[Bug] Data race in RoleManagerImpl.HasLink() breaks Enforcer when calling Enforce() #1318
Comments
casbin-bot
added this to Casbin Easy Tasks
in Casbin Easy Tasks for Beginners/Student Applicants
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Setup:
AddNamedMatchingFunc()used (e.g. keyMatch2, keyMatch4)The bug is reproduced when calling
Enforce()with the same parameters concurrently.It boils down to this path being executed concurrently:
GenerateGFunction()->HasLink()->defer rm.removeRole().
Race explanation inside
HasLink()function with goroutines A and B:HasLink(). Role does not exist, is added to map temporarily &&defer rm.removeRole()calledhasLinkHelperiterates over roles viasync.Map.Range()recursivelyremoveRole()called.hasLinkHelperiterates over roles but the temp role no longer existsallow: trueallow: falseFurthermore once this happens, the calculation is cached in
GenerateGFunctionand also in getAndStoreMatcherExpression(), all furtherEnforce()calls for that set of parameters will incorrectly return a cachedfalseresponse.To Reproduce
This behaviour does not occur all the time, but by disabling cache inside
GenerateGFunctionit is possible to reproduce it reliably:make testCheck README in the Metrika-Inc/casbin-race repository for more details.
Expected behavior
Enforcer always returns true when correct policies are in place.
Actual behavior
Enforcer sometimes returns false even when correct policies are in place and it may cache the result to continue returning false incorrectly.
Environment
Possible solutions
It seems that feasible solutions may be having a mutex on
HasLink()or not storing temporary roles in a shared map and having a temporary map defined inside the scope of the function.The text was updated successfully, but these errors were encountered: