New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
YARN-8972. [Router] Add support to prevent DoS attack over ApplicationSubmissionContext size. #5382
Conversation
…nSubmissionContext size.
💔 -1 overall
This message was automatically generated. |
🎊 +1 overall
This message was automatically generated. |
@goiri Can you help review this pr? Thank you very much! |
🎊 +1 overall
This message was automatically generated. |
💔 -1 overall
This message was automatically generated. |
<name>yarn.router.asc-interceptor-max-size</name> | ||
<value>1048576</value> | ||
<description> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a description and fix the blank warning?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for your help to review the code, I will modify the code.
private static void logContainerLaunchContext(ApplicationSubmissionContextPBImpl appContext) | ||
throws IOException { | ||
|
||
if (appContext != null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we do early exits instead of these long nested ifs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your suggestion, I will fix it.
💔 -1 overall
This message was automatically generated. |
@Unstable | ||
private static void logContainerLaunchContext(ApplicationSubmissionContextPBImpl appContext) | ||
throws IOException { | ||
if (appContext != null && appContext.getAMContainerSpec() != null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (appContext == null || appContext.getAMContainerSpec() == null) {
return;
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your suggestion, I will modify the code.
throws IOException { | ||
if (appContext != null && appContext.getAMContainerSpec() != null) { | ||
ContainerLaunchContext launchContext = appContext.getAMContainerSpec(); | ||
ContainerLaunchContextPBImpl clc = (ContainerLaunchContextPBImpl) launchContext; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to check instanceof?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will modify the code.
We will throw an exception. the default value is 1MB, which is 1048576 Bytes. | ||
</description> | ||
</property> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This complains about blanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will fix it.
💔 -1 overall
This message was automatically generated. |
🎊 +1 overall
This message was automatically generated. |
@goiri Can you help to review this PR again? Thank you very much! |
...g/apache/hadoop/yarn/server/router/clientrm/TestApplicationSubmissionContextInterceptor.java
Show resolved
Hide resolved
🎊 +1 overall
This message was automatically generated. |
**/ | ||
public static final String ROUTER_ASC_INTERCEPTOR_MAX_SIZE = | ||
ROUTER_PREFIX + "asc-interceptor-max-size"; | ||
public static final long DEFAULT_ROUTER_ASC_INTERCEPTOR_MAX_SIZE = 1024 * 1024; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if we use Configuration#getStorageSize()?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for your suggestion, I will modify the code.
🎊 +1 overall
This message was automatically generated. |
double maxAscSize = conf.getStorageSize(YarnConfiguration.ROUTER_ASC_INTERCEPTOR_MAX_SIZE, | ||
YarnConfiguration.DEFAULT_ROUTER_ASC_INTERCEPTOR_MAX_SIZE, StorageUnit.KB); | ||
if (appContext != null) { | ||
int size = appContext.getProto().getSerializedSize(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this KB? can you add it to the variable?
int sizeKB
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the previous stuff I was expecting bytes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your suggestion, the unit is bytes not KB, I will modify the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add units to the variables?
size
and maxAscSize
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your suggestion, I will modify the code.
🎊 +1 overall
This message was automatically generated. |
@goiri Can you help review this PR again? Thank you very much! I will continue to follow up YARN-11376, YARN-11445. |
🎊 +1 overall
This message was automatically generated. |
🎊 +1 overall
This message was automatically generated. |
🎊 +1 overall
This message was automatically generated. |
🎊 +1 overall
This message was automatically generated. |
@goiri Thank you very much for your help in reviewing the code! I will continue to follow up YARN-11376, YARN-11445. |
…nSubmissionContext size. (apache#5382)
JIRA: YARN-8972. [Router] Add support to prevent DoS attack over ApplicationSubmissionContext size.