Skip to content

ELY-2982 IdentitySharedExclusiveLock.lockExclusive() and lockShared() are uninterruptable#2369

Open
RanabirChakraborty wants to merge 1 commit intowildfly-security:2.xfrom
RanabirChakraborty:ELY-2982
Open

ELY-2982 IdentitySharedExclusiveLock.lockExclusive() and lockShared() are uninterruptable#2369
RanabirChakraborty wants to merge 1 commit intowildfly-security:2.xfrom
RanabirChakraborty:ELY-2982

Conversation

@RanabirChakraborty
Copy link
Copy Markdown
Contributor

@RanabirChakraborty RanabirChakraborty requested a review from a team as a code owner January 14, 2026 17:46
@RanabirChakraborty
Copy link
Copy Markdown
Contributor Author

@pferraro please review the PR

Copy link
Copy Markdown
Contributor

@darranl darranl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we also need the review from Paul to check this addresses his concern but in the meantime the exception needs moving to ElytronMessages.

}
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw new RealmUnavailableException("Interrupted while waiting for identity lock", e);
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI the Exception itself should be defined in ElytronMessages

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Did the changes @darranl

private int sharedHoldCount;
private boolean isExclusiveLocked;
private int exclusiveRequests;
private final ReadWriteLock readWriteLock = new ReentrantReadWriteLock(true);
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand this correctly, the change proposed here will now throw an IllegalMonitorStateException if the thread invoking IdentityLock.unlock() is not the same as the thread that originally acquired the read or write lock.
I don't know enough about the usage of this class to determine whether this new constraint is acceptable. @darranl ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What i know,ReentrantReadWriteLock enforces thread ownership, meaning the thread that acquires the lock must be the one to release it.

In the context of FileSystemSecurityRealm, this constraint is acceptable. These locks are used to safeguard synchronous file I/O operations. The thread that loads the identity is always the same thread that closes it, typically within a single management operation. Therefore, enforcing this relationship is safe and aligns with the intended architecture. I can be wrong, @darranl let me know what to do here.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@skyllarr I'm waiting for a reply here. Based on that I can continue.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@skyllarr I'm waiting for a reply here. Based on that I can continue.

Okay, I'm pinging @pferraro in that case

IdentitySharedExclusiveLock.this.release(this);
valid = false;
public void release() {
synchronized (this) {
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A ReentrantLock can only be unlocked by the thread that locked it, so there is no reason for memory fencing here.


private final boolean exclusive;
private final Lock internalLock;
private volatile boolean valid = true;
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not need to be volatile - only the owning thread can call Lock.unlock() and thus the conditional update of this value is only applicable to that thread.

@Zhang-Charlie
Copy link
Copy Markdown
Contributor

Hi, is this still being worked on? I haven’t seen any updates in a while. If not, I’d be happy to take this over.

@skyllarr
Copy link
Copy Markdown
Contributor

Hi @RanabirChakraborty , is this being worked on or can @Zhang-Charlie work on it now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants