[HDFS-10673] Optimize FSPermissionChecker's internal path usage - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.0, 2.7.4, 3.0.0-alpha1
Component/s: hdfs
Labels:
None

Target Version/s:

2.9.0, 2.7.6
Hadoop Flags:

Reviewed

Description

The INodeAttributeProvider and AccessControlEnforcer features degrade performance and generate excessive garbage even when neither is used. Main issues:

A byte[][] of components is unnecessarily created. Each path component lookup converts a subrange of the byte[][] to a new String[] - then not used by default attribute provider.
Subaccess checks are insanely expensive. The full path of every subdir is created by walking up the inode tree, creating a INode[], building a string by converting each inode's byte[] name to a string, etc. Which will only be used if there's an exception.

The expensive of #1 should only be incurred when using the provider/enforcer feature. For #2, paths should be created on-demand for exceptions.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-10673.1.patch
29/Jul/16 14:29
21 kB
Daryn Sharp
HDFS-10673.2.patch
04/Aug/16 14:54
20 kB
Daryn Sharp
HDFS-10673.patch
21/Jul/16 19:23
18 kB
Daryn Sharp
HDFS-10673-branch-2.7.00.patch
12/Sep/16 20:25
21 kB
Zhe Zhang

Issue Links

is related to

HDFS-12614 FSPermissionChecker#getINodeAttrs() throws NPE when INodeAttributesProvider configured

Resolved

HDFS-6826 Plugin interface to enable delegation of HDFS authorization assertions

Closed

is required by

HDFS-10711 Optimize FSPermissionChecker group membership check

Resolved

Activity

People

Assignee:: Daryn Sharp

Reporter:: Daryn Sharp

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 21/Jul/16 19:15

Updated:: 05/Jan/18 18:27

Resolved:: 12/Sep/16 23:12