[jira] [Updated] (HDFS-13668) FSPermissionChecker may throws AIOOE when check if inode has permission
[
https://issues.apache.org/jira/browse/HDFS-13668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
He Xiaoqiao updated HDFS-13668:
---
Attachment: HDFS-13668-trunk.003.patch
> FSPermissionChecker may throws AIOOE when check if inode has permission
> ---
>
> Key: HDFS-13668
> URL: https://issues.apache.org/jira/browse/HDFS-13668
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
>Affects Versions: 3.1.0, 2.10.0, 2.7.7
>Reporter: He Xiaoqiao
>Assignee: He Xiaoqiao
>Priority: Major
> Attachments: HDFS-13668-trunk.001.patch, HDFS-13668-trunk.002.patch,
> HDFS-13668-trunk.003.patch
>
>
> {{FSPermissionChecker}} may throw {{ArrayIndexOutOfBoundsException:0}} when
> check if has permission, since it only check inode's {{aclFeature}} if null
> or not but not check it's entry size. When it meets {{aclFeature}} not null
> but it's entry size equal to 0, it will throw AIOOE.
> {code:java}
> private boolean hasPermission(INodeAttributes inode, FsAction access) {
> ..
> final AclFeature aclFeature = inode.getAclFeature();
> if (aclFeature != null) {
> // It's possible that the inode has a default ACL but no access ACL.
> int firstEntry = aclFeature.getEntryAt(0);
> if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
> return hasAclPermission(inode, access, mode, aclFeature);
> }
> }
> ..
> }
> {code}
> Actually if use default {{INodeAttributeProvider}}, it can ensure that when
> {{inode}}'s aclFeature is not null and it's entry size also will be greater
> than 0, but {{INodeAttributeProvider}} is a public interface, we could not
> ensure external implement (e.g. Apache Sentry, Apache Ranger) also has the
> similar constraint.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13668) FSPermissionChecker may throws AIOOE when check if inode has permission
[
https://issues.apache.org/jira/browse/HDFS-13668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
He Xiaoqiao updated HDFS-13668:
---
Attachment: HDFS-13668-trunk.002.patch
> FSPermissionChecker may throws AIOOE when check if inode has permission
> ---
>
> Key: HDFS-13668
> URL: https://issues.apache.org/jira/browse/HDFS-13668
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
>Affects Versions: 3.1.0, 2.10.0, 2.7.7
>Reporter: He Xiaoqiao
>Assignee: He Xiaoqiao
>Priority: Major
> Attachments: HDFS-13668-trunk.001.patch, HDFS-13668-trunk.002.patch
>
>
> {{FSPermissionChecker}} may throw {{ArrayIndexOutOfBoundsException:0}} when
> check if has permission, since it only check inode's {{aclFeature}} if null
> or not but not check it's entry size. When it meets {{aclFeature}} not null
> but it's entry size equal to 0, it will throw AIOOE.
> {code:java}
> private boolean hasPermission(INodeAttributes inode, FsAction access) {
> ..
> final AclFeature aclFeature = inode.getAclFeature();
> if (aclFeature != null) {
> // It's possible that the inode has a default ACL but no access ACL.
> int firstEntry = aclFeature.getEntryAt(0);
> if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
> return hasAclPermission(inode, access, mode, aclFeature);
> }
> }
> ..
> }
> {code}
> Actually if use default {{INodeAttributeProvider}}, it can ensure that when
> {{inode}}'s aclFeature is not null and it's entry size also will be greater
> than 0, but {{INodeAttributeProvider}} is a public interface, we could not
> ensure external implement (e.g. Apache Sentry, Apache Ranger) also has the
> similar constraint.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13668) FSPermissionChecker may throws AIOOE when check if inode has permission
[
https://issues.apache.org/jira/browse/HDFS-13668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
He Xiaoqiao updated HDFS-13668:
---
Status: Patch Available (was: Open)
submit v0 patch and trigger jenkins.
> FSPermissionChecker may throws AIOOE when check if inode has permission
> ---
>
> Key: HDFS-13668
> URL: https://issues.apache.org/jira/browse/HDFS-13668
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
>Affects Versions: 3.1.0, 2.10.0, 2.7.7
>Reporter: He Xiaoqiao
>Assignee: He Xiaoqiao
>Priority: Major
> Attachments: HDFS-13668-trunk.001.patch
>
>
> {{FSPermissionChecker}} may throw {{ArrayIndexOutOfBoundsException:0}} when
> check if has permission, since it only check inode's {{aclFeature}} if null
> or not but not check it's entry size. When it meets {{aclFeature}} not null
> but it's entry size equal to 0, it will throw AIOOE.
> {code:java}
> private boolean hasPermission(INodeAttributes inode, FsAction access) {
> ..
> final AclFeature aclFeature = inode.getAclFeature();
> if (aclFeature != null) {
> // It's possible that the inode has a default ACL but no access ACL.
> int firstEntry = aclFeature.getEntryAt(0);
> if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
> return hasAclPermission(inode, access, mode, aclFeature);
> }
> }
> ..
> }
> {code}
> Actually if use default {{INodeAttributeProvider}}, it can ensure that when
> {{inode}}'s aclFeature is not null and it's entry size also will be greater
> than 0, but {{INodeAttributeProvider}} is a public interface, we could not
> ensure external implement (e.g. Apache Sentry, Apache Ranger) also has the
> similar constraint.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13668) FSPermissionChecker may throws AIOOE when check if inode has permission
[
https://issues.apache.org/jira/browse/HDFS-13668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
He Xiaoqiao updated HDFS-13668:
---
Attachment: HDFS-13668-trunk.001.patch
> FSPermissionChecker may throws AIOOE when check if inode has permission
> ---
>
> Key: HDFS-13668
> URL: https://issues.apache.org/jira/browse/HDFS-13668
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
>Affects Versions: 3.1.0, 2.10.0, 2.7.7
>Reporter: He Xiaoqiao
>Assignee: He Xiaoqiao
>Priority: Major
> Attachments: HDFS-13668-trunk.001.patch
>
>
> {{FSPermissionChecker}} may throw {{ArrayIndexOutOfBoundsException:0}} when
> check if has permission, since it only check inode's {{aclFeature}} if null
> or not but not check it's entry size. When it meets {{aclFeature}} not null
> but it's entry size equal to 0, it will throw AIOOE.
> {code:java}
> private boolean hasPermission(INodeAttributes inode, FsAction access) {
> ..
> final AclFeature aclFeature = inode.getAclFeature();
> if (aclFeature != null) {
> // It's possible that the inode has a default ACL but no access ACL.
> int firstEntry = aclFeature.getEntryAt(0);
> if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
> return hasAclPermission(inode, access, mode, aclFeature);
> }
> }
> ..
> }
> {code}
> Actually if use default {{INodeAttributeProvider}}, it can ensure that when
> {{inode}}'s aclFeature is not null and it's entry size also will be greater
> than 0, but {{INodeAttributeProvider}} is a public interface, we could not
> ensure external implement (e.g. Apache Sentry, Apache Ranger) also has the
> similar constraint.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
