformat} > > Also it is possible that updateCurrentKey is called from multiple threads at > the same time so *distinct keys can be generated with the same key id*. > > This issue is suspected to be the cause of the intermittent failure of > [TestLlapSignerImpl.testSigning|https://github.com/apache/hive/blob/3c0705eaf5121c7b61f2dbe9db9545c3926f26f1/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java#L195] > - HIVE-22621. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16819) Possible inconsistent state of AbstractDelegationTokenSecretManager
[ https://issues.apache.org/jira/browse/HADOOP-16819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17299796#comment-17299796 ] Hadoop QA commented on HADOOP-16819: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Logfile || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 1m 29s{color} | {color:blue}{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || || | {color:green}+1{color} | {color:green} dupname {color} | {color:green} 0m 0s{color} | {color:green}{color} | {color:green} No case conflicting files found. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green}{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s{color} | {color:red}{color} | {color:red} The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color} | || || || || {color:brown} trunk Compile Tests {color} || || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 22m 53s{color} | {color:green}{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 22m 30s{color} | {color:green}{color} | {color:green} trunk passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 19m 1s{color} | {color:green}{color} | {color:green} trunk passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08 {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 59s{color} | {color:green}{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 26s{color} | {color:green}{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 17m 47s{color} | {color:green}{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 58s{color} | {color:green}{color} | {color:green} trunk passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 29s{color} | {color:green}{color} | {color:green} trunk passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08 {color} | | {color:blue}0{color} | {color:blue} spotbugs {color} | {color:blue} 22m 34s{color} | {color:blue}{color} | {color:blue} Both FindBugs and SpotBugs are enabled, using SpotBugs. {color} | | {color:green}+1{color} | {color:green} spotbugs {color} | {color:green} 2m 19s{color} | {color:green}{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 53s{color} | {color:green}{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 21m 36s{color} | {color:green}{color} | {color:green} the patch passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 21m 36s{color} | {color:green}{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 18m 49s{color} | {color:green}{color} | {color:green} the patch passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08 {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 18m 49s{color} | {color:green}{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 58s{color} | {color:green}{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 24s{color} | {color:green}{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green}{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 15m 17s{color} | {color:green}{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 56s{color} | {color:green}{color} | {color:green} the patch passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 {color} |
[jira] [Commented] (HADOOP-16819) Possible inconsistent state of AbstractDelegationTokenSecretManager
[ https://issues.apache.org/jira/browse/HADOOP-16819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057689#comment-17057689 ] Hankó Gergely commented on HADOOP-16819: I think the findbugs warning is acceptable as the comment explicitly says "Log must be invoked outside the lock on 'this'". It can probably be solved by introducing a semaphore dedicated for currentKey access so we don't have to lock on "this", but it would be a bigger effort. What do you think? > Possible inconsistent state of AbstractDelegationTokenSecretManager > --- > > Key: HADOOP-16819 > URL: https://issues.apache.org/jira/browse/HADOOP-16819 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3, security >Affects Versions: 3.3.0 >Reporter: Hankó Gergely >Assignee: Hankó Gergely >Priority: Major > Attachments: HADOOP-16819.001.patch > > > [AbstractDelegationTokenSecretManager.updateCurrentKey|https://github.com/apache/hadoop/blob/581072a8f04f7568d3560f105fd1988d3acc9e54/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java#L360] > increments the current key id and creates the new delegation key in two > distinct synchronized blocks. > This means that other threads can see the class in an *inconsistent state, > where the key for the current key id doesn't exist (yet)*. > For example the following method sometimes returns null when the token > remover thread is between the two synchronized blocks: > {noformat} > @Override > public DelegationKey getCurrentKey() { > return getDelegationKey(getCurrentKeyId()); > }{noformat} > > Also it is possible that updateCurrentKey is called from multiple threads at > the same time so *distinct keys can be generated with the same key id*. > > This issue is suspected to be the cause of the intermittent failure of > [TestLlapSignerImpl.testSigning|https://github.com/apache/hive/blob/3c0705eaf5121c7b61f2dbe9db9545c3926f26f1/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java#L195] > - HIVE-22621. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16819) Possible inconsistent state of AbstractDelegationTokenSecretManager
[ https://issues.apache.org/jira/browse/HADOOP-16819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057653#comment-17057653 ] Hankó Gergely commented on HADOOP-16819: I'm checking the findbugs issue. > Possible inconsistent state of AbstractDelegationTokenSecretManager > --- > > Key: HADOOP-16819 > URL: https://issues.apache.org/jira/browse/HADOOP-16819 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3, security >Affects Versions: 3.3.0 >Reporter: Hankó Gergely >Assignee: Hankó Gergely >Priority: Major > Attachments: HADOOP-16819.001.patch > > > [AbstractDelegationTokenSecretManager.updateCurrentKey|https://github.com/apache/hadoop/blob/581072a8f04f7568d3560f105fd1988d3acc9e54/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java#L360] > increments the current key id and creates the new delegation key in two > distinct synchronized blocks. > This means that other threads can see the class in an *inconsistent state, > where the key for the current key id doesn't exist (yet)*. > For example the following method sometimes returns null when the token > remover thread is between the two synchronized blocks: > {noformat} > @Override > public DelegationKey getCurrentKey() { > return getDelegationKey(getCurrentKeyId()); > }{noformat} > > Also it is possible that updateCurrentKey is called from multiple threads at > the same time so *distinct keys can be generated with the same key id*. > > This issue is suspected to be the cause of the intermittent failure of > [TestLlapSignerImpl.testSigning|https://github.com/apache/hive/blob/3c0705eaf5121c7b61f2dbe9db9545c3926f26f1/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java#L195] > - HIVE-22621. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16819) Possible inconsistent state of AbstractDelegationTokenSecretManager
[ https://issues.apache.org/jira/browse/HADOOP-16819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057650#comment-17057650 ] Hankó Gergely commented on HADOOP-16819: I've submitted the PR, but couldn't run the tests because I still don't have the necessary AWS keys. > Possible inconsistent state of AbstractDelegationTokenSecretManager > --- > > Key: HADOOP-16819 > URL: https://issues.apache.org/jira/browse/HADOOP-16819 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3, security >Affects Versions: 3.3.0 >Reporter: Hankó Gergely >Assignee: Hankó Gergely >Priority: Major > Attachments: HADOOP-16819.001.patch > > > [AbstractDelegationTokenSecretManager.updateCurrentKey|https://github.com/apache/hadoop/blob/581072a8f04f7568d3560f105fd1988d3acc9e54/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java#L360] > increments the current key id and creates the new delegation key in two > distinct synchronized blocks. > This means that other threads can see the class in an *inconsistent state, > where the key for the current key id doesn't exist (yet)*. > For example the following method sometimes returns null when the token > remover thread is between the two synchronized blocks: > {noformat} > @Override > public DelegationKey getCurrentKey() { > return getDelegationKey(getCurrentKeyId()); > }{noformat} > > Also it is possible that updateCurrentKey is called from multiple threads at > the same time so *distinct keys can be generated with the same key id*. > > This issue is suspected to be the cause of the intermittent failure of > [TestLlapSignerImpl.testSigning|https://github.com/apache/hive/blob/3c0705eaf5121c7b61f2dbe9db9545c3926f26f1/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java#L195] > - HIVE-22621. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16819) Possible inconsistent state of AbstractDelegationTokenSecretManager
[ https://issues.apache.org/jira/browse/HADOOP-16819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057364#comment-17057364 ] Steve Loughran commented on HADOOP-16819: - # still waiting for that github PR # as this goes near code I don't understand, we will need to chase down other reviewers; [~omalley] springs to mind > Possible inconsistent state of AbstractDelegationTokenSecretManager > --- > > Key: HADOOP-16819 > URL: https://issues.apache.org/jira/browse/HADOOP-16819 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3, security >Affects Versions: 3.3.0 >Reporter: Hankó Gergely >Assignee: Hankó Gergely >Priority: Major > Attachments: HADOOP-16819.001.patch > > > [AbstractDelegationTokenSecretManager.updateCurrentKey|https://github.com/apache/hadoop/blob/581072a8f04f7568d3560f105fd1988d3acc9e54/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java#L360] > increments the current key id and creates the new delegation key in two > distinct synchronized blocks. > This means that other threads can see the class in an *inconsistent state, > where the key for the current key id doesn't exist (yet)*. > For example the following method sometimes returns null when the token > remover thread is between the two synchronized blocks: > {noformat} > @Override > public DelegationKey getCurrentKey() { > return getDelegationKey(getCurrentKeyId()); > }{noformat} > > Also it is possible that updateCurrentKey is called from multiple threads at > the same time so *distinct keys can be generated with the same key id*. > > This issue is suspected to be the cause of the intermittent failure of > [TestLlapSignerImpl.testSigning|https://github.com/apache/hive/blob/3c0705eaf5121c7b61f2dbe9db9545c3926f26f1/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java#L195] > - HIVE-22621. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16819) Possible inconsistent state of AbstractDelegationTokenSecretManager
[ https://issues.apache.org/jira/browse/HADOOP-16819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17037150#comment-17037150 ] Steve Loughran commented on HADOOP-16819: - [~ghanko] can you submit this as a github PR, after running the entire hadoop-aws verify test suite : include the name of the AWS region you tested against. thanks > Possible inconsistent state of AbstractDelegationTokenSecretManager > --- > > Key: HADOOP-16819 > URL: https://issues.apache.org/jira/browse/HADOOP-16819 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3, security >Affects Versions: 3.3.0 >Reporter: Hankó Gergely >Priority: Major > Attachments: HADOOP-16819.001.patch > > > [AbstractDelegationTokenSecretManager.updateCurrentKey|https://github.com/apache/hadoop/blob/581072a8f04f7568d3560f105fd1988d3acc9e54/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java#L360] > increments the current key id and creates the new delegation key in two > distinct synchronized blocks. > This means that other threads can see the class in an *inconsistent state, > where the key for the current key id doesn't exist (yet)*. > For example the following method sometimes returns null when the token > remover thread is between the two synchronized blocks: > {noformat} > @Override > public DelegationKey getCurrentKey() { > return getDelegationKey(getCurrentKeyId()); > }{noformat} > > Also it is possible that updateCurrentKey is called from multiple threads at > the same time so *distinct keys can be generated with the same key id*. > > This issue is suspected to be the cause of the intermittent failure of > [TestLlapSignerImpl.testSigning|https://github.com/apache/hive/blob/3c0705eaf5121c7b61f2dbe9db9545c3926f26f1/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java#L195] > - HIVE-22621. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16819) Possible inconsistent state of AbstractDelegationTokenSecretManager
[ https://issues.apache.org/jira/browse/HADOOP-16819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17029015#comment-17029015 ] Hadoop QA commented on HADOOP-16819: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 34s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s{color} | {color:red} The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 19m 56s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 15m 45s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 42s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 16s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 14m 49s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 38s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 17s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 45s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 14m 59s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 14m 59s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 41s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 10s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 12m 46s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m 49s{color} | {color:red} hadoop-common-project/hadoop-common generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 18s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} unit {color} | {color:green} 9m 16s{color} | {color:green} hadoop-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 42s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 99m 17s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | FindBugs | module:hadoop-common-project/hadoop-common | | | Inconsistent synchronization of org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.currentKey; locked 88% of time Unsynchronized access at AbstractDelegationTokenSecretManager.java:88% of time Unsynchronized access at AbstractDelegationTokenSecretManager.java:[line 366] | \\ \\ || Subsystem || Report/Notes || | Docker | Client=19.03.5 Server=19.03.5 Image:yetus/hadoop:c44943d1fc3 | | JIRA Issue | HADOOP-16819 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12991450/HADOOP-16819.001.patch | | Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle | | uname | Linux 88019b7a42cf 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 1e3a0b0 | | maven | version: Apache Maven 3.3.9 | | Default Java | 1.8.0_242 | | findbugs |