Return-Path: <hdfs-issues-return-201350-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 9D8EE200D2E
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 17 Oct 2017 08:18:08 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 9C350160BE9; Tue, 17 Oct 2017 06:18:08 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id D22111609EF
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 17 Oct 2017 08:18:07 +0200 (CEST)
Received: (qmail 89903 invoked by uid 500); 17 Oct 2017 06:18:06 -0000
Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:hdfs-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:hdfs-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:hdfs-issues@hadoop.apache.org>
List-Id: <hdfs-issues.hadoop.apache.org>
Delivered-To: mailing list hdfs-issues@hadoop.apache.org
Received: (qmail 89892 invoked by uid 99); 17 Oct 2017 06:18:06 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Oct 2017 06:18:06 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 1182E1A0BCF
	for <hdfs-issues@hadoop.apache.org>; Tue, 17 Oct 2017 06:18:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -99.202
X-Spam-Level: 
X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001,
	SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id wIX4FYPdrSUB for <hdfs-issues@hadoop.apache.org>;
	Tue, 17 Oct 2017 06:18:05 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id AA2765F3E3
	for <hdfs-issues@hadoop.apache.org>; Tue, 17 Oct 2017 06:18:04 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id CC8C3E0EE9
	for <hdfs-issues@hadoop.apache.org>; Tue, 17 Oct 2017 06:18:03 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id C11FB24394
	for <hdfs-issues@hadoop.apache.org>; Tue, 17 Oct 2017 06:18:01 +0000 (UTC)
Date: Tue, 17 Oct 2017 06:18:01 +0000 (UTC)
From: "Xiao Chen (JIRA)" <jira@apache.org>
To: hdfs-issues@hadoop.apache.org
Message-ID: <JIRA.13109761.1508177888000.13811.1508221081788@Atlassian.JIRA>
In-Reply-To: <JIRA.13109761.1508177888000@Atlassian.JIRA>
References: <JIRA.13109761.1508177888000@Atlassian.JIRA> <JIRA.13109761.1508177888568@jira-lw-us.apache.org>
Subject: [jira] [Commented] (HDFS-12667) KMSClientProvider#ValueQueue does
 synchronous fetch of edeks in background async thread.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Tue, 17 Oct 2017 06:18:08 -0000


    [ https://issues.apache.org/jira/browse/HDFS-12667?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16207072#comment-16207072 ] 

Xiao Chen commented on HDFS-12667:
----------------------------------

Thanks [~shahrs87] for creating the jira with good descriptions.

Let me first explain some background of HDFS-11210 for context - perhaps you already know most.

The problem HDFS-11210 tries to solve is the semantic guarantee a key rollover provides.

Before HDFS-11210, if someone:
# roll a EZ key (from v1 to v2)
# generate EDEK of that EZ key
It is possible to see the generated EDEK is encrypted with the v1 EZ key. If lucky enough, they could generate, see a v2 EZ key (returned by the synchronized call), then later generate another, see a v1 EZ key (from the async thread).

Since key rolling is for security purpose, it would be good to ensure EDEKs are generated with the new version EZ key. Also, re-encryption only makes sense if the versioning guarantee exists for key rolling. For this reason, we need to keep this semantic.

On the implementation, perhaps the locking could be more sophisticated, and do things smarter in the during the async fetching phase. Better approaches welcome.

> KMSClientProvider#ValueQueue does synchronous fetch of edeks in background async thread.
> ----------------------------------------------------------------------------------------
>
>                 Key: HDFS-12667
>                 URL: https://issues.apache.org/jira/browse/HDFS-12667
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption, kms
>    Affects Versions: 3.0.0-alpha4
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>
> There are couple of issues in KMSClientProvider#ValueQueue.
> 1.
>  {code:title=ValueQueue.java|borderStyle=solid}
>   private final LoadingCache<String, LinkedBlockingQueue<E>> keyQueues;
>   // Stripped rwlocks based on key name to synchronize the queue from
>   // the sync'ed rw-thread and the background async refill thread.
>   private final List<ReadWriteLock> lockArray =
>       new ArrayList<>(LOCK_ARRAY_SIZE);
> {code}
> It hashes the key name into 16 buckets.
> In the code chunk below,
>  {code:title=ValueQueue.java|borderStyle=solid}
> public List<E> getAtMost(String keyName, int num) throws IOException,
>       ExecutionException {
>      ...
>      ...
>          readLock(keyName);
>         E val = keyQueue.poll();
>         readUnlock(keyName);
>      ...
>   }
>   private void submitRefillTask(final String keyName,
>       final Queue<E> keyQueue) throws InterruptedException {
>               ...
>               ...
>               writeLock(keyName); // It holds the write lock while the key is being asynchronously fetched. So the read requests for all the keys that hashes to this bucket will essentially be blocked.
>               try {
>                 if (keyQueue.size() < threshold && !isCanceled()) {
>                   refiller.fillQueueForKey(name, keyQueue,
>                       cacheSize - keyQueue.size());
>                 }
>              ...
>               } finally {
>                 writeUnlock(keyName);
>               }
>             }
>   }
> {code}
> According to above code chunk, if two keys (lets say key1 and key2) hashes to the same bucket (between 1 and 16), then if key1 is asynchronously being refetched then all the getKey for key2 will be blocked.
> 2. Due to stripped rw locks, the asynchronous behavior of refill keys is now synchronous to other handler threads.
> I understand that locks were added so that we don't kick off multiple asynchronous refilling thread for the same key.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org