You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Sagar Miglani (Jira)" <ji...@apache.org> on 2022/10/14 07:21:00 UTC
[jira] [Updated] (SLING-11620) Synchronization issue in Webconsole Security Provider
[ https://issues.apache.org/jira/browse/SLING-11620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sagar Miglani updated SLING-11620:
----------------------------------
Description:
WebconsoleSecurityProvider's [ServiceListeners|https://github.com/apache/sling-org-apache-sling-extensions-webconsolesecurityprovider/blob/master/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java] class has three fields of Listener (an inner class of {{ServiceListeners}} implementing {{{}ServiceListener{}}}) {{{}repositoryListener{}}}, {{{}authSupportListener{}}}, {{{}authListener{}}}.
Each of listener uses synchronized methods and on any {{ServiceChanged}} event it may call {{notifyChange}} method of {{ServiceListeners}} parent class which is also a synchronized method and in this method we are again calling all of the listener fields' {{getService}} sychronized methods
If two service events for these listeneres fields occur simulatenously a deadlock situation may arise.
eg:
Thread1:
- repositoryListener -> serviceChanged
- synchronized retainSerivce - (self lock acquired)
- synchronized notifyChange - (parent's lock acquired)
Thread2:
- authSupportListener -> serviceChanged
- synchronized retainService - (self lock aquired)
- synchronized notifyChange - (wait for thread 1 to release parent's lock)
Thread1:
- synchronized (authSupportListener) getService - (wait for thread 2 to release the lock)
Tried to replicate the scenario [^WebconsoleServiceListeners.patch]. The test in this patch file fails due to timeout.
On taking thread snapshot you may see the thread blocked and waiting for each other. [^BlockedThreads.png]
Shouldn't these all listener fields and parent class be using the shared lock instead of sychronized methods?
was:
WebconsoleSecurityProvider's [ServiceListeners|https://github.com/apache/sling-org-apache-sling-extensions-webconsolesecurityprovider/blob/master/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java] class has three fields of Listener (an inner class of {{ServiceListeners}} implementing {{ServiceListener}}) {{repositoryListener}}, {{authSupportListener}}, {{authListener}}.
Each of listener uses synchronized methods and on any {{ServiceChanged}} event it may call {{notifyChange}} method of {{ServiceListeners}} parent class which is also a synchronized method and in this method we are again calling all of the listener fields' {{getService}} sychronized methods
If two service events for these listeneres fields occur simulatenously a deadlock situation may arise.
eg:
Thread1:
- repositoryListener -> serviceChanged
- synchronized retainSerivce - (self lock acquired)
- synchronized notifyChange - (parent's lock acquired)
Thread2:
- authSupportListener -> serviceChanged
- synchronized retainService - (self lock aquired)
- synchronized notifyChange - (wait for thread 1 to release parent's lock)
Thread1:
- synchronized (authSupportListener) getService - (wait for thread 2 to release the lock)
Tried to replicate the scenario [^WebconsoleServiceListeners.patch]. The test in this patch file fails due to timeout.
On taking thread snapshot you may see the thread blocked and waiting for each other. [^BlockedThreads.png]
Shouldn't these all listener fields and parent class be using the shared lock instead of sychronized methods
> Synchronization issue in Webconsole Security Provider
> -----------------------------------------------------
>
> Key: SLING-11620
> URL: https://issues.apache.org/jira/browse/SLING-11620
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Web Console Security Provider 1.2.6
> Reporter: Sagar Miglani
> Priority: Major
> Attachments: BlockedThreads.png, WebconsoleServiceListeners.patch
>
>
> WebconsoleSecurityProvider's [ServiceListeners|https://github.com/apache/sling-org-apache-sling-extensions-webconsolesecurityprovider/blob/master/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java] class has three fields of Listener (an inner class of {{ServiceListeners}} implementing {{{}ServiceListener{}}}) {{{}repositoryListener{}}}, {{{}authSupportListener{}}}, {{{}authListener{}}}.
> Each of listener uses synchronized methods and on any {{ServiceChanged}} event it may call {{notifyChange}} method of {{ServiceListeners}} parent class which is also a synchronized method and in this method we are again calling all of the listener fields' {{getService}} sychronized methods
> If two service events for these listeneres fields occur simulatenously a deadlock situation may arise.
> eg:
> Thread1:
> - repositoryListener -> serviceChanged
> - synchronized retainSerivce - (self lock acquired)
> - synchronized notifyChange - (parent's lock acquired)
> Thread2:
> - authSupportListener -> serviceChanged
> - synchronized retainService - (self lock aquired)
> - synchronized notifyChange - (wait for thread 1 to release parent's lock)
> Thread1:
> - synchronized (authSupportListener) getService - (wait for thread 2 to release the lock)
> Tried to replicate the scenario [^WebconsoleServiceListeners.patch]. The test in this patch file fails due to timeout.
> On taking thread snapshot you may see the thread blocked and waiting for each other. [^BlockedThreads.png]
> Shouldn't these all listener fields and parent class be using the shared lock instead of sychronized methods?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)