mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-02-03 20:40:26 -05:00
af36d192c3
The verbs parameter slice might be shared between different rule instances and
gets sorted (= written), so we have to make a copy or (even better) also
de-duplicate as in pkg/apis/rbac/helpers.go.
More specifically, plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
shares the Read and ReadWrite slices, causing:
WARNING: DATA RACE
Read at 0x000008e5e5b0 by goroutine 124:
slices.insertionSortOrdered[go.shape.string]()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/zsortordered.go:14 +0x126
slices.pdqsortOrdered[go.shape.string]()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/zsortordered.go:75 +0x6c4
slices.Sort[go.shape.[]string,go.shape.string]()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/sort.go:18 +0x64
sort.Strings()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/sort/sort.go:181 +0xe
k8s.io/kubernetes/pkg/apis/rbac/v1.(*PolicyRuleBuilder).Rule()
/home/prow/go/src/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go:98 +0x2c9
k8s.io/kubernetes/pkg/apis/rbac/v1.(*PolicyRuleBuilder).RuleOrDie()
/home/prow/go/src/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go:65 +0x2f44
k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy.ClusterRoles()
/home/prow/go/src/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go:404 +0x2c13
...
Previous write at 0x000008e5e5b0 by goroutine 123:
slices.insertionSortOrdered[go.shape.string]()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/zsortordered.go:15 +0x2f9
slices.pdqsortOrdered[go.shape.string]()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/zsortordered.go:75 +0x6c4
slices.Sort[go.shape.[]string,go.shape.string]()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/slices/sort.go:18 +0x64
sort.Strings()
/home/prow/go/src/k8s.io/kubernetes/_output/local/go/cache/mod/golang.org/toolchain@v0.0.1-go1.25.6.linux-amd64/src/sort/sort.go:181 +0xe
k8s.io/kubernetes/pkg/apis/rbac/v1.(*PolicyRuleBuilder).Rule()
/home/prow/go/src/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go:98 +0x2c9
k8s.io/kubernetes/pkg/apis/rbac/v1.(*PolicyRuleBuilder).RuleOrDie()
/home/prow/go/src/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go:65 +0x2f44
k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy.ClusterRoles()
/home/prow/go/src/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go:404 +0x2c13
Seen in test/integration/apiserver/oidc.
|
||
|---|---|---|
| .. | ||
| api | ||
| apis | ||
| auth | ||
| capabilities | ||
| certauthorization | ||
| client | ||
| cluster/ports | ||
| controller | ||
| controlplane | ||
| credentialprovider | ||
| features | ||
| fieldpath | ||
| generated | ||
| kubeapiserver | ||
| kubectl | ||
| kubelet | ||
| kubemark | ||
| printers | ||
| probe | ||
| proxy | ||
| quota/v1 | ||
| registry | ||
| routes | ||
| scheduler | ||
| security | ||
| securitycontext | ||
| serviceaccount | ||
| util | ||
| volume | ||
| windows/service | ||
| .import-restrictions | ||
| OWNERS | ||