You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Jason Brown (JIRA)" <ji...@apache.org> on 2019/06/12 15:35:00 UTC

[jira] [Updated] (CASSANDRA-14503) Internode connection management is race-prone

     [ https://issues.apache.org/jira/browse/CASSANDRA-14503?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Brown updated CASSANDRA-14503:
------------------------------------
    Resolution: Won't Fix
        Status: Resolved  (was: Open)

> Internode connection management is race-prone
> ---------------------------------------------
>
>                 Key: CASSANDRA-14503
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14503
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Legacy/Streaming and Messaging
>            Reporter: Sergio Bossa
>            Assignee: Jason Brown
>            Priority: Normal
>              Labels: pull-request-available
>             Fix For: 4.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Following CASSANDRA-8457, internode connection management has been rewritten to rely on Netty, but the new implementation in {{OutboundMessagingConnection}} seems quite race prone to me, in particular on those two cases:
> * {{#finishHandshake()}} racing with {{#close()}}: i.e. in such case the former could run into an NPE if the latter nulls the {{channelWriter}} (but this is just an example, other conflicts might happen).
> * Connection timeout and retry racing with state changing methods: {{connectionRetryFuture}} and {{connectionTimeoutFuture}} are cancelled when handshaking or closing, but there's no guarantee those will be actually cancelled (as they might be already running), so they might end up changing the connection state concurrently with other methods (i.e. by unexpectedly closing the channel or clearing the backlog).
> Overall, the thread safety of {{OutboundMessagingConnection}} is very difficult to assess given the current implementation: I would suggest to refactor it into a single-thread model, where all connection state changing actions are enqueued on a single threaded scheduler, so that state transitions can be clearly defined and checked.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org