Skip to content

HBASE-30101 Prevent NettyRpcServer from accepting connections before start()#8110

Open
junegunn wants to merge 2 commits intoapache:masterfrom
junegunn:HBASE-30101
Open

HBASE-30101 Prevent NettyRpcServer from accepting connections before start()#8110
junegunn wants to merge 2 commits intoapache:masterfrom
junegunn:HBASE-30101

Conversation

@junegunn
Copy link
Copy Markdown
Member

@junegunn junegunn commented Apr 22, 2026

https://issues.apache.org/jira/browse/HBASE-30101

  • The first commit adds a failing test.
  • The second commit fixes it.

@junegunn junegunn self-assigned this Apr 22, 2026
@junegunn junegunn requested a review from Copilot April 22, 2026 04:51
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Prevents NettyRpcServer from accepting inbound connections in the window between bind() and start(), closing a race where connection handling could reach security/UGI-related code before server initialization completes.

Changes:

  • Add a regression test asserting no connections are accepted before start(), and that they are accepted after.
  • Configure the Netty server channel to start with AUTO_READ disabled to prevent accept.
  • Enable AUTO_READ on the server channel at the end of start() to begin accepting connections.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestNettyRpcServerBindBeforeStart.java New regression test covering accept behavior before/after start().
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyRpcServer.java Disable accept via AUTO_READ=false until start() completes, then re-enable.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestNettyRpcServerBindBeforeStart.java Outdated
junegunn added 2 commits April 22, 2026 14:02
@junegunn
HBASE-30101 Add test exposing NettyRpcServer accepting connections be…
123ead6 
…fore start()

NettyRpcServer binds the server channel in its constructor but only
completes auth/authorization setup in start(). Between those two points,
netty workers can accept incoming connections and run handler code that
reaches into UserGroupInformation before the main thread has logged in.

This test fails against the unpatched server: a socket opened after the
port is bound but before start() is called is accepted by netty.
@junegunn
HBASE-30101 Prevent NettyRpcServer from accepting connections before …
755e220 
…start()

Disable AUTO_READ on the server channel at bootstrap time so that no
connections are accepted until start() completes auth setup, and
re-enable it at the end of start().
@junegunn junegunn marked this pull request as ready for review April 22, 2026 05:50
@junegunn junegunn mentioned this pull request Apr 24, 2026
Open
@junegunn
Copy link
Copy Markdown
Member Author

junegunn commented Apr 24, 2026

As noted in this Jira comment, this patch does not prevent stray TGT Renewer thread being created in HBase 2.6+.

I've opened a separate PR that approaches the problem in a different way, i.e. login before creating the RPC services, which will fix the TGT Renewer problem.

@Apache9
Copy link
Copy Markdown
Contributor

Apache9 commented Apr 24, 2026

What about move the auth related initialization into the channel setup step? And only bind the socket in start method? It is a bit strange that we can accept connections before starting...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@junegunn junegunn

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@junegunn @Apache9