Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Partial support of TDE in non-cloud-native rowset read/write #52179

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Feature] Partial support of TDE in non-cloud-native rowset read/write #52179

wants to merge 1 commit into from
+236 −38

Conversation

decster
Copy link
Contributor

@decster decster commented Oct 22, 2024
edited
Loading

What I'm doing:

Some code in rowset read/write to support TDE in non-cloud-native

Fixes: #46223

What type of PR is this:

  • BugFix
  • Feature
  • Enhancement
  • Refactor
  • UT
  • Doc
  • Tool

Does this PR entail a change in behavior?

  • Yes, this PR will result in a change in behavior.
  • No, this PR will not result in a change in behavior.

If yes, please specify the type of change:

  • Interface/UI changes: syntax, type conversion, expression evaluation, display information
  • Parameter changes: default values, similar parameters but with different default values
  • Policy changes: use new policy to replace old one, functionality automatically enabled
  • Feature removed
  • Miscellaneous: upgrade & downgrade compatibility, etc.

Checklist:

  • I have added test cases for my bug fix or my new feature
  • This pr needs user documentation (for new or modified features or behaviors)
    • I have added documentation for my new feature or new function
  • This is a backport pr

Bugfix cherry-pick branch check:

  • I have checked the version labels which the pr will be auto-backported to the target branch
    • 3.3
    • 3.2
    • 3.1
    • 3.0
    • 2.5

@decster decster requested a review from a team as a code owner October 22, 2024 02:36
@wanpengfei-git wanpengfei-git requested a review from a team October 22, 2024 02:36
starrocks-cr[bot]
starrocks-cr bot reviewed Oct 22, 2024
View reviewed changes
be/src/storage/rowset/rowset_writer.cpp
const auto schema = _context.tablet_schema;
auto segment_writer = std::make_unique<SegmentWriter>(std::move(wfile), _num_segment, schema, _writer_options);
RETURN_IF_ERROR(segment_writer->init(column_indexes, is_key));
DCHECK(_segment_encryption_metas.size() == _num_segment);
_segment_encryption_metas.emplace_back(_writer_options.encryption_meta);
++_num_segment;
return std::move(segment_writer);
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The most risky bug in this code is:
A potential race condition involving multiple threads accessing and modifying _segment_encryption_metas.

You can modify the code like this:

StatusOr<RowsetSharedPtr> RowsetWriter::build() {
    std::lock_guard<std::mutex> l(_lock); // Protect access to _segment_encryption_metas
    _rowset_meta_pb->set_empty(_num_rows_written == 0);
    _rowset_meta_pb->set_creation_time(time(nullptr));
    _rowset_meta_pb->set_num_segments(_num_segment);
    DCHECK(_segment_encryption_metas.size() == _num_segment);
    for (auto& encryption_meta : _segment_encryption_metas) {
        _rowset_meta_pb->add_segment_encryption_metas(encryption_meta);
    }
    // additional relevant code...
}

// Add similar locking mechanisms where other concurrent accesses are made,
// such as during the invocations of _flush_segment, 
// _flush_delete_file, _flush_update_file, _create_segment_writer, etc.

This adjustment ensures thread safety by using a mutex to guard accesses to shared resources that may be modified concurrently, which helps prevent race conditions.

@decster decster mentioned this pull request Oct 22, 2024
Open
3 tasks
@decster decster force-pushed the tde-ncn branch 3 times, most recently from 1b0c031 to 6490d24 Compare October 24, 2024 09:03
@decster decster requested a review from a team as a code owner October 24, 2024 09:03
@decster decster changed the title [Feature] Partial support of TDE in non-cloud-native rowset_writer [Feature] Partial support of TDE in non-cloud-native rowset read/write Oct 24, 2024
@decster
[Feature] Partial support of TDE in non-cloud-native rowset read/write
0f2d864 
Signed-off-by: Binglin Chang <decstery@gmail.com>
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 25, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@github-actions GitHub Actions
Copy link

[Java-Extensions Incremental Coverage Report]

pass : 0 / 0 (0%)

@github-actions GitHub Actions
Copy link

[FE Incremental Coverage Report]

pass : 0 / 0 (0%)

@github-actions GitHub Actions
Copy link

[BE Incremental Coverage Report]

pass : 105 / 131 (80.15%)

file detail

path covered_line new_line coverage not_covered_line_detail
🔵 be/src/storage/rowset/horizontal_update_rowset_writer.cpp 6 12 50.00% [47, 48, 49, 50, 68, 69]
🔵 be/src/storage/local_primary_key_recover.cpp 4 6 66.67% [98, 99]
🔵 be/src/storage/rowset_update_state.cpp 4 6 66.67% [80, 81]
🔵 be/src/storage/rowset/rowset_writer.cpp 51 64 79.69% [460, 461, 683, 684, 685, 686, 771, 916, 917, 1386, 1387, 1388, 1389]
🔵 be/src/storage/rowset/rowset.cpp 19 22 86.36% [243, 260, 873]
🔵 be/src/storage/rowset/rowset_meta.cpp 12 12 100.00% []
🔵 be/src/storage/tablet_updates.cpp 9 9 100.00% []

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@starrocks-cr starrocks-cr[bot] starrocks-cr[bot] left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

@decster decster

Labels
PROTO-REVIEW
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature] Transparent Data Encryption
2 participants
@decster @wanpengfei-git