Marcin Maliszkiewicz 1293b94039 auth: cache: fix permissions iterator invalidation in reload_all_permissions ...

The inner loops in reload_all_permissions iterate role's permissions
and _anonymous_permissions maps across yield points. Concurrent
load_permissions calls (which don't hold _loading_sem) can emplace
into those same maps during a yield, potentially triggering a rehash
that invalidates the active iterator.

We want to avoid adding semaphore acquire in load_permissions
because it's on a common path (get_permissions).

Fixing by snapshotting the keys into a vector before iterating with
yields, so no long-lived map iterator is held across suspension
points.

2026-02-23 12:14:22 +01:00

12 KiB

Raw Permalink Blame History

View Raw